| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ | |
| 6 #define CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ | |
| 7 | |
| 8 #include "base/macros.h" | |
| 9 #include "content/public/common/security_style.h" | |
| 10 #include "net/cert/cert_status_flags.h" | |
| 11 | |
| 12 namespace content { | |
| 13 class WebContents; | |
| 14 } // namespace content | |
| 15 | |
| 16 // This namespace contains functions responsible for computing the | |
| 17 // connection security status of a page. | |
| 18 namespace connection_security { | |
| 19 | |
| 20 // These security styles describe the treatment given to pages that | |
| 21 // display and run mixed content. They are used to coordinate the | |
| 22 // treatment of mixed content with other security UI elements. | |
| 23 const content::SecurityStyle kDisplayedInsecureContentStyle = | |
| 24 content::SECURITY_STYLE_UNAUTHENTICATED; | |
| 25 const content::SecurityStyle kRanInsecureContentStyle = | |
| 26 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
| 27 | |
| 28 // TODO(wtc): unify this enum with SecurityStyle. We | |
| 29 // don't need two sets of security UI levels. SECURITY_STYLE_AUTHENTICATED | |
| 30 // needs to be refined into three levels: warning, standard, and EV. | |
| 31 // See crbug.com/425728 | |
| 32 // | |
| 33 // If you reorder, add, or delete values from this enum, you must also | |
| 34 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. | |
| 35 // | |
| 36 // A Java counterpart will be generated for this enum. | |
| 37 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl | |
| 38 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel | |
| 39 enum SecurityLevel { | |
| 40 // HTTP/no URL | |
| 41 NONE, | |
| 42 | |
| 43 // HTTPS with valid EV cert | |
| 44 EV_SECURE, | |
| 45 | |
| 46 // HTTPS (non-EV) | |
| 47 SECURE, | |
| 48 | |
| 49 // HTTPS, but unable to check certificate revocation status or with insecure | |
| 50 // content on the page | |
| 51 SECURITY_WARNING, | |
| 52 | |
| 53 // HTTPS, but the certificate verification chain is anchored on a | |
| 54 // certificate that was installed by the system administrator | |
| 55 SECURITY_POLICY_WARNING, | |
| 56 | |
| 57 // Attempted HTTPS and failed, page not authenticated | |
| 58 SECURITY_ERROR, | |
| 59 }; | |
| 60 | |
| 61 // Describes how the SHA1 deprecation policy applies to an HTTPS | |
| 62 // connection. | |
| 63 enum SHA1DeprecationStatus { | |
| 64 // No SHA1 deprecation policy applies. | |
| 65 NO_DEPRECATED_SHA1, | |
| 66 // The connection used a certificate with a SHA1 signature in the | |
| 67 // chain, and policy says that the connection should be treated as | |
| 68 // broken HTTPS. | |
| 69 DEPRECATED_SHA1_BROKEN, | |
| 70 // The connection used a certificate with a SHA1 signature in the | |
| 71 // chain, and policy says that the connection should be treated with a | |
| 72 // warning. | |
| 73 DEPRECATED_SHA1_WARNING, | |
| 74 }; | |
| 75 | |
| 76 // Describes the type of mixed content (if any) that a site | |
| 77 // displayed/ran. | |
| 78 enum MixedContentStatus { | |
| 79 NO_MIXED_CONTENT, | |
| 80 // The site displayed nonsecure resources (passive mixed content). | |
| 81 DISPLAYED_MIXED_CONTENT, | |
| 82 // The site ran nonsecure resources (active mixed content). | |
| 83 RAN_MIXED_CONTENT, | |
| 84 // The site both ran and displayed nonsecure resources. | |
| 85 RAN_AND_DISPLAYED_MIXED_CONTENT, | |
| 86 }; | |
| 87 | |
| 88 // Contains information about a page's security status, including a | |
| 89 // SecurityStyle and the information that was used to decide which | |
| 90 // SecurityStyle to assign. | |
| 91 struct SecurityInfo { | |
| 92 content::SecurityStyle security_style; | |
| 93 SHA1DeprecationStatus sha1_deprecation_status; | |
| 94 MixedContentStatus mixed_content_status; | |
| 95 net::CertStatus cert_status; | |
| 96 int cert_id; | |
| 97 bool scheme_is_cryptographic; | |
| 98 }; | |
| 99 | |
| 100 // Returns a security level describing the overall security state of | |
| 101 // the given |WebContents|. | |
| 102 SecurityLevel GetSecurityLevelForWebContents( | |
| 103 const content::WebContents* web_contents); | |
| 104 | |
| 105 // Populates |security_info| with information describing the given | |
| 106 // |web_contents|, including a content::SecurityStyle value and security | |
| 107 // properties that caused that value to be chosen. | |
| 108 // | |
| 109 // Note: This is a lossy operation. Not all of the policies | |
| 110 // that can be expressed by a SecurityLevel (a //chrome concept) can | |
| 111 // be expressed by a content::SecurityStyle. | |
| 112 // In general, code in //chrome should prefer to use | |
| 113 // GetSecurityLevelForWebContents() to determine security policy, and | |
| 114 // only use this function when policy needs to be supplied back to | |
| 115 // layers in //content. | |
| 116 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, | |
| 117 SecurityInfo* security_info); | |
| 118 | |
| 119 } // namespace connection_security | |
| 120 | |
| 121 #endif // CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1314843007:
Refactor connection_security into SecurityStateModel (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master