diff options
author | Alex Mineer <amineer@chromium.org> | 2015-04-07 14:46:55 -0700 |
---|---|---|
committer | Alex Mineer <amineer@chromium.org> | 2015-04-07 21:48:35 +0000 |
commit | 9a6c31510516e2194a9e9a86f53480c6acc2a152 (patch) | |
tree | 3961e7f076cfb96ad7093b71c9633c818cdbee93 | |
parent | 64c88a5272d9ebe514ca8d932000a4f240e9f5c8 (diff) | |
download | chromium_src-9a6c31510516e2194a9e9a86f53480c6acc2a152.zip chromium_src-9a6c31510516e2194a9e9a86f53480c6acc2a152.tar.gz chromium_src-9a6c31510516e2194a9e9a86f53480c6acc2a152.tar.bz2 |
Change the Android page info security summary phrase to reflect SHA-1 deprecation.
ToolbarModelAndroid::IsDeprecatedSHA1Present() is meant to be a temporary measure for Android on M42.
The accompanying string was landed in https://codereview.chromium.org/1034863003
BUG=469853
Review URL: https://codereview.chromium.org/1036193002
(cherry picked from commit 7b677da37b6dfc5e56fe330ddcbb0cfcf000c363)
Cr-Original-Commit-Position: refs/heads/master@{#323604}
Cr-Commit-Position: refs/branch-heads/2311@{#454}
Cr-Branched-From: 09b7de5dd7254947cd4306de907274fa63373d48-refs/heads/master@{#317474}
5 files changed, 66 insertions, 1 deletions
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java b/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java index 188c41a..7e4662b 100644 --- a/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java +++ b/chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java @@ -202,6 +202,9 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList // The security level of the page (a valid ToolbarModelSecurityLevel). private int mSecurityLevel; + // Whether the security level of the page was deprecated due to SHA-1. + private boolean mDeprecatedSHA1Present; + /** * Creates the WebsiteSettingsPopup, but does not display it. Also initializes the corresponding * C++ object and saves a pointer to it. @@ -288,6 +291,7 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList mIsInternalPage = false; } mSecurityLevel = ToolbarModel.getSecurityLevelForWebContents(mWebContents); + mDeprecatedSHA1Present = ToolbarModel.isDeprecatedSHA1Present(mWebContents); SpannableStringBuilder urlBuilder = new SpannableStringBuilder(mFullUrl); OmniboxUrlEmphasizer.emphasizeUrl(urlBuilder, mContext.getResources(), mProfile, @@ -373,7 +377,10 @@ public class WebsiteSettingsPopup implements OnClickListener, OnItemSelectedList private Spannable getUrlConnectionMessage() { // Display the appropriate connection message. SpannableStringBuilder messageBuilder = new SpannableStringBuilder(); - if (mSecurityLevel != ToolbarModelSecurityLevel.SECURITY_ERROR) { + if (mDeprecatedSHA1Present) { + messageBuilder.append( + mContext.getResources().getString(R.string.page_info_connection_sha1)); + } else if (mSecurityLevel != ToolbarModelSecurityLevel.SECURITY_ERROR) { messageBuilder.append(mContext.getResources().getString( getConnectionMessageId(mSecurityLevel, mIsInternalPage))); } else { diff --git a/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java b/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java index 1ff8be9..a2354da 100644 --- a/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java +++ b/chrome/android/java/src/org/chromium/chrome/browser/toolbar/ToolbarModel.java @@ -40,6 +40,15 @@ public class ToolbarModel { } /** + * @param webContents The web contents to query for deprecated SHA-1 presence. + * @return Whether the security level of the page was deprecated due to SHA-1. + */ + public static boolean isDeprecatedSHA1Present(WebContents webContents) { + if (webContents == null) return false; + return nativeIsDeprecatedSHA1Present(webContents); + } + + /** * Initialize the native counterpart of this model. * @param delegate The delegate that will be used by the model. */ @@ -75,6 +84,7 @@ public class ToolbarModel { } private static native int nativeGetSecurityLevelForWebContents(WebContents webContents); + private static native boolean nativeIsDeprecatedSHA1Present(WebContents webContents); private native long nativeInit(ToolbarModelDelegate delegate); private native void nativeDestroy(long nativeToolbarModelAndroid); diff --git a/chrome/browser/ui/android/toolbar/toolbar_model_android.cc b/chrome/browser/ui/android/toolbar/toolbar_model_android.cc index 57f8637..3990d36 100644 --- a/chrome/browser/ui/android/toolbar/toolbar_model_android.cc +++ b/chrome/browser/ui/android/toolbar/toolbar_model_android.cc @@ -5,12 +5,17 @@ #include "chrome/browser/ui/android/toolbar/toolbar_model_android.h" #include "base/android/jni_string.h" +#include "base/metrics/field_trial.