1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/ui/website_settings/website_settings.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/command_line.h"
13 #include "base/i18n/time_formatting.h"
14 #include "base/metrics/histogram.h"
15 #include "base/strings/string_number_conversions.h"
16 #include "base/strings/utf_string_conversions.h"
17 #include "base/values.h"
18 #include "chrome/browser/browsing_data/browsing_data_cookie_helper.h"
19 #include "chrome/browser/browsing_data/browsing_data_database_helper.h"
20 #include "chrome/browser/browsing_data/browsing_data_file_system_helper.h"
21 #include "chrome/browser/browsing_data/browsing_data_indexed_db_helper.h"
22 #include "chrome/browser/browsing_data/browsing_data_local_storage_helper.h"
23 #include "chrome/browser/browsing_data/browsing_data_server_bound_cert_helper.h"
24 #include "chrome/browser/content_settings/content_settings_utils.h"
25 #include "chrome/browser/content_settings/host_content_settings_map.h"
26 #include "chrome/browser/content_settings/local_shared_objects_container.h"
27 #include "chrome/browser/history/history_service_factory.h"
28 #include "chrome/browser/profiles/profile.h"
29 #include "chrome/browser/ssl/ssl_error_info.h"
30 #include "chrome/browser/ui/website_settings/website_settings_infobar_delegate.h"
31 #include "chrome/browser/ui/website_settings/website_settings_ui.h"
32 #include "chrome/common/content_settings_pattern.h"
33 #include "content/public/browser/browser_thread.h"
34 #include "content/public/browser/cert_store.h"
35 #include "content/public/browser/user_metrics.h"
36 #include "content/public/common/content_switches.h"
37 #include "content/public/common/ssl_status.h"
38 #include "content/public/common/url_constants.h"
39 #include "grit/chromium_strings.h"
40 #include "grit/generated_resources.h"
41 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
42 #include "net/cert/cert_status_flags.h"
43 #include "net/cert/x509_certificate.h"
44 #include "net/ssl/ssl_cipher_suite_names.h"
45 #include "net/ssl/ssl_connection_status_flags.h"
46 #include "ui/base/l10n/l10n_util.h"
47 #include "ui/base/resource/resource_bundle.h"
49 #if defined(OS_CHROMEOS)
50 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
51 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
54 using base::ASCIIToUTF16
;
55 using base::UTF8ToUTF16
;
56 using base::UTF16ToUTF8
;
57 using content::BrowserThread
;
61 // The list of content settings types to display on the Website Settings UI.
62 ContentSettingsType kPermissionType
[] = {
63 CONTENT_SETTINGS_TYPE_IMAGES
,
64 CONTENT_SETTINGS_TYPE_JAVASCRIPT
,
65 CONTENT_SETTINGS_TYPE_PLUGINS
,
66 CONTENT_SETTINGS_TYPE_POPUPS
,
67 CONTENT_SETTINGS_TYPE_GEOLOCATION
,
68 CONTENT_SETTINGS_TYPE_NOTIFICATIONS
,
69 CONTENT_SETTINGS_TYPE_FULLSCREEN
,
70 CONTENT_SETTINGS_TYPE_MOUSELOCK
,
71 CONTENT_SETTINGS_TYPE_MEDIASTREAM
,
72 CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS
,
73 CONTENT_SETTINGS_TYPE_MIDI_SYSEX
,
76 bool CertificateTransparencyStatusMatch(
77 const content::SignedCertificateTimestampIDStatusList
& scts
,
78 net::ct::SCTVerifyStatus status
) {
79 for (content::SignedCertificateTimestampIDStatusList::const_iterator it
=
83 if (it
->status
== status
)
90 int GetSiteIdentityDetailsMessageByCTInfo(
91 const content::SignedCertificateTimestampIDStatusList
& scts
,
93 // No SCTs - no CT information.
95 return (is_ev
? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT
96 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT
);
98 if (CertificateTransparencyStatusMatch(scts
, net::ct::SCT_STATUS_OK
))
99 return (is_ev
? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED
100 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED
);
102 if (CertificateTransparencyStatusMatch(scts
, net::ct::SCT_STATUS_INVALID
))
103 return (is_ev
? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID
104 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID
);
106 // status is SCT_STATUS_LOG_UNKNOWN
107 return (is_ev
? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_UNVERIFIED
108 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_UNVERIFIED
);
111 // This function will return SITE_IDENTITY_STATUS_CERT or
112 // SITE_IDENTITY_STATUS_EV_CERT depending on |is_ev| unless there are SCTs
113 // which failed verification, in which case it will return
114 // SITE_IDENTITY_STATUS_ERROR.
