Revert r44611 because it may have broken "unit_tests" on "Vista Tests".

BUG=27125
TEST=none
Review URL: http://codereview.chromium.org/1655008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44615 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 88 insertions, 25 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index e7b9101..808164a 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -2454,6 +2454,9 @@ each locale. -->
       <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS" desc="Details for being unable to check revocation status of an X509 certificate">
         Unable to check whether the server's certificate was revoked.
       </message>
+      <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_INFO_BAR" desc="Info bar for being unable to check revocation status of an X509 certificate">
+        Unable to check whether the server's certificate was revoked.
+      </message>
       <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION" desc="Description for being unable to check revocation status of an X509 certificate">
         Server's certificate cannot be checked
       </message>
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index d6ef458..fb3d447 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -65,9 +65,6 @@ class SSLUITest : public InProcessBrowserTest {
               entry->page_type());
     EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
               entry->ssl().security_style());
-    // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
-    // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
-    ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
     EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
     EXPECT_FALSE(entry->ssl().has_mixed_content());
     EXPECT_FALSE(entry->ssl().has_unsafe_content());
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 5f15772..2f21e5d 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -67,9 +67,10 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
       handler->ContinueRequest();
       break;
     case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
-      // We ignore this error but will show a warning status in the location
-      // bar.
+      // We ignore this error and display an infobar.
       handler->ContinueRequest();
+      backend_->ShowMessage(l10n_util::GetString(
+          IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_INFO_BAR));
       break;
     case net::ERR_CERT_CONTAINS_ERRORS:
     case net::ERR_CERT_REVOKED:
@@ -126,12 +127,8 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry) {
     return;
   }
 
-  // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error,
-  // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN.
-  int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS;
-  if (cert_errors) {
-    if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
-      entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
+  if (net::IsCertStatusError(entry->ssl().cert_status())) {
+    entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
     return;
   }
 
diff --git a/chrome/browser/toolbar_model.cc b/chrome/browser/toolbar_model.cc
index 9e79335..eeae184 100644
--- a/chrome/browser/toolbar_model.cc
+++ b/chrome/browser/toolbar_model.cc
@@ -81,11 +81,6 @@ ToolbarModel::SecurityLevel ToolbarModel::GetSecurityLevel() const {
     case SECURITY_STYLE_AUTHENTICATED:
       if (ssl.has_mixed_content())
         return SECURITY_WARNING;
-      if (net::IsCertStatusError(ssl.cert_status())) {
-        DCHECK_EQ(ssl.cert_status() & net::CERT_STATUS_ALL_ERRORS,
-                  net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION);
-        return SECURITY_WARNING;
-      }
       if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) &&
           CertStore::GetSharedInstance()->RetrieveCert(ssl.cert_id(), NULL))
         return EV_SECURE;
@@ -109,6 +104,45 @@ int ToolbarModel::GetIcon() const {
   return icon_ids[GetSecurityLevel()];
 }
 
+void ToolbarModel::GetIconHoverText(std::wstring* text) const {
+  DCHECK(text);
+  text->clear();
+
+  switch (GetSecurityLevel()) {
+    case NONE:
+      // There's no security icon, and thus no hover text.
+      return;
+
+    case EV_SECURE:
+    case SECURE: {
+      // Note: Navigation controller and active entry are guaranteed non-NULL or
+      // the security level would be NONE.
+      GURL url(GetNavigationController()->GetActiveEntry()->url());
+      DCHECK(url.has_host());
+      *text = l10n_util::GetStringF(IDS_SECURE_CONNECTION,
+                                    UTF8ToWide(url.host()));
+      return;
+    }
+
+    case SECURITY_WARNING:
+      *text = SSLErrorInfo::CreateError(SSLErrorInfo::MIXED_CONTENTS, NULL,
+                                        GURL()).short_description();
+      return;
+
+    case SECURITY_ERROR:
+      // See note above.
+      CreateErrorText(GetNavigationController()->GetActiveEntry(), text);
+      // If the authentication is broken, we should always have at least one
+      // error.
+      DCHECK(!text->empty());
+      return;
+
+    default:
+      NOTREACHED();
+      return;
+  }
+}
+
 std::wstring ToolbarModel::GetSecurityInfoText() const {
   switch (GetSecurityLevel()) {
     case NONE:
@@ -118,8 +152,7 @@ std::wstring ToolbarModel::GetSecurityInfoText() const {
 
