Chromium Code Reviews Chromium Code Reviews
Issue 2118583003:
Display when PKP is bypassed in devtools (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * @constructor | 6 * @constructor |
| 7 * @extends {WebInspector.PanelWithSidebar} | 7 * @extends {WebInspector.PanelWithSidebar} |
| 8 * @implements {WebInspector.TargetManager.Observer} | 8 * @implements {WebInspector.TargetManager.Observer} |
| 9 */ | 9 */ |
| 10 WebInspector.SecurityPanel = function() | 10 WebInspector.SecurityPanel = function() |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 58 setDisplayedInsecureContentStyle: function(securityState) | 58 setDisplayedInsecureContentStyle: function(securityState) |
| 59 { | 59 { |
| 60 this._displayedInsecureContentStyle = securityState; | 60 this._displayedInsecureContentStyle = securityState; |
| 61 }, | 61 }, |
| 62 | 62 |
| 63 /** | 63 /** |
| 64 * @param {!SecurityAgent.SecurityState} newSecurityState | 64 * @param {!SecurityAgent.SecurityState} newSecurityState |
| 65 * @param {!Array<!SecurityAgent.SecurityStateExplanation>} explanations | 65 * @param {!Array<!SecurityAgent.SecurityStateExplanation>} explanations |
| 66 * @param {?SecurityAgent.MixedContentStatus} mixedContentStatus | 66 * @param {?SecurityAgent.MixedContentStatus} mixedContentStatus |
| 67 * @param {boolean} schemeIsCryptographic | 67 * @param {boolean} schemeIsCryptographic |
| 68 * @param {boolean} pkpBypassed | |
| 68 */ | 69 */ |
| 69 _updateSecurityState: function(newSecurityState, explanations, mixedContentS tatus, schemeIsCryptographic) | 70 _updateSecurityState: function(newSecurityState, explanations, mixedContentS tatus, schemeIsCryptographic, pkpBypassed) |
| 70 { | 71 { |
| 71 this._sidebarMainViewElement.setSecurityState(newSecurityState); | 72 this._sidebarMainViewElement.setSecurityState(newSecurityState); |
| 72 this._mainView.updateSecurityState(newSecurityState, explanations, mixed ContentStatus, schemeIsCryptographic); | 73 this._mainView.updateSecurityState(newSecurityState, explanations, mixed ContentStatus, schemeIsCryptographic, pkpBypassed); |
| 73 }, | 74 }, |
| 74 | 75 |
| 75 /** | 76 /** |
| 76 * @param {!WebInspector.Event} event | 77 * @param {!WebInspector.Event} event |
| 77 */ | 78 */ |
| 78 _onSecurityStateChanged: function(event) | 79 _onSecurityStateChanged: function(event) |
| 79 { | 80 { |
| 80 var data = /** @type {!WebInspector.PageSecurityState} */ (event.data); | 81 var data = /** @type {!WebInspector.PageSecurityState} */ (event.data); |
| 81 var securityState = /** @type {!SecurityAgent.SecurityState} */ (data.se curityState); | 82 var securityState = /** @type {!SecurityAgent.SecurityState} */ (data.se curityState); |
| 82 var explanations = /** @type {!Array<!SecurityAgent.SecurityStateExplana tion>} */ (data.explanations); | 83 var explanations = /** @type {!Array<!SecurityAgent.SecurityStateExplana tion>} */ (data.explanations); |
| 83 var mixedContentStatus = /** @type {?SecurityAgent.MixedContentStatus} * / (data.mixedContentStatus); | 84 var mixedContentStatus = /** @type {?SecurityAgent.MixedContentStatus} * / (data.mixedContentStatus); |
| 84 var schemeIsCryptographic = /** @type {boolean} */ (data.schemeIsCryptog raphic); | 85 var schemeIsCryptographic = /** @type {boolean} */ (data.schemeIsCryptog raphic); |
| 85 this._updateSecurityState(securityState, explanations, mixedContentStatu s, schemeIsCryptographic); | 86 var pkpBypassed = /** @type {boolean} */ (data.pkpBypassed); |
