src/chrome/browser/ui/webui/interstitials/interstitial_ui.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h"
   6
   7 #include "base/strings/string_util.h"
   8 #include "chrome/browser/browser_process.h"
   9 #include "chrome/browser/profiles/profile.h"
  10 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
  11 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
  12 #include "chrome/browser/ssl/ssl_blocking_page.h"
  13 #include "chrome/common/url_constants.h"
  14 #include "content/public/browser/interstitial_page_delegate.h"
  15 #include "content/public/browser/web_contents.h"
  16 #include "content/public/browser/web_ui.h"
  17 #include "content/public/browser/web_ui_controller.h"
  18 #include "content/public/browser/web_ui_data_source.h"
  19 #include "net/base/net_errors.h"
  20 #include "net/base/url_util.h"
  21 #include "net/cert/x509_certificate.h"
  22 #include "net/ssl/ssl_info.h"
  23
  24 namespace {
  25
  26 class InterstitialHTMLSource : public content::URLDataSource {
  27  public:
  28   InterstitialHTMLSource(Profile* profile,
  29                          content::WebContents* web_contents);
  30   virtual ~InterstitialHTMLSource();
  31
  32   // content::URLDataSource:
  33   virtual std::string GetMimeType(const std::string& mime_type) const OVERRIDE;
  34   virtual std::string GetSource() const OVERRIDE;
  35   virtual bool ShouldAddContentSecurityPolicy() const OVERRIDE;
  36   virtual void StartDataRequest(
  37       const std::string& path,
  38       int render_process_id,
  39       int render_frame_id,
  40       const content::URLDataSource::GotDataCallback& callback) OVERRIDE;
  41
  42  private:
  43   Profile* profile_;
  44   content::WebContents* web_contents_;
  45   DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource);
  46 };
  47
  48 SSLBlockingPage* CreateSSLBlockingPage(content::WebContents* web_contents) {
  49   // Random parameters for SSL blocking page.
  50   int cert_error = net::ERR_CERT_CONTAINS_ERRORS;
  51   GURL request_url("https://example.com");
  52   bool overridable = false;
  53   bool strict_enforcement = false;
  54   std::string url_param;
  55   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
  56                                  "url",
  57                                  &url_param)) {
  58     if (GURL(url_param).is_valid())
  59       request_url = GURL(url_param);
  60   }
  61   std::string overridable_param;
  62   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
  63                                  "overridable",
  64                                  &overridable_param)) {
  65     overridable = overridable_param == "1";
  66   }
  67   std::string strict_enforcement_param;
  68   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
  69                                  "strict_enforcement",
  70                                  &strict_enforcement_param)) {
  71     strict_enforcement = strict_enforcement_param == "1";
  72   }
  73   net::SSLInfo ssl_info;
  74   ssl_info.cert = new net::X509Certificate(
  75       request_url.host(), "CA", base::Time::Max(), base::Time::Max());
  76   // This delegate doesn't create an interstitial.
  77   int options_mask = 0;
  78   if (overridable)
  79     options_mask |= SSLBlockingPage::OVERRIDABLE;
  80   if (strict_enforcement)
  81     options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
  82   return new SSLBlockingPage(web_contents,
  83                              cert_error,
  84                              ssl_info,
  85                              request_url,
  86                              options_mask,
  87                              base::Callback<void(bool)>());
  88 }
  89
  90 SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage(
  91     content::WebContents* web_contents) {
  92   SBThreatType threat_type = SB_THREAT_TYPE_URL_MALWARE;
  93   GURL request_url("http://example.com");
  94   std::string url_param;
  95   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
  96                                  "url",
  97                                  &url_param)) {
  98     if (GURL(url_param).is_valid())
  99       request_url = GURL(url_param);
 100   }
 101   std::string type_param;
 102   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
 103                                  "type",
 104                                  &type_param)) {
 105     if (type_param == "malware") {
 106       threat_type =  SB_THREAT_TYPE_URL_MALWARE;
 107     } else if (type_param == "phishing") {
 108       threat_type = SB_THREAT_TYPE_URL_PHISHING;
 109     } else if (type_param == "clientside_malware") {
 110       threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL;
 111     } else if (type_param == "clientside_phishing") {
 112       threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL;
 113       // Interstitials for client side phishing urls load after the page loads
 114       // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should
 115       // either be a new navigation entry, or there shouldn't be any pending
 116       // entries. Clear any pending navigation entries.
