Change the Android page info security summary phrase to reflect SHA-1 deprecation.

ToolbarModelAndroid::IsDeprecatedSHA1Present() is meant to be a temporary measure for Android on M42.
The accompanying string was landed in https://codereview.chromium.org/1034863003

BUG=469853

Review URL: https://codereview.chromium.org/1036193002

(cherry picked from commit 7b677da37b6dfc5e56fe330ddcbb0cfcf000c363)

Cr-Original-Commit-Position: refs/heads/master@{#323604}
Cr-Commit-Position: refs/branch-heads/2311@{#454}
Cr-Branched-From: 09b7de5dd7254947cd4306de907274fa63373d48-refs/heads/master@{#317474}

5 files changed, 66 insertions, 1 deletions

diff --git a/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java b/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
index 188c41a..7e4662b 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java
@@ -202,6 +202,9 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList
     // The security level of the page (a valid ToolbarModelSecurityLevel).
     private int mSecurityLevel;
 
+    // Whether the security level of the page was deprecated due to SHA-1.
+    private boolean mDeprecatedSHA1Present;
+
     /**
      * Creates the WebsiteSettingsPopup, but does not display it. Also initializes the corresponding
      * C++ object and saves a pointer to it.
@@ -288,6 +291,7 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList
             mIsInternalPage = false;
         }
         mSecurityLevel = ToolbarModel.getSecurityLevelForWebContents(mWebContents);
+        mDeprecatedSHA1Present = ToolbarModel.isDeprecatedSHA1Present(mWebContents);
 
         SpannableStringBuilder urlBuilder = new SpannableStringBuilder(mFullUrl);
         OmniboxUrlEmphasizer.emphasizeUrl(urlBuilder, mContext.getResources(), mProfile,
@@ -373,7 +377,10 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList
     private Spannable getUrlConnectionMessage() {
         // Display the appropriate connection message.
         SpannableStringBuilder messageBuilder = new SpannableStringBuilder();
-        if (mSecurityLevel != ToolbarModelSecurityLevel.SECURITY_ERROR) {
+        if (mDeprecatedSHA1Present) {
+            messageBuilder.append(
+                    mContext.getResources().getString(R.string.page_info_connection_sha1));
+        } else if (mSecurityLevel != ToolbarModelSecurityLevel.SECURITY_ERROR) {
             messageBuilder.append(mContext.getResources().getString(
                     getConnectionMessageId(mSecurityLevel, mIsInternalPage)));
         } else {
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java b/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java
index 1ff8be9..a2354da 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java
@@ -40,6 +40,15 @@ public class ToolbarModel {
     }
 
     /**
+     * @param webContents The web contents to query for deprecated SHA-1 presence.
+     * @return Whether the security level of the page was deprecated due to SHA-1.
+     */
+    public static boolean isDeprecatedSHA1Present(WebContents webContents) {
+        if (webContents == null) return false;
+        return nativeIsDeprecatedSHA1Present(webContents);
+    }
+
+    /**
      * Initialize the native counterpart of this model.
      * @param delegate The delegate that will be used by the model.
      */
@@ -75,6 +84,7 @@ public class ToolbarModel {
     }
 
     private static native int nativeGetSecurityLevelForWebContents(WebContents webContents);
+    private static native boolean nativeIsDeprecatedSHA1Present(WebContents webContents);
 
     private native long nativeInit(ToolbarModelDelegate delegate);
     private native void nativeDestroy(long nativeToolbarModelAndroid);
diff --git a/chrome/browser/ui/android/toolbar/toolbar_model_android.cc b/chrome/browser/ui/android/toolbar/toolbar_model_android.cc
index 57f8637..3990d36 100644
--- a/chrome/browser/ui/android/toolbar/toolbar_model_android.cc
+++ b/chrome/browser/ui/android/toolbar/toolbar_model_android.cc
@@ -5,12 +5,17 @@
 #include "chrome/browser/ui/android/toolbar/toolbar_model_android.h"
 
