| Index: components/security_state/core/security_state.cc
|
| diff --git a/components/security_state/security_state_model.cc b/components/security_state/core/security_state.cc
|
| similarity index 64%
|
| rename from components/security_state/security_state_model.cc
|
| rename to components/security_state/core/security_state.cc
|
| index ad131d00972caede6e55f6bb28163f26b7f84898..a0047689f8d3f50866c563e85ca5a078527c0992 100644
|
| --- a/components/security_state/security_state_model.cc
|
| +++ b/components/security_state/core/security_state.cc
|
| @@ -2,15 +2,14 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "components/security_state/security_state_model.h"
|
| +#include "components/security_state/core/security_state.h"
|
|
|
| #include <stdint.h>
|
|
|
| #include "base/command_line.h"
|
| #include "base/metrics/field_trial.h"
|
| #include "base/metrics/histogram_macros.h"
|
| -#include "components/security_state/security_state_model_client.h"
|
| -#include "components/security_state/switches.h"
|
| +#include "components/security_state/core/switches.h"
|
| #include "net/ssl/ssl_cipher_suite_names.h"
|
| #include "net/ssl/ssl_connection_status_flags.h"
|
|
|
| @@ -28,16 +27,16 @@ enum MarkHttpStatus { NEUTRAL, NON_SECURE, HTTP_SHOW_WARNING, LAST_STATUS };
|
| bool GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
|
| std::string switch_or_field_trial_group,
|
| bool displayed_sensitive_input_on_http,
|
| - SecurityStateModel::SecurityLevel* level,
|
| + SecurityLevel* level,
|
| MarkHttpStatus* histogram_status) {
|
| if (switch_or_field_trial_group == switches::kMarkHttpAsNeutral) {
|
| - *level = SecurityStateModel::NONE;
|
| + *level = NONE;
|
| *histogram_status = NEUTRAL;
|
| return true;
|
| }
|
|
|
| if (switch_or_field_trial_group == switches::kMarkHttpAsDangerous) {
|
| - *level = SecurityStateModel::DANGEROUS;
|
| + *level = DANGEROUS;
|
| *histogram_status = NON_SECURE;
|
| return true;
|
| }
|
| @@ -45,9 +44,9 @@ bool GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
|
| if (switch_or_field_trial_group ==
|
| switches::kMarkHttpWithPasswordsOrCcWithChip) {
|
| if (displayed_sensitive_input_on_http) {
|
| - *level = SecurityStateModel::HTTP_SHOW_WARNING;
|
| + *level = security_state::HTTP_SHOW_WARNING;
|
| } else {
|
| - *level = SecurityStateModel::NONE;
|
| + *level = NONE;
|
| }
|
| *histogram_status = HTTP_SHOW_WARNING;
|
| return true;
|
| @@ -56,7 +55,7 @@ bool GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
|
| return false;
|
| }
|
|
|
| -SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
|
| +SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
|
| bool displayed_sensitive_input_on_http) {
|
| std::string choice =
|
| base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
|
| @@ -65,7 +64,7 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
|
|
|
| const char kEnumeration[] = "SSL.MarkHttpAsStatus";
|
|
|
| - SecurityStateModel::SecurityLevel level = SecurityStateModel::NONE;
|
| + SecurityLevel level = NONE;
|
| MarkHttpStatus status;
|
|
|
| // If the command-line switch is set, then it takes precedence over
|
| @@ -77,7 +76,7 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
|
| // If neither the command-line switch nor field trial group is set, then
|
| // nonsecure defaults to neutral.
|
| status = NEUTRAL;
|
| - level = SecurityStateModel::NONE;
|
| + level = NONE;
|
| }
|
| }
|
|
|
| @@ -85,50 +84,51 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
|
| return level;
|
| }
|
|
|
| -SecurityStateModel::SHA1DeprecationStatus GetSHA1DeprecationStatus(
|
| - const SecurityStateModel::VisibleSecurityState& visible_security_state) {
|
| +SHA1DeprecationStatus GetSHA1DeprecationStatus(
|
| + const VisibleSecurityState& visible_security_state) {
|
| if (!visible_security_state.certificate ||
|
| !(visible_security_state.cert_status &
|
| net::CERT_STATUS_SHA1_SIGNATURE_PRESENT))
|
| - return SecurityStateModel::NO_DEPRECATED_SHA1;
|
| + return NO_DEPRECATED_SHA1;
|
|
|
| // The internal representation of the dates for UI treatment of SHA-1.
