src/chrome/browser/ui/toolbar/toolbar_model_impl.cc

   1 // Copyright 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
   6
   7 #include "base/command_line.h"
   8 #include "base/metrics/field_trial.h"
   9 #include "base/prefs/pref_service.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "base/time/time.h"
  12 #include "chrome/browser/autocomplete/autocomplete_classifier.h"
  13 #include "chrome/browser/autocomplete/autocomplete_classifier_factory.h"
  14 #include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h"
  15 #include "chrome/browser/profiles/profile.h"
  16 #include "chrome/browser/search/search.h"
  17 #include "chrome/browser/ssl/ssl_error_info.h"
  18 #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h"
  19 #include "chrome/common/chrome_constants.h"
  20 #include "chrome/common/chrome_switches.h"
  21 #include "chrome/common/pref_names.h"
  22 #include "chrome/common/url_constants.h"
  23 #include "chrome/grit/generated_resources.h"
  24 #include "components/google/core/browser/google_util.h"
  25 #include "components/omnibox/autocomplete_input.h"
  26 #include "components/omnibox/autocomplete_match.h"
  27 #include "content/public/browser/cert_store.h"
  28 #include "content/public/browser/navigation_controller.h"
  29 #include "content/public/browser/navigation_entry.h"
  30 #include "content/public/browser/web_contents.h"
  31 #include "content/public/browser/web_ui.h"
  32 #include "content/public/common/content_constants.h"
  33 #include "content/public/common/ssl_status.h"
  34 #include "grit/components_scaled_resources.h"
  35 #include "grit/theme_resources.h"
  36 #include "net/base/net_util.h"
  37 #include "net/cert/cert_status_flags.h"
  38 #include "net/cert/x509_certificate.h"
  39 #include "ui/base/l10n/l10n_util.h"
  40
  41 #if defined(OS_CHROMEOS)
  42 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
  43 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
  44 #endif
  45
  46 using content::NavigationController;
  47 using content::NavigationEntry;
  48 using content::SSLStatus;
  49 using content::WebContents;
  50
  51 namespace {
  52
  53 // Converts a SHA-1 field trial group into the appropriate SecurityLevel.
  54 bool GetSecurityLevelForFieldTrialGroup(const std::string& group,
  55                                         ToolbarModel::SecurityLevel* level) {
  56   if (group == "Error")
  57     *level = ToolbarModel::SECURITY_ERROR;
  58   else if (group == "Warning")
  59     *level = ToolbarModel::SECURITY_WARNING;
  60   else if (group == "HTTP")
  61     *level = ToolbarModel::NONE;
  62   else
  63     return false;
  64   return true;
  65 }
  66
  67 }  // namespace
  68
  69 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
  70     : delegate_(delegate) {
  71 }
  72
  73 ToolbarModelImpl::~ToolbarModelImpl() {
  74 }
  75
  76 // static
  77 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
  78       content::WebContents* web_contents) {
  79   if (!web_contents)
  80     return NONE;
  81
  82   NavigationEntry* entry = web_contents->GetController().GetVisibleEntry();
  83   if (!entry)
  84     return NONE;
  85
  86   const SSLStatus& ssl = entry->GetSSL();
  87   switch (ssl.security_style) {
  88     case content::SECURITY_STYLE_UNKNOWN:
  89     case content::SECURITY_STYLE_UNAUTHENTICATED:
  90       return NONE;
  91
  92     case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
  93       return SECURITY_ERROR;
  94
  95     case content::SECURITY_STYLE_AUTHENTICATED: {
  96 #if defined(OS_CHROMEOS)
  97       policy::PolicyCertService* service =
  98           policy::PolicyCertServiceFactory::GetForProfile(
  99               Profile::FromBrowserContext(web_contents->GetBrowserContext()));
 100       if (service && service->UsedPolicyCertificates())
 101         return SECURITY_POLICY_WARNING;
 102 #endif
 103       if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))
 104         return SECURITY_WARNING;
 105       scoped_refptr<net::X509Certificate> cert;
 106       if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
 107           (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
 108         // The internal representation of the dates for UI treatment of SHA-1.
