chrome/browser/ssl/connection_security.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/connection_security.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/metrics/field_trial.h"
   9 #include "base/metrics/histogram_macros.h"
  10 #include "base/prefs/pref_service.h"
  11 #include "chrome/browser/profiles/profile.h"
  12 #include "chrome/browser/ssl/ssl_error_info.h"
  13 #include "chrome/common/chrome_constants.h"
  14 #include "chrome/common/chrome_switches.h"
  15 #include "chrome/common/pref_names.h"
  16 #include "content/public/browser/cert_store.h"
  17 #include "content/public/browser/navigation_controller.h"
  18 #include "content/public/browser/navigation_entry.h"
  19 #include "content/public/browser/web_contents.h"
  20 #include "content/public/common/origin_util.h"
  21 #include "content/public/common/ssl_status.h"
  22 #include "net/base/net_util.h"
  23 #include "net/cert/cert_status_flags.h"
  24 #include "net/cert/x509_certificate.h"
  25 #include "net/ssl/ssl_connection_status_flags.h"
  26
  27 #if defined(OS_CHROMEOS)
  28 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
  29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
  30 #endif
  31
  32 namespace {
  33
  34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {
  35   std::string choice =
  36       base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
  37           switches::kMarkNonSecureAs);
  38   std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
  39
  40   // Do not change this enum. It is used in the histogram.
  41   enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS };
  42   const char kEnumeration[] = "MarkNonSecureAs";
  43
  44   connection_security::SecurityLevel level;
  45   MarkNonSecureStatus status;
  46
  47   if (choice == switches::kMarkNonSecureAsNeutral) {
  48     status = NEUTRAL;
  49     level = connection_security::NONE;
  50   } else if (choice == switches::kMarkNonSecureAsNonSecure) {
  51     status = NON_SECURE;
  52     level = connection_security::SECURITY_ERROR;
  53   } else if (group == switches::kMarkNonSecureAsNeutral) {
  54     status = NEUTRAL;
  55     level = connection_security::NONE;
  56   } else if (group == switches::kMarkNonSecureAsNonSecure) {
  57     status = NON_SECURE;
  58     level = connection_security::SECURITY_ERROR;
  59   } else {
  60     status = NEUTRAL;
  61     level = connection_security::NONE;
  62   }
  63
  64   UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS);
  65   return level;
  66 }
  67
  68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus(
  69     const content::SSLStatus& ssl) {
  70   scoped_refptr<net::X509Certificate> cert;
  71   return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert)
  72              ? cert
  73              : nullptr;
  74 }
  75
  76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus(
  77     scoped_refptr<net::X509Certificate> cert,
  78     const content::SSLStatus& ssl) {
  79   if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT))
  80     return connection_security::NO_DEPRECATED_SHA1;
  81
  82   // The internal representation of the dates for UI treatment of SHA-1.
  83   // See http://crbug.com/401365 for details.
  84   static const int64_t kJanuary2017 = INT64_C(13127702400000000);
  85   if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017))
  86     return connection_security::DEPRECATED_SHA1_BROKEN;
  87   // kJanuary2016 needs to be kept in sync with
  88   // ToolbarModelAndroid::IsDeprecatedSHA1Present().
