chrome/browser/website_settings.cc - Issue 9378014: Add website settings backend v 0.1

Side by Side Diff: chrome/browser/website_settings.cc

Issue 9378014: Add website settings backend v 0.1 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Move cookie related code to another CL. Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/website_settings.h"

	6

	7 #include <string>

	8 #include <vector>

	9

	10 #include "base/string_number_conversions.h"

	11 #include "base/utf_string_conversions.h"

	12 #include "chrome/browser/profiles/profile.h"

	13 #include "chrome/browser/ssl/ssl_error_info.h"

	14 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"

	15 #include "content/browser/cert_store.h"

	16 #include "content/browser/ssl/ssl_manager.h"

	17 #include "content/public/common/ssl_status.h"

	18 #include "content/public/common/url_constants.h"

	19 #include "grit/chromium_strings.h"

	20 #include "grit/generated_resources.h"

	21 #include "grit/theme_resources.h"

	22 #include "net/base/cert_status_flags.h"

	23 #include "net/base/ssl_cipher_suite_names.h"

	24 #include "net/base/ssl_connection_status_flags.h"

	25 #include "net/base/x509_certificate.h"

	26 #include "ui/base/l10n/l10n_util.h"

	27 #include "ui/base/resource/resource_bundle.h"

	28

	29 WebsiteSettings::WebsiteSettings(Profile* profile,

	30 TabContentsWrapper* wrapper,

	31 const GURL& url,

	32 const content::SSLStatus& ssl,

	33 bool show_history)
	Finnur 2012/02/14 11:00:36 \|wrapper\| and \|show_history\| are unused. Do you pl \|wrapper\| and \|show_history\| are unused. Do you plan to use those later? markusheintz_ 2012/02/14 13:36:55 I removed both. I will need the both later. But I Show quoted text On 2012/02/14 11:00:36, Finnur wrote: > \|wrapper\| and \|show_history\| are unused. Do you plan to use those later? I removed both. I will need the both later. But I since it's no effort to add them in a later CL when I really need them I removed them here.
	34 : site_identity_status_(SITE_IDENTITY_STATUS_NA),

	35 site_connection_status_(SITE_CONNECTION_STATUS_NA) {

	36 Init(profile, url, ssl);

	37 DCHECK_NE(site_identity_status_, SITE_IDENTITY_STATUS_NA);

	38 DCHECK_NE(site_connection_status_, SITE_CONNECTION_STATUS_NA);

	39 }

	40

	41 WebsiteSettings::~WebsiteSettings() {

	42 }

	43

	44 WebsiteSettings::SiteConnectionStatus

	45 WebsiteSettings::site_connection_status() {

	46 return site_connection_status_;

	47 }

	48

	49 string16 WebsiteSettings::site_connection_details() {

	50 return site_connection_details_;

	51 }

	52

	53 WebsiteSettings::SiteIdentityStatus WebsiteSettings::site_identity_status() {

	54 return site_identity_status_;

	55 }

	56

	57 string16 WebsiteSettings::site_identity_details() {

	58 return site_identity_details_;

	59 }

	60

	61 void WebsiteSettings::Init(Profile* profile,

	62 const GURL& url,

	63 const content::SSLStatus& ssl) {

	64 if (url.SchemeIs(chrome::kChromeUIScheme)) {

	65 site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE;

	66 site_identity_details_ =

	67 l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE);

	68 site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE;

	69 return;

	70 }

	71

	72 scoped_refptr<net::X509Certificate> cert;

	73

	74 // Identity section.

	75 string16 subject_name(UTF8ToUTF16(url.host()));

	76 bool empty_subject_name = false;

	77 if (subject_name.empty()) {

	78 subject_name.assign(

	79 l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));

	80 empty_subject_name = true;

	81 }

	82

	83 if (ssl.cert_id &&

	84 CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&

	85 (!net::IsCertStatusError(ssl.cert_status) \|\|

	86 net::IsCertStatusMinorError(ssl.cert_status))) {

	87 // There are no major errors. Check for minor errors.

	88 if (net::IsCertStatusMinorError(ssl.cert_status)) {

	89 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_NOT_VERIFIED;

	90 string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));

	91 if (issuer_name.empty()) {

	92 issuer_name.assign(l10n_util::GetStringUTF16(

	93 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));

	94 }

	95 site_identity_details_.assign(l10n_util::GetStringFUTF16(

	96 IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));

	97

	98 site_identity_details_ += ASCIIToUTF16("\n\n");

	99 if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {

	100 site_identity_details_ += l10n_util::GetStringUTF16(

	101 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);

	102 } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) {

	103 site_identity_details_ += l10n_util::GetStringUTF16(

	104 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);

	105 } else {

	106 NOTREACHED() << "Need to specify string for this warning";

	107 }

	108 } else if (ssl.cert_status & net::CERT_STATUS_IS_EV) {

	109 // EV HTTPS page.

