[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
[email protected] | 4237dd5 | 2012-06-05 00:00:32 | [diff] [blame] | 5 | #include "chrome/browser/ui/website_settings/website_settings.h" |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 6 | |
| 7 | #include <string> |
| 8 | #include <vector> |
| 9 | |
[email protected] | eb2140c | 2013-07-29 12:37:34 | [diff] [blame] | 10 | #include "base/command_line.h" |
[email protected] | 15b09254 | 2012-05-16 13:08:14 | [diff] [blame] | 11 | #include "base/i18n/time_formatting.h" |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 12 | #include "base/metrics/field_trial.h" |
[email protected] | 3ea1b18 | 2013-02-08 22:38:41 | [diff] [blame] | 13 | #include "base/metrics/histogram.h" |
| 14 | #include "base/strings/string_number_conversions.h" |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 15 | #include "base/strings/stringprintf.h" |
[email protected] | 774cc3c | 2013-06-07 20:26:45 | [diff] [blame] | 16 | #include "base/strings/utf_string_conversions.h" |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 17 | #include "base/values.h" |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 18 | #include "chrome/browser/browser_process.h" |
[email protected] | 6b8a3c74 | 2014-07-25 00:25:35 | [diff] [blame] | 19 | #include "chrome/browser/browsing_data/browsing_data_channel_id_helper.h" |
[email protected] | b0cb5e8 | 2012-07-19 19:22:47 | [diff] [blame] | 20 | #include "chrome/browser/browsing_data/browsing_data_cookie_helper.h" |
| 21 | #include "chrome/browser/browsing_data/browsing_data_database_helper.h" |
| 22 | #include "chrome/browser/browsing_data/browsing_data_file_system_helper.h" |
| 23 | #include "chrome/browser/browsing_data/browsing_data_indexed_db_helper.h" |
| 24 | #include "chrome/browser/browsing_data/browsing_data_local_storage_helper.h" |
peconn | 5100d43 | 2015-09-16 12:03:08 | [diff] [blame] | 25 | #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
[email protected] | 77a91c7 | 2012-08-13 16:19:34 | [diff] [blame] | 26 | #include "chrome/browser/history/history_service_factory.h" |
palmer | f2cba0d | 2015-08-27 23:15:06 | [diff] [blame] | 27 | #include "chrome/browser/infobars/infobar_service.h" |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 28 | #include "chrome/browser/profiles/profile.h" |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 29 | #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 30 | #include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h" |
jdonnelly | 9f8cbae | 2015-09-17 00:15:53 | [diff] [blame] | 31 | #include "chrome/browser/ssl/ssl_error_info.h" |
[email protected] | 4237dd5 | 2012-06-05 00:00:32 | [diff] [blame] | 32 | #include "chrome/browser/ui/website_settings/website_settings_ui.h" |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 33 | #include "chrome/common/chrome_switches.h" |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 34 | #include "chrome/common/pref_names.h" |
jsbell | ddb849e | 2015-08-27 00:12:56 | [diff] [blame] | 35 | #include "chrome/common/url_constants.h" |
thestig | 884a160 | 2014-08-27 01:29:39 | [diff] [blame] | 36 | #include "chrome/grit/chromium_strings.h" |
| 37 | #include "chrome/grit/generated_resources.h" |
mukai | 8eaec82 | 2014-10-25 17:53:16 | [diff] [blame] | 38 | #include "components/content_settings/core/browser/content_settings_utils.h" |
| 39 | #include "components/content_settings/core/browser/host_content_settings_map.h" |
vabr | 4856559 | 2014-10-08 15:06:02 | [diff] [blame] | 40 | #include "components/content_settings/core/browser/local_shared_objects_counter.h" |
palmer | 0da10b3 | 2015-02-11 00:42:19 | [diff] [blame] | 41 | #include "components/content_settings/core/common/content_settings.h" |
vasilii | f62dbf9 | 2014-09-05 10:23:13 | [diff] [blame] | 42 | #include "components/content_settings/core/common/content_settings_pattern.h" |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 43 | #include "components/rappor/rappor_utils.h" |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 44 | #include "components/url_formatter/elide_url.h" |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 45 | #include "content/public/browser/browser_thread.h" |
[email protected] | b59c6cf0 | 2012-03-12 20:51:42 | [diff] [blame] | 46 | #include "content/public/browser/cert_store.h" |
[email protected] | e22d64f | 2012-09-10 09:03:23 | [diff] [blame] | 47 | #include "content/public/browser/user_metrics.h" |
[email protected] | eb2140c | 2013-07-29 12:37:34 | [diff] [blame] | 48 | #include "content/public/common/content_switches.h" |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 49 | #include "content/public/common/ssl_status.h" |
| 50 | #include "content/public/common/url_constants.h" |
[email protected] | 6e7845ae | 2013-03-29 21:48:11 | [diff] [blame] | 51 | #include "net/cert/cert_status_flags.h" |
| 52 | #include "net/cert/x509_certificate.h" |
[email protected] | 536fd0b | 2013-03-14 17:41:57 | [diff] [blame] | 53 | #include "net/ssl/ssl_cipher_suite_names.h" |
| 54 | #include "net/ssl/ssl_connection_status_flags.h" |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 55 | #include "ui/base/l10n/l10n_util.h" |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 56 | |
[email protected] | 24a9f1c9 | 2013-11-13 12:33:37 | [diff] [blame] | 57 | #if defined(OS_CHROMEOS) |
| 58 | #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| 59 | #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| 60 | #endif |
| 61 | |
estade | 3feb83f | 2015-09-01 23:00:49 | [diff] [blame] | 62 | #if !defined(OS_ANDROID) |
| 63 | #include "chrome/browser/ui/website_settings/website_settings_infobar_delegate.h" |
| 64 | #endif |
| 65 | |
[email protected] | ab6df3b1 | 2013-12-24 23:32:26 | [diff] [blame] | 66 | using base::ASCIIToUTF16; |
| 67 | using base::UTF8ToUTF16; |
[email protected] | f729d7a | 2013-12-26 07:07:56 | [diff] [blame] | 68 | using base::UTF16ToUTF8; |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 69 | using content::BrowserThread; |
