Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / ssl / connection_security.cc
blob04569a1d5c9b2b81346b4fbcf02cacc770f54207
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/ssl/connection_security.h"
7 #include "base/command_line.h"
8 #include "base/metrics/field_trial.h"
9 #include "base/metrics/histogram_macros.h"
10 #include "base/prefs/pref_service.h"
11 #include "chrome/browser/profiles/profile.h"
12 #include "chrome/browser/ssl/ssl_error_info.h"
13 #include "chrome/common/chrome_constants.h"
14 #include "chrome/common/chrome_switches.h"
15 #include "chrome/common/pref_names.h"
16 #include "content/public/browser/cert_store.h"
17 #include "content/public/browser/navigation_controller.h"
18 #include "content/public/browser/navigation_entry.h"
19 #include "content/public/browser/web_contents.h"
20 #include "content/public/common/origin_util.h"
21 #include "content/public/common/ssl_status.h"
22 #include "net/base/net_util.h"
23 #include "net/cert/cert_status_flags.h"
24 #include "net/cert/x509_certificate.h"
25 #include "net/ssl/ssl_connection_status_flags.h"
27 #if defined(OS_CHROMEOS)
28 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
30 #endif
32 namespace {
34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {
35 std::string choice =
36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
37 switches::kMarkNonSecureAs);
38 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
40 // Do not change this enum. It is used in the histogram.
41 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS };
42 const char kEnumeration[] = "MarkNonSecureAs";
44 connection_security::SecurityLevel level;
45 MarkNonSecureStatus status;
47 if (choice == switches::kMarkNonSecureAsNeutral) {
48 status = NEUTRAL;
49 level = connection_security::NONE;
50 } else if (choice == switches::kMarkNonSecureAsNonSecure) {
51 status = NON_SECURE;
52 level = connection_security::SECURITY_ERROR;
53 } else if (group == switches::kMarkNonSecureAsNeutral) {
54 status = NEUTRAL;
55 level = connection_security::NONE;
56 } else if (group == switches::kMarkNonSecureAsNonSecure) {
57 status = NON_SECURE;
58 level = connection_security::SECURITY_ERROR;
59 } else {
60 status = NEUTRAL;
61 level = connection_security::NONE;
64 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS);
65 return level;
68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus(
69 const content::SSLStatus& ssl) {
70 scoped_refptr<net::X509Certificate> cert;
71 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert)
72 ? cert
73 : nullptr;
76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus(
77 scoped_refptr<net::X509Certificate> cert,
78 const content::SSLStatus& ssl) {
79 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT))
80 return connection_security::NO_DEPRECATED_SHA1;
82 // The internal representation of the dates for UI treatment of SHA-1.
83 // See http://crbug.com/401365 for details.
84 static const int64_t kJanuary2017 = INT64_C(13127702400000000);
85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017))
86 return connection_security::DEPRECATED_SHA1_BROKEN;
87 // kJanuary2016 needs to be kept in sync with
88 // ToolbarModelAndroid::IsDeprecatedSHA1Present().
89 static const int64_t kJanuary2016 = INT64_C(13096080000000000);
90 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016))
91 return connection_security::DEPRECATED_SHA1_WARNING;
93 return connection_security::NO_DEPRECATED_SHA1;
96 connection_security::MixedContentStatus GetMixedContentStatus(
97 const content::SSLStatus& ssl) {
98 bool ran_insecure_content = false;
99 bool displayed_insecure_content = false;
100 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT)
101 ran_insecure_content = true;
102 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT)
103 displayed_insecure_content = true;
105 if (ran_insecure_content && displayed_insecure_content)
106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT;
107 if (ran_insecure_content)
108 return connection_security::RAN_MIXED_CONTENT;
109 if (displayed_insecure_content)
110 return connection_security::DISPLAYED_MIXED_CONTENT;
112 return connection_security::NO_MIXED_CONTENT;
115 } // namespace
117 namespace connection_security {
119 SecurityLevel GetSecurityLevelForWebContents(
120 const content::WebContents* web_contents) {
121 if (!web_contents)
122 return NONE;
124 content::NavigationEntry* entry =
125 web_contents->GetController().GetVisibleEntry();
126 if (!entry)
127 return NONE;
129 const content::SSLStatus& ssl = entry->GetSSL();
130 switch (ssl.security_style) {
131 case content::SECURITY_STYLE_UNKNOWN:
132 return NONE;
134 case content::SECURITY_STYLE_UNAUTHENTICATED: {
135 const GURL& url = entry->GetURL();
136 if (!content::IsOriginSecure(url) && url.IsStandard())
137 return GetSecurityLevelForNonSecureFieldTrial();
138 return NONE;
141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
142 return SECURITY_ERROR;
144 case content::SECURITY_STYLE_AUTHENTICATED: {
145 #if defined(OS_CHROMEOS)
146 // Report if there is a policy cert first, before reporting any other
147 // authenticated-but-with-errors cases. A policy cert is a strong
148 // indicator of a MITM being present (the enterprise), while the
149 // other authenticated-but-with-errors indicate something may
150 // be wrong, or may be wrong in the future, but is unclear now.
151 policy::PolicyCertService* service =
152 policy::PolicyCertServiceFactory::GetForProfile(
153 Profile::FromBrowserContext(web_contents->GetBrowserContext()));
154 if (service && service->UsedPolicyCertificates())
155 return SECURITY_POLICY_WARNING;
156 #endif
158 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);
159 SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl);
160 if (sha1_status == DEPRECATED_SHA1_BROKEN)
161 return SECURITY_ERROR;
162 if (sha1_status == DEPRECATED_SHA1_WARNING)
163 return NONE;
165 MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl);
166 // Active mixed content is downgraded to the BROKEN style and
167 // handled above.
168 DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status);
169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status);
170 // This should be kept in sync with
171 // |kDisplayedInsecureContentStyle|. That is: the treatment
172 // given to passive mixed content here should be expressed by
173 // |kDisplayedInsecureContentStyle|, which is used to coordinate
174 // the treatment of passive mixed content with other security UI
175 // elements.
176 if (mixed_content_status == DISPLAYED_MIXED_CONTENT)
177 return NONE;
179 if (net::IsCertStatusError(ssl.cert_status)) {
180 DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
181 return NONE;
183 if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
184 net::SSL_CONNECTION_VERSION_SSL3) {
185 // SSLv3 will be removed in the future.
186 return SECURITY_WARNING;
188 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert)
189 return EV_SECURE;
190 return SECURE;
193 default:
194 NOTREACHED();
195 return NONE;
199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents,
200 SecurityInfo* security_info) {
201 content::NavigationEntry* entry =
202 web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr;
203 if (!entry) {
204 security_info->security_style = content::SECURITY_STYLE_UNKNOWN;
205 return;
208 security_info->scheme_is_cryptographic =
209 entry->GetURL().SchemeIsCryptographic();
211 SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents);
212 switch (security_level) {
213 case SECURITY_WARNING:
214 case NONE:
215 security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED;
216 break;
217 case EV_SECURE:
218 case SECURE:
219 security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED;
220 break;
221 case SECURITY_POLICY_WARNING:
222 security_info->security_style = content::SECURITY_STYLE_WARNING;
223 break;
224 case SECURITY_ERROR:
225 security_info->security_style =
226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
227 break;
230 const content::SSLStatus& ssl = entry->GetSSL();
231 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);
232 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl);
233 security_info->mixed_content_status = GetMixedContentStatus(ssl);
234 security_info->cert_status = ssl.cert_status;
235 security_info->cert_id = ssl.cert_id;
238 } // namespace connection_security