1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/ssl/ssl_blocking_page.h"
7 #include "base/i18n/rtl.h"
8 #include "base/metrics/histogram.h"
9 #include "base/strings/string_number_conversions.h"
10 #include "base/strings/string_piece.h"
11 #include "base/strings/stringprintf.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "base/values.h"
14 #include "chrome/browser/history/history_service_factory.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chrome/browser/renderer_preferences_util.h"
17 #include "chrome/browser/ssl/ssl_error_info.h"
18 #include "chrome/browser/ui/browser.h"
19 #include "chrome/browser/ui/browser_finder.h"
20 #include "content/public/browser/cert_store.h"
21 #include "content/public/browser/interstitial_page.h"
22 #include "content/public/browser/navigation_controller.h"
23 #include "content/public/browser/navigation_entry.h"
24 #include "content/public/browser/notification_service.h"
25 #include "content/public/browser/notification_types.h"
26 #include "content/public/browser/render_process_host.h"
27 #include "content/public/browser/render_view_host.h"
28 #include "content/public/browser/web_contents.h"
29 #include "content/public/common/ssl_status.h"
30 #include "grit/app_locale_settings.h"
31 #include "grit/browser_resources.h"
32 #include "grit/generated_resources.h"
33 #include "net/base/hash_value.h"
34 #include "net/base/net_errors.h"
35 #include "net/base/net_util.h"
36 #include "ui/base/l10n/l10n_util.h"
37 #include "ui/base/resource/resource_bundle.h"
38 #include "ui/base/webui/jstemplate_builder.h"
41 #include "base/win/windows_version.h"
44 using base::TimeTicks;
45 using content::InterstitialPage;
46 using content::NavigationController;
47 using content::NavigationEntry;
51 // These represent the commands sent by ssl_roadblock.html.
52 enum SSLBlockingPageCommands {
60 enum SSLBlockingPageEvent {
67 DONT_PROCEED_OVERRIDABLE,
70 DONT_PROCEED_AUTHORITY,
72 SHOW_UNDERSTAND, // Used by the summer 2013 Finch trial. Deprecated.
73 SHOW_INTERNAL_HOSTNAME,
74 PROCEED_INTERNAL_HOSTNAME,
77 UNUSED_BLOCKING_PAGE_EVENT,
80 void RecordSSLBlockingPageEventStats(SSLBlockingPageEvent event) {
81 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl",
83 UNUSED_BLOCKING_PAGE_EVENT);
86 void RecordSSLBlockingPageDetailedStats(
92 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_type",
93 SSLErrorInfo::NetErrorToErrorType(cert_error), SSLErrorInfo::END_OF_ENUM);
95 // Overridable is false if the user didn't have any option except to turn
96 // back. If that's the case, don't record some of the metrics.
100 RecordSSLBlockingPageEventStats(SHOW_NEW_SITE);
102 RecordSSLBlockingPageEventStats(PROCEED_OVERRIDABLE);
104 RecordSSLBlockingPageEventStats(PROCEED_INTERNAL_HOSTNAME);
106 RecordSSLBlockingPageEventStats(PROCEED_NEW_SITE);
107 } else if (!proceed) {
108 RecordSSLBlockingPageEventStats(DONT_PROCEED_OVERRIDABLE);
110 SSLErrorInfo::ErrorType type = SSLErrorInfo::NetErrorToErrorType(cert_error);
112 case SSLErrorInfo::CERT_COMMON_NAME_INVALID: {
114 RecordSSLBlockingPageEventStats(PROCEED_NAME);
116 RecordSSLBlockingPageEventStats(DONT_PROCEED_NAME);
119 case SSLErrorInfo::CERT_DATE_INVALID: {
121 RecordSSLBlockingPageEventStats(PROCEED_DATE);
123 RecordSSLBlockingPageEventStats(DONT_PROCEED_DATE);
126 case SSLErrorInfo::CERT_AUTHORITY_INVALID: {
128 RecordSSLBlockingPageEventStats(PROCEED_AUTHORITY);
130 RecordSSLBlockingPageEventStats(DONT_PROCEED_AUTHORITY);
141 // Note that we always create a navigation entry with SSL errors.
142 // No error happening loading a sub-resource triggers an interstitial so far.
