Add separate plumbing for subresources with certificate errors

components/security_state/security_state_model.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_MODEL_H_
 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_MODEL_H_
 
 #include "base/macros.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/sct_status_flags.h"
@@ skipping 64 matching lines @@
   enum MixedContentStatus {
     NO_MIXED_CONTENT,
     // The site displayed insecure resources (passive mixed content).
     DISPLAYED_MIXED_CONTENT,
     // The site ran insecure code (active mixed content).
     RAN_MIXED_CONTENT,
     // The site both ran and displayed insecure resources.
     RAN_AND_DISPLAYED_MIXED_CONTENT,
   };
 
+  // Describes the type of content with certificate errors (if any) that a site
+  // displayed/ran.
+  enum ContentWithCertErrorsStatus {
+    NO_CONTENT_WITH_CERTIFICATE_ERRORS,
+    // The site displayed resources with certificate errors.
+    DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS,
+    // The site ran code loaded with certificate errors.
+    RAN_CONTENT_WITH_CERTIFICATE_ERRORS,
+    // The site both ran and displayed content with certificate errors.
+    RAN_AND_DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS,
+  };
+
   // Describes the security status of a page or request. This is the
   // main data structure provided by this class.
   struct SecurityInfo {
     SecurityInfo();
     ~SecurityInfo();
     SecurityLevel security_level;
     SHA1DeprecationStatus sha1_deprecation_status;
     MixedContentStatus mixed_content_status;
+    ContentWithCertErrorsStatus content_with_cert_errors_status;
     // The verification statuses of the signed certificate timestamps
     // for the connection.
     std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
     bool scheme_is_cryptographic;
     net::CertStatus cert_status;
     int cert_id;
     // The security strength, in bits, of the SSL cipher suite. In late
     // 2015, 128 is considered the minimum.
     // 0 means the connection is not encrypted.
     // -1 means the security strength is unknown.
@@ skipping 29 matching lines @@
     int security_bits;
     // The verification statuses of the Signed Certificate
     // Timestamps (if any) that the server provided.
     std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
     // True if the page displayed passive mixed content.
     bool displayed_mixed_content;
     // True if the page ran active mixed content.
     bool ran_mixed_content;
     // True if PKP was bypassed due to a local trust anchor.
     bool pkp_bypassed;
+    // True if the page displayed content with certificate errors.
+    bool displayed_content_with_certificate_errors;
+    // True if the page ran content with certificate errors.
+    bool ran_content_with_certificate_errors;
   };
 
   // These security levels describe the treatment given to pages that
   // display and run mixed content. They are used to coordinate the
   // treatment of mixed content with other security UI elements.
   static const SecurityLevel kDisplayedInsecureContentLevel;
   static const SecurityLevel kRanInsecureContentLevel;
 
   SecurityStateModel();
   virtual ~SecurityStateModel();
@@ skipping 13 matching lines @@
   mutable VisibleSecurityState visible_security_state_;
 
   SecurityStateModelClient* client_;
 
   DISALLOW_COPY_AND_ASSIGN(SecurityStateModel);
 };
 
 }  // namespace security_state
 
 #endif  // COMPONENTS_SECURITY_STATE_SECURITY_STATE_MODEL_H_