chrome/browser/ssl/ssl_blocking_page.cc - Issue 940543003: added clock interstitial to chrome://interstitials

Side by Side Diff: chrome/browser/ssl/ssl_blocking_page.cc

Issue 940543003: added clock interstitial to chrome://interstitials (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/ssl_blocking_page.h"	5 #include "chrome/browser/ssl/ssl_blocking_page.h"

6	6

7 #include "base/build_time.h"	7 #include "base/build_time.h"

8 #include "base/command_line.h"	8 #include "base/command_line.h"

9 #include "base/i18n/rtl.h"	9 #include "base/i18n/rtl.h"

10 #include "base/i18n/time_formatting.h"	10 #include "base/i18n/time_formatting.h"

(...skipping 187 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
198	198

199 #endif	199 #endif

200 // Don't add code here! (See the comment at the beginning of the function.)	200 // Don't add code here! (See the comment at the beginning of the function.)

201 }	201 }

202	202

203 bool IsErrorDueToBadClock(const base::Time& now, int error) {	203 bool IsErrorDueToBadClock(const base::Time& now, int error) {

204 if (SSLErrorInfo::NetErrorToErrorType(error) !=	204 if (SSLErrorInfo::NetErrorToErrorType(error) !=

205 SSLErrorInfo::CERT_DATE_INVALID) {	205 SSLErrorInfo::CERT_DATE_INVALID) {

206 return false;	206 return false;

207 }	207 }

	208
	lgarron 2015/02/19 22:57:06 Nit: I try to avoid introducing extra whitespace, Nit: I try to avoid introducing extra whitespace, just to make the diffs as minimal and easy to read as possible. felt 2015/02/20 16:01:53 looks like you haven't addressed this? Show quoted text On 2015/02/19 22:57:06, lgarron wrote: > Nit: I try to avoid introducing extra whitespace, just to make the diffs as > minimal and easy to read as possible. looks like you haven't addressed this? fahl 2015/02/23 23:47:49 Acknowledged. Show quoted text On 2015/02/20 16:01:53, felt wrote: > On 2015/02/19 22:57:06, lgarron wrote: > > Nit: I try to avoid introducing extra whitespace, just to make the diffs as > > minimal and easy to read as possible. > > looks like you haven't addressed this? Acknowledged.
208 return SSLErrorClassification::IsUserClockInThePast(now) \|\|	209 return SSLErrorClassification::IsUserClockInThePast(now) \|\|

209 SSLErrorClassification::IsUserClockInTheFuture(now);	210 SSLErrorClassification::IsUserClockInTheFuture(now);

210 }	211 }

211	212

212 } // namespace	213 } // namespace

213	214

214 // static	215 // static

215 const void* SSLBlockingPage::kTypeForTesting =	216 const void* SSLBlockingPage::kTypeForTesting =

216 &SSLBlockingPage::kTypeForTesting;	217 &SSLBlockingPage::kTypeForTesting;

217	218

218 // Note that we always create a navigation entry with SSL errors.	219 // Note that we always create a navigation entry with SSL errors.

219 // No error happening loading a sub-resource triggers an interstitial so far.	220 // No error happening loading a sub-resource triggers an interstitial so far.

220 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents,	221 SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents,

221 int cert_error,	222 int cert_error,

222 const net::SSLInfo& ssl_info,	223 const net::SSLInfo& ssl_info,

223 const GURL& request_url,	224 const GURL& request_url,

224 int options_mask,	225 int options_mask,

225 const base::Callback<void(bool)>& callback)	226 const base::Callback<void(bool)>& callback)

226 : SecurityInterstitialPage(web_contents, request_url),	227 : SecurityInterstitialPage(web_contents, request_url),

227 callback_(callback),	228 callback_(callback),

228 cert_error_(cert_error),	229 cert_error_(cert_error),

229 ssl_info_(ssl_info),	230 ssl_info_(ssl_info),

230 overridable_(IsOptionsOverridable(options_mask)),	231 overridable_(IsOptionsOverridable(options_mask)),

231 danger_overridable_(true),	232 danger_overridable_(true),

232 strict_enforcement_((options_mask & STRICT_ENFORCEMENT) != 0),	233 strict_enforcement_((options_mask & STRICT_ENFORCEMENT) != 0),

