Add monitoring disclosure infobars

This adds infobars on Desktop and Android for showing the known
monitoring disclosure.

The infobar is shown once every 7 days. The last dismissal time is
tracked in a pref on Android (to carry over across sessions) and
in-memory on Desktop (since sessions are longer -- this means on
Desktop we will always show on startup).

These currently link to chrome://monitoring (implemented in
crrev.com/c/1913715), and are triggered on visiting
https://badssl.com/test/monitoring-disclosure/ (to be replaced by
checking for the new monitoring CertStatus based on CRLSets).

Screenshots
- Desktop: https://drive.google.com/file/d/1AF2uCGfYfrQHJbLGjIX132xR0n8GqG5R/view
- Android: https://drive.google.com/file/d/1FeDSEQNasHfPdc6bbkprm_wOaMZcCDQl/view

Bug: 1014711
Change-Id: I31e9d5be6da7d87dfda2f5c739f1b94df1c8a0f0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1918188Reviewed-by: Gabriel Charette <gab@chromium.org>
Reviewed-by: Evan Stade <estade@chromium.org>
Reviewed-by: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Commit-Queue: Christopher Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#719276}

chrome/android/BUILD.gn

@@ -2590,6 +2590,7 @@ generate_jni("chrome_jni_headers") {
     "java/src/org/chromium/chrome/browser/infobar/InstallableAmbientBadgeInfoBar.java",
     "java/src/org/chromium/chrome/browser/infobar/InstantAppsInfoBar.java",
     "java/src/org/chromium/chrome/browser/infobar/InstantAppsInfoBarDelegate.java",
+    "java/src/org/chromium/chrome/browser/infobar/KnownInterceptionDisclosureInfoBar.java",
     "java/src/org/chromium/chrome/browser/infobar/NearOomInfoBar.java",
     "java/src/org/chromium/chrome/browser/infobar/NearOomReductionInfoBar.java",
     "java/src/org/chromium/chrome/browser/infobar/PermissionInfoBar.java",

chrome/android/chrome_java_sources.gni

@@ -793,6 +793,7 @@ chrome_java_sources = [
   "java/src/org/chromium/chrome/browser/infobar/InstallableAmbientBadgeInfoBar.java",
   "java/src/org/chromium/chrome/browser/infobar/InstantAppsInfoBar.java",
   "java/src/org/chromium/chrome/browser/infobar/InstantAppsInfoBarDelegate.java",
+  "java/src/org/chromium/chrome/browser/infobar/KnownInterceptionDisclosureInfoBar.java",
   "java/src/org/chromium/chrome/browser/infobar/NearOomInfoBar.java",
   "java/src/org/chromium/chrome/browser/infobar/NearOomReductionInfoBar.java",
   "java/src/org/chromium/chrome/browser/infobar/PermissionInfoBar.java",

chrome/android/java/src/org/chromium/chrome/browser/infobar/KnownInterceptionDisclosureInfoBar.java

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.chrome.browser.infobar;
+
+import android.graphics.Bitmap;
+
+import androidx.annotation.ColorRes;
+
+import org.chromium.base.annotations.CalledByNative;
+import org.chromium.chrome.browser.ResourceId;
+
+/**
+ * An infobar to disclose known monitoring to the user. This is a thin veneer over
+ * standard ConfirmInfoBar to provide a description as well as a title.
+ */
+public class KnownInterceptionDisclosureInfoBar extends ConfirmInfoBar {
+    private static final String TAG = "KnownInterceptionDisclosureInfoBar";
+    private String mDescription;
+
+    /**
+     * Creates and begins the process for showing a KnownInterceptionDisclosureInfoBar.
+     * This constructor is similar to ConfirmInfoBar's create(), adding a description.
+     *
+     * @param enumeratedIconId ID corresponding to the icon that will be shown for the infobar.
+     *                         The ID must have been mapped using the ResourceMapper class before
+     *                         passing it to this function.
+     * @param iconBitmap Bitmap to use if there is no equivalent Java resource for
+     *                   enumeratedIconId.
+     * @param message Title of message to display to the user indicating what the infobar is for.
+     *                This should be 'title', but we're keeping consistency with ConfirmInfoBar.
+     * @param linkText Link text to display in addition to the message.
+     * @param buttonOk String to display on the OK button.
+     * @param description String to display below the "message" title.
+     */
+    @CalledByNative
+    private static ConfirmInfoBar create(int enumeratedIconId, Bitmap iconBitmap, String message,
+            String linkText, String buttonOk, String description) {
+        int drawableId = ResourceId.mapToDrawableId(enumeratedIconId);
+
+        return new KnownInterceptionDisclosureInfoBar(
+                drawableId, 0, iconBitmap, message, linkText, buttonOk, description);
+    }
+
+    private KnownInterceptionDisclosureInfoBar(int iconDrawableId, @ColorRes int iconTintId,
+            Bitmap iconBitmap, String message, String linkText, String primaryButtonText,
+            String description) {
+        super(iconDrawableId, iconTintId, iconBitmap, message, linkText, primaryButtonText, "");
+        mDescription = description;
+    }
+
+    @Override
+    public void createContent(InfoBarLayout layout) {
+        super.createContent(layout);
+        layout.getMessageLayout().addDescription(mDescription);
+    }
+}