| 70 | |
| 71 | namespace { |
| 72 | |
jww | 1ed8ea7 | 2014-09-02 20:43:25 | [diff] [blame] | 73 | // Events for UMA. Do not reorder or change! |
| 74 | enum SSLCertificateDecisionsDidRevoke { |
| 75 | USER_CERT_DECISIONS_NOT_REVOKED = 0, |
| 76 | USER_CERT_DECISIONS_REVOKED, |
| 77 | END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM |
| 78 | }; |
| 79 | |
palmer | 0da10b3 | 2015-02-11 00:42:19 | [diff] [blame] | 80 | // The list of content settings types to display on the Website Settings UI. THE |
| 81 | // ORDER OF THESE ITEMS IS IMPORTANT. To propose changing it, email |
| 82 | // [email protected]. |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 83 | ContentSettingsType kPermissionType[] = { |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 84 | CONTENT_SETTINGS_TYPE_GEOLOCATION, |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 85 | CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, |
| 86 | CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC, |
palmer | 0da10b3 | 2015-02-11 00:42:19 | [diff] [blame] | 87 | CONTENT_SETTINGS_TYPE_NOTIFICATIONS, |
| 88 | CONTENT_SETTINGS_TYPE_IMAGES, |
| 89 | CONTENT_SETTINGS_TYPE_JAVASCRIPT, |
| 90 | CONTENT_SETTINGS_TYPE_POPUPS, |
| 91 | CONTENT_SETTINGS_TYPE_FULLSCREEN, |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 92 | CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS, |
palmer | 0da10b3 | 2015-02-11 00:42:19 | [diff] [blame] | 93 | CONTENT_SETTINGS_TYPE_PLUGINS, |
| 94 | CONTENT_SETTINGS_TYPE_MOUSELOCK, |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 95 | CONTENT_SETTINGS_TYPE_MIDI_SYSEX, |
benwells | a68ed4b | 2014-11-13 03:25:36 | [diff] [blame] | 96 | #if defined(OS_ANDROID) |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 97 | CONTENT_SETTINGS_TYPE_PUSH_MESSAGING, |
benwells | a68ed4b | 2014-11-13 03:25:36 | [diff] [blame] | 98 | #endif |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 99 | }; |
| 100 | |
[email protected] | 94c74b4 | 2013-12-02 15:19:49 | [diff] [blame] | 101 | bool CertificateTransparencyStatusMatch( |
| 102 | const content::SignedCertificateTimestampIDStatusList& scts, |
| 103 | net::ct::SCTVerifyStatus status) { |
| 104 | for (content::SignedCertificateTimestampIDStatusList::const_iterator it = |
| 105 | scts.begin(); |
| 106 | it != scts.end(); |
| 107 | ++it) { |
| 108 | if (it->status == status) |
| 109 | return true; |
| 110 | } |
| 111 | |
| 112 | return false; |
| 113 | } |
| 114 | |
| 115 | int GetSiteIdentityDetailsMessageByCTInfo( |
| 116 | const content::SignedCertificateTimestampIDStatusList& scts, |
| 117 | bool is_ev) { |
| 118 | // No SCTs - no CT information. |
| 119 | if (scts.empty()) |
| 120 | return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT |
| 121 | : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT); |
| 122 | |
| 123 | if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_OK)) |
| 124 | return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED |
| 125 | : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED); |
| 126 | |
| 127 | if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_INVALID)) |
| 128 | return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID |
| 129 | : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID); |
| 130 | |
| 131 | // status is SCT_STATUS_LOG_UNKNOWN |
| 132 | return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_UNVERIFIED |
| 133 | : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_UNVERIFIED); |
| 134 | } |
| 135 | |
| 136 | // This function will return SITE_IDENTITY_STATUS_CERT or |
| 137 | // SITE_IDENTITY_STATUS_EV_CERT depending on |is_ev| unless there are SCTs |
| 138 | // which failed verification, in which case it will return |
| 139 | // SITE_IDENTITY_STATUS_ERROR. |
| 140 | WebsiteSettings::SiteIdentityStatus GetSiteIdentityStatusByCTInfo( |
| 141 | const content::SignedCertificateTimestampIDStatusList& scts, |
| 142 | bool is_ev) { |
| 143 | if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_INVALID)) |
| 144 | return WebsiteSettings::SITE_IDENTITY_STATUS_ERROR; |
| 145 | |
| 146 | return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT |
| 147 | : WebsiteSettings::SITE_IDENTITY_STATUS_CERT; |
| 148 | } |
| 149 | |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 150 | base::string16 GetSimpleSiteName(const GURL& url, Profile* profile) { |
| 151 | std::string languages; |
| 152 | if (profile) |
| 153 | languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages); |
| 154 | return url_formatter::FormatUrlForSecurityDisplayOmitScheme(url, languages); |
| 155 | } |
| 156 | |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 157 | } // namespace |
| 158 | |
| 159 | WebsiteSettings::WebsiteSettings( |
| 160 | WebsiteSettingsUI* ui, |
| 161 | Profile* profile, |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 162 | TabSpecificContentSettings* tab_specific_content_settings, |
palmer | f2cba0d | 2015-08-27 23:15:06 | [diff] [blame] | 163 | content::WebContents* web_contents, |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 164 | const GURL& url, |
| 165 | const content::SSLStatus& ssl, |
| 166 | content::CertStore* cert_store) |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 167 | : TabSpecificContentSettings::SiteDataObserver( |
| 168 | tab_specific_content_settings), |
| 169 | ui_(ui), |
palmer | f2cba0d | 2015-08-27 23:15:06 | [diff] [blame] | 170 | web_contents_(web_contents), |
[email protected] | 66f15731 | 2012-08-01 13:50:26 | [diff] [blame] | 171 | show_info_bar_(false), |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 172 | site_url_(url), |
| 173 | site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), |
[email protected] | f61c1ce | 2012-05-09 13:55:11 | [diff] [blame] | 174 | cert_id_(0), |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 175 | site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 176 | cert_store_(cert_store), |