115 WebsiteSettings::SiteIdentityStatus
GetSiteIdentityStatusByCTInfo(
116 const content::SignedCertificateTimestampIDStatusList
& scts
,
118 if (CertificateTransparencyStatusMatch(scts
, net::ct::SCT_STATUS_INVALID
))
119 return WebsiteSettings::SITE_IDENTITY_STATUS_ERROR
;
121 return is_ev
? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT
122 : WebsiteSettings::SITE_IDENTITY_STATUS_CERT
;
127 WebsiteSettings::WebsiteSettings(
128 WebsiteSettingsUI
* ui
,
130 TabSpecificContentSettings
* tab_specific_content_settings
,
131 InfoBarService
* infobar_service
,
133 const content::SSLStatus
& ssl
,
134 content::CertStore
* cert_store
)
135 : TabSpecificContentSettings::SiteDataObserver(
136 tab_specific_content_settings
),
138 infobar_service_(infobar_service
),
139 show_info_bar_(false),
141 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN
),
143 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN
),
144 cert_store_(cert_store
),
145 content_settings_(profile
->GetHostContentSettingsMap()) {
146 Init(profile
, url
, ssl
);
148 HistoryService
* history_service
= HistoryServiceFactory::GetForProfile(
149 profile
, Profile::EXPLICIT_ACCESS
);
150 if (history_service
) {
151 history_service
->GetVisibleVisitCountToHost(
153 &visit_count_request_consumer_
,
154 base::Bind(&WebsiteSettings::OnGotVisitCountToHost
,
155 base::Unretained(this)));
158 PresentSitePermissions();
160 PresentSiteIdentity();
161 PresentHistoryInfo(base::Time());
163 // Every time the Website Settings UI is opened a |WebsiteSettings| object is
164 // created. So this counts how ofter the Website Settings UI is opened.
165 content::RecordAction(base::UserMetricsAction("WebsiteSettings_Opened"));
168 WebsiteSettings::~WebsiteSettings() {
171 void WebsiteSettings::OnSitePermissionChanged(ContentSettingsType type
,
172 ContentSetting setting
) {
173 // Count how often a permission for a specific content type is changed using
174 // the Website Settings UI.
175 UMA_HISTOGRAM_COUNTS("WebsiteSettings.PermissionChanged", type
);
177 ContentSettingsPattern primary_pattern
;
178 ContentSettingsPattern secondary_pattern
;
180 case CONTENT_SETTINGS_TYPE_GEOLOCATION
:
181 case CONTENT_SETTINGS_TYPE_MIDI_SYSEX
:
182 // TODO(markusheintz): The rule we create here should also change the
183 // location permission for iframed content.
184 primary_pattern
= ContentSettingsPattern::FromURLNoWildcard(site_url_
);
185 secondary_pattern
= ContentSettingsPattern::FromURLNoWildcard(site_url_
);
187 case CONTENT_SETTINGS_TYPE_NOTIFICATIONS
:
188 primary_pattern
= ContentSettingsPattern::FromURLNoWildcard(site_url_
);
189 secondary_pattern
= ContentSettingsPattern::Wildcard();
191 case CONTENT_SETTINGS_TYPE_IMAGES
:
192 case CONTENT_SETTINGS_TYPE_JAVASCRIPT
:
193 case CONTENT_SETTINGS_TYPE_PLUGINS
:
194 case CONTENT_SETTINGS_TYPE_POPUPS
:
195 case CONTENT_SETTINGS_TYPE_FULLSCREEN
:
196 case CONTENT_SETTINGS_TYPE_MOUSELOCK
:
197 case CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS
:
198 primary_pattern
= ContentSettingsPattern::FromURL(site_url_
);
199 secondary_pattern
= ContentSettingsPattern::Wildcard();
201 case CONTENT_SETTINGS_TYPE_MEDIASTREAM
: {
202 // We need to use the same same patterns as other places like infobar code
203 // to override the existing rule instead of creating the new one.
204 primary_pattern
= ContentSettingsPattern::FromURLNoWildcard(site_url_
);
205 secondary_pattern
= ContentSettingsPattern::Wildcard();
206 // Set permission for both microphone and camera.
