| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_blocking_page.h" | 5 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 6 | 6 |
| 7 #include "base/i18n/rtl.h" | 7 #include "base/i18n/rtl.h" |
| 8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/strings/string_number_conversions.h" |
| 10 #include "base/strings/string_piece.h" | 11 #include "base/strings/string_piece.h" |
| 12 #include "base/strings/stringprintf.h" |
| 11 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 12 #include "base/values.h" | 14 #include "base/values.h" |
| 13 #include "chrome/browser/history/history_service_factory.h" | 15 #include "chrome/browser/history/history_service_factory.h" |
| 14 #include "chrome/browser/profiles/profile.h" | 16 #include "chrome/browser/profiles/profile.h" |
| 15 #include "chrome/browser/renderer_preferences_util.h" | 17 #include "chrome/browser/renderer_preferences_util.h" |
| 16 #include "chrome/browser/ssl/ssl_error_info.h" | 18 #include "chrome/browser/ssl/ssl_error_info.h" |
| 17 #include "chrome/browser/ui/browser.h" | 19 #include "chrome/browser/ui/browser.h" |
| 18 #include "chrome/browser/ui/browser_finder.h" | 20 #include "chrome/browser/ui/browser_finder.h" |
| 19 #include "content/public/browser/cert_store.h" | 21 #include "content/public/browser/cert_store.h" |
| 20 #include "content/public/browser/interstitial_page.h" | 22 #include "content/public/browser/interstitial_page.h" |
| 21 #include "content/public/browser/navigation_controller.h" | 23 #include "content/public/browser/navigation_controller.h" |
| 22 #include "content/public/browser/navigation_entry.h" | 24 #include "content/public/browser/navigation_entry.h" |
| 23 #include "content/public/browser/notification_service.h" | 25 #include "content/public/browser/notification_service.h" |
| 24 #include "content/public/browser/notification_types.h" | 26 #include "content/public/browser/notification_types.h" |
| 25 #include "content/public/browser/render_process_host.h" | 27 #include "content/public/browser/render_process_host.h" |
| 26 #include "content/public/browser/render_view_host.h" | 28 #include "content/public/browser/render_view_host.h" |
| 27 #include "content/public/browser/web_contents.h" | 29 #include "content/public/browser/web_contents.h" |
| 28 #include "content/public/common/ssl_status.h" | 30 #include "content/public/common/ssl_status.h" |
| 29 #include "grit/app_locale_settings.h" | 31 #include "grit/app_locale_settings.h" |
| 30 #include "grit/browser_resources.h" | 32 #include "grit/browser_resources.h" |
| 31 #include "grit/generated_resources.h" | 33 #include "grit/generated_resources.h" |
| 34 #include "net/base/hash_value.h" |
| 32 #include "net/base/net_errors.h" | 35 #include "net/base/net_errors.h" |
| 33 #include "net/base/net_util.h" | 36 #include "net/base/net_util.h" |
| 34 #include "ui/base/l10n/l10n_util.h" | 37 #include "ui/base/l10n/l10n_util.h" |
| 35 #include "ui/base/resource/resource_bundle.h" | 38 #include "ui/base/resource/resource_bundle.h" |
| 36 #include "ui/base/webui/jstemplate_builder.h" | 39 #include "ui/base/webui/jstemplate_builder.h" |
| 37 | 40 |
| 38 #if defined(OS_WIN) | 41 #if defined(OS_WIN) |
| 39 #include "base/win/windows_version.h" | 42 #include "base/win/windows_version.h" |
| 40 #endif | 43 #endif |
| 41 | 44 |
| 42 using base::TimeTicks; | 45 using base::TimeTicks; |
| 43 using content::InterstitialPage; | 46 using content::InterstitialPage; |
| 44 using content::NavigationController; | 47 using content::NavigationController; |
| 45 using content::NavigationEntry; | 48 using content::NavigationEntry; |
| 46 | 49 |
| 47 namespace { | 50 namespace { |
| 48 | 51 |
| 49 // These represent the commands sent by ssl_roadblock.html. | 52 // These represent the commands sent by ssl_roadblock.html. |
| 50 enum SSLBlockingPageCommands { | 53 enum SSLBlockingPageCommands { |
| 51 CMD_DONT_PROCEED, | 54 CMD_DONT_PROCEED, |
| 52 CMD_PROCEED, | 55 CMD_PROCEED, |
| 53 CMD_FOCUS, | 56 CMD_FOCUS, |
