- Make the V2 interstitial support non-overridable errors.

- Make the V2 interstitial the default, and the V1 non-default (Finch-controlled).

BUG=331453

for chrome/browser/browser_resources.grd:
TBR=sky@chromium.org

everything passes except the broken android gn thing:
NOTRY=true

Review URL: https://codereview.chromium.org/317573002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@275035 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 189 insertions, 85 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 0a06ba2..87f619e 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -9189,30 +9189,53 @@ Keep your key file in a safe place. You will need it to create new versions of y
         Stop sharing
       </message>
 
-      <!-- SSL Overridable Page v2 -->
-      <message name="IDS_SSL_OVERRIDABLE_TITLE" desc="The tab title for the overridable SSL interstitial.">
+      <!-- SSL Interstitial V2 -->
+      <message name="IDS_SSL_V2_TITLE" desc="The tab title for the SSL interstitial.">
         Privacy error
       </message>
-      <message name="IDS_SSL_OVERRIDABLE_HEADING" desc="The large heading at the top of the overridable SSL interstitial.">
+      <message name="IDS_SSL_V2_HEADING" desc="The large heading at the top of the SSL interstitial.">
         Your connection is not private
       </message>
-      <message name="IDS_SSL_OVERRIDABLE_PRIMARY_PARAGRAPH" desc="The primary explanatory paragraph for the overridable SSL interstitial.">
+      <message name="IDS_SSL_V2_PRIMARY_PARAGRAPH" desc="The primary explanatory paragraph for the SSL interstitial.">
         Attackers might be trying to steal your information from <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph name="SITE">$1<ex>google.com</ex></ph><ph name="END_BOLD">&lt;/strong&gt;</ph> (for example, passwords, messages, or credit cards).
       </message>
-      <message name="IDS_SSL_OVERRIDABLE_SAFETY_BUTTON" desc="The text for the button that takes the user back to the previous page.">
-        Back to safety
-      </message>
-      <message name="IDS_SSL_OVERRIDABLE_OPEN_DETAILS_BUTTON" desc="The text for the button that expands the details.">
+      <message name="IDS_SSL_V2_OPEN_DETAILS_BUTTON" desc="The text for the button that expands the details.">
         Details
       </message>
-      <message name="IDS_SSL_OVERRIDABLE_CLOSE_DETAILS_BUTTON" desc="The text for the button that hides the details.">
+      <message name="IDS_SSL_V2_CLOSE_DETAILS_BUTTON" desc="The text for the button that hides the details.">
         Hide details
       </message>
+
+      <!-- SSL Interstitial V2: Overridable -->
+      <message name="IDS_SSL_OVERRIDABLE_SAFETY_BUTTON" desc="The text for the button that takes the user back to the previous page.">
+        Back to safety
+      </message>
       <message name="IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH" desc="The text for the paragraph at the bottom with the proceed link.">
         To stay safe, try again later when this temporary problem has been resolved. If you understand the privacy risks, you may <ph name="BEGIN_LINK">&lt;a href="#" id="proceed-link"&gt;</ph>use an unsafe connection<ph name="END_LINK">&lt;/a&gt;</ph> to visit <ph name="SITE">$1<ex>example.com</ex></ph>.
       </message>
 
