search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / chrome / browser / ssl / bad_clock_blocking_page.cc
blob2d89b105e6fc2f119465d7cec04f444c156c2b17
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
6
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/build_time.h"
10 #include "base/callback_helpers.h"
11 #include "base/command_line.h"
12 #include "base/i18n/rtl.h"
13 #include "base/i18n/time_formatting.h"
14 #include "base/process/launch.h"
15 #include "base/strings/string_number_conversions.h"
16 #include "base/strings/string_piece.h"
17 #include "base/strings/string_util.h"
18 #include "base/strings/stringprintf.h"
19 #include "base/strings/utf_string_conversions.h"
20 #include "base/time/time.h"
21 #include "base/values.h"
22 #include "chrome/browser/browser_process.h"
23 #include "chrome/browser/interstitials/chrome_metrics_helper.h"
24 #include "chrome/browser/profiles/profile.h"
25 #include "chrome/browser/renderer_preferences_util.h"
26 #include "chrome/browser/ssl/ssl_error_classification.h"
27 #include "chrome/common/pref_names.h"
28 #include "chrome/grit/generated_resources.h"
29 #include "components/google/core/browser/google_util.h"
30 #include "content/public/browser/browser_thread.h"
31 #include "content/public/browser/cert_store.h"
32 #include "content/public/browser/interstitial_page.h"
33 #include "content/public/browser/interstitial_page_delegate.h"
34 #include "content/public/browser/navigation_controller.h"
35 #include "content/public/browser/navigation_entry.h"
36 #include "content/public/browser/render_process_host.h"
37 #include "content/public/browser/render_view_host.h"
38 #include "content/public/browser/signed_certificate_timestamp_store.h"
39 #include "content/public/browser/web_contents.h"
40 #include "content/public/common/renderer_preferences.h"
41 #include "content/public/common/ssl_status.h"
42 #include "grit/browser_resources.h"
43 #include "grit/components_strings.h"
44 #include "net/base/net_errors.h"
45 #include "net/base/net_util.h"
46 #include "ui/base/l10n/l10n_util.h"
47
48 #if defined(OS_ANDROID)
49 #include "chrome/browser/android/intent_helper.h"
50 #endif
51
52 #if defined(OS_CHROMEOS)
53 #include "chrome/browser/profiles/profile_manager.h"
54 #include "chrome/browser/ui/chrome_pages.h"
55 #include "chrome/common/url_constants.h"
56 #endif
57
58 #if defined(OS_WIN)
59 #include "base/base_paths_win.h"
60 #include "base/path_service.h"
61 #include "base/strings/string16.h"
62 #include "base/win/windows_version.h"
63 #endif
64
65 using base::ASCIIToUTF16;
66 using base::TimeTicks;
67 using content::InterstitialPage;
68 using content::InterstitialPageDelegate;
69 using content::NavigationController;
70 using content::NavigationEntry;
71
72 namespace {
73
74 const char kMetricsName[] = "bad_clock";
75
76 void LaunchDateAndTimeSettings() {
77 DCHECK_CURRENTLY_ON(content::BrowserThread::FILE);
78 // The code for each OS is completely separate, in order to avoid bugs like
79 // https://crbug.com/430877 .
80 #if defined(OS_ANDROID)
81 chrome::android::OpenDateAndTimeSettings();
82
83 #elif defined(OS_CHROMEOS)
84 std::string sub_page =
85 std::string(chrome::kSearchSubPage) + "#" +
86 l10n_util::GetStringUTF8(IDS_OPTIONS_SETTINGS_SECTION_TITLE_DATETIME);
87 chrome::ShowSettingsSubPageForProfile(ProfileManager::GetActiveUserProfile(),
88 sub_page);
89
90 #elif defined(OS_IOS)
91 // iOS does not have a way to launch the date and time settings.
92 NOTREACHED();
93
94 #elif defined(OS_LINUX)
95 struct ClockCommand {
96 const char* pathname;
97 const char* argument;
98 };
99 static const ClockCommand kClockCommands[] = {
100 // Unity
101 {"/usr/bin/unity-control-center", "datetime"},
102 // GNOME
103 //
104 // NOTE: On old Ubuntu, naming control panels doesn't work, so it
105 // opens the overview. This will have to be good enough.
106 {"/usr/bin/gnome-control-center", "datetime"},
107 {"/usr/local/bin/gnome-control-center", "datetime"},
108 {"/opt/bin/gnome-control-center", "datetime"},
109 // KDE
110 {"/usr/bin/kcmshell4", "clock"},
111 {"/usr/local/bin/kcmshell4", "clock"},
112 {"/opt/bin/kcmshell4", "clock"},
113 };
114
115 base::CommandLine command(base::FilePath(""));
116 for (const ClockCommand& cmd : kClockCommands) {
117 base::FilePath pathname(cmd.pathname);
118 if (base::PathExists(pathname)) {
119 command.SetProgram(pathname);
120 command.AppendArg(cmd.argument);
121 break;
122 }
123 }
124 if (command.GetProgram().empty()) {
125 // Alas, there is nothing we can do.
