// Copyright 2008, Google Inc. // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "chrome/browser/ssl_manager.h" #include "base/message_loop.h" #include "base/string_util.h" #include "chrome/app/theme/theme_resources.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/provisional_load_details.h" #include "chrome/browser/load_notification_details.h" #include "chrome/browser/load_from_memory_cache_details.h" #include "chrome/browser/navigation_controller.h" #include "chrome/browser/navigation_entry.h" #include "chrome/browser/render_view_host.h" #include "chrome/browser/resource_request_details.h" #include "chrome/browser/ssl_error_info.h" #include "chrome/browser/ssl_policy.h" #include "chrome/browser/standard_layout.h" #include "chrome/browser/tab_contents.h" #include "chrome/browser/tab_util.h" #include "chrome/browser/web_contents.h" #include "chrome/browser/views/info_bar_view.h" #include "chrome/common/l10n_util.h" #include "chrome/common/notification_service.h" #include "chrome/common/pref_names.h" #include "chrome/common/pref_service.h" #include "chrome/common/resource_bundle.h" #include "chrome/views/decision.h" #include "chrome/views/link.h" #include "net/base/cert_status_flags.h" #include "net/base/net_errors.h" #include "net/url_request/url_request.h" #include "webkit/glue/resource_type.h" #include "generated_resources.h" //////////////////////////////////////////////////////////////////////////////// // SSLInfoBar // // An info bar with a message and an optional link that runs a task when // clicked. class SSLInfoBar : public InfoBarItemView, public ChromeViews::LinkController { public: SSLInfoBar::SSLInfoBar(SSLManager* manager, const std::wstring& message, const std::wstring& link_text, Task* task); virtual SSLInfoBar::~SSLInfoBar(); const std::wstring GetMessageText() const; // ChromeViews::LinkController method. virtual void LinkActivated(ChromeViews::Link* source, int event_flags); private: ChromeViews::Label* label_; ChromeViews::Link* link_; SSLManager* manager_; scoped_ptr task_; DISALLOW_EVIL_CONSTRUCTORS(SSLInfoBar); }; SSLInfoBar::SSLInfoBar(SSLManager* manager, const std::wstring& message, const std::wstring& link_text, Task* task) : label_(NULL), link_(NULL), manager_(manager), task_(task) { ResourceBundle& rb = ResourceBundle::GetSharedInstance(); if (!message.empty()) { label_ = new ChromeViews::Label(message); label_->SetFont(rb.GetFont(ResourceBundle::MediumFont)); label_->SetHorizontalAlignment(ChromeViews::Label::ALIGN_LEFT); AddChildViewLeading(label_); } if (!link_text.empty()) { DCHECK(task) << L"Link and no task"; // What do you want to do when users // click the link?? link_ = new ChromeViews::Link(link_text); link_->SetFont(rb.GetFont(ResourceBundle::MediumFont)); link_->SetController(this); AddChildViewTrailing(link_); } SetIcon(*rb.GetBitmapNamed(IDR_INFOBAR_SSL_WARNING)); DCHECK(manager); } SSLInfoBar::~SSLInfoBar() { // Notify our manager that we no longer exist. manager_->OnInfoBarClose(this); } const std::wstring SSLInfoBar::GetMessageText() const { if (!label_) return std::wstring(); return label_->GetText(); } void SSLInfoBar::LinkActivated(ChromeViews::Link* source, int event_flags) { if (task_.get()) { task_->Run(); task_.reset(); // Ensures we won't run the task again. } Close(); } //////////////////////////////////////////////////////////////////////////////// // SSLManager // static void SSLManager::RegisterUserPrefs(PrefService* prefs) { prefs->RegisterIntegerPref(prefs::kMixedContentFiltering, FilterPolicy::DONT_FILTER); } SSLManager::SSLManager(NavigationController* controller, Delegate* delegate) : controller_(controller), delegate_(delegate) { DCHECK(controller_); // If do delegate is supplied, use the default policy. if (!delegate_) delegate_ = SSLPolicy::GetDefaultPolicy(); // Subscribe to various