Chromium Code Reviews Chromium Code Reviews
Issue 1076273002:
Add interstitial info to certificate reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_blocking_page.h" | 5 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/build_time.h" | 9 #include "base/build_time.h" |
| 10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/i18n/rtl.h" | 12 #include "base/i18n/rtl.h" |
| 13 #include "base/i18n/time_formatting.h" | 13 #include "base/i18n/time_formatting.h" |
| 14 #include "base/metrics/field_trial.h" | 14 #include "base/metrics/field_trial.h" |
| 15 #include "base/metrics/histogram.h" | 15 #include "base/metrics/histogram.h" |
| 16 #include "base/prefs/pref_service.h" | 16 #include "base/prefs/pref_service.h" |
| 17 #include "base/process/launch.h" | 17 #include "base/process/launch.h" |
| 18 #include "base/rand_util.h" | 18 #include "base/rand_util.h" |
| 19 #include "base/strings/string_number_conversions.h" | 19 #include "base/strings/string_number_conversions.h" |
| 20 #include "base/strings/string_piece.h" | 20 #include "base/strings/string_piece.h" |
| 21 #include "base/strings/string_util.h" | 21 #include "base/strings/string_util.h" |
| 22 #include "base/strings/stringprintf.h" | 22 #include "base/strings/stringprintf.h" |
| 23 #include "base/strings/utf_string_conversions.h" | 23 #include "base/strings/utf_string_conversions.h" |
| 24 #include "base/time/time.h" | 24 #include "base/time/time.h" |
| 25 #include "base/values.h" | 25 #include "base/values.h" |
| 26 #include "chrome/browser/browser_process.h" | 26 #include "chrome/browser/browser_process.h" |
| 27 #include "chrome/browser/chrome_notification_types.h" | 27 #include "chrome/browser/chrome_notification_types.h" |
| 28 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h" | 28 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h" |
| 29 #include "chrome/browser/net/cert_logger.pb.h" | |
| 30 #include "chrome/browser/net/certificate_error_reporter.h" | |
| 29 #include "chrome/browser/profiles/profile.h" | 31 #include "chrome/browser/profiles/profile.h" |
| 30 #include "chrome/browser/renderer_preferences_util.h" | 32 #include "chrome/browser/renderer_preferences_util.h" |
| 31 #include "chrome/browser/ssl/ssl_cert_reporter.h" | 33 #include "chrome/browser/ssl/ssl_cert_reporter.h" |
| 32 #include "chrome/browser/ssl/ssl_error_classification.h" | 34 #include "chrome/browser/ssl/ssl_error_classification.h" |
| 33 #include "chrome/browser/ssl/ssl_error_info.h" | 35 #include "chrome/browser/ssl/ssl_error_info.h" |
| 34 #include "chrome/common/chrome_switches.h" | 36 #include "chrome/common/chrome_switches.h" |
| 35 #include "chrome/common/pref_names.h" | 37 #include "chrome/common/pref_names.h" |
| 36 #include "chrome/grit/chromium_strings.h" | 38 #include "chrome/grit/chromium_strings.h" |
| 37 #include "chrome/grit/generated_resources.h" | 39 #include "chrome/grit/generated_resources.h" |
| 38 #include "components/google/core/browser/google_util.h" | 40 #include "components/google/core/browser/google_util.h" |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 68 #endif | 70 #endif |
| 69 | 71 |
| 70 #if defined(OS_CHROMEOS) | 72 #if defined(OS_CHROMEOS) |
| 71 #include "chrome/browser/profiles/profile_manager.h" | 73 #include "chrome/browser/profiles/profile_manager.h" |
| 72 #include "chrome/browser/ui/chrome_pages.h" | 74 #include "chrome/browser/ui/chrome_pages.h" |
| 73 #include "chrome/common/url_constants.h" | 75 #include "chrome/common/url_constants.h" |
| 74 #endif | 76 #endif |
| 75 | 77 |
| 76 using base::ASCIIToUTF16; | 78 using base::ASCIIToUTF16; |
| 77 using base::TimeTicks; | 79 using base::TimeTicks; |
| 80 using chrome_browser_net::CertificateErrorReporter; | |
| 78 using content::InterstitialPage; | 81 using content::InterstitialPage; |
