1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h"
6
7 #include "base/command_line.h"
8 #include "base/metrics/field_trial.h"
9 #include "base/prefs/pref_service.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "base/time/time.h"
12 #include "chrome/browser/autocomplete/autocomplete_classifier.h"
13 #include "chrome/browser/autocomplete/autocomplete_classifier_factory.h"
14 #include "chrome/browser/autocomplete/chrome_autocomplete_scheme_classifier.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chrome/browser/search/search.h"
17 #include "chrome/browser/ssl/ssl_error_info.h"
18 #include "chrome/browser/ui/toolbar/toolbar_model_delegate.h"
19 #include "chrome/common/chrome_constants.h"
20 #include "chrome/common/chrome_switches.h"
21 #include "chrome/common/pref_names.h"
22 #include "chrome/common/url_constants.h"
23 #include "chrome/grit/generated_resources.h"
24 #include "components/google/core/browser/google_util.h"
25 #include "components/omnibox/autocomplete_input.h"
26 #include "components/omnibox/autocomplete_match.h"
27 #include "content/public/browser/cert_store.h"
28 #include "content/public/browser/navigation_controller.h"
29 #include "content/public/browser/navigation_entry.h"
30 #include "content/public/browser/web_contents.h"
31 #include "content/public/browser/web_ui.h"
32 #include "content/public/common/content_constants.h"
33 #include "content/public/common/ssl_status.h"
34 #include "grit/components_scaled_resources.h"
35 #include "grit/theme_resources.h"
36 #include "net/base/net_util.h"
37 #include "net/cert/cert_status_flags.h"
38 #include "net/cert/x509_certificate.h"
39 #include "net/ssl/ssl_connection_status_flags.h"
40 #include "ui/base/l10n/l10n_util.h"
41
42 #if defined(OS_CHROMEOS)
43 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
44 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
45 #endif
46
47 using content::NavigationController;
48 using content::NavigationEntry;
49 using content::SSLStatus;
50 using content::WebContents;
51
52 namespace {
53
54 // Converts a SHA-1 field trial group into the appropriate SecurityLevel.
GetSecurityLevelForFieldTrialGroup(const std::string & group,ToolbarModel::SecurityLevel * level)55 bool GetSecurityLevelForFieldTrialGroup(const std::string& group,
56 ToolbarModel::SecurityLevel* level) {
57 if (group == "Error")
58 *level = ToolbarModel::SECURITY_ERROR;
59 else if (group == "Warning")
60 *level = ToolbarModel::SECURITY_WARNING;
61 else if (group == "HTTP")
62 *level = ToolbarModel::NONE;
63 else
64 return false;
65 return true;
66 }
67
68 } // namespace
69
ToolbarModelImpl(ToolbarModelDelegate * delegate)70 ToolbarModelImpl::ToolbarModelImpl(ToolbarModelDelegate* delegate)
71 : delegate_(delegate) {
72 }
73
~ToolbarModelImpl()74 ToolbarModelImpl::~ToolbarModelImpl() {
75 }
76
77 // static
GetSecurityLevelForWebContents(content::WebContents * web_contents)78 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
79 content::WebContents* web_contents) {
80 if (!web_contents)
81 return NONE;
82
83 NavigationEntry* entry = web_contents->GetController().GetVisibleEntry();
84 if (!entry)
85 return NONE;
86
87 const SSLStatus& ssl = entry->GetSSL();
88 switch (ssl.security_style) {
89 case content::SECURITY_STYLE_UNKNOWN:
90 case content::SECURITY_STYLE_UNAUTHENTICATED:
91 return NONE;
92
93 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
94 return SECURITY_ERROR;
95
96 case content::SECURITY_STYLE_AUTHENTICATED: {
97 #if defined(OS_CHROMEOS)
98 policy::PolicyCertService* service =
99 policy::PolicyCertServiceFactory::GetForProfile(
100 Profile::FromBrowserContext(web_contents->GetBrowserContext()));
101 if (service && service->UsedPolicyCertificates())
102 return SECURITY_POLICY_WARNING;
103 #endif
104 if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))
105 return SECURITY_WARNING;
106 scoped_refptr<net::X509Certificate> cert;
107 if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
108 (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
109 // The internal representation of the dates for UI treatment of SHA-1.