| 54 CMD_MORE | 57 CMD_MORE, |
| 58 CMD_RELOAD, |
| 55 }; | 59 }; |
| 56 | 60 |
| 57 // Events for UMA. | 61 // Events for UMA. |
| 58 enum SSLBlockingPageEvent { | 62 enum SSLBlockingPageEvent { |
| 59 SHOW_ALL, | 63 SHOW_ALL, |
| 60 SHOW_OVERRIDABLE, | 64 SHOW_OVERRIDABLE, |
| 61 PROCEED_OVERRIDABLE, | 65 PROCEED_OVERRIDABLE, |
| 62 PROCEED_NAME, | 66 PROCEED_NAME, |
| 63 PROCEED_DATE, | 67 PROCEED_DATE, |
| 64 PROCEED_AUTHORITY, | 68 PROCEED_AUTHORITY, |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 internal_, | 195 internal_, |
| 192 display_start_time_, | 196 display_start_time_, |
| 193 num_visits_); | 197 num_visits_); |
| 194 // The page is closed without the user having chosen what to do, default to | 198 // The page is closed without the user having chosen what to do, default to |
| 195 // deny. | 199 // deny. |
| 196 NotifyDenyCertificate(); | 200 NotifyDenyCertificate(); |
| 197 } | 201 } |
| 198 } | 202 } |
| 199 | 203 |
| 200 std::string SSLBlockingPage::GetHTMLContents() { | 204 std::string SSLBlockingPage::GetHTMLContents() { |
| 201 // Let's build the html error page. | |
| 202 DictionaryValue strings; | 205 DictionaryValue strings; |
| 203 SSLErrorInfo error_info = | 206 int resource_id; |
| 204 SSLErrorInfo::CreateError(SSLErrorInfo::NetErrorToErrorType(cert_error_), | 207 if (overridable_ && !strict_enforcement_) { |
| 205 ssl_info_.cert.get(), | 208 // Let's build the overridable error page. |
| 206 request_url_); | 209 SSLErrorInfo error_info = |
| 210 SSLErrorInfo::CreateError( |
| 211 SSLErrorInfo::NetErrorToErrorType(cert_error_), |
| 212 ssl_info_.cert.get(), |
| 213 request_url_); |
| 207 | 214 |
| 208 int resource_id = IDR_SSL_ROAD_BLOCK_HTML; | 215 resource_id = IDR_SSL_ROAD_BLOCK_HTML; |
| 209 strings.SetString("headLine", error_info.title()); | 216 strings.SetString("headLine", error_info.title()); |
| 210 strings.SetString("description", error_info.details()); | 217 strings.SetString("description", error_info.details()); |
| 211 strings.SetString("moreInfoTitle", | 218 strings.SetString("moreInfoTitle", |
| 212 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE)); | 219 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE)); |
| 213 SetExtraInfo(&strings, error_info.extra_information()); | 220 SetExtraInfo(&strings, error_info.extra_information()); |
| 214 | 221 |
| 215 strings.SetString("exit", | 222 strings.SetString( |
| 216 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT)); | 223 "exit", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_EXIT)); |
| 224 strings.SetString( |
| 225 "title", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_TITLE)); |
| 226 strings.SetString( |
| 227 "proceed", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_PROCEED)); |
| 228 strings.SetString( |
| 229 "reasonForNotProceeding", l10n_util::GetStringUTF16( |
| 230 IDS_SSL_OVERRIDABLE_PAGE_SHOULD_NOT_PROCEED)); |
| 231 strings.SetString("errorType", "overridable"); |
| 232 strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr"); |
| 233 } else { |
| 234 // Let's build the blocking error page. |
| 235 resource_id = IDR_SSL_BLOCKING_HTML; |
| 217 | 236 |
| 218 if (overridable_ && !strict_enforcement_) { | 237 // Strings that are not dependent on the URL. |
| 219 strings.SetString("title", | 238 strings.SetString( |
| 220 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE)); | 239 "title", l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE)); |
| 221 strings.SetString("proceed", | 240 strings.SetString( |
| 222 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_PROCEED)); | 241 "reloadMsg", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_RELOAD)); |
| 223 strings.SetString("reasonForNotProceeding", | 242 strings.SetString( |
| 224 l10n_util::GetStringUTF16( | 243 "more", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_MORE)); |
| 225 IDS_SSL_BLOCKING_PAGE_SHOULD_NOT_PROCEED)); | 244 strings.SetString( |
