1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/ssl/connection_security.h"
7 #include "base/command_line.h"
8 #include "base/metrics/field_trial.h"
9 #include "base/metrics/histogram_macros.h"
10 #include "base/prefs/pref_service.h"
11 #include "chrome/browser/profiles/profile.h"
12 #include "chrome/browser/ssl/ssl_error_info.h"
13 #include "chrome/common/chrome_constants.h"
14 #include "chrome/common/chrome_switches.h"
15 #include "chrome/common/pref_names.h"
16 #include "content/public/browser/cert_store.h"
17 #include "content/public/browser/navigation_controller.h"
18 #include "content/public/browser/navigation_entry.h"
19 #include "content/public/browser/web_contents.h"
20 #include "content/public/common/origin_util.h"
21 #include "content/public/common/ssl_status.h"
22 #include "net/base/net_util.h"
23 #include "net/cert/cert_status_flags.h"
24 #include "net/cert/x509_certificate.h"
25 #include "net/ssl/ssl_connection_status_flags.h"
27 #if defined(OS_CHROMEOS)
28 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
34 connection_security::SecurityLevel
GetSecurityLevelForNonSecureFieldTrial() {
36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
37 switches::kMarkNonSecureAs
);
38 std::string group
= base::FieldTrialList::FindFullName("MarkNonSecureAs");
40 // Do not change this enum. It is used in the histogram.
41 enum MarkNonSecureStatus
{ NEUTRAL
, DUBIOUS
, NON_SECURE
, LAST_STATUS
};
42 const char kEnumeration
[] = "MarkNonSecureAs";
44 connection_security::SecurityLevel level
;
45 MarkNonSecureStatus status
;
47 if (choice
== switches::kMarkNonSecureAsNeutral
) {
49 level
= connection_security::NONE
;
50 } else if (choice
== switches::kMarkNonSecureAsNonSecure
) {
52 level
= connection_security::SECURITY_ERROR
;
53 } else if (group
== switches::kMarkNonSecureAsNeutral
) {
55 level
= connection_security::NONE
;
56 } else if (group
== switches::kMarkNonSecureAsNonSecure
) {
58 level
= connection_security::SECURITY_ERROR
;
61 level
= connection_security::NONE
;
64 UMA_HISTOGRAM_ENUMERATION(kEnumeration
, status
, LAST_STATUS
);
68 scoped_refptr
<net::X509Certificate
> GetCertForSSLStatus(
69 const content::SSLStatus
& ssl
) {
70 scoped_refptr
<net::X509Certificate
> cert
;
71 return content::CertStore::GetInstance()->RetrieveCert(ssl
.cert_id
, &cert
)
76 connection_security::SHA1DeprecationStatus
GetSHA1DeprecationStatus(
77 scoped_refptr
<net::X509Certificate
> cert
,
78 const content::SSLStatus
& ssl
) {
79 if (!cert
|| !(ssl
.cert_status
& net::CERT_STATUS_SHA1_SIGNATURE_PRESENT
))
80 return connection_security::NO_DEPRECATED_SHA1
;
82 // The internal representation of the dates for UI treatment of SHA-1.
83 // See http://crbug.com/401365 for details.
84 static const int64_t kJanuary2017
= INT64_C(13127702400000000);
85 if (cert
->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017
))
86 return connection_security::DEPRECATED_SHA1_BROKEN
;
87 // kJanuary2016 needs to be kept in sync with
88 // ToolbarModelAndroid::IsDeprecatedSHA1Present().