 117       content::NavigationController* controller =
 118           &web_contents->GetController();
 119       controller->DiscardNonCommittedEntries();
 120     }
 121   }
 122   SafeBrowsingBlockingPage::UnsafeResource resource;
 123   resource.url = request_url;
 124   resource.threat_type =  threat_type;
 125   // Create a blocking page without showing the interstitial.
 126   return SafeBrowsingBlockingPage::CreateBlockingPage(
 127       g_browser_process->safe_browsing_service()->ui_manager(),
 128       web_contents,
 129       resource);
 130 }
 131
 132 } //  namespace
 133
 134 InterstitialUI::InterstitialUI(content::WebUI* web_ui)
 135     : WebUIController(web_ui) {
 136   Profile* profile = Profile::FromWebUI(web_ui);
 137   scoped_ptr<InterstitialHTMLSource> html_source(
 138       new InterstitialHTMLSource(profile->GetOriginalProfile(),
 139                                  web_ui->GetWebContents()));
 140   content::URLDataSource::Add(profile, html_source.release());
 141 }
 142
 143 InterstitialUI::~InterstitialUI() {
 144 }
 145
 146 // InterstitialHTMLSource
 147
 148 InterstitialHTMLSource::InterstitialHTMLSource(
 149     Profile* profile,
 150     content::WebContents* web_contents)
 151     : profile_(profile),
 152       web_contents_(web_contents) {
 153 }
 154
 155 InterstitialHTMLSource::~InterstitialHTMLSource() {
 156 }
 157
 158 std::string InterstitialHTMLSource::GetMimeType(
 159     const std::string& mime_type) const {
 160   return "text/html";
 161 }
 162
 163 std::string InterstitialHTMLSource::GetSource() const {
 164   return chrome::kChromeUIInterstitialHost;
 165 }
 166
 167 bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy()
 168     const {
 169   return false;
 170 }
 171
 172 void InterstitialHTMLSource::StartDataRequest(
 173     const std::string& path,
 174     int render_process_id,
 175     int render_frame_id,
 176     const content::URLDataSource::GotDataCallback& callback) {
 177   scoped_ptr<content::InterstitialPageDelegate> interstitial_delegate;
 178   if (StartsWithASCII(path, "ssl", true)) {
 179     interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_));
 180   } else if (StartsWithASCII(path, "safebrowsing", true)) {
 181     interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents_));
 182   }
 183
 184   std::string html;
 185   if (interstitial_delegate.get()) {
 186     html = interstitial_delegate.get()->GetHTMLContents();
 187   } else {
 188     html = "<html><head><title>Interstitials</title></head>"
 189            "<body><h2>Choose an interstitial<h2>"
 190            "<h3>SSL</h3>"
 191            "<a href='ssl'>example.com</a><br>"
 192            "<a href='ssl?url=https://google.com'>SSL (google.com)</a><br>"
 193            "<a href='ssl?overridable=1&strict_enforcement=0'>"
 194            "    example.com (Overridable)</a>"
 195            "<br><br>"
 196            "<h3>SafeBrowsing</h3>"
 197            "<a href='safebrowsing?type=malware'>Malware</a><br>"
 198            "<a href='safebrowsing?type=phishing'>Phishing</a><br>"
 199            "<a href='safebrowsing?type=clientside_malware'>"
 200            "    Client Side Malware</a><br>"
 201            "<a href='safebrowsing?type=clientside_phishing'>"
 202            "    Client Side Phishing</a><br>"
 203            "</body></html>";
 204   }
 205   scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString;
 206   html_bytes->data().assign(html.begin(), html.end());
 207   callback.Run(html_bytes.get());
 208 }