blob: 6b027df238acee5e8921099982111411e647398a [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stdint.h>
#include <memory>
#include "base/callback.h"
#include "base/feature_list.h"
#include "base/macros.h"
#include "components/security_state/core/insecure_input_event_data.h"
#include "net/base/url_util.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/sct_status_flags.h"
#include "net/cert/x509_certificate.h"
#include "url/gurl.h"
// Provides helper methods and data types that are used to determine the
// high-level security information about a page or request.
// SecurityInfo is the main data structure, describing a page's or request's
// security state. It is computed by the platform-independent GetSecurityInfo()
// helper method, which receives platform-specific inputs from its callers in
// the form of a VisibleSecurityState struct.
namespace security_state {
// Describes the overall security state of the page.
// These values are persisted to logs. Entries should not be renumbered and
// numeric values should never be reused.
// If you change this enum, you may need to update the UI icons in
// LocationBarModelImpl::GetVectorIcon and GetIconForSecurityState.
// A Java counterpart will be generated for this enum.
// GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.security_state
enum SecurityLevel {
// HTTP/no URL/HTTPS but with insecure passive content on the page.
NONE = 0,
// HTTP, in a case where we want to show a visible warning about the page's
// lack of security.
// The criteria used to classify pages as NONE vs. HTTP_SHOW_WARNING will
// change over time. Eventually, NONE will be eliminated.
// See
// HTTPS with valid EV cert.
// HTTPS (non-EV) with valid cert.
// HTTPS, but a certificate chain anchored to a root certificate installed
// by the system administrator has been observed in this profile, suggesting
// a MITM was present.
// Used only on ChromeOS, this status is unreached on other platforms.
// Attempted HTTPS and failed, page not authenticated, HTTPS with
// insecure active content on the page, malware, phishing, or any other
// serious security issue that could be dangerous.
// The ContentStatus enum is used to describe content on the page that
// has significantly different security properties than the main page
// load. Content can be passive content that is displayed (such as
// images) or active content that is run (such as scripts or iframes).
enum ContentStatus {
// Describes whether the page contains malicious resources such as
// malware or phishing attacks.
enum MaliciousContentStatus {
// Describes the security status of a page or request. This is the
// main data structure provided by this class. SecurityInfo contains a
// SecurityLevel (which
// is a single value describing the overall security state) along with
// information that a consumer might want to display in UI to explain or
// elaborate on the SecurityLevel.
struct SecurityInfo {
// Whether the connection security fields are initialized.
bool connection_info_initialized;
// Describes the overall security state of the page.
SecurityLevel security_level;
// Describes the nature of the page's malicious content, if any.
MaliciousContentStatus malicious_content_status;
// True if a SHA1 signature was observed anywhere in the certificate chain.
bool sha1_in_chain;
// |mixed_content_status| describes the presence of content that was
// loaded over a nonsecure (HTTP) connection.
ContentStatus mixed_content_status;
// |content_with_cert_errors_status| describes the presence of
// content that was loaded over an HTTPS connection with
// certificate errors.
ContentStatus content_with_cert_errors_status;
bool scheme_is_cryptographic;
net::CertStatus cert_status;
scoped_refptr<net::X509Certificate> certificate;
// Information about the SSL connection, such as protocol and
// ciphersuite. See ssl_connection_flags.h in net.
int connection_status;
// The ID of the (EC)DH group used by the key exchange. The value is zero if
// unknown (older cache entries may not store the value) or not applicable.
uint16_t key_exchange_group;
// The signature algorithm used by the peer in the TLS handshake, or zero if
// unknown (older cache entries may not store the value) or not applicable.
uint16_t peer_signature_algorithm;
// A mask that indicates which of the protocol version,
// key exchange, or cipher for the connection is considered
// obsolete. See net::ObsoleteSSLMask for specific mask values.
int obsolete_ssl_status;
// True if pinning was bypassed due to a local trust anchor.
bool pkp_bypassed;
// True if the secure page contained a form with a nonsecure target.
bool contained_mixed_form;
// True if the server's certificate does not contain a
// subjectAltName extension with a domain name or IP address.
bool cert_missing_subject_alt_name;
// Contains information about input events that may impact the security
// level of the page.
InsecureInputEventData insecure_input_events;
// Contains the security state relevant to computing the SecurityInfo
// for a page. This is the input to GetSecurityInfo().
struct VisibleSecurityState {
GURL url;
MaliciousContentStatus malicious_content_status;
// Whether the connection security fields are initialized.
bool connection_info_initialized;
// The following fields contain information about the connection
// used to load the page or request.
scoped_refptr<net::X509Certificate> certificate;
net::CertStatus cert_status;
int connection_status;
// The ID of the (EC)DH group used by the key exchange. The value is zero if
// unknown (older cache entries may not store the value) or not applicable.
uint16_t key_exchange_group;
// The signature algorithm used by the peer in the TLS handshake, or zero if
// unknown (older cache entries may not store the value) or not applicable.
uint16_t peer_signature_algorithm;
// True if the page displayed passive mixed content.
bool displayed_mixed_content;
// True if the secure page contained a form with a nonsecure target.
bool contained_mixed_form;
// True if the page ran active mixed content.
bool ran_mixed_content;
// True if the page displayed passive subresources with certificate errors.
bool displayed_content_with_cert_errors;
// True if the page ran active subresources with certificate errors.
bool ran_content_with_cert_errors;
// True if PKP was bypassed due to a local trust anchor.
bool pkp_bypassed;
// True if the page was an error page.
// TODO(estark): this field is not populated on iOS.
bool is_error_page;
// True if the page is a view-source page.
bool is_view_source;
// Contains information about input events that may impact the security
// level of the page.
InsecureInputEventData insecure_input_events;
// These security levels describe the treatment given to pages that
// display and run mixed content. They are used to coordinate the
// treatment of mixed content with other security UI elements.
constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE;
constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS;
// Returns true if the given |url|'s origin should be considered secure.
using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>;
// Populates |result| to describe the current page.
// |visible_security_state| contains the relevant security state.
// |used_policy_installed_certificate| indicates whether the page or request
// is known to be loaded with a certificate installed by the system admin.
// |is_origin_secure_callback| determines whether a URL's origin should be
// considered secure.
void GetSecurityInfo(
std::unique_ptr<VisibleSecurityState> visible_security_state,
bool used_policy_installed_certificate,
IsOriginSecureCallback is_origin_secure_callback,
SecurityInfo* result);
// Returns true for a valid |url| with a cryptographic scheme, e.g., HTTPS, WSS.
bool IsSchemeCryptographic(const GURL& url);
// Returns true for a valid |url| with localhost or file:// scheme origin.
bool IsOriginLocalhostOrFile(const GURL& url);
// Returns true if the page has a valid SSL certificate. Only EV_SECURE,
// SECURE, and SECURE_WITH_POLICY_INSTALLED_CERT are considered valid.
bool IsSslCertificateValid(security_state::SecurityLevel security_level);
// Returns the given prefix suffixed with a dot and the current security level.
std::string GetSecurityLevelHistogramName(
const std::string& prefix, security_state::SecurityLevel level);
} // namespace security_state