peconn | 5100d43 | 2015-09-16 12:03:08 | [diff] [blame] | 177 | content_settings_(HostContentSettingsMapFactory::GetForProfile(profile)), |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 178 | chrome_ssl_host_state_delegate_( |
jww | 1ed8ea7 | 2014-09-02 20:43:25 | [diff] [blame] | 179 | ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 180 | did_revoke_user_ssl_decisions_(false), |
| 181 | profile_(profile) { |
estark | 7c6bfbf | 2015-09-16 22:20:50 | [diff] [blame] | 182 | Init(url, ssl); |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 183 | |
| 184 | PresentSitePermissions(); |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 185 | PresentSiteData(); |
[email protected] | 24c8818c | 2012-04-25 09:57:41 | [diff] [blame] | 186 | PresentSiteIdentity(); |
[email protected] | e22d64f | 2012-09-10 09:03:23 | [diff] [blame] | 187 | |
| 188 | // Every time the Website Settings UI is opened a |WebsiteSettings| object is |
| 189 | // created. So this counts how ofter the Website Settings UI is opened. |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 190 | RecordWebsiteSettingsAction(WEBSITE_SETTINGS_OPENED); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 191 | } |
| 192 | |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 193 | WebsiteSettings::~WebsiteSettings() { |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 194 | } |
| 195 | |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 196 | void WebsiteSettings::RecordWebsiteSettingsAction( |
| 197 | WebsiteSettingsAction action) { |
| 198 | UMA_HISTOGRAM_ENUMERATION("WebsiteSettings.Action", |
| 199 | action, |
| 200 | WEBSITE_SETTINGS_COUNT); |
| 201 | |
| 202 | // Use a separate histogram to record actions if they are done on a page with |
| 203 | // an HTTPS URL. Note that this *disregards* security status. |
palmer | ee0e5af | 2015-06-05 03:10:40 | [diff] [blame] | 204 | // |
| 205 | |
| 206 | // TODO(palmer): Consider adding a new histogram for |
| 207 | // GURL::SchemeIsCryptographic. (We don't want to replace this call with a |
| 208 | // call to that function because we don't want to change the meanings of |
| 209 | // existing metrics.) This would inform the decision to mark non-secure |
| 210 | // origins as Dubious or Non-Secure; the overall bug for that is |
| 211 | // crbug.com/454579. |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 212 | if (site_url_.SchemeIs(url::kHttpsScheme)) { |
| 213 | UMA_HISTOGRAM_ENUMERATION("WebsiteSettings.Action.HttpsUrl", |
| 214 | action, |
| 215 | WEBSITE_SETTINGS_COUNT); |
| 216 | } |
| 217 | } |
| 218 | |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 219 | // Get corresponding Rappor Metric. |
| 220 | const std::string GetRapporMetric(ContentSettingsType permission) { |
| 221 | std::string permission_str; |
| 222 | switch (permission) { |
| 223 | case CONTENT_SETTINGS_TYPE_GEOLOCATION: |
| 224 | permission_str = "Geolocation"; |
| 225 | break; |
| 226 | case CONTENT_SETTINGS_TYPE_NOTIFICATIONS: |
| 227 | permission_str = "Notifications"; |
| 228 | break; |
| 229 | case CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC: |
| 230 | permission_str = "Mic"; |
| 231 | break; |
| 232 | case CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA: |
| 233 | permission_str = "Camera"; |
| 234 | break; |
| 235 | default: |
| 236 | return ""; |
| 237 | } |
| 238 | |
| 239 | return base::StringPrintf("ContentSettings.PermissionActions_%s.Revoked.Url", |
| 240 | permission_str.c_str()); |
| 241 | } |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 242 | |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 243 | void WebsiteSettings::OnSitePermissionChanged(ContentSettingsType type, |
| 244 | ContentSetting setting) { |
[email protected] | e22d64f | 2012-09-10 09:03:23 | [diff] [blame] | 245 | // Count how often a permission for a specific content type is changed using |
| 246 | // the Website Settings UI. |
raymes | 4a13d43 | 2015-09-08 00:44:07 | [diff] [blame] | 247 | size_t num_values; |
| 248 | int histogram_value = ContentSettingTypeToHistogramValue(type, &num_values); |
sashab | 9debecd | 2014-12-18 04:15:56 | [diff] [blame] | 249 | UMA_HISTOGRAM_ENUMERATION("WebsiteSettings.OriginInfo.PermissionChanged", |
raymes | 4a13d43 | 2015-09-08 00:44:07 | [diff] [blame] | 250 | histogram_value, num_values); |
sashab | 9debecd | 2014-12-18 04:15:56 | [diff] [blame] | 251 | |
| 252 | if (setting == ContentSetting::CONTENT_SETTING_ALLOW) { |
| 253 | UMA_HISTOGRAM_ENUMERATION( |
| 254 | "WebsiteSettings.OriginInfo.PermissionChanged.Allowed", histogram_value, |
raymes | 4a13d43 | 2015-09-08 00:44:07 | [diff] [blame] | 255 | num_values); |
sashab | 9debecd | 2014-12-18 04:15:56 | [diff] [blame] | 256 | } else if (setting == ContentSetting::CONTENT_SETTING_BLOCK) { |
| 257 | UMA_HISTOGRAM_ENUMERATION( |
| 258 | "WebsiteSettings.OriginInfo.PermissionChanged.Blocked", histogram_value, |
raymes | 4a13d43 | 2015-09-08 00:44:07 | [diff] [blame] | 259 | num_values); |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 260 | // Trigger Rappor sampling if it is a permission revoke action. |
| 261 | const std::string& rappor_metric = GetRapporMetric(type); |
| 262 | if (!rappor_metric.empty()) { |
| 263 | rappor::SampleDomainAndRegistryFromGURL( |
| 264 | g_browser_process->rappor_service(), rappor_metric, this->site_url_); |
| 265 | } |
sashab | 9debecd | 2014-12-18 04:15:56 | [diff] [blame] | 266 | } |
[email protected] | e22d64f | 2012-09-10 09:03:23 | [diff] [blame] | 267 | |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 268 | // This is technically redundant given the histogram above, but putting the |
| 269 | // total count of permission changes in another histogram makes it easier to |
| 270 | // compare it against other kinds of actions in WebsiteSettings[PopupView]. |
| 271 | RecordWebsiteSettingsAction(WEBSITE_SETTINGS_CHANGED_PERMISSION); |
| 272 | |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 273 | ContentSettingsPattern primary_pattern; |
| 274 | ContentSettingsPattern secondary_pattern; |
| 275 | switch (type) { |
| 276 | case CONTENT_SETTINGS_TYPE_GEOLOCATION: |
