// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_PUBLIC_BROWSER_SSL_STATUS_H_
#define CONTENT_PUBLIC_BROWSER_SSL_STATUS_H_

#include <stdint.h>

#include <vector>

#include "content/common/content_export.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/sct_status_flags.h"
#include "net/cert/x509_certificate.h"

namespace net {
class SSLInfo;
}

namespace content {

// Collects the SSL information for this NavigationEntry.
struct CONTENT_EXPORT SSLStatus {
  // Flags used for the page security content status.
  enum ContentStatusFlags {
    // HTTP page, or HTTPS page with no insecure content.
    NORMAL_CONTENT = 0,

    // HTTPS page containing "displayed" HTTP resources (e.g. images, CSS).
    DISPLAYED_INSECURE_CONTENT = 1 << 0,

    // HTTPS page containing "executed" HTTP resources (i.e. script).
    RAN_INSECURE_CONTENT = 1 << 1,

    // HTTPS page containing "displayed" HTTPS resources (e.g. images,
    // CSS) loaded with certificate errors.
    DISPLAYED_CONTENT_WITH_CERT_ERRORS = 1 << 2,

    // HTTPS page containing "executed" HTTPS resources (i.e. script)
    // loaded with certificate errors.
    RAN_CONTENT_WITH_CERT_ERRORS = 1 << 3,

    // HTTP page containing a password input. Embedders may use this to
    // adjust UI on nonsecure pages that collect sensitive data.
    DISPLAYED_PASSWORD_FIELD_ON_HTTP = 1 << 4,

    // HTTP page containing a credit card input. Embedders may use this to
    // adjust UI on nonsecure pages that collect sensitive data.
    DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP = 1 << 5,

    // HTTPS page containing a form targeting an insecure action url.
    DISPLAYED_FORM_WITH_INSECURE_ACTION = 1 << 6,
  };

  SSLStatus();
  SSLStatus(const net::SSLInfo& ssl_info);
  SSLStatus(const SSLStatus& other);
  ~SSLStatus();

  bool Equals(const SSLStatus& status) const {
    return initialized == status.initialized &&
           !!certificate == !!status.certificate &&
           (certificate ? certificate->Equals(status.certificate.get())
                        : true) &&
           cert_status == status.cert_status &&
           security_bits == status.security_bits &&
           key_exchange_group == status.key_exchange_group &&
           connection_status == status.connection_status &&
           content_status == status.content_status &&
           sct_statuses == status.sct_statuses &&
           pkp_bypassed == status.pkp_bypassed;
  }

  bool initialized;
  scoped_refptr<net::X509Certificate> certificate;
  net::CertStatus cert_status;
  int security_bits;
  uint16_t key_exchange_group;
  int connection_status;
  // A combination of the ContentStatusFlags above.
  int content_status;
  // The validation statuses of the Signed Certificate Timestamps (SCTs)
  // of Certificate Transparency (CT) that were served with the
  // main resource.
  std::vector<net::ct::SCTVerifyStatus> sct_statuses;
  // True if PKP was bypassed due to a local trust anchor.
  bool pkp_bypassed;
};

}  // namespace content

#endif  // CONTENT_PUBLIC_BROWSER_SSL_STATUS_H_