-      <!-- SSL Road Block (Overridable) Page -->
+      <!-- SSL Interstitial V2: Non-overridable -->
+      <message name="IDS_SSL_NONOVERRIDABLE_RELOAD_BUTTON" desc="The text for the button that reloads the page.">
+        Reload
+      </message>
+      <message name="IDS_SSL_NONOVERRIDABLE_MORE" desc="Body text for the explanation shown if user clicks on the Details button.">
+        <ph name="SITE">$1<ex>google.com</ex></ph> normally uses encryption to protect your information. When Chrome tried to connect to <ph name="SITE">$1<ex>google.com</ex></ph> this time, the website sent back unusual
+and incorrect credentials. Either an attacker is trying to pretend to be <ph name="SITE">$1<ex>google.com</ex></ph>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
+      </message>
+      <message name="IDS_SSL_NONOVERRIDABLE_PINNED" desc="A sentence to explain why the user can't proceed, plus a link to a help page about certificate pinning.">
+      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website <ph name="BEGIN_LINK">&lt;a href="#" id="help-link"&gt;</ph>uses certificate pinning<ph name="END_LINK">&lt;/a&gt;</ph>. Network errors and attacks are usually temporary, so this page will probably work later.
+      </message>
+      <message name="IDS_SSL_NONOVERRIDABLE_HSTS" desc="A sentence to explain why the user can't proceed, plus a link to a help page about HSTS.">
+      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website <ph name="BEGIN_LINK">&lt;a href="#" id="help-link"&gt;</ph>uses HSTS<ph name="END_LINK">&lt;/a&gt;</ph>.
+      </message>
+      <message name="IDS_SSL_NONOVERRIDABLE_REVOKED" desc="A sentence to explain why the user can't proceed, plus a link to a help page about certificate revocation.">
+      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because <ph name="BEGIN_LINK">&lt;a href="#" id="help-link"&gt;</ph>this certificate has been revoked<ph name="END_LINK">&lt;/a&gt;</ph>.
+      </message>
+      <message name="IDS_SSL_NONOVERRIDABLE_INVALID" desc="A sentence to explain why the user can't proceed.">
+      You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website sent scrambled credentials that Chrome cannot process.
+      </message>
+
+      <!-- SSL Interstitial V1: Overridable -->
       <message name="IDS_SSL_OVERRIDABLE_PAGE_TITLE" desc="The title of the overridable SSL interstitial.">
         SSL Error
       </message>
@@ -9226,7 +9249,7 @@ Keep your key file in a safe place. You will need it to create new versions of y
         You should not proceed, &lt;strong&gt;especially&lt;/strong&gt; if you have never seen this warning before for this site.
       </message>
 
-      <!-- SSL Blocking (Non-Overridable) Page -->
+      <!-- SSL Interstitial V1: Non-overridable -->
       <message name="IDS_SSL_BLOCKING_PAGE_TITLE" desc="The title of the non-overridable SSL error.">
         SSL Error
       </message>
diff --git a/chrome/browser/browser_resources.grd b/chrome/browser/browser_resources.grd
index 56fc8ce..0d89ea9 100644
--- a/chrome/browser/browser_resources.grd
+++ b/chrome/browser/browser_resources.grd
@@ -72,7 +72,7 @@
         <structure name="IDR_NETWORK_CONFIG_JS" file="resources\chromeos\network\network_config.js" flattenhtml="true" type="chrome_html" />
       </if>
       <structure name="IDR_READER_OUT_OF_DATE_HTML" file="resources\reader_out_of_date.html" flattenhtml="true" type="chrome_html" />
-      <structure name="IRD_SSL_OVERRIDABLE_V2_HTML" file="resources\ssl\overridable_v2.html" flattenhtml="true" type="chrome_html" />
+      <structure name="IRD_SSL_INTERSTITIAL_V2_HTML" file="resources\ssl\interstitial_v2.html" flattenhtml="true" type="chrome_html" />
       <structure name="IDR_SSL_ROAD_BLOCK_HTML" file="resources\ssl\roadblock.html" flattenhtml="true" type="chrome_html" />
       <structure name="IDR_SSL_BLOCKING_HTML" file="resources\ssl\blocking.html" flattenhtml="true" type="chrome_html" />
       <structure name="IDR_SAFE_BROWSING_MALWARE_BLOCK_V2" file="resources\safe_browsing\malware_block_v2.html" flattenhtml="true" type="chrome_html" />
diff --git a/chrome/browser/resources/ssl/overridable_v2.css b/chrome/browser/resources/ssl/interstitial_v2.css
index f0d3205..2ea38bb 100644
--- a/chrome/browser/resources/ssl/overridable_v2.css
+++ b/chrome/browser/resources/ssl/interstitial_v2.css
@@ -18,6 +18,7 @@ button {
   border-radius: 2px;
   box-sizing: border-box;
   color: #fff;
+  cursor: pointer;
   float: right;
   margin: -6px 0 0;
   padding: 8px 24px;
@@ -39,7 +40,10 @@ h1 {
 }
 
 .icon {
-  background: url(images/lock_red.png) no-repeat;
+  background: -webkit-image-set(
+      url('images/1x/brokenssl_red.png') 1x,
+      url('images/2x/brokenssl_red.png') 2x);
+  background-repeat: no-repeat;
   background-size: 100%;
   height: 69px;
   margin: 0 0 40px;
@@ -49,7 +53,7 @@ h1 {
 .interstitial-wrapper {
   box-sizing: border-box;
   margin: 10% auto 0;
-  max-width: 582px;
+  max-width: 552px;
   width: 100%;
 }
 
