1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h"
7 #include "base/strings/string_util.h"
8 #include "chrome/browser/browser_process.h"
9 #include "chrome/browser/profiles/profile.h"
10 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
11 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
12 #include "chrome/browser/ssl/ssl_blocking_page.h"
13 #include "chrome/common/url_constants.h"
14 #include "content/public/browser/interstitial_page_delegate.h"
15 #include "content/public/browser/web_contents.h"
16 #include "content/public/browser/web_ui.h"
17 #include "content/public/browser/web_ui_controller.h"
18 #include "content/public/browser/web_ui_data_source.h"
19 #include "net/base/net_errors.h"
20 #include "net/base/url_util.h"
21 #include "net/cert/x509_certificate.h"
22 #include "net/ssl/ssl_info.h"
26 class InterstitialHTMLSource : public content::URLDataSource {
28 InterstitialHTMLSource(Profile* profile,
29 content::WebContents* web_contents);
30 virtual ~InterstitialHTMLSource();
32 // content::URLDataSource:
33 virtual std::string GetMimeType(const std::string& mime_type) const OVERRIDE;
34 virtual std::string GetSource() const OVERRIDE;
35 virtual bool ShouldAddContentSecurityPolicy() const OVERRIDE;
36 virtual void StartDataRequest(
37 const std::string& path,
38 int render_process_id,
40 const content::URLDataSource::GotDataCallback& callback) OVERRIDE;
44 content::WebContents* web_contents_;
45 DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource);
48 SSLBlockingPage* CreateSSLBlockingPage(content::WebContents* web_contents) {
49 // Random parameters for SSL blocking page.
50 int cert_error = net::ERR_CERT_CONTAINS_ERRORS;
51 GURL request_url("https://example.com");
52 bool overridable = false;
53 bool strict_enforcement = false;
54 std::string url_param;
55 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
58 if (GURL(url_param).is_valid())
59 request_url = GURL(url_param);
61 std::string overridable_param;
62 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
64 &overridable_param)) {
65 overridable = overridable_param == "1";
67 std::string strict_enforcement_param;
68 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
70 &strict_enforcement_param)) {
71 strict_enforcement = strict_enforcement_param == "1";
73 net::SSLInfo ssl_info;
74 ssl_info.cert = new net::X509Certificate(
75 request_url.host(), "CA", base::Time::Max(), base::Time::Max());
76 // This delegate doesn't create an interstitial.
79 options_mask |= SSLBlockingPage::OVERRIDABLE;
80 if (strict_enforcement)
81 options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
82 return new SSLBlockingPage(web_contents,
87 base::Callback<void(bool)>());
90 SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage(
91 content::WebContents* web_contents) {
92 SBThreatType threat_type = SB_THREAT_TYPE_URL_MALWARE;
93 GURL request_url("http://example.com");
94 std::string url_param;
95 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
98 if (GURL(url_param).is_valid())
99 request_url = GURL(url_param);
101 std::string type_param;
102 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
105 if (type_param == "malware") {
106 threat_type = SB_THREAT_TYPE_URL_MALWARE;
107 } else if (type_param == "phishing") {
108 threat_type = SB_THREAT_TYPE_URL_PHISHING;
109 } else if (type_param == "clientside_malware") {
110 threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL;
111 } else if (type_param == "clientside_phishing") {
112 threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL;
113 // Interstitials for client side phishing urls load after the page loads
114 // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should
115 // either be a new navigation entry, or there shouldn't be any pending
116 // entries. Clear any pending navigation entries.
117 content::NavigationController* controller =
118 &web_contents->GetController();
119 controller->DiscardNonCommittedEntries();
122 SafeBrowsingBlockingPage::UnsafeResource resource;
123 resource.url = request_url;
124 resource.threat_type = threat_type;
125 // Create a blocking page without showing the interstitial.
126 return SafeBrowsingBlockingPage::CreateBlockingPage(
127 g_browser_process->safe_browsing_service()->ui_manager().get(),
134 InterstitialUI::InterstitialUI(content::WebUI* web_ui)
135 : WebUIController(web_ui) {
136 Profile* profile = Profile::FromWebUI(web_ui);
137 scoped_ptr<InterstitialHTMLSource> html_source(
138 new InterstitialHTMLSource(profile->GetOriginalProfile(),
139 web_ui->GetWebContents()));
140 content::URLDataSource::Add(profile, html_source.release());
143 InterstitialUI::~InterstitialUI() {
146 // InterstitialHTMLSource
148 InterstitialHTMLSource::InterstitialHTMLSource(
150 content::WebContents* web_contents)
152 web_contents_(web_contents) {
155 InterstitialHTMLSource::~InterstitialHTMLSource() {
158 std::string InterstitialHTMLSource::GetMimeType(
159 const std::string& mime_type) const {
163 std::string InterstitialHTMLSource::GetSource() const {
164 return chrome::kChromeUIInterstitialHost;
167 bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy()
172 void InterstitialHTMLSource::StartDataRequest(
173 const std::string& path,
174 int render_process_id,
176 const content::URLDataSource::GotDataCallback& callback) {
177 scoped_ptr<content::InterstitialPageDelegate> interstitial_delegate;
178 if (StartsWithASCII(path, "ssl", true)) {
179 interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_));
180 } else if (StartsWithASCII(path, "safebrowsing", true)) {
181 interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents_));
185 if (interstitial_delegate.get()) {
186 html = interstitial_delegate.get()->GetHTMLContents();
188 html = "<html><head><title>Interstitials</title></head>"
189 "<body><h2>Choose an interstitial<h2>"
191 "<a href='ssl'>example.com</a><br>"
192 "<a href='ssl?url=https://google.com'>SSL (google.com)</a><br>"
193 "<a href='ssl?overridable=1&strict_enforcement=0'>"
194 " example.com (Overridable)</a>"
196 "<h3>SafeBrowsing</h3>"
197 "<a href='safebrowsing?type=malware'>Malware</a><br>"
198 "<a href='safebrowsing?type=phishing'>Phishing</a><br>"
199 "<a href='safebrowsing?type=clientside_malware'>"
200 " Client Side Malware</a><br>"
201 "<a href='safebrowsing?type=clientside_phishing'>"
202 " Client Side Phishing</a><br>"
205 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString;
206 html_bytes->data().assign(html.begin(), html.end());
207 callback.Run(html_bytes.get());