blob: afa538992741b6a5ceaa26b9547d58febb4a6885 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/ssl/captive_portal_blocking_page.h"
#include <utility>
#include "base/i18n/rtl.h"
#include "base/memory/ptr_util.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "base/values.h"
#include "build/build_config.h"
#include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
#include "chrome/browser/interstitials/chrome_metrics_helper.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/ssl/cert_report_helper.h"
#include "chrome/browser/ssl/ssl_cert_reporter.h"
#include "chrome/browser/ssl/ssl_error_controller_client.h"
#include "components/captive_portal/captive_portal_detector.h"
#include "components/captive_portal/captive_portal_metrics.h"
#include "components/certificate_reporting/error_reporter.h"
#include "components/safe_browsing/common/safe_browsing_prefs.h"
#include "components/security_interstitials/core/controller_client.h"
#include "components/security_interstitials/core/metrics_helper.h"
#include "components/strings/grit/components_strings.h"
#include "components/url_formatter/url_formatter.h"
#include "components/wifi/wifi_service.h"
#include "content/public/browser/navigation_entry.h"
#include "content/public/browser/ssl_status.h"
#include "content/public/browser/web_contents.h"
#include "net/base/network_change_notifier.h"
#include "net/base/network_interfaces.h"
#include "net/ssl/ssl_info.h"
#include "ui/base/l10n/l10n_util.h"
#if defined(OS_ANDROID)
#include "base/android/jni_android.h"
#include "chrome/browser/ssl/captive_portal_helper_android.h"
#include "content/public/common/referrer.h"
#include "net/android/network_library.h"
#include "ui/base/window_open_disposition.h"
#endif
namespace {
const char kMetricsName[] = "captive_portal";
std::unique_ptr<ChromeMetricsHelper> CreateMetricsHelper(
content::WebContents* web_contents,
const GURL& request_url) {
security_interstitials::MetricsHelper::ReportDetails reporting_info;
reporting_info.metric_prefix = kMetricsName;
std::unique_ptr<ChromeMetricsHelper> metrics_helper =
base::MakeUnique<ChromeMetricsHelper>(web_contents, request_url,
reporting_info, kMetricsName);
metrics_helper.get()->StartRecordingCaptivePortalMetrics(false);
return metrics_helper;
}
} // namespace
// static
const void* const CaptivePortalBlockingPage::kTypeForTesting =
&CaptivePortalBlockingPage::kTypeForTesting;
CaptivePortalBlockingPage::CaptivePortalBlockingPage(
content::WebContents* web_contents,
const GURL& request_url,
const GURL& login_url,
std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
const net::SSLInfo& ssl_info,
const base::Callback<void(content::CertificateRequestResultType)>& callback)
: SSLBlockingPageBase(
web_contents,
certificate_reporting::ErrorReport::INTERSTITIAL_CAPTIVE_PORTAL,
ssl_info,
request_url,
std::move(ssl_cert_reporter),
false /* overridable */,
base::Time::Now(),
base::MakeUnique<SSLErrorControllerClient>(
web_contents,
ssl_info,
request_url,
CreateMetricsHelper(web_contents, request_url))),
login_url_(login_url),
ssl_info_(ssl_info),
callback_(callback) {
captive_portal::CaptivePortalMetrics::LogCaptivePortalBlockingPageEvent(
captive_portal::CaptivePortalMetrics::SHOW_ALL);
}
CaptivePortalBlockingPage::~CaptivePortalBlockingPage() {
}
const void* CaptivePortalBlockingPage::GetTypeForTesting() const {
return CaptivePortalBlockingPage::kTypeForTesting;
}
bool CaptivePortalBlockingPage::IsWifiConnection() const {
// |net::NetworkChangeNotifier::GetConnectionType| isn't accurate on Linux
// and Windows. See https://crbug.com/160537 for details.
