From a3121f6b5613d73812729c8197f3dd7877fbefbe Mon Sep 17 00:00:00 2001 From: estark Date: Fri, 18 Sep 2015 14:15:59 -0700 Subject: [PATCH] Refactor WebsiteSettings to operate on a SecurityInfo Previously, WebsiteSettings operated on a content::SSLStatus. This gave us no convenient place to share policies and calculations that WebsiteSettings shared with other //chrome security UI elements: for example, SHA1 deprecation and ChromeOS policy certs. This CL refactors WebsiteSettings to operate on a SecurityStateModel::SecurityInfo instead of a content::SSLStatus. The SecurityInfo object already contains information about, for example, SHA1 deprecation, so that WebsiteSettings doesn't have to compute that on its own. BUG=528034 Review URL: https://codereview.chromium.org/1314953009 Cr-Commit-Position: refs/heads/master@{#349772} --- .../chromeos/login/ui/simple_web_view_dialog.cc | 2 +- .../chromeos/login/ui/simple_web_view_dialog.h | 8 +- .../render_view_context_menu.cc | 15 ++- .../ui/android/connection_info_popup_android.cc | 13 +- .../ui/android/website_settings_popup_android.cc | 13 +- chrome/browser/ui/browser_commands.cc | 12 +- chrome/browser/ui/browser_commands.h | 4 +- chrome/browser/ui/browser_dialogs.h | 13 +- chrome/browser/ui/browser_window.h | 11 +- chrome/browser/ui/cocoa/browser_window_cocoa.h | 10 +- chrome/browser/ui/cocoa/browser_window_cocoa.mm | 6 +- .../cocoa/location_bar/location_icon_decoration.mm | 6 +- .../website_settings_bubble_controller.h | 8 +- .../website_settings_bubble_controller.mm | 15 ++- .../browser/ui/views/browser_dialogs_views_mac.cc | 17 +-- chrome/browser/ui/views/frame/browser_view.cc | 12 +- chrome/browser/ui/views/frame/browser_view.h | 9 +- .../ui/views/frame/web_app_left_header_view_ash.cc | 6 +- .../ui/views/location_bar/location_bar_view.h | 11 +- .../ui/views/location_bar/page_info_helper.cc | 5 +- chrome/browser/ui/views/toolbar/toolbar_view.cc | 9 +- chrome/browser/ui/views/toolbar/toolbar_view.h | 7 +- .../website_settings_popup_view.cc | 19 +-- .../website_settings/website_settings_popup_view.h | 17 +-- .../website_settings_popup_view_unittest.cc | 4 +- .../ui/website_settings/website_settings.cc | 144 ++++++++++----------- .../browser/ui/website_settings/website_settings.h | 7 +- .../website_settings/website_settings_unittest.cc | 132 +++++++++++++------ chrome/test/base/test_browser_window.h | 9 +- 29 files changed, 313 insertions(+), 231 deletions(-) diff --git a/chrome/browser/chromeos/login/ui/simple_web_view_dialog.cc b/chrome/browser/chromeos/login/ui/simple_web_view_dialog.cc index bec62b2f10de..ae4144e690b9 100644 --- a/chrome/browser/chromeos/login/ui/simple_web_view_dialog.cc +++ b/chrome/browser/chromeos/login/ui/simple_web_view_dialog.cc @@ -304,7 +304,7 @@ SimpleWebViewDialog::GetContentSettingBubbleModelDelegate() { void SimpleWebViewDialog::ShowWebsiteSettings( content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl) { + const SecurityStateModel::SecurityInfo& security_info) { NOTIMPLEMENTED(); // TODO (markusheintz@): implement this } diff --git a/chrome/browser/chromeos/login/ui/simple_web_view_dialog.h b/chrome/browser/chromeos/login/ui/simple_web_view_dialog.h index 8ef050dd14c3..2dcf8ed63c13 100644 --- a/chrome/browser/chromeos/login/ui/simple_web_view_dialog.h +++ b/chrome/browser/chromeos/login/ui/simple_web_view_dialog.h @@ -8,6 +8,7 @@ #include #include "base/memory/scoped_ptr.h" #include "chrome/browser/command_updater_delegate.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h" #include "chrome/browser/ui/views/location_bar/location_bar_view.h" #include "content/public/browser/page_navigator.h" @@ -82,9 +83,10 @@ class SimpleWebViewDialog : public views::ButtonListener, ExtensionAction* action) override; ContentSettingBubbleModelDelegate* GetContentSettingBubbleModelDelegate() override; - void ShowWebsiteSettings(content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) override; + void ShowWebsiteSettings( + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) override; // Implements ToolbarModelDelegate: content::WebContents* GetActiveWebContents() const override; diff --git a/chrome/browser/renderer_context_menu/render_view_context_menu.cc b/chrome/browser/renderer_context_menu/render_view_context_menu.cc index fc5ae9c571c6..5a4ab40131b9 100644 --- a/chrome/browser/renderer_context_menu/render_view_context_menu.cc +++ b/chrome/browser/renderer_context_menu/render_view_context_menu.cc @@ -44,6 +44,7 @@ #include "chrome/browser/search_engines/template_url_service_factory.h" #include "chrome/browser/spellchecker/spellcheck_host_metrics.h" #include "chrome/browser/spellchecker/spellcheck_service.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/tab_contents/retargeting_details.h" #include "chrome/browser/translate/chrome_translate_client.h" #include "chrome/browser/translate/translate_service.h" @@ -1693,8 +1694,12 @@ void RenderViewContextMenu::ExecuteCommand(int id, int event_flags) { return; Browser* browser = chrome::FindBrowserWithWebContents(embedder_web_contents_); + SecurityStateModel* security_model = + SecurityStateModel::FromWebContents(embedder_web_contents_); + DCHECK(security_model); chrome::ShowWebsiteSettings(browser, embedder_web_contents_, - nav_entry->GetURL(), nav_entry->GetSSL()); + nav_entry->GetURL(), + security_model->GetSecurityInfo()); break; } @@ -1742,8 +1747,14 @@ void RenderViewContextMenu::ExecuteCommand(int id, int event_flags) { case IDC_CONTENT_CONTEXT_VIEWFRAMEINFO: { Browser* browser = chrome::FindBrowserWithWebContents( source_web_contents_); + SecurityStateModel::SecurityInfo security_info; + SecurityStateModel::SecurityInfoForRequest( + params_.frame_url, params_.security_info, + Profile::FromBrowserContext( + source_web_contents_->GetBrowserContext()), + &security_info); chrome::ShowWebsiteSettings(browser, source_web_contents_, - params_.frame_url, params_.security_info); + params_.frame_url, security_info); break; } diff --git a/chrome/browser/ui/android/connection_info_popup_android.cc b/chrome/browser/ui/android/connection_info_popup_android.cc index d049fdf4a992..225b6204233b 100644 --- a/chrome/browser/ui/android/connection_info_popup_android.cc +++ b/chrome/browser/ui/android/connection_info_popup_android.cc @@ -90,13 +90,14 @@ ConnectionInfoPopupAndroid::ConnectionInfoPopupAndroid( popup_jobject_.Reset(env, java_website_settings_pop); + SecurityStateModel* security_model = + SecurityStateModel::FromWebContents(web_contents); + DCHECK(security_model); + presenter_.reset(new