Componentize the SSL blocking page

This introduces security_interstitials::SSLErrorUI, which provides the C++ backing to the SSL error page JS. It dispatches user commands to the ControllerClient. All of this code comes from the SSLBlockingPage class, which now is just an interstitial implementation shell that sets up the SSLErrorUI and handles Chrome-specific aspects of interstitials. BUG=488673 Review URL: https://codereview.chromium.org/1509813002 Cr-Commit-Position: refs/heads/master@{#364736}
cbchan · Dec 11, 2015 · 6b57795 · 6b57795
1 parent 5c5fa37
commit 6b57795
Show file tree

Hide file tree

Showing 16 changed files with 448 additions and 334 deletions.
diff --git a/chrome/app/chromium_strings.grd b/chrome/app/chromium_strings.grd
@@ -1149,15 +1149,6 @@ Signing in anyway will merge Chromium information like bookmarks, history, and o
         Chromium verified that <ph name="ISSUER">$1<ex>VeriSign</ex></ph> issued this website's certificate. The server supplied Certificate Transparency information, but it was invalid.
       </message>
 
-      <!-- SSL Interstitial V2 strings -->
-      <message name="IDS_SSL_NONOVERRIDABLE_MORE" desc="Body text for the explanation shown if user clicks on the Details button.">
-        <ph name="SITE">$1<ex>google.com</ex></ph> normally uses encryption to protect your information. When Chromium tried to connect to <ph name="SITE">$1<ex>google.com</ex></ph> this time, the website sent back unusual
-and incorrect credentials. This may happen when an attacker is trying to pretend to be <ph name="SITE">$1<ex>google.com</ex></ph>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.
-      </message>
-      <message name="IDS_SSL_NONOVERRIDABLE_INVALID" desc="A sentence to explain why the user can't proceed.">
-      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website sent scrambled credentials that Chromium cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
-      </message>
-
       <!-- Runtime permission strings -->
       <if expr="is_android">
         <message name="IDS_INFOBAR_MISSING_CAMERA_PERMISSION_TEXT" desc="Text shown in an infobar when a website has requested access to the camera capabilities, but Chrome is missing the Android camera permission.">

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
@@ -9095,39 +9095,6 @@ I don't think this site should be blocked!
         You can <ph name="BEGIN_ERROR_LINK">&lt;a href="#" id="report-error-link"&gt;</ph>report a detection problem<ph name="END_ERROR_LINK">&lt;/a&gt;</ph> or, if you understand the risks to your security, <ph name="BEGIN_LINK">&lt;a href="#" id="proceed-link"&gt;</ph>visit this unsafe site<ph name="END_LINK">&lt;/a&gt;</ph>.
       </message>
 
-      <!-- SSL Interstitial V2 -->
-      <message name="IDS_SSL_V2_TITLE" desc="The tab title for the SSL interstitial.">
-        Privacy error
-      </message>
-      <message name="IDS_SSL_V2_HEADING" desc="The large heading at the top of the SSL interstitial.">
-        Your connection is not private
-      </message>
-      <message name="IDS_SSL_V2_PRIMARY_PARAGRAPH" desc="The primary explanatory paragraph for the SSL interstitial.">
-        Attackers might be trying to steal your information from <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph name="SITE">$1<ex>google.com</ex></ph><ph name="END_BOLD">&lt;/strong&gt;</ph> (for example, passwords, messages, or credit cards).
-      </message>
-
-      <!-- SSL Interstitial V2: Overridable -->
-      <message name="IDS_SSL_OVERRIDABLE_SAFETY_BUTTON" desc="The text for the button that takes the user back to the previous page.">
-        Back to safety
-      </message>
-      <message name="IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH" desc="The text for the paragraph at the bottom with the proceed link.">
-        <ph name="BEGIN_LINK">&lt;a href="#" id="proceed-link"&gt;</ph>Proceed to <ph name="SITE">$1<ex>example.com</ex></ph> (unsafe)<ph name="END_LINK">&lt;/a&gt;</ph>
-      </message>
-
-      <!-- SSL Interstitial V2: Non-overridable -->
-      <message name="IDS_SSL_RELOAD" desc="The text for the button that reloads the page.">
-        Reload
-      </message>
-      <message name="IDS_SSL_NONOVERRIDABLE_PINNED" desc="A sentence to explain why the user can't proceed, plus a link to a help page about certificate pinning.">
-      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website <ph name="BEGIN_LINK">&lt;a href="#" id="help-link"&gt;</ph>uses certificate pinning<ph name="END_LINK">&lt;/a&gt;</ph>. Network errors and attacks are usually temporary, so this page will probably work later.
-      </message>
-      <message name="IDS_SSL_NONOVERRIDABLE_HSTS" desc="A sentence to explain why the user can't proceed, plus a link to a help page about HSTS.">
-      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website <ph name="BEGIN_LINK">&lt;a href="#" id="help-link"&gt;</ph>uses HSTS<ph name="END_LINK">&lt;/a&gt;</ph>. Network errors and attacks are usually temporary, so this page will probably work later.
-      </message>
-      <message name="IDS_SSL_NONOVERRIDABLE_REVOKED" desc="A sentence to explain why the user can't proceed, plus a link to a help page about certificate revocation.">
-      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because <ph name="BEGIN_LINK">&lt;a href="#" id="help-link"&gt;</ph>this certificate has been revoked<ph name="END_LINK">&lt;/a&gt;</ph>. Network errors and attacks are usually temporary, so this page will probably work later.
-      </message>
-
       <!-- Captive portal interstitial -->
       <message name="IDS_CAPTIVE_PORTAL_HEADING_WIRED" desc="Heading in the error page when a secure request is blocked because a captive portal is manipulating a wired connection (e.g. ethernet)">
         Connect to network

