diff options
| author | felt <felt@chromium.org> | 2015-09-17 13:33:59 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-09-17 20:34:33 +0000 |
| commit | 2493b445699a91d3e71e598d9318f32b8974a53f (patch) | |
| tree | a73307e4b7cfe5ac6e61e3f5176c006c032f3305 | |
| parent | 35b35d85da7746865bc66f3dee35487567e0a356 (diff) | |
| download | chromium_src-2493b445699a91d3e71e598d9318f32b8974a53f.zip chromium_src-2493b445699a91d3e71e598d9318f32b8974a53f.tar.gz chromium_src-2493b445699a91d3e71e598d9318f32b8974a53f.tar.bz2 | |
Create a component for SSL error handling
Classes like SSLErrorInfo and SSLErrorClassification are
tightly coupled with the SSL interstitial. Since the interstitial UI is being
componentized, I want to move the SSL error handling classes into a component
too. This CL begins with SSLErrorInfo.
BUG=488673
TBR=stuartmorgan@chromium.org
Committed: https://crrev.com/7f1410648c7767ae8d466ada4385e78176f5db06
Cr-Commit-Position: refs/heads/master@{#349282}
Review URL: https://codereview.chromium.org/1341923002
Cr-Commit-Position: refs/heads/master@{#349486}
24 files changed, 325 insertions, 256 deletions
diff --git a/build/ios/grit_whitelist.txt b/build/ios/grit_whitelist.txt index d380a37..a7dac60 100644 --- a/build/ios/grit_whitelist.txt +++ b/build/ios/grit_whitelist.txt @@ -245,6 +245,8 @@ IDS_CERT_ERROR_INVALID_CERT_TITLE IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_TITLE +IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DESCRIPTION +IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DETAILS IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION IDS_CERT_ERROR_NOT_YET_VALID_DETAILS IDS_CERT_ERROR_NOT_YET_VALID_DETAILS_EXTRA_INFO_2 @@ -256,12 +258,16 @@ IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION IDS_CERT_ERROR_REVOKED_CERT_DETAILS IDS_CERT_ERROR_REVOKED_CERT_EXTRA_INFO_2 IDS_CERT_ERROR_REVOKED_CERT_TITLE +IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DESCRIPTION +IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DETAILS IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_TITLE IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS IDS_CERT_ERROR_UNKNOWN_ERROR_TITLE +IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION +IDS_CERT_ERROR_VALIDITY_TOO_LONG_DETAILS IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION IDS_CERT_ERROR_WEAK_KEY_DETAILS IDS_CERT_ERROR_WEAK_KEY_EXTRA_INFO_2 diff --git a/chrome/app/chromium_strings.grd b/chrome/app/chromium_strings.grd index 9548ce9..eb9dca4 100644 --- a/chrome/app/chromium_strings.grd +++ b/chrome/app/chromium_strings.grd @@ -181,21 +181,6 @@ If you update this file, be sure also to update google_chrome_strings.grd. --> New window </message> </if> - <if expr="is_ios"> - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by Chromium. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - </if> - <if expr="is_android"> - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your device's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - </if> - <if expr="not is_ios and not is_android"> - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - </if> <message name="IDS_TASK_MANAGER_TITLE" desc="The title of the Task Manager window"> Task Manager - Chromium </message> diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index 208cf07..2f2f1c6 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -2659,119 +2659,6 @@ Even if you have downloaded files from this website before, the website might ha Run all plugins this time </message> - <!-- Certificate error strings --> - <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS" desc="Details for an unsafe common name in an X509 certificate"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is from <ph name="DOMAIN2"><strong>$2<ex>fakepaypal.com</ex></strong></ph>. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION" desc="Description for an unsafe common name in an X509 certificate"> - Server's certificate does not match the URL. - </message> - - <message name="IDS_CERT_ERROR_EXPIRED_DETAILS" desc="Details for an expired X509 certificate [ICU Syntax]"> - {1, plural, - =1 {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate expired yesterday. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to <ph name="CURRENT_DATE">{2, date, full}<ex>Monday, July 16, 2012</ex></ph>. Does that look right? If not, you should correct your system's clock and then refresh this page.} - other {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate expired # days ago. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to <ph name="CURRENT_DATE">{2, date, full}<ex>Monday, July 16, 2012</ex></ph>. Does that look right? If not, you should correct your system's clock and then refresh this page.}} - </message> - <message name="IDS_CERT_ERROR_EXPIRED_DESCRIPTION" desc="Description for an expired X509 certificate"> - Server's certificate has expired. - </message> - - <message name="IDS_CERT_ERROR_NOT_YET_VALID_DETAILS" desc="Details for an X509 certificate that is not yet valid [ICU Syntax]"> - {1, plural, - =1 {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate is supposedly from tomorrow. This may be caused by a misconfiguration or an attacker intercepting your connection.} - other {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate is supposedly from # days in the future. This may be caused by a misconfiguration or an attacker intercepting your connection.}} - </message> - <message name="IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION" desc="Description for an X509 certificate that is not yet valid"> - Server's certificate is not yet valid. - </message> - - <message name="IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DETAILS" desc="Details for a chain with a X509 certificate that is not valid at this time."> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not valid at this time. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - <message name="IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DESCRIPTION" desc="Description for a chain with a X509 certificate that is not valid at this time."> - Server's certificate is not valid at this time. - </message> - - <message name="IDS_CERT_ERROR_CHAIN_EXPIRED_DETAILS" desc="Details for an expired root or intermediate cert in chain"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate expired. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to <ph name="CURRENT_TIME">$3<ex>July 18, 2012</ex></ph>. Does that look right? If not, you should correct your system's clock and then refresh this page. - </message> - <message name="IDS_CERT_ERROR_CHAIN_EXPIRED_DESCRIPTION" desc="Description for an expired intermediate/root certificate in chain"> - A root or intermediate certificate has expired. - </message> - - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION" desc="Description for an X509 certificate with an invalid authority"> - Server's certificate is not trusted. - </message> - - <message name="IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS" desc="Details of the error page for an X509 certificate that contains errors"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate contains errors. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - <message name="IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION" desc="Description of the error page for an X509 certificate that contains errors"> - Server's certificate contains errors. - </message> - - <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS" desc="Details for being unable to check revocation status of an X509 certificate"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate might be revoked. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION" desc="Description for being unable to check revocation status of an X509 certificate"> - Server's certificate cannot be checked. - </message> - - <message name="IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS" desc="Details for not finding a revocation mechanism in an X509 certificate"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate might be revoked. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - <message name="IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DESCRIPTION" desc="Description for not finding a revocation mechanism in an X509 certificate"> - No revocation mechanism found. - </message> - - <message name="IDS_CERT_ERROR_REVOKED_CERT_DETAILS" desc="Details of the error page for a revoked certificate"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the certificate that the server presented has been revoked by its issuer. This means that the security credentials the server presented absolutely should not be trusted. You may be communicating with an attacker. - </message> - <message name="IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION" desc="Description of the error page for a revoked certificate"> - Server's certificate has been revoked. - </message> - - <message name="IDS_CERT_ERROR_INVALID_CERT_DETAILS" desc="Details of the error page for an X509 certificate that is invalid"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented an invalid certificate. - </message> - <message name="IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION" desc="Description of the error page for an X509 certificate that is invalid"> - Server's certificate is invalid. - </message> - - <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS" desc="Details of the error page for a certificate signed using a weak signature algorithm"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker). - </message> - <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION" desc="Description of the error page for a certificate signed using a weak signature algorithm"> - Server's certificate is signed using a weak signature algorithm. - </message> - - <message name="IDS_CERT_ERROR_WEAK_KEY_DETAILS" desc="Details of the error page for a certificate containing a weak key"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate containing a weak key. An attacker could have broken the private key, and the server may not be the server you expected (you may be communicating with an attacker). - </message> - <message name="IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION" desc="Description of the error page for a certificate containing a weak key"> - The server certificate contains a weak cryptographic key. - </message> - - <message name="IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS" desc="Details of the error page for a certificate that contains a name outside of its scope"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate might have been issued fraudulently. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - <message name="IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION" desc="Description of the error page for a certificate that contains a name outside of its scope"> - Server's certificate violates name constraints. - </message> - <message name="IDS_CERT_ERROR_VALIDITY_TOO_LONG_DETAILS" desc="Details of the error page for a certificate whose validity period is too long"> - You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate whose validity period is too long to be trustworthy. - </message> - <message name="IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION" desc="Description of the error page for a certificate whose validity period is too long"> - The server certificate has a validity period that is too long. - </message> - - <message name="IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS" desc="Details of the error page for an unknown ssl error"> - An unknown error has occurred. - </message> - <message name="IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION" desc="Description of the error page for an unknown ssl error"> - Unknown server certificate error. - </message> - <!