1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
8 #include "base/macros.h"
9 #include "content/public/browser/web_contents_user_data.h"
10 #include "content/public/common/security_style.h"
11 #include "content/public/common/ssl_status.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/cert/sct_status_flags.h"
14 #include "net/cert/x509_certificate.h"
18 } // namespace content
22 // SecurityStateModel provides high-level security information about a
23 // page or request. It is attached to a WebContents and will provide the
24 // security info for that WebContents. SecurityStateModel must be
25 // notified when its WebContents's security state changes, by calling
26 // SecurityStateModel::SecurityStateChanged().
28 // SecurityStateModel::SecurityInfo is the main data structure computed
29 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which
30 // is a single value describing the overall security state) along with
31 // information that a consumer might want to display in UI to explain or
32 // elaborate on the SecurityLevel.
33 class SecurityStateModel
34 : public content::WebContentsUserData
<SecurityStateModel
> {
36 // Describes the overall security state of the page.
38 // If you reorder, add, or delete values from this enum, you must also
39 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
41 // A Java counterpart will be generated for this enum.
42 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
43 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
45 // HTTP/no URL/HTTPS but with insecure passive content on the page
48 // HTTPS with valid EV cert
51 // HTTPS (non-EV) with valid cert
54 // HTTPS, but unable to check certificate revocation status or with
58 // HTTPS, but the certificate verification chain is anchored on a
59 // certificate that was installed by the system administrator
60 SECURITY_POLICY_WARNING
,
62 // Attempted HTTPS and failed, page not authenticated; or HTTPS with
63 // insecure active content on the page
67 // Describes how the SHA1 deprecation policy applies to an HTTPS
69 enum SHA1DeprecationStatus
{
70 // No SHA1 deprecation policy applies.
72 // The connection used a certificate with a SHA1 signature in the
73 // chain, and policy says that the connection should be treated with a
75 DEPRECATED_SHA1_WARNING
,
76 // The connection used a certificate with a SHA1 signature in the
77 // chain, and policy says that the connection should be treated as
79 DEPRECATED_SHA1_BROKEN
,
82 // Describes the type of mixed content (if any) that a site
84 enum MixedContentStatus
{
86 // The site displayed nonsecure resources (passive mixed content).
87 DISPLAYED_MIXED_CONTENT
,
88 // The site ran nonsecure resources (active mixed content).
90 // The site both ran and displayed nonsecure resources.
91 RAN_AND_DISPLAYED_MIXED_CONTENT
,
94 // Describes the security status of a page or request. This is the
95 // main data structure provided by this class.
99 SecurityLevel security_level
;
100 SHA1DeprecationStatus sha1_deprecation_status
;
101 MixedContentStatus mixed_content_status
;
102 // The verification statuses of the signed certificate timestamps
103 // for the connection.
104 std::vector
<net::ct::SCTVerifyStatus
> sct_verify_statuses
;
105 bool scheme_is_cryptographic
;
106 net::CertStatus cert_status
;
108 // The security strength, in bits, of the SSL cipher suite.
109 // 0 means the connection is not encrypted.
110 // -1 means the security strength is unknown.
112 // Information about the SSL connection, such as protocol and
113 // ciphersuite. See ssl_connection_flags.h in net.
114 int connection_status
;
117 // These security styles describe the treatment given to pages that
118 // display and run mixed content. They are used to coordinate the
119 // treatment of mixed content with other security UI elements.
120 static const content::SecurityStyle kDisplayedInsecureContentStyle
;
121 static const content::SecurityStyle kRanInsecureContentStyle
;
123 ~SecurityStateModel() override
;
125 // Notifies the SecurityStateModel that the security status of the
126 // page has changed and that the SecurityInfo should be updated
128 void SecurityStateChanged();
130 // Returns a SecurityInfo describing the page as of the last call to
131 // SecurityStateChanged().
132 const SecurityInfo
& security_info() const;
134 // Returns a SecurityInfo describing an individual request for the
136 static void SecurityInfoForRequest(const GURL
& url
,
137 const content::SSLStatus
& ssl
,
139 SecurityInfo
* security_info
);
142 explicit SecurityStateModel(content::WebContents
* web_contents
);
143 friend class content::WebContentsUserData
<SecurityStateModel
>;
145 // The WebContents for which this class describes the security status.
146 content::WebContents
* web_contents_
;
147 SecurityInfo security_info_
;
149 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel
);
152 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_