|
| // See http://crbug.com/401365 for details.
|
| static const int64_t kJanuary2017 = INT64_C(13127702400000000);
|
| if (visible_security_state.certificate->valid_expiry() >=
|
| base::Time::FromInternalValue(kJanuary2017))
|
| - return SecurityStateModel::DEPRECATED_SHA1_MAJOR;
|
| + return DEPRECATED_SHA1_MAJOR;
|
| static const int64_t kJanuary2016 = INT64_C(13096080000000000);
|
| if (visible_security_state.certificate->valid_expiry() >=
|
| base::Time::FromInternalValue(kJanuary2016))
|
| - return SecurityStateModel::DEPRECATED_SHA1_MINOR;
|
| + return DEPRECATED_SHA1_MINOR;
|
|
|
| - return SecurityStateModel::NO_DEPRECATED_SHA1;
|
| + return NO_DEPRECATED_SHA1;
|
| }
|
|
|
| -SecurityStateModel::ContentStatus GetContentStatus(bool displayed, bool ran) {
|
| +ContentStatus GetContentStatus(bool displayed, bool ran) {
|
| if (ran && displayed)
|
| - return SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN;
|
| + return CONTENT_STATUS_DISPLAYED_AND_RAN;
|
| if (ran)
|
| - return SecurityStateModel::CONTENT_STATUS_RAN;
|
| + return CONTENT_STATUS_RAN;
|
| if (displayed)
|
| - return SecurityStateModel::CONTENT_STATUS_DISPLAYED;
|
| - return SecurityStateModel::CONTENT_STATUS_NONE;
|
| + return CONTENT_STATUS_DISPLAYED;
|
| + return CONTENT_STATUS_NONE;
|
| }
|
|
|
| -SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| - const SecurityStateModel::VisibleSecurityState& visible_security_state,
|
| - SecurityStateModelClient* client,
|
| - SecurityStateModel::SHA1DeprecationStatus sha1_status,
|
| - SecurityStateModel::ContentStatus mixed_content_status,
|
| - SecurityStateModel::ContentStatus content_with_cert_errors_status) {
|
| +SecurityLevel GetSecurityLevelForRequest(
|
| + const VisibleSecurityState& visible_security_state,
|
| + bool used_policy_installed_certificate,
|
| + const IsOriginSecureCallback& is_origin_secure_callback,
|
| + SHA1DeprecationStatus sha1_status,
|
| + ContentStatus mixed_content_status,
|
| + ContentStatus content_with_cert_errors_status) {
|
| DCHECK(visible_security_state.connection_info_initialized ||
|
| visible_security_state.fails_malware_check);
|
|
|
| // Override the connection security information if the website failed the
|
| // browser's malware checks.
|
| if (visible_security_state.fails_malware_check)
|
| - return SecurityStateModel::DANGEROUS;
|
| + return DANGEROUS;
|
|
|
| GURL url = visible_security_state.url;
|
|
|
| @@ -139,28 +139,25 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| if (is_cryptographic_with_certificate &&
|
| net::IsCertStatusError(visible_security_state.cert_status) &&
|
| !net::IsCertStatusMinorError(visible_security_state.cert_status)) {
|
| - return SecurityStateModel::DANGEROUS;
|
| + return DANGEROUS;
|
| }
|
|
|
| // Choose the appropriate security level for HTTP requests.
|
| if (!is_cryptographic_with_certificate) {
|
| - if (!client->IsOriginSecure(url) && url.IsStandard()) {
|
| + if (!is_origin_secure_callback.Run(url) && url.IsStandard()) {
|
| return GetSecurityLevelForNonSecureFieldTrial(
|
| visible_security_state.displayed_password_field_on_http ||
|
| visible_security_state.displayed_credit_card_field_on_http);
|
| }
|
| - return SecurityStateModel::NONE;
|
| + return NONE;
|
| }
|
|
|
| // Downgrade the security level for active insecure subresources.
