Chromium Code Reviews Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_blocking_page.h" | 5 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/build_time.h" | 9 #include "base/build_time.h" |
| 10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 25 #include "chrome/browser/browser_process.h" | 25 #include "chrome/browser/browser_process.h" |
| 26 #include "chrome/browser/chrome_notification_types.h" | 26 #include "chrome/browser/chrome_notification_types.h" |
| 27 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h" | 27 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h" |
| 28 #include "chrome/browser/profiles/profile.h" | 28 #include "chrome/browser/profiles/profile.h" |
| 29 #include "chrome/browser/renderer_preferences_util.h" | 29 #include "chrome/browser/renderer_preferences_util.h" |
| 30 #include "chrome/browser/ssl/cert_report_helper.h" | 30 #include "chrome/browser/ssl/cert_report_helper.h" |
| 31 #include "chrome/browser/ssl/certificate_error_report.h" | 31 #include "chrome/browser/ssl/certificate_error_report.h" |
| 32 #include "chrome/browser/ssl/ssl_cert_reporter.h" | 32 #include "chrome/browser/ssl/ssl_cert_reporter.h" |
| 33 #include "chrome/browser/ssl/ssl_error_classification.h" | 33 #include "chrome/browser/ssl/ssl_error_classification.h" |
| 34 #include "chrome/browser/ssl/ssl_error_info.h" | 34 #include "chrome/browser/ssl/ssl_error_info.h" |
| 35 #include "chrome/browser/ui/browser_navigator.h" | |
| 35 #include "chrome/common/chrome_switches.h" | 36 #include "chrome/common/chrome_switches.h" |
| 36 #include "chrome/common/pref_names.h" | 37 #include "chrome/common/pref_names.h" |
| 37 #include "chrome/grit/chromium_strings.h" | 38 #include "chrome/grit/chromium_strings.h" |
| 38 #include "chrome/grit/generated_resources.h" | 39 #include "chrome/grit/generated_resources.h" |
| 39 #include "components/google/core/browser/google_util.h" | 40 #include "components/google/core/browser/google_util.h" |
| 40 #include "content/public/browser/browser_thread.h" | 41 #include "content/public/browser/browser_thread.h" |
| 41 #include "content/public/browser/cert_store.h" | 42 #include "content/public/browser/cert_store.h" |
| 42 #include "content/public/browser/interstitial_page.h" | 43 #include "content/public/browser/interstitial_page.h" |
| 43 #include "content/public/browser/interstitial_page_delegate.h" | 44 #include "content/public/browser/interstitial_page_delegate.h" |
| 44 #include "content/public/browser/navigation_controller.h" | 45 #include "content/public/browser/navigation_controller.h" |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 230 | 231 |
| 231 // Note that we always create a navigation entry with SSL errors. | 232 // Note that we always create a navigation entry with SSL errors. |
| 232 // No error happening loading a sub-resource triggers an interstitial so far. | 233 // No error happening loading a sub-resource triggers an interstitial so far. |
| 233 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents, | 234 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents, |
| 234 int cert_error, | 235 int cert_error, |
| 235 const net::SSLInfo& ssl_info, | 236 const net::SSLInfo& ssl_info, |
| 236 const GURL& request_url, | 237 const GURL& request_url, |
| 237 int options_mask, | 238 int options_mask, |
| 238 const base::Time& time_triggered, | 239 const base::Time& time_triggered, |
| 239 scoped_ptr<SSLCertReporter> ssl_cert_reporter, | 240 scoped_ptr<SSLCertReporter> ssl_cert_reporter, |
| 240 const base::Callback<void(bool)>& callback) | 241 const base::Callback<void(bool)>& callback, |
| 242 const GURL& suggested_url) | |
| 241 : SecurityInterstitialPage(web_contents, request_url), | 243 : SecurityInterstitialPage(web_contents, request_url), |
| 242 callback_(callback), | 244 callback_(callback), |
| 243 cert_error_(cert_error), | 245 cert_error_(cert_error), |
| 244 ssl_info_(ssl_info), | 246 ssl_info_(ssl_info), |
| 245 overridable_(IsOverridable( | 247 overridable_(IsOverridable( |
| 246 options_mask, | 248 options_mask, |
| 247 Profile::FromBrowserContext(web_contents->GetBrowserContext()))), | 249 Profile::FromBrowserContext(web_contents->GetBrowserContext()))), |
| 248 danger_overridable_(DoesPolicyAllowDangerOverride( | 250 danger_overridable_(DoesPolicyAllowDangerOverride( |
| 249 Profile::FromBrowserContext(web_contents->GetBrowserContext()))), | 251 Profile::FromBrowserContext(web_contents->GetBrowserContext()))), |
