Index: components/security_state/core/security_state.cc |
diff --git a/components/security_state/core/security_state.cc b/components/security_state/core/security_state.cc |
index ef7e0a844148d8e10b4609fd30248b3c98263fa9..2a34c5019d86a3ca0c8e69793e7064ac0c0faeb2 100644 |
--- a/components/security_state/core/security_state.cc |
+++ b/components/security_state/core/security_state.cc |
@@ -84,25 +84,13 @@ SecurityLevel GetSecurityLevelForNonSecureFieldTrial( |
return level; |
} |
-SHA1DeprecationStatus GetSHA1DeprecationStatus( |
- const VisibleSecurityState& visible_security_state) { |
+bool GetSHA1InChain(const VisibleSecurityState& visible_security_state) { |
if (!visible_security_state.certificate || |
!(visible_security_state.cert_status & |
net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) |
- return NO_DEPRECATED_SHA1; |
- |
- // The internal representation of the dates for UI treatment of SHA-1. |
- // See http://crbug.com/401365 for details. |
- static const int64_t kJanuary2017 = INT64_C(13127702400000000); |
- if (visible_security_state.certificate->valid_expiry() >= |
- base::Time::FromInternalValue(kJanuary2017)) |
- return DEPRECATED_SHA1_MAJOR; |
- static const int64_t kJanuary2016 = INT64_C(13096080000000000); |
- if (visible_security_state.certificate->valid_expiry() >= |
- base::Time::FromInternalValue(kJanuary2016)) |
- return DEPRECATED_SHA1_MINOR; |
- |
- return NO_DEPRECATED_SHA1; |
+ return false; |
+ |
+ return true; |
estark
2017/01/08 16:39:58
nit: could simplify as
return visible_security_st
elawrence
2017/01/09 18:13:11
Done.
|
} |
ContentStatus GetContentStatus(bool displayed, bool ran) { |
@@ -119,7 +107,7 @@ SecurityLevel GetSecurityLevelForRequest( |
const VisibleSecurityState& visible_security_state, |
bool used_policy_installed_certificate, |
const IsOriginSecureCallback& is_origin_secure_callback, |
- SHA1DeprecationStatus sha1_status, |
+ bool sha1_in_chain, |
ContentStatus mixed_content_status, |
ContentStatus content_with_cert_errors_status) { |
DCHECK(visible_security_state.connection_info_initialized || |
@@ -172,14 +160,10 @@ SecurityLevel GetSecurityLevelForRequest( |
return SECURE_WITH_POLICY_INSTALLED_CERT; |
// In most cases, SHA1 use is treated as a certificate error, in which case |
- // DANGEROUS will have been returned above. If SHA1 is permitted, we downgrade |
- // the security level to Neutral or Dangerous depending on policy. |
- if (sha1_status == DEPRECATED_SHA1_MAJOR || |
- sha1_status == DEPRECATED_SHA1_MINOR) { |
- return (visible_security_state.display_sha1_from_local_anchors_as_neutral) |
- ? NONE |
- : DANGEROUS; |
- } |
+ // DANGEROUS will have been returned above. If SHA1 was permitted by policy, |
+ // downgrade the security level to Neutral. |
+ if (sha1_in_chain) |
+ return NONE; |
// Active mixed content is handled above. |
DCHECK_NE(CONTENT_STATUS_RAN, mixed_content_status); |
@@ -216,14 +200,13 @@ void SecurityInfoForRequest( |
MALICIOUS_CONTENT_STATUS_NONE) { |
security_info->security_level = GetSecurityLevelForRequest( |
visible_security_state, used_policy_installed_certificate, |
- is_origin_secure_callback, UNKNOWN_SHA1, CONTENT_STATUS_UNKNOWN, |
+ is_origin_secure_callback, false, CONTENT_STATUS_UNKNOWN, |
CONTENT_STATUS_UNKNOWN); |
} |
return; |
} |
security_info->certificate = visible_security_state.certificate; |
- security_info->sha1_deprecation_status = |
- GetSHA1DeprecationStatus(visible_security_state); |
+ security_info->sha1_in_chain = GetSHA1InChain(visible_security_state); |
security_info->mixed_content_status = |
GetContentStatus(visible_security_state.displayed_mixed_content, |
visible_security_state.ran_mixed_content); |
@@ -252,7 +235,7 @@ void SecurityInfoForRequest( |
security_info->security_level = GetSecurityLevelForRequest( |
visible_security_state, used_policy_installed_certificate, |
- is_origin_secure_callback, security_info->sha1_deprecation_status, |
+ is_origin_secure_callback, security_info->sha1_in_chain, |
security_info->mixed_content_status, |
security_info->content_with_cert_errors_status); |
} |
@@ -265,7 +248,7 @@ const base::Feature kHttpFormWarningFeature{"HttpFormWarning", |
SecurityInfo::SecurityInfo() |
: security_level(NONE), |
malicious_content_status(MALICIOUS_CONTENT_STATUS_NONE), |
- sha1_deprecation_status(NO_DEPRECATED_SHA1), |
+ sha1_in_chain(false), |
mixed_content_status(CONTENT_STATUS_NONE), |
content_with_cert_errors_status(CONTENT_STATUS_NONE), |
scheme_is_cryptographic(false), |
@@ -307,8 +290,7 @@ VisibleSecurityState::VisibleSecurityState() |
ran_content_with_cert_errors(false), |
pkp_bypassed(false), |
displayed_password_field_on_http(false), |
- displayed_credit_card_field_on_http(false), |
- display_sha1_from_local_anchors_as_neutral(false) {} |
+ displayed_credit_card_field_on_http(false) {} |
VisibleSecurityState::~VisibleSecurityState() {} |
@@ -330,9 +312,7 @@ bool VisibleSecurityState::operator==(const VisibleSecurityState& other) const { |
displayed_password_field_on_http == |
other.displayed_password_field_on_http && |
displayed_credit_card_field_on_http == |
- other.displayed_credit_card_field_on_http && |
- display_sha1_from_local_anchors_as_neutral == |
- other.display_sha1_from_local_anchors_as_neutral); |
+ other.displayed_credit_card_field_on_http); |
} |
} // namespace security_state |