Add checkbox for reporting invalid TLS/SSL cert chains

chrome/browser/ssl/ssl_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 
 #include "base/build_time.h"
 #include "base/command_line.h"
 #include "base/i18n/rtl.h"
 #include "base/i18n/time_formatting.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
+#include "base/prefs/pref_service.h"
 #include "base/process/launch.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_preferences_util.h"
 #include "chrome/browser/ssl/ssl_error_classification.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/common/pref_names.h"
 #include "chrome/grit/chromium_strings.h"
 #include "chrome/grit/generated_resources.h"
 #include "components/google/core/browser/google_util.h"
+#include "content/public/browser/browser_thread.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/renderer_preferences.h"
 #include "content/public/common/ssl_status.h"
 #include "grit/browser_resources.h"
 #include "net/base/hash_value.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
+#include "net/url_request/fraudulent_certificate_reporter.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
 #include "ui/base/l10n/l10n_util.h"
 
 #if defined(OS_WIN)
 #include "base/base_paths_win.h"
 #include "base/path_service.h"
 #include "base/strings/string16.h"
 #include "base/win/windows_version.h"
 #endif
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/android/intent_helper.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/ui/chrome_pages.h"
 #include "chrome/common/url_constants.h"
 #endif
 
 using base::ASCIIToUTF16;
 using base::TimeTicks;
+using content::BrowserThread;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 
 namespace {
 
 // URL for help page.
 const char kHelpURL[] = "https://support.google.com/chrome/answer/4454607";
 
 // Constants for the Experience Sampling instrumentation.
@@ skipping 125 matching lines @@
 
 bool IsErrorDueToBadClock(const base::Time& now, int error) {
   if (SSLErrorInfo::NetErrorToErrorType(error) !=
           SSLErrorInfo::CERT_DATE_INVALID) {
     return false;
   }
   return SSLErrorClassification::IsUserClockInThePast(now) ||
       SSLErrorClassification::IsUserClockInTheFuture(now);
 }
 
+// A helper function that actually sends the cert collection report over
+// the network. Must be run only on the IO thread.
+void FinishCertCollectionInternal(
+    const scoped_refptr<net::URLRequestContextGetter>& request_context_getter,
+    const std::string& hostname,
+    const net::SSLInfo& ssl_info) {

[felt, 2015/02/28 16:44:47]

Would it make more sense to have a DCHECK for the IO thread constraint, rather
than a comment?

[estark, 2015/02/28 20:59:00]

Done.

[felt, 2015/03/02 16:06:58]

BTW, for reference:
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));

+  net::FraudulentCertificateReporter* reporter =
+      request_context_getter->GetURLRequestContext()
+          ->fraudulent_certificate_reporter();
+  if (reporter) {
+    reporter->SendReport(
+        net::FraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING,
+        hostname, ssl_info);
+  }
+}
+
 }  // namespace
 
 // static
 const void* SSLBlockingPage::kTypeForTesting =
     &SSLBlockingPage::kTypeForTesting;
 
 // Note that we always create a navigation entry with SSL errors.
 // No error happening loading a sub-resource triggers an interstitial so far.
 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents,
                                  int cert_error,
@@ skipping 201 matching lines @@
   load_time_data->SetString(
       "issuer", ssl_info_.cert->issuer().GetDisplayName());
   load_time_data->SetString(
       "expirationDate",
       base::TimeFormatShortDate(ssl_info_.cert->valid_expiry()));
   load_time_data->SetString(
       "currentDate", base::TimeFormatShortDate(now));
   std::vector<std::string> encoded_chain;
   ssl_info_.cert->GetPEMEncodedChain(&encoded_chain);
   load_time_data->SetString("pem", JoinString(encoded_chain, std::string()));
+
+  PopulateExtendedReportingOption(load_time_data);
+}
+
+void SSLBlockingPage::PopulateExtendedReportingOption(
+    base::DictionaryValue* load_time_data) {
+  // Only show the checkbox if not off-the-record and if the
+  // command-line option is set.
+  const bool show = !web_contents()->GetBrowserContext()->IsOffTheRecord() &&
+                    base::CommandLine::ForCurrentProcess()->HasSwitch(
+                        switches::kEnableInvalidCertCollection);
+
+  load_time_data->SetBoolean(interstitials::kDisplayCheckBox, show);
+  if (!show)
+    return;
+
+  load_time_data->SetBoolean(
+      interstitials::kBoxChecked,
+      IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled));
+
+  const std::string privacy_link = base::StringPrintf(
+      interstitials::kPrivacyLinkHtml,
+      l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str());
+
+  load_time_data->SetString(
+      "optInLink",
+      l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE,
+                                 base::UTF8ToUTF16(privacy_link)));
 }
 