143 SSLBlockingPage::SSLBlockingPage(
144 content::WebContents* web_contents,
146 const net::SSLInfo& ssl_info,
147 const GURL& request_url,
149 bool strict_enforcement,
150 const base::Callback<void(bool)>& callback)
151 : callback_(callback),
152 web_contents_(web_contents),
153 cert_error_(cert_error),
155 request_url_(request_url),
156 overridable_(overridable),
157 strict_enforcement_(strict_enforcement),
161 if (net::IsHostnameNonUnique(request_url_.HostNoBrackets()))
163 RecordSSLBlockingPageEventStats(SHOW_ALL);
164 if (overridable_ && !strict_enforcement_) {
165 RecordSSLBlockingPageEventStats(SHOW_OVERRIDABLE);
167 RecordSSLBlockingPageEventStats(SHOW_INTERNAL_HOSTNAME);
168 HistoryService* history_service = HistoryServiceFactory::GetForProfile(
169 Profile::FromBrowserContext(web_contents->GetBrowserContext()),
170 Profile::EXPLICIT_ACCESS);
171 if (history_service) {
172 history_service->GetVisibleVisitCountToHost(
175 base::Bind(&SSLBlockingPage::OnGotHistoryCount,
176 base::Unretained(this)));
180 interstitial_page_ = InterstitialPage::Create(
181 web_contents_, true, request_url, this);
182 interstitial_page_->Show();
185 SSLBlockingPage::~SSLBlockingPage() {
186 if (!callback_.is_null()) {
187 RecordSSLBlockingPageDetailedStats(false,
189 overridable_ && !strict_enforcement_,
192 // The page is closed without the user having chosen what to do, default to
194 NotifyDenyCertificate();
198 std::string SSLBlockingPage::GetHTMLContents() {
199 DictionaryValue strings;
201 if (overridable_ && !strict_enforcement_) {
202 // Let's build the overridable error page.
203 SSLErrorInfo error_info =
204 SSLErrorInfo::CreateError(
205 SSLErrorInfo::NetErrorToErrorType(cert_error_),
206 ssl_info_.cert.get(),
209 resource_id = IDR_SSL_ROAD_BLOCK_HTML;
210 strings.SetString("headLine", error_info.title());
211 strings.SetString("description", error_info.details());
212 strings.SetString("moreInfoTitle",
213 l10n_util::GetStringUTF16(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
214 SetExtraInfo(&strings, error_info.extra_information());
217 "exit", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_EXIT));
219 "title", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_TITLE));
221 "proceed", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_PAGE_PROCEED));
223 "reasonForNotProceeding", l10n_util::GetStringUTF16(
224 IDS_SSL_OVERRIDABLE_PAGE_SHOULD_NOT_PROCEED));
225 strings.SetString("errorType", "overridable");
226 strings.SetString("textdirection", base::i18n::IsRTL() ? "rtl" : "ltr");
228 // Let's build the blocking error page.
229 resource_id = IDR_SSL_BLOCKING_HTML;
231 // Strings that are not dependent on the URL.
233 "title", l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
235 "reloadMsg", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_RELOAD));
237 "more", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_MORE));
239 "less", l10n_util::GetStringUTF16(IDS_ERRORPAGES_BUTTON_LESS));
242 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TITLE));
245 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TECH_TITLE));
247 // Strings that are dependent on the URL.
248 string16 url(ASCIIToUTF16(request_url_.host()));
249 bool rtl = base::i18n::IsRTL();
250 strings.SetString("textDirection", rtl ? "rtl" : "ltr");
252 base::i18n::WrapStringWithLTRFormatting(&url);
254 "headline", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HEADLINE,
257 "message", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_BODY_TEXT,
261 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_MORE_TEXT,
263 strings.SetString("reloadUrl", request_url_.spec());
265 // Strings that are dependent on the error type.
266 SSLErrorInfo::ErrorType type =
267 SSLErrorInfo::NetErrorToErrorType(cert_error_);
269 if (type == SSLErrorInfo::CERT_REVOKED) {
270 errorType = string16(ASCIIToUTF16("Key revocation"));
273 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_REVOKED));
274 } else if (type == SSLErrorInfo::CERT_INVALID) {
275 errorType = string16(ASCIIToUTF16("Malformed certificate"));
278 l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_FORMATTED));
279 } else if (type == SSLErrorInfo::CERT_PINNED_KEY_MISSING) {
280 errorType = string16(ASCIIToUTF16("Certificate pinning failure"));
283 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_PINNING,
285 } else if (type == SSLErrorInfo::CERT_WEAK_KEY_DH) {
286 errorType = string16(ASCIIToUTF16("Weak DH public key"));
289 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_WEAK_DH,
293 errorType = string16(ASCIIToUTF16("HSTS failure"));
296 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HSTS, url.c_str()));
299 base::i18n::WrapStringWithLTRFormatting(&errorType);
301 "errorType", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ERROR,
304 // Strings that display the invalid cert.
