| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/website_settings/website_settings.h" | 5 #include "chrome/browser/ui/website_settings/website_settings.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 394 site_identity_details_ += ASCIIToUTF16("\n\n"); | 394 site_identity_details_ += ASCIIToUTF16("\n\n"); |
| 395 if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { | 395 if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { |
| 396 site_identity_details_ += l10n_util::GetStringUTF16( | 396 site_identity_details_ += l10n_util::GetStringUTF16( |
| 397 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); | 397 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); |
| 398 } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) { | 398 } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) { |
| 399 site_identity_details_ += l10n_util::GetStringUTF16( | 399 site_identity_details_ += l10n_util::GetStringUTF16( |
| 400 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); | 400 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); |
| 401 } else { | 401 } else { |
| 402 NOTREACHED() << "Need to specify string for this warning"; | 402 NOTREACHED() << "Need to specify string for this warning"; |
| 403 } | 403 } |
| 404 } else if (ssl.cert_status & net::CERT_STATUS_IS_EV) { | 404 } else { |
| 405 // EV HTTPS page. | 405 if (ssl.cert_status & net::CERT_STATUS_IS_EV) { |
| 406 site_identity_status_ = GetSiteIdentityStatusByCTInfo( | 406 // EV HTTPS page. |
| 407 ssl.signed_certificate_timestamp_ids, true); | 407 site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
| 408 DCHECK(!cert->subject().organization_names.empty()); | 408 ssl.signed_certificate_timestamp_ids, true); |
| 409 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); | 409 DCHECK(!cert->subject().organization_names.empty()); |
| 410 // An EV Cert is required to have a city (localityName) and country but | 410 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); |
| 411 // state is "if any". | 411 // An EV Cert is required to have a city (localityName) and country but |
| 412 DCHECK(!cert->subject().locality_name.empty()); | 412 // state is "if any". |
| 413 DCHECK(!cert->subject().country_name.empty()); | 413 DCHECK(!cert->subject().locality_name.empty()); |
| 414 base::string16 locality; | 414 DCHECK(!cert->subject().country_name.empty()); |
| 415 if (!cert->subject().state_or_province_name.empty()) { | 415 base::string16 locality; |
| 416 locality = l10n_util::GetStringFUTF16( | 416 if (!cert->subject().state_or_province_name.empty()) { |
| 417 IDS_PAGEINFO_ADDRESS, | 417 locality = l10n_util::GetStringFUTF16( |
| 418 UTF8ToUTF16(cert->subject().locality_name), | 418 IDS_PAGEINFO_ADDRESS, |
| 419 UTF8ToUTF16(cert->subject().state_or_province_name), | 419 UTF8ToUTF16(cert->subject().locality_name), |
| 420 UTF8ToUTF16(cert->subject().country_name)); | 420 UTF8ToUTF16(cert->subject().state_or_province_name), |
| 421 UTF8ToUTF16(cert->subject().country_name)); |
| 422 } else { |
| 423 locality = l10n_util::GetStringFUTF16( |
| 424 IDS_PAGEINFO_PARTIAL_ADDRESS, |
| 425 UTF8ToUTF16(cert->subject().locality_name), |
| 426 UTF8ToUTF16(cert->subject().country_name)); |
| 427 } |
| 428 DCHECK(!cert->subject().organization_names.empty()); |
| 429 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 430 GetSiteIdentityDetailsMessageByCTInfo( |
| 431 ssl.signed_certificate_timestamp_ids, true /* is EV */), |
| 432 UTF8ToUTF16(cert->subject().organization_names[0]), |
| 433 locality, |
| 434 UTF8ToUTF16(cert->issuer().GetDisplayName()))); |
| 421 } else { | 435 } else { |
| 422 locality = l10n_util::GetStringFUTF16( | 436 // Non-EV OK HTTPS page. |
| 423 IDS_PAGEINFO_PARTIAL_ADDRESS, | 437 site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
| 424 UTF8ToUTF16(cert->subject().locality_name), | 438 ssl.signed_certificate_timestamp_ids, false); |
| 425 UTF8ToUTF16(cert->subject().country_name)); | 439 base::string16 issuer_name( |
| 440 UTF8ToUTF16(cert->issuer().GetDisplayName())); |
| 441 if (issuer_name.empty()) { |
| 442 issuer_name.assign(l10n_util::GetStringUTF16( |
| 443 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 444 } |
| 445 |
| 446 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 447 GetSiteIdentityDetailsMessageByCTInfo( |
| 448 ssl.signed_certificate_timestamp_ids, false /* not EV */), |
| 449 issuer_name)); |
| 426 } | 450 } |
| 427 DCHECK(!cert->subject().organization_names.empty()); | 451 // The date after which no new SHA-1 certificates may be issued. |
| 428 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 452 // 2016-01-01 00:00:00 UTC |
| 429 GetSiteIdentityDetailsMessageByCTInfo( | 453 static const int64_t kSHA1LastIssuanceDate = INT64_C(13096080000000000); |
| 430 ssl.signed_certificate_timestamp_ids, true /* is EV */), | 454 if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) && |
| 431 UTF8ToUTF16(cert->subject().organization_names[0]), | 455 cert->valid_expiry() > |
| 432 locality, | 456 base::Time::FromInternalValue(kSHA1LastIssuanceDate) && |
| 433 UTF8ToUTF16(cert->issuer().GetDisplayName()))); | 457 base::FieldTrialList::FindFullName("SHA1IdentityUIWarning") == |
