Override summary string for non-cryptographic secure origins

Screenshot: https://drive.google.com/file/d/1_rgMIl75jEqp0kDij4y9OrKAaAYATR1X/view?usp=sharing

Bug: 543864
Change-Id: Ic656621db5485da3cd8a92917780d4ee89d6cd73
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1512181
Commit-Queue: Livvie Lin <livvielin@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#639724}
diff --git a/chrome/browser/ssl/security_state_tab_helper_browsertest.cc b/chrome/browser/ssl/security_state_tab_helper_browsertest.cc
index 1f47b9f..d19b0b4 100644
--- a/chrome/browser/ssl/security_state_tab_helper_browsertest.cc
+++ b/chrome/browser/ssl/security_state_tab_helper_browsertest.cc
@@ -1601,7 +1601,10 @@
   EXPECT_TRUE(observer.latest_explanations().info_explanations.empty());
   EXPECT_FALSE(observer.latest_explanations().ran_mixed_content);
   EXPECT_FALSE(observer.latest_explanations().displayed_mixed_content);
-  EXPECT_TRUE(observer.latest_explanations().summary.empty());
+  // Localhost is considered a secure origin, so we expect the summary to
+  // reflect this.
+  EXPECT_EQ(l10n_util::GetStringUTF8(IDS_NON_CRYPTO_SECURE_SUMMARY),
+            observer.latest_explanations().summary);
 
   // Visit an (otherwise valid) HTTPS page that displays mixed content.
   std::string replacement_path = GetFilePathWithHostAndPortReplacement(
diff --git a/components/security_state/content/content_utils.cc b/components/security_state/content/content_utils.cc
index 5587836..8ac2ce8 100644
--- a/components/security_state/content/content_utils.cc
+++ b/components/security_state/content/content_utils.cc
@@ -448,6 +448,13 @@
   security_style_explanations->scheme_is_cryptographic =
       security_info.scheme_is_cryptographic;
   if (!security_info.scheme_is_cryptographic) {
+    // Some origins are considered secure even if they're not cryptographic, so
+    // display a more precise summary.
+    if (security_info.security_level == security_state::NONE &&
+        security_info.origin_is_secure) {
+      security_style_explanations->summary =
+          l10n_util::GetStringUTF8(IDS_NON_CRYPTO_SECURE_SUMMARY);
+    }
     return security_style;
   }
 
diff --git a/components/security_state/content/content_utils_unittest.cc b/components/security_state/content/content_utils_unittest.cc
index 1c8191d..ee7f25a 100644
--- a/components/security_state/content/content_utils_unittest.cc
+++ b/components/security_state/content/content_utils_unittest.cc
@@ -174,6 +174,21 @@
             explanations.summary);
 }
 
+// Tests that a non-cryptographic secure origin in SecurityInfo triggers an
+// appropriate summary in SecurityStyleExplanations.
+TEST(SecurityStateContentUtilsTest,
+     GetSecurityStyleForNonCryptographicSecureOrigin) {
+  content::SecurityStyleExplanations explanations;
+  security_state::SecurityInfo security_info;
+  security_info.cert_status = 0;
+  security_info.scheme_is_cryptographic = false;
+  security_info.origin_is_secure = true;
+
+  GetSecurityStyle(security_info, &explanations);
+  EXPECT_EQ(l10n_util::GetStringUTF8(IDS_NON_CRYPTO_SECURE_SUMMARY),
+            explanations.summary);
+}
+
 bool FindSecurityStyleExplanation(
     const std::vector<content::SecurityStyleExplanation>& explanations,
     const std::string& title,
diff --git a/components/security_state/core/security_state.cc b/components/security_state/core/security_state.cc
index cb27b57..f00515e 100644
--- a/components/security_state/core/security_state.cc
+++ b/components/security_state/core/security_state.cc
@@ -220,6 +220,8 @@
   security_info->cert_status = visible_security_state.cert_status;
   security_info->scheme_is_cryptographic =
       visible_security_state.url.SchemeIsCryptographic();
+  security_info->origin_is_secure =
+      is_origin_secure_callback.Run(visible_security_state.url);
   security_info->obsolete_ssl_status =
       net::ObsoleteSSLStatus(security_info->connection_status,
                              security_info->peer_signature_algorithm);
@@ -275,6 +277,7 @@
       mixed_content_status(CONTENT_STATUS_NONE),
       content_with_cert_errors_status(CONTENT_STATUS_NONE),
       scheme_is_cryptographic(false),
+      origin_is_secure(false),
       cert_status(0),
       connection_status(0),
       key_exchange_group(0),
diff --git a/components/security_state/core/security_state.h b/components/security_state/core/security_state.h
index 6b027df..cb59e4b 100644
--- a/components/security_state/core/security_state.h
+++ b/components/security_state/core/security_state.h
@@ -120,6 +120,9 @@
   // certificate errors.
   ContentStatus content_with_cert_errors_status;
   bool scheme_is_cryptographic;
+  // Some origins are considered secure even if they aren't cryptographic. This
+  // field marks such origins so that they can be treated differently in the UI.
+  bool origin_is_secure;
   net::CertStatus cert_status;
   scoped_refptr<net::X509Certificate> certificate;
   // Information about the SSL connection, such as protocol and
diff --git a/components/security_state_strings.grdp b/components/security_state_strings.grdp
index 8628491..ac2829b 100644
--- a/components/security_state_strings.grdp
+++ b/components/security_state_strings.grdp
@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <grit-part>
   <!-- Strings describing Chrome security policy for DevTools security panel -->
+  <message name="IDS_NON_CRYPTO_SECURE_SUMMARY" desc="Main summary for where the site has a non-cryptographic secure origin." translateable="false">
+    This page has a non-HTTPS secure origin.
+  </message>
   <message name="IDS_HTTP_NONSECURE_SUMMARY" desc="Main summary for where the site is non-secure HTTP." translateable="false">
     This page is insecure (unencrypted HTTP).
   </message>