New SSL blocking screen

chrome/browser/ssl/ssl_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 
 #include "base/i18n/rtl.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
+#include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/history/history_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_preferences_util.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/ssl_status.h"
 #include "grit/app_locale_settings.h"
 #include "grit/browser_resources.h"
 #include "grit/generated_resources.h"
+#include "net/base/hash_value.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/webui/jstemplate_builder.h"
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #endif
 
 using base::TimeTicks;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 
 namespace {
 
 // These represent the commands sent by ssl_roadblock.html.
 enum SSLBlockingPageCommands {
   CMD_DONT_PROCEED,
   CMD_PROCEED,
   CMD_FOCUS,
-  CMD_MORE
+  CMD_MORE,
+  CMD_RELOAD,
 };
 
 // Events for UMA.
 enum SSLBlockingPageEvent {
   SHOW_ALL,
   SHOW_OVERRIDABLE,
   PROCEED_OVERRIDABLE,
   PROCEED_NAME,
   PROCEED_DATE,
   PROCEED_AUTHORITY,
@@ skipping 82 matching lines @@
     const GURL& request_url,
     bool overridable,
     bool strict_enforcement,
     const base::Callback<void(bool)>& callback)
     : callback_(callback),
       web_contents_(web_contents),
       cert_error_(cert_error),
       ssl_info_(ssl_info),
       request_url_(request_url),
       overridable_(overridable),
-      strict_enforcement_(strict_enforcement),
+      strict_enforcement_(true),
       internal_(false),
       num_visits_(-1) {
   // For UMA stats.
   if (net::IsHostnameNonUnique(request_url_.HostNoBrackets()))
     internal_ = true;
   RecordSSLBlockingPageEventStats(SHOW_ALL);
   if (overridable_ && !strict_enforcement_) {
     RecordSSLBlockingPageEventStats(SHOW_OVERRIDABLE);
     if (internal_)
       RecordSSLBlockingPageEventStats(SHOW_INTERNAL_HOSTNAME);
@@ skipping 23 matching lines @@
                                        internal_,
                                        display_start_time_,
                                        num_visits_);
     // The page is closed without the user having chosen what to do, default to
     // deny.
     NotifyDenyCertificate();
   }
 }
 
 std::string SSLBlockingPage::GetHTMLContents() {
-  // Let's build the html error page.
   DictionaryValue strings;
-  SSLErrorInfo error_info =
-      SSLErrorInfo::CreateError(SSLErrorInfo::NetErrorToErrorType(cert_error_),
-                                ssl_info_.cert.get(),
-                                request_url_);
+  int resource_id;
+  if (overridable_ && !strict_enforcement_) {
+    // Let's build the overridable error page.
+    SSLErrorInfo error_info =
+        SSLErrorInfo::CreateError(
+            SSLErrorInfo::NetErrorToErrorType(cert_error_),
+            ssl_info_.cert.get(),
+            request_url_);
 
-  int resource_id = IDR_SSL_ROAD_BLOCK_HTML;
-  strings.SetString("headLine", error_info.title());
-  strings.SetString("description", error_info.details());
-  strings.SetString("moreInfoTitle",
-      l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
-  SetExtraInfo(&strings, error_info.extra_information());
+    resource_id = IDR_SSL_ROAD_BLOCK_HTML;
+    strings.SetString("headLine", error_info.title());
+    strings.SetString("description", error_info.details());
+    strings.SetString("moreInfoTitle",
+        l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
+    SetExtraInfo(&strings, error_info.extra_information());
 
-  strings.SetString("exit",
-                    l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT));
+    strings.SetString(
+        "exit", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_EXIT));
+    strings.SetString(
+        "title", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_TITLE));
+    strings.SetString(
+        "proceed", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_PROCEED));
+    strings.SetString(
+        "reasonForNotProceeding", l10n_util::GetStringUTF16(
+            IDS_SSL_OVERRIDABLE_PAGE_SHOULD_NOT_PROCEED));
+    strings.SetString("errorType", "overridable");
+    strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr");
+  } else {
+    // Let's build the blocking error page.
+    resource_id = IDR_SSL_BLOCKING_HTML;
 