 #include "base/android/jni_string.h"
+#include "base/metrics/field_trial.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/search/search.h"
 #include "chrome/browser/search_engines/ui_thread_search_terms_data.h"
 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
+#include "content/public/browser/cert_store.h"
+#include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/ssl_status.h"
 #include "jni/ToolbarModel_jni.h"
+#include "net/cert/x509_certificate.h"
 
 using base::android::ScopedJavaLocalRef;
 
@@ -83,3 +88,42 @@ jint GetSecurityLevelForWebContents(JNIEnv* env,
   DCHECK(web_contents);
   return ToolbarModelImpl::GetSecurityLevelForWebContents(web_contents);
 }
+
+// Temporary method to allow us to surface a SHA-1 deprecation string on Android
+// in M42. This duplicates a subset of the logic from
+// ToolbarModelImpl::GetSecurityLevelForWebContents() and
+// WebsiteSettings::Init(), which should really be refactored.
+// This is at the wrong layer, and needs to be refactored (along with desktop):
+// https://crbug.com/471390
+
+// static
+jboolean IsDeprecatedSHA1Present(JNIEnv* env,
+                                 jclass jcaller,
+                                 jobject jweb_contents) {
+  content::WebContents* web_contents =
+      content::WebContents::FromJavaWebContents(jweb_contents);
+  DCHECK(web_contents);
+
+  content::NavigationEntry* entry =
+      web_contents->GetController().GetVisibleEntry();
+  if (!entry)
+    return false;
+
+  const content::SSLStatus& ssl = entry->GetSSL();
+  if (ssl.security_style == content::SECURITY_STYLE_AUTHENTICATED) {
+    scoped_refptr<net::X509Certificate> cert;
+    // NOTE: This constant needs to be kept in sync with
+    // ToolbarModelImpl::GetSecurityLevelForWebContents().
+    static const int64_t kJanuary2016 = INT64_C(13096080000000000);
+    if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
+        (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) &&
+        cert->valid_expiry() > base::Time::FromInternalValue(kJanuary2016) &&
+        // NOTE: This use of SHA1IdentityUIWarning needs to be kept in sync
+        // with WebsiteSettings::Init().
+        base::FieldTrialList::FindFullName("SHA1IdentityUIWarning") ==
+            "Enabled") {
+      return true;
+    }
+  }
+  return false;
+}
diff --git a/chrome/browser/ui/toolbar/toolbar_model_impl.cc b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
index 08b863d..25f63ae 100644
--- a/chrome/browser/ui/toolbar/toolbar_model_impl.cc
+++ b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
@@ -137,6 +137,8 @@ ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
         // See http://crbug.com/401365 for details
         static const int64_t kJanuary2017 = INT64_C(13127702400000000);
         static const int64_t kJune2016 = INT64_C(13109213000000000);
+        // kJanuary2016 needs to be kept in sync with
+        // ToolbarModelAndroid::IsDeprecatedSHA1Present().
         static const int64_t kJanuary2016 = INT64_C(13096080000000000);
 
         ToolbarModel::SecurityLevel security_level = NONE;
diff --git a/chrome/browser/ui/website_settings/website_settings.cc b/chrome/browser/ui/website_settings/website_settings.cc
index 699cf12..96a6f85 100644
--- a/chrome/browser/ui/website_settings/website_settings.cc
+++ b/chrome/browser/ui/website_settings/website_settings.cc
@@ -480,6 +480,8 @@ void WebsiteSettings::Init(Profile* profile,
       if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) &&
           cert->valid_expiry() >
               base::Time::FromInternalValue(kSHA1LastIssuanceDate) &&
+          // NOTE: This use of SHA1IdentityUIWarning needs to be kept in sync
+          // with ToolbarModelImpl::IsDeprecatedSHA1Present().
           base::FieldTrialList::FindFullName("SHA1IdentityUIWarning") ==
               "Enabled") {
         site_identity_status_ =