OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_blocking_page.h" | 5 #include "chrome/browser/ssl/ssl_blocking_page.h" |
6 | 6 |
7 #include "base/build_time.h" | 7 #include "base/build_time.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/i18n/rtl.h" | 9 #include "base/i18n/rtl.h" |
10 #include "base/i18n/time_formatting.h" | 10 #include "base/i18n/time_formatting.h" |
11 #include "base/metrics/field_trial.h" | 11 #include "base/metrics/field_trial.h" |
12 #include "base/metrics/histogram.h" | 12 #include "base/metrics/histogram.h" |
13 #include "base/prefs/pref_service.h" | |
13 #include "base/process/launch.h" | 14 #include "base/process/launch.h" |
14 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
15 #include "base/strings/string_piece.h" | 16 #include "base/strings/string_piece.h" |
16 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
17 #include "base/strings/stringprintf.h" | 18 #include "base/strings/stringprintf.h" |
18 #include "base/strings/utf_string_conversions.h" | 19 #include "base/strings/utf_string_conversions.h" |
19 #include "base/time/time.h" | 20 #include "base/time/time.h" |
20 #include "base/values.h" | 21 #include "base/values.h" |
21 #include "chrome/browser/browser_process.h" | 22 #include "chrome/browser/browser_process.h" |
22 #include "chrome/browser/chrome_notification_types.h" | 23 #include "chrome/browser/chrome_notification_types.h" |
23 #include "chrome/browser/profiles/profile.h" | 24 #include "chrome/browser/profiles/profile.h" |
24 #include "chrome/browser/renderer_preferences_util.h" | 25 #include "chrome/browser/renderer_preferences_util.h" |
25 #include "chrome/browser/ssl/ssl_error_classification.h" | 26 #include "chrome/browser/ssl/ssl_error_classification.h" |
26 #include "chrome/browser/ssl/ssl_error_info.h" | 27 #include "chrome/browser/ssl/ssl_error_info.h" |
27 #include "chrome/common/chrome_switches.h" | 28 #include "chrome/common/chrome_switches.h" |
29 #include "chrome/common/pref_names.h" | |
28 #include "chrome/grit/chromium_strings.h" | 30 #include "chrome/grit/chromium_strings.h" |
29 #include "chrome/grit/generated_resources.h" | 31 #include "chrome/grit/generated_resources.h" |
30 #include "components/google/core/browser/google_util.h" | 32 #include "components/google/core/browser/google_util.h" |
33 #include "content/public/browser/browser_thread.h" | |
31 #include "content/public/browser/cert_store.h" | 34 #include "content/public/browser/cert_store.h" |
32 #include "content/public/browser/interstitial_page.h" | 35 #include "content/public/browser/interstitial_page.h" |
33 #include "content/public/browser/navigation_controller.h" | 36 #include "content/public/browser/navigation_controller.h" |
34 #include "content/public/browser/navigation_entry.h" | 37 #include "content/public/browser/navigation_entry.h" |
35 #include "content/public/browser/notification_service.h" | 38 #include "content/public/browser/notification_service.h" |
36 #include "content/public/browser/notification_types.h" | 39 #include "content/public/browser/notification_types.h" |
37 #include "content/public/browser/render_process_host.h" | 40 #include "content/public/browser/render_process_host.h" |
38 #include "content/public/browser/render_view_host.h" | 41 #include "content/public/browser/render_view_host.h" |
39 #include "content/public/browser/web_contents.h" | 42 #include "content/public/browser/web_contents.h" |
40 #include "content/public/common/renderer_preferences.h" | 43 #include "content/public/common/renderer_preferences.h" |
41 #include "content/public/common/ssl_status.h" | 44 #include "content/public/common/ssl_status.h" |
42 #include "grit/browser_resources.h" | 45 #include "grit/browser_resources.h" |
