#include "chrome/browser/ui/website_settings/website_settings_infobar_delegate.h"
#include "chrome/browser/ui/website_settings/website_settings_ui.h"
#include "chrome/common/chrome_switches.h"
-#include "chrome/common/content_settings_pattern.h"
+#include "chrome/grit/chromium_strings.h"
+#include "chrome/grit/generated_resources.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/cert_store.h"
#include "content/public/browser/user_metrics.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/ssl_status.h"
#include "content/public/common/url_constants.h"
-#include "grit/chromium_strings.h"
-#include "grit/generated_resources.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/x509_certificate.h"
namespace {
+// Events for UMA. Do not reorder or change!
+enum SSLCertificateDecisionsDidRevoke {
+ USER_CERT_DECISIONS_NOT_REVOKED = 0,
+ USER_CERT_DECISIONS_REVOKED,
+ END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM
+};
+
// The list of content settings types to display on the Website Settings UI.
ContentSettingsType kPermissionType[] = {
CONTENT_SETTINGS_TYPE_IMAGES,
cert_store_(cert_store),
content_settings_(profile->GetHostContentSettingsMap()),
chrome_ssl_host_state_delegate_(
- ChromeSSLHostStateDelegateFactory::GetForProfile(profile)) {
+ ChromeSSLHostStateDelegateFactory::GetForProfile(profile)),
+ did_revoke_user_ssl_decisions_(false) {
Init(profile, url, ssl);
HistoryService* history_service = HistoryServiceFactory::GetForProfile(
// This is not a concern for CONTENT_SETTINGS_TYPE_MEDIASTREAM since users
// can not create media settings exceptions by hand.
content_settings::SettingInfo info;
- scoped_ptr<base::Value> v(content_settings_->GetWebsiteSetting(
- site_url_, site_url_, type, std::string(), &info));
- DCHECK(info.source == content_settings::SETTING_SOURCE_USER);
- ContentSettingsPattern::Relation r1 =
- info.primary_pattern.Compare(primary_pattern);
- DCHECK(r1 != ContentSettingsPattern::DISJOINT_ORDER_POST &&
- r1 != ContentSettingsPattern::DISJOINT_ORDER_PRE);
- if (r1 == ContentSettingsPattern::PREDECESSOR) {
- primary_pattern = info.primary_pattern;
- } else if (r1 == ContentSettingsPattern::IDENTITY) {
- ContentSettingsPattern::Relation r2 =
- info.secondary_pattern.Compare(secondary_pattern);
- DCHECK(r2 != ContentSettingsPattern::DISJOINT_ORDER_POST &&
- r2 != ContentSettingsPattern::DISJOINT_ORDER_PRE);
- if (r2 == ContentSettingsPattern::PREDECESSOR)
- secondary_pattern = info.secondary_pattern;
- }
-
+ scoped_ptr<base::Value> v =
+ content_settings_->GetWebsiteSettingWithoutOverride(
+ site_url_, site_url_, type, std::string(), &info);
+ content_settings_->SetNarrowestWebsiteSetting(
+ primary_pattern, secondary_pattern, type, std::string(), setting, info);
+ } else {
base::Value* value = NULL;
if (setting != CONTENT_SETTING_DEFAULT)
value = new base::FundamentalValue(setting);
void WebsiteSettings::OnUIClosing() {
if (show_info_bar_)
WebsiteSettingsInfoBarDelegate::Create(infobar_service_);
+
+ SSLCertificateDecisionsDidRevoke user_decision =
+ did_revoke_user_ssl_decisions_ ? USER_CERT_DECISIONS_REVOKED
+ : USER_CERT_DECISIONS_NOT_REVOKED;
+
+ UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.did_user_revoke_decisions",
+ user_decision,
+ END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM);
+}
+
+void WebsiteSettings::OnRevokeSSLErrorBypassButtonPressed() {
+ DCHECK(chrome_ssl_host_state_delegate_);
+ chrome_ssl_host_state_delegate_->RevokeUserAllowExceptionsHard(
+ site_url().host());
+ did_revoke_user_ssl_decisions_ = true;
}
void WebsiteSettings::Init(Profile* profile,
} else {
NOTREACHED() << "Need to specify string for this warning";
}
- } else if (ssl.cert_status & net::CERT_STATUS_IS_EV) {
- // EV HTTPS page.