126 return;
127 }
128
129 base::LaunchOptions options;
130 options.wait = false;
131 options.allow_new_privs = true;
132 base::LaunchProcess(command, options);
133
134 #elif defined(OS_MACOSX)
135 base::CommandLine command(base::FilePath("/usr/bin/open"));
136 command.AppendArg("/System/Library/PreferencePanes/DateAndTime.prefPane");
137
138 base::LaunchOptions options;
139 options.wait = false;
140 base::LaunchProcess(command, options);
141
142 #elif defined(OS_WIN)
143 base::FilePath path;
144 PathService::Get(base::DIR_SYSTEM, &path);
145 static const base::char16 kControlPanelExe[] = L"control.exe";
146 path = path.Append(base::string16(kControlPanelExe));
147 base::CommandLine command(path);
148 command.AppendArg(std::string("/name"));
149 command.AppendArg(std::string("Microsoft.DateAndTime"));
150
151 base::LaunchOptions options;
152 options.wait = false;
153 base::LaunchProcess(command, options);
154
155 #else
156 NOTREACHED();
157
158 #endif
159 // Don't add code here! (See the comment at the beginning of the function.)
160 }
161
162 } // namespace
163
164 // static
165 InterstitialPageDelegate::TypeID BadClockBlockingPage::kTypeForTesting =
166 &BadClockBlockingPage::kTypeForTesting;
167
168 // Note that we always create a navigation entry with SSL errors.
169 // No error happening loading a sub-resource triggers an interstitial so far.
170 // Creating an interstitial without showing (e.g. from chrome://interstitials)
171 // it leaks memory, so don't create it here.
172 BadClockBlockingPage::BadClockBlockingPage(
173 content::WebContents* web_contents,
174 int cert_error,
175 const net::SSLInfo& ssl_info,
176 const GURL& request_url,
177 const base::Time& time_triggered,
178 const base::Callback<void(bool)>& callback)
179 : SecurityInterstitialPage(web_contents, request_url),
180 callback_(callback),
181 cert_error_(cert_error),
182 ssl_info_(ssl_info),
183 time_triggered_(time_triggered) {
184 security_interstitials::MetricsHelper::ReportDetails reporting_info;
185 reporting_info.metric_prefix = kMetricsName;
186 set_metrics_helper(new ChromeMetricsHelper(web_contents, request_url,
187 reporting_info, kMetricsName));
188 metrics_helper()->RecordUserInteraction(
189 security_interstitials::MetricsHelper::TOTAL_VISITS);
190
191 // TODO(felt): Separate the clock statistics from the main ssl statistics.
192 scoped_ptr<SSLErrorClassification> classifier(
193 new SSLErrorClassification(web_contents, time_triggered_, request_url,
194 cert_error_, *ssl_info_.cert.get()));
195 classifier->RecordUMAStatistics(false);
196 }
197
198 bool BadClockBlockingPage::ShouldCreateNewNavigation() const {
199 return true;
200 }
201
202 InterstitialPageDelegate::TypeID BadClockBlockingPage::GetTypeForTesting()
203 const {
204 return BadClockBlockingPage::kTypeForTesting;
205 }
206
207 BadClockBlockingPage::~BadClockBlockingPage() {
208 if (!callback_.is_null()) {
209 // Deny when the page is closed.
210 NotifyDenyCertificate();
211 }
212 }
213
214 void BadClockBlockingPage::PopulateInterstitialStrings(
215 base::DictionaryValue* load_time_data) {
216 CHECK(load_time_data);
217 base::string16 url(GetFormattedHostName());
218
219 // Values that are currently still shared with the SSL interstitial.
220 load_time_data->SetString("type", "SSL");
221 load_time_data->SetString("errorCode", net::ErrorToString(cert_error_));
222 load_time_data->SetString(
223 "openDetails", l10n_util::GetStringUTF16(IDS_SSL_OPEN_DETAILS_BUTTON));
224 load_time_data->SetString(
225 "closeDetails",
226 l10n_util::GetStringUTF16(IDS_SSL_CLOSE_DETAILS_BUTTON));
227
228 // Strings for the bad clock warning specifically.
229 load_time_data->SetBoolean("bad_clock", true);
230 load_time_data->SetBoolean("overridable", false);
231 #if defined(OS_IOS)
232 load_time_data->SetBoolean("hide_primary_button", true);
233 #else
234 load_time_data->SetBoolean("hide_primary_button", false);
235 #endif
236
237 int heading_string =
238 SSLErrorClassification::IsUserClockInTheFuture(time_triggered_)
239 ? IDS_CLOCK_ERROR_AHEAD_HEADING
240 : IDS_CLOCK_ERROR_BEHIND_HEADING;
241
242 load_time_data->SetString("tabTitle",
243 l10n_util::GetStringUTF16(IDS_CLOCK_ERROR_TITLE));
244 load_time_data->SetString("heading",
245 l10n_util::GetStringUTF16(heading_string));
246 load_time_data->SetString(
247 "primaryParagraph",
248 l10n_util::GetStringFUTF16(
249 IDS_CLOCK_ERROR_PRIMARY_PARAGRAPH, url,
250 base::TimeFormatFriendlyDateAndTime(time_triggered_)));
251
252 load_time_data->SetString(
253 "primaryButtonText",
254 l10n_util::GetStringUTF16(IDS_CLOCK_ERROR_UPDATE_DATE_AND_TIME));
255 load_time_data->SetString(
256 "explanationParagraph",
257 l10n_util::GetStringUTF16(IDS_CLOCK_ERROR_EXPLANATION));
258
259 // The interstitial template expects this string, but we're not using it.
