OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_blocking_page.h" | 5 #include "chrome/browser/ssl/ssl_blocking_page.h" |
6 | 6 |
7 #include "base/build_time.h" | 7 #include "base/build_time.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/i18n/rtl.h" | 9 #include "base/i18n/rtl.h" |
10 #include "base/i18n/time_formatting.h" | 10 #include "base/i18n/time_formatting.h" |
11 #include "base/metrics/field_trial.h" | 11 #include "base/metrics/field_trial.h" |
12 #include "base/metrics/histogram.h" | 12 #include "base/metrics/histogram.h" |
13 #include "base/prefs/pref_service.h" | |
13 #include "base/process/launch.h" | 14 #include "base/process/launch.h" |
14 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
15 #include "base/strings/string_piece.h" | 16 #include "base/strings/string_piece.h" |
16 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
17 #include "base/strings/stringprintf.h" | 18 #include "base/strings/stringprintf.h" |
18 #include "base/strings/utf_string_conversions.h" | 19 #include "base/strings/utf_string_conversions.h" |
19 #include "base/time/time.h" | 20 #include "base/time/time.h" |
20 #include "base/values.h" | 21 #include "base/values.h" |
21 #include "chrome/browser/browser_process.h" | 22 #include "chrome/browser/browser_process.h" |
22 #include "chrome/browser/chrome_notification_types.h" | 23 #include "chrome/browser/chrome_notification_types.h" |
23 #include "chrome/browser/profiles/profile.h" | 24 #include "chrome/browser/profiles/profile.h" |
24 #include "chrome/browser/renderer_preferences_util.h" | 25 #include "chrome/browser/renderer_preferences_util.h" |
25 #include "chrome/browser/ssl/ssl_error_classification.h" | 26 #include "chrome/browser/ssl/ssl_error_classification.h" |
26 #include "chrome/browser/ssl/ssl_error_info.h" | 27 #include "chrome/browser/ssl/ssl_error_info.h" |
27 #include "chrome/common/chrome_switches.h" | 28 #include "chrome/common/chrome_switches.h" |
29 #include "chrome/common/pref_names.h" | |
28 #include "chrome/grit/chromium_strings.h" | 30 #include "chrome/grit/chromium_strings.h" |
29 #include "chrome/grit/generated_resources.h" | 31 #include "chrome/grit/generated_resources.h" |
30 #include "components/google/core/browser/google_util.h" | 32 #include "components/google/core/browser/google_util.h" |
31 #include "content/public/browser/cert_store.h" | 33 #include "content/public/browser/cert_store.h" |
32 #include "content/public/browser/interstitial_page.h" | 34 #include "content/public/browser/interstitial_page.h" |
33 #include "content/public/browser/navigation_controller.h" | 35 #include "content/public/browser/navigation_controller.h" |
34 #include "content/public/browser/navigation_entry.h" | 36 #include "content/public/browser/navigation_entry.h" |
35 #include "content/public/browser/notification_service.h" | 37 #include "content/public/browser/notification_service.h" |
36 #include "content/public/browser/notification_types.h" | 38 #include "content/public/browser/notification_types.h" |
37 #include "content/public/browser/render_process_host.h" | 39 #include "content/public/browser/render_process_host.h" |
38 #include "content/public/browser/render_view_host.h" | 40 #include "content/public/browser/render_view_host.h" |
39 #include "content/public/browser/web_contents.h" | 41 #include "content/public/browser/web_contents.h" |
40 #include "content/public/common/renderer_preferences.h" | 42 #include "content/public/common/renderer_preferences.h" |
41 #include "content/public/common/ssl_status.h" | 43 #include "content/public/common/ssl_status.h" |
42 #include "grit/browser_resources.h" | 44 #include "grit/browser_resources.h" |
43 #include "net/base/hash_value.h" | 45 #include "net/base/hash_value.h" |
44 #include "net/base/net_errors.h" | 46 #include "net/base/net_errors.h" |
45 #include "net/base/net_util.h" | 47 #include "net/base/net_util.h" |
48 #include "net/url_request/fraudulent_certificate_reporter.h" | |
49 #include "net/url_request/url_request_context.h" | |
50 #include "net/url_request/url_request_context_getter.h" | |
46 #include "ui/base/l10n/l10n_util.h" | 51 #include "ui/base/l10n/l10n_util.h" |
47 | 52 |
48 #if defined(OS_WIN) | 53 #if defined(OS_WIN) |
49 #include "base/base_paths_win.h" | 54 #include "base/base_paths_win.h" |
50 #include "base/path_service.h" | 55 #include "base/path_service.h" |
51 #include "base/strings/string16.h" | 56 #include "base/strings/string16.h" |
52 #include "base/win/windows_version.h" | 57 #include "base/win/windows_version.h" |
53 #endif | 58 #endif |
54 | 59 |
55 #if defined(OS_ANDROID) | 60 #if defined(OS_ANDROID) |
(...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
