[WebLayer] Use //components/security_interstitials' SSLErrorHandler

This CL changes WebLayer to use the //components/security_interstitials SSLErrorHandler that is used by //chrome rather than the custom fork that it has been using to date. As part of this change, WebLayerSecurityBlockingPageFactory is augmented to create the blocking page types that were not necessary before (as they were never created in the fork). With this change, WebLayer now shares the core logic for determining which interstitial to show on SSL errors with Chrome. Bug: 1030692 Change-Id: Ibd1dadb9d03937cf578fd785ae4b32c943283749 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2028068 Commit-Queue: Colin Blundell <blundell@chromium.org> Reviewed-by: Evan Stade <estade@chromium.org> Cr-Commit-Position: refs/heads/master@{#737925}

[WebLayer] Use //components/security_interstitials' SSLErrorHandler
This CL changes WebLayer to use the //components/security_interstitials SSLErrorHandler that is used by //chrome rather than the custom fork that it has been using to date. As part of this change, WebLayerSecurityBlockingPageFactory is augmented to create the blocking page types that were not necessary before (as they were never created in the fork). With this change, WebLayer now shares the core logic for determining which interstitial to show on SSL errors with Chrome. Bug: 1030692 Change-Id: Ibd1dadb9d03937cf578fd785ae4b32c943283749 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2028068 Commit-Queue: Colin Blundell <blundell@chromium.org> Reviewed-by: Evan Stade <estade@chromium.org> Cr-Commit-Position: refs/heads/master@{#737925}
85a8c270 · Colin Blundell · Commit Bot · b51226bd · 85a8c270 · 85a8c270
Commit 85a8c270 authored Feb 03, 2020 by Colin Blundell Committed by Commit Bot Feb 03, 2020
7 changed files
--- a/weblayer/BUILD.gn
+++ b/weblayer/BUILD.gn
@@ -130,8 +130,6 @@ jumbo_static_library("weblayer_lib") {
    "browser/session_service.h",
    "browser/ssl_error_controller_client.cc",
    "browser/ssl_error_controller_client.h",
-    "browser/ssl_error_handler.cc",
-    "browser/ssl_error_handler.h",
    "browser/ssl_host_state_delegate_impl.cc",
    "browser/ssl_host_state_delegate_impl.h",
    "browser/system_network_context_manager.cc",

--- a/weblayer/browser/content_browser_client_impl.cc
+++ b/weblayer/browser/content_browser_client_impl.cc
@@ -13,9 +13,11 @@
 #include "base/stl_util.h"
 #include "build/build_config.h"
 #include "components/autofill/content/browser/content_autofill_driver_factory.h"
+#include "components/captive_portal/core/buildflags.h"
 #include "components/embedder_support/switches.h"
 #include "components/safe_browsing/core/features.h"
 #include "components/security_interstitials/content/ssl_cert_reporter.h"
+#include "components/security_interstitials/content/ssl_error_handler.h"
 #include "components/security_interstitials/content/ssl_error_navigation_throttle.h"
 #include "components/version_info/version_info.h"
 #include "content/public/browser/browser_context.h"
@@ -43,11 +45,11 @@
 #include "weblayer/browser/browser_process.h"
 #include "weblayer/browser/i18n_util.h"
 #include "weblayer/browser/profile_impl.h"
-#include "weblayer/browser/ssl_error_handler.h"
 #include "weblayer/browser/system_network_context_manager.h"
 #include "weblayer/browser/tab_impl.h"
 #include "weblayer/browser/weblayer_browser_interface_binders.h"
 #include "weblayer/browser/weblayer_content_browser_overlay_manifest.h"
+#include "weblayer/browser/weblayer_security_blocking_page_factory.h"
 #include "weblayer/common/features.h"
 #include "weblayer/public/common/switches.h"
 #include "weblayer/public/fullscreen_delegate.h"
@@ -81,6 +83,10 @@
 #include "services/service_manager/sandbox/win/sandbox_win.h"
 #endif
+#if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
+#include "weblayer/browser/captive_portal_service_factory.h"
+#endif
 namespace switches {
 // Specifies a list of hosts for whom we bypass proxy settings and use direct
 // connections. Ignored if --proxy-auto-detect or --no-proxy-server are also
@@ -111,6 +117,30 @@ class SSLCertReporterImpl : public SSLCertReporter {
      const std::string& serialized_report) override {}
 };
+// Wrapper for SSLErrorHandler::HandleSSLError() that supplies //weblayer-level
+// parameters.
