chrome/browser/ssl/common_name_mismatch_handler.cc - Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case

Side by Side Diff: chrome/browser/ssl/common_name_mismatch_handler.cc

Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Resolved comments, added UMA Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/ssl/common_name_mismatch_handler.h ('K') | « chrome/browser/ssl/common_name_mismatch_handler.h ('k') | chrome/browser/ssl/ssl_blocking_page.h » ('j') | chrome/browser/ssl/ssl_browser_tests.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/ssl/common_name_mismatch_handler.h"

	6

	7 #include "base/logging.h"

	8 #include "base/strings/string_number_conversions.h"

	9 #include "chrome/browser/ssl/ssl_error_classification.h"

	10 #include "net/base/load_flags.h"

	11 #include "net/http/http_response_headers.h"

	12 #include "net/http/http_util.h"

	13 #include "net/url_request/url_request_status.h"

	14

	15 CommonNameMismatchHandler::CommonNameMismatchHandler(

	16 const GURL request_url,

	17 const scoped_refptr<net::URLRequestContextGetter>& request_context)

	18 : request_url_(request_url), request_context_(request_context) {

	19 }

	20

	21 CommonNameMismatchHandler::~CommonNameMismatchHandler() {

	22 }

	23

	24 // Static.
	meacer 2015/07/30 19:40:21 lower case, no period at the end: // static lower case, no period at the end: // static Bhanu Dev 2015/07/31 00:07:15 Done. Show quoted text On 2015/07/30 19:40:21, Mustafa Emre Acer wrote: > lower case, no period at the end: > > // static Done.
	25 CommonNameMismatchHandler::TestingState

	26 CommonNameMismatchHandler::testing_state_ = NOT_TESTING;

	27

	28 void CommonNameMismatchHandler::CheckSuggestedUrl(

	29 const GURL& url,

	30 const CheckUrlCallback& callback) {

	31 // Should be used only in tests.

	32 if (testing_state_ == IGNORE_REQUESTS_FOR_TESTING)

	33 return;

	34

	35 DCHECK(CalledOnValidThread());

	36 DCHECK(!CheckingSuggestedUrl());

	37 DCHECK(check_url_callback_.is_null());

	38

	39 check_url_callback_ = callback;

	40

	41 url_fetcher_ = net::URLFetcher::Create(0 /* testing ID */, url,

	42 net::URLFetcher::HEAD, this);

	43 url_fetcher_->SetAutomaticallyRetryOn5xx(false);

	44 url_fetcher_->SetRequestContext(request_context_.get());

	45

	46 // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here,

	47 // since then the connection may be reused without checking the cert.

	48 url_fetcher_->SetLoadFlags(

	49 net::LOAD_BYPASS_CACHE \| net::LOAD_DO_NOT_SAVE_COOKIES \|

	50 net::LOAD_DO_NOT_SEND_COOKIES \| net::LOAD_DO_NOT_SEND_AUTH_DATA);

	51 url_fetcher_->Start();

	52 }

	53

	54 void CommonNameMismatchHandler::OnURLFetchComplete(

	55 const net::URLFetcher* source) {

	56 DCHECK(CalledOnValidThread());

	57 DCHECK(CheckingSuggestedUrl());

	58 DCHECK_EQ(url_fetcher_.get(), source);

	59 DCHECK(!check_url_callback_.is_null());

	60

	61 Results results;

	62 GetSuggestedUrlCheckResult(url_fetcher_.get(), &results);

	63 CheckUrlCallback callback = check_url_callback_;

	64 url_fetcher_.reset();

	65 check_url_callback_.Reset();

	66 callback.Run(results);

	67 }

	68

	69 // Takes a net::URLFetcher that has finished trying to retrieve the test

	70 // URL, and returns a CommonNameMismatchHandler::Result based on its result.

	71 void CommonNameMismatchHandler::GetSuggestedUrlCheckResult(

	72 const net::URLFetcher* url_fetcher,

	73 Results* results) const {

	74 DCHECK(results);

	75 DCHECK(!url_fetcher->GetStatus().is_io_pending());

	76

	77 results->result = SUGGESTED_URL_NOT_AVAILABLE;

	78

	79 // \|suggested_url\| and \|landing_url\| can be different in case of a redirect.

	80 const GURL& suggested_url = url_fetcher->GetOriginalURL();

	81 const GURL& landing_url = url_fetcher->GetURL();

	82

	83 // Make sure the \|landing_url\| is a valid https page.

	84 if (url_fetcher->GetResponseCode() == 200 &&

	85 landing_url.SchemeIsCryptographic() &&

	86 landing_url.host() != request_url_.host()) {

	87 results->result = SUGGESTED_URL_AVAILABLE;

	88 // Display \|suggested_url\| to user even if it redirects to \|landing_url\|.

	89 results->suggested_url = suggested_url;

	90 }

	91 }

	92

	93 bool CommonNameMismatchHandler::GetSuggestedUrl(

	94 const GURL& request_url,

	95 const std::vector<std::string>& dns_names,

	96 GURL* suggested_url) {

	97 std::string host_name = request_url.host();

	98 std::string www_mismatch_hostname;

	99 if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names,

	100 &www_mismatch_hostname)) {

	101 return false;

	102 } else {

	103 // The full URL should be pinged, not just the new hostname. So, get the

	104 // \|suggested_url\| with the \|request_url\|'s hostname replaced with

	105 // new hostname. Keep resource path, query params the same.

	106 GURL::Replacements replacements;

	107 replacements.SetHostStr(www_mismatch_hostname);

	108 *suggested_url = request_url.ReplaceComponents(replacements);

	109 return true;

	110 }

	111 }

	112

	113 bool CommonNameMismatchHandler::CheckingSuggestedUrl() const {

	114 return url_fetcher_.get() != NULL;

	115 }

OLD	NEW