Chromium Code Reviews Chromium Code Reviews
Issue 935663004:
Add checkbox for reporting invalid TLS/SSL cert chains (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_ | 5 #ifndef CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_ |
| 6 #define CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_ | 6 #define CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/memory/ref_counted.h" | |
| 12 #include "base/strings/string16.h" | 13 #include "base/strings/string16.h" |
| 13 #include "base/task/cancelable_task_tracker.h" | 14 #include "base/task/cancelable_task_tracker.h" |
| 14 #include "base/time/time.h" | 15 #include "base/time/time.h" |
| 15 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h" | 16 #include "chrome/browser/interstitials/security_interstitial_metrics_helper.h" |
| 16 #include "chrome/browser/interstitials/security_interstitial_page.h" | 17 #include "chrome/browser/interstitials/security_interstitial_page.h" |
| 17 #include "net/ssl/ssl_info.h" | 18 #include "net/ssl/ssl_info.h" |
| 18 #include "url/gurl.h" | 19 #include "url/gurl.h" |
| 19 | 20 |
| 21 namespace chrome_browser_net { | |
| 22 class CertificateErrorReporter; | |
| 23 } | |
| 24 | |
| 20 #if defined(ENABLE_EXTENSIONS) | 25 #if defined(ENABLE_EXTENSIONS) |
| 21 namespace extensions { | 26 namespace extensions { |
| 22 class ExperienceSamplingEvent; | 27 class ExperienceSamplingEvent; |
| 23 } | 28 } |
| 24 #endif | 29 #endif |
| 25 | 30 |
| 26 class SSLErrorClassification; | 31 class SSLErrorClassification; |
| 27 | 32 |
| 28 // This class is responsible for showing/hiding the interstitial page that is | 33 // This class is responsible for showing/hiding the interstitial page that is |
| 29 // shown when a certificate error happens. | 34 // shown when a certificate error happens. |
| 30 // It deletes itself when the interstitial page is closed. | 35 // It deletes itself when the interstitial page is closed. |
| 31 class SSLBlockingPage : public SecurityInterstitialPage { | 36 class SSLBlockingPage : public SecurityInterstitialPage { |
| 32 public: | 37 public: |
| 33 // These represent the commands sent from the interstitial JavaScript. They | 38 // These represent the commands sent from the interstitial |
| 34 // are defined in chrome/browser/resources/ssl/ssl_errors_common.js. | 39 // JavaScript. They are defined in |
| 35 // DO NOT reorder or change these without also changing the JavaScript! | 40 // chrome/browser/resources/security_warnings/ssl_errors_common.js. |
| 41 // DO NOT reorder or change these without also changing the | |
| 42 // JavaScript! | |
| 36 enum SSLBlockingPageCommands { | 43 enum SSLBlockingPageCommands { |
| 37 CMD_DONT_PROCEED = 0, | 44 CMD_DONT_PROCEED = 0, |
| 38 CMD_PROCEED = 1, | 45 CMD_PROCEED = 1, |
| 39 CMD_MORE = 2, | 46 CMD_MORE = 2, |
| 40 CMD_RELOAD = 3, | 47 CMD_RELOAD = 3, |
| 41 CMD_HELP = 4, | 48 CMD_HELP = 4, |
| 42 CMD_CLOCK = 5 | 49 CMD_CLOCK = 5, |
| 50 CMD_DO_REPORT = 6, | |
| 51 CMD_DONT_REPORT = 7, | |
| 43 }; | 52 }; |
| 44 | 53 |
| 45 enum SSLBlockingPageOptionsMask { | 54 enum SSLBlockingPageOptionsMask { |
| 46 // Indicates whether or not the user could (assuming perfect knowledge) | 55 // Indicates whether or not the user could (assuming perfect knowledge) |
