OLD | NEW |
---|---|
1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h" | 5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
10 #include "base/time/time.h" | |
10 #include "chrome/browser/autocomplete/autocomplete_classifier.h" | 11 #include "chrome/browser/autocomplete/autocomplete_classifier.h" |
11 #include "chrome/browser/autocomplete/autocomplete_classifier_factory.h" | 12 #include "chrome/browser/autocomplete/autocomplete_classifier_factory.h" |
12 #include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h" | 13 #include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h" |
13 #include "chrome/browser/profiles/profile.h" | 14 #include "chrome/browser/profiles/profile.h" |
14 #include "chrome/browser/search/search.h" | 15 #include "chrome/browser/search/search.h" |
15 #include "chrome/browser/ssl/ssl_error_info.h" | 16 #include "chrome/browser/ssl/ssl_error_info.h" |
16 #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h" | 17 #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h" |
17 #include "chrome/common/chrome_constants.h" | 18 #include "chrome/common/chrome_constants.h" |
18 #include "chrome/common/chrome_switches.h" | 19 #include "chrome/common/chrome_switches.h" |
19 #include "chrome/common/pref_names.h" | 20 #include "chrome/common/pref_names.h" |
(...skipping 19 matching lines...) Expand all Loading... | |
39 #if defined(OS_CHROMEOS) | 40 #if defined(OS_CHROMEOS) |
40 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 41 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
41 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 42 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
42 #endif | 43 #endif |
43 | 44 |
44 using content::NavigationController; | 45 using content::NavigationController; |
45 using content::NavigationEntry; | 46 using content::NavigationEntry; |
46 using content::SSLStatus; | 47 using content::SSLStatus; |
47 using content::WebContents; | 48 using content::WebContents; |
48 | 49 |
50 namespace { | |
51 | |
52 // Obtain the SecurityLevel for a good (content::SECURITY_STYLE_AUTHENTICATED) | |
53 // connection that has minor errors (as determined by | |
54 // net::IsCertStatusMinorError). | |
55 // Returns true if a specific policy applies, updating |*effective_level|, or | |
56 // returns false if the minor error can safely be ignored. | |
57 bool GetSecurityLevelForMinorCertError( | |
58 net::CertStatus cert_status, | |
59 const net::X509Certificate* cert, | |
60 ToolbarModel::SecurityLevel* effective_level) { | |
61 DCHECK(cert); | |
62 if ((cert_status & net::CERT_STATUS_ALL_ERRORS) != | |
63 net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM) { | |
64 // Any other minor errors cause the general warning. Only fall through if | |
65 // the ONLY issue is the use of a deprecated algorithm. | |
66 *effective_level = ToolbarModel::SECURITY_WARNING; | |
67 return true; | |
68 } | |
69 // Enforce Chrome-specific policies regarding deprecated signature | |
70 // algorithms. See http://crbug.com/401365 | |
71 | |
72 // The date to show user-visible UI in the toolbar. This date - and the | |
73 // related UI treatment - will increase in subsequent versions. | |
palmer
2014/09/26 19:15:04
Don't you mean "decrease"?
| |
74 // 2017-01-01 00:00:00 UTC | |
75 static const int64_t kSHA1WarningDate = INT64_C(13127702400000000); | |
76 if (cert->valid_expiry() >= base::Time::FromInternalValue(kSHA1WarningDate)) { | |
77 *effective_level = ToolbarModel::SECURITY_WARNING; | |
78 return true; | |
79 } | |
80 | |
81 // No specific policies apply. Don't show any special UI, and allow the | |
82 // existing treatment (e.g. EV vs non-EV) apply. | |
83 return false; | |
84 } | |
85 | |
86 } // namespace | |
87 | |
49 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate) | 88 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate) |
50 : delegate_(delegate) { | 89 : delegate_(delegate) { |
51 } | 90 } |
52 | 91 |
53 ToolbarModelImpl::~ToolbarModelImpl() { | 92 ToolbarModelImpl::~ToolbarModelImpl() { |
54 } | 93 } |
55 | 94 |
56 // static | 95 // static |
57 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents( | 96 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents( |
58 content::WebContents* web_contents) { | 97 content::WebContents* web_contents) { |
(...skipping 18 matching lines...) Expand all Loading... | |
77 policy::PolicyCertService* service = | 116 policy::PolicyCertService* service = |
78 policy::PolicyCertServiceFactory::GetForProfile( | 117 policy::PolicyCertServiceFactory::GetForProfile( |
79 Profile::FromBrowserContext(web_contents->GetBrowserContext())); | 118 Profile::FromBrowserContext(web_contents->GetBrowserContext())); |
80 if (service && service->UsedPolicyCertificates()) | 119 if (service && service->UsedPolicyCertificates()) |
81 return SECURITY_POLICY_WARNING; | 120 return SECURITY_POLICY_WARNING; |
82 #endif | 121 #endif |
83 if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT)) | 122 if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT)) |
84 return SECURITY_WARNING; | 123 return SECURITY_WARNING; |
85 if (net::IsCertStatusError(ssl.cert_status)) { | 124 if (net::IsCertStatusError(ssl.cert_status)) { |
86 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); | 125 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); |
87 return SECURITY_WARNING; | 126 scoped_refptr<net::X509Certificate> cert; |
127 if (!content::CertStore::GetInstance() | |
128 ->RetrieveCert(ssl.cert_id, &cert)) { | |
129 return SECURITY_ERROR; | |
130 } | |
131 ToolbarModel::SecurityLevel level = NONE; | |
132 if (GetSecurityLevelForMinorCertError( | |
133 ssl.cert_status, cert.get(), &level)) { | |
134 return level; | |
135 } | |
88 } | 136 } |
89 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && | 137 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && |
90 content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, NULL)) | 138 content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, NULL)) |
91 return EV_SECURE; | 139 return EV_SECURE; |
92 return SECURE; | 140 return SECURE; |
93 } | 141 } |
94 default: | 142 default: |
95 NOTREACHED(); | 143 NOTREACHED(); |
96 return NONE; | 144 return NONE; |
97 } | 145 } |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
329 if (entry && | 377 if (entry && |
330 google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL())) | 378 google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL())) |
331 return search_terms; | 379 return search_terms; |
332 | 380 |
333 // Otherwise, extract search terms for HTTPS pages that do not have a security | 381 // Otherwise, extract search terms for HTTPS pages that do not have a security |
334 // error. | 382 // error. |
335 ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing); | 383 ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing); |
336 return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ? | 384 return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ? |
337 base::string16() : search_terms; | 385 base::string16() : search_terms; |
338 } | 386 } |
OLD | NEW |