[email protected] | eb2140c | 2013-07-29 12:37:34 | [diff] [blame] | 277 | case CONTENT_SETTINGS_TYPE_MIDI_SYSEX: |
mlamouri | ab1897c | 2015-02-18 12:09:32 | [diff] [blame] | 278 | case CONTENT_SETTINGS_TYPE_FULLSCREEN: |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 279 | // TODO(markusheintz): The rule we create here should also change the |
| 280 | // location permission for iframed content. |
| 281 | primary_pattern = ContentSettingsPattern::FromURLNoWildcard(site_url_); |
| 282 | secondary_pattern = ContentSettingsPattern::FromURLNoWildcard(site_url_); |
| 283 | break; |
| 284 | case CONTENT_SETTINGS_TYPE_NOTIFICATIONS: |
| 285 | primary_pattern = ContentSettingsPattern::FromURLNoWildcard(site_url_); |
| 286 | secondary_pattern = ContentSettingsPattern::Wildcard(); |
| 287 | break; |
[email protected] | b1d113d | 2012-06-27 21:27:34 | [diff] [blame] | 288 | case CONTENT_SETTINGS_TYPE_IMAGES: |
| 289 | case CONTENT_SETTINGS_TYPE_JAVASCRIPT: |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 290 | case CONTENT_SETTINGS_TYPE_PLUGINS: |
| 291 | case CONTENT_SETTINGS_TYPE_POPUPS: |
[email protected] | b1d113d | 2012-06-27 21:27:34 | [diff] [blame] | 292 | case CONTENT_SETTINGS_TYPE_MOUSELOCK: |
[email protected] | ad635b1 | 2013-07-22 21:53:27 | [diff] [blame] | 293 | case CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS: |
benwells | a68ed4b | 2014-11-13 03:25:36 | [diff] [blame] | 294 | case CONTENT_SETTINGS_TYPE_PUSH_MESSAGING: |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 295 | primary_pattern = ContentSettingsPattern::FromURL(site_url_); |
| 296 | secondary_pattern = ContentSettingsPattern::Wildcard(); |
| 297 | break; |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 298 | case CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC: |
| 299 | case CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA: |
[email protected] | 0bacc191 | 2012-12-11 11:05:34 | [diff] [blame] | 300 | primary_pattern = ContentSettingsPattern::FromURLNoWildcard(site_url_); |
| 301 | secondary_pattern = ContentSettingsPattern::Wildcard(); |
[email protected] | 0bacc191 | 2012-12-11 11:05:34 | [diff] [blame] | 302 | break; |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 303 | default: |
| 304 | NOTREACHED() << "ContentSettingsType " << type << "is not supported."; |
| 305 | break; |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 306 | } |
| 307 | |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 308 | // Permission settings are specified via rules. There exists always at least |
| 309 | // one rule for the default setting. Get the rule that currently defines |
| 310 | // the permission for the given permission |type|. Then test whether the |
| 311 | // existing rule is more specific than the rule we are about to create. If |
| 312 | // the existing rule is more specific, than change the existing rule instead |
| 313 | // of creating a new rule that would be hidden behind the existing rule. |
| 314 | content_settings::SettingInfo info; |
| 315 | scoped_ptr<base::Value> v = |
raymes | 7dec6d86 | 2015-07-27 07:02:08 | [diff] [blame] | 316 | content_settings_->GetWebsiteSetting( |
jialiul | 02aad2d | 2015-04-01 18:56:03 | [diff] [blame] | 317 | site_url_, site_url_, type, std::string(), &info); |
| 318 | content_settings_->SetNarrowestWebsiteSetting( |
| 319 | primary_pattern, secondary_pattern, type, std::string(), setting, info); |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 320 | |
[email protected] | 66f15731 | 2012-08-01 13:50:26 | [diff] [blame] | 321 | show_info_bar_ = true; |
[email protected] | 2f45d54 | 2012-08-22 08:47:24 | [diff] [blame] | 322 | |
[email protected] | 2f45d54 | 2012-08-22 08:47:24 | [diff] [blame] | 323 | // Refresh the UI to reflect the new setting. |
| 324 | PresentSitePermissions(); |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 325 | } |
| 326 | |
| 327 | void WebsiteSettings::OnSiteDataAccessed() { |
| 328 | PresentSiteData(); |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 329 | } |
| 330 | |
[email protected] | 66f15731 | 2012-08-01 13:50:26 | [diff] [blame] | 331 | void WebsiteSettings::OnUIClosing() { |
estade | 3feb83f | 2015-09-01 23:00:49 | [diff] [blame] | 332 | #if defined(OS_ANDROID) |
| 333 | NOTREACHED(); |
| 334 | #else |
palmer | f2cba0d | 2015-08-27 23:15:06 | [diff] [blame] | 335 | if (show_info_bar_ && web_contents_) { |
| 336 | InfoBarService* infobar_service = |
| 337 | InfoBarService::FromWebContents(web_contents_); |
| 338 | if (infobar_service) |
| 339 | WebsiteSettingsInfoBarDelegate::Create(infobar_service); |
| 340 | } |
jww | 1ed8ea7 | 2014-09-02 20:43:25 | [diff] [blame] | 341 | |
| 342 | SSLCertificateDecisionsDidRevoke user_decision = |
| 343 | did_revoke_user_ssl_decisions_ ? USER_CERT_DECISIONS_REVOKED |
| 344 | : USER_CERT_DECISIONS_NOT_REVOKED; |
| 345 | |
| 346 | UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.did_user_revoke_decisions", |
| 347 | user_decision, |
| 348 | END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM); |
estade | 3feb83f | 2015-09-01 23:00:49 | [diff] [blame] | 349 | #endif |
jww | 1ed8ea7 | 2014-09-02 20:43:25 | [diff] [blame] | 350 | } |
| 351 | |
| 352 | void WebsiteSettings::OnRevokeSSLErrorBypassButtonPressed() { |
| 353 | DCHECK(chrome_ssl_host_state_delegate_); |
jww | 6a55df7 | 2014-09-05 19:59:29 | [diff] [blame] | 354 | chrome_ssl_host_state_delegate_->RevokeUserAllowExceptionsHard( |
| 355 | site_url().host()); |
jww | 1ed8ea7 | 2014-09-02 20:43:25 | [diff] [blame] | 356 | did_revoke_user_ssl_decisions_ = true; |
[email protected] | 66f15731 | 2012-08-01 13:50:26 | [diff] [blame] | 357 | } |
| 358 | |
estark | 7c6bfbf | 2015-09-16 22:20:50 | [diff] [blame] | 359 | void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { |
sashab | 97894ce | 2014-10-22 10:08:33 | [diff] [blame] | 360 | bool isChromeUINativeScheme = false; |
| 361 | #if defined(OS_ANDROID) |
| 362 | isChromeUINativeScheme = url.SchemeIs(chrome::kChromeUINativeScheme); |
| 363 | #endif |
| 364 | |
