components/security_state/core/security_state.h - chromium/src - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_

 #include <stdint.h>
 #include <memory>

 #include "base/callback.h"
 #include "base/feature_list.h"
 #include "base/macros.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/sct_status_flags.h"
 #include "net/cert/x509_certificate.h"
 #include "url/gurl.h"

 // Provides helper methods and data types that are used to determine the
 // high-level security information about a page or request.
 //
 // SecurityInfo is the main data structure, describing a page's or request's
 // security state. It is computed by the platform-independent GetSecurityInfo()
 // helper method, which receives platform-specific inputs from its callers in
 // the form of a VisibleSecurityState struct.
 namespace security_state {

 // A feature for showing a warning in autofill dropdowns for password
 // and credit cards fields when the top-level page is not HTTPS.
 extern const base::Feature kHttpFormWarningFeature;

 // Describes the overall security state of the page.
 //
 // If you reorder, add, or delete values from this enum, you must also
 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
 //
 // A Java counterpart will be generated for this enum.
 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.security_state
 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
 enum SecurityLevel {
   // HTTP/no URL/HTTPS but with insecure passive content on the page.
   NONE,

   // HTTP, in a case where we want to show a visible warning about the page's
   // lack of security.
   //
   // The criteria used to classify pages as NONE vs. HTTP_SHOW_WARNING will
   // change over time. Eventually, NONE will be eliminated.
   // See https://crbug.com/647754.
   HTTP_SHOW_WARNING,

   // HTTPS with valid EV cert.
   EV_SECURE,

   // HTTPS (non-EV) with valid cert.
   SECURE,

   // HTTPS, but with an outdated protocol version.
   SECURITY_WARNING,

   // HTTPS, but the certificate verification chain is anchored on a
   // certificate that was installed by the system administrator.
   SECURE_WITH_POLICY_INSTALLED_CERT,

   // Attempted HTTPS and failed, page not authenticated, HTTPS with
   // insecure active content on the page, malware, phishing, or any other
   // serious security issue that could be dangerous.
   DANGEROUS,
 };

 // The ContentStatus enum is used to describe content on the page that
 // has significantly different security properties than the main page
 // load. Content can be passive content that is displayed (such as
 // images) or active content that is run (such as scripts or iframes).
 enum ContentStatus {
   CONTENT_STATUS_UNKNOWN,
   CONTENT_STATUS_NONE,
   CONTENT_STATUS_DISPLAYED,
   CONTENT_STATUS_RAN,
   CONTENT_STATUS_DISPLAYED_AND_RAN,
 };

 // Describes whether the page contains malicious resources such as
 // malware or phishing attacks.
 enum MaliciousContentStatus {
   MALICIOUS_CONTENT_STATUS_NONE,
   MALICIOUS_CONTENT_STATUS_MALWARE,
   MALICIOUS_CONTENT_STATUS_UNWANTED_SOFTWARE,
   MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING,
 };

 // Describes the security status of a page or request. This is the
 // main data structure provided by this class. SecurityInfo contains a
 // SecurityLevel (which
 // is a single value describing the overall security state) along with
 // information that a consumer might want to display in UI to explain or
 // elaborate on the SecurityLevel.
 struct SecurityInfo {
   SecurityInfo();
   ~SecurityInfo();
   SecurityLevel security_level;
   // Describes the nature of the page's malicious content, if any.
   MaliciousContentStatus malicious_content_status;
   // True if a SHA1 signature was observed anywhere in the certificate chain.
   bool sha1_in_chain;
   // |mixed_content_status| describes the presence of content that was
   // loaded over a nonsecure (HTTP) connection.
   ContentStatus mixed_content_status;
   // |content_with_cert_errors_status| describes the presence of
   // content that was loaded over an HTTPS connection with
   // certificate errors.
   ContentStatus content_with_cert_errors_status;
   // The verification statuses of the signed certificate timestamps
   // for the connection.
   std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
   bool scheme_is_cryptographic;
   net::CertStatus cert_status;
   scoped_refptr<net::X509Certificate> certificate;
   // The security strength, in bits, of the SSL cipher suite. In late
   // 2015, 128 is considered the minimum.
   //
   // 0 means the connection uses HTTPS but is not encrypted.  -1 means
   // the security strength is unknown or the connection does not use
   // HTTPS.
   int security_bits;
   // Information about the SSL connection, such as protocol and
   // ciphersuite. See ssl_connection_flags.h in net.
   int connection_status;
   // The ID of the (EC)DH group used by the key exchange. The value is zero if
   // unknown (older cache entries may not store the value) or not applicable.
   uint16_t key_exchange_group;
   // A mask that indicates which of the protocol version,
   // key exchange, or cipher for the connection is considered
   // obsolete. See net::ObsoleteSSLMask for specific mask values.
   int obsolete_ssl_status;