WebsiteSettings( - this, - Profile::FromBrowserContext(web_contents->GetBrowserContext()), - TabSpecificContentSettings::FromWebContents(web_contents), - web_contents, - nav_entry->GetURL(), - nav_entry->GetSSL(), + this, Profile::FromBrowserContext(web_contents->GetBrowserContext()), + TabSpecificContentSettings::FromWebContents(web_contents), web_contents, + nav_entry->GetURL(), security_model->GetSecurityInfo(), content::CertStore::GetInstance())); } diff --git a/chrome/browser/ui/android/website_settings_popup_android.cc b/chrome/browser/ui/android/website_settings_popup_android.cc index 3b1c91c330bf..e9cab3b4e706 100644 --- a/chrome/browser/ui/android/website_settings_popup_android.cc +++ b/chrome/browser/ui/android/website_settings_popup_android.cc @@ -51,13 +51,14 @@ WebsiteSettingsPopupAndroid::WebsiteSettingsPopupAndroid( popup_jobject_.Reset(env, java_website_settings_pop); + SecurityStateModel* security_model = + SecurityStateModel::FromWebContents(web_contents); + DCHECK(security_model); + presenter_.reset(new WebsiteSettings( - this, - Profile::FromBrowserContext(web_contents->GetBrowserContext()), - TabSpecificContentSettings::FromWebContents(web_contents), - web_contents, - nav_entry->GetURL(), - nav_entry->GetSSL(), + this, Profile::FromBrowserContext(web_contents->GetBrowserContext()), + TabSpecificContentSettings::FromWebContents(web_contents), web_contents, + nav_entry->GetURL(), security_model->GetSecurityInfo(), content::CertStore::GetInstance())); } diff --git a/chrome/browser/ui/browser_commands.cc b/chrome/browser/ui/browser_commands.cc index 17660c6db910..cb8a4dc1a3bb 100644 --- a/chrome/browser/ui/browser_commands.cc +++ b/chrome/browser/ui/browser_commands.cc @@ -117,7 +117,6 @@ using content::NavigationController; using content::NavigationEntry; using content::OpenURLParams; using content::Referrer; -using content::SSLStatus; using content::WebContents; namespace chrome { @@ -861,13 +860,14 @@ void ShowFindBar(Browser* browser) { browser->GetFindBarController()->Show(); } -void ShowWebsiteSettings(Browser* browser, - content::WebContents* web_contents, - const GURL& url, - const SSLStatus& ssl) { +void ShowWebsiteSettings( + Browser* browser, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { browser->window()->ShowWebsiteSettings( Profile::FromBrowserContext(web_contents->GetBrowserContext()), - web_contents, url, ssl); + web_contents, url, security_info); } void Print(Browser* browser) { diff --git a/chrome/browser/ui/browser_commands.h b/chrome/browser/ui/browser_commands.h index d14b51677e67..d2d37ee141a4 100644 --- a/chrome/browser/ui/browser_commands.h +++ b/chrome/browser/ui/browser_commands.h @@ -8,6 +8,7 @@ #include #include "chrome/browser/devtools/devtools_toggle_action.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/ui/host_desktop.h" #include "chrome/browser/ui/tabs/tab_strip_model_delegate.h" #include "content/public/common/page_zoom.h" @@ -21,7 +22,6 @@ class Profile; namespace content { class PageState; class WebContents; -struct SSLStatus; } namespace chrome { @@ -110,7 +110,7 @@ void ShowFindBar(Browser* browser); void ShowWebsiteSettings(Browser* browser, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl); + const SecurityStateModel::SecurityInfo& security_info); void Print(Browser* browser); bool CanPrint(Browser* browser); #if defined(ENABLE_BASIC_PRINTING) diff --git a/chrome/browser/ui/browser_dialogs.h b/chrome/browser/ui/browser_dialogs.h index a0e85be0196e..8efa5cd5f02d 100644 --- a/chrome/browser/ui/browser_dialogs.h +++ b/chrome/browser/ui/browser_dialogs.h @@ -6,6 +6,7 @@ #define CHROME_BROWSER_UI_BROWSER_DIALOGS_H_ #include "base/callback.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/ui/bookmarks/bookmark_editor.h" #include "third_party/skia/include/core/SkColor.h" #include "ui/gfx/native_widget_types.h" @@ -23,7 +24,6 @@ class BookmarkBubbleObserver; namespace content { class BrowserContext; class ColorChooser; -struct SSLStatus; class WebContents; } @@ -93,11 +93,12 @@ content::ColorChooser* ShowColorChooser(content::WebContents* web_contents, bool ToolkitViewsDialogsEnabled(); // Shows a Views website settings bubble at the given anchor point. -void ShowWebsiteSettingsBubbleViewsAtPoint(const gfx::Point& anchor_point, - Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl); +void ShowWebsiteSettingsBubbleViewsAtPoint( + const gfx::Point& anchor_point, + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info); // Show a Views bookmark bubble at the given point. This occurs when the // bookmark star is clicked or "Bookmark This Page..." is selected from a menu diff --git a/chrome/browser/ui/browser_window.h b/chrome/browser/ui/browser_window.h index afbddd2b2dca..e5755f4c3bb9 100644 --- a/chrome/browser/ui/browser_window.h +++ b/chrome/browser/ui/browser_window.h @@ -8,6 +8,7 @@ #include "base/callback_forward.h" #include "chrome/browser/lifetime/browser_close_manager.h" #include "chrome/browser/signin/chrome_signin_helper.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/translate/chrome_translate_client.h" #include "chrome/browser/ui/bookmarks/bookmark_bar.h" #include "chrome/browser/ui/browser.h" @@ -39,7 +40,6 @@ struct WebApplicationInfo; namespace content { class WebContents; struct NativeWebKeyboardEvent; -struct SSLStatus; } namespace extensions { @@ -310,10 +310,11 @@ class BrowserWindow : public ui::BaseWindow { // url of the page/frame the info applies to, |ssl| is the SSL information for // that page/frame. If |show_history| is true, a section showing how many // times that URL has been visited is added to the page info. - virtual void ShowWebsiteSettings(Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) = 0; + virtual void ShowWebsiteSettings( + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) = 0; // Shows the app menu (for accessibility). virtual void ShowAppMenu() = 0; diff --git a/chrome/browser/ui/cocoa/browser_window_cocoa.h b/chrome/browser/ui/cocoa/browser_window_cocoa.h index 0b9295b242f7..35e1049cacdb 100644 --- a/chrome/browser/ui/cocoa/browser_window_cocoa.h +++ b/chrome/browser/ui/cocoa/browser_window_cocoa.h @@ -9,6 +9,7 @@ #include "base/memory/weak_ptr.h" #include "chrome/browser/extensions/extension_keybinding_registry.h" #include "chrome/browser/signin/chrome_signin_helper.