1// Copyright 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
6
7#include "base/command_line.h"
8#include "base/metrics/field_trial.h"
9#include "base/prefs/pref_service.h"
10#include "base/strings/utf_string_conversions.h"
11#include "base/time/time.h"
12#include "chrome/browser/autocomplete/autocomplete_classifier.h"
13#include "chrome/browser/autocomplete/autocomplete_classifier_factory.h"
14#include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h"
15#include "chrome/browser/profiles/profile.h"
16#include "chrome/browser/search/search.h"
17#include "chrome/browser/ssl/ssl_error_info.h"
18#include "chrome/browser/ui/toolbar/toolbar_model_delegate.h"
19#include "chrome/common/chrome_constants.h"
20#include "chrome/common/chrome_switches.h"
21#include "chrome/common/pref_names.h"
22#include "chrome/common/url_constants.h"
23#include "chrome/grit/generated_resources.h"
24#include "components/google/core/browser/google_util.h"
25#include "components/omnibox/autocomplete_input.h"
26#include "components/omnibox/autocomplete_match.h"
27#include "content/public/browser/cert_store.h"
28#include "content/public/browser/navigation_controller.h"
29#include "content/public/browser/navigation_entry.h"
30#include "content/public/browser/web_contents.h"
31#include "content/public/browser/web_ui.h"
32#include "content/public/common/content_constants.h"
33#include "content/public/common/ssl_status.h"
34#include "grit/components_scaled_resources.h"
35#include "grit/theme_resources.h"
36#include "net/base/net_util.h"
37#include "net/cert/cert_status_flags.h"
38#include "net/cert/x509_certificate.h"
39#include "net/ssl/ssl_connection_status_flags.h"
40#include "ui/base/l10n/l10n_util.h"
41
42#if defined(OS_CHROMEOS)
43#include "chrome/browser/chromeos/policy/policy_cert_service.h"
44#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
45#endif
46
47using content::NavigationController;
48using content::NavigationEntry;
49using content::SSLStatus;
50using content::WebContents;
51
52namespace {
53
54// Converts a SHA-1 field trial group into the appropriate SecurityLevel.
55bool GetSecurityLevelForFieldTrialGroup(const std::string& group,
56                                        ToolbarModel::SecurityLevel* level) {
57  if (group == "Error")
58    *level = ToolbarModel::SECURITY_ERROR;
59  else if (group == "Warning")
60    *level = ToolbarModel::SECURITY_WARNING;
61  else if (group == "HTTP")
62    *level = ToolbarModel::NONE;
63  else
64    return false;
65  return true;
66}
67
68}  // namespace
69
70ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
71    : delegate_(delegate) {
72}
73
74ToolbarModelImpl::~ToolbarModelImpl() {
75}
76
77// static
78ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
79      content::WebContents* web_contents) {
80  if (!web_contents)
81    return NONE;
82
83  NavigationEntry* entry = web_contents->GetController().GetVisibleEntry();
84  if (!entry)
85    return NONE;
86
87  const SSLStatus& ssl = entry->GetSSL();
88  switch (ssl.security_style) {
89    case content::SECURITY_STYLE_UNKNOWN:
90    case content::SECURITY_STYLE_UNAUTHENTICATED:
91      return NONE;
92
93    case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
94      return SECURITY_ERROR;
95
96    case content::SECURITY_STYLE_AUTHENTICATED: {
97#if defined(OS_CHROMEOS)
98      policy::PolicyCertService* service =
99          policy::PolicyCertServiceFactory::GetForProfile(
100              Profile::FromBrowserContext(web_contents->GetBrowserContext()));
101      if (service && service->UsedPolicyCertificates())
102        return SECURITY_POLICY_WARNING;
103#endif
104      if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))
105        return SECURITY_WARNING;
106      scoped_refptr<net::X509Certificate> cert;
107      if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
108          (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
109        // The internal representation of the dates for UI treatment of SHA-1.
