1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" 6 7#include "base/strings/string_util.h" 8#include "chrome/browser/browser_process.h" 9#include "chrome/browser/profiles/profile.h" 10#include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" 11#include "chrome/browser/safe_browsing/safe_browsing_service.h" 12#include "chrome/browser/ssl/ssl_blocking_page.h" 13#include "chrome/common/url_constants.h" 14#include "content/public/browser/interstitial_page_delegate.h" 15#include "content/public/browser/web_contents.h" 16#include "content/public/browser/web_ui.h" 17#include "content/public/browser/web_ui_controller.h" 18#include "content/public/browser/web_ui_data_source.h" 19#include "net/base/net_errors.h" 20#include "net/base/url_util.h" 21#include "net/cert/x509_certificate.h" 22#include "net/ssl/ssl_info.h" 23 24namespace { 25 26class InterstitialHTMLSource : public content::URLDataSource { 27 public: 28 InterstitialHTMLSource(Profile* profile, 29 content::WebContents* web_contents); 30 virtual ~InterstitialHTMLSource(); 31 32 // content::URLDataSource: 33 virtual std::string GetMimeType(const std::string& mime_type) const OVERRIDE; 34 virtual std::string GetSource() const OVERRIDE; 35 virtual bool ShouldAddContentSecurityPolicy() const OVERRIDE; 36 virtual void StartDataRequest( 37 const std::string& path, 38 int render_process_id, 39 int render_frame_id, 40 const content::URLDataSource::GotDataCallback& callback) OVERRIDE; 41 42 private: 43 Profile* profile_; 44 content::WebContents* web_contents_; 45 DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource); 46}; 47 48SSLBlockingPage* CreateSSLBlockingPage(content::WebContents* web_contents) { 49 // Random parameters for SSL blocking page. 50 int cert_error = net::ERR_CERT_CONTAINS_ERRORS; 51 GURL request_url("https://example.com"); 52 bool overridable = false; 53 bool strict_enforcement = false; 54 std::string url_param; 55 if (net::GetValueForKeyInQuery(web_contents->GetURL(), 56 "url", 57 &url_param)) { 58 if (GURL(url_param).is_valid()) 59 request_url = GURL(url_param); 60 } 61 std::string overridable_param; 62 if (net::GetValueForKeyInQuery(web_contents->GetURL(), 63 "overridable", 64 &overridable_param)) { 65 overridable = overridable_param == "1"; 66 } 67 std::string strict_enforcement_param; 68 if (net::GetValueForKeyInQuery(web_contents->GetURL(), 69 "strict_enforcement", 70 &strict_enforcement_param)) { 71 strict_enforcement = strict_enforcement_param == "1"; 72 } 73 net::SSLInfo ssl_info; 74 ssl_info.cert = new net::X509Certificate( 75 request_url.host(), "CA", base::Time::Max(), base::Time::Max()); 76 // This delegate doesn't create an interstitial. 77 int options_mask = 0; 78 if (overridable) 79 options_mask |= SSLBlockingPage::OVERRIDABLE; 80 if (strict_enforcement) 81 options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT; 82 return new SSLBlockingPage(web_contents, 83 cert_error, 84 ssl_info, 85 request_url, 86 options_mask, 87 base::Callback<void(bool)>()); 88} 89 90SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage( 91 content::WebContents* web_contents) { 92 SBThreatType threat_type = SB_THREAT_TYPE_URL_MALWARE; 93 GURL request_url("http://example.com"); 94 std::string url_param; 95 if (net::GetValueForKeyInQuery(web_contents->GetURL(), 96 "url", 97 &url_param)) { 98 if (GURL(url_param).is_valid()) 99 request_url = GURL(url_param); 100 } 101 std::string type_param; 102 if (net::GetValueForKeyInQuery(web_contents->GetURL(), 103 "type", 104 &type_param)) { 105 if (type_param == "malware") { 106 threat_type = SB_THREAT_TYPE_URL_MALWARE; 107 } else if (type_param == "phishing") { 108 threat_type = SB_THREAT_TYPE_URL_PHISHING; 109 } else if (type_param == "clientside_malware") { 110 threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; 111 } else if (type_param == "clientside_phishing") { 112 threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; 113 // Interstitials for client side phishing urls load after the page loads 114 // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should 115 // either be a new navigation entry, or there shouldn't be any pending 116 // entries. Clear any pending navigation entries. 117 content::NavigationController* controller = 118 &web_contents->GetController(); 119 controller->DiscardNonCommittedEntries(); 120 } 121 } 122 SafeBrowsingBlockingPage::UnsafeResource resource; 123 resource.url = request_url; 124 resource.threat_type = threat_type; 125 // Create a blocking page without showing the interstitial. 126 return SafeBrowsingBlockingPage::CreateBlockingPage( 127 g_browser_process->safe_browsing_service()->ui_manager().get(), 128 web_contents, 129 resource); 130} 131 132} // namespace 133 134InterstitialUI::InterstitialUI(content::WebUI* web_ui) 135 : WebUIController(web_ui) { 136 Profile* profile = Profile::FromWebUI(web_ui); 137 scoped_ptr<InterstitialHTMLSource> html_source( 138 new InterstitialHTMLSource(profile->GetOriginalProfile(), 139 web_ui->GetWebContents())); 140 content::URLDataSource::Add(profile, html_source.release()); 141} 142 143InterstitialUI::~InterstitialUI() { 144} 145 146// InterstitialHTMLSource 147 148InterstitialHTMLSource::InterstitialHTMLSource( 149 Profile* profile, 150 content::WebContents* web_contents) 151 : profile_(profile), 152 web_contents_(web_contents) { 153} 154 155InterstitialHTMLSource::~InterstitialHTMLSource() { 156} 157 158std::string InterstitialHTMLSource::GetMimeType( 159 const std::string& mime_type) const { 160 return "text/html"; 161} 162 163std::string InterstitialHTMLSource::GetSource() const { 164 return chrome::kChromeUIInterstitialHost; 165} 166 167bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy() 168 const { 169 return false; 170} 171 172void InterstitialHTMLSource::StartDataRequest( 173 const std::string& path, 174 int render_process_id, 175 int render_frame_id, 176 const content::URLDataSource::GotDataCallback& callback) { 177 scoped_ptr<content::InterstitialPageDelegate> interstitial_delegate; 178 if (StartsWithASCII(path, "ssl", true)) { 179 interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_)); 180 } else if (StartsWithASCII(path, "safebrowsing", true)) { 181 interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents_)); 182 } 183 184 std::string html; 185 if (interstitial_delegate.get()) { 186 html = interstitial_delegate.get()->GetHTMLContents(); 187 } else { 188 html = "<html><head><title>Interstitials</title></head>" 189 "<body><h2>Choose an interstitial<h2>" 190 "<h3>SSL</h3>" 191 "<a href='ssl'>example.com</a><br>" 192 "<a href='ssl?url=https://google.com'>SSL (google.com)</a><br>" 193 "<a href='ssl?overridable=1&strict_enforcement=0'>" 194 " example.com (Overridable)</a>" 195 "<br><br>" 196 "<h3>SafeBrowsing</h3>" 197 "<a href='safebrowsing?type=malware'>Malware</a><br>" 198 "<a href='safebrowsing?type=phishing'>Phishing</a><br>" 199 "<a href='safebrowsing?type=clientside_malware'>" 200 " Client Side Malware</a><br>" 201 "<a href='safebrowsing?type=clientside_phishing'>" 202 " Client Side Phishing</a><br>" 203 "</body></html>"; 204 } 205 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; 206 html_bytes->data().assign(html.begin(), html.end()); 207 callback.Run(html_bytes.get()); 208} 209