chrome/browser/ssl/common_name_mismatch_handler.h - Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case

Side by Side Diff: chrome/browser/ssl/common_name_mismatch_handler.h

Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Browsertests using MockCertVerifier Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/captive_portal/captive_portal_browsertest.cc ('K') | « chrome/browser/resources/security_warnings/interstitial_v2.js ('k') | chrome/browser/ssl/common_name_mismatch_handler.cc » ('j') | chrome/browser/ssl/ssl_browser_tests.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef CHROME_BROWSER_SSL_COMMON_NAME_MISMATCH_HANDLER_H_

	6 #define CHROME_BROWSER_SSL_COMMON_NAME_MISMATCH_HANDLER_H_

	7

	8 #include "base/basictypes.h"

	9 #include "base/callback.h"

	10 #include "base/memory/ref_counted.h"

	11 #include "base/memory/scoped_ptr.h"

	12 #include "base/threading/non_thread_safe.h"

	13 #include "base/time/time.h"

	14 #include "net/url_request/url_fetcher.h"

	15 #include "net/url_request/url_fetcher_delegate.h"

	16 #include "net/url_request/url_request_context_getter.h"

	17 #include "url/gurl.h"

	18

	19 // This class contains methods to get a suggested URL when certificate

	20 // validation fails due to \|ERR_CERT_COMMON_NAME_INVALID\| and has methods to

	21 // perform a network request to check the validity of new URL.

	22 class CommonNameMismatchHandler : public net::URLFetcherDelegate,
	Ryan Sleevi 2015/08/07 00:14:11 From a design perspective, this seems really wrong From a design perspective, this seems really wrong to trigger such requests. We're already looking for ways at properly accounting for how Chrome eats up user data. I didn't realize the design rested on kicking off background requests. Is there any design suitable for your goal that doesn't involve doing this? [I'm ignoring the fact that URLFetcher will fail to properly handle client auth, proxy auth, HTTP auth, and a variety of ways in which it doesn't align with an actual navigation request, other than mentioning it here] Bhanu Dev 2015/08/07 22:28:48 Acknowledged. Show quoted text On 2015/08/07 00:14:11, Ryan Sleevi wrote: > From a design perspective, this seems really wrong to trigger such requests. > > We're already looking for ways at properly accounting for how Chrome eats up > user data. I didn't realize the design rested on kicking off background > requests. Is there any design suitable for your goal that doesn't involve doing > this? > > [I'm ignoring the fact that URLFetcher will fail to properly handle client auth, > proxy auth, HTTP auth, and a variety of ways in which it doesn't align with an > actual navigation request, other than mentioning it here] Acknowledged.
	23 public base::NonThreadSafe {

	24 public:

	25 enum SuggestedUrlCheckResult {

	26 // The request succeeds with good response code i.e. URL exists and its

	27 // certificate is valid.

	28 SUGGESTED_URL_AVAILABLE,

	29 // Suggested URL is either not available or has a bad certificate.

	30 SUGGESTED_URL_NOT_AVAILABLE

	31 };

	32

	33 enum TestingState {

	34 NOT_TESTING,

	35 // Disables the actual request to the \|suggested_url\|.

	36 IGNORE_REQUESTS_FOR_TESTING

	37 };

	38

	39 struct Results {

	40 Results() : result(SUGGESTED_URL_NOT_AVAILABLE) {}

	41

	42 SuggestedUrlCheckResult result;

	43 GURL suggested_url;

	44 };

	45

	46 typedef base::Callback<void(const Results& results)> CheckUrlCallback;

	47

	48 CommonNameMismatchHandler(

	49 const GURL request_url,

	50 const scoped_refptr<net::URLRequestContextGetter>& request_context);

	51 ~CommonNameMismatchHandler() override;

	52

	53 // Triggers a check to validate suggested URL. After completion, runs the

	54 // \|callback\|.

	55 void CheckSuggestedUrl(const GURL& url, const CheckUrlCallback& callback);

	56

	57 // Returns true if any other DNS names in the certificate's subject

	58 // alternative names list closely match the original request hostname.

	59 // If such a domain name exists, writes a suggestion for a new URL

	60 // to try into \|suggested_url\|.

	61 static bool GetSuggestedUrl(const GURL& request_url,

	62 const std::vector<std::string>& dns_names,

	63 GURL* suggested_url);

	64

	65 // Used in tests, to disable the request to \|suggested_url\|.

	66 static void set_state_for_testing(TestingState testing_state) {

	67 testing_state_ = testing_state;

	68 }

	69 static TestingState get_state_for_testing() { return testing_state_; }

	70

	71 private:

	72 // net::URLFetcherDelegate:

	73 void OnURLFetchComplete(const net::URLFetcher* source) override;

	74

	75 // Takes a \|net::URLFetcher\| that has finished trying to retrieve the

	76 // suggested URL, and fills a \|Results\| struct based on its result.

	77 void GetSuggestedUrlCheckResult(const net::URLFetcher* url_fetcher,

	78 Results* results) const;

	79

	80 // Returns true if the check is currently running.

	81 bool CheckingSuggestedUrl() const;

	82

	83 static TestingState testing_state_;

	84

	85 const GURL request_url_;

	86

	87 scoped_refptr<net::URLRequestContextGetter> request_context_;

	88

	89 CheckUrlCallback check_url_callback_;

	90

	91 scoped_ptr<net::URLFetcher> url_fetcher_;

	92

	93 DISALLOW_COPY_AND_ASSIGN(CommonNameMismatchHandler);

	94 };

	95

	96 #endif // CHROME_BROWSER_SSL_COMMON_NAME_MISMATCH_HANDLER_H_

OLD	NEW