notifications. NotificationService* service = NotificationService::current(); service->AddObserver(this, NOTIFY_FRAME_PROVISIONAL_LOAD_COMMITTED, Source(controller_)); service->AddObserver(this, NOTIFY_FAIL_PROVISIONAL_LOAD_WITH_ERROR, Source(controller_)); service->AddObserver(this, NOTIFY_RESOURCE_RESPONSE_STARTED, Source(controller_)); service->AddObserver(this, NOTIFY_RESOURCE_RECEIVED_REDIRECT, Source(controller_)); service->AddObserver(this, NOTIFY_LOAD_FROM_MEMORY_CACHE, Source(controller_)); } SSLManager::~SSLManager() { // Close any of our info bars that are still left. FOR_EACH_OBSERVER(SSLInfoBar, visible_info_bars_, Close()); // Unsubscribe from various notifications. NotificationService* service = NotificationService::current(); service->RemoveObserver(this, NOTIFY_FRAME_PROVISIONAL_LOAD_COMMITTED, Source(controller_)); service->RemoveObserver(this, NOTIFY_FAIL_PROVISIONAL_LOAD_WITH_ERROR, Source(controller_)); service->RemoveObserver(this, NOTIFY_RESOURCE_RESPONSE_STARTED, Source(controller_)); service->RemoveObserver(this, NOTIFY_RESOURCE_RECEIVED_REDIRECT, Source(controller_)); service->RemoveObserver(this, NOTIFY_LOAD_FROM_MEMORY_CACHE, Source(controller_)); } // Delegate API method. void SSLManager::ShowMessage(const std::wstring& msg) { ShowMessageWithLink(msg, std::wstring(), NULL); } void SSLManager::ShowMessageWithLink(const std::wstring& msg, const std::wstring& link_text, Task* task) { if (controller_->GetPendingEntry()) { // The main frame is currently loading, wait until the load is committed so // to show the error on the right page (once the location bar shows the // correct url). if (std::find(pending_messages_.begin(), pending_messages_.end(), msg) == pending_messages_.end()) pending_messages_.push_back(SSLMessageInfo(msg, link_text, task)); return; } NavigationEntry* entry = controller_->GetActiveEntry(); if (!entry) return; // Don't show the message if the user doesn't expect an authenticated session. if (entry->GetSecurityStyle() <= SECURITY_STYLE_UNAUTHENTICATED) return; InfoBarView* info_bar_view = controller_->active_contents()->GetInfoBarView(); DCHECK(info_bar_view); if (!info_bar_view) return; // Check if we are already displaying this message. ObserverList::Iterator it(visible_info_bars_); SSLInfoBar* info_bar; while (info_bar = it.GetNext()) { if (info_bar->GetMessageText() == msg) return; } // Show the message. info_bar = new SSLInfoBar(this, msg, link_text, task); visible_info_bars_.AddObserver(info_bar); // false indicates info_bar is not automatically removed. info_bar_view->AppendInfoBarItem(info_bar, false); } // Delegate API method. void SSLManager::SetMaxSecurityStyle(SecurityStyle style) { NavigationEntry* entry = controller_->GetActiveEntry(); if (!entry) { NOTREACHED(); return; } if (entry->GetSecurityStyle() > style) { entry->SetSecurityStyle(style); controller_->EntryUpdated(entry); } } // Delegate API method. void SSLManager::AddMessageToConsole(const std::wstring& msg, ConsoleMessageLevel level) { WebContents* web_contents = controller_->GetTabContents(TAB_CONTENTS_WEB)->AsWebContents(); if (!web_contents) return; web_contents->AddMessageToConsole(L"", msg, level); } // Delegate API method. void SSLManager::DenyCertForHost(net::X509Certificate* cert, const std::string& host) { // Remember that we don't like this cert for this host. // TODO(abarth): Do we want to persist this information in the user's profile? cert_policy_for_host_[host].Deny(cert); } // Delegate API method. void SSLManager::AllowCertForHost(net::X509Certificate* cert, const std::string& host) { // Remember that we do like this cert for this host. // TODO(abarth): Do we want to persist this information in the user's profile? cert_policy_for_host_[host].Allow(cert); } // Delegate API method. net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy( net::X509Certificate* cert, const