 109         // See http://crbug.com/401365 for details
 110         static const int64_t kJanuary2017 = INT64_C(13127702400000000);
 111         static const int64_t kJune2016 = INT64_C(13109213000000000);
 112         static const int64_t kJanuary2016 = INT64_C(13096080000000000);
 113
 114         ToolbarModel::SecurityLevel security_level = NONE;
 115         // Gated behind a field trial, so that it is possible to adjust the
 116         // UI treatment (to be more or less severe, as necessary) over the
 117         // course of multiple releases.
 118         // See http://crbug.com/401365 for the timeline, with the end state
 119         // being that > kJanuary2017 = Error, and > kJanuary2016 =
 120         // Warning, and kJune2016 disappearing entirely.
 121         if (cert->valid_expiry() >=
 122                 base::Time::FromInternalValue(kJanuary2017) &&
 123             GetSecurityLevelForFieldTrialGroup(
 124                 base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2017"),
 125                 &security_level)) {
 126           return security_level;
 127         }
 128         if (cert->valid_expiry() >= base::Time::FromInternalValue(kJune2016) &&
 129             GetSecurityLevelForFieldTrialGroup(
 130                 base::FieldTrialList::FindFullName("SHA1ToolbarUIJune2016"),
 131                 &security_level)) {
 132           return security_level;
 133         }
 134         if (cert->valid_expiry() >=
 135                 base::Time::FromInternalValue(kJanuary2016) &&
 136             GetSecurityLevelForFieldTrialGroup(
 137                 base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2016"),
 138                 &security_level)) {
 139           return security_level;
 140         }
 141       }
 142       if (net::IsCertStatusError(ssl.cert_status)) {
 143         DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
 144         return SECURITY_WARNING;
 145       }
 146       if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())
 147         return EV_SECURE;
 148       return SECURE;
 149     }
 150     default:
 151       NOTREACHED();
 152       return NONE;
 153   }
 154 }
 155
 156 // ToolbarModelImpl Implementation.
 157 base::string16 ToolbarModelImpl::GetText() const {
 158   base::string16 search_terms(GetSearchTerms(false));
 159   if (!search_terms.empty())
 160     return search_terms;
 161
 162   if (WouldOmitURLDueToOriginChip())
 163     return base::string16();
 164
 165   return GetFormattedURL(NULL);
 166 }
 167
 168 base::string16 ToolbarModelImpl::GetFormattedURL(size_t* prefix_end) const {
 169   std::string languages;  // Empty if we don't have a |navigation_controller|.
 170   Profile* profile = GetProfile();
 171   if (profile)
 172     languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages);
 173
 174   GURL url(GetURL());
 175   if (url.spec().length() > content::kMaxURLDisplayChars)
 176     url = url.IsStandard() ? url.GetOrigin() : GURL(url.scheme() + ":");
 177   // Note that we can't unescape spaces here, because if the user copies this
 178   // and pastes it into another program, that program may think the URL ends at
 179   // the space.
 180   return AutocompleteInput::FormattedStringWithEquivalentMeaning(
 181       url, net::FormatUrl(url, languages, net::kFormatUrlOmitAll,
 182                           net::UnescapeRule::NORMAL, NULL, prefix_end, NULL),
 183       ChromeAutocompleteSchemeClassifier(profile));
 184 }
 185
 186 base::string16 ToolbarModelImpl::GetCorpusNameForMobile() const {
 187   if (!WouldPerformSearchTermReplacement(false))
 188     return base::string16();
 189   GURL url(GetURL());
 190   // If there is a query in the url fragment look for the corpus name there,
 191   // otherwise look for the corpus name in the query parameters.
 192   const std::string& query_str(google_util::HasGoogleSearchQueryParam(
 193       url.ref()) ? url.ref() : url.query());
 194   url::Component query(0, query_str.length()), key, value;
 195   const char kChipKey[] = "sboxchip";
 196   while (url::ExtractQueryKeyValue(query_str.c_str(), &query, &key, &value)) {
 197     if (key.is_nonempty() && query_str.substr(key.begin, key.len) == kChipKey) {
 198       return net::UnescapeAndDecodeUTF8URLComponent(
 199           query_str.substr(value.begin, value.len),
 200           net::UnescapeRule::NORMAL);
 201     }
 202   }
 203   return base::string16();
 204 }
 205
 206 GURL ToolbarModelImpl::GetURL() const {
 207   const NavigationController* navigation_controller = GetNavigationController();
 208   if (navigation_controller) {
 209     const NavigationEntry* entry = navigation_controller->GetVisibleEntry();
 210     if (entry)
 211       return ShouldDisplayURL() ? entry->GetVirtualURL() : GURL();
 212   }
 213
 214   return GURL(url::kAboutBlankURL);
 215 }
 216
 217 bool ToolbarModelImpl::WouldPerformSearchTermReplacement(
 218     bool ignore_editing) const {
 219   return !GetSearchTerms(ignore_editing).empty();
 220 }
 221
 222 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevel(
 223     bool ignore_editing) const {
 224   // When editing, assume no security style.