110 // See http://crbug.com/401365 for details
111 static const int64_t kJanuary2017 = INT64_C(13127702400000000);
112 static const int64_t kJune2016 = INT64_C(13109213000000000);
113 static const int64_t kJanuary2016 = INT64_C(13096080000000000);
114
115 ToolbarModel::SecurityLevel security_level = NONE;
116 // Gated behind a field trial, so that it is possible to adjust the
117 // UI treatment (to be more or less severe, as necessary) over the
118 // course of multiple releases.
119 // See http://crbug.com/401365 for the timeline, with the end state
120 // being that > kJanuary2017 = Error, and > kJanuary2016 =
121 // Warning, and kJune2016 disappearing entirely.
122 if (cert->valid_expiry() >=
123 base::Time::FromInternalValue(kJanuary2017) &&
124 GetSecurityLevelForFieldTrialGroup(
125 base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2017"),
126 &security_level)) {
127 return security_level;
128 }
129 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJune2016) &&
130 GetSecurityLevelForFieldTrialGroup(
131 base::FieldTrialList::FindFullName("SHA1ToolbarUIJune2016"),
132 &security_level)) {
133 return security_level;
134 }
135 if (cert->valid_expiry() >=
136 base::Time::FromInternalValue(kJanuary2016) &&
137 GetSecurityLevelForFieldTrialGroup(
138 base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2016"),
139 &security_level)) {
140 return security_level;
141 }
142 }
143 if (net::IsCertStatusError(ssl.cert_status)) {
144 DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
145 return SECURITY_WARNING;
146 }
147 if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
148 net::SSL_CONNECTION_VERSION_SSL3) {
149 // SSLv3 will be removed in the future.
150 return SECURITY_WARNING;
151 }
152 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())
153 return EV_SECURE;
154 return SECURE;
155 }
156 default:
157 NOTREACHED();
158 return NONE;
159 }
160 }
161
162 // ToolbarModelImpl Implementation.
GetText() const163 base::string16 ToolbarModelImpl::GetText() const {
164 base::string16 search_terms(GetSearchTerms(false));
165 if (!search_terms.empty())
166 return search_terms;
167
168 if (WouldOmitURLDueToOriginChip())
169 return base::string16();
170
171 return GetFormattedURL(NULL);
172 }
173
GetFormattedURL(size_t * prefix_end) const174 base::string16 ToolbarModelImpl::GetFormattedURL(size_t* prefix_end) const {
175 std::string languages; // Empty if we don't have a |navigation_controller|.
176 Profile* profile = GetProfile();
177 if (profile)
178 languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages);
179
180 GURL url(GetURL());
181 if (url.spec().length() > content::kMaxURLDisplayChars)
182 url = url.IsStandard() ? url.GetOrigin() : GURL(url.scheme() + ":");
183 // Note that we can't unescape spaces here, because if the user copies this
184 // and pastes it into another program, that program may think the URL ends at
185 // the space.
186 return AutocompleteInput::FormattedStringWithEquivalentMeaning(
187 url, net::FormatUrl(url, languages, net::kFormatUrlOmitAll,
188 net::UnescapeRule::NORMAL, NULL, prefix_end, NULL),
189 ChromeAutocompleteSchemeClassifier(profile));
190 }
191
GetCorpusNameForMobile() const192 base::string16 ToolbarModelImpl::GetCorpusNameForMobile() const {
193 if (!WouldPerformSearchTermReplacement(false))
194 return base::string16();
195 GURL url(GetURL());
196 // If there is a query in the url fragment look for the corpus name there,
197 // otherwise look for the corpus name in the query parameters.
198 const std::string& query_str(google_util::HasGoogleSearchQueryParam(
199 url.ref()) ? url.ref() : url.query());
200 url::Component query(0, query_str.length()), key, value;
201 const char kChipKey[] = "sboxchip";
202 while (url::ExtractQueryKeyValue(query_str.c_str(), &query, &key, &value)) {
203 if (key.is_nonempty() && query_str.substr(key.begin, key.len) == kChipKey) {
204 return net::UnescapeAndDecodeUTF8URLComponent(
205 query_str.substr(value.begin, value.len),
206 net::UnescapeRule::NORMAL);
207 }
208 }
209 return base::string16();
210 }
211
GetURL() const212 GURL ToolbarModelImpl::GetURL() const {
213 const NavigationController* navigation_controller = GetNavigationController();
214 if (navigation_controller) {
215 const NavigationEntry* entry = navigation_controller->GetVisibleEntry();
216 if (entry)
217 return ShouldDisplayURL() ? entry->GetVirtualURL() : GURL();
218 }
219
220 return GURL(url::kAboutBlankURL);
221 }
222
WouldPerformSearchTermReplacement(bool ignore_editing) const223 bool ToolbarModelImpl::WouldPerformSearchTermReplacement(
224 bool ignore_editing) const {
225 return !GetSearchTerms(ignore_editing).empty();
226 }
227
GetSecurityLevel(bool ignore_editing) const228 ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevel(
229 bool ignore_editing) const {
230 // When editing, assume no security style.