110        // See http://crbug.com/401365 for details
111        static const int64_t kJanuary2017 = INT64_C(13127702400000000);
112        static const int64_t kJune2016 = INT64_C(13109213000000000);
113        static const int64_t kJanuary2016 = INT64_C(13096080000000000);
114
115        ToolbarModel::SecurityLevel security_level = NONE;
116        // Gated behind a field trial, so that it is possible to adjust the
117        // UI treatment (to be more or less severe, as necessary) over the
118        // course of multiple releases.
119        // See http://crbug.com/401365 for the timeline, with the end state
120        // being that > kJanuary2017 = Error, and > kJanuary2016 =
121        // Warning, and kJune2016 disappearing entirely.
122        if (cert->valid_expiry() >=
123                base::Time::FromInternalValue(kJanuary2017) &&
124            GetSecurityLevelForFieldTrialGroup(
125                base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2017"),
126                &security_level)) {
127          return security_level;
128        }
129        if (cert->valid_expiry() >= base::Time::FromInternalValue(kJune2016) &&
130            GetSecurityLevelForFieldTrialGroup(
131                base::FieldTrialList::FindFullName("SHA1ToolbarUIJune2016"),
132                &security_level)) {
133          return security_level;
134        }
135        if (cert->valid_expiry() >=
136                base::Time::FromInternalValue(kJanuary2016) &&
137            GetSecurityLevelForFieldTrialGroup(
138                base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2016"),
139                &security_level)) {
140          return security_level;
141        }
142      }
143      if (net::IsCertStatusError(ssl.cert_status)) {
144        DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
145        return SECURITY_WARNING;
146      }
147      if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
148          net::SSL_CONNECTION_VERSION_SSL3) {
149        // SSLv3 will be removed in the future.
150        return SECURITY_WARNING;
151      }
152      if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())
153        return EV_SECURE;
154      return SECURE;
155    }
156    default:
157      NOTREACHED();
158      return NONE;
159  }
160}
161
162// ToolbarModelImpl Implementation.
163base::string16 ToolbarModelImpl::GetText() const {
164  base::string16 search_terms(GetSearchTerms(false));
165  if (!search_terms.empty())
166    return search_terms;
167
168  if (WouldOmitURLDueToOriginChip())
169    return base::string16();
170
171  return GetFormattedURL(NULL);
172}
173
174base::string16 ToolbarModelImpl::GetFormattedURL(size_t* prefix_end) const {
175  std::string languages;  // Empty if we don't have a |navigation_controller|.
176  Profile* profile = GetProfile();
177  if (profile)
178    languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages);
179
180  GURL url(GetURL());
181  if (url.spec().length() > content::kMaxURLDisplayChars)
182    url = url.IsStandard() ? url.GetOrigin() : GURL(url.scheme() + ":");
183  // Note that we can't unescape spaces here, because if the user copies this
184  // and pastes it into another program, that program may think the URL ends at
185  // the space.
186  return AutocompleteInput::FormattedStringWithEquivalentMeaning(
187      url, net::FormatUrl(url, languages, net::kFormatUrlOmitAll,
188                          net::UnescapeRule::NORMAL, NULL, prefix_end, NULL),
189      ChromeAutocompleteSchemeClassifier(profile));
190}
191
192base::string16 ToolbarModelImpl::GetCorpusNameForMobile() const {
193  if (!WouldPerformSearchTermReplacement(false))
194    return base::string16();
195  GURL url(GetURL());
196  // If there is a query in the url fragment look for the corpus name there,
197  // otherwise look for the corpus name in the query parameters.
198  const std::string& query_str(google_util::HasGoogleSearchQueryParam(
199      url.ref()) ? url.ref() : url.query());
200  url::Component query(0, query_str.length()), key, value;
201  const char kChipKey[] = "sboxchip";
202  while (url::ExtractQueryKeyValue(query_str.c_str(), &query, &key, &value)) {
203    if (key.is_nonempty() && query_str.substr(key.begin, key.len) == kChipKey) {
204      return net::UnescapeAndDecodeUTF8URLComponent(
205          query_str.substr(value.begin, value.len),
206          net::UnescapeRule::NORMAL);
207    }
208  }
209  return base::string16();
210}
211
212GURL ToolbarModelImpl::GetURL() const {
213  const NavigationController* navigation_controller = GetNavigationController();
214  if (navigation_controller) {
215    const NavigationEntry* entry = navigation_controller->GetVisibleEntry();
216    if (entry)
217      return ShouldDisplayURL() ? entry->GetVirtualURL() : GURL();
218  }
219
220  return GURL(url::kAboutBlankURL);
221}
222
223bool ToolbarModelImpl::WouldPerformSearchTermReplacement(
224    bool ignore_editing) const {
225  return !GetSearchTerms(ignore_editing).empty();
226}
227
228ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevel(
229    bool ignore_editing) const {
230  // When editing, assume no security style.
