| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| 6 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| 7 |
| 8 #include <stdint.h> |
| 9 #include <memory> |
| 10 |
| 11 #include "base/callback.h" |
| 12 #include "base/macros.h" |
| 13 #include "net/cert/cert_status_flags.h" |
| 14 #include "net/cert/sct_status_flags.h" |
| 15 #include "net/cert/x509_certificate.h" |
| 16 #include "url/gurl.h" |
| 17 |
| 18 // Provides helper methods and data types that are used to determine the |
| 19 // high-level security information about a page or request. |
| 20 // |
| 21 // SecurityInfo is the main data structure, describing a page's or request's |
| 22 // security state. It is computed by the platform-independent GetSecurityInfo() |
| 23 // helper method, which receives platform-specific inputs from its callers in |
| 24 // the form of a VisibleSecurityState struct. |
| 25 namespace security_state { |
| 26 |
| 27 // Describes the overall security state of the page. |
| 28 // |
| 29 // If you reorder, add, or delete values from this enum, you must also |
| 30 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. |
| 31 // |
| 32 // A Java counterpart will be generated for this enum. |
| 33 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.security_state |
| 34 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel |
| 35 enum SecurityLevel { |
| 36 // HTTP/no URL/HTTPS but with insecure passive content on the page. |
| 37 NONE, |
| 38 |
| 39 // HTTP, in a case where we want to show a visible warning about the page's |
| 40 // lack of security. |
| 41 // |
| 42 // The criteria used to classify pages as NONE vs. HTTP_SHOW_WARNING will |
| 43 // change over time. Eventually, NONE will be eliminated. |
| 44 // See https://crbug.com/647754. |
| 45 HTTP_SHOW_WARNING, |
| 46 |
| 47 // HTTPS with valid EV cert. |
| 48 EV_SECURE, |
| 49 |
| 50 // HTTPS (non-EV) with valid cert. |
| 51 SECURE, |
| 52 |
| 53 // HTTPS, but with an outdated protocol version. |
| 54 SECURITY_WARNING, |
| 55 |
| 56 // HTTPS, but the certificate verification chain is anchored on a |
| 57 // certificate that was installed by the system administrator. |
| 58 SECURE_WITH_POLICY_INSTALLED_CERT, |
| 59 |
| 60 // Attempted HTTPS and failed, page not authenticated, HTTPS with |
| 61 // insecure active content on the page, malware, phishing, or any other |
| 62 // serious security issue that could be dangerous. |
| 63 DANGEROUS, |
| 64 }; |
| 65 |
| 66 // Describes how the SHA1 deprecation policy applies to an HTTPS |
| 67 // connection. |
| 68 enum SHA1DeprecationStatus { |
| 69 UNKNOWN_SHA1, |
| 70 // No SHA1 deprecation policy applies. |
| 71 NO_DEPRECATED_SHA1, |
| 72 // The connection used a certificate with a SHA1 signature in the |
| 73 // chain, and policy says that the connection should be treated with a |
| 74 // warning. |
| 75 DEPRECATED_SHA1_MINOR, |
| 76 // The connection used a certificate with a SHA1 signature in the |
| 77 // chain, and policy says that the connection should be treated as |
| 78 // broken HTTPS. |
| 79 DEPRECATED_SHA1_MAJOR, |
| 80 }; |
| 81 |
| 82 // The ContentStatus enum is used to describe content on the page that |
| 83 // has significantly different security properties than the main page |
| 84 // load. Content can be passive content that is displayed (such as |
| 85 // images) or active content that is run (such as scripts or iframes). |
| 86 enum ContentStatus { |
| 87 CONTENT_STATUS_UNKNOWN, |
| 88 CONTENT_STATUS_NONE, |
| 89 CONTENT_STATUS_DISPLAYED, |
| 90 CONTENT_STATUS_RAN, |
| 91 CONTENT_STATUS_DISPLAYED_AND_RAN, |
| 92 }; |
| 93 |
| 94 // Describes the security status of a page or request. This is the |
| 95 // main data structure provided by this class. SecurityInfo contains a |
| 96 // SecurityLevel (which |
| 97 // is a single value describing the overall security state) along with |
| 98 // information that a consumer might want to display in UI to explain or |
| 99 // elaborate on the SecurityLevel. |
| 100 struct SecurityInfo { |
| 101 SecurityInfo(); |
| 102 ~SecurityInfo(); |
| 103 SecurityLevel security_level; |
| 104 // True if the page fails the browser's malware or phishing checks. |
| 105 bool fails_malware_check; |
| 106 SHA1DeprecationStatus sha1_deprecation_status; |
| 107 // |mixed_content_status| describes the presence of content that was |
| 108 // loaded over a nonsecure (HTTP) connection. |
| 109 ContentStatus mixed_content_status; |
| 110 // |content_with_cert_errors_status| describes the presence of |
| 111 // content that was loaded over an HTTPS connection with |
| 112 // certificate errors. |
| 113 ContentStatus content_with_cert_errors_status; |
| 114 // The verification statuses of the signed certificate timestamps |
| 115 // for the connection. |
| 116 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; |