-- Administrator-provided certificate notifications --> <message name="IDS_CERT_POLICY_PROVIDED_CERT_HEADER" desc="Text that is displayed in the header of the Website Settings popup when using an administrator-provided certificate"> Using an administrator-provided certificate @@ -9452,12 +9339,6 @@ I don't think this site should be blocked! <message name="IDS_ERRORPAGES_HEADING_PINNING_FAILURE" desc="Title of the error page for a certificate which doesn't match the built-in pins for that name"> Incorrect certificate for host. </message> - <message name="IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE" desc="Details of the error page for a certificate which doesn't match the built-in pins for that name"> - The server presented a certificate that doesn't match built-in expectations. These expectations are included for certain, high-security websites in order to protect you. - </message> - <message name="IDS_ERRORPAGES_DETAILS_PINNING_FAILURE" desc="Description of the error page for a certificate which doesn't match the built-in pins for that name"> - The server's certificate appears to be a forgery. - </message> <message name="IDS_ERRORPAGES_HEADING_BAD_SSL_CLIENT_AUTH_CERT" desc="Heading in the error page for SSL client certificate authentication failure."> Certificate-based authentication failed diff --git a/chrome/app/google_chrome_strings.grd b/chrome/app/google_chrome_strings.grd index 847abc5..988e0b6 100644 --- a/chrome/app/google_chrome_strings.grd +++ b/chrome/app/google_chrome_strings.grd @@ -183,21 +183,6 @@ chromium_strings.grd. --> New window </message> </if> - <if expr="is_ios"> - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by Chrome. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - </if> - <if expr="is_android"> - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your device's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - </if> - <if expr="not is_ios and not is_android"> - <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> - This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. - </message> - </if> <message name="IDS_TASK_MANAGER_TITLE" desc="The title of the Task Manager window"> Task Manager - Google Chrome </message> diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn index a8234be..cb5812c 100644 --- a/chrome/browser/BUILD.gn +++ b/chrome/browser/BUILD.gn @@ -151,6 +151,7 @@ source_set("browser") { "//components/search_provider_logos", "//components/security_interstitials/core", "//components/signin/core/browser", + "//components/ssl_errors", "//components/startup_metric_utils", "//components/strings", "//components/suggestions", diff --git a/chrome/browser/DEPS b/chrome/browser/DEPS index 38ac505..776d47c 100644 --- a/chrome/browser/DEPS +++ b/chrome/browser/DEPS @@ -87,6 +87,7 @@ include_rules = [ "+components/session_manager", "+components/sessions", "+components/signin", + "+components/ssl_errors", "+components/startup_metric_utils", "+components/storage_monitor", "+components/suggestions", diff --git a/chrome/browser/ssl/bad_clock_blocking_page.cc b/chrome/browser/ssl/bad_clock_blocking_page.cc index 261b90f..2d89b10 100644 --- a/chrome/browser/ssl/bad_clock_blocking_page.cc +++ b/chrome/browser/ssl/bad_clock_blocking_page.cc @@ -24,7 +24,6 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/renderer_preferences_util.h" #include "chrome/browser/ssl/ssl_error_classification.h" -#include "chrome/browser/ssl/ssl_error_info.h" #include "chrome/common/pref_names.h" #include "chrome/grit/generated_resources.h" #include "components/google/core/browser/google_util.h" diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc index 2949d19..2147785 100644 --- a/chrome/browser/ssl/ssl_blocking_page.cc +++ b/chrome/browser/ssl/ssl_blocking_page.cc @@ -27,12 +27,12 @@ #include "chrome/browser/ssl/cert_report_helper.h" #include "chrome/browser/ssl/ssl_cert_reporter.h" #include "chrome/browser/ssl/ssl_error_classification.h" -#include "chrome/browser/ssl/ssl_error_info.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/pref_names.h" #include "chrome/grit/chromium_strings.h" #include "chrome/grit/generated_resources.h" #include "components/google/core/browser/google_util.h" +#include "components/ssl_errors/error_info.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/cert_store.h" #include "content/public/browser/interstitial_page.h" @@ -220,9 +220,9 @@ void SSLBlockingPage::PopulateInterstitialStrings( if (overridable_) { load_time_data->SetBoolean("overridable", true); - SSLErrorInfo error_info = SSLErrorInfo::CreateError( - SSLErrorInfo::NetErrorToErrorType(cert_error_), ssl_info_.cert.get(), - request_url()); + ssl_errors::ErrorInfo error_info = ssl_errors::ErrorInfo::CreateError( + ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_), + ssl_info_.cert.get(), request_url()); load_time_data->SetString("explanationParagraph", error_info.details()); load_time_data->SetString( "primaryButtonText", @@ -233,9 +233,9 @@ void SSLBlockingPage::PopulateInterstitialStrings( } else { load_time_data->SetBoolean("overridable", false); - SSLErrorInfo::ErrorType type = - SSLErrorInfo::NetErrorToErrorType(cert_error_); - if (type == SSLErrorInfo::CERT_INVALID && + ssl_errors::ErrorInfo::ErrorType type = + ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_); + if (type == ssl_errors::ErrorInfo::CERT_INVALID && SSLErrorClassification::MaybeWindowsLacksSHA256Support()) { load_time_data->SetString( "explanationParagraph", @@ -254,13 +254,13 @@ void SSLBlockingPage::PopulateInterstitialStrings( load_time_data->SetInteger("errorType", type); int help_string = IDS_SSL_NONOVERRIDABLE_INVALID; switch (type) { - case SSLErrorInfo::CERT_REVOKED: + case ssl_errors::ErrorInfo::CERT_REVOKED: help_string = IDS_SSL_NONOVERRIDABLE_REVOKED; break; - case SSLErrorInfo::CERT_PINNED_KEY_MISSING: + case ssl_errors::ErrorInfo::CERT_PINNED_KEY_MISSING: help_string = IDS_SSL_NONOVERRIDABLE_PINNED; break; - case SSLErrorInfo::CERT_INVALID: + case ssl_errors::ErrorInfo::CERT_INVALID: help_string = IDS_SSL_NONOVERRIDABLE_INVALID; break; default: diff --git a/chrome/browser/ssl/ssl_error_classification.cc