OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/security_state/content/content_utils.h" | 5 #include "components/security_state/content/content_utils.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 | 30 |
31 namespace { | 31 namespace { |
32 | 32 |
33 // Note: This is a lossy operation. Not all of the policies that can be | 33 // Note: This is a lossy operation. Not all of the policies that can be |
34 // expressed by a SecurityLevel can be expressed by a blink::WebSecurityStyle. | 34 // expressed by a SecurityLevel can be expressed by a blink::WebSecurityStyle. |
35 blink::WebSecurityStyle SecurityLevelToSecurityStyle( | 35 blink::WebSecurityStyle SecurityLevelToSecurityStyle( |
36 security_state::SecurityLevel security_level) { | 36 security_state::SecurityLevel security_level) { |
37 switch (security_level) { | 37 switch (security_level) { |
38 case security_state::NONE: | 38 case security_state::NONE: |
39 case security_state::HTTP_SHOW_WARNING: | 39 case security_state::HTTP_SHOW_WARNING: |
40 return blink::WebSecurityStyleUnauthenticated; | 40 return blink::WebSecurityStyleNeutral; |
41 case security_state::SECURITY_WARNING: | 41 case security_state::SECURITY_WARNING: |
42 case security_state::SECURE_WITH_POLICY_INSTALLED_CERT: | 42 case security_state::SECURE_WITH_POLICY_INSTALLED_CERT: |
43 return blink::WebSecurityStyleWarning; | 43 return blink::WebSecurityStyleWarning; |
44 case security_state::EV_SECURE: | 44 case security_state::EV_SECURE: |
45 case security_state::SECURE: | 45 case security_state::SECURE: |
46 return blink::WebSecurityStyleAuthenticated; | 46 return blink::WebSecurityStyleSecure; |
47 case security_state::DANGEROUS: | 47 case security_state::DANGEROUS: |
48 return blink::WebSecurityStyleAuthenticationBroken; | 48 return blink::WebSecurityStyleInsecure; |
49 } | 49 } |
50 | 50 |
51 NOTREACHED(); | 51 NOTREACHED(); |
52 return blink::WebSecurityStyleUnknown; | 52 return blink::WebSecurityStyleUnknown; |
53 } | 53 } |
54 | 54 |
55 void AddConnectionExplanation( | 55 void AddConnectionExplanation( |
56 const security_state::SecurityInfo& security_info, | 56 const security_state::SecurityInfo& security_info, |
57 content::SecurityStyleExplanations* security_style_explanations) { | 57 content::SecurityStyleExplanations* security_style_explanations) { |
58 // Avoid showing TLS details when we couldn't even establish a TLS connection | 58 // Avoid showing TLS details when we couldn't even establish a TLS connection |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
181 const security_state::SecurityInfo& security_info, | 181 const security_state::SecurityInfo& security_info, |
182 content::SecurityStyleExplanations* security_style_explanations) { | 182 content::SecurityStyleExplanations* security_style_explanations) { |
183 const blink::WebSecurityStyle security_style = | 183 const blink::WebSecurityStyle security_style = |
184 SecurityLevelToSecurityStyle(security_info.security_level); | 184 SecurityLevelToSecurityStyle(security_info.security_level); |
185 | 185 |
186 // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI | 186 // The HTTP_SHOW_WARNING state may occur if the page is served as a data: URI |
187 // or if it is served non-securely AND contains a sensitive form field. | 187 // or if it is served non-securely AND contains a sensitive form field. |
188 if (security_info.security_level == security_state::HTTP_SHOW_WARNING && | 188 if (security_info.security_level == security_state::HTTP_SHOW_WARNING && |
189 (security_info.displayed_password_field_on_http || | 189 (security_info.displayed_password_field_on_http || |
190 security_info.displayed_credit_card_field_on_http)) { | 190 security_info.displayed_credit_card_field_on_http)) { |
191 security_style_explanations->unauthenticated_explanations.push_back( | 191 security_style_explanations->neutral_explanations.push_back( |
192 content::SecurityStyleExplanation( | 192 content::SecurityStyleExplanation( |
193 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | 193 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); | 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); |
195 } | 195 } |
196 security_style_explanations->ran_insecure_content_style = | 196 security_style_explanations->ran_insecure_content_style = |
197 SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel); | 197 SecurityLevelToSecurityStyle(security_state::kRanInsecureContentLevel); |
198 security_style_explanations->displayed_insecure_content_style = | 198 security_style_explanations->displayed_insecure_content_style = |
199 SecurityLevelToSecurityStyle( | 199 SecurityLevelToSecurityStyle( |
200 security_state::kDisplayedInsecureContentLevel); | 200 security_state::kDisplayedInsecureContentLevel); |
201 | 201 |
(...skipping 10 matching lines...) Expand all Loading... |
212 // the page, and the embedder can choose to display HTTPS page as HTTP | 212 // the page, and the embedder can choose to display HTTPS page as HTTP |
213 // if it wants to (for example, displaying deprecated crypto | 213 // if it wants to (for example, displaying deprecated crypto |
214 // algorithms with the same UI treatment as HTTP pages). | 214 // algorithms with the same UI treatment as HTTP pages). |
215 security_style_explanations->scheme_is_cryptographic = | 215 security_style_explanations->scheme_is_cryptographic = |
