1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
6
7 #include "base/command_line.h"
8 #include "base/prefs/pref_service.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "chrome/browser/autocomplete/autocomplete_classifier.h"
11 #include "chrome/browser/autocomplete/autocomplete_classifier_factory.h"
12 #include "chrome/browser/autocomplete/autocomplete_input.h"
13 #include "chrome/browser/autocomplete/autocomplete_match.h"
14 #include "chrome/browser/google/google_util.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chrome/browser/search/search.h"
17 #include "chrome/browser/ssl/ssl_error_info.h"
18 #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h"
19 #include "chrome/common/chrome_constants.h"
20 #include "chrome/common/chrome_switches.h"
21 #include "chrome/common/pref_names.h"
22 #include "chrome/common/url_constants.h"
23 #include "content/public/browser/cert_store.h"
24 #include "content/public/browser/navigation_controller.h"
25 #include "content/public/browser/navigation_entry.h"
26 #include "content/public/browser/web_contents.h"
27 #include "content/public/browser/web_ui.h"
28 #include "content/public/common/content_constants.h"
29 #include "content/public/common/ssl_status.h"
30 #include "grit/generated_resources.h"
31 #include "grit/theme_resources.h"
32 #include "net/base/net_util.h"
33 #include "net/cert/cert_status_flags.h"
34 #include "net/cert/x509_certificate.h"
35 #include "ui/base/l10n/l10n_util.h"
36
37 #if defined(OS_CHROMEOS)
38 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
39 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
40 #endif
41
42 using content::NavigationController;
43 using content::NavigationEntry;
44 using content::SSLStatus;
45 using content::WebContents;
46
ToolbarModelImpl(ToolbarModelDelegate * delegate)47 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
48 : delegate_(delegate) {
49 }
50
~ToolbarModelImpl()51 ToolbarModelImpl::~ToolbarModelImpl() {
52 }
53
GetSecurityLevelForWebContents(content::WebContents * web_contents)54 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
55 content::WebContents* web_contents) {
56 if (!web_contents)
57 return NONE;
58
59 NavigationEntry* entry = web_contents->GetController().GetVisibleEntry();
60 if (!entry)
61 return NONE;
62
63 const SSLStatus& ssl = entry->GetSSL();
64 switch (ssl.security_style) {
65 case content::SECURITY_STYLE_UNKNOWN:
66 case content::SECURITY_STYLE_UNAUTHENTICATED:
67 return NONE;
68
69 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
70 return SECURITY_ERROR;
71
72 case content::SECURITY_STYLE_AUTHENTICATED: {
73 #if defined(OS_CHROMEOS)
74 policy::PolicyCertService* service =
75 policy::PolicyCertServiceFactory::GetForProfile(
76 Profile::FromBrowserContext(web_contents->GetBrowserContext()));
77 if (service && service->UsedPolicyCertificates())
78 return SECURITY_POLICY_WARNING;
79 #endif
80 if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))
81 return SECURITY_WARNING;
82 if (net::IsCertStatusError(ssl.cert_status)) {
83 DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
84 return SECURITY_WARNING;
85 }
86 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) &&
87 content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, NULL))
88 return EV_SECURE;
89 return SECURE;
90 }
91 default:
92 NOTREACHED();
93 return NONE;
94 }
95 }
96
97 // ToolbarModelImpl Implementation.
GetText() const98 base::string16 ToolbarModelImpl::GetText() const {
99 base::string16 search_terms(GetSearchTerms(false));
100 if (!search_terms.empty())
101 return search_terms;
102
103 if (WouldOmitURLDueToOriginChip())
104 return base::string16();
105
106 std::string languages; // Empty if we don't have a |navigation_controller|.
107 Profile* profile = GetProfile();
108 if (profile)
109 languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages);
110
111 GURL url(GetURL());
112 if (url.spec().length() > content::kMaxURLDisplayChars)
113 url = url.IsStandard() ? url.GetOrigin() : GURL(url.scheme() + ":");
114 // Note that we can't unescape spaces here, because if the user copies this
115 // and pastes it into another program, that program may think the URL ends at
116 // the space.