43 #include "net/base/hash_value.h" | 46 #include "net/base/hash_value.h" |
44 #include "net/base/net_errors.h" | 47 #include "net/base/net_errors.h" |
45 #include "net/base/net_util.h" | 48 #include "net/base/net_util.h" |
49 #include "net/url_request/fraudulent_certificate_reporter.h" | |
50 #include "net/url_request/url_request_context.h" | |
51 #include "net/url_request/url_request_context_getter.h" | |
46 #include "ui/base/l10n/l10n_util.h" | 52 #include "ui/base/l10n/l10n_util.h" |
47 | 53 |
48 #if defined(OS_WIN) | 54 #if defined(OS_WIN) |
49 #include "base/base_paths_win.h" | 55 #include "base/base_paths_win.h" |
50 #include "base/path_service.h" | 56 #include "base/path_service.h" |
51 #include "base/strings/string16.h" | 57 #include "base/strings/string16.h" |
52 #include "base/win/windows_version.h" | 58 #include "base/win/windows_version.h" |
53 #endif | 59 #endif |
54 | 60 |
55 #if defined(OS_ANDROID) | 61 #if defined(OS_ANDROID) |
56 #include "chrome/browser/android/intent_helper.h" | 62 #include "chrome/browser/android/intent_helper.h" |
57 #endif | 63 #endif |
58 | 64 |
59 #if defined(OS_CHROMEOS) | 65 #if defined(OS_CHROMEOS) |
60 #include "chrome/browser/profiles/profile_manager.h" | 66 #include "chrome/browser/profiles/profile_manager.h" |
61 #include "chrome/browser/ui/chrome_pages.h" | 67 #include "chrome/browser/ui/chrome_pages.h" |
62 #include "chrome/common/url_constants.h" | 68 #include "chrome/common/url_constants.h" |
63 #endif | 69 #endif |
64 | 70 |
65 using base::ASCIIToUTF16; | 71 using base::ASCIIToUTF16; |
66 using base::TimeTicks; | 72 using base::TimeTicks; |
73 using content::BrowserThread; | |
67 using content::InterstitialPage; | 74 using content::InterstitialPage; |
68 using content::NavigationController; | 75 using content::NavigationController; |
69 using content::NavigationEntry; | 76 using content::NavigationEntry; |
70 | 77 |
71 namespace { | 78 namespace { |
72 | 79 |
73 // URL for help page. | 80 // URL for help page. |
74 const char kHelpURL[] = "https://support.google.com/chrome/answer/4454607"; | 81 const char kHelpURL[] = "https://support.google.com/chrome/answer/4454607"; |
75 | 82 |
76 // Constants for the Experience Sampling instrumentation. | 83 // Constants for the Experience Sampling instrumentation. |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
202 | 209 |
203 bool IsErrorDueToBadClock(const base::Time& now, int error) { | 210 bool IsErrorDueToBadClock(const base::Time& now, int error) { |
204 if (SSLErrorInfo::NetErrorToErrorType(error) != | 211 if (SSLErrorInfo::NetErrorToErrorType(error) != |
205 SSLErrorInfo::CERT_DATE_INVALID) { | 212 SSLErrorInfo::CERT_DATE_INVALID) { |
206 return false; | 213 return false; |
207 } | 214 } |
208 return SSLErrorClassification::IsUserClockInThePast(now) || | 215 return SSLErrorClassification::IsUserClockInThePast(now) || |
209 SSLErrorClassification::IsUserClockInTheFuture(now); | 216 SSLErrorClassification::IsUserClockInTheFuture(now); |
210 } | 217 } |
211 | 218 |
219 // A helper function that actually sends the cert collection report over | |
220 // the network. Must be run only on the IO thread. | |
221 void FinishCertCollectionInternal( | |
222 const scoped_refptr<net::URLRequestContextGetter>& request_context_getter, | |
223 const std::string& hostname, | |
224 const net::SSLInfo& ssl_info) { | |
225 net::FraudulentCertificateReporter* reporter = | |
226 request_context_getter->GetURLRequestContext() | |
227 ->fraudulent_certificate_reporter(); | |
228 if (reporter != NULL) { | |
Ryan Sleevi
2015/02/27 03:49:59
if (reporter) {
}
[Why: It's the consistent form
estark
2015/02/27 04:47:50
Done, and thanks for the explanation.