chrome/browser/BUILD.gn

@@ -1708,6 +1708,8 @@ jumbo_static_library("browser") {
     "ssl/insecure_sensitive_input_driver.h",
     "ssl/insecure_sensitive_input_driver_factory.cc",
     "ssl/insecure_sensitive_input_driver_factory.h",
+    "ssl/known_interception_disclosure_infobar_delegate.cc",
+    "ssl/known_interception_disclosure_infobar_delegate.h",
     "ssl/mitm_software_blocking_page.cc",
     "ssl/mitm_software_blocking_page.h",
     "ssl/secure_origin_policy_handler.cc",
@@ -2895,6 +2897,8 @@ jumbo_static_library("browser") {
       "signin/identity_services_provider_android.cc",
       "signin/signin_manager_android_factory.cc",
       "signin/signin_manager_android_factory.h",
+      "ssl/known_interception_disclosure_infobar.cc",
+      "ssl/known_interception_disclosure_infobar.h",
       "ssl/security_state_model_android.cc",
       "sync/glue/synced_tab_delegate_android.cc",
       "sync/glue/synced_tab_delegate_android.h",

chrome/browser/prefs/browser_prefs.cc

@@ -208,6 +208,7 @@
 #include "chrome/browser/android/usage_stats/usage_stats_bridge.h"
 #include "chrome/browser/geolocation/geolocation_permission_context_android.h"
 #include "chrome/browser/media/android/cdm/media_drm_origin_id_manager.h"
+#include "chrome/browser/ssl/known_interception_disclosure_infobar_delegate.h"
 #include "components/cdm/browser/media_drm_storage_impl.h"
 #include "components/feed/buildflags.h"
 #include "components/ntp_snippets/category_rankers/click_based_category_ranker.h"
@@ -886,6 +887,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry,
   ntp_tiles::PopularSitesImpl::RegisterProfilePrefs(registry);
   variations::VariationsService::RegisterProfilePrefs(registry);
   GeolocationPermissionContextAndroid::RegisterProfilePrefs(registry);
+  KnownInterceptionDisclosureInfoBarDelegate::RegisterProfilePrefs(registry);
   PartnerBookmarksShim::RegisterProfilePrefs(registry);
   RecentTabsPagePrefs::RegisterProfilePrefs(registry);
   usage_stats::UsageStatsBridge::RegisterProfilePrefs(registry);