117 return AutocompleteInput::FormattedStringWithEquivalentMeaning(
118 url, net::FormatUrl(url, languages, net::kFormatUrlOmitAll,
119 net::UnescapeRule::NORMAL, NULL, NULL, NULL));
120 }
121
GetCorpusNameForMobile() const122 base::string16 ToolbarModelImpl::GetCorpusNameForMobile() const {
123 if (!WouldPerformSearchTermReplacement(false))
124 return base::string16();
125 GURL url(GetURL());
126 // If there is a query in the url fragment look for the corpus name there,
127 // otherwise look for the corpus name in the query parameters.
128 const std::string& query_str(google_util::HasGoogleSearchQueryParam(
129 url.ref()) ? url.ref() : url.query());
130 url_parse::Component query(0, query_str.length()), key, value;
131 const char kChipKey[] = "sboxchip";
132 while (url_parse::ExtractQueryKeyValue(query_str.c_str(), &query, &key,
133 &value)) {
134 if (key.is_nonempty() && query_str.substr(key.begin, key.len) == kChipKey) {
135 return net::UnescapeAndDecodeUTF8URLComponent(
136 query_str.substr(value.begin, value.len),
137 net::UnescapeRule::NORMAL, NULL);
138 }
139 }
140 return base::string16();
141 }
142
GetURL() const143 GURL ToolbarModelImpl::GetURL() const {
144 const NavigationController* navigation_controller = GetNavigationController();
145 if (navigation_controller) {
146 const NavigationEntry* entry = navigation_controller->GetVisibleEntry();
147 if (entry)
148 return ShouldDisplayURL() ? entry->GetVirtualURL() : GURL();
149 }
150
151 return GURL(content::kAboutBlankURL);
152 }
153
WouldOmitURLDueToOriginChip() const154 bool ToolbarModelImpl::WouldOmitURLDueToOriginChip() const {
155 return chrome::ShouldDisplayOriginChip() && ShouldDisplayURL() &&
156 url_replacement_enabled();
157 }
158
WouldPerformSearchTermReplacement(bool ignore_editing) const159 bool ToolbarModelImpl::WouldPerformSearchTermReplacement(
160 bool ignore_editing) const {
161 return !GetSearchTerms(ignore_editing).empty();
162 }
163
ShouldDisplayURL() const164 bool ToolbarModelImpl::ShouldDisplayURL() const {
165 // Note: The order here is important.
166 // - The WebUI test must come before the extension scheme test because there
167 // can be WebUIs that have extension schemes (e.g. the bookmark manager). In
168 // that case, we should prefer what the WebUI instance says.
169 // - The view-source test must come before the NTP test because of the case
170 // of view-source:chrome://newtab, which should display its URL despite what
171 // chrome://newtab says.
172 NavigationController* controller = GetNavigationController();
173 NavigationEntry* entry = controller ? controller->GetVisibleEntry() : NULL;
174 if (entry) {
175 if (entry->IsViewSourceMode() ||
176 entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL) {
177 return true;
178 }
179
180 GURL url = entry->GetURL();
181 GURL virtual_url = entry->GetVirtualURL();
182 if (url.SchemeIs(chrome::kChromeUIScheme) ||
183 virtual_url.SchemeIs(chrome::kChromeUIScheme)) {
184 if (!url.SchemeIs(chrome::kChromeUIScheme))
185 url = virtual_url;
186 return url.host() != chrome::kChromeUINewTabHost;
187 }
188 }
189
190 if (chrome::IsInstantNTP(delegate_->GetActiveWebContents()))
191 return false;
192
193 return true;
194 }
195
GetSecurityLevel(bool ignore_editing) const196 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevel(
197 bool ignore_editing) const {
198 // When editing, assume no security style.
199 return (input_in_progress() && !ignore_editing) ?
200 NONE : GetSecurityLevelForWebContents(delegate_->GetActiveWebContents());
201 }
202
GetIcon() const203 int ToolbarModelImpl::GetIcon() const {
204 if (WouldPerformSearchTermReplacement(false)) {
205 return (chrome::GetDisplaySearchButtonConditions() ==
206 chrome::DISPLAY_SEARCH_BUTTON_NEVER) ?
207 IDR_OMNIBOX_SEARCH_SECURED : IDR_OMNIBOX_SEARCH;
208 }
209
210 // When the site chip experiment is running, the icon in the location bar,
211 // when not the search icon, should be the page icon.