231 return (input_in_progress() && !ignore_editing) ?
232 NONE : GetSecurityLevelForWebContents(delegate_->GetActiveWebContents());
233 }
234
GetIcon() const235 int ToolbarModelImpl::GetIcon() const {
236 if (WouldPerformSearchTermReplacement(false)) {
237 // The secured version of the search icon is necessary if neither the search
238 // button nor origin chip are present to indicate the security state.
239 return (chrome::GetDisplaySearchButtonConditions() ==
240 chrome::DISPLAY_SEARCH_BUTTON_NEVER) &&
241 !chrome::ShouldDisplayOriginChip() ?
242 IDR_OMNIBOX_SEARCH_SECURED : IDR_OMNIBOX_SEARCH;
243 }
244
245 return GetIconForSecurityLevel(GetSecurityLevel(false));
246 }
247
GetIconForSecurityLevel(SecurityLevel level) const248 int ToolbarModelImpl::GetIconForSecurityLevel(SecurityLevel level) const {
249 static int icon_ids[NUM_SECURITY_LEVELS] = {
250 IDR_LOCATION_BAR_HTTP,
251 IDR_OMNIBOX_HTTPS_VALID,
252 IDR_OMNIBOX_HTTPS_VALID,
253 IDR_OMNIBOX_HTTPS_WARNING,
254 IDR_OMNIBOX_HTTPS_POLICY_WARNING,
255 IDR_OMNIBOX_HTTPS_INVALID,
256 };
257 DCHECK(arraysize(icon_ids) == NUM_SECURITY_LEVELS);
258 return icon_ids[level];
259 }
260
GetEVCertName() const261 base::string16 ToolbarModelImpl::GetEVCertName() const {
262 if (GetSecurityLevel(false) != EV_SECURE)
263 return base::string16();
264
265 // Note: Navigation controller and active entry are guaranteed non-NULL or
266 // the security level would be NONE.
267 scoped_refptr<net::X509Certificate> cert;
268 content::CertStore::GetInstance()->RetrieveCert(
269 GetNavigationController()->GetVisibleEntry()->GetSSL().cert_id, &cert);
270
271 // EV are required to have an organization name and country.
272 DCHECK(!cert->subject().organization_names.empty());
273 DCHECK(!cert->subject().country_name.empty());
274 return l10n_util::GetStringFUTF16(
275 IDS_SECURE_CONNECTION_EV,
276 base::UTF8ToUTF16(cert->subject().organization_names[0]),
277 base::UTF8ToUTF16(cert->subject().country_name));
278 }
279
ShouldDisplayURL() const280 bool ToolbarModelImpl::ShouldDisplayURL() const {
281 // Note: The order here is important.
282 // - The WebUI test must come before the extension scheme test because there
283 // can be WebUIs that have extension schemes (e.g. the bookmark manager). In
284 // that case, we should prefer what the WebUI instance says.
285 // - The view-source test must come before the NTP test because of the case
286 // of view-source:chrome://newtab, which should display its URL despite what
287 // chrome://newtab says.
288 NavigationController* controller = GetNavigationController();
289 NavigationEntry* entry = controller ? controller->GetVisibleEntry() : NULL;
290 if (entry) {
291 if (entry->IsViewSourceMode() ||
292 entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL) {
293 return true;
294 }
295
296 GURL url = entry->GetURL();
297 GURL virtual_url = entry->GetVirtualURL();
298 if (url.SchemeIs(content::kChromeUIScheme) ||
299 virtual_url.SchemeIs(content::kChromeUIScheme)) {
300 if (!url.SchemeIs(content::kChromeUIScheme))
301 url = virtual_url;
302 return url.host() != chrome::kChromeUINewTabHost;
303 }
304 }
305
306 return !chrome::IsInstantNTP(delegate_->GetActiveWebContents());
307 }
308
WouldOmitURLDueToOriginChip() const309 bool ToolbarModelImpl::WouldOmitURLDueToOriginChip() const {
310 const char kInterstitialShownKey[] = "interstitial_shown";
311
312 // When users type URLs and hit enter, continue to show those URLs until
313 // the navigation commits or an interstitial is shown, because having the
314 // omnibox clear immediately feels like the input was ignored.
