Chromium Code Reviews Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <vector> | 5 #include <vector> |
| 6 | 6 |
| 7 #include "chrome/browser/ssl/ssl_error_classification.h" | 7 #include "chrome/browser/ssl/ssl_error_classification.h" |
| 8 | 8 |
| 9 #include "base/build_time.h" | 9 #include "base/build_time.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 263 | 263 |
| 264 bool SSLErrorClassification::MaybeWindowsLacksSHA256Support() { | 264 bool SSLErrorClassification::MaybeWindowsLacksSHA256Support() { |
| 265 #if defined(OS_WIN) | 265 #if defined(OS_WIN) |
| 266 return !base::win::MaybeHasSHA256Support(); | 266 return !base::win::MaybeHasSHA256Support(); |
| 267 #else | 267 #else |
| 268 return false; | 268 return false; |
| 269 #endif | 269 #endif |
| 270 } | 270 } |
| 271 | 271 |
| 272 bool SSLErrorClassification::IsHostNameKnownTLD(const std::string& host_name) { | 272 bool SSLErrorClassification::IsHostNameKnownTLD(const std::string& host_name) { |
| 273 return 1; | |
|
Bhanu Dev
2015/07/23 20:11:06
I wrote this while I was testing. Will remove it i
meacer
2015/07/23 20:12:55
Can you remove it, do a |git cl format|, reupload
Bhanu Dev
2015/07/23 20:17:53
Done.
| |
| 273 size_t tld_length = | 274 size_t tld_length = |
| 274 net::registry_controlled_domains::GetRegistryLength( | 275 net::registry_controlled_domains::GetRegistryLength( |
| 275 host_name, | 276 host_name, |
| 276 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, | 277 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
| 277 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | 278 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
| 278 if (tld_length == 0 || tld_length == std::string::npos) | 279 if (tld_length == 0 || tld_length == std::string::npos) |
| 279 return false; | 280 return false; |
| 280 return true; | 281 return true; |
| 281 } | 282 } |
| 282 | 283 |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 315 } | 316 } |
| 316 | 317 |
| 317 SSLErrorClassification::Tokens SSLErrorClassification:: | 318 SSLErrorClassification::Tokens SSLErrorClassification:: |
| 318 Tokenize(const std::string& name) { | 319 Tokenize(const std::string& name) { |
| 319 Tokens name_tokens; | 320 Tokens name_tokens; |
| 320 base::SplitStringDontTrim(name, '.', &name_tokens); | 321 base::SplitStringDontTrim(name, '.', &name_tokens); |
| 321 return name_tokens; | 322 return name_tokens; |
| 322 } | 323 } |
| 323 | 324 |
| 324 // We accept the inverse case for www for historical reasons. | 325 // We accept the inverse case for www for historical reasons. |
| 325 bool SSLErrorClassification::IsWWWSubDomainMatch() const { | 326 bool SSLErrorClassification::GetWWWSubDomainMatch( |
| 326 std::string host_name = request_url_.host(); | 327 const std::string& host_name, |
| 328 const std::vector<std::string>& dns_names, | |
| 329 std::string* www_match_host_name) { | |
| 327 if (IsHostNameKnownTLD(host_name)) { | 330 if (IsHostNameKnownTLD(host_name)) { |
| 328 std::vector<std::string> dns_names; | |
| 329 cert_.GetDNSNames(&dns_names); | |
| 330 bool result = false; | |
| 331 // Need to account for all possible domains given in the SSL certificate. | 331 // Need to account for all possible domains given in the SSL certificate. |
| 332 for (size_t i = 0; i < dns_names.size(); ++i) { | 332 for (size_t i = 0; i < dns_names.size(); ++i) { |
| 333 if (dns_names[i].empty() || dns_names[i].find('\0') != std::string::npos | 333 if (dns_names[i].empty() || dns_names[i].find('\0') != std::string::npos |