| |
229 reporter->SendReport( | |
230 net::FraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING, | |
231 hostname, ssl_info); | |
232 } | |
233 } | |
234 | |
212 } // namespace | 235 } // namespace |
213 | 236 |
214 // static | 237 // static |
215 const void* SSLBlockingPage::kTypeForTesting = | 238 const void* SSLBlockingPage::kTypeForTesting = |
216 &SSLBlockingPage::kTypeForTesting; | 239 &SSLBlockingPage::kTypeForTesting; |
217 | 240 |
218 // Note that we always create a navigation entry with SSL errors. | 241 // Note that we always create a navigation entry with SSL errors. |
219 // No error happening loading a sub-resource triggers an interstitial so far. | 242 // No error happening loading a sub-resource triggers an interstitial so far. |
220 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents, | 243 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents, |
221 int cert_error, | 244 int cert_error, |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
423 load_time_data->SetString( | 446 load_time_data->SetString( |
424 "issuer", ssl_info_.cert->issuer().GetDisplayName()); | 447 "issuer", ssl_info_.cert->issuer().GetDisplayName()); |
425 load_time_data->SetString( | 448 load_time_data->SetString( |
426 "expirationDate", | 449 "expirationDate", |
427 base::TimeFormatShortDate(ssl_info_.cert->valid_expiry())); | 450 base::TimeFormatShortDate(ssl_info_.cert->valid_expiry())); |
428 load_time_data->SetString( | 451 load_time_data->SetString( |
429 "currentDate", base::TimeFormatShortDate(now)); | 452 "currentDate", base::TimeFormatShortDate(now)); |
430 std::vector<std::string> encoded_chain; | 453 std::vector<std::string> encoded_chain; |
431 ssl_info_.cert->GetPEMEncodedChain(&encoded_chain); | 454 ssl_info_.cert->GetPEMEncodedChain(&encoded_chain); |
432 load_time_data->SetString("pem", JoinString(encoded_chain, std::string())); | 455 load_time_data->SetString("pem", JoinString(encoded_chain, std::string())); |
456 | |
457 PopulateExtendedReportingOption(load_time_data); | |
458 } | |
459 | |
460 void SSLBlockingPage::PopulateExtendedReportingOption( | |
461 base::DictionaryValue* load_time_data) { | |
462 // Only show the checkbox if not off-the-record and if the | |
463 // command-line option is set. | |
464 const bool show = !web_contents()->GetBrowserContext()->IsOffTheRecord() && | |
465 base::CommandLine::ForCurrentProcess()->HasSwitch( | |
466 switches::kEnableInvalidCertCollection); | |
467 | |
468 load_time_data->SetBoolean(interstitials::kDisplayCheckBox, show); | |
469 if (!show) | |
470 return; | |
471 | |
472 load_time_data->SetBoolean( | |
473 interstitials::kBoxChecked, | |
474 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled)); | |
475 | |
476 const std::string privacy_link = base::StringPrintf( | |
477 interstitials::kPrivacyLinkHtml, | |
478 l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); | |
479 | |
480 load_time_data->SetString( | |
481 "optInLink", | |
482 l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE, | |
483 base::UTF8ToUTF16(privacy_link))); | |
433 } | 484 } |
434 | 485 |
435 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { | 486 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) { |
436 int cert_id = content::CertStore::GetInstance()->StoreCert( | 487 int cert_id = content::CertStore::GetInstance()->StoreCert( |
437 ssl_info_.cert.get(), web_contents()->GetRenderProcessHost()->GetID()); | 488 ssl_info_.cert.get(), web_contents()->GetRenderProcessHost()->GetID()); |
438 DCHECK(cert_id); | 489 DCHECK(cert_id); |
439 | 490 |
440 entry->GetSSL().security_style = | 491 entry->GetSSL().security_style = |
441 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 492 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
442 entry->GetSSL().cert_id = cert_id; | 493 entry->GetSSL().cert_id = cert_id; |
(...skipping 12 matching lines...) Expand all Loading... | |
455 case CMD_DONT_PROCEED: { | 506 case CMD_DONT_PROCEED: { |
456 interstitial_page()->DontProceed(); | 507 interstitial_page()->DontProceed(); |
457 break; | 508 break; |
458 } | 509 } |
459 case CMD_PROCEED: { | 510 case CMD_PROCEED: { |
460 if (danger_overridable_) { | 511 if (danger_overridable_) { |
461 interstitial_page()->Proceed(); | 512 interstitial_page()->Proceed(); |
462 } | 513 } |
463 break; | 514 break; |
464 } | 515 } |
516 case CMD_DO_REPORT: { | |
517 SetReportingPreference(true); | |
518 break; | |
519 } | |
520 case CMD_DONT_REPORT: { | |
521 SetReportingPreference(false); | |
522 break; | |
523 } | |
465 case CMD_MORE: { | 524 case CMD_MORE: { |
466 metrics_helper_->RecordUserInteraction( | 525 metrics_helper_->RecordUserInteraction( |
467 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); | 526 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); |
468 break; | 527 break; |
469 } | 528 } |
470 case CMD_RELOAD: { | 529 case CMD_RELOAD: { |
471 metrics_helper_->RecordUserInteraction( | 530 metrics_helper_->RecordUserInteraction( |
