OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/website_settings/website_settings.h" | 5 #include "chrome/browser/ui/website_settings/website_settings.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 #include "components/content_settings/core/browser/host_content_settings_map.h" | 49 #include "components/content_settings/core/browser/host_content_settings_map.h" |
50 #include "components/content_settings/core/browser/local_shared_objects_counter.
h" | 50 #include "components/content_settings/core/browser/local_shared_objects_counter.
h" |
51 #include "components/content_settings/core/common/content_settings.h" | 51 #include "components/content_settings/core/common/content_settings.h" |
52 #include "components/content_settings/core/common/content_settings_pattern.h" | 52 #include "components/content_settings/core/common/content_settings_pattern.h" |
53 #include "components/rappor/rappor_utils.h" | 53 #include "components/rappor/rappor_utils.h" |
54 #include "components/ssl_errors/error_info.h" | 54 #include "components/ssl_errors/error_info.h" |
55 #include "components/strings/grit/components_chromium_strings.h" | 55 #include "components/strings/grit/components_chromium_strings.h" |
56 #include "components/strings/grit/components_strings.h" | 56 #include "components/strings/grit/components_strings.h" |
57 #include "components/url_formatter/elide_url.h" | 57 #include "components/url_formatter/elide_url.h" |
58 #include "content/public/browser/browser_thread.h" | 58 #include "content/public/browser/browser_thread.h" |
59 #include "content/public/browser/cert_store.h" | |
60 #include "content/public/browser/permission_type.h" | 59 #include "content/public/browser/permission_type.h" |
61 #include "content/public/browser/user_metrics.h" | 60 #include "content/public/browser/user_metrics.h" |
62 #include "content/public/common/content_switches.h" | 61 #include "content/public/common/content_switches.h" |
63 #include "content/public/common/url_constants.h" | 62 #include "content/public/common/url_constants.h" |
64 #include "net/cert/cert_status_flags.h" | 63 #include "net/cert/cert_status_flags.h" |
65 #include "net/cert/x509_certificate.h" | 64 #include "net/cert/x509_certificate.h" |
66 #include "net/ssl/ssl_cipher_suite_names.h" | 65 #include "net/ssl/ssl_cipher_suite_names.h" |
67 #include "net/ssl/ssl_connection_status_flags.h" | 66 #include "net/ssl/ssl_connection_status_flags.h" |
68 #include "ui/base/l10n/l10n_util.h" | 67 #include "ui/base/l10n/l10n_util.h" |
69 | 68 |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
246 }; | 245 }; |
247 | 246 |
248 } // namespace | 247 } // namespace |
249 | 248 |
250 WebsiteSettings::WebsiteSettings( | 249 WebsiteSettings::WebsiteSettings( |
251 WebsiteSettingsUI* ui, | 250 WebsiteSettingsUI* ui, |
252 Profile* profile, | 251 Profile* profile, |
253 TabSpecificContentSettings* tab_specific_content_settings, | 252 TabSpecificContentSettings* tab_specific_content_settings, |
254 content::WebContents* web_contents, | 253 content::WebContents* web_contents, |
255 const GURL& url, | 254 const GURL& url, |
256 const SecurityStateModel::SecurityInfo& security_info, | 255 const SecurityStateModel::SecurityInfo& security_info) |
257 content::CertStore* cert_store) | |
258 : TabSpecificContentSettings::SiteDataObserver( | 256 : TabSpecificContentSettings::SiteDataObserver( |
259 tab_specific_content_settings), | 257 tab_specific_content_settings), |
260 ui_(ui), | 258 ui_(ui), |
261 #if !defined(OS_ANDROID) | 259 #if !defined(OS_ANDROID) |
262 web_contents_(web_contents), | 260 web_contents_(web_contents), |
263 #endif | 261 #endif |
264 show_info_bar_(false), | 262 show_info_bar_(false), |
265 site_url_(url), | 263 site_url_(url), |
266 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), | 264 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), |
267 cert_id_(0), | |
268 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), | 265 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), |
269 cert_store_(cert_store), | |
270 content_settings_(HostContentSettingsMapFactory::GetForProfile(profile)), | 266 content_settings_(HostContentSettingsMapFactory::GetForProfile(profile)), |
271 chrome_ssl_host_state_delegate_( | 267 chrome_ssl_host_state_delegate_( |
272 ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), | 268 ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), |
273 did_revoke_user_ssl_decisions_(false), | 269 did_revoke_user_ssl_decisions_(false), |
274 profile_(profile) { | 270 profile_(profile) { |
275 Init(url, security_info); | 271 Init(url, security_info); |
276 | 272 |
277 PresentSitePermissions(); | 273 PresentSitePermissions(); |
278 PresentSiteData(); | 274 PresentSiteData(); |
279 PresentSiteIdentity(); | 275 PresentSiteIdentity(); |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