| 226 strings.SetString("errorType", "overridable"); | 245 "less", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_LESS)); |
| 227 } else { | 246 strings.SetString( |
| 228 strings.SetString("title", | 247 "moreTitle", |
| 229 l10n_util::GetStringUTF16(IDS_SSL_ERROR_PAGE_TITLE)); | 248 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TITLE)); |
| 230 if (strict_enforcement_) { | 249 strings.SetString( |
| 231 strings.SetString("reasonForNotProceeding", | 250 "techTitle", |
| 232 l10n_util::GetStringUTF16( | 251 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TECH_TITLE)); |
| 233 IDS_SSL_ERROR_PAGE_CANNOT_PROCEED)); | 252 |
| 253 // Strings that are dependent on the URL. |
| 254 string16 url(ASCIIToUTF16(request_url_.host())); |
| 255 bool rtl = base::i18n::IsRTL(); |
| 256 strings.SetString("textDirection", rtl ? "rtl" : "ltr"); |
| 257 if (rtl) |
| 258 base::i18n::WrapStringWithLTRFormatting(&url); |
| 259 strings.SetString( |
| 260 "headline", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HEADLINE, |
| 261 url.c_str())); |
| 262 strings.SetString( |
| 263 "message", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_BODY_TEXT, |
| 264 url.c_str())); |
| 265 strings.SetString( |
| 266 "moreMessage", |
| 267 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TEXT, |
| 268 url.c_str())); |
| 269 strings.SetString("reloadUrl", request_url_.spec()); |
| 270 |
| 271 // Strings that are dependent on the error type. |
| 272 SSLErrorInfo::ErrorType type = |
| 273 SSLErrorInfo::NetErrorToErrorType(cert_error_); |
| 274 string16 errorType; |
| 275 if (type == SSLErrorInfo::CERT_REVOKED) { |
| 276 errorType = string16(ASCIIToUTF16("Key revocation")); |
| 277 strings.SetString( |
| 278 "failure", |
| 279 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_REVOKED)); |
| 280 } else if (type == SSLErrorInfo::CERT_INVALID) { |
| 281 errorType = string16(ASCIIToUTF16("Malformed certificate")); |
| 282 strings.SetString( |
| 283 "failure", |
| 284 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_FORMATTED)); |
| 285 } else if (type == SSLErrorInfo::CERT_PINNED_KEY_MISSING) { |
| 286 errorType = string16(ASCIIToUTF16("Certificate pinning failure")); |
| 287 strings.SetString( |
| 288 "failure", |
| 289 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_PINNING, |
| 290 url.c_str())); |
| 291 } else if (type == SSLErrorInfo::CERT_WEAK_KEY_DH) { |
| 292 errorType = string16(ASCIIToUTF16("Weak DH public key")); |
| 293 strings.SetString( |
| 294 "failure", |
| 295 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_WEAK_DH, |
| 296 url.c_str())); |
| 234 } else { | 297 } else { |
| 235 strings.SetString("reasonForNotProceeding", std::string()); | 298 // HSTS failure. |
| 299 errorType = string16(ASCIIToUTF16("HSTS failure")); |
| 300 strings.SetString( |
| 301 "failure", |
| 302 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HSTS, url.c_str())); |
| 236 } | 303 } |
| 237 strings.SetString("errorType", "notoverridable"); | 304 if (rtl) |
| 305 base::i18n::WrapStringWithLTRFormatting(&errorType); |
| 306 strings.SetString( |
| 307 "errorType", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ERROR, |
| 308 errorType.c_str())); |
| 309 |
| 310 // Strings that display the invalid cert. |
| 311 string16 subject(ASCIIToUTF16(ssl_info_.cert->subject().GetDisplayName())); |
| 312 string16 issuer(ASCIIToUTF16(ssl_info_.cert->issuer().GetDisplayName())); |
| 313 std::string hashes; |
| 314 for (std::vector<net::HashValue>::iterator it = |
| 315 ssl_info_.public_key_hashes.begin(); |
| 316 it != ssl_info_.public_key_hashes.end(); |
| 317 ++it) { |
| 318 base::StringAppendF(&hashes, "%s ", it->ToString().c_str()); |
| 319 } |
| 320 string16 fingerprint(ASCIIToUTF16(hashes)); |
| 321 if (rtl) { |
| 322 // These are always going to be LTR. |
| 323 base::i18n::WrapStringWithLTRFormatting(&subject); |
| 324 base::i18n::WrapStringWithLTRFormatting(&issuer); |
| 325 base::i18n::WrapStringWithLTRFormatting(&fingerprint); |
| 326 } |
| 327 strings.SetString( |