   // True if pinning was bypassed due to a local trust anchor.
   bool pkp_bypassed;

   // True if the page displayed password field on an HTTP page.
   bool displayed_password_field_on_http;

   // True if the page displayed credit card field on an HTTP page.
   bool displayed_credit_card_field_on_http;

   // True if the server's certificate does not contain a
   // subjectAltName extension with a domain name or IP address.
   bool cert_missing_subject_alt_name;
 };

 // Contains the security state relevant to computing the SecurityInfo
 // for a page. This is the input to GetSecurityInfo().
 struct VisibleSecurityState {
   VisibleSecurityState();
   ~VisibleSecurityState();
   bool operator==(const VisibleSecurityState& other) const;
   GURL url;

   MaliciousContentStatus malicious_content_status;

   // CONNECTION SECURITY FIELDS
   // Whether the connection security fields are initialized.
   bool connection_info_initialized;
   // The following fields contain information about the connection
   // used to load the page or request.
   scoped_refptr<net::X509Certificate> certificate;
   net::CertStatus cert_status;
   int connection_status;
   // The ID of the (EC)DH group used by the key exchange. The value is zero if
   // unknown (older cache entries may not store the value) or not applicable.
   uint16_t key_exchange_group;
   int security_bits;
   // The verification statuses of the Signed Certificate
   // Timestamps (if any) that the server provided.
   std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
   // True if the page displayed passive mixed content.
   bool displayed_mixed_content;
   // True if the page ran active mixed content.
   bool ran_mixed_content;
   // True if the page displayed passive subresources with certificate errors.
   bool displayed_content_with_cert_errors;
   // True if the page ran active subresources with certificate errors.
   bool ran_content_with_cert_errors;
   // True if PKP was bypassed due to a local trust anchor.
   bool pkp_bypassed;
   // True if the page was an HTTP page that displayed a password field.
   bool displayed_password_field_on_http;
   // True if the page was an HTTP page that displayed a credit card field.
   bool displayed_credit_card_field_on_http;
 };

 // These security levels describe the treatment given to pages that
 // display and run mixed content. They are used to coordinate the
 // treatment of mixed content with other security UI elements.
 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE;
 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS;

 // Returns true if the given |url|'s origin should be considered secure.
 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>;

 // Populates |result| to describe the current page.
 // |visible_security_state| contains the relevant security state.
 // |used_policy_installed_certificate| indicates whether the page or request
 // is known to be loaded with a certificate installed by the system admin.
 // |is_origin_secure_callback| determines whether a URL's origin should be
 // considered secure.
 void GetSecurityInfo(
     std::unique_ptr<VisibleSecurityState> visible_security_state,
     bool used_policy_installed_certificate,
     IsOriginSecureCallback is_origin_secure_callback,
     SecurityInfo* result);

 // Returns true if an experimental form warning UI about HTTP passwords
 // and credit cards is enabled. This warning UI can be enabled with the
 // |kHttpFormWarningFeature| feature.
 bool IsHttpWarningInFormEnabled();

 }  // namespace security_state

 #endif  // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_
	#define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_