std::string& host) { // TODO(abarth): Do we want to read this information from the user's profile? return cert_policy_for_host_[host].Check(cert); } bool SSLManager::CanShowInsecureContent(const GURL& url) { // TODO(jcampan): Do we want to read this information from the user's profile? return (can_show_insecure_content_for_host_.find(url.host()) != can_show_insecure_content_for_host_.end()); } void SSLManager::AllowShowInsecureContentForURL(const GURL& url) { can_show_insecure_content_for_host_.insert(url.host()); } void SSLManager::OnInfoBarClose(SSLInfoBar* info_bar) { // |info_bar| is no longer visible. No need to track it any more. visible_info_bars_.RemoveObserver(info_bar); } bool SSLManager::ProcessedSSLErrorFromRequest() const { NavigationEntry* entry = controller_->GetActiveEntry(); if (!entry) { NOTREACHED(); return false; } return net::IsCertStatusError(entry->GetSSLCertStatus()); } //////////////////////////////////////////////////////////////////////////////// // ErrorHandler SSLManager::ErrorHandler::ErrorHandler(ResourceDispatcherHost* rdh, URLRequest* request, MessageLoop* ui_loop) : ui_loop_(ui_loop), io_loop_(MessageLoop::current()), manager_(NULL), resource_dispatcher_host_(rdh), request_has_been_notified_(false), request_id_(0, 0), request_url_(request->url()) { DCHECK(MessageLoop::current() != ui_loop); ResourceDispatcherHost::ExtraRequestInfo* info = ResourceDispatcherHost::ExtraInfoForRequest(request); request_id_.render_process_host_id = info->render_process_host_id; request_id_.request_id = info->request_id; if (!tab_util::GetTabContentsID(request, &render_process_host_id_, &tab_contents_id_)) NOTREACHED(); // This makes sure we don't disappear on the IO thread until we've given an // answer to the URLRequest. // // Release in CompleteCancelRequest, CompleteContinueRequest, // CompleteStartRequest or CompleteTakeNoAction. AddRef(); } void SSLManager::ErrorHandler::Dispatch() { DCHECK(MessageLoop::current() == ui_loop_); TabContents* tab_contents = tab_util::GetTabContentsByID(render_process_host_id_, tab_contents_id_); if (!tab_contents) { // We arrived on the UI thread, but the tab we're looking for is no longer // here. OnDispatchFailed(); return; } // Hand ourselves off to the SSLManager. manager_ = tab_contents->controller()->ssl_manager(); OnDispatched(); } TabContents* SSLManager::ErrorHandler::GetTabContents() { return tab_util::GetTabContentsByID(render_process_host_id_, tab_contents_id_); } void SSLManager::ErrorHandler::CancelRequest() { DCHECK(MessageLoop::current() == ui_loop_); // We need to complete this task on the IO thread. io_loop_->PostTask(FROM_HERE, NewRunnableMethod( this, &SSLManager::ErrorHandler::CompleteCancelRequest, net::ERR_ABORTED)); } void SSLManager::ErrorHandler::DenyRequest() { DCHECK(MessageLoop::current() == ui_loop_); // We need to complete this task on the IO thread. io_loop_->PostTask(FROM_HERE, NewRunnableMethod( this, &SSLManager::ErrorHandler::CompleteCancelRequest, net::ERR_INSECURE_RESPONSE)); } void SSLManager::ErrorHandler::ContinueRequest() { DCHECK(MessageLoop::current() == ui_loop_); // We need to complete this task on the IO thread. io_loop_->PostTask(FROM_HERE, NewRunnableMethod( this, &SSLManager::ErrorHandler::CompleteContinueRequest)); } void SSLManager::ErrorHandler::StartRequest(FilterPolicy::Type filter_policy) { DCHECK(MessageLoop::current() == ui_loop_); // We need to complete this task on the IO thread. io_loop_->PostTask(FROM_HERE, NewRunnableMethod( this, &SSLManager::ErrorHandler::CompleteStartRequest, filter_policy)); } void SSLManager::ErrorHandler::TakeNoAction() { DCHECK(MessageLoop::current() == ui_loop_); // We need to complete this task on the IO thread. io_loop_->PostTask(FROM_HERE, NewRunnableMethod( this, &SSLManager::ErrorHandler::CompleteTakeNoAction)); } void