chrome/browser/ui/website_settings/website_settings.cc - Issue 508823009: Mark SHA-1 as deprecated

Side by Side Diff: chrome/browser/ui/website_settings/website_settings.cc

Issue 508823009: Mark SHA-1 as deprecated (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1

Patch Set: Moar work Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/ui/toolbar/toolbar_model_impl.cc ('K') | « chrome/browser/ui/website_settings/website_settings.h ('k') | components/autofill/content/renderer/autofill_agent.cc » ('j') | content/browser/ssl/ssl_policy.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ui/website_settings/website_settings.h"	5 #include "chrome/browser/ui/website_settings/website_settings.h"

6	6

7 #include <string>	7 #include <string>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 344 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
355 }	355 }

356	356

357 cert_id_ = ssl.cert_id;	357 cert_id_ = ssl.cert_id;

358	358

359 if (ssl.cert_id && !ssl.signed_certificate_timestamp_ids.empty()) {	359 if (ssl.cert_id && !ssl.signed_certificate_timestamp_ids.empty()) {

360 signed_certificate_timestamp_ids_.assign(	360 signed_certificate_timestamp_ids_.assign(

361 ssl.signed_certificate_timestamp_ids.begin(),	361 ssl.signed_certificate_timestamp_ids.begin(),

362 ssl.signed_certificate_timestamp_ids.end());	362 ssl.signed_certificate_timestamp_ids.end());

363 }	363 }

364	364

365 if (ssl.cert_id &&	365 bool was_ssl = ssl.cert_id && cert_store_->RetrieveCert(ssl.cert_id, &cert);

366 cert_store_->RetrieveCert(ssl.cert_id, &cert) &&	366 bool was_ssl_clean_or_minor_errors =

	367 was_ssl &&

367 (!net::IsCertStatusError(ssl.cert_status) \|\|	368 (!net::IsCertStatusError(ssl.cert_status) \|\|

368 net::IsCertStatusMinorError(ssl.cert_status))) {	369 net::IsCertStatusMinorError(ssl.cert_status));

	370 bool was_ssl_using_deprecated_algorithm =

	371 was_ssl_clean_or_minor_errors &&

	372 (ssl.cert_status & net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM);

	373

	374 if (was_ssl_clean_or_minor_errors) {

369 // There are no major errors. Check for minor errors.	375 // There are no major errors. Check for minor errors.

370 #if defined(OS_CHROMEOS)	376 #if defined(OS_CHROMEOS)

371 policy::PolicyCertService* service =	377 policy::PolicyCertService* service =

372 policy::PolicyCertServiceFactory::GetForProfile(profile);	378 policy::PolicyCertServiceFactory::GetForProfile(profile);

373 const bool used_policy_certs = service && service->UsedPolicyCertificates();	379 const bool used_policy_certs = service && service->UsedPolicyCertificates();

374 #else	380 #else

375 const bool used_policy_certs = false;	381 const bool used_policy_certs = false;

376 #endif	382 #endif

377 if (used_policy_certs) {	383 if (used_policy_certs) {

378 site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT;	384 site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT;

379 site_identity_details_ = l10n_util::GetStringFUTF16(	385 site_identity_details_ = l10n_util::GetStringFUTF16(

380 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host()));	386 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host()));

381 } else if (net::IsCertStatusMinorError(ssl.cert_status)) {	387 } else if (net::IsCertStatusMinorError(ssl.cert_status) &&

	388 (ssl.cert_status & net::CERT_STATUS_ALL_ERRORS) !=

	389 net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM) {

382 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN;	390 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN;

383 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));	391 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));

384 if (issuer_name.empty()) {	392 if (issuer_name.empty()) {

385 issuer_name.assign(l10n_util::GetStringUTF16(	393 issuer_name.assign(l10n_util::GetStringUTF16(

386 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));	394 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));