212 if (chrome::ShouldDisplayOriginChip())
213 return GetIconForSecurityLevel(NONE);
214
215 return GetIconForSecurityLevel(GetSecurityLevel(false));
216 }
217
GetIconForSecurityLevel(SecurityLevel level) const218 int ToolbarModelImpl::GetIconForSecurityLevel(SecurityLevel level) const {
219 static int icon_ids[NUM_SECURITY_LEVELS] = {
220 IDR_LOCATION_BAR_HTTP,
221 IDR_OMNIBOX_HTTPS_VALID,
222 IDR_OMNIBOX_HTTPS_VALID,
223 IDR_OMNIBOX_HTTPS_WARNING,
224 IDR_OMNIBOX_HTTPS_POLICY_WARNING,
225 IDR_OMNIBOX_HTTPS_INVALID,
226 };
227 DCHECK(arraysize(icon_ids) == NUM_SECURITY_LEVELS);
228 return icon_ids[level];
229 }
230
GetEVCertName() const231 base::string16 ToolbarModelImpl::GetEVCertName() const {
232 DCHECK_EQ(EV_SECURE, GetSecurityLevel(false));
233 scoped_refptr<net::X509Certificate> cert;
234 // Note: Navigation controller and active entry are guaranteed non-NULL or
235 // the security level would be NONE.
236 content::CertStore::GetInstance()->RetrieveCert(
237 GetNavigationController()->GetVisibleEntry()->GetSSL().cert_id, &cert);
238 return GetEVCertName(*cert.get());
239 }
240
241 // static
GetEVCertName(const net::X509Certificate & cert)242 base::string16 ToolbarModelImpl::GetEVCertName(
243 const net::X509Certificate& cert) {
244 // EV are required to have an organization name and country.
245 if (cert.subject().organization_names.empty() ||
246 cert.subject().country_name.empty()) {
247 NOTREACHED();
248 return base::string16();
249 }
250
251 return l10n_util::GetStringFUTF16(
252 IDS_SECURE_CONNECTION_EV,
253 UTF8ToUTF16(cert.subject().organization_names[0]),
254 UTF8ToUTF16(cert.subject().country_name));
255 }
256
GetNavigationController() const257 NavigationController* ToolbarModelImpl::GetNavigationController() const {
258 // This |current_tab| can be NULL during the initialization of the
259 // toolbar during window creation (i.e. before any tabs have been added
260 // to the window).
261 WebContents* current_tab = delegate_->GetActiveWebContents();
262 return current_tab ? ¤t_tab->GetController() : NULL;
263 }
264
GetProfile() const265 Profile* ToolbarModelImpl::GetProfile() const {
266 NavigationController* navigation_controller = GetNavigationController();
267 return navigation_controller ?
268 Profile::FromBrowserContext(navigation_controller->GetBrowserContext()) :
269 NULL;
270 }
271
GetSearchTerms(bool ignore_editing) const272 base::string16 ToolbarModelImpl::GetSearchTerms(bool ignore_editing) const {
273 if (!url_replacement_enabled() || (input_in_progress() && !ignore_editing))
274 return base::string16();
275
276 const WebContents* web_contents = delegate_->GetActiveWebContents();
277 base::string16 search_terms(chrome::GetSearchTerms(web_contents));
278 if (search_terms.empty()) {
279 // We mainly do this to enforce the subsequent DCHECK.
280 return base::string16();
281 }
282
283 // If the page is still loading and the security style is unknown, consider
284 // the page secure. Without this, after the user hit enter on some search
285 // terms, the omnibox would change to displaying the loading URL before
286 // changing back to the search terms once they could be extracted, thus
287 // causing annoying flicker.
288 DCHECK(web_contents);
289 const NavigationController& nav_controller = web_contents->GetController();
290 const NavigationEntry* entry = nav_controller.GetVisibleEntry();
291 if ((entry != nav_controller.GetLastCommittedEntry()) &&
292 (entry->GetSSL().security_style == content::SECURITY_STYLE_UNKNOWN))
293 return search_terms;
294
295 // If the URL is using a Google base URL specified via the command line, we
296 // bypass the security check below.
297 if (entry &&
298 google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL()))
299 return search_terms;
300
301 // Otherwise, extract search terms for HTTPS pages that do not have a security
302 // error.
303 ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing);
304 return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ?
305 base::string16() : search_terms;
306 }
307