| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |
| |
| #include <stdint.h> |
| #include <memory> |
| |
| #include "base/callback.h" |
| #include "base/feature_list.h" |
| #include "base/macros.h" |
| #include "net/cert/cert_status_flags.h" |
| #include "net/cert/sct_status_flags.h" |
| #include "net/cert/x509_certificate.h" |
| #include "url/gurl.h" |
| |
| // Provides helper methods and data types that are used to determine the |
| // high-level security information about a page or request. |
| // |
| // SecurityInfo is the main data structure, describing a page's or request's |
| // security state. It is computed by the platform-independent GetSecurityInfo() |
| // helper method, which receives platform-specific inputs from its callers in |
| // the form of a VisibleSecurityState struct. |
| namespace security_state { |
| |
| // A feature for showing a warning in autofill dropdowns for password |
| // and credit cards fields when the top-level page is not HTTPS. |
| extern const base::Feature kHttpFormWarningFeature; |
| |
| // Describes the overall security state of the page. |
| // |
| // If you reorder, add, or delete values from this enum, you must also |
| // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. |
| // |
| // A Java counterpart will be generated for this enum. |
| // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.security_state |
| // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel |
| enum SecurityLevel { |
| // HTTP/no URL/HTTPS but with insecure passive content on the page. |
| NONE, |
| |
| // HTTP, in a case where we want to show a visible warning about the page's |
| // lack of security. |
| // |
| // The criteria used to classify pages as NONE vs. HTTP_SHOW_WARNING will |
| // change over time. Eventually, NONE will be eliminated. |
| // See https://crbug.com/647754. |
| HTTP_SHOW_WARNING, |
| |
| // HTTPS with valid EV cert. |
| EV_SECURE, |
| |
| // HTTPS (non-EV) with valid cert. |
| SECURE, |
| |
| // HTTPS, but with an outdated protocol version. |
| SECURITY_WARNING, |
| |
| // HTTPS, but the certificate verification chain is anchored on a |
| // certificate that was installed by the system administrator. |
| SECURE_WITH_POLICY_INSTALLED_CERT, |
| |
| // Attempted HTTPS and failed, page not authenticated, HTTPS with |
| // insecure active content on the page, malware, phishing, or any other |
| // serious security issue that could be dangerous. |
| DANGEROUS, |
| }; |
| |
| // The ContentStatus enum is used to describe content on the page that |
| // has significantly different security properties than the main page |
| // load. Content can be passive content that is displayed (such as |
| // images) or active content that is run (such as scripts or iframes). |
| enum ContentStatus { |
| CONTENT_STATUS_UNKNOWN, |
| CONTENT_STATUS_NONE, |
| CONTENT_STATUS_DISPLAYED, |
| CONTENT_STATUS_RAN, |
| CONTENT_STATUS_DISPLAYED_AND_RAN, |
| }; |
| |
| // Describes whether the page contains malicious resources such as |
| // malware or phishing attacks. |
| enum MaliciousContentStatus { |
| MALICIOUS_CONTENT_STATUS_NONE, |
| MALICIOUS_CONTENT_STATUS_MALWARE, |
| MALICIOUS_CONTENT_STATUS_UNWANTED_SOFTWARE, |
| MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING, |
| }; |
| |
| // Describes the security status of a page or request. This is the |
| // main data structure provided by this class. SecurityInfo contains a |
| // SecurityLevel (which |
| // is a single value describing the overall security state) along with |
| // information that a consumer might want to display in UI to explain or |
| // elaborate on the SecurityLevel. |
| struct SecurityInfo { |
| SecurityInfo(); |
| ~SecurityInfo(); |
| SecurityLevel security_level; |
| // Describes the nature of the page's malicious content, if any. |
| MaliciousContentStatus malicious_content_status; |
| // True if a SHA1 signature was observed anywhere in the certificate chain. |
| bool sha1_in_chain; |
| // |mixed_content_status| describes the presence of content that was |
| // loaded over a nonsecure (HTTP) connection. |
| ContentStatus mixed_content_status; |
| // |content_with_cert_errors_status| describes the presence of |
| // content that was loaded over an HTTPS connection with |
| // certificate errors. |
| ContentStatus content_with_cert_errors_status; |
| // The verification statuses of the signed certificate timestamps |
| // for the connection. |
| std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; |
| bool scheme_is_cryptographic; |
| net::CertStatus cert_status; |
| scoped_refptr<net::X509Certificate> certificate; |