387 }	395 }

388	396

389 site_identity_details_.assign(l10n_util::GetStringFUTF16(	397 site_identity_details_.assign(l10n_util::GetStringFUTF16(

390 GetSiteIdentityDetailsMessageByCTInfo(	398 GetSiteIdentityDetailsMessageByCTInfo(

391 ssl.signed_certificate_timestamp_ids, false /* not EV */),	399 ssl.signed_certificate_timestamp_ids, false /* not EV */),

392 issuer_name));	400 issuer_name));

393	401

394 site_identity_details_ += ASCIIToUTF16("\n\n");	402 site_identity_details_ += ASCIIToUTF16("\n\n");

395 if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {	403 if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {

396 site_identity_details_ += l10n_util::GetStringUTF16(	404 site_identity_details_ += l10n_util::GetStringUTF16(

397 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);	405 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);

398 } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) {	406 } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) {

399 site_identity_details_ += l10n_util::GetStringUTF16(	407 site_identity_details_ += l10n_util::GetStringUTF16(

400 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);	408 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);

401 } else {	409 } else {

402 NOTREACHED() << "Need to specify string for this warning";	410 NOTREACHED() << "Need to specify string for this warning";

403 }	411 }

404 } else if (ssl.cert_status & net::CERT_STATUS_IS_EV) {	412 } else {

405 // EV HTTPS page.	413 DCHECK(!net::IsCertStatusError(ssl.cert_status) \|\|

406 site_identity_status_ = GetSiteIdentityStatusByCTInfo(	414 (ssl.cert_status & net::CERT_STATUS_ALL_ERRORS) ==

407 ssl.signed_certificate_timestamp_ids, true);	415 net::CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM);

408 DCHECK(!cert->subject().organization_names.empty());	416 if (ssl.cert_status & net::CERT_STATUS_IS_EV) {

409 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);	417 // EV HTTPS page.

410 // An EV Cert is required to have a city (localityName) and country but	418 site_identity_status_ = GetSiteIdentityStatusByCTInfo(

411 // state is "if any".	419 ssl.signed_certificate_timestamp_ids, true);

412 DCHECK(!cert->subject().locality_name.empty());	420 DCHECK(!cert->subject().organization_names.empty());

413 DCHECK(!cert->subject().country_name.empty());	421 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);

414 base::string16 locality;	422 // An EV Cert is required to have a city (localityName) and country but

415 if (!cert->subject().state_or_province_name.empty()) {	423 // state is "if any".

416 locality = l10n_util::GetStringFUTF16(	424 DCHECK(!cert->subject().locality_name.empty());

417 IDS_PAGEINFO_ADDRESS,	425 DCHECK(!cert->subject().country_name.empty());

418 UTF8ToUTF16(cert->subject().locality_name),	426 base::string16 locality;

419 UTF8ToUTF16(cert->subject().state_or_province_name),	427 if (!cert->subject().state_or_province_name.empty()) {

420 UTF8ToUTF16(cert->subject().country_name));	428 locality = l10n_util::GetStringFUTF16(

	429 IDS_PAGEINFO_ADDRESS,

	430 UTF8ToUTF16(cert->subject().locality_name),

	431 UTF8ToUTF16(cert->subject().state_or_province_name),

	432 UTF8ToUTF16(cert->subject().country_name));

	433 } else {

	434 locality = l10n_util::GetStringFUTF16(

	435 IDS_PAGEINFO_PARTIAL_ADDRESS,

	436 UTF8ToUTF16(cert->subject().locality_name),

	437 UTF8ToUTF16(cert->subject().country_name));

	438 }

	439 DCHECK(!cert->subject().organization_names.empty());

	440 site_identity_details_.assign(l10n_util::GetStringFUTF16(

	441 GetSiteIdentityDetailsMessageByCTInfo(

	442 ssl.signed_certificate_timestamp_ids, true /* is EV */),

	443 UTF8ToUTF16(cert->subject().organization_names[0]),

	444 locality,

	445 UTF8ToUTF16(cert->issuer().GetDisplayName())));

421 } else {	446 } else {

422 locality = l10n_util::GetStringFUTF16(	447 // Non-EV OK HTTPS page.

