OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
11 #include "base/macros.h" | 11 #include "base/macros.h" |
12 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
13 #include "base/metrics/histogram.h" | 13 #include "base/metrics/histogram.h" |
14 #include "base/strings/stringprintf.h" | 14 #include "base/strings/stringprintf.h" |
15 #include "base/time/clock.h" | 15 #include "base/time/clock.h" |
16 #include "base/time/time.h" | 16 #include "base/time/time.h" |
| 17 #include "chrome/browser/browser_process.h" |
17 #include "chrome/browser/profiles/profile.h" | 18 #include "chrome/browser/profiles/profile.h" |
18 #include "chrome/browser/ssl/bad_clock_blocking_page.h" | 19 #include "chrome/browser/ssl/bad_clock_blocking_page.h" |
19 #include "chrome/browser/ssl/ssl_blocking_page.h" | 20 #include "chrome/browser/ssl/ssl_blocking_page.h" |
20 #include "chrome/browser/ssl/ssl_cert_reporter.h" | 21 #include "chrome/browser/ssl/ssl_cert_reporter.h" |
21 #include "components/ssl_errors/error_classification.h" | 22 #include "components/ssl_errors/error_classification.h" |
22 #include "components/ssl_errors/error_info.h" | 23 #include "components/ssl_errors/error_info.h" |
23 #include "content/public/browser/notification_service.h" | 24 #include "content/public/browser/notification_service.h" |
24 #include "content/public/browser/notification_source.h" | 25 #include "content/public/browser/notification_source.h" |
25 #include "content/public/browser/render_frame_host.h" | 26 #include "content/public/browser/render_frame_host.h" |
26 #include "content/public/browser/web_contents.h" | 27 #include "content/public/browser/web_contents.h" |
27 #include "net/base/net_errors.h" | 28 #include "net/base/net_errors.h" |
28 | 29 |
29 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) | 30 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) |
30 #include "chrome/browser/captive_portal/captive_portal_service.h" | 31 #include "chrome/browser/captive_portal/captive_portal_service.h" |
31 #include "chrome/browser/captive_portal/captive_portal_service_factory.h" | 32 #include "chrome/browser/captive_portal/captive_portal_service_factory.h" |
32 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h" | 33 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h" |
33 #include "chrome/browser/ssl/captive_portal_blocking_page.h" | 34 #include "chrome/browser/ssl/captive_portal_blocking_page.h" |
34 #endif | 35 #endif |
35 | 36 |
| 37 namespace network_time { |
| 38 class NetworkTimeTracker; |
| 39 } |
| 40 |
36 namespace { | 41 namespace { |
37 | 42 |
38 // The delay in milliseconds before displaying the SSL interstitial. | 43 // The delay in milliseconds before displaying the SSL interstitial. |
39 // This can be changed in tests. | 44 // This can be changed in tests. |
40 // - If there is a name mismatch and a suggested URL available result arrives | 45 // - If there is a name mismatch and a suggested URL available result arrives |
41 // during this time, the user is redirected to the suggester URL. | 46 // during this time, the user is redirected to the suggester URL. |
42 // - If a "captive portal detected" result arrives during this time, | 47 // - If a "captive portal detected" result arrives during this time, |
43 // a captive portal interstitial is displayed. | 48 // a captive portal interstitial is displayed. |
44 // - Otherwise, an SSL interstitial is displayed. | 49 // - Otherwise, an SSL interstitial is displayed. |
45 int64_t g_interstitial_delay_in_milliseconds = 2000; | 50 int64_t g_interstitial_delay_in_milliseconds = 2000; |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") == | 134 return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") == |
130 "Enabled"; | 135 "Enabled"; |
131 } | 136 } |
132 #endif | 137 #endif |
133 | 138 |
134 bool IsSSLCommonNameMismatchHandlingEnabled() { | 139 bool IsSSLCommonNameMismatchHandlingEnabled() { |
135 return base::FieldTrialList::FindFullName("SSLCommonNameMismatchHandling") == | 140 return base::FieldTrialList::FindFullName("SSLCommonNameMismatchHandling") == |
136 "Enabled"; | 141 "Enabled"; |
137 } | 142 } |
138 | 143 |
139 bool IsErrorDueToBadClock(const base::Time& now, int error) { | |
140 if (ssl_errors::ErrorInfo::NetErrorToErrorType(error) != | |
141 ssl_errors::ErrorInfo::CERT_DATE_INVALID) { | |
142 return false; | |
143 } | |
144 return ssl_errors::IsUserClockInThePast(now) || | |
145 ssl_errors::IsUserClockInTheFuture(now); | |
146 } | |
147 | |
148 } // namespace | 144 } // namespace |
149 | 145 |
150 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SSLErrorHandler); | 146 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SSLErrorHandler); |
151 DEFINE_WEB_CONTENTS_USER_DATA_KEY(CommonNameMismatchRedirectObserver); | 147 DEFINE_WEB_CONTENTS_USER_DATA_KEY(CommonNameMismatchRedirectObserver); |
152 | 148 |
153 void SSLErrorHandler::HandleSSLError( | 149 void SSLErrorHandler::HandleSSLError( |
154 content::WebContents* web_contents, | 150 content::WebContents* web_contents, |
155 int cert_error, | 151 int cert_error, |