231  return (input_in_progress() && !ignore_editing) ?
232      NONE : GetSecurityLevelForWebContents(delegate_->GetActiveWebContents());
233}
234
235int ToolbarModelImpl::GetIcon() const {
236  if (WouldPerformSearchTermReplacement(false)) {
237    // The secured version of the search icon is necessary if neither the search
238    // button nor origin chip are present to indicate the security state.
239    return (chrome::GetDisplaySearchButtonConditions() ==
240        chrome::DISPLAY_SEARCH_BUTTON_NEVER) &&
241        !chrome::ShouldDisplayOriginChip() ?
242            IDR_OMNIBOX_SEARCH_SECURED : IDR_OMNIBOX_SEARCH;
243  }
244
245  return GetIconForSecurityLevel(GetSecurityLevel(false));
246}
247
248int ToolbarModelImpl::GetIconForSecurityLevel(SecurityLevel level) const {
249  static int icon_ids[NUM_SECURITY_LEVELS] = {
250    IDR_LOCATION_BAR_HTTP,
251    IDR_OMNIBOX_HTTPS_VALID,
252    IDR_OMNIBOX_HTTPS_VALID,
253    IDR_OMNIBOX_HTTPS_WARNING,
254    IDR_OMNIBOX_HTTPS_POLICY_WARNING,
255    IDR_OMNIBOX_HTTPS_INVALID,
256  };
257  DCHECK(arraysize(icon_ids) == NUM_SECURITY_LEVELS);
258  return icon_ids[level];
259}
260
261base::string16 ToolbarModelImpl::GetEVCertName() const {
262  if (GetSecurityLevel(false) != EV_SECURE)
263    return base::string16();
264
265  // Note: Navigation controller and active entry are guaranteed non-NULL or
266  // the security level would be NONE.
267  scoped_refptr<net::X509Certificate> cert;
268  content::CertStore::GetInstance()->RetrieveCert(
269      GetNavigationController()->GetVisibleEntry()->GetSSL().cert_id, &cert);
270
271  // EV are required to have an organization name and country.
272  DCHECK(!cert->subject().organization_names.empty());
273  DCHECK(!cert->subject().country_name.empty());
274  return l10n_util::GetStringFUTF16(
275      IDS_SECURE_CONNECTION_EV,
276      base::UTF8ToUTF16(cert->subject().organization_names[0]),
277      base::UTF8ToUTF16(cert->subject().country_name));
278}
279
280bool ToolbarModelImpl::ShouldDisplayURL() const {
281  // Note: The order here is important.
282  // - The WebUI test must come before the extension scheme test because there
283  //   can be WebUIs that have extension schemes (e.g. the bookmark manager). In
284  //   that case, we should prefer what the WebUI instance says.
285  // - The view-source test must come before the NTP test because of the case
286  //   of view-source:chrome://newtab, which should display its URL despite what
287  //   chrome://newtab says.
288  NavigationController* controller = GetNavigationController();
289  NavigationEntry* entry = controller ? controller->GetVisibleEntry() : NULL;
290  if (entry) {
291    if (entry->IsViewSourceMode() ||
292        entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL) {
293      return true;
294    }
295
296    GURL url = entry->GetURL();
297    GURL virtual_url = entry->GetVirtualURL();
298    if (url.SchemeIs(content::kChromeUIScheme) ||
299        virtual_url.SchemeIs(content::kChromeUIScheme)) {
300      if (!url.SchemeIs(content::kChromeUIScheme))
301        url = virtual_url;
302      return url.host() != chrome::kChromeUINewTabHost;
303    }
304  }
305
306  return !chrome::IsInstantNTP(delegate_->GetActiveWebContents());
307}
308
309bool ToolbarModelImpl::WouldOmitURLDueToOriginChip() const {
310  const char kInterstitialShownKey[] = "interstitial_shown";
311
312  // When users type URLs and hit enter, continue to show those URLs until
313  // the navigation commits or an interstitial is shown, because having the
314  // omnibox clear immediately feels like the input was ignored.