chrome/browser/ssl/known_interception_disclosure_infobar.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/known_interception_disclosure_infobar.h"
+
+#include <utility>
+
+#include "base/android/jni_android.h"
+#include "base/android/jni_string.h"
+#include "base/android/scoped_java_ref.h"
+#include "base/memory/ptr_util.h"
+#include "chrome/android/chrome_jni_headers/KnownInterceptionDisclosureInfoBar_jni.h"
+#include "chrome/browser/ssl/known_interception_disclosure_infobar_delegate.h"
+#include "ui/gfx/android/java_bitmap.h"
+#include "ui/gfx/image/image.h"
+
+using base::android::ScopedJavaLocalRef;
+
+// static
+std::unique_ptr<infobars::InfoBar>
+KnownInterceptionDisclosureInfoBar::CreateInfoBar(
+    std::unique_ptr<KnownInterceptionDisclosureInfoBarDelegate> delegate) {
+  return base::WrapUnique(
+      new KnownInterceptionDisclosureInfoBar(std::move(delegate)));
+}
+
+KnownInterceptionDisclosureInfoBar::KnownInterceptionDisclosureInfoBar(
+    std::unique_ptr<KnownInterceptionDisclosureInfoBarDelegate> delegate)
+    : ConfirmInfoBar(std::move(delegate)) {}
+
+ScopedJavaLocalRef<jobject>
+KnownInterceptionDisclosureInfoBar::CreateRenderInfoBar(JNIEnv* env) {
+  KnownInterceptionDisclosureInfoBarDelegate* delegate = GetDelegate();
+  ScopedJavaLocalRef<jstring> ok_button_text =
+      base::android::ConvertUTF16ToJavaString(
+          env,
+          GetTextFor(KnownInterceptionDisclosureInfoBarDelegate::BUTTON_OK));
+  ScopedJavaLocalRef<jstring> message_text =
+      base::android::ConvertUTF16ToJavaString(env, delegate->GetMessageText());
+  ScopedJavaLocalRef<jstring> link_text =
+      base::android::ConvertUTF16ToJavaString(env, delegate->GetLinkText());
+  ScopedJavaLocalRef<jstring> description_text =
+      base::android::ConvertUTF16ToJavaString(env,
+                                              delegate->GetDescriptionText());
+
+  ScopedJavaLocalRef<jobject> java_bitmap;
+  if (delegate->GetIconId() == infobars::InfoBarDelegate::kNoIconID &&
+      !delegate->GetIcon().IsEmpty()) {
+    java_bitmap = gfx::ConvertToJavaBitmap(delegate->GetIcon().ToSkBitmap());
+  }
+
+  return Java_KnownInterceptionDisclosureInfoBar_create(
+      env, GetEnumeratedIconId(), java_bitmap, message_text, link_text,
+      ok_button_text, description_text);
+}
+
+KnownInterceptionDisclosureInfoBarDelegate*
+KnownInterceptionDisclosureInfoBar::GetDelegate() {
+  return static_cast<KnownInterceptionDisclosureInfoBarDelegate*>(delegate());
+}

chrome/browser/ssl/known_interception_disclosure_infobar.h

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_H_
+#define CHROME_BROWSER_SSL_KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_H_
+
+#include <memory>
+
+#include "base/android/jni_android.h"
+#include "base/android/jni_string.h"
+#include "base/android/scoped_java_ref.h"
+#include "chrome/browser/ui/android/infobars/confirm_infobar.h"
+#include "components/infobars/core/infobar.h"
+
+class KnownInterceptionDisclosureInfoBarDelegate;
+
+// KnownInterceptionDisclosureInfoBar is a thin veneer over ConfirmInfoBar that
+// adds a discrete description (instead of just having a title).
+class KnownInterceptionDisclosureInfoBar : public ConfirmInfoBar {
+ public:
+  static std::unique_ptr<infobars::InfoBar> CreateInfoBar(
+      std::unique_ptr<KnownInterceptionDisclosureInfoBarDelegate> delegate);
+  ~KnownInterceptionDisclosureInfoBar() override = default;
+
+  KnownInterceptionDisclosureInfoBar(
+      const KnownInterceptionDisclosureInfoBar&) = delete;
+  KnownInterceptionDisclosureInfoBar& operator=(
+      const KnownInterceptionDisclosureInfoBar&) = delete;
+
+ private:
+  explicit KnownInterceptionDisclosureInfoBar(
+      std::unique_ptr<KnownInterceptionDisclosureInfoBarDelegate> delegate);
+
+  // ConfirmInfoBar:
+  base::android::ScopedJavaLocalRef<jobject> CreateRenderInfoBar(
+      JNIEnv* env) override;
+
+  KnownInterceptionDisclosureInfoBarDelegate* GetDelegate();
+};
+
+#endif  // CHROME_BROWSER_SSL_KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_H_