+void HandleSSLErrorWrapper(
+    content::WebContents* web_contents,
+    int cert_error,
+    const net::SSLInfo& ssl_info,
+    const GURL& request_url,
+    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
+    SSLErrorHandler::BlockingPageReadyCallback blocking_page_ready_callback) {
+  CaptivePortalService* captive_portal_service = nullptr;
+#if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  captive_portal_service = CaptivePortalServiceFactory::GetForBrowserContext(
+      web_contents->GetBrowserContext());
+#endif
+  SSLErrorHandler::HandleSSLError(
+      web_contents, cert_error, ssl_info, request_url,
+      std::move(ssl_cert_reporter), std::move(blocking_page_ready_callback),
+      weblayer::BrowserProcess::GetInstance()->GetNetworkTimeTracker(),
+      captive_portal_service,
+      std::make_unique<weblayer::WebLayerSecurityBlockingPageFactory>());
+}
 }  // namespace
 namespace weblayer {
@@ -343,7 +373,7 @@ ContentBrowserClientImpl::CreateThrottlesForNavigation(
  std::vector<std::unique_ptr<content::NavigationThrottle>> throttles;
  throttles.push_back(std::make_unique<SSLErrorNavigationThrottle>(
      handle, std::make_unique<SSLCertReporterImpl>(),
-      base::BindOnce(&HandleSSLError), base::BindOnce(&IsInHostedApp)));
+      base::BindOnce(&HandleSSLErrorWrapper), base::BindOnce(&IsInHostedApp)));
 #if defined(OS_ANDROID)
  if (handle->IsInMainFrame()) {

--- a/weblayer/browser/java/BUILD.gn
+++ b/weblayer/browser/java/BUILD.gn
@@ -76,6 +76,7 @@ android_library("java") {
    "//components/find_in_page/android:java",
    "//components/metrics:metrics_java",
    "//components/minidump_uploader:minidump_uploader_java",
+    "//components/security_interstitials/content/android:java",
    "//components/spellcheck/browser/android:java",
    "//components/version_info/android:version_constants_java",
    "//content/public/android:content_java",

--- a/weblayer/browser/ssl_browsertest.cc
+++ b/weblayer/browser/ssl_browsertest.cc
@@ -9,9 +9,9 @@
 #include "base/optional.h"
 #include "build/build_config.h"
 #include "components/network_time/network_time_tracker.h"
+#include "components/security_interstitials/content/ssl_error_handler.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "weblayer/browser/browser_process.h"
-#include "weblayer/browser/ssl_error_handler.h"
 #include "weblayer/browser/weblayer_security_blocking_page_factory.h"
 #include "weblayer/shell/browser/shell.h"
 #include "weblayer/test/interstitial_utils.h"
@@ -276,12 +276,12 @@ IN_PROC_BROWSER_TEST_F(SSLBrowserTest, NavigateAway) {
 // then switches OS captive portal status to false and reloads the page. This
 // time, a normal SSL interstitial should be displayed.
 IN_PROC_BROWSER_TEST_F(SSLBrowserTest, OSReportsCaptivePortal) {
-  SetDiagnoseSSLErrorsAsCaptivePortalForTesting(true);
+  SSLErrorHandler::SetOSReportsCaptivePortalForTesting(true);
  NavigateToPageWithMismatchedCertExpectCaptivePortalInterstitial();
  // Check that clearing the test setting causes behavior to revert to normal.
-  SetDiagnoseSSLErrorsAsCaptivePortalForTesting(false);
+  SSLErrorHandler::SetOSReportsCaptivePortalForTesting(false);
  NavigateToPageWithMismatchedCertExpectSSLInterstitial();
 }
@@ -289,7 +289,7 @@ IN_PROC_BROWSER_TEST_F(SSLBrowserTest, OSReportsCaptivePortal) {
 // Tests that after reaching a captive portal interstitial, clicking on the
 // connect link will cause a navigation to the login page.