  89   static const int64_t kJanuary2016 = INT64_C(13096080000000000);
  90   if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016))
  91     return connection_security::DEPRECATED_SHA1_WARNING;
  92
  93   return connection_security::NO_DEPRECATED_SHA1;
  94 }
  95
  96 connection_security::MixedContentStatus GetMixedContentStatus(
  97     const content::SSLStatus& ssl) {
  98   bool ran_insecure_content = false;
  99   bool displayed_insecure_content = false;
 100   if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT)
 101     ran_insecure_content = true;
 102   if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT)
 103     displayed_insecure_content = true;
 104
 105   if (ran_insecure_content && displayed_insecure_content)
 106     return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT;
 107   if (ran_insecure_content)
 108     return connection_security::RAN_MIXED_CONTENT;
 109   if (displayed_insecure_content)
 110     return connection_security::DISPLAYED_MIXED_CONTENT;
 111
 112   return connection_security::NO_MIXED_CONTENT;
 113 }
 114
 115 }  // namespace
 116
 117 namespace connection_security {
 118
 119 SecurityLevel GetSecurityLevelForWebContents(
 120     const content::WebContents* web_contents) {
 121   if (!web_contents)
 122     return NONE;
 123
 124   content::NavigationEntry* entry =
 125       web_contents->GetController().GetVisibleEntry();
 126   if (!entry)
 127     return NONE;
 128
 129   const content::SSLStatus& ssl = entry->GetSSL();
 130   switch (ssl.security_style) {
 131     case content::SECURITY_STYLE_UNKNOWN:
 132       return NONE;
 133
 134     case content::SECURITY_STYLE_UNAUTHENTICATED: {
 135       const GURL& url = entry->GetURL();
 136       if (!content::IsOriginSecure(url))
 137         return GetSecurityLevelForNonSecureFieldTrial();
 138       return NONE;
 139     }
 140
 141     case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
 142       return SECURITY_ERROR;
 143
 144     case content::SECURITY_STYLE_AUTHENTICATED: {
 145 #if defined(OS_CHROMEOS)
 146       // Report if there is a policy cert first, before reporting any other
 147       // authenticated-but-with-errors cases. A policy cert is a strong
 148       // indicator of a MITM being present (the enterprise), while the
 149       // other authenticated-but-with-errors indicate something may
 150       // be wrong, or may be wrong in the future, but is unclear now.
 151       policy::PolicyCertService* service =
 152           policy::PolicyCertServiceFactory::GetForProfile(
 153               Profile::FromBrowserContext(web_contents->GetBrowserContext()));
 154       if (service && service->UsedPolicyCertificates())
 155         return SECURITY_POLICY_WARNING;
 156 #endif
 157
 158       scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);
 159       SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl);
 160       if (sha1_status == DEPRECATED_SHA1_BROKEN)
 161         return SECURITY_ERROR;
 162       if (sha1_status == DEPRECATED_SHA1_WARNING)
 163         return NONE;
 164
 165       MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl);
 166       // Active mixed content is downgraded to the BROKEN style and
 167       // handled above.
 168       DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status);
 169       DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status);
 170       // This should be kept in sync with
 171       // |kDisplayedInsecureContentStyle|. That is: the treatment
 172       // given to passive mixed content here should be expressed by
 173       // |kDisplayedInsecureContentStyle|, which is used to coordinate
 174       // the treatment of passive mixed content with other security UI
 175       // elements.
 176       if (mixed_content_status == DISPLAYED_MIXED_CONTENT)
 177         return NONE;
 178
 179       if (net::IsCertStatusError(ssl.cert_status)) {
 180         DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
 181         return NONE;
 182       }
 183       if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
 184           net::SSL_CONNECTION_VERSION_SSL3) {
 185         // SSLv3 will be removed in the future.
 186         return SECURITY_WARNING;
 187       }
 188       if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert)
 189         return EV_SECURE;
 190       return SECURE;
 191     }
 192
 193     default:
 194       NOTREACHED();
 195       return NONE;
 196   }
 197 }
 198
 199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents,
 200                                    SecurityInfo* security_info) {
 201   content::NavigationEntry* entry =
 202       web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr;
 203   if (!entry) {
 204     security_info->security_style = content::SECURITY_STYLE_UNKNOWN;
 205     return;
 206   }
 207
 208   security_info->scheme_is_cryptographic =
 209       entry->GetURL().SchemeIsCryptographic();
 210
 211   SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents);
 212   switch (security_level) {
 213     case SECURITY_WARNING:
 214     case NONE:
 215       security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED;
 216       break;
 217     case EV_SECURE:
 218     case SECURE:
 219       security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED;
 220       break;
 221     case SECURITY_POLICY_WARNING:
 222       security_info->security_style = content::SECURITY_STYLE_WARNING;
 223       break;
 224     case SECURITY_ERROR:
 225       security_info->security_style =
 226           content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
 227       break;
 228   }
 229
 230   const content::SSLStatus& ssl = entry->GetSSL();
 231   scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);
 232   security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl);
 233   security_info->mixed_content_status = GetMixedContentStatus(ssl);
 234   security_info->cert_status = ssl.cert_status;
 235 }
 236
 237 }  // namespace connection_security