 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
   int cert_id = content::CertStore::GetInstance()->StoreCert(
       ssl_info_.cert.get(), web_contents()->GetRenderProcessHost()->GetID());
   DCHECK(cert_id);
 
   entry->GetSSL().security_style =
       content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
   entry->GetSSL().cert_id = cert_id;
@@ skipping 12 matching lines @@
     case CMD_DONT_PROCEED: {
       interstitial_page()->DontProceed();
       break;
     }
     case CMD_PROCEED: {
       if (danger_overridable_) {
         interstitial_page()->Proceed();
       }
       break;
     }
+    case CMD_DO_REPORT: {
+      SetReportingPreference(true);
+      break;
+    }
+    case CMD_DONT_REPORT: {
+      SetReportingPreference(false);
+      break;
+    }
     case CMD_MORE: {
       metrics_helper_->RecordUserInteraction(
           SecurityInterstitialMetricsHelper::SHOW_ADVANCED);
       break;
     }
     case CMD_RELOAD: {
       metrics_helper_->RecordUserInteraction(
           SecurityInterstitialMetricsHelper::RELOAD);
       // The interstitial can't refresh itself.
       web_contents()->GetController().Reload(true);
@@ skipping 24 matching lines @@
       content::RendererPreferences* prefs) {
   Profile* profile = Profile::FromBrowserContext(
       web_contents()->GetBrowserContext());
   renderer_preferences_util::UpdateFromSystemSettings(
       prefs, profile, web_contents());
 }
 
 void SSLBlockingPage::OnProceed() {
   metrics_helper_->RecordUserDecision(
       SecurityInterstitialMetricsHelper::PROCEED);
+
+  // Finish collection information about invalid certificates, if the
+  // user opted in to.
+  FinishCertCollection();
+
   RecordSSLExpirationPageEventState(
       expired_but_previously_allowed_, true, overridable_);
   // Accepting the certificate resumes the loading of the page.
   NotifyAllowCertificate();
 }
 
 void SSLBlockingPage::OnDontProceed() {
   metrics_helper_->RecordUserDecision(
       SecurityInterstitialMetricsHelper::DONT_PROCEED);
+
+  // Finish collection information about invalid certificates, if the
+  // user opted in to.
+  FinishCertCollection();
+
   RecordSSLExpirationPageEventState(
       expired_but_previously_allowed_, false, overridable_);
   NotifyDenyCertificate();
 }
 
 void SSLBlockingPage::NotifyDenyCertificate() {
   // It's possible that callback_ may not exist if the user clicks "Proceed"
   // followed by pressing the back button before the interstitial is hidden.
   // In that case the certificate will still be treated as allowed.
   if (callback_.is_null())
@@ skipping 27 matching lines @@
 std::string SSLBlockingPage::GetSamplingEventName() const {
   std::string event_name(kEventNameBase);
   if (overridable_)
     event_name.append(kEventOverridable);
   else
     event_name.append(kEventNotOverridable);
   event_name.append(net::ErrorToString(cert_error_));
   return event_name;
 }
 
+void SSLBlockingPage::FinishCertCollection() {
+  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableInvalidCertCollection))
+    return;
+
+  const bool enabled =
+      IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled);

[felt, 2015/02/28 16:44:47]

This is missing the Incognito check that's in PopulateExtendedReportingOption.

This also makes me think the malware page is missing an incognito check too. :(

[estark, 2015/02/28 20:59:00]

Ah, good catch -- fixed + added a test. You're right that the malware page has
the same problem; I can fix that in a separate CL.

+  UMA_HISTOGRAM_BOOLEAN("SB2.ExtendedReportingIsEnabled", enabled);
+
+  if (enabled) {
+    scoped_refptr<net::URLRequestContextGetter> request_context_getter =
+        web_contents()->GetBrowserContext()->GetRequestContext();
+    BrowserThread::PostTask(
+        BrowserThread::IO, FROM_HERE,
+        base::Bind(FinishCertCollectionInternal, request_context_getter,
+                   request_url().host(), ssl_info_));
+  }
+}
+
 // static
 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) {
   return (options_mask & SSLBlockingPage::OVERRIDABLE) &&
          !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT);
 }