Remove Certificate Transparency information from WebsiteSettings

chrome/browser/ui/website_settings/website_settings.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/website_settings/website_settings.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <string>
@@ skipping 175 matching lines @@
       break;
     case security_state::SecurityStateModel::
         MALICIOUS_CONTENT_STATUS_UNWANTED_SOFTWARE:
       *status = WebsiteSettings::SITE_IDENTITY_STATUS_UNWANTED_SOFTWARE;
       *details = l10n_util::GetStringUTF16(
           IDS_WEBSITE_SETTINGS_UNWANTED_SOFTWARE_DETAILS);
       break;
   }
 }
 
-// Returns true if any of the given statuses match |status|.
-bool CertificateTransparencyStatusMatchAny(
-    const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses,
-    net::ct::SCTVerifyStatus status) {
-  for (const auto& verify_status : sct_verify_statuses) {
-    if (verify_status == status)
-      return true;
-  }
-  return false;
-}
-
-int GetSiteIdentityDetailsMessageByCTInfo(
-    const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses,
-    bool is_ev) {
-  // No SCTs - no CT information.
-  if (sct_verify_statuses.empty())
-    return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT
-                  : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT);
-
-  // Any valid SCT.
-  if (CertificateTransparencyStatusMatchAny(sct_verify_statuses,
-                                            net::ct::SCT_STATUS_OK))
-    return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED
-                  : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED);
-
-  // Any invalid SCT.
-  if (CertificateTransparencyStatusMatchAny(
-          sct_verify_statuses, net::ct::SCT_STATUS_INVALID_TIMESTAMP) ||
-      CertificateTransparencyStatusMatchAny(
-          sct_verify_statuses, net::ct::SCT_STATUS_INVALID_SIGNATURE))
-    return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID
-                  : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID);
-
-  // All SCTs are from unknown logs.
-  return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_UNVERIFIED
-                : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_UNVERIFIED);
-}
-
-// This function will return SITE_IDENTITY_STATUS_CERT or
-// SITE_IDENTITY_STATUS_EV_CERT depending on |is_ev| unless all SCTs
-// failed verification, in which case it will return
-// SITE_IDENTITY_STATUS_ERROR.
-WebsiteSettings::SiteIdentityStatus GetSiteIdentityStatusByCTInfo(
-    const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses,
-    bool is_ev) {
-  if (sct_verify_statuses.empty() ||
-      CertificateTransparencyStatusMatchAny(sct_verify_statuses,
-                                            net::ct::SCT_STATUS_OK))
-    return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT
-                 : WebsiteSettings::SITE_IDENTITY_STATUS_CERT;
-
-  return WebsiteSettings::SITE_IDENTITY_STATUS_CT_ERROR;
-}
-
 base::string16 GetSimpleSiteName(const GURL& url) {
   return url_formatter::FormatUrlForSecurityDisplay(
       url, url_formatter::SchemeDisplay::OMIT_HTTP_AND_HTTPS);
 }
 
 ChooserContextBase* GetUsbChooserContext(Profile* profile) {
   return UsbChooserContextFactory::GetForProfile(profile);
 }
 
 // The list of chooser types that need to display entries in the Website
@@ skipping 205 matching lines @@
     site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE;
     site_identity_details_ =
         l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE);
     site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE;
     return;
   }
 
   // Identity section.
   certificate_ = security_info.certificate;
 
+  bool is_ev = !!(security_info.cert_status & net::CERT_STATUS_IS_EV);

[lgarron, 2016/11/14 23:30:57]

Nit: Keep this inside the `else`, since it's only used there.

[estark, 2016/11/15 00:56:24]

Done.

   if (security_info.malicious_content_status !=
       security_state::SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE) {
     // The site has been flagged by Safe Browsing as dangerous.
     GetSiteIdentityByMaliciousContentStatus(
         security_info.malicious_content_status, &site_identity_status_,
         &site_identity_details_);
   } else if (certificate_ &&
              (!net::IsCertStatusError(security_info.cert_status) ||
               net::IsCertStatusMinorError(security_info.cert_status))) {
     // HTTPS with no or minor errors.
     if (security_info.security_level ==
         SecurityStateModel::SECURE_WITH_POLICY_INSTALLED_CERT) {
       site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT;
       site_identity_details_ = l10n_util::GetStringFUTF16(
           IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host()));
     } else if (net::IsCertStatusMinorError(security_info.cert_status)) {
       site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN;
       base::string16 issuer_name(
           UTF8ToUTF16(certificate_->issuer().GetDisplayName()));
       if (issuer_name.empty()) {
         issuer_name.assign(l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
       }
 
       site_identity_details_.assign(l10n_util::GetStringFUTF16(
-          GetSiteIdentityDetailsMessageByCTInfo(
-              security_info.sct_verify_statuses, false /* not EV */),
-          issuer_name));
+          IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_VERIFIED, issuer_name));
 