- site_identity_status_ = GetSiteIdentityStatusByCTInfo(
- ssl.signed_certificate_timestamp_ids, true);
- DCHECK(!cert->subject().organization_names.empty());
- organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);
- // An EV Cert is required to have a city (localityName) and country but
- // state is "if any".
- DCHECK(!cert->subject().locality_name.empty());
- DCHECK(!cert->subject().country_name.empty());
- base::string16 locality;
- if (!cert->subject().state_or_province_name.empty()) {
- locality = l10n_util::GetStringFUTF16(
- IDS_PAGEINFO_ADDRESS,
- UTF8ToUTF16(cert->subject().locality_name),
- UTF8ToUTF16(cert->subject().state_or_province_name),
- UTF8ToUTF16(cert->subject().country_name));
+ } else {
+ if (ssl.cert_status & net::CERT_STATUS_IS_EV) {
+ // EV HTTPS page.
+ site_identity_status_ = GetSiteIdentityStatusByCTInfo(
+ ssl.signed_certificate_timestamp_ids, true);
+ DCHECK(!cert->subject().organization_names.empty());
+ organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]);
+ // An EV Cert is required to have a city (localityName) and country but
+ // state is "if any".
+ DCHECK(!cert->subject().locality_name.empty());
+ DCHECK(!cert->subject().country_name.empty());
+ base::string16 locality;
+ if (!cert->subject().state_or_province_name.empty()) {
+ locality = l10n_util::GetStringFUTF16(
+ IDS_PAGEINFO_ADDRESS,
+ UTF8ToUTF16(cert->subject().locality_name),
+ UTF8ToUTF16(cert->subject().state_or_province_name),
+ UTF8ToUTF16(cert->subject().country_name));
+ } else {
+ locality = l10n_util::GetStringFUTF16(
+ IDS_PAGEINFO_PARTIAL_ADDRESS,
+ UTF8ToUTF16(cert->subject().locality_name),
+ UTF8ToUTF16(cert->subject().country_name));
+ }
+ DCHECK(!cert->subject().organization_names.empty());
+ site_identity_details_.assign(l10n_util::GetStringFUTF16(
+ GetSiteIdentityDetailsMessageByCTInfo(
+ ssl.signed_certificate_timestamp_ids, true /* is EV */),
+ UTF8ToUTF16(cert->subject().organization_names[0]),
+ locality,
+ UTF8ToUTF16(cert->issuer().GetDisplayName())));
} else {
- locality = l10n_util::GetStringFUTF16(
- IDS_PAGEINFO_PARTIAL_ADDRESS,
- UTF8ToUTF16(cert->subject().locality_name),
- UTF8ToUTF16(cert->subject().country_name));
+ // Non-EV OK HTTPS page.
+ site_identity_status_ = GetSiteIdentityStatusByCTInfo(
+ ssl.signed_certificate_timestamp_ids, false);
+ base::string16 issuer_name(
+ UTF8ToUTF16(cert->issuer().GetDisplayName()));
+ if (issuer_name.empty()) {
+ issuer_name.assign(l10n_util::GetStringUTF16(
+ IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
+ }
+
+ site_identity_details_.assign(l10n_util::GetStringFUTF16(
+ GetSiteIdentityDetailsMessageByCTInfo(
+ ssl.signed_certificate_timestamp_ids, false /* not EV */),
+ issuer_name));
}
- DCHECK(!cert->subject().organization_names.empty());
- site_identity_details_.assign(l10n_util::GetStringFUTF16(
- GetSiteIdentityDetailsMessageByCTInfo(
- ssl.signed_certificate_timestamp_ids, true /* is EV */),
- UTF8ToUTF16(cert->subject().organization_names[0]),
- locality,
- UTF8ToUTF16(cert->issuer().GetDisplayName())));
- } else {
- // Non-EV OK HTTPS page.