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/ui/browser_window.h" #include "chrome/browser/ui/exclusive_access/exclusive_access_context.h" #include "chrome/browser/ui/search/search_model_observer.h" @@ -136,10 +137,11 @@ class BrowserWindowCocoa bool app_modal, const base::Callback& callback) override; void UserChangedTheme() override; - void ShowWebsiteSettings(Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) override; + void ShowWebsiteSettings( + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) override; void ShowAppMenu() override; bool PreHandleKeyboardEvent(const content::NativeWebKeyboardEvent& event, bool* is_keyboard_shortcut) override; diff --git a/chrome/browser/ui/cocoa/browser_window_cocoa.mm b/chrome/browser/ui/cocoa/browser_window_cocoa.mm index 515594d62ca4..ba663b53963e 100644 --- a/chrome/browser/ui/cocoa/browser_window_cocoa.mm +++ b/chrome/browser/ui/cocoa/browser_window_cocoa.mm @@ -73,7 +73,6 @@ #endif using content::NativeWebKeyboardEvent; -using content::SSLStatus; using content::WebContents; namespace { @@ -711,8 +710,9 @@ void BrowserWindowCocoa::ShowWebsiteSettings( Profile* profile, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl) { - WebsiteSettingsUIBridge::Show(window(), profile, web_contents, url, ssl); + const SecurityStateModel::SecurityInfo& security_info) { + WebsiteSettingsUIBridge::Show(window(), profile, web_contents, url, + security_info); } void BrowserWindowCocoa::ShowAppMenu() { diff --git a/chrome/browser/ui/cocoa/location_bar/location_icon_decoration.mm b/chrome/browser/ui/cocoa/location_bar/location_icon_decoration.mm index 6678f3347443..7c0a10ed2001 100644 --- a/chrome/browser/ui/cocoa/location_bar/location_icon_decoration.mm +++ b/chrome/browser/ui/cocoa/location_bar/location_icon_decoration.mm @@ -118,8 +118,12 @@ bool LocationIconDecoration::OnMousePressed(NSRect frame, NSPoint location) { if (!nav_entry) return true; Browser* browser = chrome::FindBrowserWithWebContents(tab); + + SecurityStateModel* security_model = SecurityStateModel::FromWebContents(tab); + DCHECK(security_model); + chrome::ShowWebsiteSettings(browser, tab, nav_entry->GetURL(), - nav_entry->GetSSL()); + security_model->GetSecurityInfo()); return true; } diff --git a/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.h b/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.h index c8b37e52ab38..4904493cd3be 100644 --- a/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.h +++ b/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.h @@ -6,6 +6,7 @@ #include "base/mac/scoped_nsobject.h" #include "base/memory/scoped_ptr.h" +#include "chrome/browser/ssl/security_state_model.h" #import "chrome/browser/ui/cocoa/base_bubble_controller.h" #include "chrome/browser/ui/website_settings/website_settings_ui.h" #include "content/public/browser/web_contents_observer.h" @@ -106,13 +107,14 @@ class WebsiteSettingsUIBridge : public content::WebContentsObserver, // Creates a |WebsiteSettingsBubbleController| and displays the UI. |parent| // is the currently active window. |profile| points to the currently active // profile. |web_contents| points to the WebContents that wraps the currently - // active tab. |url| is the GURL of the currently active tab. |ssl| is the - // |SSLStatus| of the connection to the website in the currently active tab. + // active tab. |url| is the GURL of the currently active + // tab. |security_info| is the |SecurityStateModel::SecurityInfo| of + // the connection to the website in the currently active tab. static void Show(gfx::NativeWindow parent, Profile* profile, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl); + const SecurityStateModel::SecurityInfo& security_info); void set_bubble_controller( WebsiteSettingsBubbleController* bubble_controller); diff --git a/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.mm b/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.mm index 7d28065a32bf..de25d11620d4 100644 --- a/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.mm +++ b/chrome/browser/ui/cocoa/website_settings/website_settings_bubble_controller.mm @@ -1271,15 +1271,16 @@ void WebsiteSettingsUIBridge::set_bubble_controller( bubble_controller_ = controller; } -void WebsiteSettingsUIBridge::Show(gfx::NativeWindow parent, - Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) { +void WebsiteSettingsUIBridge::Show( + gfx::NativeWindow parent, + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { if (chrome::ToolkitViewsDialogsEnabled()) { chrome::ShowWebsiteSettingsBubbleViewsAtPoint( gfx::ScreenPointFromNSPoint(AnchorPointForWindow(parent)), profile, - web_contents, url, ssl); + web_contents, url, security_info); return; } @@ -1302,7 +1303,7 @@ void WebsiteSettingsUIBridge::Show(gfx::NativeWindow parent, WebsiteSettings* presenter = new WebsiteSettings( bridge, profile, TabSpecificContentSettings::FromWebContents(web_contents), web_contents, - url, ssl, content::CertStore::GetInstance()); + url, security_info, content::CertStore::GetInstance()); [bubble_controller setPresenter:presenter]; } diff --git a/chrome/browser/ui/views/browser_dialogs_views_mac.cc b/chrome/browser/ui/views/browser_dialogs_views_mac.cc index 928ef1a1fa62..1a8e754e8731 100644 --- a/chrome/browser/ui/views/browser_dialogs_views_mac.cc +++ b/chrome/browser/ui/views/browser_dialogs_views_mac.cc @@ -17,14 +17,15 @@ namespace chrome { -void ShowWebsiteSettingsBubbleViewsAtPoint(const gfx::Point& anchor_point, - Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) { - WebsiteSettingsPopupView::ShowPopup(nullptr, - gfx::Rect(anchor_point, gfx::Size()), - profile, web_contents, url, ssl); +void ShowWebsiteSettingsBubbleViewsAtPoint( + const gfx::Point& anchor_point, + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { + WebsiteSettingsPopupView::ShowPopup( + nullptr, gfx::Rect(anchor_point, gfx::Size()), profile, web_contents, url, + security_info); } void ShowBookmarkBubbleViewsAtPoint(const gfx::Point& anchor_point, diff --git a/chrome/browser/ui/views/frame/browser_view.cc b/chrome/browser/ui/views/frame/browser_view.cc index 904f42620295..b1201609ef63 100644 --- a/chrome/browser/ui/views/frame/browser_view.cc +++ b/chrome/browser/ui/views/frame/browser_view.cc @@ -171,7 +171,6 @@ using base::TimeDelta; using base::UserMetricsAction; using content::NativeWebKeyboardEvent; -using content::SSLStatus; using content::WebContents; using views::ColumnSet; using views::GridLayout; @@ -1386,10 +1385,11 @@ void BrowserView::UserChangedTheme() { frame_->FrameTypeChanged(); } -void BrowserView::ShowWebsiteSettings(Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) { +void BrowserView::ShowWebsiteSettings( + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { // Some browser windows have a location icon embedded in the frame. Try to // use that if it exists. If it doesn't exist, use the location icon from // the location bar. @@ -1398,7 +1398,7 @@ void BrowserView::ShowWebsiteSettings(Profile* profile, popup_anchor = GetLocationBarView()->location_icon_view(); WebsiteSettingsPopupView::ShowPopup(popup_anchor, gfx::Rect(), profile, - web_contents, url, ssl); + web_contents, url, security_info); } void BrowserView::ShowAppMenu() { diff --git a/chrome/browser/ui/views/frame/browser_view.h