421 | 417 |
422 if (url.SchemeIs(content::kChromeUIScheme) || isChromeUINativeScheme) { | 418 if (url.SchemeIs(content::kChromeUIScheme) || isChromeUINativeScheme) { |
423 site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE; | 419 site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE; |
424 site_identity_details_ = | 420 site_identity_details_ = |
425 l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE); | 421 l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE); |
426 site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE; | 422 site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE; |
427 return; | 423 return; |
428 } | 424 } |
429 | 425 |
430 // Identity section. | 426 // Identity section. |
431 scoped_refptr<net::X509Certificate> cert; | 427 certificate_ = security_info.certificate; |
432 cert_id_ = security_info.cert_id; | |
433 | 428 |
434 // HTTPS with no or minor errors. | 429 // HTTPS with no or minor errors. |
435 if (security_info.cert_id && | 430 if (certificate_ && |
436 cert_store_->RetrieveCert(security_info.cert_id, &cert) && | |
437 (!net::IsCertStatusError(security_info.cert_status) || | 431 (!net::IsCertStatusError(security_info.cert_status) || |
438 net::IsCertStatusMinorError(security_info.cert_status))) { | 432 net::IsCertStatusMinorError(security_info.cert_status))) { |
439 // There are no major errors. Check for minor errors. | 433 // There are no major errors. Check for minor errors. |
440 if (security_info.security_level == | 434 if (security_info.security_level == |
441 SecurityStateModel::SECURITY_POLICY_WARNING) { | 435 SecurityStateModel::SECURITY_POLICY_WARNING) { |
442 site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT; | 436 site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT; |
443 site_identity_details_ = l10n_util::GetStringFUTF16( | 437 site_identity_details_ = l10n_util::GetStringFUTF16( |
444 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host())); | 438 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host())); |
445 } else if (net::IsCertStatusMinorError(security_info.cert_status)) { | 439 } else if (net::IsCertStatusMinorError(security_info.cert_status)) { |
446 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN; | 440 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN; |
447 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); | 441 base::string16 issuer_name( |
| 442 UTF8ToUTF16(certificate_->issuer().GetDisplayName())); |
448 if (issuer_name.empty()) { | 443 if (issuer_name.empty()) { |
449 issuer_name.assign(l10n_util::GetStringUTF16( | 444 issuer_name.assign(l10n_util::GetStringUTF16( |
450 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | 445 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
451 } | 446 } |
452 | 447 |
453 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 448 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
454 GetSiteIdentityDetailsMessageByCTInfo( | 449 GetSiteIdentityDetailsMessageByCTInfo( |
455 security_info.sct_verify_statuses, false /* not EV */), | 450 security_info.sct_verify_statuses, false /* not EV */), |
456 issuer_name)); | 451 issuer_name)); |
457 | 452 |
458 site_identity_details_ += ASCIIToUTF16("\n\n"); | 453 site_identity_details_ += ASCIIToUTF16("\n\n"); |
459 if (security_info.cert_status & | 454 if (security_info.cert_status & |
460 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { | 455 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { |
461 site_identity_details_ += l10n_util::GetStringUTF16( | 456 site_identity_details_ += l10n_util::GetStringUTF16( |
462 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); | 457 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); |
463 } else if (security_info.cert_status & | 458 } else if (security_info.cert_status & |
464 net::CERT_STATUS_NO_REVOCATION_MECHANISM) { | 459 net::CERT_STATUS_NO_REVOCATION_MECHANISM) { |
465 site_identity_details_ += l10n_util::GetStringUTF16( | 460 site_identity_details_ += l10n_util::GetStringUTF16( |
466 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); | 461 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); |
467 } else { | 462 } else { |
468 NOTREACHED() << "Need to specify string for this warning"; | 463 NOTREACHED() << "Need to specify string for this warning"; |
469 } | 464 } |
470 } else { | 465 } else { |
471 if (security_info.cert_status & net::CERT_STATUS_IS_EV) { | 466 if (security_info.cert_status & net::CERT_STATUS_IS_EV) { |
472 // EV HTTPS page. | 467 // EV HTTPS page. |
473 site_identity_status_ = GetSiteIdentityStatusByCTInfo( | 468 site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
474 security_info.sct_verify_statuses, true); | 469 security_info.sct_verify_statuses, true); |
