Popular sites on the NTP: check that experiment group StartsWith (rather than IS...
[chromium-blink-merge.git] / chrome / browser / ssl / security_state_model.h
blob0a6f9da35974926cfa63cf4987eaf2e195d2f3bd
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
8 #include "base/macros.h"
9 #include "content/public/browser/web_contents_user_data.h"
10 #include "content/public/common/security_style.h"
11 #include "content/public/common/ssl_status.h"
12 #include "net/cert/cert_status_flags.h"
13 #include "net/cert/sct_status_flags.h"
14 #include "net/cert/x509_certificate.h"
16 namespace content {
17 class WebContents;
18 } // namespace content
20 class Profile;
22 // SecurityStateModel provides high-level security information about a
23 // page or request. It is attached to a WebContents and will provide the
24 // security info for that WebContents. SecurityStateModel must be
25 // notified when its WebContents's security state changes, by calling
26 // SecurityStateModel::SecurityStateChanged().
28 // SecurityStateModel::SecurityInfo is the main data structure computed
29 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which
30 // is a single value describing the overall security state) along with
31 // information that a consumer might want to display in UI to explain or
32 // elaborate on the SecurityLevel.
33 class SecurityStateModel
34 : public content::WebContentsUserData<SecurityStateModel> {
35 public:
36 // Describes the overall security state of the page.
38 // If you reorder, add, or delete values from this enum, you must also
39 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
41 // A Java counterpart will be generated for this enum.
42 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
43 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
44 enum SecurityLevel {
45 // HTTP/no URL/HTTPS but with insecure passive content on the page
46 NONE,
48 // HTTPS with valid EV cert
49 EV_SECURE,
51 // HTTPS (non-EV) with valid cert
52 SECURE,
54 // HTTPS, but unable to check certificate revocation status or with
55 // errors
56 SECURITY_WARNING,
58 // HTTPS, but the certificate verification chain is anchored on a
59 // certificate that was installed by the system administrator
60 SECURITY_POLICY_WARNING,
62 // Attempted HTTPS and failed, page not authenticated; or HTTPS with
63 // insecure active content on the page
64 SECURITY_ERROR,
67 // Describes how the SHA1 deprecation policy applies to an HTTPS
68 // connection.
69 enum SHA1DeprecationStatus {
70 // No SHA1 deprecation policy applies.
71 NO_DEPRECATED_SHA1,
72 // The connection used a certificate with a SHA1 signature in the
73 // chain, and policy says that the connection should be treated with a
74 // warning.
75 DEPRECATED_SHA1_WARNING,
76 // The connection used a certificate with a SHA1 signature in the
77 // chain, and policy says that the connection should be treated as
78 // broken HTTPS.
79 DEPRECATED_SHA1_BROKEN,
82 // Describes the type of mixed content (if any) that a site
83 // displayed/ran.
84 enum MixedContentStatus {
85 NO_MIXED_CONTENT,
86 // The site displayed nonsecure resources (passive mixed content).
87 DISPLAYED_MIXED_CONTENT,
88 // The site ran nonsecure resources (active mixed content).
89 RAN_MIXED_CONTENT,
90 // The site both ran and displayed nonsecure resources.
91 RAN_AND_DISPLAYED_MIXED_CONTENT,
94 // Describes the security status of a page or request. This is the
95 // main data structure provided by this class.
96 struct SecurityInfo {
97 SecurityInfo();
98 ~SecurityInfo();
99 SecurityLevel security_level;
100 SHA1DeprecationStatus sha1_deprecation_status;
101 MixedContentStatus mixed_content_status;
102 // The verification statuses of the signed certificate timestamps
103 // for the connection.
104 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
105 bool scheme_is_cryptographic;
106 net::CertStatus cert_status;
107 int cert_id;
108 // The security strength, in bits, of the SSL cipher suite.
109 // 0 means the connection is not encrypted.
110 // -1 means the security strength is unknown.
111 int security_bits;
112 // Information about the SSL connection, such as protocol and
113 // ciphersuite. See ssl_connection_flags.h in net.
114 int connection_status;
117 // These security styles describe the treatment given to pages that
118 // display and run mixed content. They are used to coordinate the
119 // treatment of mixed content with other security UI elements.
120 static const content::SecurityStyle kDisplayedInsecureContentStyle;
121 static const content::SecurityStyle kRanInsecureContentStyle;
123 ~SecurityStateModel() override;
125 // Notifies the SecurityStateModel that the security status of the
126 // page has changed and that the SecurityInfo should be updated
127 // accordingly.
128 void SecurityStateChanged();
130 // Returns a SecurityInfo describing the page as of the last call to
131 // SecurityStateChanged().
132 const SecurityInfo& security_info() const;
134 // Returns a SecurityInfo describing an individual request for the
135 // given |profile|.
136 static void SecurityInfoForRequest(const GURL& url,
137 const content::SSLStatus& ssl,
138 Profile* profile,
139 SecurityInfo* security_info);
141 private:
142 explicit SecurityStateModel(content::WebContents* web_contents);
143 friend class content::WebContentsUserData<SecurityStateModel>;
145 // The WebContents for which this class describes the security status.
146 content::WebContents* web_contents_;
147 SecurityInfo security_info_;
149 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel);
152 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_