b/chrome/browser/ui/views/frame/browser_view.h index 28a2a56ffd46..a18f74817c37 100644 --- a/chrome/browser/ui/views/frame/browser_view.h +++ b/chrome/browser/ui/views/frame/browser_view.h @@ -340,10 +340,11 @@ class BrowserView : public BrowserWindow, bool app_modal, const base::Callback& callback) override; void UserChangedTheme() override; - void ShowWebsiteSettings(Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) override; + void ShowWebsiteSettings( + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) override; void ShowAppMenu() override; bool PreHandleKeyboardEvent(const content::NativeWebKeyboardEvent& event, bool* is_keyboard_shortcut) override; diff --git a/chrome/browser/ui/views/frame/web_app_left_header_view_ash.cc b/chrome/browser/ui/views/frame/web_app_left_header_view_ash.cc index 8e1a860c9e57..2c2dc2a19788 100644 --- a/chrome/browser/ui/views/frame/web_app_left_header_view_ash.cc +++ b/chrome/browser/ui/views/frame/web_app_left_header_view_ash.cc @@ -90,6 +90,10 @@ void WebAppLeftHeaderView::ShowWebsiteSettings() const { if (!nav_entry) return; + SecurityStateModel* security_model = SecurityStateModel::FromWebContents(tab); + DCHECK(security_model); + chrome::ShowWebsiteSettings(browser_view_->browser(), tab, - nav_entry->GetURL(), nav_entry->GetSSL()); + nav_entry->GetURL(), + security_model->GetSecurityInfo()); } diff --git a/chrome/browser/ui/views/location_bar/location_bar_view.h b/chrome/browser/ui/views/location_bar/location_bar_view.h index 6e7b43b56c2b..b98df637dbc1 100644 --- a/chrome/browser/ui/views/location_bar/location_bar_view.h +++ b/chrome/browser/ui/views/location_bar/location_bar_view.h @@ -50,10 +50,6 @@ class TemplateURLService; class TranslateIconView; class ZoomView; -namespace content { -struct SSLStatus; -} - namespace views { class BubbleDelegateView; class ImageButton; @@ -110,9 +106,10 @@ class LocationBarView : public LocationBar, GetContentSettingBubbleModelDelegate() = 0; // Shows permissions and settings for the given web contents. - virtual void ShowWebsiteSettings(content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) = 0; + virtual void ShowWebsiteSettings( + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) = 0; protected: virtual ~Delegate() {} diff --git a/chrome/browser/ui/views/location_bar/page_info_helper.cc b/chrome/browser/ui/views/location_bar/page_info_helper.cc index b27cf0398b75..42bb120b863f 100644 --- a/chrome/browser/ui/views/location_bar/page_info_helper.cc +++ b/chrome/browser/ui/views/location_bar/page_info_helper.cc @@ -36,6 +36,9 @@ void PageInfoHelper::ProcessEvent(const ui::LocatedEvent& event) { if (!nav_entry) return; + SecurityStateModel* security_model = SecurityStateModel::FromWebContents(tab); + DCHECK(security_model); + location_bar_->delegate()->ShowWebsiteSettings( - tab, nav_entry->GetURL(), nav_entry->GetSSL()); + tab, nav_entry->GetURL(), security_model->GetSecurityInfo()); } diff --git a/chrome/browser/ui/views/toolbar/toolbar_view.cc b/chrome/browser/ui/views/toolbar/toolbar_view.cc index 7f3fa45b24e2..1aa2989db185 100644 --- a/chrome/browser/ui/views/toolbar/toolbar_view.cc +++ b/chrome/browser/ui/views/toolbar/toolbar_view.cc @@ -405,10 +405,11 @@ ToolbarView::GetContentSettingBubbleModelDelegate() { return browser_->content_setting_bubble_model_delegate(); } -void ToolbarView::ShowWebsiteSettings(content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) { - chrome::ShowWebsiteSettings(browser_, web_contents, url, ssl); +void ToolbarView::ShowWebsiteSettings( + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { + chrome::ShowWebsiteSettings(browser_, web_contents, url, security_info); } views::Widget* ToolbarView::CreateViewsBubble( diff --git a/chrome/browser/ui/views/toolbar/toolbar_view.h b/chrome/browser/ui/views/toolbar/toolbar_view.h index 931892c0e2a6..fd3de8eee291 100644 --- a/chrome/browser/ui/views/toolbar/toolbar_view.h +++ b/chrome/browser/ui/views/toolbar/toolbar_view.h @@ -130,9 +130,10 @@ class ToolbarView : public views::AccessiblePaneView, ExtensionAction* action) override; ContentSettingBubbleModelDelegate* GetContentSettingBubbleModelDelegate() override; - void ShowWebsiteSettings(content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) override; + void ShowWebsiteSettings( + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) override; // CommandObserver: void EnabledStateChangedForCommand(int id, bool enabled) override; diff --git a/chrome/browser/ui/views/website_settings/website_settings_popup_view.cc b/chrome/browser/ui/views/website_settings/website_settings_popup_view.cc index 35c3d5aad1c5..0d1b61a9d5e4 100644 --- a/chrome/browser/ui/views/website_settings/website_settings_popup_view.cc +++ b/chrome/browser/ui/views/website_settings/website_settings_popup_view.cc @@ -277,12 +277,13 @@ WebsiteSettingsPopupView::~WebsiteSettingsPopupView() { } // static -void WebsiteSettingsPopupView::ShowPopup(views::View* anchor_view, - const gfx::Rect& anchor_rect, - Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) { +void WebsiteSettingsPopupView::ShowPopup( + views::View* anchor_view, + const gfx::Rect& anchor_rect, + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { is_popup_showing = true; gfx::NativeView parent_window = anchor_view ? nullptr : web_contents->GetNativeView(); @@ -295,7 +296,7 @@ void WebsiteSettingsPopupView::ShowPopup(views::View* anchor_view, popup->GetWidget()->Show(); } else { WebsiteSettingsPopupView* popup = new WebsiteSettingsPopupView( - anchor_view, parent_window, profile, web_contents, url, ssl); + anchor_view, parent_window, profile, web_contents, url, security_info); if (!anchor_view) popup->SetAnchorRect(anchor_rect); popup->GetWidget()->Show(); @@ -313,7 +314,7 @@ WebsiteSettingsPopupView::WebsiteSettingsPopupView( Profile* profile, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl) + const SecurityStateModel::SecurityInfo& security_info) : content::WebContentsObserver(web_contents), BubbleDelegateView(anchor_view, views::BubbleBorder::TOP_LEFT), web_contents_(web_contents), @@ -382,7 +383,7 @@ WebsiteSettingsPopupView::WebsiteSettingsPopupView( presenter_.reset(new WebsiteSettings( this, profile, TabSpecificContentSettings::FromWebContents(web_contents), - web_contents, url, ssl, content::CertStore::GetInstance())); + web_contents, url, security_info, content::CertStore::GetInstance())); } void WebsiteSettingsPopupView::RenderFrameDeleted( diff --git a/chrome/browser/ui/views/website_settings/website_settings_popup_view.h b/chrome/browser/ui/views/website_settings/website_settings_popup_view.h index 91441550eedb..e51a864c1f11 100644 --- a/chrome/browser/ui/views/website_settings/website_settings_popup_view.h +++ b/chrome/browser/ui/views/website_settings/website_settings_popup_view.h @@ -9,6 +9,7 @@ #include "base/memory/scoped_ptr.h" #include "base/memory/weak_ptr.h" #include "base/strings/string16.h" +#include "chrome/browser/ssl/security_state_model.h" #include "chrome/browser/ui/views/website_settings/permission_selector_view_observer.h" #include "chrome/browser/ui/website_settings/website_settings_ui.h" #include "content/public/browser/web_contents_observer.h" @@ -22,7 +23,6 @@ class PopupHeaderView; class Profile; namespace content { -struct SSLStatus; class WebContents; } @@ -54,19 +54,20 @@ class WebsiteSettingsPopupView : public content::WebContentsObserver, Profile* profile, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl); + const SecurityStateModel::SecurityInfo& security_info); static bool IsPopupShowing(); private: friend class test::WebsiteSettingsPopupViewTestApi; - WebsiteSettingsPopupView(views::View* anchor_view, - gfx::NativeView parent_window, - Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl); + WebsiteSettingsPopupView( + views::View* anchor_view, + gfx::NativeView parent_window, + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info); // WebContentsObserver implementation. void RenderFrameDeleted(content::RenderFrameHost* render_frame_host) override; diff --git a/chrome/browser/ui/views/website_settings/website_settings_popup_view_unittest.cc b/chrome/browser/ui/views/website_settings/website_settings_popup_view_unittest.cc index d8e6daf15453..588f0913024b 100644 --- a/chrome/browser/ui/views/website_settings/website_settings_popup_view_unittest.cc +++ b/chrome/browser/ui/views/website_settings/website_settings_popup_view_unittest.cc @@ -33,10 +33,10 @@ class WebsiteSettingsPopupViewTestApi { view_->GetWidget()->CloseNow(); GURL url("http://www.example.com"); - content::SSLStatus ssl; + SecurityStateModel::SecurityInfo security_info; views::View* anchor_view = nullptr; view_ = new WebsiteSettingsPopupView(anchor_view, parent_, profile_, - web_contents_, url, ssl); + web_contents_, url, security_info); } WebsiteSettingsPopupView* view() { return view_; } diff --git a/chrome/browser/ui/website_settings/website_settings.cc b/chrome/browser/ui/website_settings/website_settings.cc index 4c1391a46f23..52b69255d877 100644 --- a/chrome/browser/ui/website_settings/website_settings.cc +++ b/chrome/browser/ui/website_settings/website_settings.cc @@ -46,7 +46,6 @@ #include "content/public/browser/cert_store.h" #include "content/public/browser/user_metrics.h" #include "content/public/common/content_switches.h" -#include "content/public/common/ssl_status.h" #include "content/public/common/url_constants.h" #include "net/cert/cert_status_flags.h" #include "net/cert/x509_certificate.h" @@ -99,32 +98,30 @@ ContentSettingsType kPermissionType[] = { }; bool CertificateTransparencyStatusMatch( - const content::SignedCertificateTimestampIDStatusList& scts, + const std::vector& sct_verify_statuses, net::ct::SCTVerifyStatus status) { - for (content::SignedCertificateTimestampIDStatusList::const_iterator it = - scts.begin(); - it != scts.end(); - ++it) { - if (it->status == status) + for (const auto& verify_status : sct_verify_statuses) { + if (verify_status == status) return true; } - return false; } int GetSiteIdentityDetailsMessageByCTInfo( - const content::SignedCertificateTimestampIDStatusList& scts, + const std::vector& sct_verify_statuses, bool is_ev) { // No SCTs - no CT information. - if (scts.empty()) + if (sct_verify_statuses.empty()) return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT); - if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_OK)) + if (CertificateTransparencyStatusMatch(sct_verify_statuses, + net::ct::SCT_STATUS_OK)) return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED); - if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_INVALID)) + if (CertificateTransparencyStatusMatch(sct_verify_statuses, + net::ct::SCT_STATUS_INVALID)) return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID); @@ -138,9 +135,10 @@ int GetSiteIdentityDetailsMessageByCTInfo( // which failed verification, in which case it will return // SITE_IDENTITY_STATUS_ERROR. WebsiteSettings::SiteIdentityStatus GetSiteIdentityStatusByCTInfo( - const content::SignedCertificateTimestampIDStatusList& scts, + const std::vector& sct_verify_statuses, bool is_ev) { - if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_INVALID)) + if (CertificateTransparencyStatusMatch(sct_verify_statuses, + net::ct::SCT_STATUS_INVALID)) return WebsiteSettings::SITE_IDENTITY_STATUS_ERROR; return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT @@ -162,7 +160,7 @@ WebsiteSettings::WebsiteSettings( TabSpecificContentSettings* tab_specific_content_settings, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl, + const SecurityStateModel::SecurityInfo& security_info, content::CertStore* cert_store) : TabSpecificContentSettings::SiteDataObserver( tab_specific_content_settings), @@ -179,7 +177,7 @@ WebsiteSettings::WebsiteSettings( ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), did_revoke_user_ssl_decisions_(false), profile_(profile) { - Init(url, ssl); + Init(url, security_info); PresentSitePermissions(); PresentSiteData(); @@ -356,7 +354,9 @@ void WebsiteSettings::OnRevokeSSLErrorBypassButtonPressed() { did_revoke_user_ssl_decisions_ = true; } -void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { +void WebsiteSettings::Init( + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) { bool isChromeUINativeScheme = false; #if defined(OS_ANDROID) isChromeUINativeScheme = url.SchemeIs(chrome::kChromeUINativeScheme); @@ -373,25 +373,20 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { // Identity section. scoped_refptr cert; - cert_id_ = ssl.cert_id; + cert_id_ = security_info.cert_id; - if (ssl.cert_id && - cert_store_->RetrieveCert(ssl.cert_id, &cert) && - (!net::IsCertStatusError(ssl.cert_status) || - net::IsCertStatusMinorError(ssl.cert_status))) { + // HTTPS with no or minor errors. + if (security_info.cert_id && + cert_store_->RetrieveCert(security_info.cert_id, &cert) && + (!net::IsCertStatusError(security_info.cert_status) || + net::IsCertStatusMinorError(security_info.cert_status))) { // There are no major errors. Check for minor errors. -#if defined(OS_CHROMEOS) - policy::PolicyCertService* service = - policy::PolicyCertServiceFactory::GetForProfile(profile_); - const bool used_policy_certs = service && service->UsedPolicyCertificates(); -#else - const bool used_policy_certs = false; -#endif - if (used_policy_certs) { + if (security_info.security_level == + SecurityStateModel::SECURITY_POLICY_WARNING) { site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT; site_identity_details_ = l10n_util::GetStringFUTF16( IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host())); - } else if (net::IsCertStatusMinorError(ssl.cert_status)) { + } else if (net::IsCertStatusMinorError(security_info.cert_status)) { site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN; base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); if (issuer_name.empty()) { @@ -401,24 +396,26 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { site_identity_details_.assign(l10n_util::GetStringFUTF16( GetSiteIdentityDetailsMessageByCTInfo( - ssl.signed_certificate_timestamp_ids, false /* not EV */), + security_info.sct_verify_statuses, false /* not EV */), issuer_name)); site_identity_details_ += ASCIIToUTF16("\n\n"); - if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { + if (security_info.cert_status & + net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { site_identity_details_ += l10n_util::GetStringUTF16( IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); - } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) { + } else if (security_info.cert_status & + net::CERT_STATUS_NO_REVOCATION_MECHANISM) { site_identity_details_ += l10n_util::GetStringUTF16( IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); } else { NOTREACHED() << "Need to specify string for this warning"; } } else { - if (ssl.cert_status & net::CERT_STATUS_IS_EV) { + if (security_info.cert_status & net::CERT_STATUS_IS_EV) { // EV HTTPS page. site_identity_status_ = GetSiteIdentityStatusByCTInfo( - ssl.signed_certificate_timestamp_ids, true); + security_info.sct_verify_statuses, true); DCHECK(!cert->subject().organization_names.empty()); organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); // An EV Cert is required to have a city (localityName) and country but @@ -441,14 +438,13 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { DCHECK(!cert->subject().organization_names.empty()); site_identity_details_.assign(l10n_util::GetStringFUTF16( GetSiteIdentityDetailsMessageByCTInfo( - ssl.signed_certificate_timestamp_ids, true /* is EV */), - UTF8ToUTF16(cert->subject().organization_names[0]), - locality, + security_info.sct_verify_statuses, true /* is EV */), + UTF8ToUTF16(cert->subject().organization_names[0]), locality, UTF8ToUTF16(cert->issuer().GetDisplayName()))); } else { // Non-EV OK HTTPS page. site_identity_status_ = GetSiteIdentityStatusByCTInfo( - ssl.signed_certificate_timestamp_ids, false); + security_info.sct_verify_statuses, false); base::string16 issuer_name( UTF8ToUTF16(cert->issuer().GetDisplayName())); if (issuer_name.empty()) { @@ -458,15 +454,11 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { site_identity_details_.assign(l10n_util::GetStringFUTF16( GetSiteIdentityDetailsMessageByCTInfo( - ssl.signed_certificate_timestamp_ids, false /* not EV */), + security_info.sct_verify_statuses, false /* not EV */), issuer_name)); } - // The date after which no new SHA-1 certificates may be issued. - // 2016-01-01 00:00:00 UTC - static const int64_t kSHA1LastIssuanceDate = INT64_C(13096080000000000); - if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) && - cert->valid_expiry() > - base::Time::FromInternalValue(kSHA1LastIssuanceDate)) { + if (security_info.sha1_deprecation_status != + SecurityStateModel::NO_DEPRECATED_SHA1) { site_identity_status_ = SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM; site_identity_details_ += @@ -479,21 +471,21 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { // HTTP or HTTPS with errors (not warnings). site_identity_details_.assign(l10n_util::GetStringUTF16( IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); - if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) + if (!security_info.scheme_is_cryptographic || !security_info.cert_id) site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; else site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; const base::string16 bullet = UTF8ToUTF16("\n • "); std::vector errors; - ssl_errors::ErrorInfo::GetErrorsForCertStatus(cert, ssl.cert_status, url, - &errors); + ssl_errors::ErrorInfo::GetErrorsForCertStatus( + cert, security_info.cert_status, url, &errors); for (size_t i = 0; i < errors.size(); ++i) { site_identity_details_ += bullet; site_identity_details_ += errors[i].short_description(); } - if (ssl.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { + if (security_info.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { site_identity_details_ += ASCIIToUTF16("\n\n"); site_identity_details_ += l10n_util::GetStringUTF16( IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME); @@ -512,27 +504,19 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); } - if (ssl.security_style == content::SECURITY_STYLE_UNKNOWN) { - // Page is still loading, so SSL status is not yet available. Say nothing. - DCHECK_EQ(ssl.security_bits, -1); - site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; - - site_connection_details_.assign(l10n_util::GetStringFUTF16( - IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, - subject_name)); - } else if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) { - // HTTPS without a certificate, or not HTTPS. - DCHECK(!ssl.cert_id); + if (!security_info.cert_id || !security_info.scheme_is_cryptographic) { + // Page is still loading (so SSL status is not yet available) or + // loaded over HTTP or loaded over HTTPS with no cert. site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; site_connection_details_.assign(l10n_util::GetStringFUTF16( IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, subject_name)); - } else if (ssl.security_bits < 0) { - // Security strength is unknown. Say nothing. + } else if (security_info.security_bits < 0) { + // Security strength is unknown. Say nothing. site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; - } else if (ssl.security_bits == 0) { - DCHECK_NE(ssl.security_style, content::SECURITY_STYLE_UNAUTHENTICATED); + } else if (security_info.security_bits == 0) { + DCHECK_NE(security_info.security_level, SecurityStateModel::NONE); site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; site_connection_details_.assign(l10n_util::GetStringFUTF16( IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, @@ -540,10 +524,10 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { } else { site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED; - if (net::SSLConnectionStatusToVersion(ssl.connection_status) >= + if (net::SSLConnectionStatusToVersion(security_info.connection_status) >= net::SSL_CONNECTION_VERSION_TLS1_2 && - net::IsSecureTLSCipherSuite( - net::SSLConnectionStatusToCipherSuite(ssl.connection_status))) { + net::IsSecureTLSCipherSuite(net::SSLConnectionStatusToCipherSuite( + security_info.connection_status))) { site_connection_details_.assign(l10n_util::GetStringFUTF16( IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT, subject_name)); @@ -553,9 +537,13 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { subject_name)); } - if (ssl.content_status) { + if (security_info.mixed_content_status != + SecurityStateModel::NO_MIXED_CONTENT) { bool ran_insecure_content = - !