chrome/browser/ssl/ssl_error_handler.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/ssl_error_handler.h"
   6
   7 #include "base/callback_helpers.h"
   8 #include "base/metrics/field_trial.h"
   9 #include "base/metrics/histogram.h"
  10 #include "base/time/time.h"
  11 #include "chrome/browser/profiles/profile.h"
  12 #include "chrome/browser/safe_browsing/ui_manager.h"
  13 #include "chrome/browser/ssl/ssl_blocking_page.h"
  14 #include "content/public/browser/notification_service.h"
  15 #include "content/public/browser/notification_source.h"
  16 #include "content/public/browser/web_contents.h"
  17
  18 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
  19 #include "chrome/browser/captive_portal/captive_portal_service.h"
  20 #include "chrome/browser/captive_portal/captive_portal_service_factory.h"
  21 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
  22 #include "chrome/browser/ssl/captive_portal_blocking_page.h"
  23 #endif
  24
  25 namespace {
  26
  27 // The type of the delay before displaying the SSL interstitial. This can be
  28 // changed in tests.
  29 SSLErrorHandler::InterstitialDelayType g_interstitial_delay_type =
  30     SSLErrorHandler::NORMAL;
  31
  32 // Callback to call when the interstitial timer is started. Used for testing.
  33 SSLErrorHandler::TimerStartedCallback* g_timer_started_callback = nullptr;
  34
  35 // Events for UMA.
  36 enum SSLErrorHandlerEvent {
  37   HANDLE_ALL,
  38   SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE,
  39   SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE,
  40   SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE,
  41   SHOW_SSL_INTERSTITIAL_OVERRIDABLE,
  42   SSL_ERROR_HANDLER_EVENT_COUNT
  43 };
  44
  45 void RecordUMA(SSLErrorHandlerEvent event) {
  46   UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_handler",
  47                             event,
  48                             SSL_ERROR_HANDLER_EVENT_COUNT);
  49 }
  50
  51 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
  52 // The delay before displaying the SSL interstitial for cert errors.
  53 // - If a "captive portal detected" result arrives in this many seconds,
  54 //   a captive portal interstitial is displayed.
  55 // - Otherwise, an SSL interstitial is displayed.
  56 const int kDefaultInterstitialDisplayDelayInSeconds = 2;
  57
  58 base::TimeDelta GetInterstitialDisplayDelay(
  59     SSLErrorHandler::InterstitialDelayType delay) {
  60   switch (delay) {
  61     case SSLErrorHandler::LONG:
  62       return base::TimeDelta::FromHours(1);
  63
  64     case SSLErrorHandler::NONE:
  65       return base::TimeDelta();
  66
  67     case SSLErrorHandler::NORMAL:
  68       return base::TimeDelta::FromSeconds(
  69           kDefaultInterstitialDisplayDelayInSeconds);
  70
  71     default:
  72       NOTREACHED();
  73   }
  74   return base::TimeDelta();
  75 }
  76
  77 bool IsCaptivePortalInterstitialEnabled() {
  78   return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
  79          "Enabled";
  80 }
  81 #endif
  82
  83 }  // namespace
  84
  85 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SSLErrorHandler);
  86
  87 void SSLErrorHandler::HandleSSLError(
  88     content::WebContents* web_contents,
  89     int cert_error,
  90     const net::SSLInfo& ssl_info,
  91     const GURL& request_url,
  92     int options_mask,
  93     SafeBrowsingUIManager* safe_browsing_ui_manager,
  94     const base::Callback<void(bool)>& callback) {
  95 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
  96   CaptivePortalTabHelper* captive_portal_tab_helper =
  97       CaptivePortalTabHelper::FromWebContents(web_contents);
  98   if (captive_portal_tab_helper) {
  99     captive_portal_tab_helper->OnSSLCertError(ssl_info);
 100   }
 101 #endif
 102   DCHECK(!FromWebContents(web_contents));
 103   web_contents->SetUserData(
 104       UserDataKey(),
 105       new SSLErrorHandler(web_contents, cert_error, ssl_info, request_url,
 106                           options_mask, safe_browsing_ui_manager, callback));
 107
 108   SSLErrorHandler* error_handler =
 109       SSLErrorHandler::FromWebContents(web_contents);
 110   error_handler->StartHandlingError();
 111 }
 112
 113 // static
 114 void SSLErrorHandler::SetInterstitialDelayTypeForTest(
 115     SSLErrorHandler::InterstitialDelayType delay) {
 116   g_interstitial_delay_type = delay;
 117 }
 118
 119 // static
 120 void SSLErrorHandler::SetInterstitialTimerStartedCallbackForTest(
 121     TimerStartedCallback* callback) {
 122   DCHECK(!callback || !callback->is_null());
 123   g_timer_started_callback = callback;
 124 }
 125
 126 SSLErrorHandler::SSLErrorHandler(
 127     content::WebContents* web_contents,
 128     int cert_error,
 129     const net::SSLInfo& ssl_info,
 130     const GURL& request_url,