b/chrome/browser/ssl/ssl_error_classification.cc index 765209d..d78a1c5 100644 --- a/chrome/browser/ssl/ssl_error_classification.cc +++ b/chrome/browser/ssl/ssl_error_classification.cc @@ -15,7 +15,7 @@ #include "chrome/browser/browser_process.h" #include "chrome/browser/chrome_notification_types.h" #include "chrome/browser/profiles/profile.h" -#include "chrome/browser/ssl/ssl_error_info.h" +#include "components/ssl_errors/error_info.h" #include "content/public/browser/notification_service.h" #include "content/public/browser/web_contents.h" #include "net/base/net_util.h" @@ -180,12 +180,12 @@ void SSLErrorClassification::RecordCaptivePortalUMAStatistics( void SSLErrorClassification::RecordUMAStatistics( bool overridable) const { - SSLErrorInfo::ErrorType type = - SSLErrorInfo::NetErrorToErrorType(cert_error_); - UMA_HISTOGRAM_ENUMERATION( - "interstitial.ssl_error_type", type, SSLErrorInfo::END_OF_ENUM); + ssl_errors::ErrorInfo::ErrorType type = + ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_); + UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_type", type, + ssl_errors::ErrorInfo::END_OF_ENUM); switch (type) { - case SSLErrorInfo::CERT_DATE_INVALID: { + case ssl_errors::ErrorInfo::CERT_DATE_INVALID: { if (IsUserClockInThePast(base::Time::NowFromSystemTime())) { RecordSSLInterstitialCause(overridable, CLOCK_PAST); } else if (IsUserClockInTheFuture(base::Time::NowFromSystemTime())) { @@ -195,7 +195,7 @@ void SSLErrorClassification::RecordUMAStatistics( } break; } - case SSLErrorInfo::CERT_COMMON_NAME_INVALID: { + case ssl_errors::ErrorInfo::CERT_COMMON_NAME_INVALID: { std::string host_name = request_url_.host(); if (IsHostNameKnownTLD(host_name)) { Tokens host_name_tokens = Tokenize(host_name); @@ -219,7 +219,7 @@ void SSLErrorClassification::RecordUMAStatistics( } break; } - case SSLErrorInfo::CERT_AUTHORITY_INVALID: { + case ssl_errors::ErrorInfo::CERT_AUTHORITY_INVALID: { const std::string& hostname = request_url_.HostNoBrackets(); if (net::IsLocalhost(hostname)) RecordSSLInterstitialCause(overridable, LOCALHOST); diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc index 91c4510..7fe5d02 100644 --- a/chrome/browser/ssl/ssl_error_handler.cc +++ b/chrome/browser/ssl/ssl_error_handler.cc @@ -15,7 +15,7 @@ #include "chrome/browser/ssl/ssl_blocking_page.h" #include "chrome/browser/ssl/ssl_cert_reporter.h" #include "chrome/browser/ssl/ssl_error_classification.h" -#include "chrome/browser/ssl/ssl_error_info.h" +#include "components/ssl_errors/error_info.h" #include "content/public/browser/notification_service.h" #include "content/public/browser/notification_source.h" #include "content/public/browser/render_frame_host.h" @@ -133,8 +133,8 @@ bool IsSSLCommonNameMismatchHandlingEnabled() { } bool IsErrorDueToBadClock(const base::Time& now, int error) { - if (SSLErrorInfo::NetErrorToErrorType(error) != - SSLErrorInfo::CERT_DATE_INVALID) { + if (ssl_errors::ErrorInfo::NetErrorToErrorType(error) != + ssl_errors::ErrorInfo::CERT_DATE_INVALID) { return false; } return SSLErrorClassification::IsUserClockInThePast(now) || diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc index 0b32fec..a01fd45 100644 --- a/chrome/browser/ui/browser.cc +++ b/chrome/browser/ui/browser.cc @@ -206,7 +206,6 @@ #if defined(OS_WIN) #include "base/win/metro.h" -#include "chrome/browser/ssl/ssl_error_info.h" #include "chrome/browser/task_manager/task_manager.h" #include "chrome/browser/ui/view_ids.h" #include "components/autofill/core/browser/autofill_ie_toolbar_import_win.h" diff --git a/chrome/browser/ui/website_settings/website_settings.cc b/chrome/browser/ui/website_settings/website_settings.cc index d140276..4c1391a 100644 --- a/chrome/browser/ui/website_settings/website_settings.cc +++ b/chrome/browser/ui/website_settings/website_settings.cc @@ -28,7 +28,6 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" #include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h" -#include "chrome/browser/ssl/ssl_error_info.h" #include "chrome/browser/ui/website_settings/website_settings_ui.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/pref_names.h" @@ -41,6 +40,7 @@ #include "components/content_settings/core/common/content_settings.h" #include "components/content_settings/core/common/content_settings_pattern.h" #include "components/rappor/rappor_utils.h" +#include "components/ssl_errors/error_info.h" #include "components/url_formatter/elide_url.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/cert_store.h" @@ -485,9 +485,9 @@ void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; const base::string16 bullet = UTF8ToUTF16("\n • "); - std::vector<SSLErrorInfo> errors; - SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id, ssl.cert_status, - url, &errors); + std::vector<ssl_errors::ErrorInfo> errors; + ssl_errors::ErrorInfo::GetErrorsForCertStatus(cert, ssl.cert_status, url, + &errors); for (size_t i = 0; i < errors.size(); ++i) { site_identity_details_ += bullet; site_identity_details_ += errors[i].short_description(); diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi index 6270a9b..43b97db 100644 --- a/chrome/chrome_browser.gypi +++ b/chrome/chrome_browser.gypi @@ -2760,9 +2760,7 @@ 'browser/ssl/ssl_error_classification.cc', 'browser/ssl/ssl_error_classification.h', 'browser/ssl/ssl_error_handler.cc', - 'browser/ssl/ssl_error_handler.h', - 'browser/ssl/ssl_error_info.cc', - 'browser/ssl/ssl_error_info.h', + 'browser/ssl/ssl_error_handler.h' ], 'chrome_browser_supervised_user_sources': [ 'browser/content_settings/content_settings_supervised_provider.cc', @@ -3149,6 +3147,7 @@ '../components/components.gyp:search_engines', '../components/components.gyp:search_provider_logos', '../components/components.gyp:security_interstitials_core', + '../components/components.gyp:ssl_errors', '../components/components.gyp:suggestions', '../components/components.gyp:signin_core_browser', '../components/components.gyp:startup_metric_utils', diff --git a/chrome/common/localized_error.cc