260 load_time_data->SetString("finalParagraph", std::string());
261
262 // Set debugging information at the bottom of the warning.
263 load_time_data->SetString("subject",
264 ssl_info_.cert->subject().GetDisplayName());
265 load_time_data->SetString("issuer",
266 ssl_info_.cert->issuer().GetDisplayName());
267 load_time_data->SetString(
268 "expirationDate",
269 base::TimeFormatShortDate(ssl_info_.cert->valid_expiry()));
270 load_time_data->SetString("currentDate",
271 base::TimeFormatShortDate(time_triggered_));
272 std::vector<std::string> encoded_chain;
273 ssl_info_.cert->GetPEMEncodedChain(&encoded_chain);
274 load_time_data->SetString(
275 "pem", base::JoinString(encoded_chain, base::StringPiece()));
276 }
277
278 void BadClockBlockingPage::OverrideEntry(NavigationEntry* entry) {
279 const int process_id = web_contents()->GetRenderProcessHost()->GetID();
280 const int cert_id = content::CertStore::GetInstance()->StoreCert(
281 ssl_info_.cert.get(), process_id);
282 DCHECK(cert_id);
283
284 content::SignedCertificateTimestampStore* sct_store(
285 content::SignedCertificateTimestampStore::GetInstance());
286 content::SignedCertificateTimestampIDStatusList sct_ids;
287 for (const auto& sct_and_status : ssl_info_.signed_certificate_timestamps) {
288 const int sct_id(sct_store->Store(sct_and_status.sct.get(), process_id));
289 DCHECK(sct_id);
290 sct_ids.push_back(content::SignedCertificateTimestampIDAndStatus(
291 sct_id, sct_and_status.status));
292 }
293
294 entry->GetSSL() =
295 content::SSLStatus(content::SECURITY_STYLE_AUTHENTICATION_BROKEN, cert_id,
296 sct_ids, ssl_info_);
297 }
298
299 // This handles the commands sent from the interstitial JavaScript.
300 // DO NOT reorder or change this logic without also changing the JavaScript!
301 void BadClockBlockingPage::CommandReceived(const std::string& command) {
302 if (command == "\"pageLoadComplete\"") {
303 // content::WaitForRenderFrameReady sends this message when the page
304 // load completes. Ignore it.
305 return;
306 }
307
308 int cmd = 0;
309 bool retval = base::StringToInt(command, &cmd);
310 DCHECK(retval);
311 switch (cmd) {
312 case CMD_DONT_PROCEED:
313 interstitial_page()->DontProceed();
314 break;
315 case CMD_DO_REPORT:
316 SetReportingPreference(true);
317 break;
318 case CMD_DONT_REPORT:
319 SetReportingPreference(false);
320 break;
321 case CMD_SHOW_MORE_SECTION:
322 metrics_helper()->RecordUserInteraction(
323 security_interstitials::MetricsHelper::SHOW_ADVANCED);
324 break;
325 case CMD_OPEN_DATE_SETTINGS:
326 metrics_helper()->RecordUserInteraction(
327 security_interstitials::MetricsHelper::OPEN_TIME_SETTINGS);
328 content::BrowserThread::PostTask(content::BrowserThread::FILE, FROM_HERE,
329 base::Bind(&LaunchDateAndTimeSettings));
330 break;
331 case CMD_OPEN_REPORTING_PRIVACY:
332 OpenExtendedReportingPrivacyPolicy();
333 break;
334 case CMD_PROCEED:
335 case CMD_OPEN_HELP_CENTER:
336 case CMD_RELOAD:
337 case CMD_OPEN_DIAGNOSTIC:
338 // Not supported for the bad clock interstitial.
339 NOTREACHED() << "Unexpected command: " << command;
340 }
341 }
342
343 void BadClockBlockingPage::OverrideRendererPrefs(
344 content::RendererPreferences* prefs) {
345 Profile* profile =
346 Profile::FromBrowserContext(web_contents()->GetBrowserContext());
347 renderer_preferences_util::UpdateFromSystemSettings(prefs, profile,
348 web_contents());
349 }
350
351 void BadClockBlockingPage::OnDontProceed() {
352 NotifyDenyCertificate();
353 }
354
355 void BadClockBlockingPage::NotifyDenyCertificate() {
356 // It's possible that callback_ may not exist if the user clicks "Proceed"
357 // followed by pressing the back button before the interstitial is hidden.
358 // In that case the certificate will still be treated as allowed.
359 if (callback_.is_null())
360 return;
361
362 base::ResetAndReturn(&callback_).Run(false);
363 }