| 365 | if (url.SchemeIs(content::kChromeUIScheme) || |
| 366 | url.SchemeIs(url::kAboutScheme) || isChromeUINativeScheme) { |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 367 | site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE; |
| 368 | site_identity_details_ = |
| 369 | l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE); |
| 370 | site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE; |
| 371 | return; |
| 372 | } |
| 373 | |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 374 | // Identity section. |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 375 | scoped_refptr<net::X509Certificate> cert; |
[email protected] | f61c1ce | 2012-05-09 13:55:11 | [diff] [blame] | 376 | cert_id_ = ssl.cert_id; |
| 377 | |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 378 | if (ssl.cert_id && |
| 379 | cert_store_->RetrieveCert(ssl.cert_id, &cert) && |
| 380 | (!net::IsCertStatusError(ssl.cert_status) || |
| 381 | net::IsCertStatusMinorError(ssl.cert_status))) { |
| 382 | // There are no major errors. Check for minor errors. |
[email protected] | 24a9f1c9 | 2013-11-13 12:33:37 | [diff] [blame] | 383 | #if defined(OS_CHROMEOS) |
| 384 | policy::PolicyCertService* service = |
estark | 7c6bfbf | 2015-09-16 22:20:50 | [diff] [blame] | 385 | policy::PolicyCertServiceFactory::GetForProfile(profile_); |
[email protected] | 24a9f1c9 | 2013-11-13 12:33:37 | [diff] [blame] | 386 | const bool used_policy_certs = service && service->UsedPolicyCertificates(); |
| 387 | #else |
| 388 | const bool used_policy_certs = false; |
| 389 | #endif |
| 390 | if (used_policy_certs) { |
[email protected] | eaf3f32 | 2013-04-25 21:53:59 | [diff] [blame] | 391 | site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT; |
[email protected] | 24a9f1c9 | 2013-11-13 12:33:37 | [diff] [blame] | 392 | site_identity_details_ = l10n_util::GetStringFUTF16( |
| 393 | IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host())); |
[email protected] | eaf3f32 | 2013-04-25 21:53:59 | [diff] [blame] | 394 | } else if (net::IsCertStatusMinorError(ssl.cert_status)) { |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 395 | site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN; |
[email protected] | a04db82 | 2013-12-11 19:14:40 | [diff] [blame] | 396 | base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 397 | if (issuer_name.empty()) { |
| 398 | issuer_name.assign(l10n_util::GetStringUTF16( |
| 399 | IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 400 | } |
[email protected] | 94c74b4 | 2013-12-02 15:19:49 | [diff] [blame] | 401 | |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 402 | site_identity_details_.assign(l10n_util::GetStringFUTF16( |
[email protected] | 94c74b4 | 2013-12-02 15:19:49 | [diff] [blame] | 403 | GetSiteIdentityDetailsMessageByCTInfo( |
| 404 | ssl.signed_certificate_timestamp_ids, false /* not EV */), |
| 405 | issuer_name)); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 406 | |
| 407 | site_identity_details_ += ASCIIToUTF16("\n\n"); |
| 408 | if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { |
| 409 | site_identity_details_ += l10n_util::GetStringUTF16( |
| 410 | IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); |
| 411 | } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) { |
| 412 | site_identity_details_ += l10n_util::GetStringUTF16( |
| 413 | IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); |
| 414 | } else { |
| 415 | NOTREACHED() << "Need to specify string for this warning"; |
| 416 | } |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 417 | } else { |
rsleevi | 4f801272 | 2014-09-30 01:28:01 | [diff] [blame] | 418 | if (ssl.cert_status & net::CERT_STATUS_IS_EV) { |
| 419 | // EV HTTPS page. |
| 420 | site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
| 421 | ssl.signed_certificate_timestamp_ids, true); |
| 422 | DCHECK(!cert->subject().organization_names.empty()); |
| 423 | organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); |
| 424 | // An EV Cert is required to have a city (localityName) and country but |
| 425 | // state is "if any". |
| 426 | DCHECK(!cert->subject().locality_name.empty()); |
| 427 | DCHECK(!cert->subject().country_name.empty()); |
| 428 | base::string16 locality; |
| 429 | if (!cert->subject().state_or_province_name.empty()) { |
| 430 | locality = l10n_util::GetStringFUTF16( |
| 431 | IDS_PAGEINFO_ADDRESS, |
| 432 | UTF8ToUTF16(cert->subject().locality_name), |
| 433 | UTF8ToUTF16(cert->subject().state_or_province_name), |
| 434 | UTF8ToUTF16(cert->subject().country_name)); |
| 435 | } else { |
| 436 | locality = l10n_util::GetStringFUTF16( |
| 437 | IDS_PAGEINFO_PARTIAL_ADDRESS, |
| 438 | UTF8ToUTF16(cert->subject().locality_name), |
| 439 | UTF8ToUTF16(cert->subject().country_name)); |
| 440 | } |
| 441 | DCHECK(!cert->subject().organization_names.empty()); |
| 442 | site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 443 | GetSiteIdentityDetailsMessageByCTInfo( |
| 444 | ssl.signed_certificate_timestamp_ids, true /* is EV */), |
| 445 | UTF8ToUTF16(cert->subject().organization_names[0]), |
| 446 | locality, |
| 447 | UTF8ToUTF16(cert->issuer().GetDisplayName()))); |
| 448 | } else { |
| 449 | // Non-EV OK HTTPS page. |
| 450 | site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
| 451 | ssl.signed_certificate_timestamp_ids, false); |
| 452 | base::string16 issuer_name( |
| 453 | UTF8ToUTF16(cert->issuer().GetDisplayName())); |
| 454 | if (issuer_name.empty()) { |
| 455 | issuer_name.assign(l10n_util::GetStringUTF16( |
| 456 | IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 457 | } |
[email protected] | 94c74b4 | 2013-12-02 15:19:49 | [diff] [blame] | 458 | |
rsleevi | 4f801272 | 2014-09-30 01:28:01 | [diff] [blame] | 459 | site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 460 | GetSiteIdentityDetailsMessageByCTInfo( |
| 461 | ssl.signed_certificate_timestamp_ids, false /* not EV */), |
| 462 | issuer_name)); |
| 463 | } |
| 464 | // The date after which no new SHA-1 certificates may be issued. |
