chrome/browser/ssl/ssl_error_handler.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/ssl_error_handler.h"
   6
   7 #include "base/callback_helpers.h"
   8 #include "base/metrics/field_trial.h"
   9 #include "base/metrics/histogram.h"
  10 #include "base/time/time.h"
  11 #include "chrome/browser/profiles/profile.h"
  12 #include "chrome/browser/ssl/ssl_blocking_page.h"
  13 #include "chrome/browser/ssl/ssl_cert_reporter.h"
  14 #include "content/public/browser/notification_service.h"
  15 #include "content/public/browser/notification_source.h"
  16 #include "content/public/browser/web_contents.h"
  17
  18 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
  19 #include "chrome/browser/captive_portal/captive_portal_service.h"
  20 #include "chrome/browser/captive_portal/captive_portal_service_factory.h"
  21 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
  22 #include "chrome/browser/ssl/captive_portal_blocking_page.h"
  23 #endif
  24
  25 namespace {
  26
  27 // The type of the delay before displaying the SSL interstitial. This can be
  28 // changed in tests.
  29 SSLErrorHandler::InterstitialDelayType g_interstitial_delay_type =
  30     SSLErrorHandler::NORMAL;
  31
  32 // Callback to call when the interstitial timer is started. Used for testing.
  33 SSLErrorHandler::TimerStartedCallback* g_timer_started_callback = nullptr;
  34
  35 // Events for UMA.
  36 enum SSLErrorHandlerEvent {
  37   HANDLE_ALL,
  38   SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE,
  39   SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE,
  40   SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE,
  41   SHOW_SSL_INTERSTITIAL_OVERRIDABLE,
  42   SSL_ERROR_HANDLER_EVENT_COUNT
  43 };
  44
  45 void RecordUMA(SSLErrorHandlerEvent event) {
  46   UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_handler",
  47                             event,
  48                             SSL_ERROR_HANDLER_EVENT_COUNT);
  49 }
  50
  51 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
  52 // The delay before displaying the SSL interstitial for cert errors.
  53 // - If a "captive portal detected" result arrives in this many seconds,
  54 //   a captive portal interstitial is displayed.
  55 // - Otherwise, an SSL interstitial is displayed.
  56 const int kDefaultInterstitialDisplayDelayInSeconds = 2;
  57
  58 base::TimeDelta GetInterstitialDisplayDelay(
  59     SSLErrorHandler::InterstitialDelayType delay) {
  60   switch (delay) {
  61     case SSLErrorHandler::LONG:
  62       return base::TimeDelta::FromHours(1);
  63
  64     case SSLErrorHandler::NONE:
  65       return base::TimeDelta();
  66
  67     case SSLErrorHandler::NORMAL:
  68       return base::TimeDelta::FromSeconds(
  69           kDefaultInterstitialDisplayDelayInSeconds);
  70
  71     default:
  72       NOTREACHED();
  73   }
  74   return base::TimeDelta();
  75 }
  76
  77 bool IsCaptivePortalInterstitialEnabled() {
  78   return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
  79          "Enabled";
  80 }
  81 #endif
  82
  83 }  // namespace
  84
  85 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SSLErrorHandler);
  86
  87 void SSLErrorHandler::HandleSSLError(
  88     content::WebContents* web_contents,
  89     int cert_error,
  90     const net::SSLInfo& ssl_info,
  91     const GURL& request_url,
  92     int options_mask,
  93     scoped_ptr<SSLCertReporter> ssl_cert_reporter,
  94     const base::Callback<void(bool)>& callback) {
  95 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
  96   CaptivePortalTabHelper* captive_portal_tab_helper =
  97       CaptivePortalTabHelper::FromWebContents(web_contents);
  98   if (captive_portal_tab_helper) {
  99     captive_portal_tab_helper->OnSSLCertError(ssl_info);
 100   }
 101 #endif
 102   DCHECK(!FromWebContents(web_contents));
 103   web_contents->SetUserData(
 104       UserDataKey(),
 105       new SSLErrorHandler(web_contents, cert_error, ssl_info, request_url,
 106                           options_mask, ssl_cert_reporter.Pass(), callback));
 107
 108   SSLErrorHandler* error_handler =
 109       SSLErrorHandler::FromWebContents(web_contents);
 110   error_handler->StartHandlingError();
 111 }
 112
 113 // static
 114 void SSLErrorHandler::SetInterstitialDelayTypeForTest(
 115     SSLErrorHandler::InterstitialDelayType delay) {
 116   g_interstitial_delay_type = delay;
 117 }
 118
 119 // static
 120 void SSLErrorHandler::SetInterstitialTimerStartedCallbackForTest(
 121     TimerStartedCallback* callback) {
 122   DCHECK(!callback || !callback->is_null());
 123   g_timer_started_callback = callback;
 124 }
 125
 126 SSLErrorHandler::SSLErrorHandler(content::WebContents* web_contents,
 127                                  int cert_error,
 128                                  const net::SSLInfo& ssl_info,
 129                                  const GURL& request_url,
 130                                  int options_mask,
 131                                  scoped_ptr<SSLCertReporter> ssl_cert_reporter,