207 content_settings_
->SetContentSetting(
210 CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC
,
214 content_settings_
->SetContentSetting(
217 CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA
,
223 NOTREACHED() << "ContentSettingsType " << type
<< "is not supported.";
227 if (type
!= CONTENT_SETTINGS_TYPE_MEDIASTREAM
) {
228 // Permission settings are specified via rules. There exists always at least
229 // one rule for the default setting. Get the rule that currently defines
230 // the permission for the given permission |type|. Then test whether the
231 // existing rule is more specific than the rule we are about to create. If
232 // the existing rule is more specific, than change the existing rule instead
233 // of creating a new rule that would be hidden behind the existing rule.
234 // This is not a concern for CONTENT_SETTINGS_TYPE_MEDIASTREAM since users
235 // can not create media settings exceptions by hand.
236 content_settings::SettingInfo info
;
237 scoped_ptr
<base::Value
> v(content_settings_
->GetWebsiteSetting(
238 site_url_
, site_url_
, type
, std::string(), &info
));
239 DCHECK(info
.source
== content_settings::SETTING_SOURCE_USER
);
240 ContentSettingsPattern::Relation r1
=
241 info
.primary_pattern
.Compare(primary_pattern
);
242 DCHECK(r1
!= ContentSettingsPattern::DISJOINT_ORDER_POST
&&
243 r1
!= ContentSettingsPattern::DISJOINT_ORDER_PRE
);
244 if (r1
== ContentSettingsPattern::PREDECESSOR
) {
245 primary_pattern
= info
.primary_pattern
;
246 } else if (r1
== ContentSettingsPattern::IDENTITY
) {
247 ContentSettingsPattern::Relation r2
=
248 info
.secondary_pattern
.Compare(secondary_pattern
);
249 DCHECK(r2
!= ContentSettingsPattern::DISJOINT_ORDER_POST
&&
250 r2
!= ContentSettingsPattern::DISJOINT_ORDER_PRE
);
251 if (r2
== ContentSettingsPattern::PREDECESSOR
)
252 secondary_pattern
= info
.secondary_pattern
;
255 base::Value
* value
= NULL
;
256 if (setting
!= CONTENT_SETTING_DEFAULT
)
257 value
= base::Value::CreateIntegerValue(setting
);
258 content_settings_
->SetWebsiteSetting(
259 primary_pattern
, secondary_pattern
, type
, std::string(), value
);
262 show_info_bar_
= true;
264 // TODO(markusheintz): This is a temporary hack to fix issue:
265 // http://crbug.com/144203.
266 #if defined(OS_MACOSX)
267 // Refresh the UI to reflect the new setting.
268 PresentSitePermissions();
272 void WebsiteSettings::OnGotVisitCountToHost(HistoryService::Handle handle
,
275 base::Time first_visit
) {
277 // This indicates an error, such as the page's URL scheme wasn't
279 first_visit
= base::Time();
280 } else if (visit_count
== 0) {
281 first_visit
= base::Time::Now();
283 PresentHistoryInfo(first_visit
);
286 void WebsiteSettings::OnSiteDataAccessed() {
290 void WebsiteSettings::OnUIClosing() {
292 WebsiteSettingsInfoBarDelegate::Create(infobar_service_
);
295 void WebsiteSettings::Init(Profile
* profile
,
297 const content::SSLStatus
& ssl
) {
298 if (url
.SchemeIs(content::kChromeUIScheme
)) {
299 site_identity_status_
= SITE_IDENTITY_STATUS_INTERNAL_PAGE
;
300 site_identity_details_
=
301 l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE
);
302 site_connection_status_
= SITE_CONNECTION_STATUS_INTERNAL_PAGE
;
306 scoped_refptr
<net::X509Certificate
> cert
;
309 base::string16
subject_name(UTF8ToUTF16(url
.host()));
310 if (subject_name
.empty()) {
312 l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY
));
315 cert_id_
= ssl
.cert_id
;
317 if (ssl
.cert_id
&& !ssl
.signed_certificate_timestamp_ids
.empty()) {
318 signed_certificate_timestamp_ids_
.assign(
319 ssl
.signed_certificate_timestamp_ids
.begin(),
320 ssl
.signed_certificate_timestamp_ids
.end());
324 cert_store_
->RetrieveCert(ssl
.cert_id
, &cert
) &&
325 (!net::IsCertStatusError(ssl
.cert_status
) ||
326 net::IsCertStatusMinorError(ssl
.cert_status
))) {
327 // There are no major errors. Check for minor errors.