| 79 using content::InterstitialPageDelegate; | 82 using content::InterstitialPageDelegate; |
| 80 using content::NavigationController; | 83 using content::NavigationController; |
| 81 using content::NavigationEntry; | 84 using content::NavigationEntry; |
| 82 | 85 |
| 83 // Constants for the HTTPSErrorReporter Finch experiment | 86 // Constants for the HTTPSErrorReporter Finch experiment |
| 84 const char kHTTPSErrorReporterFinchExperimentName[] = "ReportCertificateErrors"; | 87 const char kHTTPSErrorReporterFinchExperimentName[] = "ReportCertificateErrors"; |
| 85 const char kHTTPSErrorReporterFinchGroupShowPossiblySend[] = | 88 const char kHTTPSErrorReporterFinchGroupShowPossiblySend[] = |
| 86 "ShowAndPossiblySend"; | 89 "ShowAndPossiblySend"; |
| 87 const char kHTTPSErrorReporterFinchParamName[] = "sendingThreshold"; | 90 const char kHTTPSErrorReporterFinchParamName[] = "sendingThreshold"; |
| (...skipping 489 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 577 renderer_preferences_util::UpdateFromSystemSettings( | 580 renderer_preferences_util::UpdateFromSystemSettings( |
| 578 prefs, profile, web_contents()); | 581 prefs, profile, web_contents()); |
| 579 } | 582 } |
| 580 | 583 |
| 581 void SSLBlockingPage::OnProceed() { | 584 void SSLBlockingPage::OnProceed() { |
| 582 metrics_helper()->RecordUserDecision( | 585 metrics_helper()->RecordUserDecision( |
| 583 SecurityInterstitialMetricsHelper::PROCEED); | 586 SecurityInterstitialMetricsHelper::PROCEED); |
| 584 | 587 |
| 585 // Finish collecting information about invalid certificates, if the | 588 // Finish collecting information about invalid certificates, if the |
| 586 // user opted in to. | 589 // user opted in to. |
| 587 FinishCertCollection(); | 590 FinishCertCollection(true); |
|
Ryan Sleevi
2015/04/16 01:44:10
Suggestion: Reuse the enum (SecurityInterstitialMe
| |
| 588 | 591 |
| 589 RecordSSLExpirationPageEventState( | 592 RecordSSLExpirationPageEventState( |
| 590 expired_but_previously_allowed_, true, overridable_); | 593 expired_but_previously_allowed_, true, overridable_); |
| 591 // Accepting the certificate resumes the loading of the page. | 594 // Accepting the certificate resumes the loading of the page. |
| 592 NotifyAllowCertificate(); | 595 NotifyAllowCertificate(); |
| 593 } | 596 } |
| 594 | 597 |
| 595 void SSLBlockingPage::OnDontProceed() { | 598 void SSLBlockingPage::OnDontProceed() { |
| 596 metrics_helper()->RecordUserDecision( | 599 metrics_helper()->RecordUserDecision( |
| 597 SecurityInterstitialMetricsHelper::DONT_PROCEED); | 600 SecurityInterstitialMetricsHelper::DONT_PROCEED); |
| 598 | 601 |
| 599 // Finish collecting information about invalid certificates, if the | 602 // Finish collecting information about invalid certificates, if the |
| 600 // user opted in to. | 603 // user opted in to. |
| 601 FinishCertCollection(); | 604 FinishCertCollection(false); |
| 602 | 605 |
| 603 RecordSSLExpirationPageEventState( | 606 RecordSSLExpirationPageEventState( |
| 604 expired_but_previously_allowed_, false, overridable_); | 607 expired_but_previously_allowed_, false, overridable_); |
| 605 NotifyDenyCertificate(); | 608 NotifyDenyCertificate(); |
| 606 } | 609 } |
| 607 | 610 |
| 608 void SSLBlockingPage::NotifyDenyCertificate() { | 611 void SSLBlockingPage::NotifyDenyCertificate() { |
| 609 // It's possible that callback_ may not exist if the user clicks "Proceed" | 612 // It's possible that callback_ may not exist if the user clicks "Proceed" |
| 610 // followed by pressing the back button before the interstitial is hidden. | 613 // followed by pressing the back button before the interstitial is hidden. |
