blob: e9942c5aa6e3c7684e62a8f0833585afce5c3ecd [file] [log] [blame]
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "ios/chrome/browser/ssl/ios_ssl_error_handler.h"
#include "base/bind.h"
#include "base/callback.h"
#include "base/feature_list.h"
#include "base/memory/ptr_util.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/sys_string_conversions.h"
#include "components/captive_portal/core/captive_portal_detector.h"
#include "components/security_interstitials/core/metrics_helper.h"
#include "components/security_interstitials/core/ssl_error_options_mask.h"
#include "components/security_interstitials/core/ssl_error_ui.h"
#include "ios/chrome/browser/application_context.h"
#include "ios/chrome/browser/ssl/captive_portal_detector_tab_helper.h"
#include "ios/chrome/browser/ssl/captive_portal_metrics.h"
#include "ios/chrome/browser/ssl/ios_captive_portal_blocking_page.h"
#include "ios/chrome/browser/ssl/ios_ssl_blocking_page.h"
#import "ios/components/security_interstitials/ios_blocking_page_metrics_helper.h"
#import "ios/components/security_interstitials/ios_blocking_page_tab_helper.h"
#include "ios/web/public/browser_state.h"
#import "ios/web/public/web_state.h"
#include "net/ssl/ssl_info.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#if !defined(__has_feature) || !__has_feature(objc_arc)
#error "This file requires ARC support."
#endif
const char kSessionDetectionResultHistogram[] =
"CaptivePortal.Session.DetectionResult";
const int64_t kSSLInterstitialDelayInSeconds = 3;
using captive_portal::CaptivePortalDetector;
namespace {
std::unique_ptr<security_interstitials::IOSBlockingPageMetricsHelper>
CreateMetricsHelper(web::WebState* web_state,
const GURL& request_url,
bool overridable) {
// Set up the metrics helper for the SSLErrorUI.
security_interstitials::MetricsHelper::ReportDetails reporting_info;
reporting_info.metric_prefix =
overridable ? "ssl_overridable" : "ssl_nonoverridable";
return std::make_unique<security_interstitials::IOSBlockingPageMetricsHelper>(
web_state, request_url, reporting_info);
}
} // namespace
// static
void IOSSSLErrorHandler::HandleSSLError(
web::WebState* web_state,
int cert_error,
const net::SSLInfo& info,
const GURL& request_url,
bool overridable,
int64_t navigation_id,
base::OnceCallback<void(NSString*)> blocking_page_callback) {
DCHECK(web_state);
DCHECK(!FromWebState(web_state));
// TODO(crbug.com/747405): If certificate error is only a name mismatch,
// check if the cert is from a known captive portal.
web_state->SetUserData(
UserDataKey(), base::WrapUnique(new IOSSSLErrorHandler(
web_state, cert_error, info, request_url, overridable,
navigation_id, std::move(blocking_page_callback))));
FromWebState(web_state)->StartHandlingError();
}
IOSSSLErrorHandler::~IOSSSLErrorHandler() = default;
IOSSSLErrorHandler::IOSSSLErrorHandler(
web::WebState* web_state,
int cert_error,
const net::SSLInfo& info,
const GURL& request_url,
bool overridable,
int64_t navigation_id,
base::OnceCallback<void(NSString*)> blocking_page_callback)
: web_state_(web_state),
cert_error_(cert_error),
ssl_info_(info),
request_url_(request_url),
overridable_(overridable),
navigation_id_(navigation_id),
blocking_page_callback_(std::move(blocking_page_callback)),
weak_factory_(this) {}
void IOSSSLErrorHandler::StartHandlingError() {
CaptivePortalDetectorTabHelper* tab_helper =
CaptivePortalDetectorTabHelper::FromWebState(web_state_);
// TODO(crbug.com/760873): replace test with DCHECK when this method is only
// called on WebStates attached to tabs.