328 #if defined(OS_CHROMEOS)
329 policy::PolicyCertService
* service
=
330 policy::PolicyCertServiceFactory::GetForProfile(profile
);
331 const bool used_policy_certs
= service
&& service
->UsedPolicyCertificates();
333 const bool used_policy_certs
= false;
335 if (used_policy_certs
) {
336 site_identity_status_
= SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT
;
337 site_identity_details_
= l10n_util::GetStringFUTF16(
338 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE
, UTF8ToUTF16(url
.host()));
339 } else if (net::IsCertStatusMinorError(ssl
.cert_status
)) {
340 site_identity_status_
= SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN
;
341 base::string16
issuer_name(UTF8ToUTF16(cert
->issuer().GetDisplayName()));
342 if (issuer_name
.empty()) {
343 issuer_name
.assign(l10n_util::GetStringUTF16(
344 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY
));
347 site_identity_details_
.assign(l10n_util::GetStringFUTF16(
348 GetSiteIdentityDetailsMessageByCTInfo(
349 ssl
.signed_certificate_timestamp_ids
, false /* not EV */),
352 site_identity_details_
+= ASCIIToUTF16("\n\n");
353 if (ssl
.cert_status
& net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION
) {
354 site_identity_details_
+= l10n_util::GetStringUTF16(
355 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION
);
356 } else if (ssl
.cert_status
& net::CERT_STATUS_NO_REVOCATION_MECHANISM
) {
357 site_identity_details_
+= l10n_util::GetStringUTF16(
358 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM
);
360 NOTREACHED() << "Need to specify string for this warning";
362 } else if (ssl
.cert_status
& net::CERT_STATUS_IS_EV
) {
364 site_identity_status_
= GetSiteIdentityStatusByCTInfo(
365 ssl
.signed_certificate_timestamp_ids
, true);
366 DCHECK(!cert
->subject().organization_names
.empty());
367 organization_name_
= UTF8ToUTF16(cert
->subject().organization_names
[0]);
368 // An EV Cert is required to have a city (localityName) and country but
369 // state is "if any".
370 DCHECK(!cert
->subject().locality_name
.empty());
371 DCHECK(!cert
->subject().country_name
.empty());
372 base::string16 locality
;
373 if (!cert
->subject().state_or_province_name
.empty()) {
374 locality
= l10n_util::GetStringFUTF16(
375 IDS_PAGEINFO_ADDRESS
,
376 UTF8ToUTF16(cert
->subject().locality_name
),
377 UTF8ToUTF16(cert
->subject().state_or_province_name
),
378 UTF8ToUTF16(cert
->subject().country_name
));
380 locality
= l10n_util::GetStringFUTF16(
381 IDS_PAGEINFO_PARTIAL_ADDRESS
,
382 UTF8ToUTF16(cert
->subject().locality_name
),
383 UTF8ToUTF16(cert
->subject().country_name
));
385 DCHECK(!cert
->subject().organization_names
.empty());
386 site_identity_details_
.assign(l10n_util::GetStringFUTF16(
387 GetSiteIdentityDetailsMessageByCTInfo(
388 ssl
.signed_certificate_timestamp_ids
, true /* is EV */),
389 UTF8ToUTF16(cert
->subject().organization_names
[0]),
391 UTF8ToUTF16(cert
->issuer().GetDisplayName())));
393 // Non-EV OK HTTPS page.
394 site_identity_status_
= GetSiteIdentityStatusByCTInfo(
395 ssl
.signed_certificate_timestamp_ids
, false);
396 base::string16
issuer_name(UTF8ToUTF16(cert
->issuer().GetDisplayName()));
397 if (issuer_name
.empty()) {
398 issuer_name
.assign(l10n_util::GetStringUTF16(
399 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY
));
402 site_identity_details_
.assign(l10n_util::GetStringFUTF16(
403 GetSiteIdentityDetailsMessageByCTInfo(
404 ssl
.signed_certificate_timestamp_ids
, false /* not EV */),
408 // HTTP or HTTPS with errors (not warnings).