475 DCHECK(!cert->subject().organization_names.empty()); | 470 DCHECK(!certificate_->subject().organization_names.empty()); |
476 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); | 471 organization_name_ = |
| 472 UTF8ToUTF16(certificate_->subject().organization_names[0]); |
477 // An EV Cert is required to have a city (localityName) and country but | 473 // An EV Cert is required to have a city (localityName) and country but |
478 // state is "if any". | 474 // state is "if any". |
479 DCHECK(!cert->subject().locality_name.empty()); | 475 DCHECK(!certificate_->subject().locality_name.empty()); |
480 DCHECK(!cert->subject().country_name.empty()); | 476 DCHECK(!certificate_->subject().country_name.empty()); |
481 base::string16 locality; | 477 base::string16 locality; |
482 if (!cert->subject().state_or_province_name.empty()) { | 478 if (!certificate_->subject().state_or_province_name.empty()) { |
483 locality = l10n_util::GetStringFUTF16( | 479 locality = l10n_util::GetStringFUTF16( |
484 IDS_PAGEINFO_ADDRESS, | 480 IDS_PAGEINFO_ADDRESS, |
485 UTF8ToUTF16(cert->subject().locality_name), | 481 UTF8ToUTF16(certificate_->subject().locality_name), |
486 UTF8ToUTF16(cert->subject().state_or_province_name), | 482 UTF8ToUTF16(certificate_->subject().state_or_province_name), |
487 UTF8ToUTF16(cert->subject().country_name)); | 483 UTF8ToUTF16(certificate_->subject().country_name)); |
488 } else { | 484 } else { |
489 locality = l10n_util::GetStringFUTF16( | 485 locality = l10n_util::GetStringFUTF16( |
490 IDS_PAGEINFO_PARTIAL_ADDRESS, | 486 IDS_PAGEINFO_PARTIAL_ADDRESS, |
491 UTF8ToUTF16(cert->subject().locality_name), | 487 UTF8ToUTF16(certificate_->subject().locality_name), |
492 UTF8ToUTF16(cert->subject().country_name)); | 488 UTF8ToUTF16(certificate_->subject().country_name)); |
493 } | 489 } |
494 DCHECK(!cert->subject().organization_names.empty()); | 490 DCHECK(!certificate_->subject().organization_names.empty()); |
495 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 491 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
496 GetSiteIdentityDetailsMessageByCTInfo( | 492 GetSiteIdentityDetailsMessageByCTInfo( |
497 security_info.sct_verify_statuses, true /* is EV */), | 493 security_info.sct_verify_statuses, true /* is EV */), |
498 UTF8ToUTF16(cert->subject().organization_names[0]), locality, | 494 UTF8ToUTF16(certificate_->subject().organization_names[0]), |
499 UTF8ToUTF16(cert->issuer().GetDisplayName()))); | 495 locality, |
| 496 UTF8ToUTF16(certificate_->issuer().GetDisplayName()))); |
500 } else { | 497 } else { |
501 // Non-EV OK HTTPS page. | 498 // Non-EV OK HTTPS page. |
502 site_identity_status_ = GetSiteIdentityStatusByCTInfo( | 499 site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
503 security_info.sct_verify_statuses, false); | 500 security_info.sct_verify_statuses, false); |
504 base::string16 issuer_name( | 501 base::string16 issuer_name( |
505 UTF8ToUTF16(cert->issuer().GetDisplayName())); | 502 UTF8ToUTF16(certificate_->issuer().GetDisplayName())); |
506 if (issuer_name.empty()) { | 503 if (issuer_name.empty()) { |
507 issuer_name.assign(l10n_util::GetStringUTF16( | 504 issuer_name.assign(l10n_util::GetStringUTF16( |
508 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | 505 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
509 } | 506 } |
510 | 507 |
511 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 508 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
512 GetSiteIdentityDetailsMessageByCTInfo( | 509 GetSiteIdentityDetailsMessageByCTInfo( |
513 security_info.sct_verify_statuses, false /* not EV */), | 510 security_info.sct_verify_statuses, false /* not EV */), |
514 issuer_name)); | 511 issuer_name)); |
515 } | 512 } |
(...skipping 21 matching lines...) Expand all Loading... |
537 // UNKNOWN_SHA1 should only appear when certificate info has not been | 534 // UNKNOWN_SHA1 should only appear when certificate info has not been |
538 // initialized, in which case this if-statement should not be running | 535 // initialized, in which case this if-statement should not be running |
539 // because there is no other cert info. | 536 // because there is no other cert info. |
540 NOTREACHED(); | 537 NOTREACHED(); |
541 } | 538 } |
542 } | 539 } |
543 } else { | 540 } else { |
544 // HTTP or HTTPS with errors (not warnings). | 541 // HTTP or HTTPS with errors (not warnings). |
545 site_identity_details_.assign(l10n_util::GetStringUTF16( | 542 site_identity_details_.assign(l10n_util::GetStringUTF16( |
546 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); | 543 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); |
547 if (!security_info.scheme_is_cryptographic || !security_info.cert_id) | 544 if (!security_info.scheme_is_cryptographic || !security_info.certificate) |