diff --git a/chrome/browser/resources/ssl/overridable_v2.html b/chrome/browser/resources/ssl/interstitial_v2.html
index d8609fc..faaca6a 100644
--- a/chrome/browser/resources/ssl/overridable_v2.html
+++ b/chrome/browser/resources/ssl/interstitial_v2.html
@@ -5,11 +5,11 @@
     <meta name="viewport"
         content="initial-scale=1, minimum-scale=1, width=device-width">
     <title i18n-content="tabTitle"></title>
-    <link rel="stylesheet" href="overridable_v2.css">
+    <link rel="stylesheet" href="interstitial_v2.css">
     <script src="../../../../ui/webui/resources/js/util.js"></script>
     <script src="../../../../ui/webui/resources/js/load_time_data.js"></script>
     <script src="ssl_errors_common.js"></script>
-    <script src="overridable_v2.js"></script>
+    <script src="interstitial_v2.js"></script>
   </head>
 <body i18n-values=".style.fontFamily:fontfamily;.style.fontSize:fontsize">
   <div class="interstitial-wrapper">
@@ -19,12 +19,12 @@
       <p i18n-values=".innerHTML:primaryParagraph"></p>
     </div>
     <div class="nav-wrapper">
-      <button i18n-content="safetyButtonText" id="safety-button"></button>
+      <button i18n-content="primaryButtonText" id="primary-button"></button>
       <a href="#" id="details-button" i18n-content="openDetails"></a>
     </div>
     <div id="details" class="hidden">
       <p i18n-values=".innerHTML:explanationParagraph"></p>
-      <p i18n-values=".innerHTML:proceedParagraph"></p>
+      <p i18n-values=".innerHTML:finalParagraph"></p>
     </div>
   </div>
 </body>
diff --git a/chrome/browser/resources/ssl/overridable_v2.js b/chrome/browser/resources/ssl/interstitial_v2.js
index 22c0346..99344ee8 100644
--- a/chrome/browser/resources/ssl/overridable_v2.js
+++ b/chrome/browser/resources/ssl/interstitial_v2.js
@@ -5,15 +5,29 @@
 var expandedDetails = false;
 
 function setupEvents() {
-  $('safety-button').addEventListener('click', function() {
-    sendCommand(CMD_DONT_PROCEED);
-  });
+  var overridable = loadTimeData.getBoolean('overridable');
 
-  $('proceed-link').addEventListener('click', function(event) {
-    sendCommand(CMD_PROCEED);
-    event.preventDefault();  // Don't let the fragment navigate.
+  $('primary-button').addEventListener('click', function() {
+    if (overridable)
+      sendCommand(CMD_DONT_PROCEED);
+    else
+      sendCommand(CMD_RELOAD);
   });
 
+  if (overridable) {
+    $('proceed-link').addEventListener('click', function(event) {
+      sendCommand(CMD_PROCEED);
+      event.preventDefault();
+    });
+  }
+
+  if (!overridable) {
+    $('help-link').addEventListener('click', function(event) {
+      sendCommand(CMD_HELP);
+      event.preventDefault();
+    });
+  }
+
   $('details-button').addEventListener('click', function(event) {
     var hiddenDetails = $('details').classList.toggle('hidden');
     $('details-button').innerText = hiddenDetails ?
@@ -24,7 +38,7 @@ function setupEvents() {
       sendCommand(CMD_MORE);
       expandedDetails = true;
     }
-    event.preventDefault();  // Don't let the fragment navigate.
+    event.preventDefault();
   });
 }
 
diff --git a/chrome/browser/resources/ssl/ssl_errors_common.js b/chrome/browser/resources/ssl/ssl_errors_common.js
index 7e416df..190a8eb 100644
--- a/chrome/browser/resources/ssl/ssl_errors_common.js
+++ b/chrome/browser/resources/ssl/ssl_errors_common.js
@@ -7,6 +7,7 @@ var CMD_DONT_PROCEED = 0;
 var CMD_PROCEED = 1;
 var CMD_MORE = 2;
 var CMD_RELOAD = 3;
+var CMD_HELP = 4;
 
 var keyPressState = 0;
 
diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc
index d8329c3..87c0a6e 100644
--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -62,7 +62,8 @@ enum SSLBlockingPageCommands {
   CMD_DONT_PROCEED,
   CMD_PROCEED,
   CMD_MORE,
-  CMD_RELOAD
+  CMD_RELOAD,
+  CMD_HELP
 };
 
 // Events for UMA.
@@ -262,59 +263,16 @@ SSLBlockingPage::~SSLBlockingPage() {
   }
 }
 
