OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_blocking_page.h" | 5 #include "chrome/browser/ssl/ssl_blocking_page.h" |
6 | 6 |
7 #include "base/i18n/rtl.h" | 7 #include "base/i18n/rtl.h" |
8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
10 #include "base/strings/string_number_conversions.h" | |
10 #include "base/strings/string_piece.h" | 11 #include "base/strings/string_piece.h" |
12 #include "base/strings/stringprintf.h" | |
11 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
12 #include "base/values.h" | 14 #include "base/values.h" |
13 #include "chrome/browser/history/history_service_factory.h" | 15 #include "chrome/browser/history/history_service_factory.h" |
14 #include "chrome/browser/profiles/profile.h" | 16 #include "chrome/browser/profiles/profile.h" |
15 #include "chrome/browser/renderer_preferences_util.h" | 17 #include "chrome/browser/renderer_preferences_util.h" |
16 #include "chrome/browser/ssl/ssl_error_info.h" | 18 #include "chrome/browser/ssl/ssl_error_info.h" |
17 #include "chrome/browser/ui/browser.h" | 19 #include "chrome/browser/ui/browser.h" |
18 #include "chrome/browser/ui/browser_finder.h" | 20 #include "chrome/browser/ui/browser_finder.h" |
19 #include "content/public/browser/cert_store.h" | 21 #include "content/public/browser/cert_store.h" |
20 #include "content/public/browser/interstitial_page.h" | 22 #include "content/public/browser/interstitial_page.h" |
21 #include "content/public/browser/navigation_controller.h" | 23 #include "content/public/browser/navigation_controller.h" |
22 #include "content/public/browser/navigation_entry.h" | 24 #include "content/public/browser/navigation_entry.h" |
23 #include "content/public/browser/notification_service.h" | 25 #include "content/public/browser/notification_service.h" |
24 #include "content/public/browser/notification_types.h" | 26 #include "content/public/browser/notification_types.h" |
25 #include "content/public/browser/render_process_host.h" | 27 #include "content/public/browser/render_process_host.h" |
26 #include "content/public/browser/render_view_host.h" | 28 #include "content/public/browser/render_view_host.h" |
27 #include "content/public/browser/web_contents.h" | 29 #include "content/public/browser/web_contents.h" |
28 #include "content/public/common/ssl_status.h" | 30 #include "content/public/common/ssl_status.h" |
29 #include "grit/app_locale_settings.h" | 31 #include "grit/app_locale_settings.h" |
30 #include "grit/browser_resources.h" | 32 #include "grit/browser_resources.h" |
31 #include "grit/generated_resources.h" | 33 #include "grit/generated_resources.h" |
34 #include "net/base/hash_value.h" | |
32 #include "net/base/net_errors.h" | 35 #include "net/base/net_errors.h" |
33 #include "net/base/net_util.h" | 36 #include "net/base/net_util.h" |
34 #include "ui/base/l10n/l10n_util.h" | 37 #include "ui/base/l10n/l10n_util.h" |
35 #include "ui/base/resource/resource_bundle.h" | 38 #include "ui/base/resource/resource_bundle.h" |
36 #include "ui/webui/jstemplate_builder.h" | 39 #include "ui/webui/jstemplate_builder.h" |
37 | 40 |
38 #if defined(OS_WIN) | 41 #if defined(OS_WIN) |
39 #include "base/win/windows_version.h" | 42 #include "base/win/windows_version.h" |
40 #endif | 43 #endif |
41 | 44 |
42 using base::TimeTicks; | 45 using base::TimeTicks; |
43 using content::InterstitialPage; | 46 using content::InterstitialPage; |
44 using content::NavigationController; | 47 using content::NavigationController; |
45 using content::NavigationEntry; | 48 using content::NavigationEntry; |
46 | 49 |
47 namespace { | 50 namespace { |
48 | 51 |
49 // These represent the commands sent by ssl_roadblock.html. | 52 // These represent the commands sent by ssl_roadblock.html. |
50 enum SSLBlockingPageCommands { | 53 enum SSLBlockingPageCommands { |
51 CMD_DONT_PROCEED, | 54 CMD_DONT_PROCEED, |
52 CMD_PROCEED, | 55 CMD_PROCEED, |
53 CMD_FOCUS, | 56 CMD_FOCUS, |
54 CMD_MORE | 57 CMD_MORE, |
58 CMD_RELOAD, | |
55 }; | 59 }; |
56 | 60 |
57 // Events for UMA. | 61 // Events for UMA. |
58 enum SSLBlockingPageEvent { | 62 enum SSLBlockingPageEvent { |
59 SHOW_ALL, | 63 SHOW_ALL, |
60 SHOW_OVERRIDABLE, | 64 SHOW_OVERRIDABLE, |
61 PROCEED_OVERRIDABLE, | 65 PROCEED_OVERRIDABLE, |
62 PROCEED_NAME, | 66 PROCEED_NAME, |
63 PROCEED_DATE, | 67 PROCEED_DATE, |
64 PROCEED_AUTHORITY, | 68 PROCEED_AUTHORITY, |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
