| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_MODEL_H_ | |
| 6 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_MODEL_H_ | |
| 7 | |
| 8 #include <stdint.h> | |
| 9 | |
| 10 #include "base/macros.h" | |
| 11 #include "net/cert/cert_status_flags.h" | |
| 12 #include "net/cert/sct_status_flags.h" | |
| 13 #include "net/cert/x509_certificate.h" | |
| 14 #include "url/gurl.h" | |
| 15 | |
| 16 namespace security_state { | |
| 17 | |
| 18 class SecurityStateModelClient; | |
| 19 | |
| 20 // SecurityStateModel provides high-level security information about a | |
| 21 // page or request. | |
| 22 // | |
| 23 // SecurityStateModel::SecurityInfo is the main data structure computed | |
| 24 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which | |
| 25 // is a single value describing the overall security state) along with | |
| 26 // information that a consumer might want to display in UI to explain or | |
| 27 // elaborate on the SecurityLevel. | |
| 28 class SecurityStateModel { | |
| 29 public: | |
| 30 // Describes the overall security state of the page. | |
| 31 // | |
| 32 // If you reorder, add, or delete values from this enum, you must also | |
| 33 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. | |
| 34 // | |
| 35 // A Java counterpart will be generated for this enum. | |
| 36 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.security_state | |
| 37 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel | |
| 38 enum SecurityLevel { | |
| 39 // HTTP/no URL/HTTPS but with insecure passive content on the page. | |
| 40 NONE, | |
| 41 | |
| 42 // HTTP, in a case where we want to show a visible warning about the page's | |
| 43 // lack of security. | |
| 44 // | |
| 45 // The criteria used to classify pages as NONE vs. HTTP_SHOW_WARNING will | |
| 46 // change over time. Eventually, NONE will be eliminated. | |
| 47 // See https://crbug.com/647754. | |
| 48 HTTP_SHOW_WARNING, | |
| 49 | |
| 50 // HTTPS with valid EV cert. | |
| 51 EV_SECURE, | |
| 52 | |
| 53 // HTTPS (non-EV) with valid cert. | |
| 54 SECURE, | |
| 55 | |
| 56 // HTTPS, but with an outdated protocol version. | |
| 57 SECURITY_WARNING, | |
| 58 | |
| 59 // HTTPS, but the certificate verification chain is anchored on a | |
| 60 // certificate that was installed by the system administrator. | |
| 61 SECURE_WITH_POLICY_INSTALLED_CERT, | |
| 62 | |
| 63 // Attempted HTTPS and failed, page not authenticated, HTTPS with | |
| 64 // insecure active content on the page, malware, phishing, or any other | |
| 65 // serious security issue that could be dangerous. | |
| 66 DANGEROUS, | |
| 67 }; | |
| 68 | |
| 69 // Describes how the SHA1 deprecation policy applies to an HTTPS | |
| 70 // connection. | |
| 71 enum SHA1DeprecationStatus { | |
| 72 UNKNOWN_SHA1, | |
| 73 // No SHA1 deprecation policy applies. | |
| 74 NO_DEPRECATED_SHA1, | |
| 75 // The connection used a certificate with a SHA1 signature in the | |
| 76 // chain, and policy says that the connection should be treated with a | |
| 77 // warning. | |
| 78 DEPRECATED_SHA1_MINOR, | |
| 79 // The connection used a certificate with a SHA1 signature in the | |
| 80 // chain, and policy says that the connection should be treated as | |
| 81 // broken HTTPS. | |
| 82 DEPRECATED_SHA1_MAJOR, | |
| 83 }; | |
| 84 | |
| 85 // The ContentStatus enum is used to describe content on the page that | |
| 86 // has significantly different security properties than the main page | |
| 87 // load. Content can be passive content that is displayed (such as | |
| 88 // images) or active content that is run (such as scripts or iframes). | |
| 89 enum ContentStatus { | |
| 90 CONTENT_STATUS_UNKNOWN, | |
| 91 CONTENT_STATUS_NONE, | |
| 92 CONTENT_STATUS_DISPLAYED, | |
| 93 CONTENT_STATUS_RAN, | |
| 94 CONTENT_STATUS_DISPLAYED_AND_RAN, | |
| 95 }; | |
| 96 | |
| 97 // Describes the security status of a page or request. This is the | |
| 98 // main data structure provided by this class. | |
| 99 struct SecurityInfo { | |
| 100 SecurityInfo(); | |
| 101 ~SecurityInfo(); | |
| 102 SecurityLevel security_level; | |
| 103 // True if the page fails the browser's malware or phishing checks. | |
| 104 bool fails_malware_check; | |
| 105 SHA1DeprecationStatus sha1_deprecation_status; | |
| 106 // |mixed_content_status| describes the presence of content that was | |
| 107 // loaded over a nonsecure (HTTP) connection. | |
| 108 ContentStatus mixed_content_status; | |
| 109 // |content_with_cert_errors_status| describes the presence of | |
| 110 // content that was loaded over an HTTPS connection with | |
| 111 // certificate errors. | |
| 112 ContentStatus content_with_cert_errors_status; | |
| 113 // The verification statuses of the signed certificate timestamps | |
| 114 // for the connection. | |
