chrome/browser/ssl/connection_security.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_
   6 #define CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_
   7
   8 #include "base/macros.h"
   9 #include "content/public/common/security_style.h"
  10 #include "net/cert/cert_status_flags.h"
  11
  12 namespace content {
  13 class WebContents;
  14 }  // namespace content
  15
  16 // This namespace contains functions responsible for computing the
  17 // connection security status of a page.
  18 namespace connection_security {
  19
  20 // These security styles describe the treatment given to pages that
  21 // display and run mixed content. They are used to coordinate the
  22 // treatment of mixed content with other security UI elements.
  23 const content::SecurityStyle kDisplayedInsecureContentStyle =
  24     content::SECURITY_STYLE_UNAUTHENTICATED;
  25 const content::SecurityStyle kRanInsecureContentStyle =
  26     content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
  27
  28 // TODO(wtc): unify this enum with SecurityStyle.  We
  29 // don't need two sets of security UI levels.  SECURITY_STYLE_AUTHENTICATED
  30 // needs to be refined into three levels: warning, standard, and EV.
  31 // See crbug.com/425728
  32 //
  33 // If you reorder, add, or delete values from this enum, you must also
  34 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
  35 //
  36 // A Java counterpart will be generated for this enum.
  37 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
  38 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
  39 enum SecurityLevel {
  40   // HTTP/no URL
  41   NONE,
  42
  43   // HTTPS with valid EV cert
  44   EV_SECURE,
  45
  46   // HTTPS (non-EV)
  47   SECURE,
  48
  49   // HTTPS, but unable to check certificate revocation status or with insecure
  50   // content on the page
  51   SECURITY_WARNING,
  52
  53   // HTTPS, but the certificate verification chain is anchored on a
  54   // certificate that was installed by the system administrator
  55   SECURITY_POLICY_WARNING,
  56
  57   // Attempted HTTPS and failed, page not authenticated
  58   SECURITY_ERROR,
  59 };
  60
  61 // Describes how the SHA1 deprecation policy applies to an HTTPS
  62 // connection.
  63 enum SHA1DeprecationStatus {
  64   // No SHA1 deprecation policy applies.
  65   NO_DEPRECATED_SHA1,
  66   // The connection used a certificate with a SHA1 signature in the
  67   // chain, and policy says that the connection should be treated as
  68   // broken HTTPS.
  69   DEPRECATED_SHA1_BROKEN,
  70   // The connection used a certificate with a SHA1 signature in the
  71   // chain, and policy says that the connection should be treated with a
  72   // warning.
  73   DEPRECATED_SHA1_WARNING,
  74 };
  75
  76 // Describes the type of mixed content (if any) that a site
  77 // displayed/ran.
  78 enum MixedContentStatus {
  79   NO_MIXED_CONTENT,
  80   // The site displayed nonsecure resources (passive mixed content).
  81   DISPLAYED_MIXED_CONTENT,
  82   // The site ran nonsecure resources (active mixed content).
  83   RAN_MIXED_CONTENT,
  84   // The site both ran and displayed nonsecure resources.
  85   RAN_AND_DISPLAYED_MIXED_CONTENT,
  86 };
  87
  88 // Contains information about a page's security status, including a
  89 // SecurityStyle and the information that was used to decide which
  90 // SecurityStyle to assign.
  91 struct SecurityInfo {
  92   content::SecurityStyle security_style;
  93   SHA1DeprecationStatus sha1_deprecation_status;
  94   MixedContentStatus mixed_content_status;
  95   net::CertStatus cert_status;
  96   int cert_id;
  97   bool scheme_is_cryptographic;
  98 };
  99
 100 // Returns a security level describing the overall security state of
 101 // the given |WebContents|.
 102 SecurityLevel GetSecurityLevelForWebContents(
 103     const content::WebContents* web_contents);
 104
 105 // Populates |security_info| with information describing the given
 106 // |web_contents|, including a content::SecurityStyle value and security
 107 // properties that caused that value to be chosen.
 108 //
 109 // Note: This is a lossy operation. Not all of the policies
 110 // that can be expressed by a SecurityLevel (a //chrome concept) can
 111 // be expressed by a content::SecurityStyle.
 112 // In general, code in //chrome should prefer to use
 113 // GetSecurityLevelForWebContents() to determine security policy, and
 114 // only use this function when policy needs to be supplied back to
 115 // layers in //content.
 116 void GetSecurityInfoForWebContents(const content::WebContents* web_contents,
 117                                    SecurityInfo* security_info);
 118
 119 }  // namespace connection_security
 120
 121 #endif  // CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_