	110 site_identity_status_ = SITE_IDENTITY_STATUS_EV_CERT;

	111 DCHECK(!cert->subject().organization_names.empty());

	112 organisation_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);

	113 // An EV Cert is required to have a city (localityName) and country but

	114 // state is "if any".

	115 DCHECK(!cert->subject().locality_name.empty());

	116 DCHECK(!cert->subject().country_name.empty());

	117 string16 locality;

	118 if (!cert->subject().state_or_province_name.empty()) {

	119 locality = l10n_util::GetStringFUTF16(

	120 IDS_PAGEINFO_ADDRESS,

	121 UTF8ToUTF16(cert->subject().locality_name),

	122 UTF8ToUTF16(cert->subject().state_or_province_name),

	123 UTF8ToUTF16(cert->subject().country_name));

	124 } else {

	125 locality = l10n_util::GetStringFUTF16(

	126 IDS_PAGEINFO_PARTIAL_ADDRESS,

	127 UTF8ToUTF16(cert->subject().locality_name),

	128 UTF8ToUTF16(cert->subject().country_name));

	129 }

	130 DCHECK(!cert->subject().organization_names.empty());

	131 site_identity_details_.assign(l10n_util::GetStringFUTF16(

	132 IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV,

	133 UTF8ToUTF16(cert->subject().organization_names[0]),

	134 locality,

	135 UTF8ToUTF16(cert->issuer().GetDisplayName())));

	136 } else if (ssl.cert_status & net::CERT_STATUS_IS_DNSSEC) {

	137 // DNSSEC authenticated page.

	138 site_identity_status_ = SITE_IDENTITY_STATUS_DNSSEC_CERT;

	139 site_identity_details_.assign(l10n_util::GetStringFUTF16(

	140 IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, UTF8ToUTF16("DNSSEC")));

	141 } else {

	142 // Non-EV OK HTTPS page.

	143 site_identity_status_ = SITE_IDENTITY_STATUS_CERT;

	144 string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));

	145 if (issuer_name.empty()) {

	146 issuer_name.assign(l10n_util::GetStringUTF16(

	147 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));

	148 }

	149 site_identity_details_.assign(l10n_util::GetStringFUTF16(

	150 IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));

	151 }

	152 } else {

	153 // HTTP or HTTPS with errors (not warnings).

	154 site_identity_details_.assign(l10n_util::GetStringUTF16(

	155 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY));

	156 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) {

	157 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT;

	158 } else {

	159 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR;

	160 }
	Finnur 2012/02/14 11:00:36 No braces around single line if statements. No braces around single line if statements. markusheintz_ 2012/02/14 13:36:55 Done. Show quoted text On 2012/02/14 11:00:36, Finnur wrote: > No braces around single line if statements. Done.
	161

	162 const string16 bullet = UTF8ToUTF16("\n • ");

	163 std::vector<SSLErrorInfo> errors;

	164 SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id, ssl.cert_status,

	165 url, &errors);

	166 for (size_t i = 0; i < errors.size(); ++i) {

	167 site_identity_details_ += bullet;

	168 site_identity_details_ += errors[i].short_description();

	169 }

	170

	171 if (ssl.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) {

	172 site_identity_details_ += ASCIIToUTF16("\n\n");

	173 site_identity_details_ += l10n_util::GetStringUTF16(

	174 IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME);

	175 }

	176 }

	177

	178 // Site Connection

	179 // We consider anything less than 80 bits encryption to be weak encryption.

	180 // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and

	181 // weakly encrypted connections.

	182 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED;
	Finnur 2012/02/14 11:00:36 It feels like we should assume STATUS_NA until we It feels like we should assume STATUS_NA until we find that it is encrypted. Oh, wait, I guess this is the way it was before (ICON_STATE_OK)... markusheintz_ 2012/02/14 13:36:55 It was like this before (that was also my excuse f Show quoted text On 2012/02/14 11:00:36, Finnur wrote: > It feels like we should assume STATUS_NA until we find that it is encrypted. Oh, > wait, I guess this is the way it was before (ICON_STATE_OK)... It was like this before (that was also my excuse for not having it changed yet)but I feel the same so I changed it now.
	183 if (!ssl.cert_id) {

	184 // Not HTTPS.

