Home | History | Annotate | Download | only in interstitials 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h"
      6 
      7 #include "base/strings/string_util.h"
      8 #include "chrome/browser/browser_process.h"
      9 #include "chrome/browser/profiles/profile.h"
     10 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
     11 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
     12 #include "chrome/browser/ssl/ssl_blocking_page.h"
     13 #include "chrome/common/url_constants.h"
     14 #include "content/public/browser/interstitial_page_delegate.h"
     15 #include "content/public/browser/web_contents.h"
     16 #include "content/public/browser/web_ui.h"
     17 #include "content/public/browser/web_ui_controller.h"
     18 #include "content/public/browser/web_ui_data_source.h"
     19 #include "net/base/net_errors.h"
     20 #include "net/base/url_util.h"
     21 #include "net/cert/x509_certificate.h"
     22 #include "net/ssl/ssl_info.h"
     23 
     24 namespace {
     25 
     26 class InterstitialHTMLSource : public content::URLDataSource {
     27  public:
     28   InterstitialHTMLSource(Profile* profile,
     29                          content::WebContents* web_contents);
     30   virtual ~InterstitialHTMLSource();
     31 
     32   // content::URLDataSource:
     33   virtual std::string GetMimeType(const std::string& mime_type) const OVERRIDE;
     34   virtual std::string GetSource() const OVERRIDE;
     35   virtual bool ShouldAddContentSecurityPolicy() const OVERRIDE;
     36   virtual void StartDataRequest(
     37       const std::string& path,
     38       int render_process_id,
     39       int render_frame_id,
     40       const content::URLDataSource::GotDataCallback& callback) OVERRIDE;
     41 
     42  private:
     43   Profile* profile_;
     44   content::WebContents* web_contents_;
     45   DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource);
     46 };
     47 
     48 SSLBlockingPage* CreateSSLBlockingPage(content::WebContents* web_contents) {
     49   // Random parameters for SSL blocking page.
     50   int cert_error = net::ERR_CERT_CONTAINS_ERRORS;
     51   GURL request_url("https://example.com");
     52   bool overridable = false;
     53   bool strict_enforcement = false;
     54   std::string url_param;
     55   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
     56                                  "url",
     57                                  &url_param)) {
     58     if (GURL(url_param).is_valid())
     59       request_url = GURL(url_param);
     60   }
     61   std::string overridable_param;
     62   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
     63                                  "overridable",
     64                                  &overridable_param)) {
     65     overridable = overridable_param == "1";
     66   }
     67   std::string strict_enforcement_param;
     68   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
     69                                  "strict_enforcement",
     70                                  &strict_enforcement_param)) {
     71     strict_enforcement = strict_enforcement_param == "1";
     72   }
     73   net::SSLInfo ssl_info;
     74   ssl_info.cert = new net::X509Certificate(
     75       request_url.host(), "CA", base::Time::Max(), base::Time::Max());
     76   // This delegate doesn't create an interstitial.
     77   int options_mask = 0;
     78   if (overridable)
     79     options_mask |= SSLBlockingPage::OVERRIDABLE;
     80   if (strict_enforcement)
     81     options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
     82   return new SSLBlockingPage(web_contents,
     83                              cert_error,
     84                              ssl_info,
     85                              request_url,
     86                              options_mask,
     87                              base::Callback<void(bool)>());
     88 }
     89 
     90 SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage(
     91     content::WebContents* web_contents) {
     92   SBThreatType threat_type = SB_THREAT_TYPE_URL_MALWARE;
     93   GURL request_url("http://example.com");
     94   std::string url_param;
     95   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
     96                                  "url",
     97                                  &url_param)) {
     98     if (GURL(url_param).is_valid())
     99       request_url = GURL(url_param);
    100   }
    101   std::string type_param;
    102   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
    103                                  "type",
    104                                  &type_param)) {
    105     if (type_param == "malware") {
    106       threat_type =  SB_THREAT_TYPE_URL_MALWARE;
    107     } else if (type_param == "phishing") {
    108       threat_type = SB_THREAT_TYPE_URL_PHISHING;
    109     } else if (type_param == "clientside_malware") {
    110       threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL;
    111     } else if (type_param == "clientside_phishing") {
    112       threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL;
    113       // Interstitials for client side phishing urls load after the page loads
    114       // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should
    115       // either be a new navigation entry, or there shouldn't be any pending
    116       // entries. Clear any pending navigation entries.