- site_identity_status_ = GetSiteIdentityStatusByCTInfo(
- ssl.signed_certificate_timestamp_ids, false);
- base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
- if (issuer_name.empty()) {
- issuer_name.assign(l10n_util::GetStringUTF16(
- IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
+ // The date after which no new SHA-1 certificates may be issued.
+ // 2016-01-01 00:00:00 UTC
+ static const int64_t kSHA1LastIssuanceDate = INT64_C(13096080000000000);
+ if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) &&
+ cert->valid_expiry() >
+ base::Time::FromInternalValue(kSHA1LastIssuanceDate) &&
+ base::FieldTrialList::FindFullName("SHA1IdentityUIWarning") ==
+ "Enabled") {
+ site_identity_status_ =
+ SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
+ site_identity_details_ +=
+ UTF8ToUTF16("\n\n") +
+ l10n_util::GetStringUTF16(
+ IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM);
}
-
- site_identity_details_.assign(l10n_util::GetStringFUTF16(
- GetSiteIdentityDetailsMessageByCTInfo(
- ssl.signed_certificate_timestamp_ids, false /* not EV */),
- issuer_name));
}
} else {
// HTTP or HTTPS with errors (not warnings).
// Only show an SSL decision revoke button if both the user has chosen to
// bypass SSL host errors for this host in the past and the user is not using
// the traditional "forget-at-session-restart" error decision memory.
- show_ssl_decision_revoke_button_ = delegate->HasUserDecision(url.host()) &&
- InRememberCertificateErrorDecisionsGroup();
+ show_ssl_decision_revoke_button_ = delegate->HasAllowException(url.host()) &&
+ InRememberCertificateErrorDecisionsGroup();
// By default select the permissions tab that displays all the site
// permissions. In case of a connection error or an issue with the
site_connection_status_ == SITE_CONNECTION_STATUS_MIXED_CONTENT ||
site_identity_status_ == SITE_IDENTITY_STATUS_ERROR ||
site_identity_status_ == SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN ||
- site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT)
+ site_identity_status_ == SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT ||
+ site_identity_status_ ==
+ SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM)
tab_id = WebsiteSettingsUI::TAB_ID_CONNECTION;
ui_->SetSelectedTab(tab_id);
}
content_settings::SettingInfo info;
if (permission_info.type == CONTENT_SETTINGS_TYPE_MEDIASTREAM) {
- scoped_ptr<base::Value> mic_value(content_settings_->GetWebsiteSetting(
- site_url_,
- site_url_,
- CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC,
- std::string(),
- &info));
+ scoped_ptr<base::Value> mic_value =
+ content_settings_->GetWebsiteSettingWithoutOverride(
+ site_url_,
+ site_url_,
+ CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC,
+ std::string(),
+ &info);
ContentSetting mic_setting =
content_settings::ValueToContentSetting(mic_value.get());
- scoped_ptr<base::Value> camera_value(content_settings_->GetWebsiteSetting(
- site_url_,
- site_url_,
- CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA,
- std::string(),
- &info));
+ scoped_ptr<base::Value> camera_value =
+ content_settings_->GetWebsiteSettingWithoutOverride(
+ site_url_,
+ site_url_,
+ CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA,
+ std::string(),
+ &info);
ContentSetting camera_setting =
content_settings::ValueToContentSetting(camera_value.get());
else
permission_info.setting = mic_setting;
} else {
- scoped_ptr<base::Value> value(content_settings_->GetWebsiteSetting(
- site_url_, site_url_, permission_info.type, std::string(), &info));
+ scoped_ptr<base::Value> value =
+ content_settings_->GetWebsiteSettingWithoutOverride(
+ site_url_, site_url_, permission_info.type, std::string(), &info);
DCHECK(value.get());
if (value->GetType() == base::Value::TYPE_INTEGER) {
permission_info.setting =