| 434 } else { | 458 "Enabled") { |
| 435 // Non-EV OK HTTPS page. | 459 site_identity_status_ = |
| 436 site_identity_status_ = GetSiteIdentityStatusByCTInfo( | 460 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM; |
| 437 ssl.signed_certificate_timestamp_ids, false); | 461 site_identity_details_ += |
| 438 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); | 462 UTF8ToUTF16("\n\n") + |
| 439 if (issuer_name.empty()) { | 463 l10n_util::GetStringUTF16( |
| 440 issuer_name.assign(l10n_util::GetStringUTF16( | 464 IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM); |
| 441 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | |
| 442 } | 465 } |
| 443 | |
| 444 site_identity_details_.assign(l10n_util::GetStringFUTF16( | |
| 445 GetSiteIdentityDetailsMessageByCTInfo( | |
| 446 ssl.signed_certificate_timestamp_ids, false /* not EV */), | |
| 447 issuer_name)); | |
| 448 } | 466 } |
| 449 } else { | 467 } else { |
| 450 // HTTP or HTTPS with errors (not warnings). | 468 // HTTP or HTTPS with errors (not warnings). |
| 451 site_identity_details_.assign(l10n_util::GetStringUTF16( | 469 site_identity_details_.assign(l10n_util::GetStringUTF16( |
| 452 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); | 470 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); |
| 453 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) | 471 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) |
| 454 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; | 472 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; |
| 455 else | 473 else |
| 456 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; | 474 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; |
| 457 | 475 |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 591 // permissions. In case of a connection error or an issue with the | 609 // permissions. In case of a connection error or an issue with the |
| 592 // certificate presented by the website, select the connection tab to draw | 610 // certificate presented by the website, select the connection tab to draw |
| 593 // the user's attention to the issue. If the site does not provide a | 611 // the user's attention to the issue. If the site does not provide a |
| 594 // certificate because it was loaded over an unencrypted connection, don't | 612 // certificate because it was loaded over an unencrypted connection, don't |
| 595 // select the connection tab. | 613 // select the connection tab. |
| 596 WebsiteSettingsUI::TabId tab_id = WebsiteSettingsUI::TAB_ID_PERMISSIONS; | 614 WebsiteSettingsUI::TabId tab_id = WebsiteSettingsUI::TAB_ID_PERMISSIONS; |
| 597 if (site_connection_status_ == SITE_CONNECTION_STATUS_ENCRYPTED_ERROR || | 615 if (site_connection_status_ == SITE_CONNECTION_STATUS_ENCRYPTED_ERROR || |
| 598 site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_CONTENT || | 616 site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_CONTENT || |
| 599 site_identity_status_ == SITE_IDENTITY_STATUS_ERROR || | 617 site_identity_status_ == SITE_IDENTITY_STATUS_ERROR || |
| 600 site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN || | 618 site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN || |
| 601 site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT) | 619 site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT || |
| 620 site_identity_status_ == |
| 621 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM) |
| 602 tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION; | 622 tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION; |
| 603 ui_->SetSelectedTab(tab_id); | 623 ui_->SetSelectedTab(tab_id); |
| 604 } | 624 } |
| 605 | 625 |
| 606 void WebsiteSettings::PresentSitePermissions() { | 626 void WebsiteSettings::PresentSitePermissions() { |
| 607 PermissionInfoList permission_info_list; | 627 PermissionInfoList permission_info_list; |
| 608 | 628 |
| 609 WebsiteSettingsUI::PermissionInfo permission_info; | 629 WebsiteSettingsUI::PermissionInfo permission_info; |
| 610 for (size_t i = 0; i < arraysize(kPermissionType); ++i) { | 630 for (size_t i = 0; i < arraysize(kPermissionType); ++i) { |
| 611 permission_info.type = kPermissionType[i]; | 631 permission_info.type = kPermissionType[i]; |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 742 if (visited_before_today) { | 762 if (visited_before_today) { |
| 743 first_visit_text = l10n_util::GetStringFUTF16( | 763 first_visit_text = l10n_util::GetStringFUTF16( |
| 744 IDS_PAGE_INFO_SECURITY_TAB_VISITED_BEFORE_TODAY, | 764 IDS_PAGE_INFO_SECURITY_TAB_VISITED_BEFORE_TODAY, |
| 745 base::TimeFormatShortDate(first_visit)); | 765 base::TimeFormatShortDate(first_visit)); |
| 746 } else { | 766 } else { |
| 747 first_visit_text = l10n_util::GetStringUTF16( | 767 first_visit_text = l10n_util::GetStringUTF16( |
| 748 IDS_PAGE_INFO_SECURITY_TAB_FIRST_VISITED_TODAY); | 768 IDS_PAGE_INFO_SECURITY_TAB_FIRST_VISITED_TODAY); |
| 749 } | 769 } |
| 750 ui_->SetFirstVisit(first_visit_text); | 770 ui_->SetFirstVisit(first_visit_text); |
| 751 } | 771 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 508823009:
Mark SHA-1 as deprecated (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1