	185 DCHECK_EQ(ssl.security_style, content::SECURITY_STYLE_UNAUTHENTICATED);

	186 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) {

	187 site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED;

	188 } else {

	189 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;

	190 }

	191

	192 site_connection_details_.assign(l10n_util::GetStringFUTF16(

	193 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT,

	194 subject_name));

	195 } else if (ssl.security_bits < 0) {

	196 // Security strength is unknown. Say nothing.

	197 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;

	198 } else if (ssl.security_bits == 0) {

	199 DCHECK_NE(ssl.security_style, content::SECURITY_STYLE_UNAUTHENTICATED);

	200 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;

	201 site_connection_details_.assign(l10n_util::GetStringFUTF16(

	202 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT,

	203 subject_name));

	204 } else if (ssl.security_bits < 80) {

	205 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;

	206 site_connection_details_.assign(l10n_util::GetStringFUTF16(

	207 IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT,

	208 subject_name));

	209 } else {

	210 site_connection_details_.assign(l10n_util::GetStringFUTF16(

	211 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT,

	212 subject_name,

	213 base::IntToString16(ssl.security_bits)));

	214 if (ssl.content_status) {

	215 bool ran_insecure_content =

	216 !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT);

	217 site_connection_status_ = ran_insecure_content ?

	218 SITE_CONNECTION_STATUS_ENCRYPTED_ERROR

	219 : SITE_CONNECTION_STATUS_MIXED_CONTENT;

	220 site_connection_details_.assign(l10n_util::GetStringFUTF16(

	221 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK,

	222 site_connection_details_,

	223 l10n_util::GetStringUTF16(ran_insecure_content ?

	224 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR :

	225 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING)));

	226 }

	227 }

	228

	229 uint16 cipher_suite =

	230 net::SSLConnectionStatusToCipherSuite(ssl.connection_status);

	231 if (ssl.security_bits > 0 && cipher_suite) {

	232 int ssl_version =

	233 net::SSLConnectionStatusToVersion(ssl.connection_status);

	234 const char* ssl_version_str;

	235 net::SSLVersionToString(&ssl_version_str, ssl_version);

	236 site_connection_details_ += ASCIIToUTF16("\n\n");

	237 site_connection_details_ += l10n_util::GetStringFUTF16(

	238 IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION,

	239 ASCIIToUTF16(ssl_version_str));

	240

	241 bool did_fallback = (ssl.connection_status &

	242 net::SSL_CONNECTION_SSL3_FALLBACK) != 0;

	243 bool no_renegotiation =

	244 (ssl.connection_status &

	245 net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0;

	246 const char key_exchange, cipher, *mac;

	247 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, cipher_suite);

	248

	249 site_connection_details_ += ASCIIToUTF16("\n\n");

	250 site_connection_details_ += l10n_util::GetStringFUTF16(

	251 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS,

	252 ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange));

	253

	254 site_connection_details_ += ASCIIToUTF16("\n\n");

	255 uint8 compression_id =

	256 net::SSLConnectionStatusToCompression(ssl.connection_status);

	257 if (compression_id) {

	258 const char* compression;

	259 net::SSLCompressionToString(&compression, compression_id);

	260 site_connection_details_ += l10n_util::GetStringFUTF16(

	261 IDS_PAGE_INFO_SECURITY_TAB_COMPRESSION_DETAILS,

	262 ASCIIToUTF16(compression));

	263 } else {

	264 site_connection_details_ += l10n_util::GetStringUTF16(

	265 IDS_PAGE_INFO_SECURITY_TAB_NO_COMPRESSION);

	266 }

	267

	268 if (did_fallback) {

	269 // For now, only SSLv3 fallback will trigger a warning icon.

	270 if (site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT)

	271 site_connection_status_ = SITE_CONNECTION_STATUS_MIXED_CONTENT;

	272 site_connection_details_ += ASCIIToUTF16("\n\n");

	273 site_connection_details_ += l10n_util::GetStringUTF16(

	274 IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE);

	275 }

	276 if (no_renegotiation) {

	277 site_connection_details_ += ASCIIToUTF16("\n\n");

	278 site_connection_details_ += l10n_util::GetStringUTF16(

	279 IDS_PAGE_INFO_SECURITY_TAB_RENEGOTIATION_MESSAGE);

	280 }

	281 }

	282 }

OLD	NEW

« chrome/browser/website_settings.h ('K') | « chrome/browser/website_settings.h ('k') | chrome/chrome_browser.gypi » ('j') | no next file with comments »