chrome/browser/ssl/known_interception_disclosure_infobar_browsertest.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/test/simple_test_clock.h"
+#include "chrome/browser/infobars/infobar_service.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ssl/known_interception_disclosure_infobar_delegate.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "components/infobars/core/confirm_infobar_delegate.h"
+#include "components/infobars/core/infobar.h"
+#include "ui/base/window_open_disposition.h"
+
+namespace {
+
+size_t GetInfobarCount(content::WebContents* contents) {
+  InfoBarService* infobar_service = InfoBarService::FromWebContents(contents);
+  if (!infobar_service)
+    return 0;
+  return infobar_service->infobar_count();
+}
+
+infobars::InfoBar* GetInfobar(content::WebContents* contents) {
+  InfoBarService* infobar_service = InfoBarService::FromWebContents(contents);
+  DCHECK(infobar_service);
+  return infobar_service->infobar_at(0);
+}
+
+// Follows same logic as clicking the "Continue" button would.
+void CloseInfobar(content::WebContents* contents) {
+  infobars::InfoBar* infobar = GetInfobar(contents);
+  if (!infobar)
+    return;
+
+  ConfirmInfoBarDelegate* delegate =
+      static_cast<ConfirmInfoBarDelegate*>(infobar->delegate());
+  delegate->Accept();
+  infobar->RemoveSelf();
+}
+
+}  // namespace
+
+using KnownInterceptionDisclosureInfobarTest = InProcessBrowserTest;
+
+IN_PROC_BROWSER_TEST_F(KnownInterceptionDisclosureInfobarTest,
+                       OnlyShowDisclosureOncePerSession) {
+  const GURL kTestUrl("https://badssl.com/test/monitoring-disclosure/");
+  const GURL kOtherUrl("https://example.com");
+
+  TabStripModel* tab_strip_model = browser()->tab_strip_model();
+  content::WebContents* tab1 = tab_strip_model->GetActiveWebContents();
+
+  auto* clock = new base::SimpleTestClock();
+  clock->SetNow(base::Time::Now());
+  KnownInterceptionDisclosureCooldown::GetInstance()->SetClockForTesting(
+      std::unique_ptr<base::Clock>(clock));
+
+  // Trigger the disclosure infobar.
+  MaybeShowKnownInterceptionDisclosureDialog(tab1, kTestUrl);
+  EXPECT_EQ(1u, GetInfobarCount(tab1));
+
+  // Test that the infobar is shown on new tabs after it has been triggered
+  // once.
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), kOtherUrl, WindowOpenDisposition::NEW_FOREGROUND_TAB,
+      ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
+  content::WebContents* tab2 = tab_strip_model->GetActiveWebContents();
+  EXPECT_EQ(1u, GetInfobarCount(tab2));
+
+  // Close the tab.
+  tab_strip_model->CloseWebContentsAt(tab_strip_model->active_index(),
+                                      TabStripModel::CLOSE_USER_GESTURE);
+
+  // Dismiss the infobar.
+  CloseInfobar(tab1);
+  EXPECT_EQ(0u, GetInfobarCount(tab1));
+
+  // Try to trigger again -- infobar should not show.
+  MaybeShowKnownInterceptionDisclosureDialog(tab1, kTestUrl);
+  EXPECT_EQ(0u, GetInfobarCount(tab1));
+
+  // Move clock ahead 8 days.
+  clock->Advance(base::TimeDelta::FromDays(8));
+
+  // Trigger the infobar again -- infobar should show again.
+  MaybeShowKnownInterceptionDisclosureDialog(tab1, kTestUrl);
+  EXPECT_EQ(1u, GetInfobarCount(tab1));
+}
+
+IN_PROC_BROWSER_TEST_F(KnownInterceptionDisclosureInfobarTest,
+                       PRE_CooldownResetsOnBrowserRestartDesktop) {
+  const GURL kTestUrl("https://badssl.com/test/monitoring-disclosure/");
+
+  // Trigger the disclosure infobar.
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  MaybeShowKnownInterceptionDisclosureDialog(tab, kTestUrl);
+  EXPECT_EQ(1u, GetInfobarCount(tab));
+
+  // Dismiss the infobar.
+  CloseInfobar(tab);
+  EXPECT_EQ(0u, GetInfobarCount(tab));
+}
+
+IN_PROC_BROWSER_TEST_F(KnownInterceptionDisclosureInfobarTest,
+                       CooldownResetsOnBrowserRestartDesktop) {
+  const GURL kTestUrl("https://badssl.com/test/monitoring-disclosure/");
+
+  // On restart, no infobar should be shown initially.
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  EXPECT_EQ(0u, GetInfobarCount(tab));
+
+  // Triggering the disclosure infobar again after browser restart should show
+  // the infobar (the cooldown period should no longer apply on Desktop).
+  MaybeShowKnownInterceptionDisclosureDialog(tab, kTestUrl);
+  EXPECT_EQ(1u, GetInfobarCount(tab));
+}