409 site_identity_details_
.assign(l10n_util::GetStringUTF16(
410 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY
));
411 if (ssl
.security_style
== content::SECURITY_STYLE_UNAUTHENTICATED
)
412 site_identity_status_
= SITE_IDENTITY_STATUS_NO_CERT
;
414 site_identity_status_
= SITE_IDENTITY_STATUS_ERROR
;
416 const base::string16 bullet
= UTF8ToUTF16("\n • ");
417 std::vector
<SSLErrorInfo
> errors
;
418 SSLErrorInfo::GetErrorsForCertStatus(ssl
.cert_id
, ssl
.cert_status
,
420 for (size_t i
= 0; i
< errors
.size(); ++i
) {
421 site_identity_details_
+= bullet
;
422 site_identity_details_
+= errors
[i
].short_description();
425 if (ssl
.cert_status
& net::CERT_STATUS_NON_UNIQUE_NAME
) {
426 site_identity_details_
+= ASCIIToUTF16("\n\n");
427 site_identity_details_
+= l10n_util::GetStringUTF16(
428 IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME
);
433 // We consider anything less than 80 bits encryption to be weak encryption.
434 // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and
435 // weakly encrypted connections.
436 site_connection_status_
= SITE_CONNECTION_STATUS_UNKNOWN
;
440 DCHECK_EQ(ssl
.security_style
, content::SECURITY_STYLE_UNAUTHENTICATED
);
441 if (ssl
.security_style
== content::SECURITY_STYLE_UNAUTHENTICATED
)
442 site_connection_status_
= SITE_CONNECTION_STATUS_UNENCRYPTED
;
444 site_connection_status_
= SITE_CONNECTION_STATUS_ENCRYPTED_ERROR
;
446 site_connection_details_
.assign(l10n_util::GetStringFUTF16(
447 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT
,
449 } else if (ssl
.security_bits
< 0) {
450 // Security strength is unknown. Say nothing.
451 site_connection_status_
= SITE_CONNECTION_STATUS_ENCRYPTED_ERROR
;
452 } else if (ssl
.security_bits
== 0) {
453 DCHECK_NE(ssl
.security_style
, content::SECURITY_STYLE_UNAUTHENTICATED
);
454 site_connection_status_
= SITE_CONNECTION_STATUS_ENCRYPTED_ERROR
;
455 site_connection_details_
.assign(l10n_util::GetStringFUTF16(
456 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT
,
458 } else if (ssl
.security_bits
< 80) {
459 site_connection_status_
= SITE_CONNECTION_STATUS_ENCRYPTED_ERROR
;
460 site_connection_details_
.assign(l10n_util::GetStringFUTF16(
461 IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT
,
464 site_connection_status_
= SITE_CONNECTION_STATUS_ENCRYPTED
;
465 site_connection_details_
.assign(l10n_util::GetStringFUTF16(
466 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT
,
468 base::IntToString16(ssl
.security_bits
)));
469 if (ssl
.content_status
) {
470 bool ran_insecure_content
=
471 !!(ssl
.content_status
& content::SSLStatus::RAN_INSECURE_CONTENT
);
472 site_connection_status_
= ran_insecure_content
?
473 SITE_CONNECTION_STATUS_ENCRYPTED_ERROR
474 : SITE_CONNECTION_STATUS_MIXED_CONTENT
;
475 site_connection_details_
.assign(l10n_util::GetStringFUTF16(
476 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK
,
477 site_connection_details_
,
478 l10n_util::GetStringUTF16(ran_insecure_content
?
479 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR
:
480 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING
)));
484 uint16 cipher_suite
=
485 net::SSLConnectionStatusToCipherSuite(ssl
.connection_status
);
486 if (ssl
.security_bits
> 0 && cipher_suite
) {
488 net::SSLConnectionStatusToVersion(ssl
.connection_status
);
489 const char* ssl_version_str
;
490 net::SSLVersionToString(&ssl_version_str
, ssl_version
);
491 site_connection_details_
+= ASCIIToUTF16("\n\n");
492 site_connection_details_
+= l10n_util::GetStringFUTF16(
493 IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION
,
494 ASCIIToUTF16(ssl_version_str
));
496 bool did_fallback
= (ssl
.connection_status
&
497 net::SSL_CONNECTION_VERSION_FALLBACK
) != 0;
498 bool no_renegotiation
=
499 (ssl
.connection_status
&
500 net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION
) != 0;
501 const char *key_exchange
, *cipher
, *mac
;
503 net::SSLCipherSuiteToStrings(
504 &key_exchange
, &cipher
, &mac
, &is_aead
, cipher_suite
);
506 site_connection_details_
+= ASCIIToUTF16("\n\n");
508 site_connection_details_
+= l10n_util::GetStringFUTF16(
509 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD
,
510 ASCIIToUTF16(cipher
), ASCIIToUTF16(key_exchange
));
512 site_connection_details_
+= l10n_util::GetStringFUTF16(
513 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS
,
514 ASCIIToUTF16(cipher
), ASCIIToUTF16(mac
), ASCIIToUTF16(key_exchange
));
518 // For now, only SSLv3 fallback will trigger a warning icon.