| 117 bool scheme_is_cryptographic; |
| 118 net::CertStatus cert_status; |
| 119 scoped_refptr<net::X509Certificate> certificate; |
| 120 // The security strength, in bits, of the SSL cipher suite. In late |
| 121 // 2015, 128 is considered the minimum. |
| 122 // |
| 123 // 0 means the connection uses HTTPS but is not encrypted. -1 means |
| 124 // the security strength is unknown or the connection does not use |
| 125 // HTTPS. |
| 126 int security_bits; |
| 127 // Information about the SSL connection, such as protocol and |
| 128 // ciphersuite. See ssl_connection_flags.h in net. |
| 129 int connection_status; |
| 130 // The ID of the (EC)DH group used by the key exchange. The value is zero if |
| 131 // unknown (older cache entries may not store the value) or not applicable. |
| 132 uint16_t key_exchange_group; |
| 133 // A mask that indicates which of the protocol version, |
| 134 // key exchange, or cipher for the connection is considered |
| 135 // obsolete. See net::ObsoleteSSLMask for specific mask values. |
| 136 int obsolete_ssl_status; |
| 137 |
| 138 // True if pinning was bypassed due to a local trust anchor. |
| 139 bool pkp_bypassed; |
| 140 |
| 141 // True if the page displayed sensitive user data inputs (like a |
| 142 // password or credit card) on an HTTP page. |
| 143 bool displayed_private_user_data_input_on_http; |
| 144 }; |
| 145 |
| 146 // Contains the security state relevant to computing the SecurityInfo |
| 147 // for a page. This is the input to GetSecurityInfo(). |
| 148 struct VisibleSecurityState { |
| 149 VisibleSecurityState(); |
| 150 ~VisibleSecurityState(); |
| 151 bool operator==(const VisibleSecurityState& other) const; |
| 152 GURL url; |
| 153 |
| 154 // True if the page fails the browser's malware or phishing checks. |
| 155 bool fails_malware_check; |
| 156 |
| 157 // CONNECTION SECURITY FIELDS |
| 158 // Whether the connection security fields are initialized. |
| 159 bool connection_info_initialized; |
| 160 // The following fields contain information about the connection |
| 161 // used to load the page or request. |
| 162 scoped_refptr<net::X509Certificate> certificate; |
| 163 net::CertStatus cert_status; |
| 164 int connection_status; |
| 165 // The ID of the (EC)DH group used by the key exchange. The value is zero if |
| 166 // unknown (older cache entries may not store the value) or not applicable. |
| 167 uint16_t key_exchange_group; |
| 168 int security_bits; |
| 169 // The verification statuses of the Signed Certificate |
| 170 // Timestamps (if any) that the server provided. |
| 171 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; |
| 172 // True if the page displayed passive mixed content. |
| 173 bool displayed_mixed_content; |
| 174 // True if the page ran active mixed content. |
| 175 bool ran_mixed_content; |
| 176 // True if the page displayed passive subresources with certificate errors. |
| 177 bool displayed_content_with_cert_errors; |
| 178 // True if the page ran active subresources with certificate errors. |
| 179 bool ran_content_with_cert_errors; |
| 180 // True if PKP was bypassed due to a local trust anchor. |
| 181 bool pkp_bypassed; |
| 182 // True if the page was an HTTP page that displayed a password field. |
| 183 bool displayed_password_field_on_http; |
| 184 // True if the page was an HTTP page that displayed a credit card field. |
| 185 bool displayed_credit_card_field_on_http; |
| 186 }; |
| 187 |
| 188 // These security levels describe the treatment given to pages that |
| 189 // display and run mixed content. They are used to coordinate the |
| 190 // treatment of mixed content with other security UI elements. |
| 191 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE; |
| 192 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS; |
| 193 |
| 194 // Returns true if the given |url|'s origin should be considered secure. |
| 195 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>; |
| 196 |
| 197 // Populates |result| to describe the current page. |
| 198 // |visible_security_state| contains the relevant security state. |
| 199 // |used_policy_installed_certificate| indicates whether the page or request |
| 200 // is known to be loaded with a certificate installed by the system admin. |
| 201 // |is_origin_secure_callback| determines whether a URL's origin should be |
| 202 // considered secure. |
| 203 void GetSecurityInfo( |
| 204 std::unique_ptr<VisibleSecurityState> visible_security_state, |
| 205 bool used_policy_installed_certificate, |
| 206 IsOriginSecureCallback is_origin_secure_callback, |
| 207 SecurityInfo* result); |
| 208 |
| 209 } // namespace security_state |
| 210 |
| 211 #endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2448943002:
Refactor SecurityStateModel/Clients for simplicity and reusability. (Closed)