 132                                  const base::Callback<void(bool)>& callback)
 133     : content::WebContentsObserver(web_contents),
 134       web_contents_(web_contents),
 135       cert_error_(cert_error),
 136       ssl_info_(ssl_info),
 137       request_url_(request_url),
 138       options_mask_(options_mask),
 139       callback_(callback),
 140       ssl_cert_reporter_(ssl_cert_reporter.Pass()) {
 141 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 142   Profile* profile = Profile::FromBrowserContext(
 143       web_contents->GetBrowserContext());
 144   registrar_.Add(this,
 145                  chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
 146                  content::Source<Profile>(profile));
 147 #endif
 148 }
 149
 150 SSLErrorHandler::~SSLErrorHandler() {
 151 }
 152
 153 void SSLErrorHandler::StartHandlingError() {
 154   RecordUMA(HANDLE_ALL);
 155
 156 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 157   if (IsCaptivePortalInterstitialEnabled()) {
 158     CheckForCaptivePortal();
 159     timer_.Start(FROM_HERE,
 160                  GetInterstitialDisplayDelay(g_interstitial_delay_type),
 161                  this, &SSLErrorHandler::OnTimerExpired);
 162     if (g_timer_started_callback)
 163       g_timer_started_callback->Run(web_contents_);
 164     return;
 165   }
 166 #endif
 167   // Display an SSL interstitial.
 168   ShowSSLInterstitial();
 169 }
 170
 171 void SSLErrorHandler::OnTimerExpired() {
 172   ShowSSLInterstitial();
 173 }
 174
 175 void SSLErrorHandler::CheckForCaptivePortal() {
 176 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 177   Profile* profile = Profile::FromBrowserContext(
 178       web_contents_->GetBrowserContext());
 179   CaptivePortalService* captive_portal_service =
 180       CaptivePortalServiceFactory::GetForProfile(profile);
 181   captive_portal_service->DetectCaptivePortal();
 182 #else
 183   NOTREACHED();
 184 #endif
 185 }
 186
 187 void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
 188 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 189   // Show captive portal blocking page. The interstitial owns the blocking page.
 190   const Profile* const profile =
 191       Profile::FromBrowserContext(web_contents_->GetBrowserContext());
 192   RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile)
 193                 ? SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE
 194                 : SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE);
 195   (new CaptivePortalBlockingPage(web_contents_, request_url_, landing_url,
 196                                  callback_))->Show();
 197   // Once an interstitial is displayed, no need to keep the handler around.
 198   // This is the equivalent of "delete this".
 199   web_contents_->RemoveUserData(UserDataKey());
 200 #else
 201   NOTREACHED();
 202 #endif
 203 }
 204
 205 void SSLErrorHandler::ShowSSLInterstitial() {
 206   // Show SSL blocking page. The interstitial owns the blocking page.
 207   const Profile* const profile =
 208       Profile::FromBrowserContext(web_contents_->GetBrowserContext());
 209   RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile)
 210                 ? SHOW_SSL_INTERSTITIAL_OVERRIDABLE
 211                 : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
 212   (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
 213                        options_mask_, base::Time::NowFromSystemTime(),
 214                        ssl_cert_reporter_.Pass(), callback_))->Show();
 215   // Once an interstitial is displayed, no need to keep the handler around.
 216   // This is the equivalent of "delete this".
 217   web_contents_->RemoveUserData(UserDataKey());
 218 }
 219
 220 void SSLErrorHandler::Observe(
 221     int type,
 222     const content::NotificationSource& source,
 223     const content::NotificationDetails& details) {
 224 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 225   if (type == chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT) {
 226     timer_.Stop();
 227     CaptivePortalService::Results* results =
 228         content::Details<CaptivePortalService::Results>(details).ptr();
 229     if (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL)
 230       ShowCaptivePortalInterstitial(results->landing_url);
 231     else
 232       ShowSSLInterstitial();
 233   }
 234 #endif
 235 }
 236
 237 // Destroy the error handler on all new navigations. This ensures that the
 238 // handler is properly recreated when a hanging page is navigated to an SSL
 239 // error, even when the tab's WebContents doesn't change.
 240 void SSLErrorHandler::DidStartNavigationToPendingEntry(
 241     const GURL& url,
 242     content::NavigationController::ReloadType reload_type) {
 243   // Need to explicity deny the certificate via the callback, otherwise memory
 244   // is leaked.
 245   if (!callback_.is_null()) {
 246     base::ResetAndReturn(&callback_).Run(false);
 247   }
 248   web_contents_->RemoveUserData(UserDataKey());
 249 }