Mark SHA-1 as deprecated

chrome/browser/ui/toolbar/toolbar_model_impl.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
 
 #include "base/command_line.h"
+#include "base/metrics/field_trial.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/utf_string_conversions.h"
+#include "base/time/time.h"
 #include "chrome/browser/autocomplete/autocomplete_classifier.h"
 #include "chrome/browser/autocomplete/autocomplete_classifier_factory.h"
 #include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/search/search.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
 #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
@@ skipping 19 matching lines @@
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #endif
 
 using content::NavigationController;
 using content::NavigationEntry;
 using content::SSLStatus;
 using content::WebContents;
 
+namespace {
+
+// Converts a SHA-1 field trial group into the appropriate SecurityLevel.
+bool GetSecurityLevelForFieldTrialGroup(const std::string& group,
+                                        ToolbarModel::SecurityLevel* level) {
+  if (group == "Error")
+    *level = ToolbarModel::SECURITY_ERROR;
+  else if (group == "Warning")
+    *level = ToolbarModel::SECURITY_WARNING;
+  else if (group == "HTTP")
+    *level = ToolbarModel::NONE;
+  else
+    return false;
+  return true;
+}
+
+}  // namespace
+
 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
     : delegate_(delegate) {
 }
 
 ToolbarModelImpl::~ToolbarModelImpl() {
 }
 
 // static
 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
       content::WebContents* web_contents) {
@@ skipping 16 matching lines @@
     case content::SECURITY_STYLE_AUTHENTICATED: {
 #if defined(OS_CHROMEOS)
       policy::PolicyCertService* service =
           policy::PolicyCertServiceFactory::GetForProfile(
               Profile::FromBrowserContext(web_contents->GetBrowserContext()));
       if (service && service->UsedPolicyCertificates())
         return SECURITY_POLICY_WARNING;
 #endif
       if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))
         return SECURITY_WARNING;
+      scoped_refptr<net::X509Certificate> cert;
+      if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
+          (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
+        // The internal representation of the dates for UI treatment of SHA-1.
+        // See http://crbug.com/401365 for details
+        static const int64_t kJanuary2017 = INT64_C(13127702400000000);
+        static const int64_t kJune2016 = INT64_C(13109213000000000);
+        static const int64_t kJanuary2016 = INT64_C(13096080000000000);
+
+        ToolbarModel::SecurityLevel security_level = NONE;
+        // Gated behind a field trial, so that it is possible to adjust the
+        // UI treatment (to be more or less severe, as necessary) over the
+        // course of multiple releases.
+        // See http://crbug.com/401365 for the timeline, with the end state
+        // being that > kJanuary2017 = Error, and > kJanuary2016 =
+        // Warning, and kJune2016 disappearing entirely.
+        if (cert->valid_expiry() >=
+                base::Time::FromInternalValue(kJanuary2017) &&
+            GetSecurityLevelForFieldTrialGroup(
+                base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2017"),
+                &security_level)) {
+          return security_level;
+        }
+        if (cert->valid_expiry() >= base::Time::FromInternalValue(kJune2016) &&
+            GetSecurityLevelForFieldTrialGroup(
+                base::FieldTrialList::FindFullName("SHA1ToolbarUIJune2016"),
+                &security_level)) {
+          return security_level;
+        }
+        if (cert->valid_expiry() >=
+                base::Time::FromInternalValue(kJanuary2016) &&
+            GetSecurityLevelForFieldTrialGroup(
+                base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2016"),
+                &security_level)) {
+          return security_level;
+        }
+      }
       if (net::IsCertStatusError(ssl.cert_status)) {
         DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
         return SECURITY_WARNING;
       }
-      if ((ssl.cert_status & net::CERT_STATUS_IS_EV) &&
-          content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, NULL))
+      if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())
         return EV_SECURE;
       return SECURE;
     }
     default:
       NOTREACHED();
       return NONE;
   }
 }
 
 // ToolbarModelImpl Implementation.
@@ skipping 228 matching lines @@
   if (entry &&
       google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL()))
     return search_terms;
 
   // Otherwise, extract search terms for HTTPS pages that do not have a security
   // error.
   ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing);
   return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ?
       base::string16() : search_terms;
 }