423 IDS_PAGEINFO_PARTIAL_ADDRESS,	448 site_identity_status_ = GetSiteIdentityStatusByCTInfo(

424 UTF8ToUTF16(cert->subject().locality_name),	449 ssl.signed_certificate_timestamp_ids, false);

425 UTF8ToUTF16(cert->subject().country_name));	450 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())) ;

	451 if (issuer_name.empty()) {

	452 issuer_name.assign(l10n_util::GetStringUTF16(

	453 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));

	454 }

	455

	456 site_identity_details_.assign(l10n_util::GetStringFUTF16(

	457 GetSiteIdentityDetailsMessageByCTInfo(

	458 ssl.signed_certificate_timestamp_ids, false /* not EV */),

	459 issuer_name));

426 }	460 }

427 DCHECK(!cert->subject().organization_names.empty());	461 if (was_ssl_using_deprecated_algorithm) {

428 site_identity_details_.assign(l10n_util::GetStringFUTF16(	462 site_identity_status_ =

429 GetSiteIdentityDetailsMessageByCTInfo(	463 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;

430 ssl.signed_certificate_timestamp_ids, true /* is EV */),	464 site_identity_details_ += UTF8ToUTF16("\n\n");

431 UTF8ToUTF16(cert->subject().organization_names[0]),	465 site_identity_details_ += l10n_util::GetStringUTF16(

432 locality,	466 IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM);

433 UTF8ToUTF16(cert->issuer().GetDisplayName())));

434 } else {

435 // Non-EV OK HTTPS page.

436 site_identity_status_ = GetSiteIdentityStatusByCTInfo(

437 ssl.signed_certificate_timestamp_ids, false);

438 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));

439 if (issuer_name.empty()) {

440 issuer_name.assign(l10n_util::GetStringUTF16(

441 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));

442 }	467 }

443

444 site_identity_details_.assign(l10n_util::GetStringFUTF16(

445 GetSiteIdentityDetailsMessageByCTInfo(

446 ssl.signed_certificate_timestamp_ids, false /* not EV */),

447 issuer_name));

448 }	468 }

449 } else {	469 } else {

450 // HTTP or HTTPS with errors (not warnings).	470 // HTTP or HTTPS with errors (not warnings).

451 site_identity_details_.assign(l10n_util::GetStringUTF16(	471 site_identity_details_.assign(l10n_util::GetStringUTF16(

452 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY));	472 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY));

453 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED)	473 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED)

454 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT;	474 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT;

455 else	475 else

456 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR;	476 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR;

457	477

(...skipping 284 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
742 if (visited_before_today) {	762 if (visited_before_today) {

743 first_visit_text = l10n_util::GetStringFUTF16(	763 first_visit_text = l10n_util::GetStringFUTF16(

744 IDS_PAGE_INFO_SECURITY_TAB_VISITED_BEFORE_TODAY,	764 IDS_PAGE_INFO_SECURITY_TAB_VISITED_BEFORE_TODAY,

745 base::TimeFormatShortDate(first_visit));	765 base::TimeFormatShortDate(first_visit));

746 } else {	766 } else {

747 first_visit_text = l10n_util::GetStringUTF16(	767 first_visit_text = l10n_util::GetStringUTF16(

748 IDS_PAGE_INFO_SECURITY_TAB_FIRST_VISITED_TODAY);	768 IDS_PAGE_INFO_SECURITY_TAB_FIRST_VISITED_TODAY);

749 }	769 }

750 ui_->SetFirstVisit(first_visit_text);	770 ui_->SetFirstVisit(first_visit_text);

751 }	771 }

OLD	NEW