// TODO(meacer): Add heuristics to get a more accurate connection type on
// these platforms.
return net::NetworkChangeNotifier::GetConnectionType() ==
net::NetworkChangeNotifier::CONNECTION_WIFI;
}
std::string CaptivePortalBlockingPage::GetWiFiSSID() const {
// On Windows and Mac, |WiFiService| provides an easy to use API to get the
// currently associated WiFi access point. |WiFiService| isn't available on
// Linux so |net::GetWifiSSID| is used instead.
std::string ssid;
#if defined(OS_WIN) || defined(OS_MACOSX)
std::unique_ptr<wifi::WiFiService> wifi_service(wifi::WiFiService::Create());
wifi_service->Initialize(nullptr);
std::string error;
wifi_service->GetConnectedNetworkSSID(&ssid, &error);
if (!error.empty())
return std::string();
#elif defined(OS_LINUX)
ssid = net::GetWifiSSID();
#elif defined(OS_ANDROID)
ssid = net::android::GetWifiSSID();
#endif
// TODO(meacer): Handle non UTF8 SSIDs.
if (!base::IsStringUTF8(ssid))
return std::string();
return ssid;
}
bool CaptivePortalBlockingPage::ShouldCreateNewNavigation() const {
// Captive portal interstitials always create new navigation entries, as
// opposed to SafeBrowsing subresource interstitials which just block access
// to the current page and don't create a new entry.
return true;
}
void CaptivePortalBlockingPage::PopulateInterstitialStrings(
base::DictionaryValue* load_time_data) {
load_time_data->SetString("iconClass", "icon-offline");
load_time_data->SetString("type", "CAPTIVE_PORTAL");
load_time_data->SetBoolean("overridable", false);
load_time_data->SetBoolean("hide_primary_button", false);
// |IsWifiConnection| isn't accurate on some platforms, so always try to get
// the Wi-Fi SSID even if |IsWifiConnection| is false.
std::string wifi_ssid = GetWiFiSSID();
bool is_wifi = !wifi_ssid.empty() || IsWifiConnection();
load_time_data->SetString(
"primaryButtonText",
l10n_util::GetStringUTF16(IDS_CAPTIVE_PORTAL_BUTTON_OPEN_LOGIN_PAGE));
base::string16 tab_title =
l10n_util::GetStringUTF16(is_wifi ? IDS_CAPTIVE_PORTAL_HEADING_WIFI
: IDS_CAPTIVE_PORTAL_HEADING_WIRED);
load_time_data->SetString("tabTitle", tab_title);
load_time_data->SetString("heading", tab_title);
base::string16 paragraph;
if (login_url_.is_empty() ||
login_url_.spec() == captive_portal::CaptivePortalDetector::kDefaultURL) {
// Don't show the login url when it's empty or is the portal detection URL.
// login_url_ can be empty when:
// - The captive portal intercepted requests without HTTP redirects, in
// which case the login url would be the same as the captive portal
// detection url.
// - The captive portal was detected via Captive portal certificate list.
// - The captive portal was reported by the OS.
if (wifi_ssid.empty()) {
paragraph = l10n_util::GetStringUTF16(
is_wifi ? IDS_CAPTIVE_PORTAL_PRIMARY_PARAGRAPH_NO_LOGIN_URL_WIFI
: IDS_CAPTIVE_PORTAL_PRIMARY_PARAGRAPH_NO_LOGIN_URL_WIRED);
} else {
paragraph = l10n_util::GetStringFUTF16(
IDS_CAPTIVE_PORTAL_PRIMARY_PARAGRAPH_NO_LOGIN_URL_WIFI_SSID,
net::EscapeForHTML(base::UTF8ToUTF16(wifi_ssid)));
}
} else {
// Portal redirection was done with HTTP redirects, so show the login URL.