233 expired_but_previously_allowed_(	234 expired_but_previously_allowed_(

234 (options_mask & EXPIRED_BUT_PREVIOUSLY_ALLOWED) != 0) {	235 (options_mask & EXPIRED_BUT_PREVIOUSLY_ALLOWED) != 0) {

235 interstitial_reason_ =	236 // somehow we need to override the clockcheck - otherwise the interstitial

236 IsErrorDueToBadClock(base::Time::NowFromSystemTime(), cert_error_) ?	237 // will not be shown

237 SSL_REASON_BAD_CLOCK : SSL_REASON_SSL;	238 std::string testHost("yourclockiswrong.com");
	lgarron 2015/02/19 22:57:06 If we have to hardcode a website, I think we shoul If we have to hardcode a website, I think we should try to avoid something that can conflict with a real website. It seems the appropriate reserved TLD for this is .example: https://tools.ietf.org/html/rfc2606#section-2 Maybe something like badclock.example? I've spent a while trying to understand if this is needed; if you use the "clock_error=1" URL parameter, does CERT_DATE_INVALID propagate here? felt 2015/02/19 23:16:07 We probably shouldn't be hardcoding anything for a Show quoted text On 2015/02/19 22:57:06, lgarron wrote: > If we have to hardcode a website, I think we should try to avoid something that > can conflict with a real website. > > It seems the appropriate reserved TLD for this is .example: > https://tools.ietf.org/html/rfc2606#section-2 > Maybe something like badclock.example? > > I've spent a while trying to understand if this is needed; if you use the > "clock_error=1" URL parameter, does CERT_DATE_INVALID propagate here? We probably shouldn't be hardcoding anything for a test into production code. Is there a better way to do this?
	239 if ((SSLErrorInfo::NetErrorToErrorType(cert_error_) ==

	240 SSLErrorInfo::CERT_DATE_INVALID) &&

	241 (request_url.host().compare(testHost) == 0)) {

	242 interstitial_reason_ = SSL_REASON_BAD_CLOCK;

	243 } else {

	244 interstitial_reason_ =

	245 IsErrorDueToBadClock(base::Time::NowFromSystemTime(), cert_error_) ?

	246 SSL_REASON_BAD_CLOCK : SSL_REASON_SSL;

	247 }

238	248

239 // We collapse the Rappor metric name to just "ssl" so we don't leak	249 // We collapse the Rappor metric name to just "ssl" so we don't leak

240 // the "overridable" bit. We skip Rappor altogether for bad clocks.	250 // the "overridable" bit. We skip Rappor altogether for bad clocks.

241 // This must be done after calculating \|interstitial_reason_\| above.	251 // This must be done after calculating \|interstitial_reason_\| above.

242 metrics_helper_.reset(new SecurityInterstitialMetricsHelper(	252 metrics_helper_.reset(new SecurityInterstitialMetricsHelper(

243 web_contents, request_url, GetUmaHistogramPrefix(), kSSLRapporPrefix,	253 web_contents, request_url, GetUmaHistogramPrefix(), kSSLRapporPrefix,

244 (interstitial_reason_ == SSL_REASON_BAD_CLOCK	254 (interstitial_reason_ == SSL_REASON_BAD_CLOCK

245 ? SecurityInterstitialMetricsHelper::SKIP_RAPPOR	255 ? SecurityInterstitialMetricsHelper::SKIP_RAPPOR

246 : SecurityInterstitialMetricsHelper::REPORT_RAPPOR),	256 : SecurityInterstitialMetricsHelper::REPORT_RAPPOR),

247 GetSamplingEventName()));	257 GetSamplingEventName()));

(...skipping 312 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
560 event_name.append(kEventNotOverridable);	570 event_name.append(kEventNotOverridable);

561 event_name.append(net::ErrorToString(cert_error_));	571 event_name.append(net::ErrorToString(cert_error_));

562 return event_name;	572 return event_name;

563 }	573 }

564	574

565 // static	575 // static

566 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) {	576 bool SSLBlockingPage::IsOptionsOverridable(int options_mask) {

567 return (options_mask & SSLBlockingPage::OVERRIDABLE) &&	577 return (options_mask & SSLBlockingPage::OVERRIDABLE) &&

568 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT);	578 !(options_mask & SSLBlockingPage::STRICT_ENFORCEMENT);

569 }	579 }

OLD	NEW

« no previous file with comments | « no previous file | chrome/browser/ui/webui/interstitials/interstitial_ui.cc » ('j') | no next file with comments »