SSLManager::ErrorHandler::CompleteCancelRequest(int error) { DCHECK(MessageLoop::current() == io_loop_); // It is important that we notify the URLRequest only once. If we try to // notify the request twice, it may no longer exist and |this| might have // already have been deleted. DCHECK(!request_has_been_notified_); if (!request_has_been_notified_) { URLRequest* request = resource_dispatcher_host_->GetURLRequest(request_id_); if (request) { // The request can be NULL if it was cancelled by the renderer (as the // result of the user navigating to a new page from the location bar). DLOG(INFO) << "CompleteCancelRequest() url: " << request->url().spec(); request->CancelWithError(error); } request_has_been_notified_ = true; // We're done with this object on the IO thread. Release(); } } void SSLManager::ErrorHandler::CompleteContinueRequest() { DCHECK(MessageLoop::current() == io_loop_); // It is important that we notify the URLRequest only once. If we try to // notify the request twice, it may no longer exist and |this| might have // already have been deleted. DCHECK(!request_has_been_notified_); if (!request_has_been_notified_) { URLRequest* request = resource_dispatcher_host_->GetURLRequest(request_id_); if (request) { // The request can be NULL if it was cancelled by the renderer (as the // result of the user navigating to a new page from the location bar). DLOG(INFO) << "CompleteContinueRequest() url: " << request->url().spec(); request->ContinueDespiteLastError(); } request_has_been_notified_ = true; // We're done with this object on the IO thread. Release(); } } void SSLManager::ErrorHandler::CompleteStartRequest( FilterPolicy::Type filter_policy) { DCHECK(MessageLoop::current() == io_loop_); // It is important that we notify the URLRequest only once. If we try to // notify the request twice, it may no longer exist and |this| might have // already have been deleted. DCHECK(!request_has_been_notified_); if (request_has_been_notified_) return; URLRequest* request = resource_dispatcher_host_->GetURLRequest(request_id_); if (request) { // The request can be NULL if it was cancelled by the renderer (as the // result of the user navigating to a new page from the location bar). DLOG(INFO) << "CompleteStartRequest() url: " << request->url().spec(); // The request should not have been started (SUCCESS is the initial state). DCHECK(request->status().status() == URLRequestStatus::SUCCESS); ResourceDispatcherHost::ExtraRequestInfo* info = ResourceDispatcherHost::ExtraInfoForRequest(request); info->filter_policy = filter_policy; request->Start(); } request_has_been_notified_ = true; // We're done with this object on the IO thread. Release(); } void SSLManager::ErrorHandler::CompleteTakeNoAction() { DCHECK(MessageLoop::current() == io_loop_); // It is important that we notify the URLRequest only once. If we try to // notify the request twice, it may no longer exist and |this| might have // already have been deleted. DCHECK(!request_has_been_notified_); if (!request_has_been_notified_) { request_has_been_notified_ = true; // We're done with this object on the IO thread. Release(); } } //////////////////////////////////////////////////////////////////////////////// // CertError SSLManager::CertError::CertError( ResourceDispatcherHost* rdh, URLRequest* request, ResourceType::Type resource_type, int cert_error, net::X509Certificate* cert, MessageLoop* ui_loop) : ErrorHandler(rdh, request, ui_loop), cert_error_(cert_error), resource_type_(resource_type) { DCHECK(request == resource_dispatcher_host_->GetURLRequest(request_id_)); // We cannot use the request->ssl_info(), it's not been initialized yet, so // we have to set the fields manually. ssl_info_.cert = cert; ssl_info_.SetCertError(cert_error); } // static void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh, URLRequest* request, int