	#include <stdint.h>
	#include <memory>

	#include "base/callback.h"
	#include "base/feature_list.h"
	#include "base/macros.h"
	#include "net/cert/cert_status_flags.h"
	#include "net/cert/sct_status_flags.h"
	#include "net/cert/x509_certificate.h"
	#include "url/gurl.h"

	// Provides helper methods and data types that are used to determine the
	// high-level security information about a page or request.
	//
	// SecurityInfo is the main data structure, describing a page's or request's
	// security state. It is computed by the platform-independent GetSecurityInfo()
	// helper method, which receives platform-specific inputs from its callers in
	// the form of a VisibleSecurityState struct.
	namespace security_state {

	// A feature for showing a warning in autofill dropdowns for password
	// and credit cards fields when the top-level page is not HTTPS.
	extern const base::Feature kHttpFormWarningFeature;

	// Describes the overall security state of the page.
	//
	// If you reorder, add, or delete values from this enum, you must also
	// update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
	//
	// A Java counterpart will be generated for this enum.
	// GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.security_state
	// GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
	enum SecurityLevel {
	// HTTP/no URL/HTTPS but with insecure passive content on the page.
	NONE,

	// HTTP, in a case where we want to show a visible warning about the page's
	// lack of security.
	//
	// The criteria used to classify pages as NONE vs. HTTP_SHOW_WARNING will
	// change over time. Eventually, NONE will be eliminated.
	// See https://crbug.com/647754.
	HTTP_SHOW_WARNING,

	// HTTPS with valid EV cert.
	EV_SECURE,

	// HTTPS (non-EV) with valid cert.
	SECURE,

	// HTTPS, but with an outdated protocol version.
	SECURITY_WARNING,

	// HTTPS, but the certificate verification chain is anchored on a
	// certificate that was installed by the system administrator.
	SECURE_WITH_POLICY_INSTALLED_CERT,

	// Attempted HTTPS and failed, page not authenticated, HTTPS with
	// insecure active content on the page, malware, phishing, or any other
	// serious security issue that could be dangerous.
	DANGEROUS,
	};

	// The ContentStatus enum is used to describe content on the page that
	// has significantly different security properties than the main page
	// load. Content can be passive content that is displayed (such as
	// images) or active content that is run (such as scripts or iframes).
	enum ContentStatus {
	CONTENT_STATUS_UNKNOWN,
	CONTENT_STATUS_NONE,
	CONTENT_STATUS_DISPLAYED,
	CONTENT_STATUS_RAN,
	CONTENT_STATUS_DISPLAYED_AND_RAN,
	};

	// Describes whether the page contains malicious resources such as
	// malware or phishing attacks.
	enum MaliciousContentStatus {
	MALICIOUS_CONTENT_STATUS_NONE,
	MALICIOUS_CONTENT_STATUS_MALWARE,
	MALICIOUS_CONTENT_STATUS_UNWANTED_SOFTWARE,
	MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING,
	};

	// Describes the security status of a page or request. This is the
	// main data structure provided by this class. SecurityInfo contains a
	// SecurityLevel (which
	// is a single value describing the overall security state) along with
	// information that a consumer might want to display in UI to explain or
	// elaborate on the SecurityLevel.
	struct SecurityInfo {
	SecurityInfo();
	~SecurityInfo();
	SecurityLevel security_level;
	// Describes the nature of the page's malicious content, if any.
	MaliciousContentStatus malicious_content_status;
	// True if a SHA1 signature was observed anywhere in the certificate chain.
	bool sha1_in_chain;
	// \|mixed_content_status\| describes the presence of content that was
	// loaded over a nonsecure (HTTP) connection.
	ContentStatus mixed_content_status;
	// \|content_with_cert_errors_status\| describes the presence of
	// content that was loaded over an HTTPS connection with
	// certificate errors.
	ContentStatus content_with_cert_errors_status;
	// The verification statuses of the signed certificate timestamps
	// for the connection.
	std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
	bool scheme_is_cryptographic;
	net::CertStatus cert_status;
	scoped_refptr<net::X509Certificate> certificate;
	// The security strength, in bits, of the SSL cipher suite. In late
	// 2015, 128 is considered the minimum.
	//
	// 0 means the connection uses HTTPS but is not encrypted. -1 means
	// the security strength is unknown or the connection does not use
	// HTTPS.
	int security_bits;
	// Information about the SSL connection, such as protocol and
	// ciphersuite. See ssl_connection_flags.h in net.
	int connection_status;
	// The ID of the (EC)DH group used by the key exchange. The value is zero if
	// unknown (older cache entries may not store the value) or not applicable.
	uint16_t key_exchange_group;
	// A mask that indicates which of the protocol version,
	// key exchange, or cipher for the connection is considered
	// obsolete. See net::ObsoleteSSLMask for specific mask values.
	int obsolete_ssl_status;