| 465 | // 2016-01-01 00:00:00 UTC |
| 466 | static const int64_t kSHA1LastIssuanceDate = INT64_C(13096080000000000); |
| 467 | if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) && |
| 468 | cert->valid_expiry() > |
rsleevi | ad6f502 | 2015-04-24 18:57:50 | [diff] [blame] | 469 | base::Time::FromInternalValue(kSHA1LastIssuanceDate)) { |
rsleevi | 4f801272 | 2014-09-30 01:28:01 | [diff] [blame] | 470 | site_identity_status_ = |
| 471 | SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM; |
| 472 | site_identity_details_ += |
| 473 | UTF8ToUTF16("\n\n") + |
| 474 | l10n_util::GetStringUTF16( |
| 475 | IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM); |
| 476 | } |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 477 | } |
| 478 | } else { |
| 479 | // HTTP or HTTPS with errors (not warnings). |
| 480 | site_identity_details_.assign(l10n_util::GetStringUTF16( |
| 481 | IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); |
| 482 | if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) |
| 483 | site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; |
| 484 | else |
| 485 | site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; |
| 486 | |
[email protected] | a04db82 | 2013-12-11 19:14:40 | [diff] [blame] | 487 | const base::string16 bullet = UTF8ToUTF16("\n • "); |
jdonnelly | 9f8cbae | 2015-09-17 00:15:53 | [diff] [blame] | 488 | std::vector<SSLErrorInfo> errors; |
| 489 | SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id, ssl.cert_status, |
| 490 | url, &errors); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 491 | for (size_t i = 0; i < errors.size(); ++i) { |
| 492 | site_identity_details_ += bullet; |
| 493 | site_identity_details_ += errors[i].short_description(); |
| 494 | } |
| 495 | |
| 496 | if (ssl.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { |
| 497 | site_identity_details_ += ASCIIToUTF16("\n\n"); |
| 498 | site_identity_details_ += l10n_util::GetStringUTF16( |
| 499 | IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME); |
| 500 | } |
| 501 | } |
| 502 | |
| 503 | // Site Connection |
| 504 | // We consider anything less than 80 bits encryption to be weak encryption. |
| 505 | // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and |
| 506 | // weakly encrypted connections. |
| 507 | site_connection_status_ = SITE_CONNECTION_STATUS_UNKNOWN; |
| 508 | |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 509 | base::string16 subject_name(GetSimpleSiteName(url, profile_)); |
| 510 | if (subject_name.empty()) { |
| 511 | subject_name.assign( |
| 512 | l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 513 | } |
| 514 | |
[email protected] | 1c1051d | 2014-05-10 11:39:58 | [diff] [blame] | 515 | if (ssl.security_style == content::SECURITY_STYLE_UNKNOWN) { |
| 516 | // Page is still loading, so SSL status is not yet available. Say nothing. |
| 517 | DCHECK_EQ(ssl.security_bits, -1); |
| 518 | site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; |
| 519 | |
| 520 | site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 521 | IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, |
| 522 | subject_name)); |
| 523 | } else if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) { |
| 524 | // HTTPS without a certificate, or not HTTPS. |
| 525 | DCHECK(!ssl.cert_id); |
| 526 | site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 527 | |
| 528 | site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 529 | IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, |
| 530 | subject_name)); |
| 531 | } else if (ssl.security_bits < 0) { |
palmer | 82b1f7b | 2015-09-17 19:20:41 | [diff] [blame^] | 532 | // Security strength is unknown. Say nothing. |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 533 | site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 534 | } else if (ssl.security_bits == 0) { |
| 535 | DCHECK_NE(ssl.security_style, content::SECURITY_STYLE_UNAUTHENTICATED); |
| 536 | site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 537 | site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 538 | IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, |
| 539 | subject_name)); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 540 | } else { |
| 541 | site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED; |
Adam Langley | 71c2b59b | 2014-11-13 00:34:22 | [diff] [blame] | 542 | |
| 543 | if (net::SSLConnectionStatusToVersion(ssl.connection_status) >= |
| 544 | net::SSL_CONNECTION_VERSION_TLS1_2 && |
| 545 | net::IsSecureTLSCipherSuite( |
| 546 | net::SSLConnectionStatusToCipherSuite(ssl.connection_status))) { |
| 547 | site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 548 | IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT, |
| 549 | subject_name)); |
| 550 | } else { |
| 551 | site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 552 | IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT, |
| 553 | subject_name)); |
| 554 | } |
| 555 | |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 556 | if (ssl.content_status) { |
| 557 | bool ran_insecure_content = |
| 558 | !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); |
palmer | cc7f5f8c | 2015-09-04 01:02:59 | [diff] [blame] | 559 | site_connection_status_ = ran_insecure_content |
| 560 | ? SITE_CONNECTION_STATUS_MIXED_SCRIPT |
| 561 | : SITE_CONNECTION_STATUS_MIXED_CONTENT; |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 562 | site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 563 | IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK, |
| 564 | site_connection_details_, |
| 565 | l10n_util::GetStringUTF16(ran_insecure_content ? |
| 566 | IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR : |
| 567 | IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING))); |
| 568 | } |
| 569 | } |
| 570 | |
| 571 | uint16 cipher_suite = |
| 572 | net::SSLConnectionStatusToCipherSuite(ssl.connection_status); |
| 573 | if (ssl.security_bits > 0 && cipher_suite) { |
| 574 | int ssl_version = |