 225   return (input_in_progress() && !ignore_editing) ?
 226       NONE : GetSecurityLevelForWebContents(delegate_->GetActiveWebContents());
 227 }
 228
 229 int ToolbarModelImpl::GetIcon() const {
 230   if (WouldPerformSearchTermReplacement(false)) {
 231     // The secured version of the search icon is necessary if neither the search
 232     // button nor origin chip are present to indicate the security state.
 233     return (chrome::GetDisplaySearchButtonConditions() ==
 234         chrome::DISPLAY_SEARCH_BUTTON_NEVER) &&
 235         !chrome::ShouldDisplayOriginChip() ?
 236             IDR_OMNIBOX_SEARCH_SECURED : IDR_OMNIBOX_SEARCH;
 237   }
 238
 239   return GetIconForSecurityLevel(GetSecurityLevel(false));
 240 }
 241
 242 int ToolbarModelImpl::GetIconForSecurityLevel(SecurityLevel level) const {
 243   static int icon_ids[NUM_SECURITY_LEVELS] = {
 244     IDR_LOCATION_BAR_HTTP,
 245     IDR_OMNIBOX_HTTPS_VALID,
 246     IDR_OMNIBOX_HTTPS_VALID,
 247     IDR_OMNIBOX_HTTPS_WARNING,
 248     IDR_OMNIBOX_HTTPS_POLICY_WARNING,
 249     IDR_OMNIBOX_HTTPS_INVALID,
 250   };
 251   DCHECK(arraysize(icon_ids) == NUM_SECURITY_LEVELS);
 252   return icon_ids[level];
 253 }
 254
 255 base::string16 ToolbarModelImpl::GetEVCertName() const {
 256   if (GetSecurityLevel(false) != EV_SECURE)
 257     return base::string16();
 258
 259   // Note: Navigation controller and active entry are guaranteed non-NULL or
 260   // the security level would be NONE.
 261   scoped_refptr<net::X509Certificate> cert;
 262   content::CertStore::GetInstance()->RetrieveCert(
 263       GetNavigationController()->GetVisibleEntry()->GetSSL().cert_id, &cert);
 264
 265   // EV are required to have an organization name and country.
 266   DCHECK(!cert->subject().organization_names.empty());
 267   DCHECK(!cert->subject().country_name.empty());
 268   return l10n_util::GetStringFUTF16(
 269       IDS_SECURE_CONNECTION_EV,
 270       base::UTF8ToUTF16(cert->subject().organization_names[0]),
 271       base::UTF8ToUTF16(cert->subject().country_name));
 272 }
 273
 274 bool ToolbarModelImpl::ShouldDisplayURL() const {
 275   // Note: The order here is important.
 276   // - The WebUI test must come before the extension scheme test because there
 277   //   can be WebUIs that have extension schemes (e.g. the bookmark manager). In
 278   //   that case, we should prefer what the WebUI instance says.
 279   // - The view-source test must come before the NTP test because of the case
 280   //   of view-source:chrome://newtab, which should display its URL despite what
 281   //   chrome://newtab says.
 282   NavigationController* controller = GetNavigationController();
 283   NavigationEntry* entry = controller ? controller->GetVisibleEntry() : NULL;
 284   if (entry) {
 285     if (entry->IsViewSourceMode() ||
 286         entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL) {
 287       return true;
 288     }
 289
 290     GURL url = entry->GetURL();
 291     GURL virtual_url = entry->GetVirtualURL();
 292     if (url.SchemeIs(content::kChromeUIScheme) ||
 293         virtual_url.SchemeIs(content::kChromeUIScheme)) {
 294       if (!url.SchemeIs(content::kChromeUIScheme))
 295         url = virtual_url;
 296       return url.host() != chrome::kChromeUINewTabHost;
 297     }
 298   }
 299
 300   return !chrome::IsInstantNTP(delegate_->GetActiveWebContents());
 301 }
 302
 303 bool ToolbarModelImpl::WouldOmitURLDueToOriginChip() const {
 304   const char kInterstitialShownKey[] = "interstitial_shown";
 305
 306   // When users type URLs and hit enter, continue to show those URLs until
 307   // the navigation commits or an interstitial is shown, because having the
 308   // omnibox clear immediately feels like the input was ignored.