472 SecurityInterstitialMetricsHelper::RELOAD); | 531 SecurityInterstitialMetricsHelper::RELOAD); |
473 // The interstitial can't refresh itself. | 532 // The interstitial can't refresh itself. |
474 web_contents()->GetController().Reload(true); | 533 web_contents()->GetController().Reload(true); |
(...skipping 24 matching lines...) Expand all Loading... | |
499 content::RendererPreferences* prefs) { | 558 content::RendererPreferences* prefs) { |
500 Profile* profile = Profile::FromBrowserContext( | 559 Profile* profile = Profile::FromBrowserContext( |
501 web_contents()->GetBrowserContext()); | 560 web_contents()->GetBrowserContext()); |
502 renderer_preferences_util::UpdateFromSystemSettings( | 561 renderer_preferences_util::UpdateFromSystemSettings( |
503 prefs, profile, web_contents()); | 562 prefs, profile, web_contents()); |
504 } | 563 } |
505 | 564 |
506 void SSLBlockingPage::OnProceed() { | 565 void SSLBlockingPage::OnProceed() { |
507 metrics_helper_->RecordUserDecision( | 566 metrics_helper_->RecordUserDecision( |
508 SecurityInterstitialMetricsHelper::PROCEED); | 567 SecurityInterstitialMetricsHelper::PROCEED); |
568 | |
569 // Finish collection information about invalid certificates, if the | |
570 // user opted in to. | |
571 FinishCertCollection(); | |
572 | |
509 RecordSSLExpirationPageEventState( | 573 RecordSSLExpirationPageEventState( |
510 expired_but_previously_allowed_, true, overridable_); | 574 expired_but_previously_allowed_, true, overridable_); |
511 // Accepting the certificate resumes the loading of the page. | 575 // Accepting the certificate resumes the loading of the page. |
512 NotifyAllowCertificate(); | 576 NotifyAllowCertificate(); |
513 } | 577 } |
514 | 578 |
515 void SSLBlockingPage::OnDontProceed() { | 579 void SSLBlockingPage::OnDontProceed() { |
516 metrics_helper_->RecordUserDecision( | 580 metrics_helper_->RecordUserDecision( |
517 SecurityInterstitialMetricsHelper::DONT_PROCEED); | 581 SecurityInterstitialMetricsHelper::DONT_PROCEED); |
582 | |
583 // Finish collection information about invalid certificates, if the | |
584 // user opted in to. | |
585 FinishCertCollection(); | |
586 | |
518 RecordSSLExpirationPageEventState( | 587 RecordSSLExpirationPageEventState( |
519 expired_but_previously_allowed_, false, overridable_); | 588 expired_but_previously_allowed_, false, overridable_); |
520 NotifyDenyCertificate(); | 589 NotifyDenyCertificate(); |
521 } | 590 } |
522 | 591 |
523 void SSLBlockingPage::NotifyDenyCertificate() { | 592 void SSLBlockingPage::NotifyDenyCertificate() { |
524 // It's possible that callback_ may not exist if the user clicks "Proceed" | 593 // It's possible that callback_ may not exist if the user clicks "Proceed" |
525 // followed by pressing the back button before the interstitial is hidden. | 594 // followed by pressing the back button before the interstitial is hidden. |
526 // In that case the certificate will still be treated as allowed. | 595 // In that case the certificate will still be treated as allowed. |
527 if (callback_.is_null()) | 596 if (callback_.is_null()) |
(...skipping 27 matching lines...) Expand all Loading... | |
555 std::string SSLBlockingPage::GetSamplingEventName() const { | 624 std::string SSLBlockingPage::GetSamplingEventName() const { |
556 std::string event_name(kEventNameBase); | 625 std::string event_name(kEventNameBase); |
557 if (overridable_) | 626 if (overridable_) |
558 event_name.append(kEventOverridable); | 627 event_name.append(kEventOverridable); |
559 else | 628 else |
560 event_name.append(kEventNotOverridable); | 629 event_name.append(kEventNotOverridable); |
561 event_name.append(net::ErrorToString(cert_error_)); | 630 event_name.append(net::ErrorToString(cert_error_)); |
562 return event_name; | 631 return event_name; |
563 } | 632 } |
564 | 633 |
634 void SSLBlockingPage::FinishCertCollection() { | |
635 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( | |
636 switches::kEnableInvalidCertCollection)) | |
637 return; | |
638 | |
639 const bool enabled = | |
640 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled); | |
641 UMA_HISTOGRAM_BOOLEAN("SB2.ExtendedReportingIsEnabled", enabled); | |
642 | |
643 if (enabled) { | |
644 scoped_refptr<net::URLRequestContextGetter> request_context_getter = | |
645 web_contents()->GetBrowserContext()->GetRequestContext(); | |
646 BrowserThread::PostTask( | |
647 BrowserThread::IO, FROM_HERE, | |
648 base::Bind(FinishCertCollectionInternal, request_context_getter, | |
649 request_url().host(), ssl_info_)); | |
650 } | |
651 } | |
652 | |
565 // static | 653 // static |
566 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) { | 654 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) { |
567 return (options_mask & SSLBlockingPage::OVERRIDABLE) && | 655 return (options_mask & SSLBlockingPage::OVERRIDABLE) && |
568 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT); | 656 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT); |
569 } | 657 } |
OLD | NEW |