cert_error, net::X509Certificate* cert, MessageLoop* ui_loop) { DLOG(INFO) << "OnSSLCertificateError() cert_error: " << cert_error << " url: " << request->url().spec(); ResourceDispatcherHost::ExtraRequestInfo* info = ResourceDispatcherHost::ExtraInfoForRequest(request); DCHECK(info); // A certificate error occurred. Construct a CertError object and hand it // over to the UI thread for processing. ui_loop->PostTask(FROM_HERE, NewRunnableMethod(new CertError(rdh, request, info->resource_type, cert_error, cert, ui_loop), &CertError::Dispatch)); } // static void SSLManager::OnMixedContentRequest(ResourceDispatcherHost* rdh, URLRequest* request, MessageLoop* ui_loop) { ui_loop->PostTask(FROM_HERE, NewRunnableMethod(new MixedContentHandler(rdh, request, ui_loop), &MixedContentHandler::Dispatch)); } void SSLManager::OnCertError(CertError* error) { // Ask our delegate to deal with the error. NavigationEntry* entry = controller_->GetActiveEntry(); delegate()->OnCertError(entry->GetURL(), error); } void SSLManager::OnMixedContent(MixedContentHandler* mixed_content) { // Ask our delegate to deal with the mixed content. NavigationEntry* entry = controller_->GetActiveEntry(); delegate()->OnMixedContent(controller_, entry->GetURL(), mixed_content); } void SSLManager::Observe(NotificationType type, const NotificationSource& source, const NotificationDetails& details) { // We should only be getting notifications from our controller. DCHECK(source == Source(controller_)); // Dispatch by type. switch (type) { case NOTIFY_FRAME_PROVISIONAL_LOAD_COMMITTED: DidCommitProvisionalLoad(Details(details).ptr()); break; case NOTIFY_FAIL_PROVISIONAL_LOAD_WITH_ERROR: DidFailProvisionalLoadWithError( Details(details).ptr()); break; case NOTIFY_RESOURCE_RESPONSE_STARTED: DidStartResourceResponse(Details(details).ptr()); break; case NOTIFY_RESOURCE_RECEIVED_REDIRECT: DidReceiveResourceRedirect( Details(details).ptr()); break; case NOTIFY_LOAD_FROM_MEMORY_CACHE: DidLoadFromMemoryCache( Details(details).ptr()); break; default: NOTREACHED() << "The SSLManager received an unexpected notification."; } } void SSLManager::InitializeEntryIfNeeded(NavigationEntry* entry) { DCHECK(entry); // If the security style of the entry is SECURITY_STYLE_UNKNOWN, then it is a // fresh entry and should get the default style. if (entry->GetSecurityStyle() == SECURITY_STYLE_UNKNOWN) entry->SetSecurityStyle(delegate()->GetDefaultStyle(entry->GetURL())); } void SSLManager::NavigationStateChanged() { NavigationEntry* active_entry = controller_->GetActiveEntry(); if (!active_entry) return; // Nothing showing yet. // This might be a new entry we've never seen before. InitializeEntryIfNeeded(active_entry); } void SSLManager::DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details) { DCHECK(details); // Simulate loading this resource through the usual path. // Note that we specify SUB_RESOURCE as the resource type as WebCore only // caches sub-resources. delegate()->OnRequestStarted(this, details->url(), ResourceType::SUB_RESOURCE, details->ssl_cert_id(), details->ssl_cert_status()); } void SSLManager::DidCommitProvisionalLoad(ProvisionalLoadDetails* details) { // Ignore in-page navigations, they should not change the security style or // the info-bars. if (details->in_page_navigation()) return; if (details->main_frame()) { // We are navigating to a new page, it's time to close the info bars. They // will automagically disappear from the visible_info_bars_ list (when // OnInfoBarClose is invoked). // TODO(jcampan): if we are navigating to an interstitial page, we close // the info-bars. That is unfortunate as if you decide to go back to the // original page, the info-bars are now gone. We would need a way to // restore them in that case. FOR_EACH_OBSERVER(SSLInfoBar, visible_info_bars_, Close()); // Update