OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATIONS_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATIONS_H_ |
6 #define CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATIONS_H_ | 6 #define CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATIONS_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "content/common/content_export.h" | 10 #include "content/common/content_export.h" |
11 #include "content/public/browser/security_style_explanation.h" | 11 #include "content/public/browser/security_style_explanation.h" |
12 #include "third_party/WebKit/public/platform/WebSecurityStyle.h" | 12 #include "third_party/WebKit/public/platform/WebSecurityStyle.h" |
13 | 13 |
14 namespace content { | 14 namespace content { |
15 | 15 |
16 // SecurityStyleExplanations contains information about why a particular | 16 // SecurityStyleExplanations provide context for why the specific security style |
17 // SecurityStyle was chosen for a page. This information includes the | 17 // was chosen for the page. |
18 // mixed content status of the page and whether the page was loaded over | 18 // |
19 // a cryptographically secure transport. Additionally, | 19 // Each page has a single security style, which is chosen based on factors like |
20 // SecurityStyleExplanations contains human-readable | 20 // whether the page was delivered over HTTPS with a valid certificate, is free |
21 // SecurityStyleExplanation objects that the embedder can use to | 21 // of mixed content, does not use a deprecated protocol, and is not flagged as |
22 // describe embedder-specific security policies. Each | 22 // dangerous. |
23 // SecurityStyleExplanation is a single security property of a page (for | 23 // |
24 // example, an expired certificate, a valid certificate, or the presence | 24 // Each factor that impacts the SecurityStyle has an accompanying |
25 // of a deprecated crypto algorithm). A single site may have multiple | 25 // SecurityStyleExplanation that contains a human-readable explanation of the |
26 // different explanations of "secure", "warning", "broken", and "info" severity | 26 // factor. A single page may contain multiple explanations, each of which may |
27 // levels. | 27 // have a different severity level ("secure", "warning", "insecure" and "info"). |
28 struct SecurityStyleExplanations { | 28 struct SecurityStyleExplanations { |
29 CONTENT_EXPORT SecurityStyleExplanations(); | 29 CONTENT_EXPORT SecurityStyleExplanations(); |
30 CONTENT_EXPORT SecurityStyleExplanations( | 30 CONTENT_EXPORT SecurityStyleExplanations( |
31 const SecurityStyleExplanations& other); | 31 const SecurityStyleExplanations& other); |
32 CONTENT_EXPORT ~SecurityStyleExplanations(); | 32 CONTENT_EXPORT ~SecurityStyleExplanations(); |
33 | 33 |
34 // True if the page was loaded over HTTPS and ran mixed (HTTP) content | 34 // True if the page was loaded over HTTPS and ran mixed (HTTP) content |
35 // such as scripts. | 35 // such as scripts. |
36 bool ran_mixed_content; | 36 bool ran_mixed_content; |
37 // True if the page was loaded over HTTPS and displayed mixed (HTTP) | 37 // True if the page was loaded over HTTPS and displayed mixed (HTTP) |
(...skipping 24 matching lines...) Expand all Loading... |
62 | 62 |
63 bool scheme_is_cryptographic; | 63 bool scheme_is_cryptographic; |
64 | 64 |
65 // True if PKP was bypassed due to a local trust anchor. | 65 // True if PKP was bypassed due to a local trust anchor. |
66 bool pkp_bypassed; | 66 bool pkp_bypassed; |
67 | 67 |
68 // User-visible summary of the security style, set only when | 68 // User-visible summary of the security style, set only when |
69 // the style cannot be determined from HTTPS status alone. | 69 // the style cannot be determined from HTTPS status alone. |
70 std::string summary; | 70 std::string summary; |
71 | 71 |
72 // Explanations corresponding to each security level. The embedder should | 72 // Explanations corresponding to each security level. |
73 // display explanations in the order: broken, unauthenticated, secure, info. | 73 |
| 74 // |secure_explanations| explains why the page was marked secure. |
74 std::vector<SecurityStyleExplanation> secure_explanations; | 75 std::vector<SecurityStyleExplanation> secure_explanations; |
75 std::vector<SecurityStyleExplanation> unauthenticated_explanations; | 76 // |neutral_explanations| explains why the page was marked neutrally: for |
76 std::vector<SecurityStyleExplanation> broken_explanations; | 77 // example, the page's lock icon was taken away due to mixed content, or the |
| 78 // page was not loaded over HTTPS. |
| 79 std::vector<SecurityStyleExplanation> neutral_explanations; |
| 80 // |insecure_explanations| explains why the page was marked as insecure or |
| 81 // dangerous: for example, the page was loaded with a certificate error. |
| 82 std::vector<SecurityStyleExplanation> insecure_explanations; |
| 83 // |info_explanations| contains information that did not affect the page's |
| 84 // security style, but is still relevant to the page's security state: for |
| 85 // example, an upcoming deprecation that will affect the security style in |
| 86 // future. |
77 std::vector<SecurityStyleExplanation> info_explanations; | 87 std::vector<SecurityStyleExplanation> info_explanations; |
78 }; | 88 }; |
79 | 89 |
80 } // namespace content | 90 } // namespace content |
81 | 91 |
82 #endif // CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATION_H_ | 92 #endif // CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATION_H_ |
OLD | NEW |