Remove SSLStatus::security_style member and content::SecurityStyle

content/child/web_url_loader_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/web_url_loader_impl.h"
 
 #include <openssl/ssl.h>
 #include <stdint.h>
 
 #include <algorithm>
@@ skipping 16 matching lines @@
 #include "content/child/ftp_directory_listing_response_delegate.h"
 #include "content/child/request_extra_data.h"
 #include "content/child/resource_dispatcher.h"
 #include "content/child/shared_memory_data_consumer_handle.h"
 #include "content/child/sync_load_response.h"
 #include "content/child/web_url_request_util.h"
 #include "content/child/weburlresponse_extradata_impl.h"
 #include "content/common/resource_messages.h"
 #include "content/common/resource_request.h"
 #include "content/common/resource_request_body_impl.h"
-#include "content/common/security_style_util.h"
 #include "content/common/service_worker/service_worker_types.h"
 #include "content/common/url_loader.mojom.h"
 #include "content/public/child/fixed_received_data.h"
 #include "content/public/child/request_peer.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "net/base/data_url.h"
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/ct_sct_to_string.h"
 #include "net/cert/x509_util.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/url_request/url_request_data_job.h"
 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"
 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
+#include "third_party/WebKit/public/platform/WebSecurityStyle.h"
 #include "third_party/WebKit/public/platform/WebTaskRunner.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLError.h"
 #include "third_party/WebKit/public/platform/WebURLLoadTiming.h"
 #include "third_party/WebKit/public/platform/WebURLLoaderClient.h"
 #include "third_party/WebKit/public/platform/WebURLRequest.h"
 #include "third_party/WebKit/public/platform/WebURLResponse.h"
 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
 
 using base::Time;
@@ skipping 14 matching lines @@
 using blink::WebURLResponse;
 
 namespace content {
 
 // Utilities ------------------------------------------------------------------
 
 namespace {
 
 using HeadersVector = ResourceDevToolsInfo::HeadersVector;
 
+// TODO(estark): Figure out a way for the embedder to provide the
+// security style for a resource. Ideally, the logic for assigning
+// per-resource security styles should live in the same place as the
+// logic for assigning per-page security styles (which lives in the
+// embedder). It would also be nice for the embedder to have the chance
+// to control the per-resource security style beyond the simple logic
+// here. (For example, the embedder might want to mark certain resources
+// differently if they use SHA1 signatures.) https://crbug.com/648326
+blink::WebSecurityStyle GetSecurityStyleForResource(
+    const GURL& url,
+    net::CertStatus cert_status) {
+  if (!url.SchemeIsCryptographic())
+    return blink::WebSecurityStyleUnauthenticated;
+
+  // Minor errors don't lower the security style to
+  // WebSecurityStyleAuthenticationBroken.
+  if (net::IsCertStatusError(cert_status) &&
+      !net::IsCertStatusMinorError(cert_status)) {
+    return blink::WebSecurityStyleAuthenticationBroken;
+  }
+
+  return blink::WebSecurityStyleAuthenticated;
+}
+
 // Converts timing data from |load_timing| to the format used by WebKit.
 void PopulateURLLoadTiming(const net::LoadTimingInfo& load_timing,
                            WebURLLoadTiming* url_timing) {
   DCHECK(!load_timing.request_start.is_null());
 
   const TimeTicks kNullTicks;
   url_timing->initialize();
   url_timing->setRequestTime(
       (load_timing.request_start - kNullTicks).InSecondsF());
   url_timing->setProxyStart(
@@ skipping 121 matching lines @@
       WebString::fromUTF8(
           base::HexEncode(sct_and_status.sct->signature.signature_data.c_str(),
           sct_and_status.sct->signature.signature_data.length())));
 }
 
 void SetSecurityStyleAndDetails(const GURL& url,
                                 const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
-    response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
+    response->setSecurityStyle(blink::WebSecurityStyleUnknown);
     return;
   }
   if (!url.SchemeIsCryptographic()) {
-    response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated);
+    response->setSecurityStyle(blink::WebSecurityStyleUnauthenticated);
     return;
   }
 
   // There are cases where an HTTPS request can come in without security
   // info attached (such as a redirect response).
   if (info.certificate.empty()) {
-    response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
+    response->setSecurityStyle(blink::WebSecurityStyleUnknown);
     return;
   }
 
   int ssl_version =
       net::SSLConnectionStatusToVersion(info.ssl_connection_status);
   const char* protocol;
   net::SSLVersionToString(&protocol, ssl_version);
 
   const char* key_exchange;
   const char* cipher;
@@ skipping 11 matching lines @@
   const char* key_exchange_group = "";
   if (info.ssl_key_exchange_group != 0) {
     // Historically the field was named 'curve' rather than 'group'.
     key_exchange_group = SSL_get_curve_name(info.ssl_key_exchange_group);
     if (!key_exchange_group) {
       NOTREACHED();
       key_exchange_group = "";
     }
   }
 
-  SecurityStyle security_style = GetSecurityStyleForResource(
-      url, true, info.cert_status);
-
-  blink::WebURLResponse::SecurityStyle security_style_blink =
-      WebURLResponse::SecurityStyleUnknown;
-  switch (security_style) {
-    case SECURITY_STYLE_UNKNOWN:
-      security_style_blink = WebURLResponse::SecurityStyleUnknown;
-      break;
-    case SECURITY_STYLE_UNAUTHENTICATED:
-      security_style_blink = WebURLResponse::SecurityStyleUnauthenticated;
-      break;
-    case SECURITY_STYLE_AUTHENTICATION_BROKEN:
-      security_style_blink = WebURLResponse::SecurityStyleAuthenticationBroken;
-      break;
-    case SECURITY_STYLE_WARNING:
-      security_style_blink = WebURLResponse::SecurityStyleWarning;
-      break;
-    case SECURITY_STYLE_AUTHENTICATED:
-      security_style_blink = WebURLResponse::SecurityStyleAuthenticated;
-      break;
-  }
-
-  response->setSecurityStyle(security_style_blink);
+  response->setSecurityStyle(
+      GetSecurityStyleForResource(url, info.cert_status));
 
   blink::WebURLResponse::SignedCertificateTimestampList sct_list(
       info.signed_certificate_timestamps.size());
 
   for (size_t i = 0; i < sct_list.size(); ++i)
     sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]);
 
   std::string subject, issuer;
   base::Time valid_start, valid_expiry;
   std::vector<std::string> san;
   bool rv = net::x509_util::ParseCertificateSandboxed(
       info.certificate[0], &subject, &issuer, &valid_start, &valid_expiry, &san,
       &san);
   if (!rv) {
     NOTREACHED();
-    response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
+    response->setSecurityStyle(blink::WebSecurityStyleUnknown);
     return;
   }
 
   blink::WebVector<blink::WebString> web_san(san.size());
   std::transform(
       san.begin(),
       san.end(), web_san.begin(),
       [](const std::string& h) { return blink::WebString::fromLatin1(h); });
 
   blink::WebVector<blink::WebString> web_cert(info.certificate.size());
@@ skipping 908 matching lines @@
                                          int intra_priority_value) {
   context_->DidChangePriority(new_priority, intra_priority_value);
 }
 
 void WebURLLoaderImpl::setLoadingTaskRunner(
     blink::WebTaskRunner* loading_task_runner) {
   context_->SetTaskRunner(loading_task_runner->toSingleThreadTaskRunner());
 }
 
 }  // namespace content