| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/website_settings/website_settings.h" | 5 #include "chrome/browser/ui/website_settings/website_settings.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 // Fullscreen and mouselock settings are no longer shown (always allow). | 126 // Fullscreen and mouselock settings are no longer shown (always allow). |
| 127 if (type == CONTENT_SETTINGS_TYPE_FULLSCREEN || | 127 if (type == CONTENT_SETTINGS_TYPE_FULLSCREEN || |
| 128 type == CONTENT_SETTINGS_TYPE_MOUSELOCK) { | 128 type == CONTENT_SETTINGS_TYPE_MOUSELOCK) { |
| 129 return false; | 129 return false; |
| 130 } | 130 } |
| 131 #endif | 131 #endif |
| 132 | 132 |
| 133 return true; | 133 return true; |
| 134 } | 134 } |
| 135 | 135 |
| 136 void CheckContentStatus(SecurityStateModel::ContentStatus content_status, |
| 137 bool* displayed, |
| 138 bool* ran) { |
| 139 switch (content_status) { |
| 140 case SecurityStateModel::CONTENT_STATUS_DISPLAYED: |
| 141 *displayed = true; |
| 142 break; |
| 143 case SecurityStateModel::CONTENT_STATUS_RAN: |
| 144 *ran = true; |
| 145 break; |
| 146 case SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN: |
| 147 *displayed = true; |
| 148 *ran = true; |
| 149 break; |
| 150 case SecurityStateModel::CONTENT_STATUS_UNKNOWN: |
| 151 case SecurityStateModel::CONTENT_STATUS_NONE: |
| 152 break; |
| 153 } |
| 154 } |
| 155 |
| 156 void CheckForInsecureContent( |
| 157 const SecurityStateModel::SecurityInfo& security_info, |
| 158 bool* displayed, |
| 159 bool* ran) { |
| 160 CheckContentStatus(security_info.mixed_content_status, displayed, ran); |
| 161 // Only consider subresources with certificate errors if the main |
| 162 // resource was loaded over HTTPS without major certificate errors. If |
| 163 // the main resource had a certificate error, then it would not be |
| 164 // that useful (and would potentially be confusing) to warn about |
| 165 // subesources that had certificate errors too. |
| 166 if (net::IsCertStatusError(security_info.cert_status) && |
| 167 !net::IsCertStatusMinorError(security_info.cert_status)) { |
| 168 return; |
| 169 } |
| 170 CheckContentStatus(security_info.content_with_cert_errors_status, displayed, |
| 171 ran); |
| 172 } |
| 173 |
| 136 // Returns true if any of the given statuses match |status|. | 174 // Returns true if any of the given statuses match |status|. |
| 137 bool CertificateTransparencyStatusMatchAny( | 175 bool CertificateTransparencyStatusMatchAny( |
| 138 const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses, | 176 const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses, |
| 139 net::ct::SCTVerifyStatus status) { | 177 net::ct::SCTVerifyStatus status) { |
| 140 for (const auto& verify_status : sct_verify_statuses) { | 178 for (const auto& verify_status : sct_verify_statuses) { |
| 141 if (verify_status == status) | 179 if (verify_status == status) |
| 142 return true; | 180 return true; |
| 143 } | 181 } |
| 144 return false; | 182 return false; |
| 145 } | 183 } |
| (...skipping 406 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 552 if (security_info.is_secure_protocol_and_ciphersuite) { | 590 if (security_info.is_secure_protocol_and_ciphersuite) { |
| 553 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 591 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 554 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT, | 592 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT, |
| 555 subject_name)); | 593 subject_name)); |
| 556 } else { | 594 } else { |
| 557 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 595 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 558 IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT, | 596 IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT, |
| 559 subject_name)); | 597 subject_name)); |
| 560 } | 598 } |
| 561 | 599 |
| 562 if (security_info.mixed_content_status != | 600 bool ran_insecure_content = false; |
| 563 SecurityStateModel::CONTENT_STATUS_NONE) { | 601 bool displayed_insecure_content = false; |
| 564 bool ran_insecure_content = | 602 CheckForInsecureContent(security_info, &displayed_insecure_content, |
| 565 (security_info.mixed_content_status == | 603 &ran_insecure_content); |
| 566 SecurityStateModel::CONTENT_STATUS_RAN || | 604 if (ran_insecure_content || displayed_insecure_content) { |
| 567 security_info.mixed_content_status == | |
| 568 SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN); | |
| 569 site_connection_status_ = ran_insecure_content | 605 site_connection_status_ = ran_insecure_content |
| 570 ? SITE_CONNECTION_STATUS_MIXED_SCRIPT | 606 ? SITE_CONNECTION_STATUS_INSECURE_SCRIPT |
| 571 : SITE_CONNECTION_STATUS_MIXED_CONTENT; | 607 : SITE_CONNECTION_STATUS_INSECURE_CONTENT; |
| 572 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 608 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 573 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK, | 609 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK, |
| 574 site_connection_details_, | 610 site_connection_details_, |
| 575 l10n_util::GetStringUTF16(ran_insecure_content ? | 611 l10n_util::GetStringUTF16( |
| 576 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR : | 612 ran_insecure_content |
| 577 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING))); | 613 ? IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR |
| 614 : IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNIN
G))); |
| 578 } | 615 } |
| 579 } | 616 } |
| 580 | 617 |
| 581 uint16_t cipher_suite = | 618 uint16_t cipher_suite = |
| 582 net::SSLConnectionStatusToCipherSuite(security_info.connection_status); | 619 net::SSLConnectionStatusToCipherSuite(security_info.connection_status); |
| 583 if (security_info.security_bits > 0 && cipher_suite) { | 620 if (security_info.security_bits > 0 && cipher_suite) { |
| 584 int ssl_version = | 621 int ssl_version = |
| 585 net::SSLConnectionStatusToVersion(security_info.connection_status); | 622 net::SSLConnectionStatusToVersion(security_info.connection_status); |