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/search/search.h" #include "chrome/browser/search_engines/ui_thread_search_terms_data.h" #include "chrome/browser/ui/toolbar/toolbar_model_impl.h" +#include "content/public/browser/cert_store.h" +#include "content/public/browser/navigation_entry.h" #include "content/public/browser/web_contents.h" +#include "content/public/common/ssl_status.h" #include "jni/ToolbarModel_jni.h" +#include "net/cert/x509_certificate.h" using base::android::ScopedJavaLocalRef; @@ -83,3 +88,42 @@ jint GetSecurityLevelForWebContents(JNIEnv* env, DCHECK(web_contents); return ToolbarModelImpl::GetSecurityLevelForWebContents(web_contents); } + +// Temporary method to allow us to surface a SHA-1 deprecation string on Android +// in M42. This duplicates a subset of the logic from +// ToolbarModelImpl::GetSecurityLevelForWebContents() and +// WebsiteSettings::Init(), which should really be refactored. +// This is at the wrong layer, and needs to be refactored (along with desktop): +// https://crbug.com/471390 + +// static +jboolean IsDeprecatedSHA1Present(JNIEnv* env, + jclass jcaller, + jobject jweb_contents) { + content::WebContents* web_contents = + content::WebContents::FromJavaWebContents(jweb_contents); + DCHECK(web_contents); + + content::NavigationEntry* entry = + web_contents->GetController().GetVisibleEntry(); + if (!entry) + return false; + + const content::SSLStatus& ssl = entry->GetSSL(); + if (ssl.security_style == content::SECURITY_STYLE_AUTHENTICATED) { + scoped_refptr<net::X509Certificate> cert; + // NOTE: This constant needs to be kept in sync with + // ToolbarModelImpl::GetSecurityLevelForWebContents(). + static const int64_t kJanuary2016 = INT64_C(13096080000000000); + if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) && + (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) && + cert->valid_expiry() > base::Time::FromInternalValue(kJanuary2016) && + // NOTE: This use of SHA1IdentityUIWarning needs to be kept in sync + // with WebsiteSettings::Init(). + base::FieldTrialList::FindFullName("SHA1IdentityUIWarning") == + "Enabled") { + return true; + } + } + return false; +} diff --git a/chrome/browser/ui/toolbar/toolbar_model_impl.cc b/chrome/browser/ui/toolbar/toolbar_model_impl.cc index 08b863d..25f63ae 100644 --- a/chrome/browser/ui/toolbar/toolbar_model_impl.cc +++ b/chrome/browser/ui/toolbar/toolbar_model_impl.cc @@ -137,6 +137,8 @@ ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents( // See http://crbug.com/401365 for details static const int64_t kJanuary2017 = INT64_C(13127702400000000); static const int64_t kJune2016 = INT64_C(13109213000000000); + // kJanuary2016 needs to be kept in sync with + // ToolbarModelAndroid::IsDeprecatedSHA1Present(). static const int64_t kJanuary2016 = INT64_C(13096080000000000); ToolbarModel::SecurityLevel security_level = NONE; diff --git a/chrome/browser/ui/website_settings/website_settings.cc b/chrome/browser/ui/website_settings/website_settings.cc index 699cf12..96a6f85 100644 --- a/chrome/browser/ui/website_settings/website_settings.cc +++ b/chrome/browser/ui/website_settings/website_settings.cc @@ -480,6 +480,8 @@ void WebsiteSettings::Init(Profile* profile, if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) && cert->valid_expiry() > base::Time::FromInternalValue(kSHA1LastIssuanceDate) && + // NOTE: This use of SHA1IdentityUIWarning needs to be kept in sync + // with ToolbarModelImpl::IsDeprecatedSHA1Present(). base::FieldTrialList::FindFullName("SHA1IdentityUIWarning") == "Enabled") { site_identity_status_ = |