| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ | 5 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| 6 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ | 6 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 #include <memory> | 9 #include <memory> |
| 10 | 10 |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 // HTTPS, but the certificate verification chain is anchored on a | 61 // HTTPS, but the certificate verification chain is anchored on a |
| 62 // certificate that was installed by the system administrator. | 62 // certificate that was installed by the system administrator. |
| 63 SECURE_WITH_POLICY_INSTALLED_CERT, | 63 SECURE_WITH_POLICY_INSTALLED_CERT, |
| 64 | 64 |
| 65 // Attempted HTTPS and failed, page not authenticated, HTTPS with | 65 // Attempted HTTPS and failed, page not authenticated, HTTPS with |
| 66 // insecure active content on the page, malware, phishing, or any other | 66 // insecure active content on the page, malware, phishing, or any other |
| 67 // serious security issue that could be dangerous. | 67 // serious security issue that could be dangerous. |
| 68 DANGEROUS, | 68 DANGEROUS, |
| 69 }; | 69 }; |
| 70 | 70 |
| 71 // Describes how the SHA1 deprecation policy applies to an HTTPS | |
| 72 // connection. | |
| 73 enum SHA1DeprecationStatus { | |
| 74 UNKNOWN_SHA1, | |
| 75 // No SHA1 deprecation policy applies. | |
| 76 NO_DEPRECATED_SHA1, | |
| 77 // The connection used a certificate with a SHA1 signature in the | |
| 78 // chain, and policy says that the connection should be treated with a | |
| 79 // warning. | |
| 80 DEPRECATED_SHA1_MINOR, | |
| 81 // The connection used a certificate with a SHA1 signature in the | |
| 82 // chain, and policy says that the connection should be treated as | |
| 83 // broken HTTPS. | |
| 84 DEPRECATED_SHA1_MAJOR, | |
| 85 }; | |
| 86 | |
| 87 // The ContentStatus enum is used to describe content on the page that | 71 // The ContentStatus enum is used to describe content on the page that |
| 88 // has significantly different security properties than the main page | 72 // has significantly different security properties than the main page |
| 89 // load. Content can be passive content that is displayed (such as | 73 // load. Content can be passive content that is displayed (such as |
| 90 // images) or active content that is run (such as scripts or iframes). | 74 // images) or active content that is run (such as scripts or iframes). |
| 91 enum ContentStatus { | 75 enum ContentStatus { |
| 92 CONTENT_STATUS_UNKNOWN, | 76 CONTENT_STATUS_UNKNOWN, |
| 93 CONTENT_STATUS_NONE, | 77 CONTENT_STATUS_NONE, |
| 94 CONTENT_STATUS_DISPLAYED, | 78 CONTENT_STATUS_DISPLAYED, |
| 95 CONTENT_STATUS_RAN, | 79 CONTENT_STATUS_RAN, |
| 96 CONTENT_STATUS_DISPLAYED_AND_RAN, | 80 CONTENT_STATUS_DISPLAYED_AND_RAN, |
| (...skipping 13 matching lines...) Expand all Loading... |
| 110 // SecurityLevel (which | 94 // SecurityLevel (which |
| 111 // is a single value describing the overall security state) along with | 95 // is a single value describing the overall security state) along with |
| 112 // information that a consumer might want to display in UI to explain or | 96 // information that a consumer might want to display in UI to explain or |
| 113 // elaborate on the SecurityLevel. | 97 // elaborate on the SecurityLevel. |
| 114 struct SecurityInfo { | 98 struct SecurityInfo { |
| 115 SecurityInfo(); | 99 SecurityInfo(); |
| 116 ~SecurityInfo(); | 100 ~SecurityInfo(); |
| 117 SecurityLevel security_level; | 101 SecurityLevel security_level; |
| 118 // Describes the nature of the page's malicious content, if any. | 102 // Describes the nature of the page's malicious content, if any. |
| 119 MaliciousContentStatus malicious_content_status; | 103 MaliciousContentStatus malicious_content_status; |
| 120 SHA1DeprecationStatus sha1_deprecation_status; | 104 // True if a SHA1 signature was observed anywhere in the certificate chain. |
| 105 bool sha1_in_chain; |
| 121 // |mixed_content_status| describes the presence of content that was | 106 // |mixed_content_status| describes the presence of content that was |
| 122 // loaded over a nonsecure (HTTP) connection. | 107 // loaded over a nonsecure (HTTP) connection. |