chrome/browser/ssl/known_interception_disclosure_infobar_delegate.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/known_interception_disclosure_infobar_delegate.h"
+
+#include <memory>
+#include <utility>
+
+#include "base/time/clock.h"
+#include "base/time/default_clock.h"
+#include "base/time/time.h"
+#include "chrome/browser/infobars/infobar_service.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/pref_names.h"
+#include "components/infobars/core/infobar.h"
+#include "components/pref_registry/pref_registry_syncable.h"
+#include "components/prefs/pref_service.h"
+#include "components/security_interstitials/content/urls.h"
+#include "components/strings/grit/components_strings.h"
+#include "ui/base/l10n/l10n_util.h"
+
+#if defined(OS_ANDROID)
+#include "chrome/browser/android/android_theme_resources.h"
+#include "chrome/browser/android/tab_android.h"
+#include "chrome/browser/ssl/known_interception_disclosure_infobar.h"
+#endif
+
+namespace {
+
+// How long to suppress the disclosure UI after showing it to the user. On
+// Android, this is measured across browser sessions (which tend to be short)
+// by storing the last dismissal time in a pref. On Desktop, the last dismissal
+// time is stored in memory, so this is is only measured within the same
+// browsing session (and thus will trigger on every browser startup).
+constexpr base::TimeDelta kMessageCooldown = base::TimeDelta::FromDays(7);
+
+}  // namespace
+
+KnownInterceptionDisclosureCooldown*
+KnownInterceptionDisclosureCooldown::GetInstance() {
+  return base::Singleton<KnownInterceptionDisclosureCooldown>::get();
+}
+
+bool KnownInterceptionDisclosureCooldown::
+    IsKnownInterceptionDisclosureCooldownActive(Profile* profile) {
+  base::Time last_dismissal;
+
+#if defined(OS_ANDROID)
+  last_dismissal = profile->GetPrefs()->GetTime(
+      prefs::kKnownInterceptionDisclosureInfobarLastShown);
+#else
+  last_dismissal = last_dismissal_time_;
+#endif
+
+  // More than |kMessageCooldown| days have passed.
+  if (clock_->Now() - last_dismissal > kMessageCooldown)
+    return false;
+
+  return true;
+}
+
+void KnownInterceptionDisclosureCooldown::
+    ActivateKnownInterceptionDisclosureCooldown(Profile* profile) {
+#if defined(OS_ANDROID)
+  profile->GetPrefs()->SetTime(
+      prefs::kKnownInterceptionDisclosureInfobarLastShown, clock_->Now());
+#else
+  last_dismissal_time_ = clock_->Now();
+#endif
+}
+
+void KnownInterceptionDisclosureCooldown::SetClockForTesting(
+    std::unique_ptr<base::Clock> clock) {
+  clock_ = std::move(clock);
+}
+
+KnownInterceptionDisclosureCooldown::KnownInterceptionDisclosureCooldown()
+    : clock_(std::make_unique<base::DefaultClock>()) {}
+KnownInterceptionDisclosureCooldown::~KnownInterceptionDisclosureCooldown() =
+    default;
+
+void MaybeShowKnownInterceptionDisclosureDialog(
+    content::WebContents* web_contents,
+    const GURL& url) {
+  // TODO(cthomp): Replace this with triggering on the new CertStatus flag.
+  KnownInterceptionDisclosureCooldown* disclosure_tracker =
+      KnownInterceptionDisclosureCooldown::GetInstance();
+  constexpr char kTestUrl[] = "https://badssl.com/test/monitoring-disclosure/";
+  if (!url.EqualsIgnoringRef(GURL(kTestUrl)) &&
+      !disclosure_tracker->get_has_seen_known_interception()) {