    117       content::NavigationController* controller =
    118           &web_contents->GetController();
    119       controller->DiscardNonCommittedEntries();
    120     }
    121   }
    122   SafeBrowsingBlockingPage::UnsafeResource resource;
    123   resource.url = request_url;
    124   resource.threat_type =  threat_type;
    125   // Create a blocking page without showing the interstitial.
    126   return SafeBrowsingBlockingPage::CreateBlockingPage(
    127       g_browser_process->safe_browsing_service()->ui_manager().get(),
    128       web_contents,
    129       resource);
    130 }
    131 
    132 } //  namespace
    133 
    134 InterstitialUI::InterstitialUI(content::WebUI* web_ui)
    135     : WebUIController(web_ui) {
    136   Profile* profile = Profile::FromWebUI(web_ui);
    137   scoped_ptr<InterstitialHTMLSource> html_source(
    138       new InterstitialHTMLSource(profile->GetOriginalProfile(),
    139                                  web_ui->GetWebContents()));
    140   content::URLDataSource::Add(profile, html_source.release());
    141 }
    142 
    143 InterstitialUI::~InterstitialUI() {
    144 }
    145 
    146 // InterstitialHTMLSource
    147 
    148 InterstitialHTMLSource::InterstitialHTMLSource(
    149     Profile* profile,
    150     content::WebContents* web_contents)
    151     : profile_(profile),
    152       web_contents_(web_contents) {
    153 }
    154 
    155 InterstitialHTMLSource::~InterstitialHTMLSource() {
    156 }
    157 
    158 std::string InterstitialHTMLSource::GetMimeType(
    159     const std::string& mime_type) const {
    160   return "text/html";
    161 }
    162 
    163 std::string InterstitialHTMLSource::GetSource() const {
    164   return chrome::kChromeUIInterstitialHost;
    165 }
    166 
    167 bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy()
    168     const {
    169   return false;
    170 }
    171 
    172 void InterstitialHTMLSource::StartDataRequest(
    173     const std::string& path,
    174     int render_process_id,
    175     int render_frame_id,
    176     const content::URLDataSource::GotDataCallback& callback) {
    177   scoped_ptr<content::InterstitialPageDelegate> interstitial_delegate;
    178   if (StartsWithASCII(path, "ssl", true)) {
    179     interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_));
    180   } else if (StartsWithASCII(path, "safebrowsing", true)) {
    181     interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents_));
    182   }
    183 
    184   std::string html;
    185   if (interstitial_delegate.get()) {
    186     html = interstitial_delegate.get()->GetHTMLContents();
    187   } else {
    188     html = "<html><head><title>Interstitials</title></head>"
    189            "<body><h2>Choose an interstitial<h2>"
    190            "<h3>SSL</h3>"
    191            "<a href='ssl'>example.com</a><br>"
    192            "<a href='ssl?url=https://google.com'>SSL (google.com)</a><br>"
    193            "<a href='ssl?overridable=1&strict_enforcement=0'>"
    194            "    example.com (Overridable)</a>"
    195            "<br><br>"
    196            "<h3>SafeBrowsing</h3>"
    197            "<a href='safebrowsing?type=malware'>Malware</a><br>"
    198            "<a href='safebrowsing?type=phishing'>Phishing</a><br>"
    199            "<a href='safebrowsing?type=clientside_malware'>"
    200            "    Client Side Malware</a><br>"
    201            "<a href='safebrowsing?type=clientside_phishing'>"
    202            "    Client Side Phishing</a><br>"
    203            "</body></html>";
    204   }
    205   scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString;
    206   html_bytes->data().assign(html.begin(), html.end());
    207   callback.Run(html_bytes.get());
    208 }
    209