| 575 | net::SSLConnectionStatusToVersion(ssl.connection_status); |
| 576 | const char* ssl_version_str; |
| 577 | net::SSLVersionToString(&ssl_version_str, ssl_version); |
| 578 | site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 579 | site_connection_details_ += l10n_util::GetStringFUTF16( |
| 580 | IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION, |
| 581 | ASCIIToUTF16(ssl_version_str)); |
| 582 | |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 583 | bool no_renegotiation = |
| 584 | (ssl.connection_status & |
| 585 | net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0; |
| 586 | const char *key_exchange, *cipher, *mac; |
[email protected] | b6c1d9e8 | 2013-06-12 17:26:57 | [diff] [blame] | 587 | bool is_aead; |
| 588 | net::SSLCipherSuiteToStrings( |
| 589 | &key_exchange, &cipher, &mac, &is_aead, cipher_suite); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 590 | |
| 591 | site_connection_details_ += ASCIIToUTF16("\n\n"); |
[email protected] | b6c1d9e8 | 2013-06-12 17:26:57 | [diff] [blame] | 592 | if (is_aead) { |
| 593 | site_connection_details_ += l10n_util::GetStringFUTF16( |
| 594 | IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD, |
| 595 | ASCIIToUTF16(cipher), ASCIIToUTF16(key_exchange)); |
| 596 | } else { |
| 597 | site_connection_details_ += l10n_util::GetStringFUTF16( |
| 598 | IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS, |
| 599 | ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange)); |
| 600 | } |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 601 | |
agl | 078d210 | 2014-10-20 22:03:22 | [diff] [blame] | 602 | if (ssl_version == net::SSL_CONNECTION_VERSION_SSL3 && |
| 603 | site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT) { |
| 604 | site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 605 | } |
| 606 | |
| 607 | const bool did_fallback = |
| 608 | (ssl.connection_status & net::SSL_CONNECTION_VERSION_FALLBACK) != 0; |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 609 | if (did_fallback) { |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 610 | site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 611 | site_connection_details_ += l10n_util::GetStringUTF16( |
| 612 | IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE); |
| 613 | } |
agl | 078d210 | 2014-10-20 22:03:22 | [diff] [blame] | 614 | |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 615 | if (no_renegotiation) { |
| 616 | site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 617 | site_connection_details_ += l10n_util::GetStringUTF16( |
| 618 | IDS_PAGE_INFO_SECURITY_TAB_RENEGOTIATION_MESSAGE); |
| 619 | } |
| 620 | } |
[email protected] | e583f75 | 2012-08-30 13:26:21 | [diff] [blame] | 621 | |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 622 | // Check if a user decision has been made to allow or deny certificates with |
| 623 | // errors on this site. |
| 624 | ChromeSSLHostStateDelegate* delegate = |
estark | 7c6bfbf | 2015-09-16 22:20:50 | [diff] [blame] | 625 | ChromeSSLHostStateDelegateFactory::GetForProfile(profile_); |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 626 | DCHECK(delegate); |
jww | f806c36 | 2015-06-02 02:00:40 | [diff] [blame] | 627 | // Only show an SSL decision revoke button if the user has chosen to bypass |
| 628 | // SSL host errors for this host in the past. |
| 629 | show_ssl_decision_revoke_button_ = delegate->HasAllowException(url.host()); |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 630 | |
palmer | 82b1f7b | 2015-09-17 19:20:41 | [diff] [blame^] | 631 | // By default select the Permissions Tab that displays all the site |
| 632 | // permissions. In case of a connection error or an issue with the certificate |
| 633 | // presented by the website, select the Connection Tab to draw the user's |
| 634 | // attention to the issue. If the site does not provide a certificate because |
| 635 | // it was loaded over an unencrypted connection, don't select the Connection |
| 636 | // Tab. |
[email protected] | e583f75 | 2012-08-30 13:26:21 | [diff] [blame] | 637 | WebsiteSettingsUI::TabId tab_id = WebsiteSettingsUI::TAB_ID_PERMISSIONS; |
| 638 | if (site_connection_status_ == SITE_CONNECTION_STATUS_ENCRYPTED_ERROR || |
| 639 | site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_CONTENT || |
estark | f62683e | 2015-09-17 17:52:06 | [diff] [blame] | 640 | site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_SCRIPT || |
[email protected] | e583f75 | 2012-08-30 13:26:21 | [diff] [blame] | 641 | site_identity_status_ == SITE_IDENTITY_STATUS_ERROR || |
[email protected] | eaf3f32 | 2013-04-25 21:53:59 | [diff] [blame] | 642 | site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN || |
rsleevi | 4f801272 | 2014-09-30 01:28:01 | [diff] [blame] | 643 | site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT || |
| 644 | site_identity_status_ == |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 645 | SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM) { |
[email protected] | e583f75 | 2012-08-30 13:26:21 | [diff] [blame] | 646 | tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION; |
lgarron | 04a9350 | 2014-11-04 22:25:04 | [diff] [blame] | 647 | RecordWebsiteSettingsAction( |
| 648 | WEBSITE_SETTINGS_CONNECTION_TAB_SHOWN_IMMEDIATELY); |
| 649 | } |
palmer | 82b1f7b | 2015-09-17 19:20:41 | [diff] [blame^] | 650 | |
[email protected] | e583f75 | 2012-08-30 13:26:21 | [diff] [blame] | 651 | ui_->SetSelectedTab(tab_id); |
[email protected] | 03ef4b2a | 2012-03-06 15:04:20 | [diff] [blame] | 652 | } |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 653 | |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 654 | void WebsiteSettings::PresentSitePermissions() { |
| 655 | PermissionInfoList permission_info_list; |
| 656 | |
| 657 | WebsiteSettingsUI::PermissionInfo permission_info; |
| 658 | for (size_t i = 0; i < arraysize(kPermissionType); ++i) { |
| 659 | permission_info.type = kPermissionType[i]; |
| 660 | |
| 661 | content_settings::SettingInfo info; |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 662 | scoped_ptr<base::Value> value = |
