Add field trial and flag to mark HTTP as non-secure.

chrome/browser/ui/toolbar/toolbar_model_impl.cc

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
 
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 47 matching lines @@
     *level = ToolbarModel::SECURITY_ERROR;
   else if (group == "Warning")
     *level = ToolbarModel::SECURITY_WARNING;
   else if (group == "HTTP")
     *level = ToolbarModel::NONE;
   else
     return false;
   return true;
 }
 
+bool GetSecurityLevelForHttpFieldTrial(ToolbarModel::SecurityLevel* level) {

[jww, 2014/12/20 02:07:58]

This certainly works, but instead of returning a bool, why not just return the
ToolbarModel::SecurityLevel? This would also address my comment below...

[palmer, 2014/12/20 02:32:33]

I modeled this after GetSecurityLevelForFieldTrialGroup, above. I agree that it
makes much more sense to return ToolbarModel::SecurityLevel, but I assumed
sleevi had his reasons. But I'll return a SecurityLevel.

+  std::string group = base::FieldTrialList::FindFullName("MarkHTTPAsNonSecure");
+  std::string choice = base::CommandLine::ForCurrentProcess()->
+      GetSwitchValueASCII(switches::kMarkHttpAsNonSecure);
+
+  if (choice == "no" || group == "no")
+    *level = ToolbarModel::NONE;
+  else if (choice == "dubious" || group == "dubious")
+    *level = ToolbarModel::SECURITY_WARNING;
+  else if (choice == "non-secure" || group == "non-secure")
+    *level = ToolbarModel::SECURITY_ERROR;
+  else
+    return false;
+  return true;

[jww, 2014/12/20 02:07:58]

This is unreachable code.

[palmer, 2014/12/20 02:32:34]

I'm not sure why?

+}
+
 }  // namespace
 
 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
     : delegate_(delegate) {
 }
 
 ToolbarModelImpl::~ToolbarModelImpl() {
 }
 
 // static
 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
       content::WebContents* web_contents) {
   if (!web_contents)
     return NONE;
 
   NavigationEntry* entry = web_contents->GetController().GetVisibleEntry();
   if (!entry)
     return NONE;
 
   const SSLStatus& ssl = entry->GetSSL();
   switch (ssl.security_style) {
     case content::SECURITY_STYLE_UNKNOWN:
-    case content::SECURITY_STYLE_UNAUTHENTICATED:
       return NONE;
+    case content::SECURITY_STYLE_UNAUTHENTICATED: {
+      ToolbarModel::SecurityLevel security_level = NONE;
+      if (GetSecurityLevelForHttpFieldTrial(&security_level))
+        return security_level;
+      return NONE;
+    }
 
     case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
       return SECURITY_ERROR;
 
     case content::SECURITY_STYLE_AUTHENTICATED: {
 #if defined(OS_CHROMEOS)
       policy::PolicyCertService* service =
           policy::PolicyCertServiceFactory::GetForProfile(
               Profile::FromBrowserContext(web_contents->GetBrowserContext()));
       if (service && service->UsedPolicyCertificates())
@@ skipping 289 matching lines @@
   if (entry &&
       google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL()))
     return search_terms;
 
   // Otherwise, extract search terms for HTTPS pages that do not have a security
   // error.
   ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing);
   return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ?
       base::string16() : search_terms;
 }