519 if (site_connection_status_
< SITE_CONNECTION_STATUS_MIXED_CONTENT
)
520 site_connection_status_
= SITE_CONNECTION_STATUS_MIXED_CONTENT
;
521 site_connection_details_
+= ASCIIToUTF16("\n\n");
522 site_connection_details_
+= l10n_util::GetStringUTF16(
523 IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE
);
525 if (no_renegotiation
) {
526 site_connection_details_
+= ASCIIToUTF16("\n\n");
527 site_connection_details_
+= l10n_util::GetStringUTF16(
528 IDS_PAGE_INFO_SECURITY_TAB_RENEGOTIATION_MESSAGE
);
532 // By default select the permissions tab that displays all the site
533 // permissions. In case of a connection error or an issue with the
534 // certificate presented by the website, select the connection tab to draw
535 // the user's attention to the issue. If the site does not provide a
536 // certificate because it was loaded over an unencrypted connection, don't
537 // select the connection tab.
538 WebsiteSettingsUI::TabId tab_id
= WebsiteSettingsUI::TAB_ID_PERMISSIONS
;
539 if (site_connection_status_
== SITE_CONNECTION_STATUS_ENCRYPTED_ERROR
||
540 site_connection_status_
== SITE_CONNECTION_STATUS_MIXED_CONTENT
||
541 site_identity_status_
== SITE_IDENTITY_STATUS_ERROR
||
542 site_identity_status_
== SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN
||
543 site_identity_status_
== SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT
)
544 tab_id
= WebsiteSettingsUI::TAB_ID_CONNECTION
;
545 ui_
->SetSelectedTab(tab_id
);
548 void WebsiteSettings::PresentSitePermissions() {
549 PermissionInfoList permission_info_list
;
551 WebsiteSettingsUI::PermissionInfo permission_info
;
552 for (size_t i
= 0; i
< arraysize(kPermissionType
); ++i
) {
553 permission_info
.type
= kPermissionType
[i
];
554 if (permission_info
.type
== CONTENT_SETTINGS_TYPE_MIDI_SYSEX
) {
555 const CommandLine
* command_line
= CommandLine::ForCurrentProcess();
556 if (!command_line
->HasSwitch(switches::kEnableWebMIDI
))
560 content_settings::SettingInfo info
;
561 if (permission_info
.type
== CONTENT_SETTINGS_TYPE_MEDIASTREAM
) {
562 scoped_ptr
<base::Value
> mic_value(content_settings_
->GetWebsiteSetting(
565 CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC
,
568 ContentSetting mic_setting
=
569 content_settings::ValueToContentSetting(mic_value
.get());
571 scoped_ptr
<base::Value
> camera_value(content_settings_
->GetWebsiteSetting(
574 CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA
,
577 ContentSetting camera_setting
=
578 content_settings::ValueToContentSetting(camera_value
.get());
580 if (mic_setting
!= camera_setting
|| mic_setting
== CONTENT_SETTING_ASK
)
581 permission_info
.setting
= CONTENT_SETTING_DEFAULT
;
583 permission_info
.setting
= mic_setting
;
585 scoped_ptr
<base::Value
> value(content_settings_
->GetWebsiteSetting(
586 site_url_
, site_url_
, permission_info
.type
, std::string(), &info
));
588 if (value
->GetType() == base::Value::TYPE_INTEGER
) {
589 permission_info
.setting
=
590 content_settings::ValueToContentSetting(value
.get());
596 permission_info
.source
= info
.source
;
598 if (info
.primary_pattern
== ContentSettingsPattern::Wildcard() &&
599 info
.secondary_pattern
== ContentSettingsPattern::Wildcard() &&
600 permission_info
.type
!= CONTENT_SETTINGS_TYPE_MEDIASTREAM
) {
601 permission_info
.default_setting
= permission_info
.setting
;
602 permission_info
.setting
= CONTENT_SETTING_DEFAULT
;
604 permission_info
.default_setting
=
605 content_settings_
->GetDefaultContentSetting(permission_info
.type
,
608 permission_info_list
.push_back(permission_info
);
611 ui_
->SetPermissionInfo(permission_info_list
);
614 void WebsiteSettings::PresentSiteData() {
615 CookieInfoList cookie_info_list
;
616 const LocalSharedObjectsContainer
& allowed_objects
=
617 tab_specific_content_settings()->allowed_local_shared_objects();
618 const LocalSharedObjectsContainer
& blocked_objects
=
619 tab_specific_content_settings()->blocked_local_shared_objects();
621 // Add first party cookie and site data counts.