-  if (overridable_ && !strict_enforcement_) {
-    strings.SetString("title",
-                      l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
-    strings.SetString("proceed",
-                      l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_PROCEED));
-    strings.SetString("reasonForNotProceeding",
-                      l10n_util::GetStringUTF16(
-                          IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED));
-    strings.SetString("errorType", "overridable");
-  } else {
-    strings.SetString("title",
-                      l10n_util::GetStringUTF16(IDS_SSL_ERROR_PAGE_TITLE));
-    if (strict_enforcement_) {
-      strings.SetString("reasonForNotProceeding",
-                        l10n_util::GetStringUTF16(
-                            IDS_SSL_ERROR_PAGE_CANNOT_PROCEED));
-    } else {
-      strings.SetString("reasonForNotProceeding", std::string());
+    // Strings that are not dependent on the URL.
+    strings.SetString(
+        "title", l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
+    strings.SetString(
+        "secondPar",
+        l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_SECOND_PAR));
+    strings.SetString(
+        "reloadMsg", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_RELOAD));
+    strings.SetString(
+        "more", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_MORE));
+    strings.SetString(
+        "less", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_LESS));
+    strings.SetString(
+        "moreTitle",
+        l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TITLE));
+    strings.SetString(
+        "moreContentSecond",
+        l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_MORE_SECOND_PAR));
+    strings.SetString(
+        "techTitle",
+        l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TECH_TITLE));
+
+    // Strings that are dependent on the URL.
+    string16 url(ASCIIToUTF16(request_url_.host()));
+    bool rtl = base::i18n::IsRTL();
+    strings.SetString("textDirection", rtl ? "rtl" : "ltr");
+    if (rtl)
+      base::i18n::WrapStringWithLTRFormatting(&url);
+    strings.SetString(
+        "headline", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HEADLINE,
+                                               url.c_str()));
+    strings.SetString(
+        "firstPar", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_FIRST_PAR,
+                                               url.c_str()));
+    strings.SetString(
+        "thirdPar", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_THIRD_PAR,
+                                               url.c_str()));
+    strings.SetString(
+        "moreContentFirst",
+        l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_MORE_FIRST_PAR,
+                                   url.c_str()));
+    strings.SetString("reloadUrl", request_url_.spec());
+
+    // Strings that are dependent on the error type.
+    SSLErrorInfo::ErrorType type =
+        SSLErrorInfo::NetErrorToErrorType(cert_error_);
+    string16 errorType;
+    if (type == SSLErrorInfo::CERT_REVOKED) {
+      errorType = string16(ASCIIToUTF16("Key revocation"));
+      strings.SetString(
+          "failure",
+          l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_REVOKED));
+    } else if (type == SSLErrorInfo::CERT_INVALID) {
+      errorType = string16(ASCIIToUTF16("Malformed certificate"));
+      strings.SetString(
+          "failure",
+          l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_FORMATTED));
     }
-    strings.SetString("errorType", "notoverridable");
+    // These cases need to remain commented out until Issue 23908005 lands.
+    // I'll land that one first and then uncomment these before submitting.
+    /*else if (type == SSLErrorInfo::CERT_PINNING_KEY_MISSING) {
+      errorType = string16(ASCIIToUTF16("Certificate pinning failure"));
+      strings.SetString(
+          "failure",
+          l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_PINNING,
+                                     url.c_str()));
+    } else if (type == SSLErrorInfo::CERT_WEAK_KEY_DH) {
+      errorType = string16(ASCIIToUTF16("Weak DH public key"));
+      strings.SetString(
+          "failure",
+          l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_WEAK_DH,
+                                     url.c_str()));
+    } */else {
+      // HSTS failure.
+      errorType = string16(ASCIIToUTF16("HSTS failure"));
+      strings.SetString(
+          "failure",
+          l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HSTS, url.c_str()));
+    }
+    if (rtl)
+      base::i18n::WrapStringWithLTRFormatting(&errorType);
+    strings.SetString(
+        "errorType", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ERROR,
+                                                errorType.c_str()));
+
+    // Strings that display the invalid cert.
+    string16 subject(ASCIIToUTF16(ssl_info_.cert->subject().GetDisplayName()));
+    string16 issuer(ASCIIToUTF16(ssl_info_.cert->issuer().GetDisplayName()));
+    std::string hashes;
+    for (std::vector<net::HashValue>::iterator it =
+            ssl_info_.public_key_hashes.begin();
+         it != ssl_info_.public_key_hashes.end();
+         ++it) {
+      base::StringAppendF(&hashes, "%s ", it->ToString().c_str());
+    }
+    string16 fingerprint(ASCIIToUTF16(hashes));
+    if (rtl) {
+      // These are always going to be LTR.
+      base::i18n::WrapStringWithLTRFormatting(&subject);
+      base::i18n::WrapStringWithLTRFormatting(&issuer);
+      base::i18n::WrapStringWithLTRFormatting(&fingerprint);
+    }
+    strings.SetString(
+        "subject", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_SUBJECT,
+                                              subject.c_str()));
+    strings.SetString(
+        "issuer", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ISSUER,
+                                             issuer.c_str()));
+    strings.SetString(
+        "fingerprint",
+        l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HASHES,
+                                   fingerprint.c_str()));
   }
 
-  strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr");
-
   base::StringPiece html(
       ResourceBundle::GetSharedInstance().GetRawDataResource(
           resource_id));
-
   return webui::GetI18nTemplateHtml(html, &strings);
 }
 
 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
   int cert_id = content::CertStore::GetInstance()->StoreCert(
       ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID());
 
   entry->GetSSL().security_style =
       content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
   entry->GetSSL().cert_id = cert_id;
@@ skipping 11 matching lines @@
   int cmd = atoi(command.c_str());
   if (cmd == CMD_DONT_PROCEED) {
     interstitial_page_->DontProceed();
   } else if (cmd == CMD_PROCEED) {
     interstitial_page_->Proceed();
   } else if (cmd == CMD_FOCUS) {
     // Start recording the time when the page is first in focus
     display_start_time_ = base::TimeTicks::Now();
   } else if (cmd == CMD_MORE) {
     RecordSSLBlockingPageEventStats(MORE);
+  } else if (cmd == CMD_RELOAD) {
+    // The interstitial can't refresh itself.
+    content::NavigationController* controller = &web_contents_->GetController();
+    controller->Reload(true);
   }
 }
 
 void SSLBlockingPage::OverrideRendererPrefs(
       content::RendererPreferences* prefs) {
   Profile* profile = Profile::FromBrowserContext(
       web_contents_->GetBrowserContext());
   renderer_preferences_util::UpdateFromSystemSettings(prefs, profile);
 }
 
@@ skipping 52 matching lines @@
     strings->SetString(keys[i], std::string());
   }
 }
 
 void SSLBlockingPage::OnGotHistoryCount(HistoryService::Handle handle,
                                         bool success,
                                         int num_visits,
                                         base::Time first_visit) {
   num_visits_ = num_visits;
 }