+    return;
+  }
+
+  disclosure_tracker->set_has_seen_known_interception(true);
+
+  InfoBarService* infobar_service =
+      InfoBarService::FromWebContents(web_contents);
+  auto* profile =
+      Profile::FromBrowserContext(web_contents->GetBrowserContext());
+  auto delegate =
+      std::make_unique<KnownInterceptionDisclosureInfoBarDelegate>(profile);
+
+  infobars::InfoBar* infobar = nullptr;
+  if (!KnownInterceptionDisclosureCooldown::GetInstance()
+           ->IsKnownInterceptionDisclosureCooldownActive(profile)) {
+#if defined(OS_ANDROID)
+    infobar = infobar_service->AddInfoBar(
+        KnownInterceptionDisclosureInfoBar::CreateInfoBar(std::move(delegate)));
+#else
+    infobar = infobar_service->AddInfoBar(
+        infobar_service->CreateConfirmInfoBar(std::move(delegate)));
+#endif
+  }
+}
+
+KnownInterceptionDisclosureInfoBarDelegate::
+    KnownInterceptionDisclosureInfoBarDelegate(Profile* profile)
+    : profile_(profile) {}
+
+base::string16 KnownInterceptionDisclosureInfoBarDelegate::GetMessageText()
+    const {
+  return l10n_util::GetStringUTF16(IDS_KNOWN_INTERCEPTION_INFOBAR_HEADING);
+}
+
+int KnownInterceptionDisclosureInfoBarDelegate::GetButtons() const {
+  return BUTTON_OK;
+}
+
+base::string16 KnownInterceptionDisclosureInfoBarDelegate::GetButtonLabel(
+    InfoBarButton button) const {
+  switch (button) {
+    case BUTTON_OK:
+      return l10n_util::GetStringUTF16(
+          IDS_KNOWN_INTERCEPTION_INFOBAR_BUTTON_TEXT);
+    case BUTTON_CANCEL:
+      FALLTHROUGH;
+    case BUTTON_NONE:
+      NOTREACHED();
+  }
+  NOTREACHED();
+  return base::string16();
+}
+
+bool KnownInterceptionDisclosureInfoBarDelegate::Accept() {
+  KnownInterceptionDisclosureCooldown::GetInstance()
+      ->ActivateKnownInterceptionDisclosureCooldown(profile_);
+  return true;
+}
+
+base::string16 KnownInterceptionDisclosureInfoBarDelegate::GetLinkText() const {
+  return l10n_util::GetStringUTF16(IDS_LEARN_MORE);
+}
+GURL KnownInterceptionDisclosureInfoBarDelegate::GetLinkURL() const {
+  return GURL("chrome://connection-monitoring-detected/");
+}
+
+infobars::InfoBarDelegate::InfoBarIdentifier
+KnownInterceptionDisclosureInfoBarDelegate::GetIdentifier() const {
+  return KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_DELEGATE;
+}
+
+void KnownInterceptionDisclosureInfoBarDelegate::InfoBarDismissed() {
+  KnownInterceptionDisclosureCooldown::GetInstance()
+      ->ActivateKnownInterceptionDisclosureCooldown(profile_);
+  Cancel();
+}
+
+bool KnownInterceptionDisclosureInfoBarDelegate::ShouldExpire(
+    const NavigationDetails& details) const {
+  return false;
+}
+
+// Platform specific implementations.
+#if defined(OS_ANDROID)
+int KnownInterceptionDisclosureInfoBarDelegate::GetIconId() const {
+  return IDR_ANDROID_INFOBAR_WARNING;
+}
+
+base::string16 KnownInterceptionDisclosureInfoBarDelegate::GetDescriptionText()
+    const {
+  return l10n_util::GetStringUTF16(IDS_KNOWN_INTERCEPTION_INFOBAR_DESCRIPTION);
+}
+
+// static
+void KnownInterceptionDisclosureInfoBarDelegate::RegisterProfilePrefs(
+    user_prefs::PrefRegistrySyncable* registry) {
+  registry->RegisterTimePref(
+      prefs::kKnownInterceptionDisclosureInfobarLastShown, base::Time());
+}
+#endif