b/chrome/common/localized_error.cc index d04dc4b..e9e6b65 100644 --- a/chrome/common/localized_error.cc +++ b/chrome/common/localized_error.cc @@ -21,6 +21,7 @@ #include "components/url_formatter/url_formatter.h" #include "grit/components_chromium_strings.h" #include "grit/components_google_chrome_strings.h" +#include "grit/components_strings.h" #include "net/base/escape.h" #include "net/base/net_errors.h" #include "third_party/WebKit/public/platform/WebURLError.h" @@ -268,8 +269,8 @@ const LocalizedErrorMap net_error_options[] = { {net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, IDS_ERRORPAGES_TITLE_LOAD_FAILED, IDS_ERRORPAGES_HEADING_PINNING_FAILURE, - IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE, - IDS_ERRORPAGES_DETAILS_PINNING_FAILURE, + IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DETAILS, + IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DESCRIPTION, SUGGEST_NONE, }, {net::ERR_TEMPORARILY_THROTTLED, diff --git a/components/BUILD.gn b/components/BUILD.gn index 61b2d16..0e86dbe 100644 --- a/components/BUILD.gn +++ b/components/BUILD.gn @@ -104,6 +104,7 @@ group("all_components") { "//components/security_interstitials/core", "//components/sessions", "//components/signin/core/browser", + "//components/ssl_errors", "//components/startup_metric_utils", "//components/strings", "//components/sync_driver", diff --git a/components/components.gyp b/components/components.gyp index 91815d7..24069c0 100644 --- a/components/components.gyp +++ b/components/components.gyp @@ -72,6 +72,7 @@ 'security_interstitials.gypi', 'sessions.gypi', 'signin.gypi', + 'ssl_errors.gypi', 'startup_metric_utils.gypi', 'suggestions.gypi', 'sync_driver.gypi', diff --git a/components/components_strings.grd b/components/components_strings.grd index edd5888..f5ce76c 100644 --- a/components/components_strings.grd +++ b/components/components_strings.grd @@ -143,6 +143,7 @@ <part file="pdf_strings.grdp" /> <part file="policy_strings.grdp" /> <part file="security_interstitials_strings.grdp" /> + <part file="ssl_errors_strings.grdp" /> <part file="translate_strings.grdp" /> <part file="undo_strings.grdp" /> <part file="version_info.grdp" /> diff --git a/components/ssl_errors.gypi b/components/ssl_errors.gypi new file mode 100644 index 0000000..b66444b --- /dev/null +++ b/components/ssl_errors.gypi @@ -0,0 +1,27 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +{ + 'targets': [ + { + # GN version: //components/ssl_errors + 'target_name': 'ssl_errors', + 'type': 'static_library', + 'dependencies': [ + '../base/base.gyp:base_i18n', + '../net/net.gyp:net', + '../ui/base/ui_base.gyp:ui_base', + 'components_strings.gyp:components_strings', + ], + 'include_dirs': [ + '..', + ], + 'sources': [ + # Note: sources list duplicated in GN build. + 'ssl_errors/error_info.cc', + 'ssl_errors/error_info.h', + ] + } + ] +}
\ No newline at end of file diff --git a/components/ssl_errors/BUILD.gn b/components/ssl_errors/BUILD.gn new file mode 100644 index 0000000..fc3da15 --- /dev/null +++ b/components/ssl_errors/BUILD.gn @@ -0,0 +1,18 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# GYP version: components/ssl_errors.gyp +source_set("ssl_errors") { + sources = [ + "error_info.cc", + "error_info.h", + ] + + deps = [ + "//base", + "//components/strings", + "//net", + "//ui/base", + ] +} diff --git a/components/ssl_errors/DEPS b/components/ssl_errors/DEPS new file mode 100644 index 0000000..37f0ae0 --- /dev/null +++ b/components/ssl_errors/DEPS @@ -0,0 +1,5 @@ +include_rules = [ + "+grit", + "+net", + "+ui/base" +]
\ No newline at end of file diff --git a/components/ssl_errors/OWNERS b/components/ssl_errors/OWNERS new file mode 100644 index 0000000..3f66a8d --- /dev/null +++ b/components/ssl_errors/OWNERS @@ -0,0 +1,6 @@ +agl@chromium.org +estark@chromium.org +felt@chromium.org +meacer@chromium.org +palmer@chromium.org +rsleevi@chromium.org diff --git a/chrome/browser/ssl/ssl_error_info.cc b/components/ssl_errors/error_info.cc index 7e60783..625a31b 100644 --- a/chrome/browser/ssl/ssl_error_info.cc +++ b/components/ssl_errors/error_info.cc @@ -1,14 +1,12 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/ssl/ssl_error_info.h" +#include "components/ssl_errors/error_info.h" #include "base/i18n/message_formatter.h" #include "base/strings/utf_string_conversions.h" -#include "chrome/grit/chromium_strings.h" -#include "chrome/grit/generated_resources.h" -#include "content/public/browser/cert_store.h" +#include "grit/components_strings.h" #include "net/base/escape.h" #include "net/base/net_errors.h" #include "net/cert/cert_status_flags.h" @@ -18,16 +16,16 @@ using base::UTF8ToUTF16; -SSLErrorInfo::SSLErrorInfo(const base::string16& details, - const base::string16& short_description) - : details_(details), - short_description_(short_description) { -} +namespace ssl_errors { + +ErrorInfo::ErrorInfo(const base::string16& details, + const base::string16& short_description) + : details_(details), short_description_(short_description) {} // static -SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, - net::X509Certificate* cert, - const GURL& request_url) { +ErrorInfo ErrorInfo::CreateError(ErrorType error_type, + net::X509Certificate* cert, + const GURL& request_url) { base::string16 details, short_description; switch (error_type) { case CERT_COMMON_NAME_INVALID: { @@ -47,11 +45,10 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, } if (i == dns_names.size()) i = 0; - details = - l10n_util::GetStringFUTF16(IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS, - UTF8ToUTF16(request_url.host()), - net::EscapeForHTML( - UTF8ToUTF16(dns_names[i]))); + details = l10n_util::GetStringFUTF16( + IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS, + UTF8ToUTF16(request_url.host()), + net::EscapeForHTML(UTF8ToUTF16(dns_names[i]))); short_description = l10n_util::GetStringUTF16( IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION); break; @@ -87,16 +84,16 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, } break; case