| 87 this._updateSecurityState(securityState, explanations, mixedContentStatu s, schemeIsCryptographic, pkpBypassed); | |
| 86 }, | 88 }, |
| 87 | 89 |
| 88 selectAndSwitchToMainView: function() | 90 selectAndSwitchToMainView: function() |
| 89 { | 91 { |
| 90 // The sidebar element will trigger displaying the main view. Rather tha n making a redundant call to display the main view, we rely on this. | 92 // The sidebar element will trigger displaying the main view. Rather tha n making a redundant call to display the main view, we rely on this. |
| 91 this._sidebarMainViewElement.select(); | 93 this._sidebarMainViewElement.select(); |
| 92 }, | 94 }, |
| 93 /** | 95 /** |
| 94 * @param {!WebInspector.SecurityPanel.Origin} origin | 96 * @param {!WebInspector.SecurityPanel.Origin} origin |
| 95 */ | 97 */ |
| (...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 590 } | 592 } |
| 591 | 593 |
| 592 return text; | 594 return text; |
| 593 }, | 595 }, |
| 594 | 596 |
| 595 /** | 597 /** |
| 596 * @param {!SecurityAgent.SecurityState} newSecurityState | 598 * @param {!SecurityAgent.SecurityState} newSecurityState |
| 597 * @param {!Array<!SecurityAgent.SecurityStateExplanation>} explanations | 599 * @param {!Array<!SecurityAgent.SecurityStateExplanation>} explanations |
| 598 * @param {?SecurityAgent.MixedContentStatus} mixedContentStatus | 600 * @param {?SecurityAgent.MixedContentStatus} mixedContentStatus |
| 599 * @param {boolean} schemeIsCryptographic | 601 * @param {boolean} schemeIsCryptographic |
| 602 * @param {boolean} pkpBypassed | |
| 600 */ | 603 */ |
| 601 updateSecurityState: function(newSecurityState, explanations, mixedContentSt atus, schemeIsCryptographic) | 604 updateSecurityState: function(newSecurityState, explanations, mixedContentSt atus, schemeIsCryptographic, pkpBypassed) |
| 602 { | 605 { |
| 603 // Remove old state. | 606 // Remove old state. |
| 604 // It's safe to call this even when this._securityState is undefined. | 607 // It's safe to call this even when this._securityState is undefined. |
| 605 this._summarySection.classList.remove("security-summary-" + this._securi tyState); | 608 this._summarySection.classList.remove("security-summary-" + this._securi tyState); |
| 606 | 609 |
| 607 // Add new state. | 610 // Add new state. |
| 608 this._securityState = newSecurityState; | 611 this._securityState = newSecurityState; |
| 609 this._summarySection.classList.add("security-summary-" + this._securityS tate); | 612 this._summarySection.classList.add("security-summary-" + this._securityS tate); |
| 610 var summaryExplanationStrings = { | 613 var summaryExplanationStrings = { |
| 611 "unknown": WebInspector.UIString("The security of this page is unkn own."), | 614 "unknown": WebInspector.UIString("The security of this page is unkn own."), |
| 612 "insecure": WebInspector.UIString("This page is insecure (broken HTT PS)."), | 615 "insecure": WebInspector.UIString("This page is insecure (broken HTT PS)."), |
| 613 "neutral": WebInspector.UIString("This page is not secure."), | 616 "neutral": WebInspector.UIString("This page is not secure."), |
| 614 "secure": WebInspector.UIString("This page is secure (valid HTTPS) .") | 617 "secure": WebInspector.UIString("This page is secure (valid HTTPS) .") |
| 615 } | 618 } |
| 619 var pkpBypassedExplanation = WebInspector.UIString("Public-key pinning w as bypassed by a local root certificate."); | |
|
lgarron
2016/07/01 01:33:39
Unused? (It seems to be hardcoded separately below
dadrian
2016/07/01 01:58:45
Whoops, Done.