216 security_info.scheme_is_cryptographic; | 216 security_info.scheme_is_cryptographic; |
217 if (!security_info.scheme_is_cryptographic) { | 217 if (!security_info.scheme_is_cryptographic) { |
218 return security_style; | 218 return security_style; |
219 } | 219 } |
220 | 220 |
221 if (security_info.sha1_in_chain) { | 221 if (security_info.sha1_in_chain) { |
222 security_style_explanations->unauthenticated_explanations.push_back( | 222 security_style_explanations->neutral_explanations.push_back( |
223 content::SecurityStyleExplanation( | 223 content::SecurityStyleExplanation( |
224 l10n_util::GetStringUTF8(IDS_SHA1), | 224 l10n_util::GetStringUTF8(IDS_SHA1), |
225 l10n_util::GetStringUTF8(IDS_SHA1_DESCRIPTION), | 225 l10n_util::GetStringUTF8(IDS_SHA1_DESCRIPTION), |
226 !!security_info.certificate)); | 226 !!security_info.certificate)); |
227 } | 227 } |
228 | 228 |
229 if (security_info.cert_missing_subject_alt_name) { | 229 if (security_info.cert_missing_subject_alt_name) { |
230 security_style_explanations->broken_explanations.push_back( | 230 security_style_explanations->insecure_explanations.push_back( |
231 content::SecurityStyleExplanation( | 231 content::SecurityStyleExplanation( |
232 l10n_util::GetStringUTF8(IDS_SUBJECT_ALT_NAME_MISSING), | 232 l10n_util::GetStringUTF8(IDS_SUBJECT_ALT_NAME_MISSING), |
233 l10n_util::GetStringUTF8(IDS_SUBJECT_ALT_NAME_MISSING_DESCRIPTION), | 233 l10n_util::GetStringUTF8(IDS_SUBJECT_ALT_NAME_MISSING_DESCRIPTION), |
234 !!security_info.certificate)); | 234 !!security_info.certificate)); |
235 } | 235 } |
236 | 236 |
237 // Record the presence of mixed content (HTTP subresources on an HTTPS | 237 // Record the presence of mixed content (HTTP subresources on an HTTPS |
238 // page). | 238 // page). |
239 security_style_explanations->ran_mixed_content = | 239 security_style_explanations->ran_mixed_content = |
240 security_info.mixed_content_status == | 240 security_info.mixed_content_status == |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
274 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString( | 274 base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString( |
275 net::MapCertStatusToNetError(security_info.cert_status))); | 275 net::MapCertStatusToNetError(security_info.cert_status))); |
276 | 276 |
277 content::SecurityStyleExplanation explanation( | 277 content::SecurityStyleExplanation explanation( |
278 l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), | 278 l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR), |
279 l10n_util::GetStringFUTF8( | 279 l10n_util::GetStringFUTF8( |
280 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), | 280 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string), |
281 !!security_info.certificate); | 281 !!security_info.certificate); |
282 | 282 |
283 if (is_cert_status_minor_error) { | 283 if (is_cert_status_minor_error) { |
284 security_style_explanations->unauthenticated_explanations.push_back( | 284 security_style_explanations->neutral_explanations.push_back(explanation); |
285 explanation); | |
286 } else { | 285 } else { |
287 security_style_explanations->broken_explanations.push_back(explanation); | 286 security_style_explanations->insecure_explanations.push_back(explanation); |
288 } | 287 } |
289 } else { | 288 } else { |
290 // If the certificate does not have errors and is not using SHA1, then add | 289 // If the certificate does not have errors and is not using SHA1, then add |
291 // an explanation that the certificate is valid. | 290 // an explanation that the certificate is valid. |
292 if (!security_info.sha1_in_chain) { | 291 if (!security_info.sha1_in_chain) { |
293 security_style_explanations->secure_explanations.push_back( | 292 security_style_explanations->secure_explanations.push_back( |
294 content::SecurityStyleExplanation( | 293 content::SecurityStyleExplanation( |
295 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), | 294 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), |
296 l10n_util::GetStringUTF8( | 295 l10n_util::GetStringUTF8( |
297 IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), | 296 IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), |
298 !!security_info.certificate)); | 297 !!security_info.certificate)); |
299 } | 298 } |
300 } | 299 } |
301 | 300 |
302 AddConnectionExplanation(security_info, security_style_explanations); | 301 AddConnectionExplanation(security_info, security_style_explanations); |
303 | 302 |
304 security_style_explanations->pkp_bypassed = security_info.pkp_bypassed; | 303 security_style_explanations->pkp_bypassed = security_info.pkp_bypassed; |
305 if (security_info.pkp_bypassed) { | 304 if (security_info.pkp_bypassed) { |
306 security_style_explanations->info_explanations.push_back( | 305 security_style_explanations->info_explanations.push_back( |
307 content::SecurityStyleExplanation( | 306 content::SecurityStyleExplanation( |
308 "Public-Key Pinning Bypassed", | 307 "Public-Key Pinning Bypassed", |
309 "Public-key pinning was bypassed by a local root certificate.")); | 308 "Public-key pinning was bypassed by a local root certificate.")); |
310 } | 309 } |
311 | 310 |
312 return security_style; | 311 return security_style; |
313 } | 312 } |
314 | 313 |
315 } // namespace security_state | 314 } // namespace security_state |
OLD | NEW |