chrome/browser/ssl/ssl_blocking_page.cc - Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains

Unified Diff: chrome/browser/ssl/ssl_blocking_page.cc

Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix comment typo Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/resources/security_warnings/extended_reporting.js ('K') | « chrome/browser/ssl/ssl_blocking_page.h ('k') | chrome/browser/ssl/ssl_browser_tests.cc » ('j') | chrome/browser/ssl/ssl_browser_tests.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/ssl/ssl_blocking_page.cc

diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc

index a56fa7d6018c75d25a072fbc0ecb15785d83af01..e5bfe29f4c85175af84522a2c3a535d707026ab6 100644

--- a/chrome/browser/ssl/ssl_blocking_page.cc

+++ b/chrome/browser/ssl/ssl_blocking_page.cc

@@ -4,12 +4,16 @@

#include "chrome/browser/ssl/ssl_blocking_page.h"

+#include "base/bind.h"

+#include "base/bind_helpers.h"

#include "base/build_time.h"

+#include "base/callback_helpers.h"

#include "base/command_line.h"

#include "base/i18n/rtl.h"

#include "base/i18n/time_formatting.h"

#include "base/metrics/field_trial.h"

#include "base/metrics/histogram.h"

+#include "base/prefs/pref_service.h"

#include "base/process/launch.h"

#include "base/strings/string_number_conversions.h"

#include "base/strings/string_piece.h"

@@ -20,14 +24,18 @@

#include "base/values.h"

#include "chrome/browser/browser_process.h"

#include "chrome/browser/chrome_notification_types.h"

+#include "chrome/browser/net/certificate_error_reporter.h"

#include "chrome/browser/profiles/profile.h"

+#include "chrome/browser/profiles/profile_io_data.h"

#include "chrome/browser/renderer_preferences_util.h"

#include "chrome/browser/ssl/ssl_error_classification.h"

#include "chrome/browser/ssl/ssl_error_info.h"

#include "chrome/common/chrome_switches.h"

+#include "chrome/common/pref_names.h"

#include "chrome/grit/chromium_strings.h"

#include "chrome/grit/generated_resources.h"

#include "components/google/core/browser/google_util.h"

+#include "content/public/browser/browser_thread.h"

#include "content/public/browser/cert_store.h"

#include "content/public/browser/interstitial_page.h"

#include "content/public/browser/interstitial_page_delegate.h"

@@ -65,6 +73,8 @@

using base::ASCIIToUTF16;

using base::TimeTicks;

+using chrome_browser_net::CertificateErrorReporter;

+using content::BrowserThread;

using content::InterstitialPage;

using content::InterstitialPageDelegate;

using content::NavigationController;

@@ -211,6 +221,20 @@ bool IsErrorDueToBadClock(const base::Time& now, int error) {

SSLErrorClassification::IsUserClockInTheFuture(now);

}

+// A helper function that actually sends the cert collection report over

+// the network.

+void FinishCertCollectionInternal(

+ const base::WeakPtr<CertificateErrorReporter>& reporter,

+ const std::string& hostname,

+ const net::SSLInfo& ssl_info) {

+ DCHECK_CURRENTLY_ON(BrowserThread::IO);

+ if (reporter) {

+ reporter->SendReport(

+ CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, hostname,

+ ssl_info);

+ }

} // namespace

// static

@@ -437,6 +461,34 @@ void SSLBlockingPage::PopulateInterstitialStrings(

&encoded_chain);

load_time_data->SetString(

"pem", JoinString(encoded_chain, std::string()));

+ PopulateExtendedReportingOption(load_time_data);

+void SSLBlockingPage::PopulateExtendedReportingOption(

+ base::DictionaryValue* load_time_data) {

+ // Only show the checkbox if not off-the-record and if the

+ // command-line option is set.