| // The security strength, in bits, of the SSL cipher suite. In late |
| // 2015, 128 is considered the minimum. |
| // |
| // 0 means the connection uses HTTPS but is not encrypted. -1 means |
| // the security strength is unknown or the connection does not use |
| // HTTPS. |
| int security_bits; |
| // Information about the SSL connection, such as protocol and |
| // ciphersuite. See ssl_connection_flags.h in net. |
| int connection_status; |
| // The ID of the (EC)DH group used by the key exchange. The value is zero if |
| // unknown (older cache entries may not store the value) or not applicable. |
| uint16_t key_exchange_group; |
| // A mask that indicates which of the protocol version, |
| // key exchange, or cipher for the connection is considered |
| // obsolete. See net::ObsoleteSSLMask for specific mask values. |
| int obsolete_ssl_status; |
| |
| // True if pinning was bypassed due to a local trust anchor. |
| bool pkp_bypassed; |
| |
| // True if the page displayed password field on an HTTP page. |
| bool displayed_password_field_on_http; |
| |
| // True if the page displayed credit card field on an HTTP page. |
| bool displayed_credit_card_field_on_http; |
| |
| // True if the server's certificate does not contain a |
| // subjectAltName extension with a domain name or IP address. |
| bool cert_missing_subject_alt_name; |
| }; |
| |
| // Contains the security state relevant to computing the SecurityInfo |
| // for a page. This is the input to GetSecurityInfo(). |
| struct VisibleSecurityState { |
| VisibleSecurityState(); |
| ~VisibleSecurityState(); |
| bool operator==(const VisibleSecurityState& other) const; |
| GURL url; |
| |
| MaliciousContentStatus malicious_content_status; |
| |
| // CONNECTION SECURITY FIELDS |
| // Whether the connection security fields are initialized. |
| bool connection_info_initialized; |
| // The following fields contain information about the connection |
| // used to load the page or request. |
| scoped_refptr<net::X509Certificate> certificate; |
| net::CertStatus cert_status; |
| int connection_status; |
| // The ID of the (EC)DH group used by the key exchange. The value is zero if |
| // unknown (older cache entries may not store the value) or not applicable. |
| uint16_t key_exchange_group; |
| int security_bits; |
| // The verification statuses of the Signed Certificate |
| // Timestamps (if any) that the server provided. |
| std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; |
| // True if the page displayed passive mixed content. |
| bool displayed_mixed_content; |
| // True if the page ran active mixed content. |
| bool ran_mixed_content; |
| // True if the page displayed passive subresources with certificate errors. |
| bool displayed_content_with_cert_errors; |
| // True if the page ran active subresources with certificate errors. |
| bool ran_content_with_cert_errors; |
| // True if PKP was bypassed due to a local trust anchor. |
| bool pkp_bypassed; |
| // True if the page was an HTTP page that displayed a password field. |
| bool displayed_password_field_on_http; |
| // True if the page was an HTTP page that displayed a credit card field. |
| bool displayed_credit_card_field_on_http; |
| }; |
| |
| // These security levels describe the treatment given to pages that |
| // display and run mixed content. They are used to coordinate the |
| // treatment of mixed content with other security UI elements. |
| constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE; |
| constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS; |
| |
| // Returns true if the given |url|'s origin should be considered secure. |
| using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>; |
| |
| // Populates |result| to describe the current page. |
| // |visible_security_state| contains the relevant security state. |
| // |used_policy_installed_certificate| indicates whether the page or request |
| // is known to be loaded with a certificate installed by the system admin. |
| // |is_origin_secure_callback| determines whether a URL's origin should be |
| // considered secure. |
| void GetSecurityInfo( |
| std::unique_ptr<VisibleSecurityState> visible_security_state, |
| bool used_policy_installed_certificate, |
| IsOriginSecureCallback is_origin_secure_callback, |
| SecurityInfo* result); |
| |
| // Returns true if an experimental form warning UI about HTTP passwords |
| // and credit cards is enabled. This warning UI can be enabled with the |
| // |kHttpFormWarningFeature| feature. |
| bool IsHttpWarningInFormEnabled(); |
| |
| } // namespace security_state |
| |
| #endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ |