| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/ssl/common_name_mismatch_handler.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "chrome/browser/ssl/ssl_error_classification.h" |
| 10 #include "net/base/load_flags.h" |
| 11 #include "net/http/http_response_headers.h" |
| 12 #include "net/http/http_util.h" |
| 13 #include "net/url_request/url_request_status.h" |
| 14 |
| 15 CommonNameMismatchHandler::CommonNameMismatchHandler( |
| 16 const GURL request_url, |
| 17 const scoped_refptr<net::URLRequestContextGetter>& request_context) |
| 18 : request_url_(request_url), request_context_(request_context) { |
| 19 } |
| 20 |
| 21 CommonNameMismatchHandler::~CommonNameMismatchHandler() { |
| 22 } |
| 23 |
| 24 CommonNameMismatchHandler::TestingState |
| 25 CommonNameMismatchHandler::testing_state_ = NOT_TESTING; |
| 26 |
| 27 void CommonNameMismatchHandler::CheckSuggestedUrl( |
| 28 const GURL& url, |
| 29 const CheckUrlCallback& callback) { |
| 30 // Should be used only in tests. |
| 31 if (testing_state_ == IGNORE_REQUESTS_FOR_TESTING) |
| 32 return; |
| 33 |
| 34 DCHECK(CalledOnValidThread()); |
| 35 DCHECK(!CheckingSuggestedUrl()); |
| 36 DCHECK(check_url_callback_.is_null()); |
| 37 |
| 38 check_url_callback_ = callback; |
| 39 |
| 40 // The first 0 means this can use a TestURLFetcherFactory in unit tests. |
| 41 url_fetcher_ = net::URLFetcher::Create(0, url, net::URLFetcher::HEAD, this); |
| 42 url_fetcher_->SetAutomaticallyRetryOn5xx(false); |
| 43 url_fetcher_->SetRequestContext(request_context_.get()); |
| 44 |
| 45 // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here, |
| 46 // since then the connection may be reused without checking the cert. |
| 47 url_fetcher_->SetLoadFlags( |
| 48 net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES | |
| 49 net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA); |
| 50 url_fetcher_->Start(); |
| 51 } |
| 52 |
| 53 void CommonNameMismatchHandler::OnURLFetchComplete( |
| 54 const net::URLFetcher* source) { |
| 55 DCHECK(CalledOnValidThread()); |
| 56 DCHECK(CheckingSuggestedUrl()); |
| 57 DCHECK_EQ(url_fetcher_.get(), source); |
| 58 DCHECK(!check_url_callback_.is_null()); |
| 59 |
| 60 Results results; |
| 61 GetSuggestedUrlCheckResult(url_fetcher_.get(), &results); |
| 62 CheckUrlCallback callback = check_url_callback_; |
| 63 url_fetcher_.reset(); |
| 64 check_url_callback_.Reset(); |
| 65 callback.Run(results); |
| 66 } |
| 67 |
| 68 // Takes a net::URLFetcher that has finished trying to retrieve the test |
| 69 // URL, and returns a CaptivePortalService::Result based on its result. |
| 70 void CommonNameMismatchHandler::GetSuggestedUrlCheckResult( |
| 71 const net::URLFetcher* url_fetcher, |
| 72 Results* results) const { |
| 73 DCHECK(results); |
| 74 DCHECK(!url_fetcher->GetStatus().is_io_pending()); |
| 75 |
| 76 results->result = RESULT_SUGGESTED_URL_INVALID; |
| 77 |
| 78 // |suggested_url| and |landing_url| can be different in case of a redirect. |
| 79 const GURL& suggested_url = url_fetcher->GetOriginalURL(); |
| 80 const GURL& landing_url = url_fetcher->GetURL(); |
| 81 |
| 82 // Make sure the |landing_url| is a valid https page. |
| 83 if (url_fetcher->GetResponseCode() == 200 && |
| 84 landing_url.SchemeIsCryptographic() && |
| 85 landing_url.host() != request_url_.host()) { |
| 86 results->result = RESULT_SUGGESTED_URL_VALID; |
| 87 // Display |suggested_url| to user even if it redirects to |landing_url|. |
| 88 results->suggested_url = suggested_url; |
| 89 } |
| 90 } |
| 91 |
| 92 bool CommonNameMismatchHandler::GetSuggestedUrl( |
| 93 const GURL& request_url, |
| 94 const std::vector<std::string>& dns_names, |
| 95 GURL* suggested_url) { |
| 96 std::string host_name = request_url.host(); |
| 97 std::string www_mismatch_host_name; |
| 98 if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names, |
| 99 &www_mismatch_host_name)) { |
| 100 return false; |
| 101 } else { |
| 102 // The full URL should be pinged, not just the new host name. So, get the |
| 103 // |suggested_url| with the |request_url|'s host name replaced with |
| 104 // new hostname. Keep resource path, query params the same. |
| 105 GURL::Replacements replacements; |
| 106 replacements.SetHostStr(www_mismatch_host_name); |
| 107 *suggested_url = request_url.ReplaceComponents(replacements); |
| 108 return true; |
| 109 } |
| 110 } |
| 111 |
| 112 bool CommonNameMismatchHandler::CheckingSuggestedUrl() const { |
| 113 return url_fetcher_.get() != NULL; |
| 114 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master