 IN_PROC_BROWSER_TEST_F(SSLBrowserTest, CaptivePortalConnectToLoginPage) {
-  SetDiagnoseSSLErrorsAsCaptivePortalForTesting(true);
+  SSLErrorHandler::SetOSReportsCaptivePortalForTesting(true);
  NavigateToPageWithMismatchedCertExpectCaptivePortalInterstitial();

--- a/weblayer/browser/ssl_error_handler.cc
+++ b/weblayer/browser/ssl_error_handler.cc
-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#include "weblayer/browser/ssl_error_handler.h"
-#include "base/threading/thread_task_runner_handle.h"
-#include "build/build_config.h"
-#include "components/security_interstitials/content/bad_clock_blocking_page.h"
-#include "components/security_interstitials/content/captive_portal_blocking_page.h"
-#include "components/security_interstitials/content/ssl_cert_reporter.h"
-#include "components/security_interstitials/content/ssl_error_navigation_throttle.h"
-#include "components/security_interstitials/core/metrics_helper.h"
-#include "components/security_interstitials/core/ssl_error_options_mask.h"
-#include "components/security_interstitials/core/ssl_error_ui.h"
-#include "components/ssl_errors/error_info.h"
-#include "weblayer/browser/browser_process.h"
-#include "weblayer/browser/ssl_error_controller_client.h"
-#include "weblayer/browser/weblayer_content_browser_overlay_manifest.h"
-#include "weblayer/browser/weblayer_security_blocking_page_factory.h"
-#if defined(OS_ANDROID)
-#include "net/android/network_library.h"
-#endif
-namespace weblayer {
-namespace {
-bool g_is_behind_captive_portal_for_testing = false;
-// Returns whether the user is behind a captive portal.
-bool IsBehindCaptivePortal() {
-  if (g_is_behind_captive_portal_for_testing)
-    return true;
-#if defined(OS_ANDROID)
-  return net::android::GetIsCaptivePortal();
-#else
-  // WebLayer does not currently integrate CaptivePortalService, which Chrome
-  // uses on non-Android platforms to detect the user being behind a captive
-  // portal.
-  return false;
-#endif
-}
-// Constructs and shows a captive portal interstitial. Adapted from //chrome's
-// SSLErrorHandlerDelegateImpl::ShowCaptivePortalInterstitial().
-void ShowCaptivePortalInterstitial(
-    content::WebContents* web_contents,
-    int cert_error,
-    const net::SSLInfo& ssl_info,
-    const GURL& request_url,
-    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
-    base::OnceCallback<
-        void(std::unique_ptr<security_interstitials::SecurityInterstitialPage>)>
-        blocking_page_ready_callback) {
-  // When captive portals are detected by the underlying platform (the only
-  // context in which captive portals are currently detected in WebLayer),
-  // the login URL is not specified by the client but is determined internally.
-  GURL login_url;
-  // Note: |blocking_page_ready_callback| must be posted due to
-  // HandleSSLError()'s guarantee that it will not invoke this callback
-  // synchronously.
-  WebLayerSecurityBlockingPageFactory blocking_page_factory;
-  base::ThreadTaskRunnerHandle::Get()->PostTask(
-      FROM_HERE,
-      base::BindOnce(std::move(blocking_page_ready_callback),
-                     blocking_page_factory.CreateCaptivePortalBlockingPage(
-                         web_contents, request_url, login_url,
-                         std::move(ssl_cert_reporter), ssl_info, cert_error)));
-}
-// Constructs and shows an SSL interstitial. Adapted from //chrome's
-// SSLErrorHandlerDelegateImpl::ShowSSLInterstitial().
-void ShowSSLInterstitial(
-    content::WebContents* web_contents,
-    int cert_error,
-    const net::SSLInfo& ssl_info,
-    const GURL& request_url,
-    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
-    base::OnceCallback<
-        void(std::unique_ptr<security_interstitials::SecurityInterstitialPage>)>
-        blocking_page_ready_callback,
-    int options_mask) {
-  // Note: |blocking_page_ready_callback| must be posted due to
-  // HandleSSLError()'s guarantee that it will not invoke this callback
-  // synchronously.
-  WebLayerSecurityBlockingPageFactory blocking_page_factory;
-  base::ThreadTaskRunnerHandle::Get()->PostTask(
-      FROM_HERE,
-      base::BindOnce(
-          std::move(blocking_page_ready_callback),
-          blocking_page_factory.CreateSSLPage(
-              web_contents, cert_error, ssl_info, request_url, options_mask,
-              base::Time::NowFromSystemTime(), /*support_url=*/GURL(),
-              std::move(ssl_cert_reporter))));
-}
-// Constructs and shows a bad clock interstitial. Adapted from //chrome's
-// SSLErrorHandlerDelegateImpl::ShowCaptivePortalInterstitial().
-void ShowBadClockInterstitial(
-    content::WebContents* web_contents,
-    int cert_error,
-    const net::SSLInfo& ssl_info,
-    const GURL& request_url,
-    ssl_errors::ClockState clock_state,
-    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
-    base::OnceCallback<
-        void(std::unique_ptr<security_interstitials::SecurityInterstitialPage>)>
-        blocking_page_ready_callback) {
-  // Note: |blocking_page_ready_callback| must be posted due to
-  // HandleSSLError()'s guarantee that it will not invoke this callback
-  // synchronously.