156 const net::SSLInfo& ssl_info, | 152 const net::SSLInfo& ssl_info, |
157 const GURL& request_url, | 153 const GURL& request_url, |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
202 | 198 |
203 SSLErrorHandler::~SSLErrorHandler() { | 199 SSLErrorHandler::~SSLErrorHandler() { |
204 } | 200 } |
205 | 201 |
206 void SSLErrorHandler::StartHandlingError() { | 202 void SSLErrorHandler::StartHandlingError() { |
207 RecordUMA(HANDLE_ALL); | 203 RecordUMA(HANDLE_ALL); |
208 | 204 |
209 const base::Time now = g_testing_clock == nullptr | 205 const base::Time now = g_testing_clock == nullptr |
210 ? base::Time::NowFromSystemTime() | 206 ? base::Time::NowFromSystemTime() |
211 : g_testing_clock->Now(); | 207 : g_testing_clock->Now(); |
212 if (IsErrorDueToBadClock(now, cert_error_)) { | 208 if (ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_) == |
213 ShowBadClockInterstitial(now); | 209 ssl_errors::ErrorInfo::CERT_DATE_INVALID) { |
214 return; // |this| is deleted after showing the interstitial. | 210 ssl_errors::ClockState clock_state = ssl_errors::GetClockState( |
| 211 now, g_browser_process->network_time_tracker()); |
| 212 if (clock_state == ssl_errors::CLOCK_STATE_FUTURE || |
| 213 clock_state == ssl_errors::CLOCK_STATE_PAST) { |
| 214 ShowBadClockInterstitial(now, clock_state); |
| 215 return; // |this| is deleted after showing the interstitial. |
| 216 } |
215 } | 217 } |
216 | 218 |
217 std::vector<std::string> dns_names; | 219 std::vector<std::string> dns_names; |
218 ssl_info_.cert->GetDNSNames(&dns_names); | 220 ssl_info_.cert->GetDNSNames(&dns_names); |
219 DCHECK(!dns_names.empty()); | 221 DCHECK(!dns_names.empty()); |
220 GURL suggested_url; | 222 GURL suggested_url; |
221 if (IsSSLCommonNameMismatchHandlingEnabled() && | 223 if (IsSSLCommonNameMismatchHandlingEnabled() && |
222 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && | 224 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && |
223 IsErrorOverridable() && GetSuggestedUrl(dns_names, &suggested_url)) { | 225 IsErrorOverridable() && GetSuggestedUrl(dns_names, &suggested_url)) { |
224 RecordUMA(WWW_MISMATCH_FOUND); | 226 RecordUMA(WWW_MISMATCH_FOUND); |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
333 | 335 |
334 (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_, | 336 (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_, |
335 options_mask_, base::Time::NowFromSystemTime(), | 337 options_mask_, base::Time::NowFromSystemTime(), |
336 std::move(ssl_cert_reporter_), callback_)) | 338 std::move(ssl_cert_reporter_), callback_)) |
337 ->Show(); | 339 ->Show(); |
338 // Once an interstitial is displayed, no need to keep the handler around. | 340 // Once an interstitial is displayed, no need to keep the handler around. |
339 // This is the equivalent of "delete this". | 341 // This is the equivalent of "delete this". |
340 web_contents_->RemoveUserData(UserDataKey()); | 342 web_contents_->RemoveUserData(UserDataKey()); |
341 } | 343 } |
342 | 344 |
343 void SSLErrorHandler::ShowBadClockInterstitial(const base::Time& now) { | 345 void SSLErrorHandler::ShowBadClockInterstitial( |
| 346 const base::Time& now, |
| 347 ssl_errors::ClockState clock_state) { |
344 RecordUMA(SHOW_BAD_CLOCK); | 348 RecordUMA(SHOW_BAD_CLOCK); |
345 (new BadClockBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_, | 349 (new BadClockBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_, |
346 now, std::move(ssl_cert_reporter_), callback_)) | 350 now, clock_state, std::move(ssl_cert_reporter_), |
| 351 callback_)) |
347 ->Show(); | 352 ->Show(); |
348 // Once an interstitial is displayed, no need to keep the handler around. | 353 // Once an interstitial is displayed, no need to keep the handler around. |
349 // This is the equivalent of "delete this". | 354 // This is the equivalent of "delete this". |
350 web_contents_->RemoveUserData(UserDataKey()); | 355 web_contents_->RemoveUserData(UserDataKey()); |
351 } | 356 } |
352 | 357 |
353 void SSLErrorHandler::CommonNameMismatchHandlerCallback( | 358 void SSLErrorHandler::CommonNameMismatchHandlerCallback( |
354 const CommonNameMismatchHandler::SuggestedUrlCheckResult& result, | 359 const CommonNameMismatchHandler::SuggestedUrlCheckResult& result, |
355 const GURL& suggested_url) { | 360 const GURL& suggested_url) { |
356 timer_.Stop(); | 361 timer_.Stop(); |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
403 if (!callback_.is_null()) { | 408 if (!callback_.is_null()) { |
404 base::ResetAndReturn(&callback_).Run(false); | 409 base::ResetAndReturn(&callback_).Run(false); |
405 } | 410 } |
406 if (common_name_mismatch_handler_) { | 411 if (common_name_mismatch_handler_) { |
407 common_name_mismatch_handler_->Cancel(); | 412 common_name_mismatch_handler_->Cancel(); |
408 common_name_mismatch_handler_.reset(); | 413 common_name_mismatch_handler_.reset(); |
409 } | 414 } |
410 // Deletes |this| and also destroys the timer. | 415 // Deletes |this| and also destroys the timer. |
411 web_contents_->RemoveUserData(UserDataKey()); | 416 web_contents_->RemoveUserData(UserDataKey()); |
412 } | 417 } |
OLD | NEW |