Chromium Code Reviews Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/ssl/common_name_mismatch_handler.h" | |
| 6 | |
| 7 #include "base/logging.h" | |
| 8 #include "base/strings/string_number_conversions.h" | |
| 9 #include "chrome/browser/ssl/ssl_error_classification.h" | |
| 10 #include "net/base/load_flags.h" | |
| 11 #include "net/http/http_response_headers.h" | |
| 12 #include "net/http/http_util.h" | |
| 13 #include "net/url_request/url_request_status.h" | |
| 14 | |
| 15 CommonNameMismatchHandler::CommonNameMismatchHandler( | |
| 16 const GURL request_url, | |
| 17 const scoped_refptr<net::URLRequestContextGetter>& request_context) | |
| 18 : request_url_(request_url), request_context_(request_context) {} | |
| 19 | |
| 20 CommonNameMismatchHandler::~CommonNameMismatchHandler() {} | |
| 21 | |
| 22 // static | |
| 23 CommonNameMismatchHandler::TestingState | |
| 24 CommonNameMismatchHandler::testing_state_ = NOT_TESTING; | |
| 25 | |
| 26 void CommonNameMismatchHandler::CheckSuggestedUrl( | |
| 27 const GURL& url, | |
| 28 const CheckUrlCallback& callback) { | |
| 29 // Should be used only in tests. | |
| 30 if (testing_state_ == IGNORE_REQUESTS_FOR_TESTING) | |
| 31 return; | |
| 32 | |
| 33 DCHECK(CalledOnValidThread()); | |
| 34 DCHECK(!CheckingSuggestedUrl()); | |
| 35 DCHECK(check_url_callback_.is_null()); | |
| 36 | |
| 37 check_url_callback_ = callback; | |
| 38 | |
| 39 url_fetcher_ = net::URLFetcher::Create(0 /* testing ID */, url, | |
| 40 net::URLFetcher::HEAD, this); | |
| 41 url_fetcher_->SetAutomaticallyRetryOn5xx(false); | |
| 42 url_fetcher_->SetRequestContext(request_context_.get()); | |
| 43 | |
| 44 // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here, | |
| 45 // since then the connection may be reused without checking the cert. | |
| 46 url_fetcher_->SetLoadFlags( | |
| 47 net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES | | |
|
Ryan Sleevi
2015/08/14 00:40:16
The LOAD_BYPASS_CACHE is subtle and surprising - d
Bhanu Dev
2015/08/15 00:18:53
I used this because I like wanted to completely ma
| |
| 48 net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA); | |
| 49 url_fetcher_->Start(); | |
| 50 } | |
| 51 | |
| 52 void CommonNameMismatchHandler::OnURLFetchComplete( | |
| 53 const net::URLFetcher* source) { | |
| 54 DCHECK(CalledOnValidThread()); | |
| 55 DCHECK(CheckingSuggestedUrl()); | |
| 56 DCHECK_EQ(url_fetcher_.get(), source); | |
| 57 DCHECK(!check_url_callback_.is_null()); | |
| 58 | |
| 59 Results results; | |
| 60 GetSuggestedUrlCheckResult(url_fetcher_.get(), &results); | |
| 61 CheckUrlCallback callback = check_url_callback_; | |
| 62 url_fetcher_.reset(); | |
| 63 check_url_callback_.Reset(); | |
| 64 callback.Run(results); | |
|
Ryan Sleevi
2015/08/14 00:40:16
GetSuggestedUrlCheckResult(...)
url_fetcher_.reset
Bhanu Dev
2015/08/15 00:18:52
Done.
| |
| 65 } | |
| 66 | |
| 67 // Takes a net::URLFetcher that has finished trying to retrieve the test | |
| 68 // URL, and returns a CommonNameMismatchHandler::Result based on its result. | |
| 69 void CommonNameMismatchHandler::GetSuggestedUrlCheckResult( | |
| 70 const net::URLFetcher* url_fetcher, | |
| 71 Results* results) const { | |
| 72 DCHECK(results); | |
| 73 DCHECK(!url_fetcher->GetStatus().is_io_pending()); | |
| 74 | |
| 75 results->result = SUGGESTED_URL_NOT_AVAILABLE; | |
| 76 | |
| 77 // |suggested_url| and |landing_url| can be different in case of a redirect. | |
| 78 const GURL& suggested_url = url_fetcher->GetOriginalURL(); | |
| 79 const GURL& landing_url = url_fetcher->GetURL(); | |
| 80 | |
| 81 // Make sure the |landing_url| is a valid https page. | |
|
Ryan Sleevi
2015/08/14 00:40:16
s/HTTPS/
Ryan Sleevi
2015/08/14 00:40:16
Comment-wise, this seems to hide what 'valid' mean
Bhanu Dev
2015/08/15 00:18:52
Done.
I was meaning "valid" to be, without any er
Bhanu Dev
2015/08/15 00:18:53
Done.
| |
| 82 if (url_fetcher->GetResponseCode() == 200 && | |
| 83 landing_url.SchemeIsCryptographic() && | |
| 84 landing_url.host() != request_url_.host()) { | |
| 85 results->result = SUGGESTED_URL_AVAILABLE; | |
| 86 // Display |suggested_url| to user even if it redirects to |landing_url|. | |
| 87 results->suggested_url = suggested_url; | |
| 88 } | |
| 89 } | |
| 90 | |
| 91 bool CommonNameMismatchHandler::GetSuggestedUrl( | |
|
Ryan Sleevi
2015/08/14 00:40:16
The order of definitions should match the order of
Bhanu Dev
2015/08/15 00:18:53
Done.
| |
| 92 const GURL& request_url, | |
| 93 const std::vector<std::string>& dns_names, | |
| 94 GURL* suggested_url) { | |
| 95 std::string host_name = request_url.host(); | |
| 96 std::string www_mismatch_hostname; | |
| 97 if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names, | |
| 98 &www_mismatch_hostname)) { | |
| 99 return false; | |
| 100 } else { | |
|
Ryan Sleevi
2015/08/14 00:40:16
Don't use else after return - https://www.chromium
Bhanu Dev
2015/08/15 00:18:53
Done. Thanks.
| |
| 101 // The full URL should be pinged, not just the new hostname. So, get the | |
| 102 // |suggested_url| with the |request_url|'s hostname replaced with | |
| 103 // new hostname. Keep resource path, query params the same. | |
| 104 GURL::Replacements replacements; | |
| 105 replacements.SetHostStr(www_mismatch_hostname); | |
| 106 *suggested_url = request_url.ReplaceComponents(replacements); | |
| 107 return true; | |
| 108 } | |
| 109 } | |
| 110 | |
| 111 bool CommonNameMismatchHandler::CheckingSuggestedUrl() const { | |
| 112 return url_fetcher_.get() != NULL; | |
|
Ryan Sleevi
2015/08/14 00:40:16
nullptr is recommended for new code ( https://chro
Bhanu Dev
2015/08/15 00:18:53
Done.
| |
| 113 } | |
| OLD | NEW |