305 string16 subject(ASCIIToUTF16(ssl_info_.cert->subject().GetDisplayName()));
306 string16 issuer(ASCIIToUTF16(ssl_info_.cert->issuer().GetDisplayName()));
308 for (std::vector<net::HashValue>::iterator it =
309 ssl_info_.public_key_hashes.begin();
310 it != ssl_info_.public_key_hashes.end();
312 base::StringAppendF(&hashes, "%s ", it->ToString().c_str());
314 string16 fingerprint(ASCIIToUTF16(hashes));
316 // These are always going to be LTR.
317 base::i18n::WrapStringWithLTRFormatting(&subject);
318 base::i18n::WrapStringWithLTRFormatting(&issuer);
319 base::i18n::WrapStringWithLTRFormatting(&fingerprint);
322 "subject", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_SUBJECT,
325 "issuer", l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_ISSUER,
329 l10n_util::GetStringFUTF16(IDS_SSL_BLOCKING_PAGE_HASHES,
330 fingerprint.c_str()));
333 base::StringPiece html(
334 ResourceBundle::GetSharedInstance().GetRawDataResource(
336 return webui::GetI18nTemplateHtml(html, &strings);
339 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
340 int cert_id = content::CertStore::GetInstance()->StoreCert(
341 ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID());
343 entry->GetSSL().security_style =
344 content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
345 entry->GetSSL().cert_id = cert_id;
346 entry->GetSSL().cert_status = ssl_info_.cert_status;
347 entry->GetSSL().security_bits = ssl_info_.security_bits;
348 #if !defined(OS_ANDROID)
349 Browser* browser = chrome::FindBrowserWithWebContents(web_contents_);
351 browser->VisibleSSLStateChanged(web_contents_);
352 #endif // !defined(OS_ANDROID)
355 // Matches events defined in ssl_error.html and ssl_roadblock.html.
356 void SSLBlockingPage::CommandReceived(const std::string& command) {
357 int cmd = atoi(command.c_str());
358 if (cmd == CMD_DONT_PROCEED) {
359 interstitial_page_->DontProceed();
360 } else if (cmd == CMD_PROCEED) {
361 interstitial_page_->Proceed();
362 } else if (cmd == CMD_MORE) {
363 RecordSSLBlockingPageEventStats(MORE);
364 } else if (cmd == CMD_RELOAD) {
365 // The interstitial can't refresh itself.
366 content::NavigationController* controller = &web_contents_->GetController();
367 controller->Reload(true);
371 void SSLBlockingPage::OverrideRendererPrefs(
372 content::RendererPreferences* prefs) {
373 Profile* profile = Profile::FromBrowserContext(
374 web_contents_->GetBrowserContext());
375 renderer_preferences_util::UpdateFromSystemSettings(prefs, profile);
378 void SSLBlockingPage::OnProceed() {
379 RecordSSLBlockingPageDetailedStats(true,
381 overridable_ && !strict_enforcement_,
384 // Accepting the certificate resumes the loading of the page.
385 NotifyAllowCertificate();
388 void SSLBlockingPage::OnDontProceed() {
389 RecordSSLBlockingPageDetailedStats(false,
391 overridable_ && !strict_enforcement_,
394 NotifyDenyCertificate();
397 void SSLBlockingPage::NotifyDenyCertificate() {
398 // It's possible that callback_ may not exist if the user clicks "Proceed"
399 // followed by pressing the back button before the interstitial is hidden.
400 // In that case the certificate will still be treated as allowed.
401 if (callback_.is_null())
404 callback_.Run(false);
408 void SSLBlockingPage::NotifyAllowCertificate() {
409 DCHECK(!callback_.is_null());
416 void SSLBlockingPage::SetExtraInfo(
417 DictionaryValue* strings,
418 const std::vector<string16>& extra_info) {
419 DCHECK_LT(extra_info.size(), 5U); // We allow 5 paragraphs max.
420 const char* keys[5] = {
421 "moreInfo1", "moreInfo2", "moreInfo3", "moreInfo4", "moreInfo5"
424 for (i = 0; i < static_cast<int>(extra_info.size()); i++) {
425 strings->SetString(keys[i], extra_info[i]);
428 strings->SetString(keys[i], std::string());
432 void SSLBlockingPage::OnGotHistoryCount(HistoryService::Handle handle,
435 base::Time first_visit) {
436 num_visits_ = num_visits;