147 const GURL& request_url, | 151 const GURL& request_url, |
148 bool overridable, | 152 bool overridable, |
149 bool strict_enforcement, | 153 bool strict_enforcement, |
150 const base::Callback<void(bool)>& callback) | 154 const base::Callback<void(bool)>& callback) |
151 : callback_(callback), | 155 : callback_(callback), |
152 web_contents_(web_contents), | 156 web_contents_(web_contents), |
153 cert_error_(cert_error), | 157 cert_error_(cert_error), |
154 ssl_info_(ssl_info), | 158 ssl_info_(ssl_info), |
155 request_url_(request_url), | 159 request_url_(request_url), |
156 overridable_(overridable), | 160 overridable_(overridable), |
157 strict_enforcement_(strict_enforcement), | 161 strict_enforcement_(true), |
158 internal_(false), | 162 internal_(false), |
159 num_visits_(-1) { | 163 num_visits_(-1) { |
160 // For UMA stats. | 164 // For UMA stats. |
161 if (net::IsHostnameNonUnique(request_url_.HostNoBrackets())) | 165 if (net::IsHostnameNonUnique(request_url_.HostNoBrackets())) |
162 internal_ = true; | 166 internal_ = true; |
163 RecordSSLBlockingPageEventStats(SHOW_ALL); | 167 RecordSSLBlockingPageEventStats(SHOW_ALL); |
164 if (overridable_ && !strict_enforcement_) { | 168 if (overridable_ && !strict_enforcement_) { |
165 RecordSSLBlockingPageEventStats(SHOW_OVERRIDABLE); | 169 RecordSSLBlockingPageEventStats(SHOW_OVERRIDABLE); |
166 if (internal_) | 170 if (internal_) |
167 RecordSSLBlockingPageEventStats(SHOW_INTERNAL_HOSTNAME); | 171 RecordSSLBlockingPageEventStats(SHOW_INTERNAL_HOSTNAME); |
(...skipping 23 matching lines...) Expand all Loading... | |
191 internal_, | 195 internal_, |
192 display_start_time_, | 196 display_start_time_, |
193 num_visits_); | 197 num_visits_); |
194 // The page is closed without the user having chosen what to do, default to | 198 // The page is closed without the user having chosen what to do, default to |
195 // deny. | 199 // deny. |
196 NotifyDenyCertificate(); | 200 NotifyDenyCertificate(); |
197 } | 201 } |
198 } | 202 } |
199 | 203 |
200 std::string SSLBlockingPage::GetHTMLContents() { | 204 std::string SSLBlockingPage::GetHTMLContents() { |
201 // Let's build the html error page. | |
202 DictionaryValue strings; | 205 DictionaryValue strings; |
203 SSLErrorInfo error_info = | 206 int resource_id; |
204 SSLErrorInfo::CreateError(SSLErrorInfo::NetErrorToErrorType(cert_error_), | 207 if (overridable_ && !strict_enforcement_) { |
205 ssl_info_.cert.get(), | 208 // Let's build the overridable error page. |
206 request_url_); | 209 SSLErrorInfo error_info = |
210 SSLErrorInfo::CreateError( | |
211 SSLErrorInfo::NetErrorToErrorType(cert_error_), | |
212 ssl_info_.cert.get(), | |
213 request_url_); | |
207 | 214 |
208 int resource_id = IDR_SSL_ROAD_BLOCK_HTML; | 215 resource_id = IDR_SSL_ROAD_BLOCK_HTML; |
209 strings.SetString("headLine", error_info.title()); | 216 strings.SetString("headLine", error_info.title()); |
210 strings.SetString("description", error_info.details()); | 217 strings.SetString("description", error_info.details()); |
211 strings.SetString("moreInfoTitle", | 218 strings.SetString("moreInfoTitle", |
212 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE)); | 219 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE)); |
213 SetExtraInfo(&strings, error_info.extra_information()); | 220 SetExtraInfo(&strings, error_info.extra_information()); |
214 | 221 |
215 strings.SetString("exit", | 222 strings.SetString( |
216 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT)); | 223 "exit", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_EXIT)); |
224 strings.SetString( | |
225 "title", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_TITLE)); | |
226 strings.SetString( | |
227 "proceed", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_PROCEED)); | |
228 strings.SetString( | |
229 "reasonForNotProceeding", l10n_util::GetStringUTF16( | |
230 IDS_SSL_OVERRIDABLE_PAGE_SHOULD_NOT_PROCEED)); | |
231 strings.SetString("errorType", "overridable"); | |
232 strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr"); | |
233 } else { | |
234 // Let's build the blocking error page. | |
235 resource_id = IDR_SSL_BLOCKING_HTML; | |
217 | 236 |
218 if (overridable_ && !strict_enforcement_) { | 237 // Strings that are not dependent on the URL. |
219 strings.SetString("title", | 238 strings.SetString( |