| 250 strict_enforcement_((options_mask & STRICT_ENFORCEMENT) != 0), | 252 strict_enforcement_((options_mask & STRICT_ENFORCEMENT) != 0), |
| 251 expired_but_previously_allowed_( | 253 expired_but_previously_allowed_( |
| 252 (options_mask & EXPIRED_BUT_PREVIOUSLY_ALLOWED) != 0), | 254 (options_mask & EXPIRED_BUT_PREVIOUSLY_ALLOWED) != 0), |
| 253 time_triggered_(time_triggered) { | 255 time_triggered_(time_triggered), |
| 256 suggested_url_(suggested_url) { | |
| 254 interstitial_reason_ = | 257 interstitial_reason_ = |
| 255 IsErrorDueToBadClock(time_triggered_, cert_error_) ? | 258 IsErrorDueToBadClock(time_triggered_, cert_error_) ? |
| 256 SSL_REASON_BAD_CLOCK : SSL_REASON_SSL; | 259 SSL_REASON_BAD_CLOCK : SSL_REASON_SSL; |
| 257 | 260 |
| 258 // We collapse the Rappor metric name to just "ssl" so we don't leak | 261 // We collapse the Rappor metric name to just "ssl" so we don't leak |
| 259 // the "overridable" bit. We skip Rappor altogether for bad clocks. | 262 // the "overridable" bit. We skip Rappor altogether for bad clocks. |
| 260 // This must be done after calculating |interstitial_reason_| above. | 263 // This must be done after calculating |interstitial_reason_| above. |
| 261 set_metrics_helper(new SecurityInterstitialMetricsHelper( | 264 set_metrics_helper(new SecurityInterstitialMetricsHelper( |
| 262 web_contents, request_url, GetUmaHistogramPrefix(), kSSLRapporPrefix, | 265 web_contents, request_url, GetUmaHistogramPrefix(), kSSLRapporPrefix, |
| 263 (interstitial_reason_ == SSL_REASON_BAD_CLOCK | 266 (interstitial_reason_ == SSL_REASON_BAD_CLOCK |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 375 load_time_data->SetBoolean("bad_clock", false); | 378 load_time_data->SetBoolean("bad_clock", false); |
| 376 | 379 |
| 377 load_time_data->SetString( | 380 load_time_data->SetString( |
| 378 "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE)); | 381 "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE)); |
| 379 load_time_data->SetString( | 382 load_time_data->SetString( |
| 380 "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING)); | 383 "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING)); |
| 381 load_time_data->SetString( | 384 load_time_data->SetString( |
| 382 "primaryParagraph", | 385 "primaryParagraph", |
| 383 l10n_util::GetStringFUTF16(IDS_SSL_V2_PRIMARY_PARAGRAPH, url)); | 386 l10n_util::GetStringFUTF16(IDS_SSL_V2_PRIMARY_PARAGRAPH, url)); |
| 384 | 387 |
| 388 load_time_data->SetBoolean("common_name_mismatch_interstitial", false); | |
|
meacer
2015/07/28 01:18:06
nit: Drop _interstitial
Bhanu Dev
2015/07/30 02:39:10
Done.
| |
| 389 // If suggested URL is not empty, display a modified message | |
| 390 // with a link to suggested_url. | |
| 391 if (!suggested_url_.is_empty()) { | |
| 392 load_time_data->SetBoolean("common_name_mismatch_interstitial", true); | |
| 393 load_time_data->SetString( | |
| 394 "primaryParagraph", | |
| 395 l10n_util::GetStringFUTF16( | |
| 396 IDS_SSL_COMMON_NAME_MISMATCH_PRIMARY_PARAGRAPH, | |
| 397 base::UTF8ToUTF16(request_url().host()), | |
| 398 base::UTF8ToUTF16(suggested_url_.host()))); | |
| 399 } | |
| 400 | |
| 385 if (overridable_) { | 401 if (overridable_) { |
| 386 load_time_data->SetBoolean("overridable", true); | 402 load_time_data->SetBoolean("overridable", true); |
| 387 | 403 |
| 388 SSLErrorInfo error_info = | 404 SSLErrorInfo error_info = |
| 389 SSLErrorInfo::CreateError( | 405 SSLErrorInfo::CreateError( |
| 390 SSLErrorInfo::NetErrorToErrorType(cert_error_), | 406 SSLErrorInfo::NetErrorToErrorType(cert_error_), |
| 391 ssl_info_.cert.get(), | 407 ssl_info_.cert.get(), |
| 392 request_url()); | 408 request_url()); |
| 409 | |
| 393 load_time_data->SetString("explanationParagraph", error_info.details()); | 410 load_time_data->SetString("explanationParagraph", error_info.details()); |
| 394 load_time_data->SetString( | 411 load_time_data->SetString( |
| 395 "primaryButtonText", | 412 "primaryButtonText", |
| 396 l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON)); | 413 l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON)); |
| 397 load_time_data->SetString( | 414 load_time_data->SetString( |
| 398 "finalParagraph", | 415 "finalParagraph", |
| 399 l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH, | 416 l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH, |
| 400 url)); | 417 url)); |
| 401 } else { | 418 } else { |