315 NavigationController* navigation_controller = GetNavigationController();
316 if (navigation_controller) {
317 NavigationEntry* pending_entry = navigation_controller->GetPendingEntry();
318 if (pending_entry) {
319 const NavigationEntry* visible_entry =
320 navigation_controller->GetVisibleEntry();
321 base::string16 unused;
322 // Keep track that we've shown the origin chip on an interstitial so it
323 // can be shown even after the interstitial was dismissed, to avoid
324 // showing the chip, removing it and then showing it again.
325 if (visible_entry &&
326 visible_entry->GetPageType() == content::PAGE_TYPE_INTERSTITIAL &&
327 !pending_entry->GetExtraData(kInterstitialShownKey, &unused))
328 pending_entry->SetExtraData(kInterstitialShownKey, base::string16());
329 const ui::PageTransition transition_type =
330 pending_entry->GetTransitionType();
331 if ((transition_type & ui::PAGE_TRANSITION_TYPED) != 0 &&
332 !pending_entry->GetExtraData(kInterstitialShownKey, &unused))
333 return false;
334 }
335 }
336
337 if (!delegate_->InTabbedBrowser() || !ShouldDisplayURL() ||
338 !url_replacement_enabled())
339 return false;
340
341 if (chrome::ShouldDisplayOriginChip())
342 return true;
343
344 const chrome::OriginChipCondition chip_condition =
345 chrome::GetOriginChipCondition();
346 return (chip_condition == chrome::ORIGIN_CHIP_ALWAYS) ||
347 ((chip_condition == chrome::ORIGIN_CHIP_ON_SRP) &&
348 WouldPerformSearchTermReplacement(false));
349 }
350
GetNavigationController() const351 NavigationController* ToolbarModelImpl::GetNavigationController() const {
352 // This |current_tab| can be NULL during the initialization of the
353 // toolbar during window creation (i.e. before any tabs have been added
354 // to the window).
355 WebContents* current_tab = delegate_->GetActiveWebContents();
356 return current_tab ? ¤t_tab->GetController() : NULL;
357 }
358
GetProfile() const359 Profile* ToolbarModelImpl::GetProfile() const {
360 NavigationController* navigation_controller = GetNavigationController();
361 return navigation_controller ?
362 Profile::FromBrowserContext(navigation_controller->GetBrowserContext()) :
363 NULL;
364 }
365
GetSearchTerms(bool ignore_editing) const366 base::string16 ToolbarModelImpl::GetSearchTerms(bool ignore_editing) const {
367 if (!url_replacement_enabled() || (input_in_progress() && !ignore_editing))
368 return base::string16();
369
370 const WebContents* web_contents = delegate_->GetActiveWebContents();
371 base::string16 search_terms(chrome::GetSearchTerms(web_contents));
372 if (search_terms.empty()) {
373 // We mainly do this to enforce the subsequent DCHECK.
374 return base::string16();
375 }
376
377 // If the page is still loading and the security style is unknown, consider
378 // the page secure. Without this, after the user hit enter on some search
379 // terms, the omnibox would change to displaying the loading URL before
380 // changing back to the search terms once they could be extracted, thus
381 // causing annoying flicker.
382 DCHECK(web_contents);
383 const NavigationController& nav_controller = web_contents->GetController();
384 const NavigationEntry* entry = nav_controller.GetVisibleEntry();
385 if ((entry != nav_controller.GetLastCommittedEntry()) &&
386 (entry->GetSSL().security_style == content::SECURITY_STYLE_UNKNOWN))
387 return search_terms;
388
389 // If the URL is using a Google base URL specified via the command line, we
390 // bypass the security check below.
391 if (entry &&
392 google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL()))
393 return search_terms;
394
395 // Otherwise, extract search terms for HTTPS pages that do not have a security
396 // error.
397 ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing);
398 return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ?
399 base::string16() : search_terms;
400 }
401