Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / chrome / browser / ssl / security_state_model.h
blob10b7c896ddb075f411626e026f9138624bf25757
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
8 #include "base/macros.h"
9 #include "content/public/browser/web_contents_user_data.h"
10 #include "content/public/common/security_style.h"
11 #include "content/public/common/ssl_status.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/cert/sct_status_flags.h"
14 #include "net/cert/x509_certificate.h"
16 namespace content {
17 class NavigationHandle;
18 class WebContents;
19 } // namespace content
21 class Profile;
23 // SecurityStateModel provides high-level security information about a
24 // page or request. It is attached to a WebContents and will provide the
25 // security info for that WebContents.
27 // SecurityStateModel::SecurityInfo is the main data structure computed
28 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which
29 // is a single value describing the overall security state) along with
30 // information that a consumer might want to display in UI to explain or
31 // elaborate on the SecurityLevel.
32 class SecurityStateModel
33 : public content::WebContentsUserData<SecurityStateModel> {
34 public:
35 // Describes the overall security state of the page.
37 // If you reorder, add, or delete values from this enum, you must also
38 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
40 // A Java counterpart will be generated for this enum.
41 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
42 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
43 enum SecurityLevel {
44 // HTTP/no URL/HTTPS but with insecure passive content on the page
45 NONE,
47 // HTTPS with valid EV cert
48 EV_SECURE,
50 // HTTPS (non-EV) with valid cert
51 SECURE,
53 // HTTPS, but unable to check certificate revocation status or with
54 // errors
55 SECURITY_WARNING,
57 // HTTPS, but the certificate verification chain is anchored on a
58 // certificate that was installed by the system administrator
59 SECURITY_POLICY_WARNING,
61 // Attempted HTTPS and failed, page not authenticated, or HTTPS with
62 // insecure active content on the page
63 SECURITY_ERROR,
66 // Describes how the SHA1 deprecation policy applies to an HTTPS
67 // connection.
68 enum SHA1DeprecationStatus {
69 // No SHA1 deprecation policy applies.
70 NO_DEPRECATED_SHA1,
71 // The connection used a certificate with a SHA1 signature in the
72 // chain, and policy says that the connection should be treated with a
73 // warning.
74 DEPRECATED_SHA1_WARNING,
75 // The connection used a certificate with a SHA1 signature in the
76 // chain, and policy says that the connection should be treated as
77 // broken HTTPS.
78 DEPRECATED_SHA1_BROKEN,
81 // Describes the type of mixed content (if any) that a site
82 // displayed/ran.
83 enum MixedContentStatus {
84 NO_MIXED_CONTENT,
85 // The site displayed insecure resources (passive mixed content).
86 DISPLAYED_MIXED_CONTENT,
87 // The site ran insecure code (active mixed content).
88 RAN_MIXED_CONTENT,
89 // The site both ran and displayed insecure resources.
90 RAN_AND_DISPLAYED_MIXED_CONTENT,
93 // Describes the security status of a page or request. This is the
94 // main data structure provided by this class.
95 struct SecurityInfo {
96 SecurityInfo();
97 ~SecurityInfo();
98 SecurityLevel security_level;
99 SHA1DeprecationStatus sha1_deprecation_status;
100 MixedContentStatus mixed_content_status;
101 // The verification statuses of the signed certificate timestamps
102 // for the connection.
103 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
104 bool scheme_is_cryptographic;
105 net::CertStatus cert_status;
106 int cert_id;
107 // The security strength, in bits, of the SSL cipher suite. In late
108 // 2015, 128 is considered the minimum.
109 // 0 means the connection is not encrypted.
110 // -1 means the security strength is unknown.
111 int security_bits;
112 // Information about the SSL connection, such as protocol and
113 // ciphersuite. See ssl_connection_flags.h in net.
114 int connection_status;
117 // These security styles describe the treatment given to pages that
118 // display and run mixed content. They are used to coordinate the
119 // treatment of mixed content with other security UI elements.
120 static const content::SecurityStyle kDisplayedInsecureContentStyle;
121 static const content::SecurityStyle kRanInsecureContentStyle;
123 ~SecurityStateModel() override;
125 // Returns a SecurityInfo describing the current page. Results are
126 // cached so that computation is only done once per visible
127 // NavigationEntry.
128 const SecurityInfo& GetSecurityInfo() const;
130 // Returns a SecurityInfo describing an individual request for the
131 // given |profile|.
132 static void SecurityInfoForRequest(const GURL& url,
133 const content::SSLStatus& ssl,
134 Profile* profile,
135 SecurityInfo* security_info);
137 private:
138 explicit SecurityStateModel(content::WebContents* web_contents);
139 friend class content::WebContentsUserData<SecurityStateModel>;
141 // The WebContents for which this class describes the security status.
142 content::WebContents* web_contents_;
144 // These data members cache the SecurityInfo for the visible
145 // NavigationEntry. They are marked mutable so that the const accessor
146 // GetSecurityInfo() can update the cache.
147 mutable SecurityInfo security_info_;
148 mutable GURL visible_url_;
149 mutable content::SSLStatus visible_ssl_status_;
151 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel);
154 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_