-std::string SSLBlockingPage::GetHTMLContentsV2() {
-  base::DictionaryValue strings;
-  SSLErrorInfo error_info =
-      SSLErrorInfo::CreateError(
-          SSLErrorInfo::NetErrorToErrorType(cert_error_),
-          ssl_info_.cert.get(),
-          request_url_);
-  base::string16 url(ASCIIToUTF16(request_url_.host()));
-  bool rtl = base::i18n::IsRTL();
-  strings.SetString("textDirection", rtl ? "rtl" : "ltr");
-  if (rtl)
-    base::i18n::WrapStringWithLTRFormatting(&url);
-  webui::SetFontAndTextDirection(&strings);
-
-  strings.SetString(
-      "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_TITLE));
-  strings.SetString(
-      "heading", l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_HEADING));
-  strings.SetString(
-      "primaryParagraph",
-      l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PRIMARY_PARAGRAPH,
-                                 url.c_str()));
-  strings.SetString(
-      "explanationParagraph", error_info.details());
-  strings.SetString(
-      "safetyButtonText",
-      l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
-  strings.SetString(
-      "openDetails",
-      l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_OPEN_DETAILS_BUTTON));
-  strings.SetString(
-      "closeDetails",
-      l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_CLOSE_DETAILS_BUTTON));
-  strings.SetString(
-      "proceedParagraph",
-      l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH,
-                                 url.c_str()));
-
-  base::StringPiece html(
-     ResourceBundle::GetSharedInstance().GetRawDataResource(
-         IRD_SSL_OVERRIDABLE_V2_HTML));
-  webui::UseVersion2 version;
-  return webui::GetI18nTemplateHtml(html, &strings);
+std::string SSLBlockingPage::GetHTMLContents() {
+  if (base::FieldTrialList::FindFullName("SSLInterstitialVersion") == "V1")
+    return GetHTMLContentsV1();
+  return GetHTMLContentsV2();
 }
 
-std::string SSLBlockingPage::GetHTMLContents() {
+std::string SSLBlockingPage::GetHTMLContentsV1() {
   base::DictionaryValue strings;
   int resource_id;
   if (overridable_ && !strict_enforcement_) {
-    // Check to see if the v2 version should be displayed instead.
-    if (base::FieldTrialList::FindFullName("InterstitialsV2") == "ShowV2")
-      return GetHTMLContentsV2();
-
     // Let's build the overridable error page.
     SSLErrorInfo error_info =
         SSLErrorInfo::CreateError(
@@ -454,6 +412,86 @@ std::string SSLBlockingPage::GetHTMLContents() {
   return webui::GetI18nTemplateHtml(html, &strings);
 }
 