 309   NavigationController* navigation_controller = GetNavigationController();
 310   if (navigation_controller) {
 311     NavigationEntry* pending_entry = navigation_controller->GetPendingEntry();
 312     if (pending_entry) {
 313       const NavigationEntry* visible_entry =
 314           navigation_controller->GetVisibleEntry();
 315       base::string16 unused;
 316       // Keep track that we've shown the origin chip on an interstitial so it
 317       // can be shown even after the interstitial was dismissed, to avoid
 318       // showing the chip, removing it and then showing it again.
 319       if (visible_entry &&
 320           visible_entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL &&
 321           !pending_entry->GetExtraData(kInterstitialShownKey, &unused))
 322         pending_entry->SetExtraData(kInterstitialShownKey, base::string16());
 323       const ui::PageTransition transition_type =
 324           pending_entry->GetTransitionType();
 325       if ((transition_type & ui::PAGE_TRANSITION_TYPED) != 0 &&
 326           !pending_entry->GetExtraData(kInterstitialShownKey, &unused))
 327         return false;
 328     }
 329   }
 330
 331   if (!delegate_->InTabbedBrowser() || !ShouldDisplayURL() ||
 332       !url_replacement_enabled())
 333     return false;
 334
 335   if (chrome::ShouldDisplayOriginChip())
 336     return true;
 337
 338   const chrome::OriginChipCondition chip_condition =
 339       chrome::GetOriginChipCondition();
 340   return (chip_condition == chrome::ORIGIN_CHIP_ALWAYS) ||
 341       ((chip_condition == chrome::ORIGIN_CHIP_ON_SRP) &&
 342        WouldPerformSearchTermReplacement(false));
 343 }
 344
 345 NavigationController* ToolbarModelImpl::GetNavigationController() const {
 346   // This |current_tab| can be NULL during the initialization of the
 347   // toolbar during window creation (i.e. before any tabs have been added
 348   // to the window).
 349   WebContents* current_tab = delegate_->GetActiveWebContents();
 350   return current_tab ? &current_tab->GetController() : NULL;
 351 }
 352
 353 Profile* ToolbarModelImpl::GetProfile() const {
 354   NavigationController* navigation_controller = GetNavigationController();
 355   return navigation_controller ?
 356       Profile::FromBrowserContext(navigation_controller->GetBrowserContext()) :
 357       NULL;
 358 }
 359
 360 base::string16 ToolbarModelImpl::GetSearchTerms(bool ignore_editing) const {
 361   if (!url_replacement_enabled() || (input_in_progress() && !ignore_editing))
 362     return base::string16();
 363
 364   const WebContents* web_contents = delegate_->GetActiveWebContents();
 365   base::string16 search_terms(chrome::GetSearchTerms(web_contents));
 366   if (search_terms.empty()) {
 367     // We mainly do this to enforce the subsequent DCHECK.
 368     return base::string16();
 369   }
 370
 371   // If the page is still loading and the security style is unknown, consider
 372   // the page secure.  Without this, after the user hit enter on some search
 373   // terms, the omnibox would change to displaying the loading URL before
 374   // changing back to the search terms once they could be extracted, thus
 375   // causing annoying flicker.
 376   DCHECK(web_contents);
 377   const NavigationController& nav_controller = web_contents->GetController();
 378   const NavigationEntry* entry = nav_controller.GetVisibleEntry();
 379   if ((entry != nav_controller.GetLastCommittedEntry()) &&
 380       (entry->GetSSL().security_style == content::SECURITY_STYLE_UNKNOWN))
 381     return search_terms;
 382
 383   // If the URL is using a Google base URL specified via the command line, we
 384   // bypass the security check below.
 385   if (entry &&
 386       google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL()))
 387     return search_terms;
 388
 389   // Otherwise, extract search terms for HTTPS pages that do not have a security
 390   // error.
 391   ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing);
 392   return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ?
 393       base::string16() : search_terms;
 394 }