423 load_time_data->SetString( | 428 load_time_data->SetString( |
424 "issuer", ssl_info_.cert->issuer().GetDisplayName()); | 429 "issuer", ssl_info_.cert->issuer().GetDisplayName()); |
425 load_time_data->SetString( | 430 load_time_data->SetString( |
426 "expirationDate", | 431 "expirationDate", |
427 base::TimeFormatShortDate(ssl_info_.cert->valid_expiry())); | 432 base::TimeFormatShortDate(ssl_info_.cert->valid_expiry())); |
428 load_time_data->SetString( | 433 load_time_data->SetString( |
429 "currentDate", base::TimeFormatShortDate(now)); | 434 "currentDate", base::TimeFormatShortDate(now)); |
430 std::vector<std::string> encoded_chain; | 435 std::vector<std::string> encoded_chain; |
431 ssl_info_.cert->GetPEMEncodedChain(&encoded_chain); | 436 ssl_info_.cert->GetPEMEncodedChain(&encoded_chain); |
432 load_time_data->SetString("pem", JoinString(encoded_chain, std::string())); | 437 load_time_data->SetString("pem", JoinString(encoded_chain, std::string())); |
438 | |
439 PopulateExtendedReportingOption(load_time_data); | |
433 } | 440 } |
434 | 441 |
435 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { | 442 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { |
436 int cert_id = content::CertStore::GetInstance()->StoreCert( | 443 int cert_id = content::CertStore::GetInstance()->StoreCert( |
437 ssl_info_.cert.get(), web_contents()->GetRenderProcessHost()->GetID()); | 444 ssl_info_.cert.get(), web_contents()->GetRenderProcessHost()->GetID()); |
438 DCHECK(cert_id); | 445 DCHECK(cert_id); |
439 | 446 |
440 entry->GetSSL().security_style = | 447 entry->GetSSL().security_style = |
441 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 448 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
442 entry->GetSSL().cert_id = cert_id; | 449 entry->GetSSL().cert_id = cert_id; |
(...skipping 12 matching lines...) Expand all Loading... | |
455 case CMD_DONT_PROCEED: { | 462 case CMD_DONT_PROCEED: { |
456 interstitial_page()->DontProceed(); | 463 interstitial_page()->DontProceed(); |
457 break; | 464 break; |
458 } | 465 } |
459 case CMD_PROCEED: { | 466 case CMD_PROCEED: { |
460 if (danger_overridable_) { | 467 if (danger_overridable_) { |
461 interstitial_page()->Proceed(); | 468 interstitial_page()->Proceed(); |
462 } | 469 } |
463 break; | 470 break; |
464 } | 471 } |
472 case CMD_DO_REPORT: { | |
473 SetReportingPreference(true); | |
474 break; | |
475 } | |
476 case CMD_DONT_REPORT: { | |
477 SetReportingPreference(false); | |
478 break; | |
479 } | |
465 case CMD_MORE: { | 480 case CMD_MORE: { |
466 metrics_helper_->RecordUserInteraction( | 481 metrics_helper_->RecordUserInteraction( |
467 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); | 482 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); |
468 break; | 483 break; |
469 } | 484 } |
470 case CMD_RELOAD: { | 485 case CMD_RELOAD: { |
471 metrics_helper_->RecordUserInteraction( | 486 metrics_helper_->RecordUserInteraction( |
472 SecurityInterstitialMetricsHelper::RELOAD); | 487 SecurityInterstitialMetricsHelper::RELOAD); |
473 // The interstitial can't refresh itself. | 488 // The interstitial can't refresh itself. |
474 web_contents()->GetController().Reload(true); | 489 web_contents()->GetController().Reload(true); |
(...skipping 24 matching lines...) Expand all Loading... | |
499 content::RendererPreferences* prefs) { | 514 content::RendererPreferences* prefs) { |
500 Profile* profile = Profile::FromBrowserContext( | 515 Profile* profile = Profile::FromBrowserContext( |
501 web_contents()->GetBrowserContext()); | 516 web_contents()->GetBrowserContext()); |
502 renderer_preferences_util::UpdateFromSystemSettings( | 517 renderer_preferences_util::UpdateFromSystemSettings( |
503 prefs, profile, web_contents()); | 518 prefs, profile, web_contents()); |
504 } | 519 } |
505 | 520 |
506 void SSLBlockingPage::OnProceed() { | 521 void SSLBlockingPage::OnProceed() { |
507 metrics_helper_->RecordUserDecision( | 522 metrics_helper_->RecordUserDecision( |
508 SecurityInterstitialMetricsHelper::PROCEED); | 523 SecurityInterstitialMetricsHelper::PROCEED); |
524 | |
525 // Finish collection information about invalid certificates, if the | |
526 // user opted in to. | |
527 FinishCertCollection(); | |
528 | |
509 RecordSSLExpirationPageEventState( | 529 RecordSSLExpirationPageEventState( |
510 expired_but_previously_allowed_, true, overridable_); | 530 expired_but_previously_allowed_, true, overridable_); |
511 // Accepting the certificate resumes the loading of the page. | 531 // Accepting the certificate resumes the loading of the page. |
512 NotifyAllowCertificate(); | 532 NotifyAllowCertificate(); |
513 } | 533 } |
514 | 534 |
