1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
8 #include "base/macros.h"
9 #include "content/public/browser/web_contents_user_data.h"
10 #include "content/public/common/security_style.h"
11 #include "content/public/common/ssl_status.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/cert/sct_status_flags.h"
14 #include "net/cert/x509_certificate.h"
17 class NavigationHandle
;
19 } // namespace content
23 // SecurityStateModel provides high-level security information about a
24 // page or request. It is attached to a WebContents and will provide the
25 // security info for that WebContents.
27 // SecurityStateModel::SecurityInfo is the main data structure computed
28 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which
29 // is a single value describing the overall security state) along with
30 // information that a consumer might want to display in UI to explain or
31 // elaborate on the SecurityLevel.
32 class SecurityStateModel
33 : public content::WebContentsUserData
<SecurityStateModel
> {
35 // Describes the overall security state of the page.
37 // If you reorder, add, or delete values from this enum, you must also
38 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
40 // A Java counterpart will be generated for this enum.
41 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
42 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
44 // HTTP/no URL/HTTPS but with insecure passive content on the page
47 // HTTPS with valid EV cert
50 // HTTPS (non-EV) with valid cert
53 // HTTPS, but unable to check certificate revocation status or with
57 // HTTPS, but the certificate verification chain is anchored on a
58 // certificate that was installed by the system administrator
59 SECURITY_POLICY_WARNING
,
61 // Attempted HTTPS and failed, page not authenticated, or HTTPS with
62 // insecure active content on the page
66 // Describes how the SHA1 deprecation policy applies to an HTTPS
68 enum SHA1DeprecationStatus
{
69 // No SHA1 deprecation policy applies.
71 // The connection used a certificate with a SHA1 signature in the
72 // chain, and policy says that the connection should be treated with a
74 DEPRECATED_SHA1_WARNING
,
75 // The connection used a certificate with a SHA1 signature in the
76 // chain, and policy says that the connection should be treated as
78 DEPRECATED_SHA1_BROKEN
,
81 // Describes the type of mixed content (if any) that a site
83 enum MixedContentStatus
{
85 // The site displayed insecure resources (passive mixed content).
86 DISPLAYED_MIXED_CONTENT
,
87 // The site ran insecure code (active mixed content).
89 // The site both ran and displayed insecure resources.
90 RAN_AND_DISPLAYED_MIXED_CONTENT
,
93 // Describes the security status of a page or request. This is the
94 // main data structure provided by this class.
98 SecurityLevel security_level
;
99 SHA1DeprecationStatus sha1_deprecation_status
;
100 MixedContentStatus mixed_content_status
;
101 // The verification statuses of the signed certificate timestamps
102 // for the connection.
103 std::vector
<net::ct::SCTVerifyStatus
> sct_verify_statuses
;
104 bool scheme_is_cryptographic
;
105 net::CertStatus cert_status
;
107 // The security strength, in bits, of the SSL cipher suite. In late
108 // 2015, 128 is considered the minimum.
109 // 0 means the connection is not encrypted.
110 // -1 means the security strength is unknown.
112 // Information about the SSL connection, such as protocol and
113 // ciphersuite. See ssl_connection_flags.h in net.
114 int connection_status
;
117 // These security styles describe the treatment given to pages that
118 // display and run mixed content. They are used to coordinate the
119 // treatment of mixed content with other security UI elements.
120 static const content::SecurityStyle kDisplayedInsecureContentStyle
;
121 static const content::SecurityStyle kRanInsecureContentStyle
;
123 ~SecurityStateModel() override
;
125 // Returns a SecurityInfo describing the current page. Results are
126 // cached so that computation is only done once per visible
128 const SecurityInfo
& GetSecurityInfo() const;
130 // Returns a SecurityInfo describing an individual request for the
132 static void SecurityInfoForRequest(const GURL
& url
,
133 const content::SSLStatus
& ssl
,
135 SecurityInfo
* security_info
);
138 explicit SecurityStateModel(content::WebContents
* web_contents
);
139 friend class content::WebContentsUserData
<SecurityStateModel
>;
141 // The WebContents for which this class describes the security status.
142 content::WebContents
* web_contents_
;
144 // These data members cache the SecurityInfo for the visible
145 // NavigationEntry. They are marked mutable so that the const accessor
146 // GetSecurityInfo() can update the cache.
147 mutable SecurityInfo security_info_
;
148 mutable GURL visible_url_
;
149 mutable content::SSLStatus visible_ssl_status_
;
151 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel
);
154 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_