	// True if pinning was bypassed due to a local trust anchor.
	bool pkp_bypassed;

	// True if the page displayed password field on an HTTP page.
	bool displayed_password_field_on_http;

	// True if the page displayed credit card field on an HTTP page.
	bool displayed_credit_card_field_on_http;

	// True if the server's certificate does not contain a
	// subjectAltName extension with a domain name or IP address.
	bool cert_missing_subject_alt_name;
	};

	// Contains the security state relevant to computing the SecurityInfo
	// for a page. This is the input to GetSecurityInfo().
	struct VisibleSecurityState {
	VisibleSecurityState();
	~VisibleSecurityState();
	bool operator==(const VisibleSecurityState& other) const;
	GURL url;

	MaliciousContentStatus malicious_content_status;

	// CONNECTION SECURITY FIELDS
	// Whether the connection security fields are initialized.
	bool connection_info_initialized;
	// The following fields contain information about the connection
	// used to load the page or request.
	scoped_refptr<net::X509Certificate> certificate;
	net::CertStatus cert_status;
	int connection_status;
	// The ID of the (EC)DH group used by the key exchange. The value is zero if
	// unknown (older cache entries may not store the value) or not applicable.
	uint16_t key_exchange_group;
	int security_bits;
	// The verification statuses of the Signed Certificate
	// Timestamps (if any) that the server provided.
	std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
	// True if the page displayed passive mixed content.
	bool displayed_mixed_content;
	// True if the page ran active mixed content.
	bool ran_mixed_content;
	// True if the page displayed passive subresources with certificate errors.
	bool displayed_content_with_cert_errors;
	// True if the page ran active subresources with certificate errors.
	bool ran_content_with_cert_errors;
	// True if PKP was bypassed due to a local trust anchor.
	bool pkp_bypassed;
	// True if the page was an HTTP page that displayed a password field.
	bool displayed_password_field_on_http;
	// True if the page was an HTTP page that displayed a credit card field.
	bool displayed_credit_card_field_on_http;
	};

	// These security levels describe the treatment given to pages that
	// display and run mixed content. They are used to coordinate the
	// treatment of mixed content with other security UI elements.
	constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE;
	constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS;

	// Returns true if the given \|url\|'s origin should be considered secure.
	using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>;

	// Populates \|result\| to describe the current page.
	// \|visible_security_state\| contains the relevant security state.
	// \|used_policy_installed_certificate\| indicates whether the page or request
	// is known to be loaded with a certificate installed by the system admin.
	// \|is_origin_secure_callback\| determines whether a URL's origin should be
	// considered secure.
	void GetSecurityInfo(
	std::unique_ptr<VisibleSecurityState> visible_security_state,
	bool used_policy_installed_certificate,
	IsOriginSecureCallback is_origin_secure_callback,
	SecurityInfo* result);

	// Returns true if an experimental form warning UI about HTTP passwords
	// and credit cards is enabled. This warning UI can be enabled with the
	// \|kHttpFormWarningFeature\| feature.
	bool IsHttpWarningInFormEnabled();

	} // namespace security_state

	#endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_