|
| - if (mixed_content_status == SecurityStateModel::CONTENT_STATUS_RAN ||
|
| - mixed_content_status ==
|
| - SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN ||
|
| - content_with_cert_errors_status ==
|
| - SecurityStateModel::CONTENT_STATUS_RAN ||
|
| - content_with_cert_errors_status ==
|
| - SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN) {
|
| - return SecurityStateModel::kRanInsecureContentLevel;
|
| + if (mixed_content_status == CONTENT_STATUS_RAN ||
|
| + mixed_content_status == CONTENT_STATUS_DISPLAYED_AND_RAN ||
|
| + content_with_cert_errors_status == CONTENT_STATUS_RAN ||
|
| + content_with_cert_errors_status == CONTENT_STATUS_DISPLAYED_AND_RAN) {
|
| + return kRanInsecureContentLevel;
|
| }
|
|
|
| // Report if there is a policy cert first, before reporting any other
|
| @@ -168,51 +165,50 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
|
| // indicator of a MITM being present (the enterprise), while the
|
| // other authenticated-but-with-errors indicate something may
|
| // be wrong, or may be wrong in the future, but is unclear now.
|
| - if (client->UsedPolicyInstalledCertificate())
|
| - return SecurityStateModel::SECURE_WITH_POLICY_INSTALLED_CERT;
|
| + if (used_policy_installed_certificate)
|
| + return SECURE_WITH_POLICY_INSTALLED_CERT;
|
|
|
| - if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_MAJOR)
|
| - return SecurityStateModel::DANGEROUS;
|
| - if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_MINOR)
|
| - return SecurityStateModel::NONE;
|
| + if (sha1_status == DEPRECATED_SHA1_MAJOR)
|
| + return DANGEROUS;
|
| + if (sha1_status == DEPRECATED_SHA1_MINOR)
|
| + return NONE;
|
|
|
| // Active mixed content is handled above.
|
| - DCHECK_NE(SecurityStateModel::CONTENT_STATUS_RAN, mixed_content_status);
|
| - DCHECK_NE(SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN,
|
| - mixed_content_status);
|
| -
|
| - if (mixed_content_status == SecurityStateModel::CONTENT_STATUS_DISPLAYED ||
|
| - content_with_cert_errors_status ==
|
| - SecurityStateModel::CONTENT_STATUS_DISPLAYED) {
|
| - return SecurityStateModel::kDisplayedInsecureContentLevel;
|
| + DCHECK_NE(CONTENT_STATUS_RAN, mixed_content_status);
|
| + DCHECK_NE(CONTENT_STATUS_DISPLAYED_AND_RAN, mixed_content_status);
|
| +
|
| + if (mixed_content_status == CONTENT_STATUS_DISPLAYED ||
|
| + content_with_cert_errors_status == CONTENT_STATUS_DISPLAYED) {
|
| + return kDisplayedInsecureContentLevel;
|
| }
|
|
|
| if (net::IsCertStatusError(visible_security_state.cert_status)) {
|
| // Major cert errors are handled above.
|
| DCHECK(net::IsCertStatusMinorError(visible_security_state.cert_status));
|
| - return SecurityStateModel::NONE;
|
| + return NONE;
|
| }
|
|
|
| if ((visible_security_state.cert_status & net::CERT_STATUS_IS_EV) &&
|
| visible_security_state.certificate) {
|
| - return SecurityStateModel::EV_SECURE;
|
| + return EV_SECURE;
|
| }
|
| - return SecurityStateModel::SECURE;
|
| + return SECURE;
|
| }
|
|
|
| void SecurityInfoForRequest(
|
| - SecurityStateModelClient* client,
|
| - const SecurityStateModel::VisibleSecurityState& visible_security_state,
|
| - SecurityStateModel::SecurityInfo* security_info) {
|
| + const VisibleSecurityState& visible_security_state,
|
| + bool used_policy_installed_certificate,
|
| + const IsOriginSecureCallback& is_origin_secure_callback,
|
| + SecurityInfo* security_info) {
|
| if (!visible_security_state.connection_info_initialized) {
|
| - *security_info = SecurityStateModel::SecurityInfo();
|
| + *security_info = SecurityInfo();
|
| security_info->fails_malware_check =
|
| visible_security_state.fails_malware_check;
|
| if (security_info->fails_malware_check) {
|
| security_info->security_level = GetSecurityLevelForRequest(
|
| - visible_security_state, client, SecurityStateModel::UNKNOWN_SHA1,
|