+std::string SSLBlockingPage::GetHTMLContentsV2() {
+  base::DictionaryValue loadTimeData;
+  base::string16 url(ASCIIToUTF16(request_url_.host()));
+  bool rtl = base::i18n::IsRTL();
+  loadTimeData.SetString("textDirection", rtl ? "rtl" : "ltr");
+  if (rtl)
+    base::i18n::WrapStringWithLTRFormatting(&url);
+  webui::SetFontAndTextDirection(&loadTimeData);
+
+  // Shared values for both the overridable and non-overridable versions.
+  loadTimeData.SetBoolean("overridable", overridable_ && !strict_enforcement_);
+  loadTimeData.SetString(
+      "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE));
+  loadTimeData.SetString(
+      "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING));
+  loadTimeData.SetString(
+      "primaryParagraph",
+      l10n_util::GetStringFUTF16(IDS_SSL_V2_PRIMARY_PARAGRAPH, url));
+  loadTimeData.SetString(
+     "openDetails",
+     l10n_util::GetStringUTF16(IDS_SSL_V2_OPEN_DETAILS_BUTTON));
+  loadTimeData.SetString(
+     "closeDetails",
+     l10n_util::GetStringUTF16(IDS_SSL_V2_CLOSE_DETAILS_BUTTON));
+
+  if (overridable_ && !strict_enforcement_) {  // Overridable.
+    SSLErrorInfo error_info =
+        SSLErrorInfo::CreateError(
+            SSLErrorInfo::NetErrorToErrorType(cert_error_),
+            ssl_info_.cert.get(),
+            request_url_);
+    loadTimeData.SetString(
+        "explanationParagraph", error_info.details());
+    loadTimeData.SetString(
+        "primaryButtonText",
+        l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
+    loadTimeData.SetString(
+        "finalParagraph",
+        l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH, url));
+  } else {  // Non-overridable.
+    loadTimeData.SetBoolean("overridable", false);
+    loadTimeData.SetString(
+        "explanationParagraph",
+        l10n_util::GetStringFUTF16(IDS_SSL_NONOVERRIDABLE_MORE, url));
+    loadTimeData.SetString(
+        "primaryButtonText",
+        l10n_util::GetStringUTF16(IDS_SSL_NONOVERRIDABLE_RELOAD_BUTTON));
+    // Customize the help link depending on the specific error type.
+    // Only mark as HSTS if none of the more specific error types apply, and use
+    // INVALID as a fallback if no other string is appropriate.
+    SSLErrorInfo::ErrorType type =
+        SSLErrorInfo::NetErrorToErrorType(cert_error_);
+    loadTimeData.SetInteger("errorType", type);
+    int help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
+    switch (type) {
+      case SSLErrorInfo::CERT_REVOKED:
+        help_string = IDS_SSL_NONOVERRIDABLE_REVOKED;
+        break;
+      case SSLErrorInfo::CERT_PINNED_KEY_MISSING:
+        help_string = IDS_SSL_NONOVERRIDABLE_PINNED;
+        break;
+      case SSLErrorInfo::CERT_INVALID:
+        help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
+        break;
+      default:
+        if (strict_enforcement_)
+          help_string = IDS_SSL_NONOVERRIDABLE_HSTS;
+    }
+    loadTimeData.SetString(
+        "finalParagraph",
+        l10n_util::GetStringFUTF16(help_string, url));
+  }
+
+  base::StringPiece html(
+     ResourceBundle::GetSharedInstance().GetRawDataResource(
+         IRD_SSL_INTERSTITIAL_V2_HTML));
+  webui::UseVersion2 version;
+  return webui::GetI18nTemplateHtml(html, &loadTimeData);
+}
+
 void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
   int cert_id = content::CertStore::GetInstance()->StoreCert(
       ssl_info_.cert.get(), web_contents_->GetRenderProcessHost()->GetID());
@@ -474,16 +512,38 @@ void SSLBlockingPage::OverrideEntry(NavigationEntry* entry) {
 // Matches events defined in ssl_error.html and ssl_roadblock.html.
 void SSLBlockingPage::CommandReceived(const std::string& command) {
   int cmd = atoi(command.c_str());
-  if (cmd == CMD_DONT_PROCEED) {
-    interstitial_page_->DontProceed();
-  } else if (cmd == CMD_PROCEED) {
-    interstitial_page_->Proceed();
-  } else if (cmd == CMD_MORE) {
-    RecordSSLBlockingPageEventStats(MORE);
-  } else if (cmd == CMD_RELOAD) {
-    // The interstitial can't refresh itself.
-    content::NavigationController* controller = &web_contents_->GetController();
-    controller->Reload(true);
+  // TODO(felt): Fix crbug.com/380829 and reinstate this code!
+  /*bool retval = base::StringToInt(command, &cmd);
+  DCHECK(retval);*/
+  switch (cmd) {
+    case CMD_DONT_PROCEED: {
+      interstitial_page_->DontProceed();
+      break;
+    }
+    case CMD_PROCEED: {
+      interstitial_page_->Proceed();
+      break;
+    }
+    case CMD_MORE: {
+      RecordSSLBlockingPageEventStats(MORE);
+      break;
+    }
+    case CMD_RELOAD: {
+      // The interstitial can't refresh itself.
+      web_contents_->GetController().Reload(true);
+      break;
+    }
+    case CMD_HELP: {
+      // The interstitial can't open a popup or navigate itself.
+      // TODO(felt): We're going to need a new help page.
+      content::NavigationController::LoadURLParams help_page_params(GURL(
+          "https://support.google.com/chrome/answer/4454607"));
+      web_contents_->GetController().LoadURLWithParams(help_page_params);
+      break;
+    }
+    default: {
+      NOTREACHED();
+    }
   }
 }
 
diff --git a/chrome/browser/ssl/ssl_blocking_page.h b/chrome/browser/ssl/ssl_blocking_page.h
index 8f1174a..ae771be 100644
--- a/chrome/browser/ssl/ssl_blocking_page.h
+++ b/chrome/browser/ssl/ssl_blocking_page.h
@@ -66,7 +66,9 @@ class SSLBlockingPage : public content::InterstitialPageDelegate,
   void NotifyDenyCertificate();
   void NotifyAllowCertificate();
 
-  // Implements the new interstitial.
+  // These fetch the appropriate HTML page, depending on the
+  // SSLInterstitialVersion Finch trial.
+  std::string GetHTMLContentsV1();
   std::string GetHTMLContentsV2();
 
   // Used to query the HistoryService to see if the URL is in history. For UMA.