+ const bool show = !web_contents()->GetBrowserContext()->IsOffTheRecord() &&

+ base::CommandLine::ForCurrentProcess()->HasSwitch(

+ switches::kEnableInvalidCertCollection);

+ load_time_data->SetBoolean(interstitials::kDisplayCheckBox, show);

+ if (!show)

+ return;

+ load_time_data->SetBoolean(

+ interstitials::kBoxChecked,

+ IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled));

+ const std::string privacy_link = base::StringPrintf(

+ interstitials::kPrivacyLinkHtml, CMD_OPEN_REPORTING_PRIVACY,

+ l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str());

+ load_time_data->SetString(

+ interstitials::kOptInLink,

+ l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE,

+ base::UTF8ToUTF16(privacy_link)));

}

void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {

@@ -468,6 +520,14 @@ void SSLBlockingPage::CommandReceived(const std::string& command) {

}

break;

}

+ case CMD_DO_REPORT: {

+ SetReportingPreference(true);

+ break;

+ }

+ case CMD_DONT_REPORT: {

+ SetReportingPreference(false);

+ break;

+ }

case CMD_SHOW_MORE_SECTION: {

metrics_helper_->RecordUserInteraction(

SecurityInterstitialMetricsHelper::SHOW_ADVANCED);

@@ -495,12 +555,13 @@ void SSLBlockingPage::CommandReceived(const std::string& command) {

LaunchDateAndTimeSettings();

break;

}

+ case CMD_OPEN_REPORTING_PRIVACY:

+ metrics_helper_->RecordUserInteraction(

+ SecurityInterstitialMetricsHelper::SHOW_PRIVACY_POLICY);

+ OpenExtendedReportingPrivacyPolicy();

+ break;

case CMD_OPEN_DIAGNOSTIC:

// Google doesn't currently have a transparency report for SSL.

- case CMD_DO_REPORT:

- case CMD_DONT_REPORT:

- case CMD_OPEN_REPORTING_PRIVACY:

- // Chrome doesn't currently do Extended Reporting for SSL.

NOTREACHED() << "Unexpected command: " << command;

}

@@ -516,6 +577,11 @@ void SSLBlockingPage::OverrideRendererPrefs(

void SSLBlockingPage::OnProceed() {

metrics_helper_->RecordUserDecision(

SecurityInterstitialMetricsHelper::PROCEED);

+ // Finish collection information about invalid certificates, if the

+ // user opted in to.

+ FinishCertCollection();

RecordSSLExpirationPageEventState(

expired_but_previously_allowed_, true, overridable_);

// Accepting the certificate resumes the loading of the page.

@@ -525,6 +591,11 @@ void SSLBlockingPage::OnProceed() {

void SSLBlockingPage::OnDontProceed() {

metrics_helper_->RecordUserDecision(

SecurityInterstitialMetricsHelper::DONT_PROCEED);

+ // Finish collection information about invalid certificates, if the

+ // user opted in to.

+ FinishCertCollection();

RecordSSLExpirationPageEventState(

expired_but_previously_allowed_, false, overridable_);

NotifyDenyCertificate();

@@ -572,6 +643,38 @@ std::string SSLBlockingPage::GetSamplingEventName() const {

return event_name;

}

+void SSLBlockingPage::FinishCertCollection() {

+ base::ScopedClosureRunner scoped_callback(

+ certificate_report_callback_for_testing_);

+ if (!base::CommandLine::ForCurrentProcess()->HasSwitch(

+ switches::kEnableInvalidCertCollection) ||

+ web_contents()->GetBrowserContext()->IsOffTheRecord()) {

+ return;

+ }

+ const bool enabled =

+ IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled);

+ UMA_HISTOGRAM_BOOLEAN("SB2.ExtendedReportingIsEnabled", enabled);

+ if (!enabled)

+ return;

+ if (certificate_report_callback_for_testing_.is_null())

+ scoped_callback.Reset(base::Bind(&base::DoNothing));

+ base::WeakPtr<CertificateErrorReporter> reporter =

+ ProfileIOData::FromResourceContext(

+ web_contents()->GetBrowserContext()->GetResourceContext())

+ ->certificate_error_reporter();

+ BrowserThread::PostTaskAndReply(

+ BrowserThread::IO, FROM_HERE,

+ base::Bind(FinishCertCollectionInternal, reporter, request_url().host(),

+ ssl_info_),

+ scoped_callback.Release());

// static

bool SSLBlockingPage::IsOptionsOverridable(int options_mask) {

return (options_mask & SSLBlockingPage::OVERRIDABLE) &&