[SSLErrorHandler] Move check of overrides allowed pref to embedder

SSLErrorHandler currently checks internally whether the ability for the user to proceed past an SSL interstitial has been disabled via prefs. This pref is a //chrome-level one that WebLayer will never modify from the default behavior of allowing such proceeding. Thus, rather than componentize the pref, this CL instead passes the value of whether the user is allowed to proceed past SSL interstitials to SSLErrorHandler::HandleSSLError(), giving the boolean a default value of true so that embedders other than //chrome don't need to worry about what the default behavior should be. To avoid needing to thread this argument through SSLErrorNavigationThrottle, this CL also introduces a //chrome-level wrapper of SSLErrorHandler::HandleSSLError() that supplies //chrome-level parameters. This wrapper will be useful for a few other params, and we will change the current passing of NetworkTimeTracker to occur this way as well rather than being threaded through SSLErrorNavigationThrottle. Bug: 1030692 Change-Id: I840e97b41759e7982b6a0975570a82a9b52ed5ff Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2014504 Commit-Queue: Colin Blundell <blundell@chromium.org> Reviewed-by: Carlos IL <carlosil@chromium.org> Cr-Commit-Position: refs/heads/master@{#734401}

[SSLErrorHandler] Move check of overrides allowed pref to embedder
SSLErrorHandler currently checks internally whether the ability for the user to proceed past an SSL interstitial has been disabled via prefs. This pref is a //chrome-level one that WebLayer will never modify from the default behavior of allowing such proceeding. Thus, rather than componentize the pref, this CL instead passes the value of whether the user is allowed to proceed past SSL interstitials to SSLErrorHandler::HandleSSLError(), giving the boolean a default value of true so that embedders other than //chrome don't need to worry about what the default behavior should be. To avoid needing to thread this argument through SSLErrorNavigationThrottle, this CL also introduces a //chrome-level wrapper of SSLErrorHandler::HandleSSLError() that supplies //chrome-level parameters. This wrapper will be useful for a few other params, and we will change the current passing of NetworkTimeTracker to occur this way as well rather than being threaded through SSLErrorNavigationThrottle. Bug: 1030692 Change-Id: I840e97b41759e7982b6a0975570a82a9b52ed5ff Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2014504 Commit-Queue: Colin Blundell <blundell@chromium.org> Reviewed-by: Carlos IL <carlosil@chromium.org> Cr-Commit-Position: refs/heads/master@{#734401}
9ee731dd · Colin Blundell · Commit Bot · 5faf5544 · 9ee731dd · 9ee731dd
Commit 9ee731dd authored Jan 23, 2020 by Colin Blundell Committed by Commit Bot Jan 23, 2020
3 changed files
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -666,6 +666,33 @@ const base::Feature kRendererCodeIntegrity{"RendererCodeIntegrity",
 #endif  // defined(OS_WIN) && !defined(COMPONENT_BUILD) &&
        // !defined(ADDRESS_SANITIZER)
+// Wrapper for SSLErrorHandler::HandleSSLError() that supplies //chrome-level
+// parameters.
+void HandleSSLErrorWrapper(
+    content::WebContents* web_contents,
+    int cert_error,
+    const net::SSLInfo& ssl_info,
+    const GURL& request_url,
+    std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
+    network_time::NetworkTimeTracker* network_time_tracker,
+    SSLErrorHandler::BlockingPageReadyCallback blocking_page_ready_callback) {
+  Profile* profile =
+      Profile::FromBrowserContext(web_contents->GetBrowserContext());
+  // This can happen if GetBrowserContext no longer exists by the time this
+  // gets called (e.g. the SSL error was in a webview that has since been
+  // destroyed); if that's the case we don't need to handle the error (and will
+  // crash if we attempt to).
+  if (!profile)
+    return;
+  SSLErrorHandler::HandleSSLError(
+      web_contents, cert_error, ssl_info, request_url,
+      std::move(ssl_cert_reporter), network_time_tracker,
+      std::move(blocking_page_ready_callback),
+      profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed));
+}
 enum AppLoadedInTabSource {
  // A platform app page tried to load one of its own URLs in a tab.
  APP_LOADED_IN_TAB_SOURCE_APP = 0,
@@ -3934,8 +3961,7 @@ ChromeContentBrowserClient::CreateThrottlesForNavigation(
      handle,
      std::make_unique<CertificateReportingServiceCertReporter>(web_contents),
      g_browser_process->network_time_tracker(),
-      base::BindOnce(&SSLErrorHandler::HandleSSLError),
+      base::BindOnce(&HandleSSLErrorWrapper), base::BindOnce(&IsInHostedApp)));
-      base::BindOnce(&IsInHostedApp)));
  throttles.push_back(std::make_unique<LoginNavigationThrottle>(handle));