if (!tab_helper) {
return;
}
base::WeakPtr<IOSSSLErrorHandler> weak_error_handler =
weak_factory_.GetWeakPtr();
tab_helper->detector()->DetectCaptivePortal(
GURL(CaptivePortalDetector::kDefaultURL),
base::BindRepeating(
&IOSSSLErrorHandler::HandleCaptivePortalDetectionResult,
weak_error_handler),
NO_TRAFFIC_ANNOTATION_YET);
// Default to presenting the SSL interstitial if Captive Portal detection
// takes too long.
timer_.Start(FROM_HERE, base::Seconds(kSSLInterstitialDelayInSeconds), this,
&IOSSSLErrorHandler::ShowSSLInterstitial);
}
void IOSSSLErrorHandler::HandleCaptivePortalDetectionResult(
const CaptivePortalDetector::Results& results) {
timer_.Stop();
IOSSSLErrorHandler::LogCaptivePortalResult(results.result);
if (results.result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL) {
ShowCaptivePortalInterstitial(results.landing_url);
} else {
ShowSSLInterstitial();
}
}
void IOSSSLErrorHandler::ShowSSLInterstitial() {
timer_.Stop();
// Cancel the captive portal detection if it is still ongoing. This will be
// the case if |timer_| triggered the call of this method.
CaptivePortalDetectorTabHelper* tab_helper =
CaptivePortalDetectorTabHelper::FromWebState(web_state_);
tab_helper->detector()->Cancel();
int options_mask =
overridable_
? security_interstitials::SSLErrorOptionsMask::SOFT_OVERRIDE_ENABLED
: security_interstitials::SSLErrorOptionsMask::STRICT_ENFORCEMENT;
auto page = std::make_unique<IOSSSLBlockingPage>(
web_state_, cert_error_, ssl_info_, request_url_, options_mask,
base::Time::NowFromSystemTime(),
std::make_unique<security_interstitials::IOSBlockingPageControllerClient>(
web_state_,
CreateMetricsHelper(web_state_, request_url_, overridable_),
GetApplicationContext()->GetApplicationLocale()));
std::string error_html = page->GetHtmlContents();
security_interstitials::IOSBlockingPageTabHelper::FromWebState(web_state_)
->AssociateBlockingPage(navigation_id_, std::move(page));
std::move(blocking_page_callback_).Run(base::SysUTF8ToNSString(error_html));
// Once an interstitial is displayed, no need to keep the handler around.
// This is the equivalent of "delete this".
RemoveFromWebState(web_state_);
}
void IOSSSLErrorHandler::ShowCaptivePortalInterstitial(
const GURL& landing_url) {
auto page = std::make_unique<IOSCaptivePortalBlockingPage>(
web_state_, request_url_, landing_url,
new security_interstitials::IOSBlockingPageControllerClient(
web_state_,
CreateMetricsHelper(web_state_, request_url_, overridable_),
GetApplicationContext()->GetApplicationLocale()));
std::string error_html = page->GetHtmlContents();
security_interstitials::IOSBlockingPageTabHelper::FromWebState(web_state_)
->AssociateBlockingPage(navigation_id_, std::move(page));
std::move(blocking_page_callback_).Run(base::SysUTF8ToNSString(error_html));
// Once an interstitial is displayed, no need to keep the handler around.
// This is the equivalent of "delete this".
RemoveFromWebState(web_state_);
}
// static
void IOSSSLErrorHandler::LogCaptivePortalResult(
captive_portal::CaptivePortalResult result) {
CaptivePortalStatus status;
switch (result) {
case captive_portal::RESULT_INTERNET_CONNECTED:
status = CaptivePortalStatus::ONLINE;
break;
case captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL:
status = CaptivePortalStatus::PORTAL;
break;
default:
status = CaptivePortalStatus::UNKNOWN;
break;
}
UMA_HISTOGRAM_ENUMERATION(kSessionDetectionResultHistogram,
static_cast<int>(status),
static_cast<int>(CaptivePortalStatus::COUNT));
}
WEB_STATE_USER_DATA_KEY_IMPL(IOSSSLErrorHandler)