| |
| 616 this._summaryText.textContent = summaryExplanationStrings[this._security State]; | 620 this._summaryText.textContent = summaryExplanationStrings[this._security State]; |
| 617 | 621 |
| 618 this._explanations = explanations, | 622 this._explanations = explanations, |
| 619 this._mixedContentStatus = mixedContentStatus; | 623 this._mixedContentStatus = mixedContentStatus; |
| 620 this._schemeIsCryptographic = schemeIsCryptographic; | 624 this._schemeIsCryptographic = schemeIsCryptographic; |
| 625 this._pkpBypassed = pkpBypassed; | |
| 621 | 626 |
| 622 this._panel.setRanInsecureContentStyle(mixedContentStatus.ranInsecureCon tentStyle); | 627 this._panel.setRanInsecureContentStyle(mixedContentStatus.ranInsecureCon tentStyle); |
| 623 this._panel.setDisplayedInsecureContentStyle(mixedContentStatus.displaye dInsecureContentStyle); | 628 this._panel.setDisplayedInsecureContentStyle(mixedContentStatus.displaye dInsecureContentStyle); |
| 624 | 629 |
| 625 this.refreshExplanations(); | 630 this.refreshExplanations(); |
| 626 }, | 631 }, |
| 627 | 632 |
| 628 refreshExplanations: function() | 633 refreshExplanations: function() |
| 629 { | 634 { |
| 630 this._securityExplanations.removeChildren(); | 635 this._securityExplanations.removeChildren(); |
| 631 for (var explanation of this._explanations) | 636 for (var explanation of this._explanations) |
| 632 this._addExplanation(explanation); | 637 this._addExplanation(explanation); |
| 633 | 638 |
| 634 this._addMixedContentExplanations(); | 639 this._addMixedContentExplanations(); |
| 640 this._addPKPBypassExplanations(); | |
| 635 }, | 641 }, |
| 636 | 642 |
| 643 _addPKPBypassExplanations: function() | |
| 644 { | |
| 645 if (!this._pkpBypassed) | |
| 646 return; | |
| 647 | |
| 648 this._addExplanation(/** @type {!SecurityAgent.SecurityStateExplanation} */ ({ | |
| 649 "securityState": SecurityAgent.SecurityState.Info, | |
| 650 "summary": WebInspector.UIString("Public-Key Pinning"), | |
| 651 "description": WebInspector.UIString("Public-key pinning was bypasse d by a local root certificate.") | |
| 652 })); | |
| 653 }, | |
| 654 | |
| 637 _addMixedContentExplanations: function() | 655 _addMixedContentExplanations: function() |
| 638 { | 656 { |
| 639 if (!this._schemeIsCryptographic) | 657 if (!this._schemeIsCryptographic) |
| 640 return; | 658 return; |
| 641 | 659 |
| 642 if (this._mixedContentStatus && (this._mixedContentStatus.ranInsecureCon tent || this._mixedContentStatus.displayedInsecureContent)) { | 660 if (this._mixedContentStatus && (this._mixedContentStatus.ranInsecureCon tent || this._mixedContentStatus.displayedInsecureContent)) { |
| 643 if (this._mixedContentStatus.ranInsecureContent) | 661 if (this._mixedContentStatus.ranInsecureContent) |
| 644 this._addMixedContentExplanation(this._mixedContentStatus.ranIns ecureContentStyle, WebInspector.UIString("Active Mixed Content"), WebInspector.U IString("You have recently allowed insecure content (such as scripts or iframes) to run on this site."), WebInspector.NetworkLogView.MixedContentFilterValues.Bl ockOverridden, showBlockOverriddenMixedContentInNetworkPanel); | 662 this._addMixedContentExplanation(this._mixedContentStatus.ranIns ecureContentStyle, WebInspector.UIString("Active Mixed Content"), WebInspector.U IString("You have recently allowed insecure content (such as scripts or iframes) to run on this site."), WebInspector.NetworkLogView.MixedContentFilterValues.Bl ockOverridden, showBlockOverriddenMixedContentInNetworkPanel); |
| 645 if (this._mixedContentStatus.displayedInsecureContent) | 663 if (this._mixedContentStatus.displayedInsecureContent) |
| 646 this._addMixedContentExplanation(this._mixedContentStatus.displa yedInsecureContentStyle, WebInspector.UIString("Mixed Content"), WebInspector.UI String("The site includes HTTP resources."), WebInspector.NetworkLogView.MixedCo ntentFilterValues.Displayed, showDisplayedMixedContentInNetworkPanel); | 664 this._addMixedContentExplanation(this._mixedContentStatus.displa yedInsecureContentStyle, WebInspector.UIString("Mixed Content"), WebInspector.UI String("The site includes HTTP resources."), WebInspector.NetworkLogView.MixedCo ntentFilterValues.Displayed, showDisplayedMixedContentInNetworkPanel); |
| (...skipping 342 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 989 row.createChild("div").textContent = key; | 1007 row.createChild("div").textContent = key; |
| 990 | 1008 |
| 991 var valueDiv = row.createChild("div"); | 1009 var valueDiv = row.createChild("div"); |
| 992 if (typeof value === "string") { | 1010 if (typeof value === "string") { |
| 993 valueDiv.textContent = value; | 1011 valueDiv.textContent = value; |
| 994 } else { | 1012 } else { |
| 995 valueDiv.appendChild(value); | 1013 valueDiv.appendChild(value); |
| 996 } | 1014 } |
| 997 } | 1015 } |
| 998 } | 1016 } |
| OLD | NEW |