-  WebLayerSecurityBlockingPageFactory blocking_page_factory;
-  base::ThreadTaskRunnerHandle::Get()->PostTask(
-      FROM_HERE,
-      base::BindOnce(std::move(blocking_page_ready_callback),
-                     blocking_page_factory.CreateBadClockBlockingPage(
-                         web_contents, cert_error, ssl_info, request_url,
-                         base::Time::NowFromSystemTime(), clock_state,
-                         std::move(ssl_cert_reporter))));
-}
-}  // namespace
-void HandleSSLError(
-    content::WebContents* web_contents,
-    int cert_error,
-    const net::SSLInfo& ssl_info,
-    const GURL& request_url,
-    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
-    base::OnceCallback<
-        void(std::unique_ptr<security_interstitials::SecurityInterstitialPage>)>
-        blocking_page_ready_callback) {
-  // Check for a clock error.
-  if (ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error) ==
-      ssl_errors::ErrorInfo::CERT_DATE_INVALID) {
-    // This implementation is adapted from //chrome's
-    // SSLErrorHandler::HandleCertDateInvalidErrorImpl(). Note that we did not
-    // port the fetch of NetworkTimeTracker's time made in //chrome's
-    // SSLErrorHandler::HandleCertDateInvalidError() into //weblayer: this
-    // fetch introduces a fair degree of complexity into the flow by making it
-    // asynchronous, and it is not relevant on Android, where such fetches are
-    // not supported. This fetch will be incorporated when WebLayer shares
-    // //chrome's SSLErrorHandler implementation as part of crbug.com/1026547.
-    const base::Time now = base::Time::NowFromSystemTime();
-    ssl_errors::ClockState clock_state = ssl_errors::GetClockState(
-        now, BrowserProcess::GetInstance()->GetNetworkTimeTracker());
-    if (clock_state == ssl_errors::CLOCK_STATE_FUTURE ||
-        clock_state == ssl_errors::CLOCK_STATE_PAST) {
-      ShowBadClockInterstitial(web_contents, cert_error, ssl_info, request_url,
-                               clock_state, std::move(ssl_cert_reporter),
-                               std::move(blocking_page_ready_callback));
-      return;
-    }
-  }
-  // Next check for a captive portal.
-  // TODO(https://crbug.com/1030692): Share the check for known captive
-  // portal certificates from //chrome's SSLErrorHandler:757.
-  if (IsBehindCaptivePortal()) {
-    // TODO(https://crbug.com/1030692): Share the reporting of network
-    // connectivity and tracking UMA from //chrome's SSLErrorHandler:743.
-    ShowCaptivePortalInterstitial(web_contents, cert_error, ssl_info,
-                                  request_url, std::move(ssl_cert_reporter),
-                                  std::move(blocking_page_ready_callback));
-    return;
-  }
-  // Handle all remaining errors by showing SSL interstitials. If this needs to
-  // get more refined in the short-term, can adapt logic from
-  // SSLErrorHandler::StartHandlingError() as needed (in the long-term,
-  // WebLayer will most likely share a componentized version of //chrome's
-  // SSLErrorHandler).
-  // NOTE: In Chrome hard overrides can be disabled for the Profile by setting
-  // the kSSLErrorOverrideAllowed preference (which defaults to true) to false.
-  // However, in WebLayer there is currently no way for the user to set this
-  // preference.
-  bool hard_override_disabled = false;
-  int options_mask = security_interstitials::CalculateSSLErrorOptionsMask(
-      cert_error, hard_override_disabled, ssl_info.is_fatal_cert_error);
-  ShowSSLInterstitial(web_contents, cert_error, ssl_info, request_url,
-                      std::move(ssl_cert_reporter),
-                      std::move(blocking_page_ready_callback), options_mask);
-}
-void SetDiagnoseSSLErrorsAsCaptivePortalForTesting(bool enabled) {
-  g_is_behind_captive_portal_for_testing = enabled;
-}
-}  // namespace weblayer
--- a/weblayer/browser/ssl_error_handler.h
+++ b/weblayer/browser/ssl_error_handler.h
-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#ifndef WEBLAYER_BROWSER_SSL_ERROR_HANDLER_H_
-#define WEBLAYER_BROWSER_SSL_ERROR_HANDLER_H_
-#include <string>
-#include "base/callback.h"
-#include "base/macros.h"
-#include "base/time/time.h"
-#include "build/build_config.h"
-#include "components/security_interstitials/content/security_interstitial_page.h"
-#include "content/public/browser/certificate_request_result_type.h"
-#include "net/ssl/ssl_info.h"
-#include "url/gurl.h"
-class SSLCertReporter;
-namespace weblayer {
-using BlockingPageReadyCallback = base::OnceCallback<void(
-    std::unique_ptr<security_interstitials::SecurityInterstitialPage>)>;
-// This code is responsible for deciding what type of interstitial to display
-// for an SSL validation error and actually displaying it. It is a greatly
-// simplified version of //chrome's SSLErrorHandler; in the long run that class
-// should be componentized and WebLayer should replace its usage of this
-// simplified version with usage of that class.