89 static const int64_t kJanuary2016
= INT64_C(13096080000000000);
90 if (cert
->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016
))
91 return connection_security::DEPRECATED_SHA1_WARNING
;
93 return connection_security::NO_DEPRECATED_SHA1
;
96 connection_security::MixedContentStatus
GetMixedContentStatus(
97 const content::SSLStatus
& ssl
) {
98 bool ran_insecure_content
= false;
99 bool displayed_insecure_content
= false;
100 if (ssl
.content_status
& content::SSLStatus::RAN_INSECURE_CONTENT
)
101 ran_insecure_content
= true;
102 if (ssl
.content_status
& content::SSLStatus::DISPLAYED_INSECURE_CONTENT
)
103 displayed_insecure_content
= true;
105 if (ran_insecure_content
&& displayed_insecure_content
)
106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT
;
107 if (ran_insecure_content
)
108 return connection_security::RAN_MIXED_CONTENT
;
109 if (displayed_insecure_content
)
110 return connection_security::DISPLAYED_MIXED_CONTENT
;
112 return connection_security::NO_MIXED_CONTENT
;
117 namespace connection_security
{
119 SecurityLevel
GetSecurityLevelForWebContents(
120 const content::WebContents
* web_contents
) {
124 content::NavigationEntry
* entry
=
125 web_contents
->GetController().GetVisibleEntry();
129 const content::SSLStatus
& ssl
= entry
->GetSSL();
130 switch (ssl
.security_style
) {
131 case content::SECURITY_STYLE_UNKNOWN
:
134 case content::SECURITY_STYLE_UNAUTHENTICATED
: {
135 const GURL
& url
= entry
->GetURL();
136 if (!content::IsOriginSecure(url
) && url
.IsStandard())
137 return GetSecurityLevelForNonSecureFieldTrial();
141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN
:
142 return SECURITY_ERROR
;
144 case content::SECURITY_STYLE_AUTHENTICATED
: {
145 #if defined(OS_CHROMEOS)
146 // Report if there is a policy cert first, before reporting any other
147 // authenticated-but-with-errors cases. A policy cert is a strong
148 // indicator of a MITM being present (the enterprise), while the
149 // other authenticated-but-with-errors indicate something may
150 // be wrong, or may be wrong in the future, but is unclear now.
151 policy::PolicyCertService
* service
=
152 policy::PolicyCertServiceFactory::GetForProfile(
153 Profile::FromBrowserContext(web_contents
->GetBrowserContext()));
154 if (service
&& service
->UsedPolicyCertificates())
155 return SECURITY_POLICY_WARNING
;
158 scoped_refptr
<net::X509Certificate
> cert
= GetCertForSSLStatus(ssl
);
159 SHA1DeprecationStatus sha1_status
= GetSHA1DeprecationStatus(cert
, ssl
);
160 if (sha1_status
== DEPRECATED_SHA1_BROKEN
)
161 return SECURITY_ERROR
;
162 if (sha1_status
== DEPRECATED_SHA1_WARNING
)
165 MixedContentStatus mixed_content_status
= GetMixedContentStatus(ssl
);
166 // Active mixed content is downgraded to the BROKEN style and
168 DCHECK_NE(RAN_MIXED_CONTENT
, mixed_content_status
);
169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT
, mixed_content_status
);
170 // This should be kept in sync with
171 // |kDisplayedInsecureContentStyle|. That is: the treatment
172 // given to passive mixed content here should be expressed by
173 // |kDisplayedInsecureContentStyle|, which is used to coordinate
174 // the treatment of passive mixed content with other security UI
176 if (mixed_content_status
== DISPLAYED_MIXED_CONTENT
)
179 if (net::IsCertStatusError(ssl
.cert_status
)) {
180 DCHECK(net::IsCertStatusMinorError(ssl
.cert_status
));
183 if (net::SSLConnectionStatusToVersion(ssl
.connection_status
) ==
184 net::SSL_CONNECTION_VERSION_SSL3
) {
185 // SSLv3 will be removed in the future.
186 return SECURITY_WARNING
;
188 if ((ssl
.cert_status
& net::CERT_STATUS_IS_EV
) && cert
)
199 void GetSecurityInfoForWebContents(const content::WebContents
* web_contents
,
200 SecurityInfo
* security_info
) {
201 content::NavigationEntry
* entry
=
202 web_contents
? web_contents
->GetController().GetVisibleEntry() : nullptr;
204 security_info
->security_style
= content::SECURITY_STYLE_UNKNOWN
;
208 security_info
->scheme_is_cryptographic
=
209 entry
->GetURL().SchemeIsCryptographic();
211 SecurityLevel security_level
= GetSecurityLevelForWebContents(web_contents
);
212 switch (security_level
) {
213 case SECURITY_WARNING
:
215 security_info
->security_style
= content::SECURITY_STYLE_UNAUTHENTICATED
;
219 security_info
->security_style
= content::SECURITY_STYLE_AUTHENTICATED
;
221 case SECURITY_POLICY_WARNING
:
222 security_info
->security_style
= content::SECURITY_STYLE_WARNING
;
225 security_info
->security_style
=
226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN
;
230 const content::SSLStatus
& ssl
= entry
->GetSSL();
231 scoped_refptr
<net::X509Certificate
> cert
= GetCertForSSLStatus(ssl
);
232 security_info
->sha1_deprecation_status
= GetSHA1DeprecationStatus(cert
, ssl
);
233 security_info
->mixed_content_status
= GetMixedContentStatus(ssl
);
234 security_info
->cert_status
= ssl
.cert_status
;
237 } // namespace connection_security