raymes | 7dec6d86 | 2015-07-27 07:02:08 | [diff] [blame] | 663 | content_settings_->GetWebsiteSetting( |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 664 | site_url_, site_url_, permission_info.type, std::string(), &info); |
| 665 | DCHECK(value.get()); |
| 666 | if (value->GetType() == base::Value::TYPE_INTEGER) { |
| 667 | permission_info.setting = |
| 668 | content_settings::ValueToContentSetting(value.get()); |
[email protected] | fe4686a | 2012-10-19 15:38:26 | [diff] [blame] | 669 | } else { |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 670 | NOTREACHED(); |
[email protected] | fe4686a | 2012-10-19 15:38:26 | [diff] [blame] | 671 | } |
| 672 | |
[email protected] | 8bdf45c3 | 2012-08-04 00:12:55 | [diff] [blame] | 673 | permission_info.source = info.source; |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 674 | |
[email protected] | b1d113d | 2012-06-27 21:27:34 | [diff] [blame] | 675 | if (info.primary_pattern == ContentSettingsPattern::Wildcard() && |
sashab | 2b2a314f | 2015-01-17 06:42:21 | [diff] [blame] | 676 | info.secondary_pattern == ContentSettingsPattern::Wildcard()) { |
[email protected] | b1d113d | 2012-06-27 21:27:34 | [diff] [blame] | 677 | permission_info.default_setting = permission_info.setting; |
| 678 | permission_info.setting = CONTENT_SETTING_DEFAULT; |
| 679 | } else { |
| 680 | permission_info.default_setting = |
| 681 | content_settings_->GetDefaultContentSetting(permission_info.type, |
| 682 | NULL); |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 683 | } |
palmer | 0da10b3 | 2015-02-11 00:42:19 | [diff] [blame] | 684 | |
| 685 | if (permission_info.setting != CONTENT_SETTING_DEFAULT && |
| 686 | permission_info.setting != permission_info.default_setting) { |
| 687 | permission_info_list.push_back(permission_info); |
| 688 | } |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 689 | } |
| 690 | |
| 691 | ui_->SetPermissionInfo(permission_info_list); |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 692 | } |
| 693 | |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 694 | void WebsiteSettings::PresentSiteData() { |
| 695 | CookieInfoList cookie_info_list; |
vabr | d5e30cd | 2014-10-02 11:06:03 | [diff] [blame] | 696 | const LocalSharedObjectsCounter& allowed_objects = |
[email protected] | e0ac3589 | 2012-05-15 12:53:34 | [diff] [blame] | 697 | tab_specific_content_settings()->allowed_local_shared_objects(); |
vabr | d5e30cd | 2014-10-02 11:06:03 | [diff] [blame] | 698 | const LocalSharedObjectsCounter& blocked_objects = |
[email protected] | e0ac3589 | 2012-05-15 12:53:34 | [diff] [blame] | 699 | tab_specific_content_settings()->blocked_local_shared_objects(); |
| 700 | |
| 701 | // Add first party cookie and site data counts. |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 702 | WebsiteSettingsUI::CookieInfo cookie_info; |
palmer | b14526492 | 2015-08-28 23:53:15 | [diff] [blame] | 703 | cookie_info.cookie_source = |
| 704 | l10n_util::GetStringUTF8(IDS_WEBSITE_SETTINGS_FIRST_PARTY_SITE_DATA); |
[email protected] | e0ac3589 | 2012-05-15 12:53:34 | [diff] [blame] | 705 | cookie_info.allowed = allowed_objects.GetObjectCountForDomain(site_url_); |
| 706 | cookie_info.blocked = blocked_objects.GetObjectCountForDomain(site_url_); |
palmer | b14526492 | 2015-08-28 23:53:15 | [diff] [blame] | 707 | cookie_info.is_first_party = true; |
[email protected] | e0ac3589 | 2012-05-15 12:53:34 | [diff] [blame] | 708 | cookie_info_list.push_back(cookie_info); |
| 709 | |
| 710 | // Add third party cookie counts. |
| 711 | cookie_info.cookie_source = l10n_util::GetStringUTF8( |
| 712 | IDS_WEBSITE_SETTINGS_THIRD_PARTY_SITE_DATA); |
| 713 | cookie_info.allowed = allowed_objects.GetObjectCount() - cookie_info.allowed; |
| 714 | cookie_info.blocked = blocked_objects.GetObjectCount() - cookie_info.blocked; |
palmer | b14526492 | 2015-08-28 23:53:15 | [diff] [blame] | 715 | cookie_info.is_first_party = false; |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 716 | cookie_info_list.push_back(cookie_info); |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 717 | |
[email protected] | df81827 | 2012-04-20 13:10:50 | [diff] [blame] | 718 | ui_->SetCookieInfo(cookie_info_list); |
[email protected] | 0b9fdd7 | 2012-04-04 10:00:33 | [diff] [blame] | 719 | } |
[email protected] | 16de6de | 2012-04-04 12:24:14 | [diff] [blame] | 720 | |
[email protected] | 24c8818c | 2012-04-25 09:57:41 | [diff] [blame] | 721 | void WebsiteSettings::PresentSiteIdentity() { |
palmer | f9b680a | 2015-07-09 18:56:04 | [diff] [blame] | 722 | // After initialization the status about the site's connection and its |
| 723 | // identity must be available. |
[email protected] | 24c8818c | 2012-04-25 09:57:41 | [diff] [blame] | 724 | DCHECK_NE(site_identity_status_, SITE_IDENTITY_STATUS_UNKNOWN); |
| 725 | DCHECK_NE(site_connection_status_, SITE_CONNECTION_STATUS_UNKNOWN); |
| 726 | WebsiteSettingsUI::IdentityInfo info; |
| 727 | if (site_identity_status_ == SITE_IDENTITY_STATUS_EV_CERT) |
| 728 | info.site_identity = UTF16ToUTF8(organization_name()); |
| 729 | else |
palmer | 153af98 | 2015-09-15 02:04:19 | [diff] [blame] | 730 | info.site_identity = UTF16ToUTF8(GetSimpleSiteName(site_url_, profile_)); |
[email protected] | 24c8818c | 2012-04-25 09:57:41 | [diff] [blame] | 731 | |
| 732 | info.connection_status = site_connection_status_; |
| 733 | info.connection_status_description = |
| 734 | UTF16ToUTF8(site_connection_details_); |
| 735 | info.identity_status = site_identity_status_; |
| 736 | info.identity_status_description = |
| 737 | UTF16ToUTF8(site_identity_details_); |
[email protected] | f61c1ce | 2012-05-09 13:55:11 | [diff] [blame] | 738 | info.cert_id = cert_id_; |
[email protected] | 71cd5ef | 2014-08-13 21:22:04 | [diff] [blame] | 739 | info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; |
[email protected] | 24c8818c | 2012-04-25 09:57:41 | [diff] [blame] | 740 | ui_->SetIdentityInfo(info); |
| 741 | } |