220 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE)); | 239 "title", l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE)); |
221 strings.SetString("proceed", | 240 strings.SetString( |
222 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_PROCEED)); | 241 "reloadMsg", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_RELOAD)); |
223 strings.SetString("reasonForNotProceeding", | 242 strings.SetString( |
224 l10n_util::GetStringUTF16( | 243 "more", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_MORE)); |
225 IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED)); | 244 strings.SetString( |
226 strings.SetString("errorType", "overridable"); | 245 "less", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_LESS)); |
227 } else { | 246 strings.SetString( |
228 strings.SetString("title", | 247 "moreTitle", |
229 l10n_util::GetStringUTF16(IDS_SSL_ERROR_PAGE_TITLE)); | 248 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TITLE)); |
230 if (strict_enforcement_) { | 249 strings.SetString( |
231 strings.SetString("reasonForNotProceeding", | 250 "techTitle", |
232 l10n_util::GetStringUTF16( | 251 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TECH_TITLE)); |
233 IDS_SSL_ERROR_PAGE_CANNOT_PROCEED)); | 252 |
253 // Strings that are dependent on the URL. | |
254 string16 url(ASCIIToUTF16(request_url_.host())); | |
255 bool rtl = base::i18n::IsRTL(); | |
256 strings.SetString("textDirection", rtl ? "rtl" : "ltr"); | |
257 if (rtl) | |
258 base::i18n::WrapStringWithLTRFormatting(&url); | |
259 strings.SetString( | |
260 "headline", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HEADLINE, | |
261 url.c_str())); | |
262 strings.SetString( | |
263 "message", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_BODY_TEXT, | |
264 url.c_str())); | |
265 LOG(INFO) << l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_BODY_TEXT, | |
Patrick Dubroy
2013/09/18 15:01:35
Don't think you need this.
felt
2013/10/18 05:53:12
Done.
| |
266 url.c_str()); | |
267 strings.SetString( | |
268 "moreMessage", | |
269 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TEXT, | |
270 url.c_str())); | |
271 strings.SetString("reloadUrl", request_url_.spec()); | |
272 | |
273 // Strings that are dependent on the error type. | |
274 SSLErrorInfo::ErrorType type = | |
275 SSLErrorInfo::NetErrorToErrorType(cert_error_); | |
276 string16 errorType; | |
277 if (type == SSLErrorInfo::CERT_REVOKED) { | |
278 errorType = string16(ASCIIToUTF16("Key revocation")); | |
279 strings.SetString( | |
280 "failure", | |
281 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_REVOKED)); | |
282 } else if (type == SSLErrorInfo::CERT_INVALID) { | |
283 errorType = string16(ASCIIToUTF16("Malformed certificate")); | |
284 strings.SetString( | |
285 "failure", | |
286 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_FORMATTED)); | |
287 } else if (type == SSLErrorInfo::CERT_PINNING_KEY_MISSING) { | |
288 errorType = string16(ASCIIToUTF16("Certificate pinning failure")); | |
289 strings.SetString( | |
290 "failure", | |
291 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_PINNING, | |
292 url.c_str())); | |
293 } else if (type == SSLErrorInfo::CERT_WEAK_KEY_DH) { | |
294 errorType = string16(ASCIIToUTF16("Weak DH public key")); | |
295 strings.SetString( | |
296 "failure", | |
297 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_WEAK_DH, | |
298 url.c_str())); | |
234 } else { | 299 } else { |
235 strings.SetString("reasonForNotProceeding", std::string()); | 300 // HSTS failure. |
301 errorType = string16(ASCIIToUTF16("HSTS failure")); | |
302 strings.SetString( | |
303 "failure", | |
304 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HSTS, url.c_str())); | |
236 } | 305 } |
237 strings.SetString("errorType", "notoverridable"); | 306 if (rtl) |
307 base::i18n::WrapStringWithLTRFormatting(&errorType); | |
308 strings.SetString( | |
309 "errorType", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ERROR, | |
310 errorType.c_str())); | |
311 | |
312 // Strings that display the invalid cert. | |
313 string16 subject(ASCIIToUTF16(ssl_info_.cert->subject().GetDisplayName())); | |
314 string16 issuer(ASCIIToUTF16(ssl_info_.cert->issuer().GetDisplayName())); | |
315 std::string hashes; | |
316 for (std::vector<net::HashValue>::iterator it = | |