| - SecurityStateModel::CONTENT_STATUS_UNKNOWN,
|
| - SecurityStateModel::CONTENT_STATUS_UNKNOWN);
|
| + visible_security_state, used_policy_installed_certificate,
|
| + is_origin_secure_callback, UNKNOWN_SHA1, CONTENT_STATUS_UNKNOWN,
|
| + CONTENT_STATUS_UNKNOWN);
|
| }
|
| return;
|
| }
|
| @@ -245,26 +241,20 @@ void SecurityInfoForRequest(
|
| visible_security_state.displayed_credit_card_field_on_http;
|
|
|
| security_info->security_level = GetSecurityLevelForRequest(
|
| - visible_security_state, client, security_info->sha1_deprecation_status,
|
| + visible_security_state, used_policy_installed_certificate,
|
| + is_origin_secure_callback, security_info->sha1_deprecation_status,
|
| security_info->mixed_content_status,
|
| security_info->content_with_cert_errors_status);
|
| }
|
|
|
| } // namespace
|
|
|
| -const SecurityStateModel::SecurityLevel
|
| - SecurityStateModel::kDisplayedInsecureContentLevel =
|
| - SecurityStateModel::NONE;
|
| -const SecurityStateModel::SecurityLevel
|
| - SecurityStateModel::kRanInsecureContentLevel =
|
| - SecurityStateModel::DANGEROUS;
|
| -
|
| -SecurityStateModel::SecurityInfo::SecurityInfo()
|
| - : security_level(SecurityStateModel::NONE),
|
| +SecurityInfo::SecurityInfo()
|
| + : security_level(NONE),
|
| fails_malware_check(false),
|
| - sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1),
|
| - mixed_content_status(SecurityStateModel::CONTENT_STATUS_NONE),
|
| - content_with_cert_errors_status(SecurityStateModel::CONTENT_STATUS_NONE),
|
| + sha1_deprecation_status(NO_DEPRECATED_SHA1),
|
| + mixed_content_status(CONTENT_STATUS_NONE),
|
| + content_with_cert_errors_status(CONTENT_STATUS_NONE),
|
| scheme_is_cryptographic(false),
|
| cert_status(0),
|
| security_bits(-1),
|
| @@ -274,24 +264,19 @@ SecurityStateModel::SecurityInfo::SecurityInfo()
|
| pkp_bypassed(false),
|
| displayed_private_user_data_input_on_http(false) {}
|
|
|
| -SecurityStateModel::SecurityInfo::~SecurityInfo() {}
|
| -
|
| -SecurityStateModel::SecurityStateModel() {}
|
| -
|
| -SecurityStateModel::~SecurityStateModel() {}
|
| -
|
| -void SecurityStateModel::GetSecurityInfo(
|
| - SecurityStateModel::SecurityInfo* result) const {
|
| - VisibleSecurityState new_visible_state;
|
| - client_->GetVisibleSecurityState(&new_visible_state);
|
| - SecurityInfoForRequest(client_, new_visible_state, result);
|
| -}
|
| +SecurityInfo::~SecurityInfo() {}
|
|
|
| -void SecurityStateModel::SetClient(SecurityStateModelClient* client) {
|
| - client_ = client;
|
| +void GetSecurityInfo(
|
| + std::unique_ptr<VisibleSecurityState> visible_security_state,
|
| + bool used_policy_installed_certificate,
|
| + IsOriginSecureCallback is_origin_secure_callback,
|
| + SecurityInfo* result) {
|
| + SecurityInfoForRequest(*visible_security_state,
|
| + used_policy_installed_certificate,
|
| + is_origin_secure_callback, result);
|
| }
|
|
|
| -SecurityStateModel::VisibleSecurityState::VisibleSecurityState()
|
| +VisibleSecurityState::VisibleSecurityState()
|
| : fails_malware_check(false),
|
| connection_info_initialized(false),
|
| cert_status(0),
|
| @@ -306,10 +291,9 @@ SecurityStateModel::VisibleSecurityState::VisibleSecurityState()
|
| displayed_password_field_on_http(false),
|
| displayed_credit_card_field_on_http(false) {}
|
|
|
| -SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {}
|
| +VisibleSecurityState::~VisibleSecurityState() {}
|
|
|
| -bool SecurityStateModel::VisibleSecurityState::operator==(
|
| - const SecurityStateModel::VisibleSecurityState& other) const {
|
| +bool VisibleSecurityState::operator==(const VisibleSecurityState& other) const {
|
| return (url == other.url &&
|
| fails_malware_check == other.fails_malware_check &&
|
| !!certificate == !!other.certificate &&
|
|
|
Chromium Code Reviews
Issue 2448943002:
Refactor SecurityStateModel/Clients for simplicity and reusability. (Closed)