| 47 // successfully override the error and still get the security guarantees | 56 // successfully override the error and still get the security guarantees |
| 48 // of TLS. | 57 // of TLS. |
| 49 OVERRIDABLE = 1 << 0, | 58 OVERRIDABLE = 1 << 0, |
| 50 // Indicates whether or not the site the user is trying to connect to has | 59 // Indicates whether or not the site the user is trying to connect to has |
| 51 // requested strict enforcement of certificate validation (e.g. with HTTP | 60 // requested strict enforcement of certificate validation (e.g. with HTTP |
| 52 // Strict-Transport-Security). | 61 // Strict-Transport-Security). |
| 53 STRICT_ENFORCEMENT = 1 << 1, | 62 STRICT_ENFORCEMENT = 1 << 1, |
| 54 // Indicates whether a user decision had been previously made but the | 63 // Indicates whether a user decision had been previously made but the |
| 55 // decision has expired. | 64 // decision has expired. |
| 56 EXPIRED_BUT_PREVIOUSLY_ALLOWED = 1 << 2 | 65 EXPIRED_BUT_PREVIOUSLY_ALLOWED = 1 << 2 |
| 57 }; | 66 }; |
| 58 | 67 |
| 59 // Interstitial type, used in tests. | 68 // Interstitial type, used in tests. |
| 60 static InterstitialPageDelegate::TypeID kTypeForTesting; | 69 static InterstitialPageDelegate::TypeID kTypeForTesting; |
| 61 | 70 |
| 62 ~SSLBlockingPage() override; | 71 ~SSLBlockingPage() override; |
| 63 | 72 |
| 64 // Creates an SSL blocking page. If the blocking page isn't shown, the caller | 73 // Creates an SSL blocking page. If the blocking page isn't shown, the caller |
| 65 // is responsible for cleaning up the blocking page, otherwise the | 74 // is responsible for cleaning up the blocking page, otherwise the |
| 66 // interstitial takes ownership when shown. |options_mask| must be a bitwise | 75 // interstitial takes ownership when shown. |options_mask| must be a bitwise |
| 67 // mask of SSLBlockingPageOptionsMask values. | 76 // mask of SSLBlockingPageOptionsMask values. |
| 68 SSLBlockingPage(content::WebContents* web_contents, | 77 SSLBlockingPage( |
| 69 int cert_error, | 78 content::WebContents* web_contents, |
| 70 const net::SSLInfo& ssl_info, | 79 int cert_error, |
| 71 const GURL& request_url, | 80 const net::SSLInfo& ssl_info, |
| 72 int options_mask, | 81 const GURL& request_url, |
| 73 const base::Time& time_triggered, | 82 int options_mask, |
| 74 const base::Callback<void(bool)>& callback); | 83 const base::Time& time_triggered, |
| 84 const scoped_refptr<chrome_browser_net::CertificateErrorReporter> | |
|
Bernhard Bauer
2015/03/13 13:48:47
Should be const-ref.
estark
2015/03/13 16:21:17
Done.
| |
| 85 certificate_error_reporter, | |
| 86 const base::Callback<void(bool)>& callback); | |
| 75 | 87 |
| 76 // InterstitialPageDelegate method: | 88 // InterstitialPageDelegate method: |
| 77 InterstitialPageDelegate::TypeID GetTypeForTesting() const override; | 89 InterstitialPageDelegate::TypeID GetTypeForTesting() const override; |
| 78 | 90 |
| 79 // Returns true if |options_mask| refers to an overridable SSL error. | 91 // Returns true if |options_mask| refers to an overridable SSL error. |
| 80 static bool IsOptionsOverridable(int options_mask); | 92 static bool IsOptionsOverridable(int options_mask); |
| 81 | 93 |
| 94 void SetCertificateErrorReporterForTesting(scoped_refptr< | |
|
Bernhard Bauer
2015/03/13 13:48:48
Const-ref
estark
2015/03/13 16:21:17
Done.