-// Entrypoint for handling SSL errors. All parameters except
-// |blocking_page_ready_callback| are the same as SSLBlockingPage constructor.
-// This function creates an interstitial and passes it to
-// |blocking_page_ready_callback|.
-// |blocking_page_ready_callback| is guaranteed not to be called
-// synchronously.
-void HandleSSLError(content::WebContents* web_contents,
-                    int cert_error,
-                    const net::SSLInfo& ssl_info,
-                    const GURL& request_url,
-                    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
-                    BlockingPageReadyCallback blocking_page_ready_callback);
-// Pass true to simulate the OS reporting that SSL errors are due to captive
-// portals.
-void SetDiagnoseSSLErrorsAsCaptivePortalForTesting(bool enabled);
-}  // namespace weblayer
-#endif  // WEBLAYER_BROWSER_SSL_ERROR_HANDLER_H_
--- a/weblayer/browser/weblayer_security_blocking_page_factory.cc
+++ b/weblayer/browser/weblayer_security_blocking_page_factory.cc
@@ -138,8 +138,20 @@ WebLayerSecurityBlockingPageFactory::CreateLegacyTLSBlockingPage(
    const GURL& request_url,
    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
    const net::SSLInfo& ssl_info) {
-  // TODO (crbug.com/1030692): Implement.
+  security_interstitials::MetricsHelper::ReportDetails report_details;
-  return nullptr;
+  report_details.metric_prefix = "legacy_tls";
+  auto metrics_helper = std::make_unique<security_interstitials::MetricsHelper>(
+      request_url, report_details, /*history_service=*/nullptr);
+  auto controller_client = std::make_unique<SSLErrorControllerClient>(
+      web_contents, cert_error, ssl_info, request_url,
+      std::move(metrics_helper));
+  auto interstitial_page = std::make_unique<LegacyTLSBlockingPage>(
+      web_contents, cert_error, request_url, std::move(ssl_cert_reporter),
+      ssl_info, std::move(controller_client));
+  return interstitial_page;
 }
 std::unique_ptr<MITMSoftwareBlockingPage>
@@ -150,8 +162,21 @@ WebLayerSecurityBlockingPageFactory::CreateMITMSoftwareBlockingPage(
    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
    const net::SSLInfo& ssl_info,
    const std::string& mitm_software_name) {
-  // TODO (crbug.com/1030692): Implement.
+  security_interstitials::MetricsHelper::ReportDetails report_details;
-  return nullptr;
+  report_details.metric_prefix = "mitm_software";
+  auto metrics_helper = std::make_unique<security_interstitials::MetricsHelper>(
+      request_url, report_details, /*history_service=*/nullptr);
+  auto controller_client = std::make_unique<SSLErrorControllerClient>(
+      web_contents, cert_error, ssl_info, request_url,
+      std::move(metrics_helper));
+  auto interstitial_page = std::make_unique<MITMSoftwareBlockingPage>(
+      web_contents, cert_error, request_url, std::move(ssl_cert_reporter),
+      ssl_info, mitm_software_name, /*is_enterprise_managed=*/false,
+      std::move(controller_client));
+  return interstitial_page;
 }
 std::unique_ptr<BlockedInterceptionBlockingPage>
@@ -161,8 +186,20 @@ WebLayerSecurityBlockingPageFactory::CreateBlockedInterceptionBlockingPage(
    const GURL& request_url,
    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
    const net::SSLInfo& ssl_info) {
-  // TODO (crbug.com/1030692): Implement.
+  security_interstitials::MetricsHelper::ReportDetails report_details;
-  return nullptr;
+  report_details.metric_prefix = "blocked_interception";
+  auto metrics_helper = std::make_unique<security_interstitials::MetricsHelper>(
+      request_url, report_details, /*history_service=*/nullptr);
+  auto controller_client = std::make_unique<SSLErrorControllerClient>(
+      web_contents, cert_error, ssl_info, request_url,
+      std::move(metrics_helper));
+  auto interstitial_page = std::make_unique<BlockedInterceptionBlockingPage>(
+      web_contents, cert_error, request_url, std::move(ssl_cert_reporter),
+      ssl_info, std::move(controller_client));
+  return interstitial_page;
 }
 #if defined(OS_ANDROID)