| 402 load_time_data->SetBoolean("overridable", false); | 419 load_time_data->SetBoolean("overridable", false); |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 532 case CMD_OPEN_DATE_SETTINGS: { | 549 case CMD_OPEN_DATE_SETTINGS: { |
| 533 metrics_helper()->RecordUserInteraction( | 550 metrics_helper()->RecordUserInteraction( |
| 534 SecurityInterstitialMetricsHelper::OPEN_TIME_SETTINGS); | 551 SecurityInterstitialMetricsHelper::OPEN_TIME_SETTINGS); |
| 535 content::BrowserThread::PostTask(content::BrowserThread::FILE, FROM_HERE, | 552 content::BrowserThread::PostTask(content::BrowserThread::FILE, FROM_HERE, |
| 536 base::Bind(&LaunchDateAndTimeSettings)); | 553 base::Bind(&LaunchDateAndTimeSettings)); |
| 537 break; | 554 break; |
| 538 } | 555 } |
| 539 case CMD_OPEN_REPORTING_PRIVACY: | 556 case CMD_OPEN_REPORTING_PRIVACY: |
| 540 OpenExtendedReportingPrivacyPolicy(); | 557 OpenExtendedReportingPrivacyPolicy(); |
| 541 break; | 558 break; |
| 559 case CMD_NAVIGATE_SUGGESTED_URL: | |
| 560 NavigateToSuggestedURL(); | |
| 561 break; | |
| 542 case CMD_OPEN_DIAGNOSTIC: | 562 case CMD_OPEN_DIAGNOSTIC: |
| 543 // Google doesn't currently have a transparency report for SSL. | 563 // Google doesn't currently have a transparency report for SSL. |
| 544 NOTREACHED() << "Unexpected command: " << command; | 564 NOTREACHED() << "Unexpected command: " << command; |
| 545 } | 565 } |
| 546 } | 566 } |
| 547 | 567 |
| 548 void SSLBlockingPage::OverrideRendererPrefs( | 568 void SSLBlockingPage::OverrideRendererPrefs( |
| 549 content::RendererPreferences* prefs) { | 569 content::RendererPreferences* prefs) { |
| 550 Profile* profile = Profile::FromBrowserContext( | 570 Profile* profile = Profile::FromBrowserContext( |
| 551 web_contents()->GetBrowserContext()); | 571 web_contents()->GetBrowserContext()); |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 630 std::string SSLBlockingPage::GetSamplingEventName() const { | 650 std::string SSLBlockingPage::GetSamplingEventName() const { |
| 631 std::string event_name(kEventNameBase); | 651 std::string event_name(kEventNameBase); |
| 632 if (overridable_) | 652 if (overridable_) |
| 633 event_name.append(kEventOverridable); | 653 event_name.append(kEventOverridable); |
| 634 else | 654 else |
| 635 event_name.append(kEventNotOverridable); | 655 event_name.append(kEventNotOverridable); |
| 636 event_name.append(net::ErrorToString(cert_error_)); | 656 event_name.append(net::ErrorToString(cert_error_)); |
| 637 return event_name; | 657 return event_name; |
| 638 } | 658 } |
| 639 | 659 |
| 660 void SSLBlockingPage::NavigateToSuggestedURL() const { | |
| 661 content::NavigationController::LoadURLParams load_params(suggested_url_); | |
| 662 // We use the transition type, PAGE_TRANSITION_TYPED for explicit | |
| 663 // navigation actions. | |
| 664 load_params.transition_type = ui::PAGE_TRANSITION_TYPED; | |
|
meacer
2015/07/28 01:18:06
TYPED is used for when the user explicitly types t
Bhanu Dev
2015/07/30 02:39:10
I too think "PAGE_TRANSITION_LINK" is more appropr
meacer
2015/07/30 19:40:21
I see, maybe captive portal uses TYPED because it'
| |
| 665 web_contents()->GetController().LoadURLWithParams(load_params); | |
| 666 } | |
| 667 | |
| 640 // static | 668 // static |
| 641 bool SSLBlockingPage::IsOverridable(int options_mask, | 669 bool SSLBlockingPage::IsOverridable(int options_mask, |
| 642 const Profile* const profile) { | 670 const Profile* const profile) { |
| 643 const bool is_overridable = | 671 const bool is_overridable = |
| 644 (options_mask & SSLBlockingPage::OVERRIDABLE) && | 672 (options_mask & SSLBlockingPage::OVERRIDABLE) && |
| 645 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT) && | 673 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT) && |
| 646 profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed); | 674 profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed); |
| 647 return is_overridable; | 675 return is_overridable; |
| 648 } | 676 } |
| 649 | 677 |
| 650 // static | 678 // static |
| 651 bool SSLBlockingPage::DoesPolicyAllowDangerOverride( | 679 bool SSLBlockingPage::DoesPolicyAllowDangerOverride( |
| 652 const Profile* const profile) { | 680 const Profile* const profile) { |
| 653 return profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed); | 681 return profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed); |
| 654 } | 682 } |
| OLD | NEW |
