| Index: components/security_state/security_state_model.cc
|
| diff --git a/components/security_state/security_state_model.cc b/components/security_state/security_state_model.cc
|
| index 4fb246317408ac6c2f4cccfaaa9d6078bb4b78a5..5f884391e558f3b0d7f43bc18d75331da4b25723 100644
|
| --- a/components/security_state/security_state_model.cc
|
| +++ b/components/security_state/security_state_model.cc
|
| @@ -72,18 +72,13 @@ SecurityStateModel::SHA1DeprecationStatus GetSHA1DeprecationStatus(
|
| return SecurityStateModel::NO_DEPRECATED_SHA1;
|
| }
|
|
|
| -SecurityStateModel::ContentStatus GetMixedContentStatus(
|
| - const SecurityStateModel::VisibleSecurityState& visible_security_state) {
|
| - bool ran_insecure_content = visible_security_state.ran_mixed_content;
|
| - bool displayed_insecure_content =
|
| - visible_security_state.displayed_mixed_content;
|
| - if (ran_insecure_content && displayed_insecure_content)
|
| +SecurityStateModel::ContentStatus GetContentStatus(bool displayed, bool ran) {
|
| + if (ran && displayed)
|
| return SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN;
|
| - if (ran_insecure_content)
|
| + if (ran)
|
| return SecurityStateModel::CONTENT_STATUS_RAN;
|
| - if (displayed_insecure_content)
|
| + if (displayed)
|
| return SecurityStateModel::CONTENT_STATUS_DISPLAYED;
|
| -
|
| return SecurityStateModel::CONTENT_STATUS_NONE;
|
| }
|
|
|
| @@ -92,7 +87,8 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| SecurityStateModelClient* client,
|
| const scoped_refptr<net::X509Certificate>& cert,
|
| SecurityStateModel::SHA1DeprecationStatus sha1_status,
|
| - SecurityStateModel::ContentStatus mixed_content_status) {
|
| + SecurityStateModel::ContentStatus mixed_content_status,
|
| + SecurityStateModel::ContentStatus content_with_cert_errors_status) {
|
| DCHECK(visible_security_state.initialized);
|
| GURL url = visible_security_state.url;
|
| switch (visible_security_state.initial_security_level) {
|
| @@ -121,6 +117,10 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| }
|
| if (mixed_content_status == SecurityStateModel::CONTENT_STATUS_RAN ||
|
| mixed_content_status ==
|
| + SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN ||
|
| + content_with_cert_errors_status ==
|
| + SecurityStateModel::CONTENT_STATUS_RAN ||
|
| + content_with_cert_errors_status ==
|
| SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN) {
|
| return SecurityStateModel::kRanInsecureContentLevel;
|
| }
|
| @@ -142,7 +142,10 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| DCHECK_NE(SecurityStateModel::CONTENT_STATUS_RAN, mixed_content_status);
|
| DCHECK_NE(SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN,
|
| mixed_content_status);
|
| - if (mixed_content_status == SecurityStateModel::CONTENT_STATUS_DISPLAYED)
|
| + if (mixed_content_status ==
|
| + SecurityStateModel::CONTENT_STATUS_DISPLAYED ||
|
| + content_with_cert_errors_status ==
|
| + SecurityStateModel::CONTENT_STATUS_DISPLAYED)
|
| return SecurityStateModel::kDisplayedInsecureContentLevel;
|
|
|
| if (net::IsCertStatusError(cert_status)) {
|
| @@ -178,7 +181,11 @@ void SecurityInfoForRequest(
|
| security_info->sha1_deprecation_status =
|
| GetSHA1DeprecationStatus(cert, visible_security_state);
|
| security_info->mixed_content_status =
|
| - GetMixedContentStatus(visible_security_state);
|
| + GetContentStatus(visible_security_state.displayed_mixed_content,
|
| + visible_security_state.ran_mixed_content);
|
| + security_info->content_with_cert_errors_status = GetContentStatus(
|
| + visible_security_state.displayed_content_with_cert_errors,
|
| + visible_security_state.ran_content_with_cert_errors);
|
| security_info->security_bits = visible_security_state.security_bits;
|
| security_info->connection_status = visible_security_state.connection_status;
|
| security_info->cert_status = visible_security_state.cert_status;
|
| @@ -194,10 +201,11 @@ void SecurityInfoForRequest(
|
| security_info->sct_verify_statuses =
|
| visible_security_state.sct_verify_statuses;
|
|
|
| - security_info->security_level =
|
| - GetSecurityLevelForRequest(visible_security_state, client, cert,
|
| - security_info->sha1_deprecation_status,
|
| - security_info->mixed_content_status);
|
| + security_info->security_level = GetSecurityLevelForRequest(
|
| + visible_security_state, client, cert,
|
| + security_info->sha1_deprecation_status,
|
| + security_info->mixed_content_status,
|
| + security_info->content_with_cert_errors_status);
|
| }
|
|
|
| } // namespace
|
| @@ -213,6 +221,7 @@ SecurityStateModel::SecurityInfo::SecurityInfo()
|
| : security_level(SecurityStateModel::NONE),
|
| sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1),
|
| mixed_content_status(SecurityStateModel::CONTENT_STATUS_NONE),
|
| + content_with_cert_errors_status(SecurityStateModel::CONTENT_STATUS_NONE),
|
| scheme_is_cryptographic(false),
|
| cert_status(0),
|
| cert_id(0),
|
| @@ -266,6 +275,8 @@ SecurityStateModel::VisibleSecurityState::VisibleSecurityState()
|
| security_bits(-1),
|
| displayed_mixed_content(false),
|
| ran_mixed_content(false),
|
| + displayed_content_with_cert_errors(false),
|
| + ran_content_with_cert_errors(false),
|
| pkp_bypassed(false) {}
|
|
|
| SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {}
|
| @@ -280,6 +291,9 @@ bool SecurityStateModel::VisibleSecurityState::operator==(
|
| sct_verify_statuses == other.sct_verify_statuses &&
|
| displayed_mixed_content == other.displayed_mixed_content &&
|
| ran_mixed_content == other.ran_mixed_content &&
|
| + displayed_content_with_cert_errors ==
|
| + other.displayed_content_with_cert_errors &&
|
| + ran_content_with_cert_errors == other.ran_content_with_cert_errors &&
|
| pkp_bypassed == other.pkp_bypassed);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2224023003:
Teach SecurityStateModel about subresources with cert errors (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master