| |
| 95 chrome_browser_net::CertificateErrorReporter> certificate_error_reporter); | |
| 96 | |
| 82 protected: | 97 protected: |
| 83 // InterstitialPageDelegate implementation. | 98 // InterstitialPageDelegate implementation. |
| 84 void CommandReceived(const std::string& command) override; | 99 void CommandReceived(const std::string& command) override; |
| 85 void OverrideEntry(content::NavigationEntry* entry) override; | 100 void OverrideEntry(content::NavigationEntry* entry) override; |
| 86 void OverrideRendererPrefs(content::RendererPreferences* prefs) override; | 101 void OverrideRendererPrefs(content::RendererPreferences* prefs) override; |
| 87 void OnProceed() override; | 102 void OnProceed() override; |
| 88 void OnDontProceed() override; | 103 void OnDontProceed() override; |
| 89 | 104 |
| 90 // SecurityInterstitialPage implementation: | 105 // SecurityInterstitialPage implementation: |
| 91 bool ShouldCreateNewNavigation() const override; | 106 bool ShouldCreateNewNavigation() const override; |
| 92 void PopulateInterstitialStrings( | 107 void PopulateInterstitialStrings( |
| 93 base::DictionaryValue* load_time_data) override; | 108 base::DictionaryValue* load_time_data) override; |
| 94 | 109 |
| 110 // SecurityInterstitialPage implementation: | |
| 111 void PopulateExtendedReportingOption( | |
| 112 base::DictionaryValue* load_time_data) override; | |
| 113 | |
| 95 private: | 114 private: |
| 96 void NotifyDenyCertificate(); | 115 void NotifyDenyCertificate(); |
| 97 void NotifyAllowCertificate(); | 116 void NotifyAllowCertificate(); |
| 98 | 117 |
| 99 std::string GetUmaHistogramPrefix() const; | 118 std::string GetUmaHistogramPrefix() const; |
| 100 std::string GetSamplingEventName() const; | 119 std::string GetSamplingEventName() const; |
| 101 | 120 |
| 121 // Send a report about an invalid certificate to the server. Takes | |
| 122 // care of calling certificate_report_callback_for_testing_. | |
| 123 void FinishCertCollection(); | |
| 124 | |
| 102 base::Callback<void(bool)> callback_; | 125 base::Callback<void(bool)> callback_; |
| 103 | 126 |
| 104 const int cert_error_; | 127 const int cert_error_; |
| 105 const net::SSLInfo ssl_info_; | 128 const net::SSLInfo ssl_info_; |
| 106 // There are two ways for the user to override an interstitial: | 129 // There are two ways for the user to override an interstitial: |
| 107 // | 130 // |
| 108 // overridable_) By clicking on "Advanced" and then "Proceed". | 131 // overridable_) By clicking on "Advanced" and then "Proceed". |
| 109 // - This corresponds to "the user can override using the UI". | 132 // - This corresponds to "the user can override using the UI". |
| 110 // danger_overridable_) By typing the word "danger". | 133 // danger_overridable_) By typing the word "danger". |
| 111 // - This is an undocumented workaround. | 134 // - This is an undocumented workaround. |
| 112 // - This can be set to "false" dynamically to prevent the behaviour. | 135 // - This can be set to "false" dynamically to prevent the behaviour. |
| 113 const bool overridable_; | 136 const bool overridable_; |
| 114 bool danger_overridable_; | 137 bool danger_overridable_; |
| 115 // Has the site requested strict enforcement of certificate errors? | 138 // Has the site requested strict enforcement of certificate errors? |
| 116 const bool strict_enforcement_; | 139 const bool strict_enforcement_; |
| 117 // Did the user previously allow a bad certificate but the decision has now | 140 // Did the user previously allow a bad certificate but the decision has now |
| 118 // expired? | 141 // expired? |
| 119 const bool expired_but_previously_allowed_; | 142 const bool expired_but_previously_allowed_; |
| 120 scoped_ptr<SSLErrorClassification> ssl_error_classification_; | 143 scoped_ptr<SSLErrorClassification> ssl_error_classification_; |
| 121 scoped_ptr<SecurityInterstitialMetricsHelper> metrics_helper_; | 144 scoped_ptr<SecurityInterstitialMetricsHelper> metrics_helper_; |
| 122 // The time at which the interstitial was triggered. The interstitial | 145 // The time at which the interstitial was triggered. The interstitial |
| 123 // calculates all times relative to this. | 146 // calculates all times relative to this. |
| 124 const base::Time time_triggered_; | 147 const base::Time time_triggered_; |
| 125 | 148 |
| 149 scoped_refptr<chrome_browser_net::CertificateErrorReporter> | |
| 150 certificate_error_reporter_; | |
| 151 | |
| 126 // Which type of interstitial this is. | 152 // Which type of interstitial this is. |
| 127 enum SSLInterstitialReason { | 153 enum SSLInterstitialReason { |
| 128 SSL_REASON_SSL, | 154 SSL_REASON_SSL, |
| 129 SSL_REASON_BAD_CLOCK | 155 SSL_REASON_BAD_CLOCK |
| 130 } interstitial_reason_; | 156 } interstitial_reason_; |
| 131 | 157 |
| 132 DISALLOW_COPY_AND_ASSIGN(SSLBlockingPage); | 158 DISALLOW_COPY_AND_ASSIGN(SSLBlockingPage); |
| 133 }; | 159 }; |
| 134 | 160 |
| 135 #endif // CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_ | 161 #endif // CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_ |
| OLD | NEW |
