Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7461)

Unified Diff: chrome/browser/ui/toolbar/toolbar_model_impl.cc

Issue 508823009: Mark SHA-1 as deprecated (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1
Patch Set: Slight tweak to allow levels of errors Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/ssl/ssl_error_info.cc ('k') | chrome/browser/ui/website_settings/website_settings.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ui/toolbar/toolbar_model_impl.cc
diff --git a/chrome/browser/ui/toolbar/toolbar_model_impl.cc b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
index 0be1a71c7f96118091d577c2f5ef741845a2cb62..12cde965d030e8df7430eaf01a1a4cb4bb3713d9 100644
--- a/chrome/browser/ui/toolbar/toolbar_model_impl.cc
+++ b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
@@ -5,8 +5,10 @@
#include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
#include "base/command_line.h"
+#include "base/metrics/field_trial.h"
#include "base/prefs/pref_service.h"
#include "base/strings/utf_string_conversions.h"
+#include "base/time/time.h"
#include "chrome/browser/autocomplete/autocomplete_classifier.h"
#include "chrome/browser/autocomplete/autocomplete_classifier_factory.h"
#include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h"
@@ -46,6 +48,24 @@ using content::NavigationEntry;
using content::SSLStatus;
using content::WebContents;
+namespace {
+
+// Converts a SHA-1 field trial group into the appropriate SecurityLevel.
+bool GetSecurityLevelForFieldTrialGroup(const std::string& group,
+ ToolbarModel::SecurityLevel* level) {
+ if (group == "Error")
+ *level = ToolbarModel::SECURITY_ERROR;
+ else if (group == "Warning")
+ *level = ToolbarModel::SECURITY_WARNING;
+ else if (group == "HTTP")
+ *level = ToolbarModel::NONE;
+ else
+ return false;
+ return true;
+}
+
+} // namespace
+
ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
: delegate_(delegate) {
}
@@ -82,12 +102,48 @@ ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
#endif
if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))
return SECURITY_WARNING;
+ scoped_refptr<net::X509Certificate> cert;
+ if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
+ (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
+ // The internal representation of the dates for UI treatment of SHA-1.
+ // See http://crbug.com/401365 for details
+ static const int64_t kJanuary2017 = INT64_C(13127702400000000);
+ static const int64_t kJune2016 = INT64_C(13109213000000000);
+ static const int64_t kJanuary2016 = INT64_C(13096080000000000);
+
+ ToolbarModel::SecurityLevel security_level = NONE;
+ // Gated behind a field trial, so that it is possible to adjust the
+ // UI treatment (to be more or less severe, as necessary) over the
+ // course of multiple releases.
+ // See http://crbug.com/401365 for the timeline, with the end state
+ // being that > kJanuary2017 = Error, and > kJanuary2016 =
+ // Warning, and kJune2016 disappearing entirely.
+ if (cert->valid_expiry() >=
+ base::Time::FromInternalValue(kJanuary2017) &&
+ GetSecurityLevelForFieldTrialGroup(
+ base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2017"),
+ &security_level)) {
+ return security_level;
+ }
+ if (cert->valid_expiry() >= base::Time::FromInternalValue(kJune2016) &&
+ GetSecurityLevelForFieldTrialGroup(
+ base::FieldTrialList::FindFullName("SHA1ToolbarUIJune2016"),
+ &security_level)) {
+ return security_level;
+ }
+ if (cert->valid_expiry() >=
+ base::Time::FromInternalValue(kJanuary2016) &&
+ GetSecurityLevelForFieldTrialGroup(
+ base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2016"),
+ &security_level)) {
+ return security_level;
+ }
+ }
if (net::IsCertStatusError(ssl.cert_status)) {
DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
return SECURITY_WARNING;
}
- if ((ssl.cert_status & net::CERT_STATUS_IS_EV) &&
- content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, NULL))
+ if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())
return EV_SECURE;
return SECURE;
}
« no previous file with comments | « chrome/browser/ssl/ssl_error_info.cc ('k') | chrome/browser/ui/website_settings/website_settings.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698