Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6277)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/ssl_blocking_page.cc

Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rsleevi's comments: fix threading bug and add comments Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/ssl_blocking_page.h ('K') | « chrome/browser/ssl/ssl_blocking_page.h ('k') | chrome/browser/ssl/ssl_browser_tests.cc » ('j') | chrome/browser/ssl/ssl_browser_tests.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_blocking_page.cc
diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc
index ecf70291056c8b47e64f534c76b29a09aad97083..bcd7598a7379a7e62887d5e351b41c9780280d24 100644
--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -10,6 +10,7 @@
#include "base/i18n/time_formatting.h"
#include "base/metrics/field_trial.h"
#include "base/metrics/histogram.h"
+#include "base/prefs/pref_service.h"
#include "base/process/launch.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_piece.h"
@@ -25,9 +26,11 @@
#include "chrome/browser/ssl/ssl_error_classification.h"
#include "chrome/browser/ssl/ssl_error_info.h"
#include "chrome/common/chrome_switches.h"
+#include "chrome/common/pref_names.h"
#include "chrome/grit/chromium_strings.h"
#include "chrome/grit/generated_resources.h"
#include "components/google/core/browser/google_util.h"
+#include "content/public/browser/browser_thread.h"
#include "content/public/browser/cert_store.h"
#include "content/public/browser/interstitial_page.h"
#include "content/public/browser/navigation_controller.h"
@@ -43,6 +46,9 @@
#include "net/base/hash_value.h"
#include "net/base/net_errors.h"
#include "net/base/net_util.h"
+#include "net/url_request/fraudulent_certificate_reporter.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
#include "ui/base/l10n/l10n_util.h"
#if defined(OS_WIN)
@@ -64,6 +70,7 @@
using base::ASCIIToUTF16;
using base::TimeTicks;
+using content::BrowserThread;
using content::InterstitialPage;
using content::NavigationController;
using content::NavigationEntry;
@@ -430,6 +437,8 @@ void SSLBlockingPage::PopulateInterstitialStrings(
std::vector<std::string> encoded_chain;
ssl_info_.cert->GetPEMEncodedChain(&encoded_chain);
load_time_data->SetString("pem", JoinString(encoded_chain, std::string()));
+
+ PopulateExtendedReportingOption(load_time_data);
}
void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
@@ -462,6 +471,14 @@ void SSLBlockingPage::CommandReceived(const std::string& command) {
}
break;
}
+ case CMD_DO_REPORT: {
+ SetReportingPreference(true);
+ break;
+ }
+ case CMD_DONT_REPORT: {
+ SetReportingPreference(false);
+ break;
+ }
case CMD_MORE: {
metrics_helper_->RecordUserInteraction(
SecurityInterstitialMetricsHelper::SHOW_ADVANCED);
@@ -506,6 +523,11 @@ void SSLBlockingPage::OverrideRendererPrefs(
void SSLBlockingPage::OnProceed() {
metrics_helper_->RecordUserDecision(
SecurityInterstitialMetricsHelper::PROCEED);
+
+ // Finish collection information about invalid certificates, if the
+ // user opted in to.
+ FinishCertCollection();
+
RecordSSLExpirationPageEventState(
expired_but_previously_allowed_, true, overridable_);
// Accepting the certificate resumes the loading of the page.
@@ -515,11 +537,47 @@ void SSLBlockingPage::OnProceed() {
void SSLBlockingPage::OnDontProceed() {
metrics_helper_->RecordUserDecision(
SecurityInterstitialMetricsHelper::DONT_PROCEED);
+
+ // Finish collection information about invalid certificates, if the
+ // user opted in to.
+ FinishCertCollection();
+
RecordSSLExpirationPageEventState(
expired_but_previously_allowed_, false, overridable_);
NotifyDenyCertificate();
}
+void SSLBlockingPage::FinishCertCollectionInternal(
Ryan Sleevi 2015/02/27 00:46:33 There's no need for this to be a static class memb
estark 2015/02/27 02:49:36 Done.
+ scoped_refptr<net::URLRequestContextGetter> request_context_getter,
+ const std::string& hostname,
+ const net::SSLInfo& ssl_info) {
+ net::FraudulentCertificateReporter* reporter =
+ request_context_getter->GetURLRequestContext()
+ ->fraudulent_certificate_reporter();
+ reporter->SendReport(
Ryan Sleevi 2015/02/27 00:46:33 API CONTRACT VIOLATION: The URLRequestContext all
estark 2015/02/27 02:49:36 Done.
+ net::FraudulentCertificateReporter::REPORT_TYPE_EXTENDED_REPORTING,
+ hostname, ssl_info);
+}
+
+void SSLBlockingPage::FinishCertCollection() {
+ if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kEnableInvalidCertCollection))
+ return;
+
+ const bool enabled =
+ IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled);
+ UMA_HISTOGRAM_BOOLEAN("SB2.ExtendedReportingIsEnabled", enabled);
+
+ if (enabled) {
+ scoped_refptr<net::URLRequestContextGetter> request_context_getter =
+ web_contents()->GetBrowserContext()->GetRequestContext();
+ BrowserThread::PostTask(
+ BrowserThread::IO, FROM_HERE,
+ base::Bind(&SSLBlockingPage::FinishCertCollectionInternal,
+ request_context_getter, request_url().host(), ssl_info_));
+ }
+}
+
void SSLBlockingPage::NotifyDenyCertificate() {
// It's possible that callback_ may not exist if the user clicks "Proceed"
// followed by pressing the back button before the interstitial is hidden.
@@ -567,3 +625,29 @@ bool SSLBlockingPage::IsOptionsOverridable(int options_mask) {
return (options_mask & SSLBlockingPage::OVERRIDABLE) &&
!(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT);
}
+
+void SSLBlockingPage::PopulateExtendedReportingOption(
+ base::DictionaryValue* load_time_data) {
+ // Only show the checkbox if not off-the-record and if the
+ // command-line option is set.
+ const bool show = !web_contents()->GetBrowserContext()->IsOffTheRecord() &&
+ base::CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kEnableInvalidCertCollection);
+
+ load_time_data->SetBoolean(interstitials::kDisplayCheckBox, show);
+ if (!show)
+ return;
+
+ load_time_data->SetBoolean(
+ interstitials::kBoxChecked,
+ IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled));
+
+ const std::string privacy_link = base::StringPrintf(
+ interstitials::kPrivacyLinkHtml,
+ l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str());
+
+ load_time_data->SetString(
+ "optInLink",
+ l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE,
+ base::UTF8ToUTF16(privacy_link)));
+}
« chrome/browser/ssl/ssl_blocking_page.h ('K') | « chrome/browser/ssl/ssl_blocking_page.h ('k') | chrome/browser/ssl/ssl_browser_tests.cc » ('j') | chrome/browser/ssl/ssl_browser_tests.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698