| Index: components/security_state/security_state_model.cc
|
| diff --git a/components/security_state/security_state_model.cc b/components/security_state/security_state_model.cc
|
| index 4084402f050039697445c820841a3010ab72a643..60adb058fd84baa95c9f5f37fb772052a11b2ca3 100644
|
| --- a/components/security_state/security_state_model.cc
|
| +++ b/components/security_state/security_state_model.cc
|
| @@ -87,12 +87,30 @@ SecurityStateModel::MixedContentStatus GetMixedContentStatus(
|
| return SecurityStateModel::NO_MIXED_CONTENT;
|
| }
|
|
|
| +SecurityStateModel::ContentWithCertErrorsStatus GetContentWithCertErrorsStatus(
|
| + const SecurityStateModel::VisibleSecurityState& visible_security_state) {
|
| + bool ran = visible_security_state.ran_content_with_certificate_errors;
|
| + bool displayed =
|
| + visible_security_state.displayed_content_with_certificate_errors;
|
| + if (ran && displayed)
|
| + return SecurityStateModel::
|
| + RAN_AND_DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS;
|
| + if (ran)
|
| + return SecurityStateModel::RAN_CONTENT_WITH_CERTIFICATE_ERRORS;
|
| + if (displayed)
|
| + return SecurityStateModel::DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS;
|
| +
|
| + return SecurityStateModel::NO_CONTENT_WITH_CERTIFICATE_ERRORS;
|
| +}
|
| +
|
| SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| const SecurityStateModel::VisibleSecurityState& visible_security_state,
|
| SecurityStateModelClient* client,
|
| const scoped_refptr<net::X509Certificate>& cert,
|
| SecurityStateModel::SHA1DeprecationStatus sha1_status,
|
| - SecurityStateModel::MixedContentStatus mixed_content_status) {
|
| + SecurityStateModel::MixedContentStatus mixed_content_status,
|
| + SecurityStateModel::ContentWithCertErrorsStatus
|
| + content_with_cert_errors_status) {
|
| DCHECK(visible_security_state.initialized);
|
| GURL url = visible_security_state.url;
|
| switch (visible_security_state.initial_security_level) {
|
| @@ -121,7 +139,12 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| }
|
| if (mixed_content_status == SecurityStateModel::RAN_MIXED_CONTENT ||
|
| mixed_content_status ==
|
| - SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT) {
|
| + SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT ||
|
| + content_with_cert_errors_status ==
|
| + SecurityStateModel::RAN_CONTENT_WITH_CERTIFICATE_ERRORS ||
|
| + content_with_cert_errors_status ==
|
| + SecurityStateModel::
|
| + RAN_AND_DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS) {
|
| return SecurityStateModel::kRanInsecureContentLevel;
|
| }
|
|
|
| @@ -142,7 +165,9 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| DCHECK_NE(SecurityStateModel::RAN_MIXED_CONTENT, mixed_content_status);
|
| DCHECK_NE(SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT,
|
| mixed_content_status);
|
| - if (mixed_content_status == SecurityStateModel::DISPLAYED_MIXED_CONTENT)
|
| + if (mixed_content_status == SecurityStateModel::DISPLAYED_MIXED_CONTENT ||
|
| + content_with_cert_errors_status ==
|
| + SecurityStateModel::DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS)
|
| return SecurityStateModel::kDisplayedInsecureContentLevel;
|
|
|
| if (net::IsCertStatusError(cert_status)) {
|
| @@ -179,6 +204,8 @@ void SecurityInfoForRequest(
|
| GetSHA1DeprecationStatus(cert, visible_security_state);
|
| security_info->mixed_content_status =
|
| GetMixedContentStatus(visible_security_state);
|
| + security_info->content_with_cert_errors_status =
|
| + GetContentWithCertErrorsStatus(visible_security_state);
|
| security_info->security_bits = visible_security_state.security_bits;
|
| security_info->connection_status = visible_security_state.connection_status;
|
| security_info->cert_status = visible_security_state.cert_status;
|
| @@ -194,10 +221,11 @@ void SecurityInfoForRequest(
|
| security_info->sct_verify_statuses =
|
| visible_security_state.sct_verify_statuses;
|
|
|
| - security_info->security_level =
|
| - GetSecurityLevelForRequest(visible_security_state, client, cert,
|
| - security_info->sha1_deprecation_status,
|
| - security_info->mixed_content_status);
|
| + security_info->security_level = GetSecurityLevelForRequest(
|
| + visible_security_state, client, cert,
|
| + security_info->sha1_deprecation_status,
|
| + security_info->mixed_content_status,
|
| + security_info->content_with_cert_errors_status);
|
| }
|
|
|
| } // namespace
|
| @@ -213,6 +241,8 @@ SecurityStateModel::SecurityInfo::SecurityInfo()
|
| : security_level(SecurityStateModel::NONE),
|
| sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1),
|
| mixed_content_status(SecurityStateModel::NO_MIXED_CONTENT),
|
| + content_with_cert_errors_status(
|
| + SecurityStateModel::NO_CONTENT_WITH_CERTIFICATE_ERRORS),
|
| scheme_is_cryptographic(false),
|
| cert_status(0),
|
| cert_id(0),
|
| @@ -266,7 +296,9 @@ SecurityStateModel::VisibleSecurityState::VisibleSecurityState()
|
| security_bits(-1),
|
| displayed_mixed_content(false),
|
| ran_mixed_content(false),
|
| - pkp_bypassed(false) {}
|
| + pkp_bypassed(false),
|
| + displayed_content_with_certificate_errors(false),
|
| + ran_content_with_certificate_errors(false) {}
|
|
|
| SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {}
|
|
|
| @@ -280,7 +312,11 @@ bool SecurityStateModel::VisibleSecurityState::operator==(
|
| sct_verify_statuses == other.sct_verify_statuses &&
|
| displayed_mixed_content == other.displayed_mixed_content &&
|
| ran_mixed_content == other.ran_mixed_content &&
|
| - pkp_bypassed == other.pkp_bypassed);
|
| + pkp_bypassed == other.pkp_bypassed &&
|
| + displayed_content_with_certificate_errors ==
|
| + other.displayed_content_with_certificate_errors &&
|
| + ran_content_with_certificate_errors ==
|
| + other.ran_content_with_certificate_errors);
|
| }
|
|
|
| } // namespace security_state
|
|
|
Chromium Code Reviews
Issue 2226523002:
Add separate plumbing for subresources with certificate errors (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master