| 115 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; | |
| 116 bool scheme_is_cryptographic; | |
| 117 net::CertStatus cert_status; | |
| 118 scoped_refptr<net::X509Certificate> certificate; | |
| 119 // The security strength, in bits, of the SSL cipher suite. In late | |
| 120 // 2015, 128 is considered the minimum. | |
| 121 // | |
| 122 // 0 means the connection uses HTTPS but is not encrypted. -1 means | |
| 123 // the security strength is unknown or the connection does not use | |
| 124 // HTTPS. | |
| 125 int security_bits; | |
| 126 // Information about the SSL connection, such as protocol and | |
| 127 // ciphersuite. See ssl_connection_flags.h in net. | |
| 128 int connection_status; | |
| 129 // The ID of the (EC)DH group used by the key exchange. The value is zero if | |
| 130 // unknown (older cache entries may not store the value) or not applicable. | |
| 131 uint16_t key_exchange_group; | |
| 132 // A mask that indicates which of the protocol version, | |
| 133 // key exchange, or cipher for the connection is considered | |
| 134 // obsolete. See net::ObsoleteSSLMask for specific mask values. | |
| 135 int obsolete_ssl_status; | |
| 136 | |
| 137 // True if pinning was bypassed due to a local trust anchor. | |
| 138 bool pkp_bypassed; | |
| 139 | |
| 140 // True if the page displayed sensitive user data inputs (like a | |
| 141 // password or credit card) on an HTTP page. | |
| 142 bool displayed_private_user_data_input_on_http; | |
| 143 }; | |
| 144 | |
| 145 // Contains the security state relevant to computing the SecurityInfo | |
| 146 // for a page. This is the input to GetSecurityInfo() provided by the | |
| 147 // model's client. | |
| 148 struct VisibleSecurityState { | |
| 149 VisibleSecurityState(); | |
| 150 ~VisibleSecurityState(); | |
| 151 bool operator==(const VisibleSecurityState& other) const; | |
| 152 GURL url; | |
| 153 | |
| 154 // True if the page fails the browser's malware or phishing checks. | |
| 155 bool fails_malware_check; | |
| 156 | |
| 157 // CONNECTION SECURITY FIELDS | |
| 158 // Whether the connection security fields are initialized. | |
| 159 bool connection_info_initialized; | |
| 160 // The following fields contain information about the connection | |
| 161 // used to load the page or request. | |
| 162 scoped_refptr<net::X509Certificate> certificate; | |
| 163 net::CertStatus cert_status; | |
| 164 int connection_status; | |
| 165 // The ID of the (EC)DH group used by the key exchange. The value is zero if | |
| 166 // unknown (older cache entries may not store the value) or not applicable. | |
| 167 uint16_t key_exchange_group; | |
| 168 int security_bits; | |
| 169 // The verification statuses of the Signed Certificate | |
| 170 // Timestamps (if any) that the server provided. | |
| 171 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; | |
| 172 // True if the page displayed passive mixed content. | |
| 173 bool displayed_mixed_content; | |
| 174 // True if the page ran active mixed content. | |
| 175 bool ran_mixed_content; | |
| 176 // True if the page displayed passive subresources with certificate errors. | |
| 177 bool displayed_content_with_cert_errors; | |
| 178 // True if the page ran active subresources with certificate errors. | |
| 179 bool ran_content_with_cert_errors; | |
| 180 // True if PKP was bypassed due to a local trust anchor. | |
| 181 bool pkp_bypassed; | |
| 182 // True if the page was an HTTP page that displayed a password field. | |
| 183 bool displayed_password_field_on_http; | |
| 184 // True if the page was an HTTP page that displayed a credit card field. | |
| 185 bool displayed_credit_card_field_on_http; | |
| 186 }; | |
| 187 | |
| 188 // These security levels describe the treatment given to pages that | |
| 189 // display and run mixed content. They are used to coordinate the | |
| 190 // treatment of mixed content with other security UI elements. | |
| 191 static const SecurityLevel kDisplayedInsecureContentLevel; | |
| 192 static const SecurityLevel kRanInsecureContentLevel; | |
| 193 | |
| 194 SecurityStateModel(); | |
| 195 virtual ~SecurityStateModel(); | |
| 196 | |
| 197 // Populates |result| to describe the current page. | |
| 198 void GetSecurityInfo(SecurityInfo* result) const; | |
| 199 | |
| 200 void SetClient(SecurityStateModelClient* client); | |
| 201 | |
| 202 private: | |
| 203 SecurityStateModelClient* client_; | |
| 204 | |
| 205 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel); | |
| 206 }; | |
| 207 | |
| 208 } // namespace security_state | |
| 209 | |
| 210 #endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_MODEL_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2448943002:
Refactor SecurityStateModel/Clients for simplicity and reusability. (Closed)
