OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
107 // the page is loaded over HTTP, because the security style merely | 107 // the page is loaded over HTTP, because the security style merely |
108 // represents how the embedder wishes to display the security state of | 108 // represents how the embedder wishes to display the security state of |
109 // the page, and the embedder can choose to display HTTPS page as HTTP | 109 // the page, and the embedder can choose to display HTTPS page as HTTP |
110 // if it wants to (for example, displaying deprecated crypto | 110 // if it wants to (for example, displaying deprecated crypto |
111 // algorithms with the same UI treatment as HTTP pages). | 111 // algorithms with the same UI treatment as HTTP pages). |
112 security_style_explanations->scheme_is_cryptographic = | 112 security_style_explanations->scheme_is_cryptographic = |
113 security_info.scheme_is_cryptographic; | 113 security_info.scheme_is_cryptographic; |
114 if (!security_info.scheme_is_cryptographic) { | 114 if (!security_info.scheme_is_cryptographic) { |
115 return security_style; | 115 return security_style; |
116 } | 116 } |
117 security_style_explanations->pkp_bypassed = security_info.pkp_bypassed; | |
118 | 117 |
119 if (security_info.sha1_deprecation_status == | 118 if (security_info.sha1_deprecation_status == |
120 SecurityStateModel::DEPRECATED_SHA1_MAJOR) { | 119 SecurityStateModel::DEPRECATED_SHA1_MAJOR) { |
121 security_style_explanations->broken_explanations.push_back( | 120 security_style_explanations->broken_explanations.push_back( |
122 content::SecurityStyleExplanation( | 121 content::SecurityStyleExplanation( |
123 l10n_util::GetStringUTF8(IDS_MAJOR_SHA1), | 122 l10n_util::GetStringUTF8(IDS_MAJOR_SHA1), |
124 l10n_util::GetStringUTF8(IDS_MAJOR_SHA1_DESCRIPTION), | 123 l10n_util::GetStringUTF8(IDS_MAJOR_SHA1_DESCRIPTION), |
125 security_info.cert_id)); | 124 security_info.cert_id)); |
126 } else if (security_info.sha1_deprecation_status == | 125 } else if (security_info.sha1_deprecation_status == |
127 SecurityStateModel::DEPRECATED_SHA1_MINOR) { | 126 SecurityStateModel::DEPRECATED_SHA1_MINOR) { |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 } | 173 } |
175 | 174 |
176 if (security_info.is_secure_protocol_and_ciphersuite) { | 175 if (security_info.is_secure_protocol_and_ciphersuite) { |
177 security_style_explanations->secure_explanations.push_back( | 176 security_style_explanations->secure_explanations.push_back( |
178 content::SecurityStyleExplanation( | 177 content::SecurityStyleExplanation( |
179 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | 178 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
180 l10n_util::GetStringUTF8( | 179 l10n_util::GetStringUTF8( |
181 IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION))); | 180 IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION))); |
182 } | 181 } |
183 | 182 |
| 183 security_style_explanations->pkp_bypassed = security_info.pkp_bypassed; |
| 184 if (security_info.pkp_bypassed) { |
| 185 security_style_explanations->info_explanations.push_back( |
| 186 content::SecurityStyleExplanation( |
| 187 "Public-Key Pinning Bypassed", |
| 188 "Public-key pinning was bypassed by a local root certificate.")); |
| 189 } |
| 190 |
184 return security_style; | 191 return security_style; |
185 } | 192 } |
186 | 193 |
187 const SecurityStateModel::SecurityInfo& | 194 const SecurityStateModel::SecurityInfo& |
188 ChromeSecurityStateModelClient::GetSecurityInfo() const { | 195 ChromeSecurityStateModelClient::GetSecurityInfo() const { |
189 return security_state_model_->GetSecurityInfo(); | 196 return security_state_model_->GetSecurityInfo(); |
190 } | 197 } |
191 | 198 |
192 bool ChromeSecurityStateModelClient::RetrieveCert( | 199 bool ChromeSecurityStateModelClient::RetrieveCert( |
193 scoped_refptr<net::X509Certificate>* cert) { | 200 scoped_refptr<net::X509Certificate>* cert) { |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
244 state->sct_verify_statuses.insert(state->sct_verify_statuses.end(), | 251 state->sct_verify_statuses.insert(state->sct_verify_statuses.end(), |
245 ssl.num_valid_scts, net::ct::SCT_STATUS_OK); | 252 ssl.num_valid_scts, net::ct::SCT_STATUS_OK); |
246 state->displayed_mixed_content = | 253 state->displayed_mixed_content = |
247 (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) | 254 (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) |
248 ? true | 255 ? true |
249 : false; | 256 : false; |
250 state->ran_mixed_content = | 257 state->ran_mixed_content = |
251 (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) ? true | 258 (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) ? true |
252 : false; | 259 : false; |
253 } | 260 } |
OLD | NEW |