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); + (security_info.mixed_content_status == + SecurityStateModel::RAN_MIXED_CONTENT || + security_info.mixed_content_status == + SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT); site_connection_status_ = ran_insecure_content ? SITE_CONNECTION_STATUS_MIXED_SCRIPT : SITE_CONNECTION_STATUS_MIXED_CONTENT; @@ -569,10 +557,10 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { } uint16 cipher_suite = - net::SSLConnectionStatusToCipherSuite(ssl.connection_status); - if (ssl.security_bits > 0 && cipher_suite) { + net::SSLConnectionStatusToCipherSuite(security_info.connection_status); + if (security_info.security_bits > 0 && cipher_suite) { int ssl_version = - net::SSLConnectionStatusToVersion(ssl.connection_status); + net::SSLConnectionStatusToVersion(security_info.connection_status); const char* ssl_version_str; net::SSLVersionToString(&ssl_version_str, ssl_version); site_connection_details_ += ASCIIToUTF16("\n\n"); @@ -581,8 +569,8 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { ASCIIToUTF16(ssl_version_str)); bool no_renegotiation = - (ssl.connection_status & - net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0; + (security_info.connection_status & + net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0; const char *key_exchange, *cipher, *mac; bool is_aead; net::SSLCipherSuiteToStrings( @@ -604,8 +592,8 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; } - const bool did_fallback = - (ssl.connection_status & net::SSL_CONNECTION_VERSION_FALLBACK) != 0; + const bool did_fallback = (security_info.connection_status & + net::SSL_CONNECTION_VERSION_FALLBACK) != 0; if (did_fallback) { site_connection_details_ += ASCIIToUTF16("\n\n"); site_connection_details_ += l10n_util::GetStringUTF16( diff --git a/chrome/browser/ui/website_settings/website_settings.h b/chrome/browser/ui/website_settings/website_settings.h index 4800d8b2f40b..e284ef7e7f21 100644 --- a/chrome/browser/ui/website_settings/website_settings.h +++ b/chrome/browser/ui/website_settings/website_settings.h @@ -7,6 +7,7 @@ #include "base/strings/string16.h" #include "chrome/browser/content_settings/tab_specific_content_settings.h" +#include "chrome/browser/ssl/security_state_model.h" #include "components/content_settings/core/common/content_settings.h" #include "components/content_settings/core/common/content_settings_types.h" #include "content/public/common/signed_certificate_timestamp_id_and_status.h" @@ -14,7 +15,6 @@ namespace content { class CertStore; -struct SSLStatus; class WebContents; } @@ -95,7 +95,7 @@ class WebsiteSettings : public TabSpecificContentSettings::SiteDataObserver { TabSpecificContentSettings* tab_specific_content_settings, content::WebContents* web_contents, const GURL& url, - const content::SSLStatus& ssl, + const SecurityStateModel::SecurityInfo& security_info, content::CertStore* cert_store); ~WebsiteSettings() override; @@ -139,7 +139,8 @@ class WebsiteSettings : public TabSpecificContentSettings::SiteDataObserver { private: // Initializes the |WebsiteSettings|. - void Init(const GURL& url, const content::SSLStatus& ssl); + void Init(const GURL& url, + const SecurityStateModel::SecurityInfo& security_info); // Sets (presents) the information about the site's permissions in the |ui_|. void PresentSitePermissions(); diff --git a/chrome/browser/ui/website_settings/website_settings_unittest.cc b/chrome/browser/ui/website_settings/website_settings_unittest.cc index e7d0c994e677..5eaba491ce31 100644 --- a/chrome/browser/ui/website_settings/website_settings_unittest.cc +++ b/chrome/browser/ui/website_settings/website_settings_unittest.cc @@ -79,7 +79,7 @@ class WebsiteSettingsTest : public ChromeRenderViewHostTestHarness { void SetUp() override { ChromeRenderViewHostTestHarness::SetUp(); // Setup stub SSLStatus. - ssl_.security_style = content::SECURITY_STYLE_UNAUTHENTICATED; + security_info_.security_level = SecurityStateModel::NONE; // Create the certificate. cert_id_ = 1; @@ -123,7 +123,9 @@ class WebsiteSettingsTest : public ChromeRenderViewHostTestHarness { MockCertStore* cert_store() { return &cert_store_; } int cert_id() { return cert_id_; } MockWebsiteSettingsUI* mock_ui() { return mock_ui_.get(); } - const SSLStatus& ssl() { return ssl_; } + const SecurityStateModel::SecurityInfo& security_info() { + return security_info_; + } TabSpecificContentSettings* tab_specific_content_settings() { return TabSpecificContentSettings::FromWebContents(web_contents()); } @@ -134,13 +136,13 @@ class WebsiteSettingsTest : public ChromeRenderViewHostTestHarness { WebsiteSettings* website_settings() { if (!website_settings_.get()) { website_settings_.reset(new WebsiteSettings( - mock_ui(), profile(), tab_specific_content_settings(), - web_contents(), url(), ssl(), cert_store())); + mock_ui(), profile(), tab_specific_content_settings(), web_contents(), + url(), security_info(), cert_store())); } return website_settings_.get(); } - SSLStatus ssl_; + SecurityStateModel::SecurityInfo security_info_; private: scoped_ptr website_settings_; @@ -286,14 +288,15 @@ TEST_F(WebsiteSettingsTest, HTTPConnection) { } TEST_F(WebsiteSettingsTest, HTTPSConnection) { - ssl_.security_style = content::SECURITY_STYLE_AUTHENTICATED; - ssl_.cert_id = cert_id(); - ssl_.cert_status = 0; - ssl_.security_bits = 81; // No error if > 80. + security_info_.security_level = SecurityStateModel::SECURE; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = 0; + security_info_.security_bits = 81; // No error if > 80. int status = 0; status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); - ssl_.connection_status = status; + security_info_.connection_status = status; SetDefaultUIExpectations(mock_ui()); EXPECT_CALL(*mock_ui(), SetSelectedTab( @@ -307,15 +310,17 @@ TEST_F(WebsiteSettingsTest, HTTPSConnection) { } TEST_F(WebsiteSettingsTest, HTTPSPassiveMixedContent) { - ssl_.security_style = content::SECURITY_STYLE_AUTHENTICATED; - ssl_.cert_id = cert_id(); - ssl_.cert_status = 0; - ssl_.security_bits = 81; // No error if > 80. - ssl_.content_status = SSLStatus::DISPLAYED_INSECURE_CONTENT; + security_info_.security_level = SecurityStateModel::NONE; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = 0; + security_info_.security_bits = 81; // No error if > 80. + security_info_.mixed_content_status = + SecurityStateModel::DISPLAYED_MIXED_CONTENT; int status = 0; status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); - ssl_.connection_status = status; + security_info_.connection_status = status; SetDefaultUIExpectations(mock_ui()); EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); @@ -331,15 +336,17 @@ TEST_F(WebsiteSettingsTest, HTTPSPassiveMixedContent) { } TEST_F(WebsiteSettingsTest, HTTPSActiveMixedContent) { - ssl_.security_style = content::SECURITY_STYLE_AUTHENTICATION_BROKEN; - ssl_.cert_id = cert_id(); - ssl_.cert_status = 0; - ssl_.security_bits = 81; // No error if > 80. - ssl_.content_status = SSLStatus::RAN_INSECURE_CONTENT; + security_info_.security_level = SecurityStateModel::SECURITY_ERROR; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = 0; + security_info_.security_bits = 81; // No error if > 80. + security_info_.mixed_content_status = + SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT; int status = 0; status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); - ssl_.connection_status = status; + security_info_.connection_status = status; SetDefaultUIExpectations(mock_ui()); EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); @@ -363,15 +370,17 @@ TEST_F(WebsiteSettingsTest, HTTPSEVCert) { EXPECT_CALL(*cert_store(), RetrieveCert(ev_cert_id, _)).WillRepeatedly( DoAll(SetArgPointee<1>(ev_cert), Return(true))); - ssl_.security_style = content::SECURITY_STYLE_AUTHENTICATED; - ssl_.cert_id = ev_cert_id; - ssl_.cert_status = net::CERT_STATUS_IS_EV; - ssl_.security_bits = 81; // No error if > 80. - ssl_.content_status = SSLStatus::DISPLAYED_INSECURE_CONTENT; + security_info_.security_level = SecurityStateModel::NONE; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = ev_cert_id; + security_info_.cert_status = net::CERT_STATUS_IS_EV; + security_info_.security_bits = 81; // No error if > 80. + security_info_.mixed_content_status = + SecurityStateModel::DISPLAYED_MIXED_CONTENT; int status = 0; status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); - ssl_.connection_status = status; + security_info_.connection_status = status; SetDefaultUIExpectations(mock_ui()); EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); @@ -385,14 +394,15 @@ TEST_F(WebsiteSettingsTest, HTTPSEVCert) { } TEST_F(WebsiteSettingsTest, HTTPSRevocationError) { - ssl_.security_style = content::SECURITY_STYLE_AUTHENTICATED; - ssl_.cert_id = cert_id(); - ssl_.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; - ssl_.security_bits = 81; // No error if > 80. + security_info_.security_level = SecurityStateModel::SECURE; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; + security_info_.security_bits = 81; // No error if > 80. int status = 0; status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); - ssl_.connection_status = status; + security_info_.connection_status = status; SetDefaultUIExpectations(mock_ui()); EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); @@ -405,14 +415,15 @@ TEST_F(WebsiteSettingsTest, HTTPSRevocationError) { } TEST_F(WebsiteSettingsTest, HTTPSConnectionError) { - ssl_.security_style = content::SECURITY_STYLE_AUTHENTICATED; - ssl_.cert_id = cert_id(); - ssl_.cert_status = 0; - ssl_.security_bits = -1; + security_info_.security_level = SecurityStateModel::SECURE; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = 0; + security_info_.security_bits = -1; int status = 0; status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); - ssl_.connection_status = status; + security_info_.connection_status = status; SetDefaultUIExpectations(mock_ui()); EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); @@ -424,6 +435,51 @@ TEST_F(WebsiteSettingsTest, HTTPSConnectionError) { EXPECT_EQ(base::string16(), website_settings()->organization_name()); } +TEST_F(WebsiteSettingsTest, HTTPSPolicyCertConnection) { + security_info_.security_level = SecurityStateModel::SECURITY_POLICY_WARNING; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = 0; + security_info_.security_bits = 81; // No error if > 80. + int status = 0; + status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); + status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); + security_info_.connection_status = status; + + SetDefaultUIExpectations(mock_ui()); + EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); + + EXPECT_EQ(WebsiteSettings::SITE_CONNECTION_STATUS_ENCRYPTED, + website_settings()->site_connection_status()); + EXPECT_EQ(WebsiteSettings::SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT, + website_settings()->site_identity_status()); + EXPECT_EQ(base::string16(), website_settings()->organization_name()); +} + +TEST_F(WebsiteSettingsTest, HTTPSSHA1Connection) { + security_info_.security_level = SecurityStateModel::NONE; + security_info_.scheme_is_cryptographic = true; + security_info_.cert_id = cert_id(); + security_info_.cert_status = 0; + security_info_.security_bits = 81; // No error if > 80. + int status = 0; + status = SetSSLVersion(status, net::SSL_CONNECTION_VERSION_TLS1); + status = SetSSLCipherSuite(status, CR_TLS_RSA_WITH_AES_256_CBC_SHA256); + security_info_.connection_status = status; + security_info_.sha1_deprecation_status = + SecurityStateModel::DEPRECATED_SHA1_WARNING; + + SetDefaultUIExpectations(mock_ui()); + EXPECT_CALL(*mock_ui(), SetSelectedTab(WebsiteSettingsUI::TAB_ID_CONNECTION)); + + EXPECT_EQ(WebsiteSettings::SITE_CONNECTION_STATUS_ENCRYPTED, + website_settings()->site_connection_status()); + EXPECT_EQ( + WebsiteSettings::SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM, + website_settings()->site_identity_status()); + EXPECT_EQ(base::string16(), website_settings()->organization_name()); +} + #if !defined(OS_ANDROID) TEST_F(WebsiteSettingsTest, NoInfoBar) { SetDefaultUIExpectations(mock_ui()); diff --git a/chrome/test/base/test_browser_window.h b/chrome/test/base/test_browser_window.h index 39d8da2f12c8..e56511d802a2 100644 --- a/chrome/test/base/test_browser_window.h +++ b/chrome/test/base/test_browser_window.h @@ -132,10 +132,11 @@ class TestBrowserWindow : public BrowserWindow { bool app_modal, const base::Callback& callback) override {} void UserChangedTheme() override {} - void ShowWebsiteSettings(Profile* profile, - content::WebContents* web_contents, - const GURL& url, - const content::SSLStatus& ssl) override {} + void ShowWebsiteSettings( + Profile* profile, + content::WebContents* web_contents, + const GURL& url, + const SecurityStateModel::SecurityInfo& security_info) override {} void CutCopyPaste(int command_id) override {} WindowOpenDisposition GetDispositionForPopupBounds( const gfx::Rect& bounds) override; -- 2.11.4.GIT