diff --git a/chrome/app/google_chrome_strings.grd b/chrome/app/google_chrome_strings.grd
@@ -1150,15 +1150,6 @@ Signing in anyway will merge Chrome information like bookmarks, history, and oth
         Chrome verified that <ph name="ISSUER">$1<ex>VeriSign</ex></ph> issued this website's certificate. The server supplied Certificate Transparency information, but it was invalid.
       </message>
 
-      <!-- SSL Interstitial V2 strings -->
-      <message name="IDS_SSL_NONOVERRIDABLE_MORE" desc="Body text for the explanation shown if user clicks on the Details button.">
-        <ph name="SITE">$1<ex>google.com</ex></ph> normally uses encryption to protect your information. When Chrome tried to connect to <ph name="SITE">$1<ex>google.com</ex></ph> this time, the website sent back unusual
-  and incorrect credentials. This may happen when an attacker is trying to pretend to be <ph name="SITE">$1<ex>google.com</ex></ph>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
-      </message>
-      <message name="IDS_SSL_NONOVERRIDABLE_INVALID" desc="A sentence to explain why the user can't proceed.">
-      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
-      </message>
-
       <!-- Runtime permission strings -->
       <if expr="is_android">
         <message name="IDS_INFOBAR_MISSING_CAMERA_PERMISSION_TEXT" desc="Text shown in an infobar when a website has requested access to the camera capabilities, but Chrome is missing the Android camera permission.">

diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
@@ -117,6 +117,7 @@
 #include "components/net_log/chrome_net_log.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/rappor/rappor_utils.h"
+#include "components/security_interstitials/core/ssl_error_ui.h"
 #include "components/signin/core/common/profile_management_switches.h"
 #include "components/startup_metric_utils/browser/startup_metric_message_filter.h"
 #include "components/translate/core/common/translate_switches.h"
@@ -302,6 +303,7 @@ using content::SiteInstance;
 using content::WebContents;
 using content::WebPreferences;
 using message_center::NotifierId;
+using security_interstitials::SSLErrorUI;
 
 #if defined(OS_POSIX)
 using content::FileDescriptorInfo;
@@ -2022,11 +2024,11 @@ void ChromeContentBrowserClient::AllowCertificateError(
   // ownership of ssl_blocking_page.
   int options_mask = 0;
   if (overridable)
-    options_mask |= SSLBlockingPage::OVERRIDABLE;
+    options_mask |= SSLErrorUI::SOFT_OVERRIDE_ENABLED;
   if (strict_enforcement)
-    options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
+    options_mask |= SSLErrorUI::STRICT_ENFORCEMENT;
   if (expired_previous_decision)
-    options_mask |= SSLBlockingPage::EXPIRED_BUT_PREVIOUSLY_ALLOWED;
+    options_mask |= SSLErrorUI::EXPIRED_BUT_PREVIOUSLY_ALLOWED;
 
   safe_browsing::SafeBrowsingService* safe_browsing_service =
       g_browser_process->safe_browsing_service();

diff --git a/chrome/browser/interstitials/chrome_controller_client.cc b/chrome/browser/interstitials/chrome_controller_client.cc
@@ -156,10 +156,17 @@ void ChromeControllerClient::LaunchDateAndTimeSettings() {
 }
 
 void ChromeControllerClient::GoBack() {
-  DCHECK(interstitial_page_);
   interstitial_page_->DontProceed();
 }
 
+void ChromeControllerClient::Proceed() {
+  interstitial_page_->Proceed();
+}
+
+void ChromeControllerClient::Reload() {
+  web_contents_->GetController().Reload(true);
+}
+
 void ChromeControllerClient::OpenUrlInCurrentTab(const GURL& url) {
   content::OpenURLParams params(url, Referrer(), CURRENT_TAB,
                                 ui::PAGE_TRANSITION_LINK, false);

diff --git a/chrome/browser/interstitials/chrome_controller_client.h b/chrome/browser/interstitials/chrome_controller_client.h
@@ -25,10 +25,12 @@ class ChromeControllerClient : public security_interstitials::ControllerClient {
   bool CanLaunchDateAndTimeSettings() override;
   void LaunchDateAndTimeSettings() override;
   void GoBack() override;
+  void Proceed() override;
+  void Reload() override;
+  void OpenUrlInCurrentTab(const GURL& url) override;
 
  protected:
   // security_interstitials::ControllerClient overrides
-  void OpenUrlInCurrentTab(const GURL& url) override;
   const std::string& GetApplicationLocale() override;
   PrefService* GetPrefService() override;
   const std::string GetExtendedReportingPrefName() override;