the SSL states of the pending entry. NavigationEntry* entry = controller_->GetActiveEntry(); if (entry) { // We may not have an entry if this is a navigation to an initial blank // page. entry->ResetSSLStates(); // Clears mixed/unsafe content state. entry->SetSSLCertID(details->ssl_cert_id()); entry->SetSSLCertStatus(details->ssl_cert_status()); entry->SetSSLSecurityBits(details->ssl_security_bits()); controller_->EntryUpdated(entry); } if (details->interstitial_page()) { // We should not have any errors when loading an interstitial page, and as // a consequence no messages. DCHECK(pending_messages_.empty()); } ShowPendingMessages(); } // An HTTPS response may not have a certificate for some reason. When that // happens, use the unauthenticated (HTTP) rather than the authentication // broken security style so that we can detect this error condition. if (net::IsCertStatusError(details->ssl_cert_status())) SetMaxSecurityStyle(SECURITY_STYLE_AUTHENTICATION_BROKEN); else if (details->url().SchemeIsSecure() && !details->ssl_cert_id()) SetMaxSecurityStyle(SECURITY_STYLE_UNAUTHENTICATED); } void SSLManager::DidFailProvisionalLoadWithError( ProvisionalLoadDetails* details) { DCHECK(details); // A transitional page is not expected to fail. DCHECK(!details->interstitial_page()); // Ignore in-page navigations. if (details->in_page_navigation()) return; if (details->main_frame() && !details->interstitial_page()) ClearPendingMessages(); } void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { DCHECK(details); // Notify our delegate that we started a resource request. Ideally, the // delegate should have the ability to cancel the request, but we can't do // that yet. delegate()->OnRequestStarted(this, details->url(), details->resource_type(), details->ssl_cert_id() , details->ssl_cert_status()); } void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { // TODO(jcampan): when we receive a redirect for a sub-resource, we may want // to clear any mixed/unsafe content error that it may have triggered. } void SSLManager::ShowPendingMessages() { std::vector::const_iterator iter; for (iter = pending_messages_.begin(); iter != pending_messages_.end(); ++iter) { ShowMessageWithLink(iter->message, iter->link_text, iter->action); } ClearPendingMessages(); } void SSLManager::ClearPendingMessages() { pending_messages_.clear(); } // static std::string SSLManager::SerializeSecurityInfo(int cert_id, int cert_status, int security_bits) { Pickle pickle; pickle.WriteInt(cert_id); pickle.WriteInt(cert_status); pickle.WriteInt(security_bits); return std::string(static_cast(pickle.data()), pickle.size()); } // static bool SSLManager::DeserializeSecurityInfo(const std::string& state, int* cert_id, int* cert_status, int* security_bits) { DCHECK(cert_id && cert_status && security_bits); if (state.empty()) { // No SSL used. *cert_id = 0; *cert_status = 0; *security_bits = -1; return false; } Pickle pickle(state.data(), static_cast(state.size())); void * iter = NULL; pickle.ReadInt(&iter, cert_id); pickle.ReadInt(&iter, cert_status); pickle.ReadInt(&iter, security_bits); return true; } // static bool SSLManager::GetEVCertNames(const net::X509Certificate& cert, std::wstring* short_name, std::wstring* ca_name) { DCHECK(short_name || ca_name); // EV are required to have an organization name and country. if (cert.subject().organization_names.empty() || cert.subject().country_name.empty()) { NOTREACHED(); return false; } if (short_name) { *short_name = l10n_util::GetStringF( IDS_SECURE_CONNECTION_EV, UTF8ToWide(cert.subject().organization_names[0]), UTF8ToWide(cert.subject().country_name)); } if (ca_name) { // TODO(wtc): should we show the root CA's name instead? *ca_name = l10n_util::GetStringF( IDS_SECURE_CONNECTION_EV_CA, UTF8ToWide(cert.issuer().organization_names[0])); } return true; }