| 611 // In that case the certificate will still be treated as allowed. | 614 // In that case the certificate will still be treated as allowed. |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 640 std::string SSLBlockingPage::GetSamplingEventName() const { | 643 std::string SSLBlockingPage::GetSamplingEventName() const { |
| 641 std::string event_name(kEventNameBase); | 644 std::string event_name(kEventNameBase); |
| 642 if (overridable_) | 645 if (overridable_) |
| 643 event_name.append(kEventOverridable); | 646 event_name.append(kEventOverridable); |
| 644 else | 647 else |
| 645 event_name.append(kEventNotOverridable); | 648 event_name.append(kEventNotOverridable); |
| 646 event_name.append(net::ErrorToString(cert_error_)); | 649 event_name.append(net::ErrorToString(cert_error_)); |
| 647 return event_name; | 650 return event_name; |
| 648 } | 651 } |
| 649 | 652 |
| 650 void SSLBlockingPage::FinishCertCollection() { | 653 void SSLBlockingPage::FinishCertCollection(bool proceeded) { |
| 651 if (!ShouldShowCertificateReporterCheckbox()) | 654 if (!ShouldShowCertificateReporterCheckbox()) |
| 652 return; | 655 return; |
| 653 | 656 |
| 654 const bool enabled = | 657 const bool enabled = |
| 655 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled); | 658 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled); |
| 656 | 659 |
| 657 if (!enabled) | 660 if (!enabled) |
| 658 return; | 661 return; |
| 659 | 662 |
| 660 metrics_helper()->RecordUserInteraction( | 663 metrics_helper()->RecordUserInteraction( |
| 661 SecurityInterstitialMetricsHelper::EXTENDED_REPORTING_IS_ENABLED); | 664 SecurityInterstitialMetricsHelper::EXTENDED_REPORTING_IS_ENABLED); |
| 662 | 665 |
| 663 if (ShouldReportCertificateError()) { | 666 if (ShouldReportCertificateError()) { |
| 664 ssl_cert_reporter_->ReportInvalidCertificateChain(request_url().host(), | 667 chrome_browser_net::CertLoggerRequest report; |
| 665 ssl_info_); | 668 CertificateErrorReporter::BuildReport( |
| 669 request_url().host(), ssl_info_, | |
| 670 SSLErrorInfo::NetErrorToErrorType(cert_error_), interstitial_reason_, | |
| 671 proceeded ? CertificateErrorReporter::USER_PROCEEDED | |
| 672 : CertificateErrorReporter::USER_DID_NOT_PROCEED, | |
| 673 overridable_ ? CertificateErrorReporter::OVERRIDABLE | |
| 674 : CertificateErrorReporter::NOT_OVERRIDABLE, | |
| 675 &report); | |
| 676 ssl_cert_reporter_->SendReport(report); | |
| 666 } | 677 } |
| 667 } | 678 } |
| 668 | 679 |
| 669 bool SSLBlockingPage::ShouldShowCertificateReporterCheckbox() { | 680 bool SSLBlockingPage::ShouldShowCertificateReporterCheckbox() { |
| 670 // Only show the checkbox iff the user is part of the respective Finch group | 681 // Only show the checkbox iff the user is part of the respective Finch group |
| 671 // and the window is not incognito and the feature is not disabled by policy. | 682 // and the window is not incognito and the feature is not disabled by policy. |
| 672 const bool in_incognito = | 683 const bool in_incognito = |
| 673 web_contents()->GetBrowserContext()->IsOffTheRecord(); | 684 web_contents()->GetBrowserContext()->IsOffTheRecord(); |
| 674 return base::FieldTrialList::FindFullName( | 685 return base::FieldTrialList::FindFullName( |
| 675 kHTTPSErrorReporterFinchExperimentName) == | 686 kHTTPSErrorReporterFinchExperimentName) == |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 694 } | 705 } |
| 695 } | 706 } |
| 696 return false; | 707 return false; |
| 697 } | 708 } |
| 698 | 709 |
| 699 // static | 710 // static |
| 700 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) { | 711 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) { |
| 701 return (options_mask & SSLBlockingPage::OVERRIDABLE) && | 712 return (options_mask & SSLBlockingPage::OVERRIDABLE) && |
| 702 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT); | 713 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT); |
| 703 } | 714 } |
| OLD | NEW |