317 ssl_info_.public_key_hashes.begin(); | |
318 it != ssl_info_.public_key_hashes.end(); | |
319 ++it) { | |
320 base::StringAppendF(&hashes, "%s ", it->ToString().c_str()); | |
321 } | |
322 string16 fingerprint(ASCIIToUTF16(hashes)); | |
323 if (rtl) { | |
324 // These are always going to be LTR. | |
325 base::i18n::WrapStringWithLTRFormatting(&subject); | |
326 base::i18n::WrapStringWithLTRFormatting(&issuer); | |
327 base::i18n::WrapStringWithLTRFormatting(&fingerprint); | |
328 } | |
329 strings.SetString( | |
330 "subject", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_SUBJECT, | |
331 subject.c_str())); | |
332 strings.SetString( | |
333 "issuer", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ISSUER, | |
334 issuer.c_str())); | |
335 strings.SetString( | |
336 "fingerprint", | |
337 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HASHES, | |
338 fingerprint.c_str())); | |
238 } | 339 } |
239 | 340 |
240 strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr"); | |
241 | |
242 base::StringPiece html( | 341 base::StringPiece html( |
243 ResourceBundle::GetSharedInstance().GetRawDataResource( | 342 ResourceBundle::GetSharedInstance().GetRawDataResource( |
244 resource_id)); | 343 resource_id)); |
245 | |
246 return webui::GetI18nTemplateHtml(html, &strings); | 344 return webui::GetI18nTemplateHtml(html, &strings); |
247 } | 345 } |
248 | 346 |
249 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { | 347 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { |
250 int cert_id = content::CertStore::GetInstance()->StoreCert( | 348 int cert_id = content::CertStore::GetInstance()->StoreCert( |
251 ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID()); | 349 ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID()); |
252 | 350 |
253 entry->GetSSL().security_style = | 351 entry->GetSSL().security_style = |
254 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 352 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
255 entry->GetSSL().cert_id = cert_id; | 353 entry->GetSSL().cert_id = cert_id; |
(...skipping 11 matching lines...) Expand all Loading... | |
267 int cmd = atoi(command.c_str()); | 365 int cmd = atoi(command.c_str()); |
268 if (cmd == CMD_DONT_PROCEED) { | 366 if (cmd == CMD_DONT_PROCEED) { |
269 interstitial_page_->DontProceed(); | 367 interstitial_page_->DontProceed(); |
270 } else if (cmd == CMD_PROCEED) { | 368 } else if (cmd == CMD_PROCEED) { |
271 interstitial_page_->Proceed(); | 369 interstitial_page_->Proceed(); |
272 } else if (cmd == CMD_FOCUS) { | 370 } else if (cmd == CMD_FOCUS) { |
273 // Start recording the time when the page is first in focus | 371 // Start recording the time when the page is first in focus |
274 display_start_time_ = base::TimeTicks::Now(); | 372 display_start_time_ = base::TimeTicks::Now(); |
275 } else if (cmd == CMD_MORE) { | 373 } else if (cmd == CMD_MORE) { |
276 RecordSSLBlockingPageEventStats(MORE); | 374 RecordSSLBlockingPageEventStats(MORE); |
375 } else if (cmd == CMD_RELOAD) { | |
376 // The interstitial can't refresh itself. | |
377 content::NavigationController* controller = &web_contents_->GetController(); | |
378 controller->Reload(true); | |
277 } | 379 } |
278 } | 380 } |
279 | 381 |
280 void SSLBlockingPage::OverrideRendererPrefs( | 382 void SSLBlockingPage::OverrideRendererPrefs( |
281 content::RendererPreferences* prefs) { | 383 content::RendererPreferences* prefs) { |
282 Profile* profile = Profile::FromBrowserContext( | 384 Profile* profile = Profile::FromBrowserContext( |
283 web_contents_->GetBrowserContext()); | 385 web_contents_->GetBrowserContext()); |
284 renderer_preferences_util::UpdateFromSystemSettings(prefs, profile); | 386 renderer_preferences_util::UpdateFromSystemSettings(prefs, profile); |
285 } | 387 } |
286 | 388 |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
339 strings->SetString(keys[i], std::string()); | 441 strings->SetString(keys[i], std::string()); |
340 } | 442 } |
341 } | 443 } |
342 | 444 |
343 void SSLBlockingPage::OnGotHistoryCount(HistoryService::Handle handle, | 445 void SSLBlockingPage::OnGotHistoryCount(HistoryService::Handle handle, |
344 bool success, | 446 bool success, |
345 int num_visits, | 447 int num_visits, |
346 base::Time first_visit) { | 448 base::Time first_visit) { |
347 num_visits_ = num_visits; | 449 num_visits_ = num_visits; |
348 } | 450 } |
OLD | NEW |