       site_identity_details_ += ASCIIToUTF16("\n\n");
       if (security_info.cert_status &
           net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {
         site_identity_details_ += l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);
       } else if (security_info.cert_status &
                  net::CERT_STATUS_NO_REVOCATION_MECHANISM) {
         site_identity_details_ += l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);
       } else {
         NOTREACHED() << "Need to specify string for this warning";
       }
     } else {
-      if (security_info.cert_status & net::CERT_STATUS_IS_EV) {
+      // No major or minor errors.
+      if (is_ev) {
         // EV HTTPS page.
-        site_identity_status_ = GetSiteIdentityStatusByCTInfo(
-            security_info.sct_verify_statuses, true);
+        site_identity_status_ = SITE_IDENTITY_STATUS_EV_CERT;
         DCHECK(!certificate_->subject().organization_names.empty());
         organization_name_ =
             UTF8ToUTF16(certificate_->subject().organization_names[0]);
         // An EV Cert is required to have a city (localityName) and country but
         // state is "if any".
         DCHECK(!certificate_->subject().locality_name.empty());
         DCHECK(!certificate_->subject().country_name.empty());
         base::string16 locality;
         if (!certificate_->subject().state_or_province_name.empty()) {
           locality = l10n_util::GetStringFUTF16(
               IDS_PAGEINFO_ADDRESS,
               UTF8ToUTF16(certificate_->subject().locality_name),
               UTF8ToUTF16(certificate_->subject().state_or_province_name),
               UTF8ToUTF16(certificate_->subject().country_name));
         } else {
           locality = l10n_util::GetStringFUTF16(
               IDS_PAGEINFO_PARTIAL_ADDRESS,
               UTF8ToUTF16(certificate_->subject().locality_name),
               UTF8ToUTF16(certificate_->subject().country_name));
         }
         DCHECK(!certificate_->subject().organization_names.empty());
         site_identity_details_.assign(l10n_util::GetStringFUTF16(
-            GetSiteIdentityDetailsMessageByCTInfo(
-                security_info.sct_verify_statuses, true /* is EV */),
+            IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_VERIFIED,
             UTF8ToUTF16(certificate_->subject().organization_names[0]),
-            locality,
-            UTF8ToUTF16(certificate_->issuer().GetDisplayName())));
+            locality, UTF8ToUTF16(certificate_->issuer().GetDisplayName())));
       } else {
         // Non-EV OK HTTPS page.
-        site_identity_status_ = GetSiteIdentityStatusByCTInfo(
-            security_info.sct_verify_statuses, false);
+        site_identity_status_ = SITE_IDENTITY_STATUS_CERT;
         base::string16 issuer_name(
             UTF8ToUTF16(certificate_->issuer().GetDisplayName()));
         if (issuer_name.empty()) {
           issuer_name.assign(l10n_util::GetStringUTF16(
               IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
         }
 
         site_identity_details_.assign(l10n_util::GetStringFUTF16(
-            GetSiteIdentityDetailsMessageByCTInfo(
-                security_info.sct_verify_statuses, false /* not EV */),
-            issuer_name));
+            IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_VERIFIED, issuer_name));
       }
       switch (security_info.sha1_deprecation_status) {
         case SecurityStateModel::DEPRECATED_SHA1_MINOR:
           site_identity_status_ =
               SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MINOR;
           site_identity_details_ +=
               UTF8ToUTF16("\n\n") +
               l10n_util::GetStringUTF16(
                   IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM_MINOR);
           break;
@@ skipping 169 matching lines @@
   // attention to the issue. If the site does not provide a certificate because
   // it was loaded over an unencrypted connection, don't select the Connection
   // Tab.
   WebsiteSettingsUI::TabId tab_id = WebsiteSettingsUI::TAB_ID_PERMISSIONS;
   if (site_connection_status_ == SITE_CONNECTION_STATUS_ENCRYPTED_ERROR ||
       site_connection_status_ ==
           SITE_CONNECTION_STATUS_INSECURE_PASSIVE_SUBRESOURCE ||
       site_connection_status_ ==
           SITE_CONNECTION_STATUS_INSECURE_ACTIVE_SUBRESOURCE ||
       site_identity_status_ == SITE_IDENTITY_STATUS_ERROR ||
-      site_identity_status_ == SITE_IDENTITY_STATUS_CT_ERROR ||
       site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN ||
       site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT ||
       site_identity_status_ ==
           SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MINOR ||
       site_identity_status_ ==
           SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM_MAJOR) {
     tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION;
     RecordWebsiteSettingsAction(
       WEBSITE_SETTINGS_CONNECTION_TAB_SHOWN_IMMEDIATELY);
   }
@@ skipping 98 matching lines @@
   info.connection_status = site_connection_status_;
   info.connection_status_description =
       UTF16ToUTF8(site_connection_details_);
   info.identity_status = site_identity_status_;
   info.identity_status_description =
       UTF16ToUTF8(site_identity_details_);
   info.certificate = certificate_;
   info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_;
   ui_->SetIdentityInfo(info);
 }