| 328 "subject", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_SUBJECT, |
| 329 subject.c_str())); |
| 330 strings.SetString( |
| 331 "issuer", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ISSUER, |
| 332 issuer.c_str())); |
| 333 strings.SetString( |
| 334 "fingerprint", |
| 335 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HASHES, |
| 336 fingerprint.c_str())); |
| 238 } | 337 } |
| 239 | 338 |
| 240 strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr"); | |
| 241 | |
| 242 base::StringPiece html( | 339 base::StringPiece html( |
| 243 ResourceBundle::GetSharedInstance().GetRawDataResource( | 340 ResourceBundle::GetSharedInstance().GetRawDataResource( |
| 244 resource_id)); | 341 resource_id)); |
| 245 | |
| 246 return webui::GetI18nTemplateHtml(html, &strings); | 342 return webui::GetI18nTemplateHtml(html, &strings); |
| 247 } | 343 } |
| 248 | 344 |
| 249 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { | 345 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { |
| 250 int cert_id = content::CertStore::GetInstance()->StoreCert( | 346 int cert_id = content::CertStore::GetInstance()->StoreCert( |
| 251 ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID()); | 347 ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID()); |
| 252 | 348 |
| 253 entry->GetSSL().security_style = | 349 entry->GetSSL().security_style = |
| 254 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 350 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 255 entry->GetSSL().cert_id = cert_id; | 351 entry->GetSSL().cert_id = cert_id; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 267 int cmd = atoi(command.c_str()); | 363 int cmd = atoi(command.c_str()); |
| 268 if (cmd == CMD_DONT_PROCEED) { | 364 if (cmd == CMD_DONT_PROCEED) { |
| 269 interstitial_page_->DontProceed(); | 365 interstitial_page_->DontProceed(); |
| 270 } else if (cmd == CMD_PROCEED) { | 366 } else if (cmd == CMD_PROCEED) { |
| 271 interstitial_page_->Proceed(); | 367 interstitial_page_->Proceed(); |
| 272 } else if (cmd == CMD_FOCUS) { | 368 } else if (cmd == CMD_FOCUS) { |
| 273 // Start recording the time when the page is first in focus | 369 // Start recording the time when the page is first in focus |
| 274 display_start_time_ = base::TimeTicks::Now(); | 370 display_start_time_ = base::TimeTicks::Now(); |
| 275 } else if (cmd == CMD_MORE) { | 371 } else if (cmd == CMD_MORE) { |
| 276 RecordSSLBlockingPageEventStats(MORE); | 372 RecordSSLBlockingPageEventStats(MORE); |
| 373 } else if (cmd == CMD_RELOAD) { |
| 374 // The interstitial can't refresh itself. |
| 375 content::NavigationController* controller = &web_contents_->GetController(); |
| 376 controller->Reload(true); |
| 277 } | 377 } |
| 278 } | 378 } |
| 279 | 379 |
| 280 void SSLBlockingPage::OverrideRendererPrefs( | 380 void SSLBlockingPage::OverrideRendererPrefs( |
| 281 content::RendererPreferences* prefs) { | 381 content::RendererPreferences* prefs) { |
| 282 Profile* profile = Profile::FromBrowserContext( | 382 Profile* profile = Profile::FromBrowserContext( |
| 283 web_contents_->GetBrowserContext()); | 383 web_contents_->GetBrowserContext()); |
| 284 renderer_preferences_util::UpdateFromSystemSettings(prefs, profile); | 384 renderer_preferences_util::UpdateFromSystemSettings(prefs, profile); |
| 285 } | 385 } |
| 286 | 386 |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 strings->SetString(keys[i], std::string()); | 439 strings->SetString(keys[i], std::string()); |
| 340 } | 440 } |
| 341 } | 441 } |
| 342 | 442 |
| 343 void SSLBlockingPage::OnGotHistoryCount(HistoryService::Handle handle, | 443 void SSLBlockingPage::OnGotHistoryCount(HistoryService::Handle handle, |
| 344 bool success, | 444 bool success, |
| 345 int num_visits, | 445 int num_visits, |
| 346 base::Time first_visit) { | 446 base::Time first_visit) { |
| 347 num_visits_ = num_visits; | 447 num_visits_ = num_visits; |
| 348 } | 448 } |
| OLD | NEW |
|---|
Chromium Code Reviews