chrome/browser/ssl/known_interception_disclosure_infobar_delegate.h

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_DELEGATE_H_
+#define CHROME_BROWSER_SSL_KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_DELEGATE_H_
+
+#include <algorithm>
+#include "base/memory/singleton.h"
+#include "build/build_config.h"
+#include "components/infobars/core/confirm_infobar_delegate.h"
+#include "components/infobars/core/infobar_delegate.h"
+#include "url/gurl.h"
+
+namespace base {
+class Clock;
+}  // namespace base
+
+namespace content {
+class WebContents;
+}
+
+namespace user_prefs {
+class PrefRegistrySyncable;
+}  // namespace user_prefs
+
+class Profile;
+
+// Singleton that tracks the known interception disclosure cooldown time.
+class KnownInterceptionDisclosureCooldown {
+ public:
+  static KnownInterceptionDisclosureCooldown* GetInstance();
+
+  bool IsKnownInterceptionDisclosureCooldownActive(Profile* profile);
+  void ActivateKnownInterceptionDisclosureCooldown(Profile* profile);
+
+  bool get_has_seen_known_interception() {
+    return has_seen_known_interception_;
+  }
+  void set_has_seen_known_interception(bool has_seen) {
+    has_seen_known_interception_ = has_seen;
+  }
+
+  void SetClockForTesting(std::unique_ptr<base::Clock> clock);
+
+ private:
+  friend struct base::DefaultSingletonTraits<
+      KnownInterceptionDisclosureCooldown>;
+
+  KnownInterceptionDisclosureCooldown();
+  ~KnownInterceptionDisclosureCooldown();
+
+  std::unique_ptr<base::Clock> clock_;
+  bool has_seen_known_interception_ = false;
+
+#if !defined(OS_ANDROID)
+  base::Time last_dismissal_time_;
+#endif
+};
+
+// Shows the known interception disclosure UI if it has not been recently
+// dismissed.
+void MaybeShowKnownInterceptionDisclosureDialog(
+    content::WebContents* web_contents,
+    const GURL& url);
+
+class KnownInterceptionDisclosureInfoBarDelegate
+    : public ConfirmInfoBarDelegate {
+ public:
+  explicit KnownInterceptionDisclosureInfoBarDelegate(Profile* profile);
+  ~KnownInterceptionDisclosureInfoBarDelegate() override = default;
+
+  // ConfirmInfoBarDelegate:
+  base::string16 GetMessageText() const override;
+  int GetButtons() const override;
+  base::string16 GetButtonLabel(InfoBarButton button) const override;
+  bool Accept() override;
+  base::string16 GetLinkText() const override;
+  GURL GetLinkURL() const override;
+
+  // infobars::InfoBarDelegate:
+  infobars::InfoBarDelegate::InfoBarIdentifier GetIdentifier() const override;
+  void InfoBarDismissed() override;
+  bool ShouldExpire(const NavigationDetails& details) const override;
+
+#if defined(OS_ANDROID)
+  int GetIconId() const override;
+  // This function is the equivalent of GetMessageText(), but for the portion of
+  // the infobar below the 'message' title for the Android infobar.
+  base::string16 GetDescriptionText() const;
+#endif
+
+  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
+
+ private:
+  Profile* profile_;
+};
+
+#endif  // CHROME_BROWSER_SSL_KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_DELEGATE_H_

chrome/browser/ssl/security_state_tab_helper.cc

@@ -18,6 +18,7 @@
 #include "chrome/browser/reputation/reputation_web_contents_observer.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
+#include "chrome/browser/ssl/known_interception_disclosure_infobar_delegate.h"
 #include "chrome/browser/ssl/tls_deprecation_config.h"
 #include "chrome/common/chrome_features.h"
 #include "chrome/common/chrome_switches.h"
@@ -214,6 +215,10 @@ void SecurityStateTabHelper::DidFinishNavigation(
     // the number of times it was available.
     UMA_HISTOGRAM_BOOLEAN("interstitial.ssl.visited_site_after_warning", true);
   }
+
+  // TODO(cthomp): Replace this with triggering on the new CertStatus flag.
+  MaybeShowKnownInterceptionDisclosureDialog(web_contents(),
+                                             navigation_handle->GetURL());
 }
 
 void SecurityStateTabHelper::DidChangeVisibleSecurityState() {

chrome/common/pref_names.cc

@@ -2847,4 +2847,12 @@ const char kExternalProtocolDialogShowAlwaysOpenCheckbox[] =
 // TODO(937746): Remove this after M84.
 const char kWebComponentsV0Enabled[] = "web_components_v0_enabled";
 