315  NavigationController* navigation_controller = GetNavigationController();
316  if (navigation_controller) {
317    NavigationEntry* pending_entry = navigation_controller->GetPendingEntry();
318    if (pending_entry) {
319      const NavigationEntry* visible_entry =
320          navigation_controller->GetVisibleEntry();
321      base::string16 unused;
322      // Keep track that we've shown the origin chip on an interstitial so it
323      // can be shown even after the interstitial was dismissed, to avoid
324      // showing the chip, removing it and then showing it again.
325      if (visible_entry &&
326          visible_entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL &&
327          !pending_entry->GetExtraData(kInterstitialShownKey, &unused))
328        pending_entry->SetExtraData(kInterstitialShownKey, base::string16());
329      const ui::PageTransition transition_type =
330          pending_entry->GetTransitionType();
331      if ((transition_type & ui::PAGE_TRANSITION_TYPED) != 0 &&
332          !pending_entry->GetExtraData(kInterstitialShownKey, &unused))
333        return false;
334    }
335  }
336
337  if (!delegate_->InTabbedBrowser() || !ShouldDisplayURL() ||
338      !url_replacement_enabled())
339    return false;
340
341  if (chrome::ShouldDisplayOriginChip())
342    return true;
343
344  const chrome::OriginChipCondition chip_condition =
345      chrome::GetOriginChipCondition();
346  return (chip_condition == chrome::ORIGIN_CHIP_ALWAYS) ||
347      ((chip_condition == chrome::ORIGIN_CHIP_ON_SRP) &&
348       WouldPerformSearchTermReplacement(false));
349}
350
351NavigationController* ToolbarModelImpl::GetNavigationController() const {
352  // This |current_tab| can be NULL during the initialization of the
353  // toolbar during window creation (i.e. before any tabs have been added
354  // to the window).
355  WebContents* current_tab = delegate_->GetActiveWebContents();
356  return current_tab ? &current_tab->GetController() : NULL;
357}
358
359Profile* ToolbarModelImpl::GetProfile() const {
360  NavigationController* navigation_controller = GetNavigationController();
361  return navigation_controller ?
362      Profile::FromBrowserContext(navigation_controller->GetBrowserContext()) :
363      NULL;
364}
365
366base::string16 ToolbarModelImpl::GetSearchTerms(bool ignore_editing) const {
367  if (!url_replacement_enabled() || (input_in_progress() && !ignore_editing))
368    return base::string16();
369
370  const WebContents* web_contents = delegate_->GetActiveWebContents();
371  base::string16 search_terms(chrome::GetSearchTerms(web_contents));
372  if (search_terms.empty()) {
373    // We mainly do this to enforce the subsequent DCHECK.
374    return base::string16();
375  }
376
377  // If the page is still loading and the security style is unknown, consider
378  // the page secure.  Without this, after the user hit enter on some search
379  // terms, the omnibox would change to displaying the loading URL before
380  // changing back to the search terms once they could be extracted, thus
381  // causing annoying flicker.
382  DCHECK(web_contents);
383  const NavigationController& nav_controller = web_contents->GetController();
384  const NavigationEntry* entry = nav_controller.GetVisibleEntry();
385  if ((entry != nav_controller.GetLastCommittedEntry()) &&
386      (entry->GetSSL().security_style == content::SECURITY_STYLE_UNKNOWN))
387    return search_terms;
388
389  // If the URL is using a Google base URL specified via the command line, we
390  // bypass the security check below.
391  if (entry &&
392      google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL()))
393    return search_terms;
394
395  // Otherwise, extract search terms for HTTPS pages that do not have a security
396  // error.
397  ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing);
398  return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ?
399      base::string16() : search_terms;
400}
401