chrome/browser/ssl/common_name_mismatch_handler.cc - Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case

Side by Side Diff: chrome/browser/ssl/common_name_mismatch_handler.cc

Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebasing Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/ssl/common_name_mismatch_handler.h"

	6

	7 #include "base/callback_helpers.h"

	8 #include "base/logging.h"

	9 #include "base/strings/string_number_conversions.h"

	10 #include "chrome/browser/ssl/ssl_error_classification.h"

	11 #include "net/base/load_flags.h"

	12 #include "net/http/http_response_headers.h"

	13 #include "net/http/http_util.h"

	14 #include "net/url_request/url_request_status.h"

	15

	16 CommonNameMismatchHandler::CommonNameMismatchHandler(

	17 const GURL& request_url,

	18 const scoped_refptr<net::URLRequestContextGetter>& request_context)

	19 : request_url_(request_url), request_context_(request_context) {}

	20

	21 CommonNameMismatchHandler::~CommonNameMismatchHandler() {}

	22

	23 // static

	24 CommonNameMismatchHandler::TestingState

	25 CommonNameMismatchHandler::testing_state_ = NOT_TESTING;

	26

	27 void CommonNameMismatchHandler::CheckSuggestedUrl(

	28 const GURL& url,

	29 const CheckUrlCallback& callback) {

	30 // Should be used only in tests.

	31 if (testing_state_ == IGNORE_REQUESTS_FOR_TESTING)

	32 return;

	33

	34 DCHECK(CalledOnValidThread());

	35 DCHECK(!IsCheckingSuggestedUrl());

	36 DCHECK(check_url_callback_.is_null());

	37

	38 check_url_callback_ = callback;

	39

	40 url_fetcher_ = net::URLFetcher::Create(url, net::URLFetcher::HEAD, this);

	41 url_fetcher_->SetAutomaticallyRetryOn5xx(false);

	42 url_fetcher_->SetRequestContext(request_context_.get());

	43

	44 // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here,

	45 // since then the connection may be reused without checking the cert.

	46 url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SAVE_COOKIES \|

	47 net::LOAD_DO_NOT_SEND_COOKIES \|

	48 net::LOAD_DO_NOT_SEND_AUTH_DATA);

	49 url_fetcher_->Start();

	50 }

	51

	52 // static

	53 bool CommonNameMismatchHandler::GetSuggestedUrl(

	54 const GURL& request_url,

	55 const std::vector<std::string>& dns_names,

	56 GURL* suggested_url) {

	57 std::string host_name = request_url.host();

	58 std::string www_mismatch_hostname;

	59 if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names,

	60 &www_mismatch_hostname)) {

	61 return false;

	62 }

	63 // The full URL should be pinged, not just the new hostname. So, get the

	64 // \|suggested_url\| with the \|request_url\|'s hostname replaced with

	65 // new hostname. Keep resource path, query params the same.

	66 GURL::Replacements replacements;

	67 replacements.SetHostStr(www_mismatch_hostname);

	68 *suggested_url = request_url.ReplaceComponents(replacements);

	69 return true;

	70 }

	71

	72 void CommonNameMismatchHandler::Cancel() {

	73 url_fetcher_.reset();

	74 check_url_callback_.Reset();

	75 }

	76

	77 void CommonNameMismatchHandler::OnURLFetchComplete(

	78 const net::URLFetcher* source) {

	79 DCHECK(CalledOnValidThread());

	80 DCHECK(IsCheckingSuggestedUrl());

	81 DCHECK_EQ(url_fetcher_.get(), source);

	82 DCHECK(!check_url_callback_.is_null());

	83 DCHECK(!url_fetcher_.get()->GetStatus().is_io_pending());

	84

	85 SuggestedUrlCheckResult result = SUGGESTED_URL_NOT_AVAILABLE;

	86 // \|suggested_url\| and \|landing_url\| can be different in case of a redirect.
	davidben 2015/08/18 20:19:05 Nit: Given this looks like a typo, probably worth Nit: Given this looks like a typo, probably worth explicitly saying "Save a copy of \|suggested_url\| so it can be used after \|url_fetcher_\| is destroyed." Bhanu Dev 2015/08/18 21:34:31 Done. Show quoted text On 2015/08/18 20:19:05, David Benjamin (slow) wrote: > Nit: Given this looks like a typo, probably worth explicitly saying "Save a copy > of \|suggested_url\| so it can be used after \|url_fetcher_\| is destroyed." Done.
	87 const GURL suggested_url = url_fetcher_->GetOriginalURL();

	88 const GURL& landing_url = url_fetcher_->GetURL();

	89

	90 // Make sure the \|landing_url\| is a HTTPS page and returns a proper response

	91 // code.

	92 if (url_fetcher_.get()->GetResponseCode() == 200 &&

	93 landing_url.SchemeIsCryptographic() &&

	94 landing_url.host() != request_url_.host()) {

	95 result = SUGGESTED_URL_AVAILABLE;

	96 }

	97 url_fetcher_.reset();

	98 base::ResetAndReturn(&check_url_callback_).Run(result, suggested_url);

	99 }

	100

	101 bool CommonNameMismatchHandler::IsCheckingSuggestedUrl() const {

	102 return url_fetcher_;

	103 }

OLD	NEW