| 586 const char* ssl_version_str; | 623 const char* ssl_version_str; |
| 587 net::SSLVersionToString(&ssl_version_str, ssl_version); | 624 net::SSLVersionToString(&ssl_version_str, ssl_version); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 603 site_connection_details_ += l10n_util::GetStringFUTF16( | 640 site_connection_details_ += l10n_util::GetStringFUTF16( |
| 604 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD, | 641 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD, |
| 605 ASCIIToUTF16(cipher), ASCIIToUTF16(key_exchange)); | 642 ASCIIToUTF16(cipher), ASCIIToUTF16(key_exchange)); |
| 606 } else { | 643 } else { |
| 607 site_connection_details_ += l10n_util::GetStringFUTF16( | 644 site_connection_details_ += l10n_util::GetStringFUTF16( |
| 608 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS, | 645 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS, |
| 609 ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange)); | 646 ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange)); |
| 610 } | 647 } |
| 611 | 648 |
| 612 if (ssl_version == net::SSL_CONNECTION_VERSION_SSL3 && | 649 if (ssl_version == net::SSL_CONNECTION_VERSION_SSL3 && |
| 613 site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT) { | 650 site_connection_status_ < SITE_CONNECTION_STATUS_INSECURE_CONTENT) { |
| 614 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; | 651 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 615 } | 652 } |
| 616 | 653 |
| 617 const bool did_fallback = (security_info.connection_status & | 654 const bool did_fallback = (security_info.connection_status & |
| 618 net::SSL_CONNECTION_VERSION_FALLBACK) != 0; | 655 net::SSL_CONNECTION_VERSION_FALLBACK) != 0; |
| 619 if (did_fallback) { | 656 if (did_fallback) { |
| 620 site_connection_details_ += ASCIIToUTF16("\n\n"); | 657 site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 621 site_connection_details_ += l10n_util::GetStringUTF16( | 658 site_connection_details_ += l10n_util::GetStringUTF16( |
| 622 IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE); | 659 IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE); |
| 623 } | 660 } |
| (...skipping 15 matching lines...) Expand all Loading... |
| 639 show_ssl_decision_revoke_button_ = delegate->HasAllowException(url.host()); | 676 show_ssl_decision_revoke_button_ = delegate->HasAllowException(url.host()); |
| 640 | 677 |
| 641 // By default select the Permissions Tab that displays all the site | 678 // By default select the Permissions Tab that displays all the site |
| 642 // permissions. In case of a connection error or an issue with the certificate | 679 // permissions. In case of a connection error or an issue with the certificate |
| 643 // presented by the website, select the Connection Tab to draw the user's | 680 // presented by the website, select the Connection Tab to draw the user's |
| 644 // attention to the issue. If the site does not provide a certificate because | 681 // attention to the issue. If the site does not provide a certificate because |
| 645 // it was loaded over an unencrypted connection, don't select the Connection | 682 // it was loaded over an unencrypted connection, don't select the Connection |
| 646 // Tab. | 683 // Tab. |
| 647 WebsiteSettingsUI::TabId tab_id = WebsiteSettingsUI::TAB_ID_PERMISSIONS; | 684 WebsiteSettingsUI::TabId tab_id = WebsiteSettingsUI::TAB_ID_PERMISSIONS; |
| 648 if (site_connection_status_ == SITE_CONNECTION_STATUS_ENCRYPTED_ERROR || | 685 if (site_connection_status_ == SITE_CONNECTION_STATUS_ENCRYPTED_ERROR || |
| 649 site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_CONTENT || | 686 site_connection_status_ == SITE_CONNECTION_STATUS_INSECURE_CONTENT || |
| 650 site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_SCRIPT || | 687 site_connection_status_ == SITE_CONNECTION_STATUS_INSECURE_SCRIPT || |
| 651 site_identity_status_ == SITE_IDENTITY_STATUS_ERROR || | 688 site_identity_status_ == SITE_IDENTITY_STATUS_ERROR || |
| 652 site_identity_status_ == SITE_IDENTITY_STATUS_CT_ERROR || | 689 site_identity_status_ == SITE_IDENTITY_STATUS_CT_ERROR || |
| 653 site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN || | 690 site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN || |
| 654 site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT || | 691 site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT || |
| 655 site_identity_status_ == | 692 site_identity_status_ == |
| 656 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MINOR || | 693 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MINOR || |
| 657 site_identity_status_ == | 694 site_identity_status_ == |
| 658 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MAJOR) { | 695 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MAJOR) { |
| 659 tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION; | 696 tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION; |
| 660 RecordWebsiteSettingsAction( | 697 RecordWebsiteSettingsAction( |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 759 info.connection_status = site_connection_status_; | 796 info.connection_status = site_connection_status_; |
| 760 info.connection_status_description = | 797 info.connection_status_description = |
| 761 UTF16ToUTF8(site_connection_details_); | 798 UTF16ToUTF8(site_connection_details_); |
| 762 info.identity_status = site_identity_status_; | 799 info.identity_status = site_identity_status_; |
| 763 info.identity_status_description = | 800 info.identity_status_description = |
| 764 UTF16ToUTF8(site_identity_details_); | 801 UTF16ToUTF8(site_identity_details_); |
| 765 info.cert_id = cert_id_; | 802 info.cert_id = cert_id_; |
| 766 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; | 803 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; |
| 767 ui_->SetIdentityInfo(info); | 804 ui_->SetIdentityInfo(info); |
| 768 } | 805 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2244243002:
Adjust WebsiteSettings statuses for subresources with cert errors (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master