     case EV_SECURE: {
       scoped_refptr<net::X509Certificate> cert;
-      // Note: Navigation controller and active entry are guaranteed non-NULL
-      // or the security level would be NONE.
+      // See note in GetIconHoverText().
       CertStore::GetSharedInstance()->RetrieveCert(
           GetNavigationController()->GetActiveEntry()->ssl().cert_id(),
           &cert);
@@ -142,3 +175,32 @@ NavigationController* ToolbarModel::GetNavigationController() const {
   TabContents* current_tab = browser_->GetSelectedTabContents();
   return current_tab ? &current_tab->controller() : NULL;
 }
+
+void ToolbarModel::CreateErrorText(NavigationEntry* entry,
+                                   std::wstring* text) const {
+  const NavigationEntry::SSLStatus& ssl = entry->ssl();
+  std::vector<SSLErrorInfo> errors;
+  SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id(), ssl.cert_status(),
+                                       entry->url(), &errors);
+  if (ssl.has_mixed_content()) {
+    errors.push_back(SSLErrorInfo::CreateError(SSLErrorInfo::MIXED_CONTENTS,
+                                               NULL, GURL()));
+  }
+  if (ssl.has_unsafe_content()) {
+    errors.push_back(SSLErrorInfo::CreateError(SSLErrorInfo::UNSAFE_CONTENTS,
+                                               NULL, GURL()));
+  }
+
+  if (errors.empty()) {
+    text->clear();
+  } else if (errors.size() == 1) {
+    *text = errors[0].short_description();
+  } else {
+    // Multiple errors.
+    *text = l10n_util::GetString(IDS_SEVERAL_SSL_ERRORS);
+    for (size_t i = 0; i < errors.size(); ++i) {
+      text->append(L"\n");
+      text->append(errors[i].short_description());
+    }
+  }
+}
diff --git a/chrome/browser/toolbar_model.h b/chrome/browser/toolbar_model.h
index 96a48e5..865d39d 100644
--- a/chrome/browser/toolbar_model.h
+++ b/chrome/browser/toolbar_model.h
@@ -18,15 +18,11 @@ class NavigationEntry;
 // from the navigation controller returned by GetNavigationController().
 class ToolbarModel {
  public:
-  // TODO(wtc): unify ToolbarModel::SecurityLevel with SecurityStyle.  We
-  // don't need two sets of security UI levels.  SECURITY_STYLE_AUTHENTICATED
-  // needs to be refined into three levels: warning, standard, and EV.
   enum SecurityLevel {
     NONE = 0,          // HTTP/no URL/user is editing
     EV_SECURE,         // HTTPS with valid EV cert
     SECURE,            // HTTPS (non-EV)
-    SECURITY_WARNING,  // HTTPS, but unable to check certificate revocation
-                       // status or with mixed content on the page
+    SECURITY_WARNING,  // HTTPS, but with mixed content on the page
     SECURITY_ERROR,    // Attempted HTTPS and failed, page not authenticated
     NUM_SECURITY_LEVELS,
   };
@@ -45,6 +41,10 @@ class ToolbarModel {
   // user is editing; see AutocompleteEditView::GetIcon().
   int GetIcon() const;
 
+  // Sets the text displayed in the info bubble that appears when the user
+  // hovers the mouse over the icon.
+  void GetIconHoverText(std::wstring* text) const;
+
   // Returns the text, if any, that should be displayed on the right of the
   // location bar.
   std::wstring GetSecurityInfoText() const;
@@ -60,6 +60,10 @@ class ToolbarModel {
   // If this returns NULL, default values are used.
   NavigationController* GetNavigationController() const;
 
+  // Builds a short error message from the SSL status code found in |entry|.
+  // The message is set in |text|.
+  void CreateErrorText(NavigationEntry* entry, std::wstring* text) const;
+
   Browser* browser_;
 
   // Whether the text in the location bar is currently being edited.