515 void SSLBlockingPage::OnDontProceed() { | 535 void SSLBlockingPage::OnDontProceed() { |
516 metrics_helper_->RecordUserDecision( | 536 metrics_helper_->RecordUserDecision( |
517 SecurityInterstitialMetricsHelper::DONT_PROCEED); | 537 SecurityInterstitialMetricsHelper::DONT_PROCEED); |
538 | |
539 // Finish collection information about invalid certificates, if the | |
540 // user opted in to. | |
541 FinishCertCollection(); | |
542 | |
518 RecordSSLExpirationPageEventState( | 543 RecordSSLExpirationPageEventState( |
519 expired_but_previously_allowed_, false, overridable_); | 544 expired_but_previously_allowed_, false, overridable_); |
520 NotifyDenyCertificate(); | 545 NotifyDenyCertificate(); |
521 } | 546 } |
522 | 547 |
548 void SSLBlockingPage::FinishCertCollection() { | |
549 // Certificates that would be valid expect for the inaccurate client | |
550 // clock are not very interesting. | |
551 if (interstitial_reason_ == SSL_REASON_BAD_CLOCK) | |
552 return; | |
553 | |
554 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( | |
555 switches::kEnableInvalidCertCollection)) | |
556 return; | |
557 | |
558 const bool enabled = | |
559 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled); | |
560 UMA_HISTOGRAM_BOOLEAN("SB2.ExtendedReportingIsEnabled", enabled); | |
561 | |
562 if (enabled) { | |
563 net::URLRequestContext* request_context = web_contents() | |
564 ->GetBrowserContext() | |
565 ->GetRequestContext() | |
566 ->GetURLRequestContext(); | |
567 net::FraudulentCertificateReporter* reporter = | |
568 request_context->fraudulent_certificate_reporter(); | |
569 reporter->SendReport( | |
570 net::FraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING, | |
571 request_url().host(), ssl_info_); | |
572 } | |
573 } | |
574 | |
523 void SSLBlockingPage::NotifyDenyCertificate() { | 575 void SSLBlockingPage::NotifyDenyCertificate() { |
524 // It's possible that callback_ may not exist if the user clicks "Proceed" | 576 // It's possible that callback_ may not exist if the user clicks "Proceed" |
525 // followed by pressing the back button before the interstitial is hidden. | 577 // followed by pressing the back button before the interstitial is hidden. |
526 // In that case the certificate will still be treated as allowed. | 578 // In that case the certificate will still be treated as allowed. |
527 if (callback_.is_null()) | 579 if (callback_.is_null()) |
528 return; | 580 return; |
529 | 581 |
530 callback_.Run(false); | 582 callback_.Run(false); |
531 callback_.Reset(); | 583 callback_.Reset(); |
532 } | 584 } |
(...skipping 27 matching lines...) Expand all Loading... | |
560 event_name.append(kEventNotOverridable); | 612 event_name.append(kEventNotOverridable); |
561 event_name.append(net::ErrorToString(cert_error_)); | 613 event_name.append(net::ErrorToString(cert_error_)); |
562 return event_name; | 614 return event_name; |
563 } | 615 } |
564 | 616 |
565 // static | 617 // static |
566 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) { | 618 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) { |
567 return (options_mask & SSLBlockingPage::OVERRIDABLE) && | 619 return (options_mask & SSLBlockingPage::OVERRIDABLE) && |
568 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT); | 620 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT); |
569 } | 621 } |
622 | |
623 void SSLBlockingPage::PopulateExtendedReportingOption( | |
624 base::DictionaryValue* load_time_data) { | |
625 // The checkbox should be shown if the error is not due to a bad | |
626 // client clock (such a certificate chain is not very | |
627 // interesting). Also hide the checkbox for incognito and if the | |
628 // command-line switch is not enabled. | |
629 const bool show = interstitial_reason_ != SSL_REASON_BAD_CLOCK && | |
630 !web_contents()->GetBrowserContext()->IsOffTheRecord() && | |
631 base::CommandLine::ForCurrentProcess()->HasSwitch( | |
632 switches::kEnableInvalidCertCollection); | |
633 | |
634 load_time_data->SetBoolean(interstitials::kDisplayCheckBox, show); | |
635 if (!show) | |
636 return; | |
637 | |
638 load_time_data->SetBoolean( | |
639 interstitials::kBoxChecked, | |
640 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled)); | |
641 | |
642 const std::string privacy_link = base::StringPrintf( | |
643 interstitials::kPrivacyLinkHtml, | |
644 l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); | |
645 | |
646 load_time_data->SetString( | |
647 "optInLink", | |
648 l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE, | |
felt
2015/02/24 01:57:53
note: in a future CL you should probably rename th
estark
2015/02/24 18:47:09
added to my list
| |
649 base::UTF8ToUTF16(privacy_link))); | |
650 } | |
OLD | NEW |