CERT_AUTHORITY_INVALID: - details = l10n_util::GetStringFUTF16( - IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS, - UTF8ToUTF16(request_url.host())); + details = + l10n_util::GetStringFUTF16(IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS, + UTF8ToUTF16(request_url.host())); short_description = l10n_util::GetStringUTF16( IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION); break; case CERT_CONTAINS_ERRORS: - details = l10n_util::GetStringFUTF16( - IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS, - UTF8ToUTF16(request_url.host())); + details = + l10n_util::GetStringFUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS, + UTF8ToUTF16(request_url.host())); short_description = l10n_util::GetStringUTF16(IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION); break; @@ -113,9 +110,8 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, l10n_util::GetStringUTF16(IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION); break; case CERT_INVALID: - details = l10n_util::GetStringFUTF16( - IDS_CERT_ERROR_INVALID_CERT_DETAILS, - UTF8ToUTF16(request_url.host())); + details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_INVALID_CERT_DETAILS, + UTF8ToUTF16(request_url.host())); short_description = l10n_util::GetStringUTF16(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION); break; @@ -127,16 +123,16 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION); break; case CERT_WEAK_KEY: - details = l10n_util::GetStringFUTF16( - IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); - short_description = l10n_util::GetStringUTF16( - IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); + details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_WEAK_KEY_DETAILS, + UTF8ToUTF16(request_url.host())); + short_description = + l10n_util::GetStringUTF16(IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); break; case CERT_WEAK_KEY_DH: - details = l10n_util::GetStringFUTF16( - IDS_CERT_ERROR_WEAK_KEY_DETAILS, UTF8ToUTF16(request_url.host())); - short_description = l10n_util::GetStringUTF16( - IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); + details = l10n_util::GetStringFUTF16(IDS_CERT_ERROR_WEAK_KEY_DETAILS, + UTF8ToUTF16(request_url.host())); + short_description = + l10n_util::GetStringUTF16(IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION); case CERT_NAME_CONSTRAINT_VIOLATION: details = l10n_util::GetStringFUTF16( IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS, @@ -153,9 +149,9 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, break; case CERT_PINNED_KEY_MISSING: details = l10n_util::GetStringUTF16( - IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE); + IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DETAILS); short_description = l10n_util::GetStringUTF16( - IDS_ERRORPAGES_DETAILS_PINNING_FAILURE); + IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DESCRIPTION); break; case CERT_UNABLE_TO_CHECK_REVOCATION: details = l10n_util::GetStringUTF16( @@ -171,14 +167,13 @@ SSLErrorInfo SSLErrorInfo::CreateError(ErrorType error_type, default: NOTREACHED(); } - return SSLErrorInfo(details, short_description); + return ErrorInfo(details, short_description); } -SSLErrorInfo::~SSLErrorInfo() { -} +ErrorInfo::~ErrorInfo() {} // static -SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) { +ErrorInfo::ErrorType ErrorInfo::NetErrorToErrorType(int net_error) { switch (net_error) { case net::ERR_CERT_COMMON_NAME_INVALID: return CERT_COMMON_NAME_INVALID; @@ -211,14 +206,15 @@ SSLErrorInfo::ErrorType SSLErrorInfo::NetErrorToErrorType(int net_error) { default: NOTREACHED(); return UNKNOWN; - } + } } // static -void SSLErrorInfo::GetErrorsForCertStatus(int cert_id, - net::CertStatus cert_status, - const GURL& url, - std::vector<SSLErrorInfo>* errors) { +void ErrorInfo::GetErrorsForCertStatus( + const scoped_refptr<net::X509Certificate>& cert, + net::CertStatus cert_status, + const GURL& url, + std::vector<ErrorInfo>* errors) { const net::CertStatus kErrorFlags[] = { net::CERT_STATUS_COMMON_NAME_INVALID, net::CERT_STATUS_DATE_INVALID, @@ -248,18 +244,12 @@ void SSLErrorInfo::GetErrorsForCertStatus(int cert_id, }; DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes)); - scoped_refptr<net::X509Certificate> cert = NULL; for (size_t i = 0; i < arraysize(kErrorFlags); ++i) { - if (cert_status & kErrorFlags[i]) { - if (!cert.get()) { - bool r = content::CertStore::GetInstance()->RetrieveCert( - cert_id, &cert); - DCHECK(r); - } - if (errors) { - errors->push_back( - SSLErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); - } + if ((cert_status & kErrorFlags[i]) && errors) { + errors->push_back( + ErrorInfo::CreateError(kErrorTypes[i], cert.get(), url)); } } } + +} // namespace ssl_errors diff --git a/chrome/browser/ssl/ssl_error_info.h b/components/ssl_errors/error_info.h index 0ffd553..1b26be5 100644 --- a/chrome/browser/ssl/ssl_error_info.h +++ b/components/ssl_errors/error_info.h @@ -1,9 +1,9 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_SSL_SSL_ERROR_INFO_H_ -#define CHROME_BROWSER_SSL_SSL_ERROR_INFO_H_ +#ifndef COMPONENTS_SSL_ERRORS_SSL_ERROR_INFO_H_ +#define COMPONENTS_SSL_ERRORS_SSL_ERROR_INFO_H_ #include <string> #include <vector> @@ -14,11 +14,13 @@ class GURL; +namespace ssl_errors { + // This class describes an error that happened while showing a page over SSL. -// An SSLErrorInfo object only exists on the UI thread and only contains +// An ErrorInfo object only exists on the UI thread and only contains // information about an error (type of error and text details). // Note no DISALLOW_COPY_AND_ASSIGN as we want the copy constructor. -class SSLErrorInfo { +class ErrorInfo { public: // This enum is being histogrammed; please only add new values at the end. enum ErrorType { @@ -40,23 +42,23 @@ class SSLErrorInfo { END_OF_ENUM }; - virtual ~SSLErrorInfo(); + virtual ~ErrorInfo(); // Converts a network error code to an ErrorType. static ErrorType NetErrorToErrorType(int net_error); - static