--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -26,7 +26,6 @@
 #include "chrome/browser/ssl/captive_portal_helper.h"
 #include "chrome/browser/ssl/chrome_security_blocking_page_factory.h"
 #include "chrome/browser/ssl/ssl_error_assistant.h"
-#include "chrome/common/pref_names.h"
 #include "components/captive_portal/core/buildflags.h"
 #include "components/network_time/network_time_tracker.h"
 #include "components/prefs/pref_service.h"
@@ -554,21 +553,16 @@ void SSLErrorHandler::HandleSSLError(
    network_time::NetworkTimeTracker* network_time_tracker,
    base::OnceCallback<
        void(std::unique_ptr<security_interstitials::SecurityInterstitialPage>)>
-        blocking_page_ready_callback) {
+        blocking_page_ready_callback,
+    bool user_can_proceed_past_interstitial /*=true*/) {
  DCHECK(!FromWebContents(web_contents));
  Profile* profile =
      Profile::FromBrowserContext(web_contents->GetBrowserContext());
+  DCHECK(profile);
-  // This can happen if GetBrowserContext no longer exist by the time this gets
+  bool hard_override_disabled = !user_can_proceed_past_interstitial;
-  // called (e.g. the SSL error was in a webview that has since been destroyed),
-  // if that's the case we don't need to handle the error (and will crash if we
-  // attempt to).
-  if (!profile)
-    return;
-  bool hard_override_disabled =
-      !profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed);
  int options_mask = security_interstitials::CalculateSSLErrorOptionsMask(
      cert_error, hard_override_disabled, ssl_info.is_fatal_cert_error);

--- a/chrome/browser/ssl/ssl_error_handler.h
+++ b/chrome/browser/ssl/ssl_error_handler.h
@@ -131,14 +131,18 @@ class SSLErrorHandler : public content::WebContentsUserData<SSLErrorHandler>,
    virtual bool HasBlockedInterception() const = 0;
  };
-  // Entry point for the class. All parameters except
+  // Entry point for the class. Most parameters are the same as
-  // |blocking_page_ready_callback| are the same as SSLBlockingPage constructor.
+  // SSLBlockingPage constructor.
+  // Extra parameters:
  // |blocking_page_ready_callback| is intended for committed interstitials. If
  // |blocking_page_ready_callback| is null, this function will create a
  // blocking page and call Show() on it. Otherwise, this function creates an
  // interstitial and passes it to |blocking_page_ready_callback|.
  // |blocking_page_ready_callback| is guaranteed not to be called
  // synchronously.
+  // |user_can_proceed_past_interstitial| can be given a value of false to
+  // change the default behavior of giving users the option to proceed past
+  // SSL error interstitials.
  static void HandleSSLError(
      content::WebContents* web_contents,
      int cert_error,
@@ -146,7 +150,8 @@ class SSLErrorHandler : public content::WebContentsUserData<SSLErrorHandler>,
      const GURL& request_url,
      std::unique_ptr<SSLCertReporter> ssl_cert_reporter,
      network_time::NetworkTimeTracker* network_time_tracker,
-      BlockingPageReadyCallback blocking_page_ready_callback);
+      BlockingPageReadyCallback blocking_page_ready_callback,
+      bool user_can_proceed_past_interstitial = true);
  // Sets the binary proto for SSL error assistant. The binary proto
  // can be downloaded by the component updater, or set by tests.