| 334 || dns_names[i].length() == host_name.length() | 334 || dns_names[i].length() == host_name.length() |
| 335 || !(IsHostNameKnownTLD(dns_names[i]))) { | 335 || !(IsHostNameKnownTLD(dns_names[i]))) { |
| 336 result = result || false; | 336 continue; |
| 337 } else if (dns_names[i].length() > host_name.length()) { | 337 } else if (dns_names[i].length() > host_name.length()) { |
| 338 result = result || | 338 if (net::StripWWW(base::ASCIIToUTF16(dns_names[i])) == |
| 339 net::StripWWW(base::ASCIIToUTF16(dns_names[i])) == | 339 base::ASCIIToUTF16(host_name)) { |
| 340 base::ASCIIToUTF16(host_name); | 340 www_match_host_name->assign(dns_names[i].data(), dns_names[i].size()); |
| 341 return true; | |
| 342 } | |
| 341 } else { | 343 } else { |
| 342 result = result || | 344 if (net::StripWWW(base::ASCIIToUTF16(host_name)) == |
| 343 net::StripWWW(base::ASCIIToUTF16(host_name)) == | 345 base::ASCIIToUTF16(dns_names[i])) { |
| 344 base::ASCIIToUTF16(dns_names[i]); | 346 www_match_host_name->assign(dns_names[i].data(), dns_names[i].size()); |
| 347 return true; | |
| 348 } | |
| 345 } | 349 } |
| 346 } | 350 } |
| 347 return result; | |
| 348 } | 351 } |
| 349 return false; | 352 return false; |
| 350 } | 353 } |
| 351 | 354 |
| 355 bool SSLErrorClassification::IsWWWSubDomainMatch() const { | |
| 356 const std::string& host_name = request_url_.host(); | |
| 357 std::vector<std::string> dns_names; | |
| 358 cert_.GetDNSNames(&dns_names); | |
| 359 std::string www_host; | |
| 360 return GetWWWSubDomainMatch(host_name, dns_names, &www_host); | |
| 361 } | |
| 362 | |
| 352 bool SSLErrorClassification::NameUnderAnyNames( | 363 bool SSLErrorClassification::NameUnderAnyNames( |
| 353 const Tokens& child, | 364 const Tokens& child, |
| 354 const std::vector<Tokens>& potential_parents) const { | 365 const std::vector<Tokens>& potential_parents) const { |
| 355 bool result = false; | 366 bool result = false; |
| 356 // Need to account for all the possible domains given in the SSL certificate. | 367 // Need to account for all the possible domains given in the SSL certificate. |
| 357 for (size_t i = 0; i < potential_parents.size(); ++i) { | 368 for (size_t i = 0; i < potential_parents.size(); ++i) { |
| 358 if (potential_parents[i].empty() || | 369 if (potential_parents[i].empty() || |
| 359 potential_parents[i].size() >= child.size()) { | 370 potential_parents[i].size() >= child.size()) { |
| 360 result = result || false; | 371 result = result || false; |
| 361 } else { | 372 } else { |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 493 // sure we don't clear the captive protal flag, since the interstitial was | 504 // sure we don't clear the captive protal flag, since the interstitial was |
| 494 // potentially caused by the captive portal. | 505 // potentially caused by the captive portal. |
| 495 captive_portal_detected_ = captive_portal_detected_ || | 506 captive_portal_detected_ = captive_portal_detected_ || |
| 496 (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL); | 507 (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL); |
| 497 // Also keep track of non-HTTP portals and error cases. | 508 // Also keep track of non-HTTP portals and error cases. |
| 498 captive_portal_no_response_ = captive_portal_no_response_ || | 509 captive_portal_no_response_ = captive_portal_no_response_ || |
| 499 (results->result == captive_portal::RESULT_NO_RESPONSE); | 510 (results->result == captive_portal::RESULT_NO_RESPONSE); |
| 500 } | 511 } |
| 501 #endif | 512 #endif |
| 502 } | 513 } |
| OLD | NEW |