SSLErrorInfo CreateError(ErrorType error_type, - net::X509Certificate* cert, - const GURL& request_url); + static ErrorInfo CreateError(ErrorType error_type, + net::X509Certificate* cert, + const GURL& request_url); // Populates the specified |errors| vector with the errors contained in - // |cert_status|. Returns the number of errors found. + // |cert_status| for |cert|. Returns the number of errors found. // Callers only interested in the error count can pass NULL for |errors|. - // TODO(wtc): Document |cert_id| and |url| arguments. - static void GetErrorsForCertStatus(int cert_id, - net::CertStatus cert_status, - const GURL& url, - std::vector<SSLErrorInfo>* errors); + static void GetErrorsForCertStatus( + const scoped_refptr<net::X509Certificate>& cert, + net::CertStatus cert_status, + const GURL& url, + std::vector<ErrorInfo>* errors); // A description of the error. const base::string16& details() const { return details_; } @@ -65,11 +67,13 @@ class SSLErrorInfo { const base::string16& short_description() const { return short_description_; } private: - SSLErrorInfo(const base::string16& details, - const base::string16& short_description); + ErrorInfo(const base::string16& details, + const base::string16& short_description); base::string16 details_; base::string16 short_description_; }; -#endif // CHROME_BROWSER_SSL_SSL_ERROR_INFO_H_ +} // namespace ssl_errors + +#endif // COMPONENTS_SSL_ERRORS_SSL_ERROR_INFO_H_ diff --git a/components/ssl_errors_strings.grdp b/components/ssl_errors_strings.grdp new file mode 100644 index 0000000..6d8ba6b --- /dev/null +++ b/components/ssl_errors_strings.grdp @@ -0,0 +1,159 @@ +<?xml version="1.0" encoding="utf-8"?> +<grit-part> + + <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS" desc="Details for an unsafe common name in an X509 certificate"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is from <ph name="DOMAIN2"><strong>$2<ex>fakepaypal.com</ex></strong></ph>. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + <message name="IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION" desc="Description for an unsafe common name in an X509 certificate"> + Server's certificate does not match the URL. + </message> + + <message name="IDS_CERT_ERROR_EXPIRED_DETAILS" desc="Details for an expired X509 certificate [ICU Syntax]"> + {1, plural, + =1 {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate expired yesterday. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to <ph name="CURRENT_DATE">{2, date, full}<ex>Monday, July 16, 2012</ex></ph>. Does that look right? If not, you should correct your system's clock and then refresh this page.} + other {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate expired # days ago. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to <ph name="CURRENT_DATE">{2, date, full}<ex>Monday, July 16, 2012</ex></ph>. Does that look right? If not, you should correct your system's clock and then refresh this page.}} + </message> + <message name="IDS_CERT_ERROR_EXPIRED_DESCRIPTION" desc="Description for an expired X509 certificate"> + Server's certificate has expired. + </message> + + <message name="IDS_CERT_ERROR_NOT_YET_VALID_DETAILS" desc="Details for an X509 certificate that is not yet valid [ICU Syntax]"> + {1, plural, + =1 {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate is supposedly from tomorrow. This may be caused by a misconfiguration or an attacker intercepting your connection.} + other {This server could not prove that it is <ph name="DOMAIN"><strong>{0}<ex>paypal.com</ex></strong></ph>; its security certificate is supposedly from # days in the future. This may be caused by a misconfiguration or an attacker intercepting your connection.}} + </message> + <message name="IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION" desc="Description for an X509 certificate that is not yet valid"> + Server's certificate is not yet valid. + </message> + + <message name="IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DETAILS" desc="Details for a chain with a X509 certificate that is not valid at this time."> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not valid at this time. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + <message name="IDS_CERT_ERROR_NOT_VALID_AT_THIS_TIME_DESCRIPTION" desc="Description for a chain with a X509 certificate that is not valid at this time."> + Server's certificate is not valid at this time. + </message> + + <message name="IDS_CERT_ERROR_CHAIN_EXPIRED_DETAILS" desc="Details for an expired root or intermediate cert in chain"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate expired. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to <ph name="CURRENT_TIME">$3<ex>July 18, 2012</ex></ph>. Does that look right? If not, you should correct your system's clock and then refresh this page. + </message> + <message name="IDS_CERT_ERROR_CHAIN_EXPIRED_DESCRIPTION" desc="Description for an expired intermediate/root certificate in chain"> + A root or intermediate certificate has expired. + </message> + + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION" desc="Description for an X509 certificate with an invalid authority"> + Server's certificate is not trusted. + </message> + + <message name="IDS_CERT_ERROR_CONTAINS_ERRORS_DETAILS" desc="Details of the error page for an X509 certificate that contains errors"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate contains errors. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + <message name="IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION" desc="Description of the error page for an X509 certificate that contains errors"> + Server's certificate contains errors. + </message> + + <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS" desc="Details for being unable to check revocation status of an X509 certificate"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate might be revoked. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION" desc="Description for being unable to check revocation status of an X509 certificate"> + Server's certificate cannot be checked. + </message> + + <message name="IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS" desc="Details for not finding a revocation mechanism in an X509 certificate"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate might be revoked. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + <message name="IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DESCRIPTION" desc="Description for not finding a revocation mechanism in an X509 certificate"> + No revocation mechanism found. + </message> + + <message name="IDS_CERT_ERROR_REVOKED_CERT_DETAILS" desc="Details of the error page for a revoked certificate"> + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the certificate that the server presented has been revoked by its issuer. This means that the security credentials the server presented absolutely should not be trusted. You may be communicating with an attacker. + </message> + <message name="IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION" desc="Description of the error page for a revoked certificate"> + Server's certificate has been revoked. + </message> + + <message name="IDS_CERT_ERROR_INVALID_CERT_DETAILS" desc="Details of the error page for an X509 certificate that is invalid"> + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented an invalid certificate. + </message> + <message name="IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION" desc="Description of the error page for an X509 certificate that is invalid"> + Server's certificate is invalid. + </message> + + <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DETAILS" desc="Details of the error page for a certificate signed using a weak signature algorithm"> + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker). + </message> + <message name="IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION" desc="Description of the error page for a certificate signed using a weak signature algorithm"> + Server's certificate is signed using a weak signature algorithm. + </message> + + <message name="IDS_CERT_ERROR_WEAK_KEY_DETAILS" desc="Details of the error page for a certificate containing a weak key"> + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate containing a weak key. An attacker could have broken the private key, and the server may not be the server you expected (you may be communicating with an attacker). + </message> + <message name="IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION" desc="Description of the error page for a certificate containing a weak key"> + The server certificate contains a weak cryptographic key. + </message> + + <message name="IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DETAILS" desc="Details of the error page for a certificate that contains a name outside of its scope"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate might have been issued fraudulently. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + <message name="IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION" desc="Description of the error page for a certificate that contains a name outside of its scope"> + Server's certificate violates name constraints. + </message> + <message name="IDS_CERT_ERROR_VALIDITY_TOO_LONG_DETAILS" desc="Details of the error page for a certificate whose validity period is too long"> + You attempted to reach <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>, but the server presented a certificate whose validity period is too long to be trustworthy. + </message> + <message name="IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION" desc="Description of the error page for a certificate whose validity period is too long"> + The server certificate has a validity period that is too long. + </message> + + <message name="IDS_CERT_ERROR_UNKNOWN_ERROR_DETAILS" desc="Details of the error page for an unknown ssl error"> + An unknown error has occurred. + </message> + <message name="IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION" desc="Description of the error page for an unknown ssl error"> + Unknown server certificate error. + </message> + + <message name="IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DETAILS" desc="Details of the error page for a certificate which doesn't match the built-in pins for that name"> + The server presented a certificate that doesn't match built-in expectations. These expectations are included for certain, high-security websites in order to protect you. + </message> + <message name="IDS_CERT_ERROR_SUMMARY_PINNING_FAILURE_DESCRIPTION" desc="Description of the error page for a certificate which doesn't match the built-in pins for that name"> + The server's certificate appears to be a forgery. + </message> + + <if expr="_google_chrome"> + <if expr="is_ios"> + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by Chrome. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + </if> + <if expr="is_android"> + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your device's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + </if> + <if expr="not is_ios and not is_android"> + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + </if> + </if> + + <if expr="not _google_chrome"> + <if expr="is_ios"> + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by Chromium. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + </if> + <if expr="is_android"> + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your device's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + </if> + <if expr="not is_ios and not is_android"> + <message name="IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS" desc="Details for an X509 certificate with an invalid authority"> + This server could not prove that it is <ph name="DOMAIN"><strong>$1<ex>paypal.com</ex></strong></ph>; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. + </message> + </if> + </if> + +</grit-part>
\ No newline at end of file |