 131     int options_mask,
 132     SafeBrowsingUIManager* safe_browsing_ui_manager,
 133     const base::Callback<void(bool)>& callback)
 134     : content::WebContentsObserver(web_contents),
 135       web_contents_(web_contents),
 136       cert_error_(cert_error),
 137       ssl_info_(ssl_info),
 138       request_url_(request_url),
 139       options_mask_(options_mask),
 140       callback_(callback),
 141       safe_browsing_ui_manager_(safe_browsing_ui_manager) {
 142 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 143   Profile* profile = Profile::FromBrowserContext(
 144       web_contents->GetBrowserContext());
 145   registrar_.Add(this,
 146                  chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
 147                  content::Source<Profile>(profile));
 148 #endif
 149 }
 150
 151 SSLErrorHandler::~SSLErrorHandler() {
 152 }
 153
 154 void SSLErrorHandler::StartHandlingError() {
 155   RecordUMA(HANDLE_ALL);
 156
 157 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 158   if (IsCaptivePortalInterstitialEnabled()) {
 159     CheckForCaptivePortal();
 160     timer_.Start(FROM_HERE,
 161                  GetInterstitialDisplayDelay(g_interstitial_delay_type),
 162                  this, &SSLErrorHandler::OnTimerExpired);
 163     if (g_timer_started_callback)
 164       g_timer_started_callback->Run(web_contents_);
 165     return;
 166   }
 167 #endif
 168   // Display an SSL interstitial.
 169   ShowSSLInterstitial();
 170 }
 171
 172 void SSLErrorHandler::OnTimerExpired() {
 173   ShowSSLInterstitial();
 174 }
 175
 176 void SSLErrorHandler::CheckForCaptivePortal() {
 177 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 178   Profile* profile = Profile::FromBrowserContext(
 179       web_contents_->GetBrowserContext());
 180   CaptivePortalService* captive_portal_service =
 181       CaptivePortalServiceFactory::GetForProfile(profile);
 182   captive_portal_service->DetectCaptivePortal();
 183 #else
 184   NOTREACHED();
 185 #endif
 186 }
 187
 188 void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
 189 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 190   // Show captive portal blocking page. The interstitial owns the blocking page.
 191   RecordUMA(SSLBlockingPage::IsOptionsOverridable(options_mask_) ?
 192             SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE :
 193             SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE);
 194   (new CaptivePortalBlockingPage(web_contents_, request_url_, landing_url,
 195                                  callback_))->Show();
 196   // Once an interstitial is displayed, no need to keep the handler around.
 197   // This is the equivalent of "delete this".
 198   web_contents_->RemoveUserData(UserDataKey());
 199 #else
 200   NOTREACHED();
 201 #endif
 202 }
 203
 204 void SSLErrorHandler::ShowSSLInterstitial() {
 205   // Show SSL blocking page. The interstitial owns the blocking page.
 206   RecordUMA(SSLBlockingPage::IsOptionsOverridable(options_mask_) ?
 207             SHOW_SSL_INTERSTITIAL_OVERRIDABLE :
 208             SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
 209   (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
 210                        options_mask_, base::Time::NowFromSystemTime(),
 211                        safe_browsing_ui_manager_, callback_))->Show();
 212   // Once an interstitial is displayed, no need to keep the handler around.
 213   // This is the equivalent of "delete this".
 214   web_contents_->RemoveUserData(UserDataKey());
 215 }
 216
 217 void SSLErrorHandler::Observe(
 218     int type,
 219     const content::NotificationSource& source,
 220     const content::NotificationDetails& details) {
 221 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 222   if (type == chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT) {
 223     timer_.Stop();
 224     CaptivePortalService::Results* results =
 225         content::Details<CaptivePortalService::Results>(details).ptr();
 226     if (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL)
 227       ShowCaptivePortalInterstitial(results->landing_url);
 228     else
 229       ShowSSLInterstitial();
 230   }
 231 #endif
 232 }
 233
 234 // Destroy the error handler on all new navigations. This ensures that the
 235 // handler is properly recreated when a hanging page is navigated to an SSL
 236 // error, even when the tab's WebContents doesn't change.
 237 void SSLErrorHandler::DidStartNavigationToPendingEntry(
 238     const GURL& url,
 239     content::NavigationController::ReloadType reload_type) {
 240   // Need to explicity deny the certificate via the callback, otherwise memory
 241   // is leaked.
 242   if (!callback_.is_null()) {
 243     base::ResetAndReturn(&callback_).Run(false);
 244   }
 245   web_contents_->RemoveUserData(UserDataKey());
 246 }