| 123 ContentStatus mixed_content_status; | 108 ContentStatus mixed_content_status; |
| 124 // |content_with_cert_errors_status| describes the presence of | 109 // |content_with_cert_errors_status| describes the presence of |
| 125 // content that was loaded over an HTTPS connection with | 110 // content that was loaded over an HTTPS connection with |
| 126 // certificate errors. | 111 // certificate errors. |
| 127 ContentStatus content_with_cert_errors_status; | 112 ContentStatus content_with_cert_errors_status; |
| 128 // The verification statuses of the signed certificate timestamps | 113 // The verification statuses of the signed certificate timestamps |
| 129 // for the connection. | 114 // for the connection. |
| 130 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; | 115 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 // True if the page displayed passive subresources with certificate errors. | 176 // True if the page displayed passive subresources with certificate errors. |
| 192 bool displayed_content_with_cert_errors; | 177 bool displayed_content_with_cert_errors; |
| 193 // True if the page ran active subresources with certificate errors. | 178 // True if the page ran active subresources with certificate errors. |
| 194 bool ran_content_with_cert_errors; | 179 bool ran_content_with_cert_errors; |
| 195 // True if PKP was bypassed due to a local trust anchor. | 180 // True if PKP was bypassed due to a local trust anchor. |
| 196 bool pkp_bypassed; | 181 bool pkp_bypassed; |
| 197 // True if the page was an HTTP page that displayed a password field. | 182 // True if the page was an HTTP page that displayed a password field. |
| 198 bool displayed_password_field_on_http; | 183 bool displayed_password_field_on_http; |
| 199 // True if the page was an HTTP page that displayed a credit card field. | 184 // True if the page was an HTTP page that displayed a credit card field. |
| 200 bool displayed_credit_card_field_on_http; | 185 bool displayed_credit_card_field_on_http; |
| 201 // True if Enterprise Policy configured to display as neutral all SHA-1 chains | |
| 202 // to a local trust anchor. | |
| 203 // TODO(elawrence): remove this in M57, https://crbug.com/676826 | |
| 204 bool display_sha1_from_local_anchors_as_neutral; | |
| 205 }; | 186 }; |
| 206 | 187 |
| 207 // These security levels describe the treatment given to pages that | 188 // These security levels describe the treatment given to pages that |
| 208 // display and run mixed content. They are used to coordinate the | 189 // display and run mixed content. They are used to coordinate the |
| 209 // treatment of mixed content with other security UI elements. | 190 // treatment of mixed content with other security UI elements. |
| 210 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE; | 191 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE; |
| 211 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS; | 192 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS; |
| 212 | 193 |
| 213 // Returns true if the given |url|'s origin should be considered secure. | 194 // Returns true if the given |url|'s origin should be considered secure. |
| 214 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>; | 195 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 226 SecurityInfo* result); | 207 SecurityInfo* result); |
| 227 | 208 |
| 228 // Returns true if an experimental form warning UI about HTTP passwords | 209 // Returns true if an experimental form warning UI about HTTP passwords |
| 229 // and credit cards is enabled. This warning UI can be enabled with the | 210 // and credit cards is enabled. This warning UI can be enabled with the |
| 230 // |kHttpFormWarningFeature| feature. | 211 // |kHttpFormWarningFeature| feature. |
| 231 bool IsHttpWarningInFormEnabled(); | 212 bool IsHttpWarningInFormEnabled(); |
| 232 | 213 |
| 233 } // namespace security_state | 214 } // namespace security_state |
| 234 | 215 |
| 235 #endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ | 216 #endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2616553002:
Remove obsolete SHA-1 UX elements (Closed)
