Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / ssl / connection_security.h
blob50fc2b896b51e95fc6ffd8d1562336a4eb5ea33d
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_
6 #define CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_
8 #include "base/macros.h"
9 #include "content/public/common/security_style.h"
10 #include "net/cert/cert_status_flags.h"
12 namespace content {
13 class WebContents;
14 } // namespace content
16 // This namespace contains functions responsible for computing the
17 // connection security status of a page.
18 namespace connection_security {
20 // These security styles describe the treatment given to pages that
21 // display and run mixed content. They are used to coordinate the
22 // treatment of mixed content with other security UI elements.
23 const content::SecurityStyle kDisplayedInsecureContentStyle =
24 content::SECURITY_STYLE_UNAUTHENTICATED;
25 const content::SecurityStyle kRanInsecureContentStyle =
26 content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
28 // TODO(wtc): unify this enum with SecurityStyle. We
29 // don't need two sets of security UI levels. SECURITY_STYLE_AUTHENTICATED
30 // needs to be refined into three levels: warning, standard, and EV.
31 // See crbug.com/425728
33 // If you reorder, add, or delete values from this enum, you must also
34 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
36 // A Java counterpart will be generated for this enum.
37 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
38 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
39 enum SecurityLevel {
40 // HTTP/no URL
41 NONE,
43 // HTTPS with valid EV cert
44 EV_SECURE,
46 // HTTPS (non-EV)
47 SECURE,
49 // HTTPS, but unable to check certificate revocation status or with insecure
50 // content on the page
51 SECURITY_WARNING,
53 // HTTPS, but the certificate verification chain is anchored on a
54 // certificate that was installed by the system administrator
55 SECURITY_POLICY_WARNING,
57 // Attempted HTTPS and failed, page not authenticated
58 SECURITY_ERROR,
61 // Describes how the SHA1 deprecation policy applies to an HTTPS
62 // connection.
63 enum SHA1DeprecationStatus {
64 // No SHA1 deprecation policy applies.
65 NO_DEPRECATED_SHA1,
66 // The connection used a certificate with a SHA1 signature in the
67 // chain, and policy says that the connection should be treated as
68 // broken HTTPS.
69 DEPRECATED_SHA1_BROKEN,
70 // The connection used a certificate with a SHA1 signature in the
71 // chain, and policy says that the connection should be treated with a
72 // warning.
73 DEPRECATED_SHA1_WARNING,
76 // Describes the type of mixed content (if any) that a site
77 // displayed/ran.
78 enum MixedContentStatus {
79 NO_MIXED_CONTENT,
80 // The site displayed nonsecure resources (passive mixed content).
81 DISPLAYED_MIXED_CONTENT,
82 // The site ran nonsecure resources (active mixed content).
83 RAN_MIXED_CONTENT,
84 // The site both ran and displayed nonsecure resources.
85 RAN_AND_DISPLAYED_MIXED_CONTENT,
88 // Contains information about a page's security status, including a
89 // SecurityStyle and the information that was used to decide which
90 // SecurityStyle to assign.
91 struct SecurityInfo {
92 content::SecurityStyle security_style;
93 SHA1DeprecationStatus sha1_deprecation_status;
94 MixedContentStatus mixed_content_status;
95 net::CertStatus cert_status;
96 int cert_id;
97 bool scheme_is_cryptographic;
100 // Returns a security level describing the overall security state of
101 // the given |WebContents|.
102 SecurityLevel GetSecurityLevelForWebContents(
103 const content::WebContents* web_contents);
105 // Populates |security_info| with information describing the given
106 // |web_contents|, including a content::SecurityStyle value and security
107 // properties that caused that value to be chosen.
109 // Note: This is a lossy operation. Not all of the policies
110 // that can be expressed by a SecurityLevel (a //chrome concept) can
111 // be expressed by a content::SecurityStyle.
112 // In general, code in //chrome should prefer to use
113 // GetSecurityLevelForWebContents() to determine security policy, and
114 // only use this function when policy needs to be supplied back to
115 // layers in //content.
116 void GetSecurityInfoForWebContents(const content::WebContents* web_contents,
117 SecurityInfo* security_info);
119 } // namespace connection_security
121 #endif // CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_