// If |languages| is empty, punycode in |login_host| will always be decoded.
base::string16 login_host =
url_formatter::IDNToUnicode(login_url_.host());
if (base::i18n::IsRTL())
base::i18n::WrapStringWithLTRFormatting(&login_host);
if (wifi_ssid.empty()) {
paragraph = l10n_util::GetStringFUTF16(
is_wifi ? IDS_CAPTIVE_PORTAL_PRIMARY_PARAGRAPH_WIFI
: IDS_CAPTIVE_PORTAL_PRIMARY_PARAGRAPH_WIRED,
login_host);
} else {
paragraph = l10n_util::GetStringFUTF16(
IDS_CAPTIVE_PORTAL_PRIMARY_PARAGRAPH_WIFI_SSID,
net::EscapeForHTML(base::UTF8ToUTF16(wifi_ssid)), login_host);
}
}
load_time_data->SetString("primaryParagraph", paragraph);
// Explicitly specify other expected fields to empty.
load_time_data->SetString("openDetails", base::string16());
load_time_data->SetString("closeDetails", base::string16());
load_time_data->SetString("explanationParagraph", base::string16());
load_time_data->SetString("finalParagraph", base::string16());
if (cert_report_helper())
cert_report_helper()->PopulateExtendedReportingOption(load_time_data);
else
load_time_data->SetBoolean(security_interstitials::kDisplayCheckBox, false);
}
void CaptivePortalBlockingPage::CommandReceived(const std::string& command) {
if (command == "\"pageLoadComplete\"") {
// content::WaitForRenderFrameReady sends this message when the page
// load completes. Ignore it.
return;
}
int command_num = 0;
bool command_is_num = base::StringToInt(command, &command_num);
DCHECK(command_is_num) << command;
security_interstitials::SecurityInterstitialCommand cmd =
static_cast<security_interstitials::SecurityInterstitialCommand>(
command_num);
cert_report_helper()->HandleReportingCommands(cmd,
controller()->GetPrefService());
switch (cmd) {
case security_interstitials::CMD_OPEN_LOGIN:
captive_portal::CaptivePortalMetrics::LogCaptivePortalBlockingPageEvent(
captive_portal::CaptivePortalMetrics::OPEN_LOGIN_PAGE);
#if defined(OS_ANDROID)
{
// CaptivePortalTabHelper is not available on Android. Simply open the
// login URL in a new tab. login_url_ is also always empty on Android,
// use the platform's portal detection URL.
const std::string url = chrome::android::GetCaptivePortalServerUrl(
base::android::AttachCurrentThread());
content::OpenURLParams params(GURL(url), content::Referrer(),
WindowOpenDisposition::NEW_FOREGROUND_TAB,
ui::PAGE_TRANSITION_LINK, false);
web_contents()->OpenURL(params);
}
#else
CaptivePortalTabHelper::OpenLoginTabForWebContents(web_contents(), true);
#endif
break;
case security_interstitials::CMD_OPEN_REPORTING_PRIVACY:
controller()->OpenExtendedReportingPrivacyPolicy(true);
break;
case security_interstitials::CMD_OPEN_WHITEPAPER:
controller()->OpenExtendedReportingWhitepaper(true);
break;
case security_interstitials::CMD_ERROR:
case security_interstitials::CMD_TEXT_FOUND:
case security_interstitials::CMD_TEXT_NOT_FOUND:
// Commands are for testing.
break;
default:
NOTREACHED() << "Command " << cmd
<< " isn't handled by the captive portal interstitial.";
}
}
void CaptivePortalBlockingPage::OverrideEntry(content::NavigationEntry* entry) {
entry->GetSSL() = content::SSLStatus(ssl_info_);
}
void CaptivePortalBlockingPage::OnProceed() {
NOTREACHED()
<< "Cannot proceed through the error on a captive portal interstitial.";
}
void CaptivePortalBlockingPage::OnDontProceed() {
OnInterstitialClosing();
// Need to explicity deny the certificate via the callback, otherwise memory
// is leaked.
if (!callback_.is_null()) {
callback_.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL);
callback_.Reset();
}
}