622 WebsiteSettingsUI::CookieInfo cookie_info
;
623 std::string cookie_source
=
624 net::registry_controlled_domains::GetDomainAndRegistry(
626 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES
);
627 if (cookie_source
.empty())
628 cookie_source
= site_url_
.host();
629 cookie_info
.cookie_source
= cookie_source
;
630 cookie_info
.allowed
= allowed_objects
.GetObjectCountForDomain(site_url_
);
631 cookie_info
.blocked
= blocked_objects
.GetObjectCountForDomain(site_url_
);
632 cookie_info_list
.push_back(cookie_info
);
634 // Add third party cookie counts.
635 cookie_info
.cookie_source
= l10n_util::GetStringUTF8(
636 IDS_WEBSITE_SETTINGS_THIRD_PARTY_SITE_DATA
);
637 cookie_info
.allowed
= allowed_objects
.GetObjectCount() - cookie_info
.allowed
;
638 cookie_info
.blocked
= blocked_objects
.GetObjectCount() - cookie_info
.blocked
;
639 cookie_info_list
.push_back(cookie_info
);
641 ui_
->SetCookieInfo(cookie_info_list
);
644 void WebsiteSettings::PresentSiteIdentity() {
645 // After initialization the status about the site's connection
646 // and it's identity must be available.
647 DCHECK_NE(site_identity_status_
, SITE_IDENTITY_STATUS_UNKNOWN
);
648 DCHECK_NE(site_connection_status_
, SITE_CONNECTION_STATUS_UNKNOWN
);
649 WebsiteSettingsUI::IdentityInfo info
;
650 if (site_identity_status_
== SITE_IDENTITY_STATUS_EV_CERT
)
651 info
.site_identity
= UTF16ToUTF8(organization_name());
653 info
.site_identity
= site_url_
.host();
655 info
.connection_status
= site_connection_status_
;
656 info
.connection_status_description
=
657 UTF16ToUTF8(site_connection_details_
);
658 info
.identity_status
= site_identity_status_
;
659 info
.identity_status_description
=
660 UTF16ToUTF8(site_identity_details_
);
661 info
.cert_id
= cert_id_
;
662 info
.signed_certificate_timestamp_ids
.assign(
663 signed_certificate_timestamp_ids_
.begin(),
664 signed_certificate_timestamp_ids_
.end());
665 ui_
->SetIdentityInfo(info
);
668 void WebsiteSettings::PresentHistoryInfo(base::Time first_visit
) {
669 if (first_visit
== base::Time()) {
670 ui_
->SetFirstVisit(base::string16());
674 bool visited_before_today
= false;
675 base::Time today
= base::Time::Now().LocalMidnight();
676 base::Time first_visit_midnight
= first_visit
.LocalMidnight();
677 visited_before_today
= (first_visit_midnight
< today
);
679 base::string16 first_visit_text
;
680 if (visited_before_today
) {
681 first_visit_text
= l10n_util::GetStringFUTF16(
682 IDS_PAGE_INFO_SECURITY_TAB_VISITED_BEFORE_TODAY
,
683 base::TimeFormatShortDate(first_visit
));
685 first_visit_text
= l10n_util::GetStringUTF16(
686 IDS_PAGE_INFO_SECURITY_TAB_FIRST_VISITED_TODAY
);
688 ui_
->SetFirstVisit(first_visit_text
);