Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1424)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/common_name_mismatch_handler.cc

Issue 1223233002: Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Resolving Comments Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/ssl/common_name_mismatch_handler.h ('k') | chrome/browser/ssl/ssl_blocking_page.h » ('j') | chrome/browser/ssl/ssl_blocking_page.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/common_name_mismatch_handler.cc
diff --git a/chrome/browser/ssl/common_name_mismatch_handler.cc b/chrome/browser/ssl/common_name_mismatch_handler.cc
new file mode 100644
index 0000000000000000000000000000000000000000..e9ee4cd1c99ecfddb781f96fb76aae8a49c08c1b
--- /dev/null
+++ b/chrome/browser/ssl/common_name_mismatch_handler.cc
@@ -0,0 +1,100 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/common_name_mismatch_handler.h"
+
+#include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
+#include "chrome/browser/ssl/ssl_error_classification.h"
+#include "net/base/load_flags.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_util.h"
+#include "net/url_request/url_request_status.h"
+
+CommonNameMismatchHandler::CommonNameMismatchHandler(
+ const GURL request_url,
+ const scoped_refptr<net::URLRequestContextGetter>& request_context)
+ : request_url_(request_url), request_context_(request_context) {
+}
+
+CommonNameMismatchHandler::~CommonNameMismatchHandler() {
+}
+
+void CommonNameMismatchHandler::CheckSuggestedUrl(
+ const GURL& url,
+ const CheckUrlCallback& callback) {
+ DCHECK(CalledOnValidThread());
+ DCHECK(!CheckingSuggestedUrl());
+ DCHECK(check_url_callback_.is_null());
+
+ check_url_callback_ = callback;
+
+ // The first 0 means this can use a TestURLFetcherFactory in unit tests.
+ url_fetcher_ = net::URLFetcher::Create(0, url, net::URLFetcher::HEAD, this);
+ url_fetcher_->SetAutomaticallyRetryOn5xx(false);
+ url_fetcher_->SetRequestContext(request_context_.get());
+
+ // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here,
+ // since then the connection may be reused without checking the cert.
+ url_fetcher_->SetLoadFlags(
+ net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES |
+ net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA);
+ url_fetcher_->Start();
+}
+
+void CommonNameMismatchHandler::OnURLFetchComplete(
+ const net::URLFetcher* source) {
+ DCHECK(CalledOnValidThread());
+ DCHECK(CheckingSuggestedUrl());
+ DCHECK_EQ(url_fetcher_.get(), source);
+ DCHECK(!check_url_callback_.is_null());
+
+ Results results;
+ GetSuggestedUrlCheckResult(url_fetcher_.get(), &results);
+ CheckUrlCallback callback = check_url_callback_;
+ url_fetcher_.reset();
+ check_url_callback_.Reset();
+ callback.Run(results);
+}
+
+// Takes a net::URLFetcher that has finished trying to retrieve the test
+// URL, and returns a CaptivePortalService::Result based on its result.
+void CommonNameMismatchHandler::GetSuggestedUrlCheckResult(
+ const net::URLFetcher* url_fetcher,
+ Results* results) const {
+ DCHECK(results);
+ DCHECK(!url_fetcher->GetStatus().is_io_pending());
+
+ results->result = RESULT_SUGGESTED_URL_INVALID;
+
+ const GURL landing_url = url_fetcher->GetURL();
palmer 2015/07/17 00:15:59 This could be a reference, to avoid an unnecessary
Bhanu Dev 2015/07/23 20:11:06 Done.
+
+ // Make sure that the |landing_url| is a valid https page.
+ if (url_fetcher->GetResponseCode() == 200 &&
+ landing_url.SchemeIsCryptographic() &&
+ landing_url.host() != request_url_.host()) {
+ results->result = RESULT_SUGGESTED_URL_VALID;
+ results->new_url = url_fetcher->GetURL();
+ }
+}
+
+bool CommonNameMismatchHandler::GetSuggestedUrl(
+ const GURL& request_url,
+ const std::vector<std::string>& dns_names,
+ GURL* suggested_url) {
+ std::string host_name = request_url.host();
+ std::string www_mismatch_host_name;
+ if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names,
+ &www_mismatch_host_name)) {
+ return false;
+ } else {
+ // The full URL should be pinged, not just the new host name. So, get the
+ // |suggested_url| with the |request_url|'s host name replaced with
+ // new hostname. Keep resource path, query params the same.
+ GURL::Replacements replacements;
+ replacements.SetHostStr(www_mismatch_host_name);
+ *suggested_url = request_url.ReplaceComponents(replacements);
+ return true;
+ }
+}
« no previous file with comments | « chrome/browser/ssl/common_name_mismatch_handler.h ('k') | chrome/browser/ssl/ssl_blocking_page.h » ('j') | chrome/browser/ssl/ssl_blocking_page.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698