+#if defined(OS_ANDROID)
+// Last time the known interception disclosure message was dismissed. Used to
+// ensure a cooldown period passes before the disclosure message is displayed
+// again.
+const char kKnownInterceptionDisclosureInfobarLastShown[] =
+    "known_interception_disclosure_infobar_last_shown";
+#endif
+
 }  // namespace prefs

chrome/common/pref_names.h

@@ -1009,6 +1009,10 @@ extern const char kExternalProtocolDialogShowAlwaysOpenCheckbox[];
 
 extern const char kWebComponentsV0Enabled[];
 
+#if defined(OS_ANDROID)
+extern const char kKnownInterceptionDisclosureInfobarLastShown[];
+#endif
+
 }  // namespace prefs
 
 #endif  // CHROME_COMMON_PREF_NAMES_H_

chrome/test/BUILD.gn

@@ -1172,6 +1172,7 @@ if (!is_android) {
       "../browser/ssl/chrome_expect_ct_reporter_browsertest.cc",
       "../browser/ssl/chrome_ssl_host_state_delegate_test.cc",
       "../browser/ssl/connection_help_tab_helper_browsertest.cc",
+      "../browser/ssl/known_interception_disclosure_infobar_browsertest.cc",
       "../browser/ssl/security_state_tab_helper_browsertest.cc",
       "../browser/ssl/ssl_browsertest.cc",
       "../browser/ssl/ssl_browsertest_util.cc",

components/infobars/core/infobar_delegate.h

@@ -159,6 +159,7 @@ class InfoBarDelegate {
     TAB_SHARING_INFOBAR_DELEGATE = 93,
     SAFETY_TIP_INFOBAR_DELEGATE = 94,
     SMS_RECEIVER_INFOBAR_DELEGATE = 95,
+    KNOWN_INTERCEPTION_DISCLOSURE_INFOBAR_DELEGATE = 96,
   };
 
   // Describes navigation events, used to decide whether infobars should be

components/security_interstitials_strings.grdp

@@ -533,4 +533,29 @@
       </message>
     </if>
   </if>
+
+  <!-- Known interception disclosure infobar strings -->
+  <if expr="_google_chrome">
+    <message name="IDS_KNOWN_INTERCEPTION_INFOBAR_HEADING" desc="Text of the heading used to alert the user that Chrome has detected that their network connnection is being intercepted.">
+      Chrome has detected that your connection is being monitored.
+    </message>
+    <if expr="is_android">
+      <message name="IDS_KNOWN_INTERCEPTION_INFOBAR_DESCRIPTION" desc="Short description used to explain why the warning is shown, for the Android infobar.">
+        The certificate presented for this connection is not trusted by Chrome, because it is known to be used for network interception and monitoring.
+      </message>
+    </if>
+  </if>
+  <if expr="not _google_chrome">
+    <message name="IDS_KNOWN_INTERCEPTION_INFOBAR_HEADING" desc="Text of the heading used to alert the user that Chromium has detected that their network connnection is being intercepted.">
+      Chromium has detected that your connection is being monitored.
+    </message>
+    <if expr="is_android">
+      <message name="IDS_KNOWN_INTERCEPTION_INFOBAR_DESCRIPTION" desc="Short description used to explain why the warning is shown, for the Android infobar.">
+        The certificate for this connection is not trusted by Chromium, because it is known to be used for network interception and monitoring.
+      </message>
+    </if>
+  </if>
+  <message name="IDS_KNOWN_INTERCEPTION_INFOBAR_BUTTON_TEXT" desc="Text of the button to close the disclosure infobar and continue using Chrome.">
+    Continue
+  </message>
 </grit-part>