548 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; | 545 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; |
549 else | 546 else |
550 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; | 547 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; |
551 | 548 |
552 const base::string16 bullet = UTF8ToUTF16("\n • "); | 549 const base::string16 bullet = UTF8ToUTF16("\n • "); |
553 std::vector<ssl_errors::ErrorInfo> errors; | 550 std::vector<ssl_errors::ErrorInfo> errors; |
554 ssl_errors::ErrorInfo::GetErrorsForCertStatus( | 551 ssl_errors::ErrorInfo::GetErrorsForCertStatus( |
555 cert, security_info.cert_status, url, &errors); | 552 certificate_, security_info.cert_status, url, &errors); |
556 for (size_t i = 0; i < errors.size(); ++i) { | 553 for (size_t i = 0; i < errors.size(); ++i) { |
557 site_identity_details_ += bullet; | 554 site_identity_details_ += bullet; |
558 site_identity_details_ += errors[i].short_description(); | 555 site_identity_details_ += errors[i].short_description(); |
559 } | 556 } |
560 | 557 |
561 if (security_info.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { | 558 if (security_info.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { |
562 site_identity_details_ += ASCIIToUTF16("\n\n"); | 559 site_identity_details_ += ASCIIToUTF16("\n\n"); |
563 site_identity_details_ += l10n_util::GetStringUTF16( | 560 site_identity_details_ += l10n_util::GetStringUTF16( |
564 IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME); | 561 IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME); |
565 } | 562 } |
566 } | 563 } |
567 | 564 |
568 // Site Connection | 565 // Site Connection |
569 // We consider anything less than 80 bits encryption to be weak encryption. | 566 // We consider anything less than 80 bits encryption to be weak encryption. |
570 // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and | 567 // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and |
571 // weakly encrypted connections. | 568 // weakly encrypted connections. |
572 site_connection_status_ = SITE_CONNECTION_STATUS_UNKNOWN; | 569 site_connection_status_ = SITE_CONNECTION_STATUS_UNKNOWN; |
573 | 570 |
574 base::string16 subject_name(GetSimpleSiteName(url)); | 571 base::string16 subject_name(GetSimpleSiteName(url)); |
575 if (subject_name.empty()) { | 572 if (subject_name.empty()) { |
576 subject_name.assign( | 573 subject_name.assign( |
577 l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | 574 l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
578 } | 575 } |
579 | 576 |
580 if (!security_info.cert_id || !security_info.scheme_is_cryptographic) { | 577 if (!security_info.certificate || !security_info.scheme_is_cryptographic) { |
581 // Page is still loading (so SSL status is not yet available) or | 578 // Page is still loading (so SSL status is not yet available) or |
582 // loaded over HTTP or loaded over HTTPS with no cert. | 579 // loaded over HTTP or loaded over HTTPS with no cert. |
583 site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; | 580 site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; |
584 | 581 |
585 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 582 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
586 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, | 583 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, |
587 subject_name)); | 584 subject_name)); |
588 } else if (security_info.security_bits < 0) { | 585 } else if (security_info.security_bits < 0) { |
589 // Security strength is unknown. Say nothing. | 586 // Security strength is unknown. Say nothing. |
590 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; | 587 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
806 info.site_identity = UTF16ToUTF8(organization_name()); | 803 info.site_identity = UTF16ToUTF8(organization_name()); |
807 else | 804 else |
808 info.site_identity = UTF16ToUTF8(GetSimpleSiteName(site_url_)); | 805 info.site_identity = UTF16ToUTF8(GetSimpleSiteName(site_url_)); |
809 | 806 |
810 info.connection_status = site_connection_status_; | 807 info.connection_status = site_connection_status_; |
811 info.connection_status_description = | 808 info.connection_status_description = |
812 UTF16ToUTF8(site_connection_details_); | 809 UTF16ToUTF8(site_connection_details_); |
813 info.identity_status = site_identity_status_; | 810 info.identity_status = site_identity_status_; |
814 info.identity_status_description = | 811 info.identity_status_description = |
815 UTF16ToUTF8(site_identity_details_); | 812 UTF16ToUTF8(site_identity_details_); |
816 info.cert_id = cert_id_; | 813 info.certificate = certificate_; |
817 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; | 814 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; |
818 ui_->SetIdentityInfo(info); | 815 ui_->SetIdentityInfo(info); |
819 } | 816 } |
OLD | NEW |