chrome/browser/payments/ssl_validity_checker.cc - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/payments/ssl_validity_checker.h"

 #include "base/check.h"
 #include "base/command_line.h"
 #include "base/notreached.h"
 #include "chrome/browser/ssl/security_state_tab_helper.h"
 #include "components/network_session_configurator/common/network_switches.h"
 #include "components/payments/core/native_error_strings.h"
 #include "components/payments/core/url_util.h"
 #include "components/security_state/core/security_state.h"
 #include "url/gurl.h"

 namespace payments {

 // static std::string
 std::string SslValidityChecker::GetInvalidSslCertificateErrorMessage(
     content::WebContents* web_contents) {
   if (!web_contents)
     return errors::kInvalidSslCertificate;

   security_state::SecurityLevel security_level = GetSecurityLevel(web_contents);
   std::string level;
   switch (security_level) {
     // Indicate valid SSL with an empty string.
     case security_state::SECURE:
     case security_state::SECURE_WITH_POLICY_INSTALLED_CERT:
       return "";

     case security_state::NONE:
       level = "NONE";
       break;
     case security_state::WARNING:
       level = "WARNING";
       break;
     case security_state::DANGEROUS:
       level = "DANGEROUS";
       break;

     case security_state::SECURITY_LEVEL_COUNT:
       NOTREACHED();
       return errors::kInvalidSslCertificate;
   }

   std::string message;
   bool replaced =
       base::ReplaceChars(errors::kDetailedInvalidSslCertificateMessageFormat,
                          "$", level, &message);
   DCHECK(replaced);

   // No early return, so the other code is exercised in tests, too.
   return base::CommandLine::ForCurrentProcess()->HasSwitch(
              switches::kIgnoreCertificateErrors)
              ? ""
              : message;
 }

 // static
 bool SslValidityChecker::IsValidPageInPaymentHandlerWindow(
     content::WebContents* web_contents) {
   if (!web_contents)
     return false;

   GURL url = web_contents->GetLastCommittedURL();
   if (!UrlUtil::IsValidUrlInPaymentHandlerWindow(url))
     return false;

   if (url.SchemeIsCryptographic()) {
     security_state::SecurityLevel security_level =
         GetSecurityLevel(web_contents);
     return security_level == security_state::SECURE ||
            security_level ==
                security_state::SECURE_WITH_POLICY_INSTALLED_CERT ||
            // No early return, so the other code is exercised in tests, too.
            base::CommandLine::ForCurrentProcess()->HasSwitch(
                switches::kIgnoreCertificateErrors);
   }

   return true;
 }

 // static
 security_state::SecurityLevel SslValidityChecker::GetSecurityLevel(
     content::WebContents* web_contents) {
   DCHECK(web_contents);
   SecurityStateTabHelper::CreateForWebContents(web_contents);
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(web_contents);
   DCHECK(helper);
   return helper->GetSecurityLevel();
 }

 }  // namespace payments
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/payments/ssl_validity_checker.h"

	#include "base/check.h"
	#include "base/command_line.h"
	#include "base/notreached.h"
	#include "chrome/browser/ssl/security_state_tab_helper.h"
	#include "components/network_session_configurator/common/network_switches.h"
	#include "components/payments/core/native_error_strings.h"
	#include "components/payments/core/url_util.h"
	#include "components/security_state/core/security_state.h"
	#include "url/gurl.h"

	namespace payments {

	// static std::string
	std::string SslValidityChecker::GetInvalidSslCertificateErrorMessage(
	content::WebContents* web_contents) {
	if (!web_contents)
	return errors::kInvalidSslCertificate;

	security_state::SecurityLevel security_level = GetSecurityLevel(web_contents);
	std::string level;
	switch (security_level) {
	// Indicate valid SSL with an empty string.
	case security_state::SECURE:
	case security_state::SECURE_WITH_POLICY_INSTALLED_CERT:
	return "";

	case security_state::NONE:
	level = "NONE";
	break;
	case security_state::WARNING:
	level = "WARNING";
	break;
	case security_state::DANGEROUS:
	level = "DANGEROUS";
	break;

	case security_state::SECURITY_LEVEL_COUNT:
	NOTREACHED();
	return errors::kInvalidSslCertificate;
	}

	std::string message;
	bool replaced =
	base::ReplaceChars(errors::kDetailedInvalidSslCertificateMessageFormat,
	"$", level, &message);
	DCHECK(replaced);

	// No early return, so the other code is exercised in tests, too.
	return base::CommandLine::ForCurrentProcess()->HasSwitch(
	switches::kIgnoreCertificateErrors)
	? ""
	: message;
	}

	// static
	bool SslValidityChecker::IsValidPageInPaymentHandlerWindow(
	content::WebContents* web_contents) {
	if (!web_contents)
	return false;

	GURL url = web_contents->GetLastCommittedURL();
	if (!UrlUtil::IsValidUrlInPaymentHandlerWindow(url))
	return false;

	if (url.SchemeIsCryptographic()) {
	security_state::SecurityLevel security_level =
	GetSecurityLevel(web_contents);
	return security_level == security_state::SECURE \|\|
	security_level ==
	security_state::SECURE_WITH_POLICY_INSTALLED_CERT \|\|
	// No early return, so the other code is exercised in tests, too.
	base::CommandLine::ForCurrentProcess()->HasSwitch(
	switches::kIgnoreCertificateErrors);
	}

	return true;
	}

	// static
	security_state::SecurityLevel SslValidityChecker::GetSecurityLevel(
	content::WebContents* web_contents) {
	DCHECK(web_contents);
	SecurityStateTabHelper::CreateForWebContents(web_contents);
	SecurityStateTabHelper* helper =
	SecurityStateTabHelper::FromWebContents(web_contents);
	DCHECK(helper);
	return helper->GetSecurityLevel();
	}

	} // namespace payments