search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / ui / webui / interstitials / interstitial_ui.cc
blob31a98bef8aff9cee0d0c40c41c45fcc78fdbe507
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h"
6
7 #include "base/strings/string_number_conversions.h"
8 #include "base/strings/string_util.h"
9 #include "chrome/browser/browser_process.h"
10 #include "chrome/browser/profiles/profile.h"
11 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
12 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
13 #include "chrome/browser/ssl/ssl_blocking_page.h"
14 #include "chrome/common/url_constants.h"
15 #include "chrome/grit/browser_resources.h"
16 #include "content/public/browser/interstitial_page_delegate.h"
17 #include "content/public/browser/web_contents.h"
18 #include "content/public/browser/web_ui.h"
19 #include "content/public/browser/web_ui_controller.h"
20 #include "content/public/browser/web_ui_data_source.h"
21 #include "net/base/net_errors.h"
22 #include "net/base/url_util.h"
23 #include "net/cert/x509_certificate.h"
24 #include "net/ssl/ssl_info.h"
25 #include "ui/base/resource/resource_bundle.h"
26
27 namespace {
28
29 class InterstitialHTMLSource : public content::URLDataSource {
30 public:
31 InterstitialHTMLSource(Profile* profile,
32 content::WebContents* web_contents);
33 ~InterstitialHTMLSource() override;
34
35 // content::URLDataSource:
36 std::string GetMimeType(const std::string& mime_type) const override;
37 std::string GetSource() const override;
38 bool ShouldAddContentSecurityPolicy() const override;
39 void StartDataRequest(
40 const std::string& path,
41 int render_process_id,
42 int render_frame_id,
43 const content::URLDataSource::GotDataCallback& callback) override;
44
45 private:
46 Profile* profile_;
47 content::WebContents* web_contents_;
48 DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource);
49 };
50
51 SSLBlockingPage* CreateSSLBlockingPage(content::WebContents* web_contents) {
52 // Random parameters for SSL blocking page.
53 int cert_error = net::ERR_CERT_CONTAINS_ERRORS;
54 GURL request_url("https://example.com");
55 bool overridable = false;
56 bool strict_enforcement = false;
57 base::Time time_triggered_ = base::Time::NowFromSystemTime();
58 std::string url_param;
59 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
60 "url",
61 &url_param)) {
62 if (GURL(url_param).is_valid())
63 request_url = GURL(url_param);
64 }
65 std::string overridable_param;
66 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
67 "overridable",
68 &overridable_param)) {
69 overridable = overridable_param == "1";
70 }
71 std::string strict_enforcement_param;
72 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
73 "strict_enforcement",
74 &strict_enforcement_param)) {
75 strict_enforcement = strict_enforcement_param == "1";
76 }
77 std::string clock_manipulation_param;
78 if (net::GetValueForKeyInQuery(web_contents->GetURL(), "clock_manipulation",
79 &clock_manipulation_param) == 1) {
80 cert_error = net::ERR_CERT_DATE_INVALID;
81 int time_offset;
82 if (base::StringToInt(clock_manipulation_param, &time_offset)) {
83 time_triggered_ += base::TimeDelta::FromDays(365 * time_offset);
84 } else {
85 time_triggered_ += base::TimeDelta::FromDays(365 * 2);
86 }
87 }
88 net::SSLInfo ssl_info;
89 ssl_info.cert = new net::X509Certificate(
90 request_url.host(), "CA", base::Time::Max(), base::Time::Max());
91 // This delegate doesn't create an interstitial.
92 int options_mask = 0;
93 if (overridable)
94 options_mask |= SSLBlockingPage::OVERRIDABLE;
95 if (strict_enforcement)
96 options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
97 return new SSLBlockingPage(web_contents, cert_error, ssl_info, request_url,
98 options_mask, time_triggered_, nullptr,
99 base::Callback<void(bool)>());
100 }
101
102 SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage(
103 content::WebContents* web_contents) {
104 SBThreatType threat_type = SB_THREAT_TYPE_URL_MALWARE;
105 GURL request_url("http://example.com");
106 std::string url_param;
107 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
108 "url",
109 &url_param)) {
110 if (GURL(url_param).is_valid())
111 request_url = GURL(url_param);
112 }
113 std::string type_param;
114 if (net::GetValueForKeyInQuery(web_contents->GetURL(),
115 "type",
116 &type_param)) {
117 if (type_param == "malware") {
118 threat_type = SB_THREAT_TYPE_URL_MALWARE;
119 } else if (type_param == "phishing") {
120 threat_type = SB_THREAT_TYPE_URL_PHISHING;
121 } else if (type_param == "clientside_malware") {
122 threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL;
123 } else if (type_param == "clientside_phishing") {
124 threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL;
125 // Interstitials for client side phishing urls load after the page loads
126 // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should
127 // either be a new navigation entry, or there shouldn't be any pending
128 // entries. Clear any pending navigation entries.
129 content::NavigationController* controller =
130 &web_contents->GetController();
131 controller->DiscardNonCommittedEntries();
132 }
133 }
134 SafeBrowsingBlockingPage::UnsafeResource resource;
135 resource.url = request_url;
136 resource.threat_type = threat_type;
137 // Create a blocking page without showing the interstitial.
138 return SafeBrowsingBlockingPage::CreateBlockingPage(
139 g_browser_process->safe_browsing_service()->ui_manager().get(),
140 web_contents,
141 resource);
142 }
143
144 } // namespace
145
146 InterstitialUI::InterstitialUI(content::WebUI* web_ui)
147 : WebUIController(web_ui) {
148 Profile* profile = Profile::FromWebUI(web_ui);
149 scoped_ptr<InterstitialHTMLSource> html_source(
150 new InterstitialHTMLSource(profile->GetOriginalProfile(),
151 web_ui->GetWebContents()));
152 content::URLDataSource::Add(profile, html_source.release());
153 }
154
155 InterstitialUI::~InterstitialUI() {
156 }
157
158 // InterstitialHTMLSource
159
160 InterstitialHTMLSource::InterstitialHTMLSource(
161 Profile* profile,
162 content::WebContents* web_contents)
163 : profile_(profile),
164 web_contents_(web_contents) {
165 }
166
167 InterstitialHTMLSource::~InterstitialHTMLSource() {
168 }
169
170 std::string InterstitialHTMLSource::GetMimeType(
171 const std::string& mime_type) const {
172 return "text/html";
173 }
174
175 std::string InterstitialHTMLSource::GetSource() const {
176 return chrome::kChromeUIInterstitialHost;
177 }
178
179 bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy()
180 const {
181 return false;
182 }
183
184 void InterstitialHTMLSource::StartDataRequest(
185 const std::string& path,
186 int render_process_id,
187 int render_frame_id,
188 const content::URLDataSource::GotDataCallback& callback) {
189 scoped_ptr<content::InterstitialPageDelegate> interstitial_delegate;
190 if (StartsWithASCII(path, "ssl", true)) {
191 interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_));
192 } else if (StartsWithASCII(path, "safebrowsing", true)) {
193 interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents_));
194 }
195
196 std::string html;
197 if (interstitial_delegate.get()) {
198 html = interstitial_delegate.get()->GetHTMLContents();
199 } else {
200 html = ResourceBundle::GetSharedInstance()
201 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML)
202 .as_string();
203 }
204 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString;
205 html_bytes->data().assign(html.begin(), html.end());
206 callback.Run(html_bytes.get());
207 }