Common Name Mismatch Handler For WWW Subdomain Mismatch case

chrome/browser/ssl/common_name_mismatch_handler.h

Index: chrome/browser/ssl/common_name_mismatch_handler.h
diff --git a/chrome/browser/ssl/common_name_mismatch_handler.h b/chrome/browser/ssl/common_name_mismatch_handler.h
new file mode 100644
index 0000000000000000000000000000000000000000..96bbe10330f60097c60abcbad7ff238ba1217d43
--- /dev/null
+++ b/chrome/browser/ssl/common_name_mismatch_handler.h
@@ -0,0 +1,96 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_COMMON_NAME_MISMATCH_HANDLER_H_
+#define CHROME_BROWSER_SSL_COMMON_NAME_MISMATCH_HANDLER_H_
+
+#include "base/basictypes.h"
+#include "base/callback.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/threading/non_thread_safe.h"
+#include "base/time/time.h"
+#include "net/url_request/url_fetcher.h"
+#include "net/url_request/url_fetcher_delegate.h"
+#include "net/url_request/url_request_context_getter.h"
+#include "url/gurl.h"
+
+// This class contains methods to get a suggested URL when certificate
+// validation fails due to |ERR_CERT_COMMON_NAME_INVALID| and has methods to
+// perform a network request to check the validity of new URL.
+class CommonNameMismatchHandler : public net::URLFetcherDelegate,

[Ryan Sleevi, 2015/08/07 00:14:11]

From a design perspective, this seems really wrong to trigger such requests.

We're already looking for ways at properly accounting for how Chrome eats up
user data. I didn't realize the design rested on kicking off background
requests. Is there any design suitable for your goal that doesn't involve doing
this?

[I'm ignoring the fact that URLFetcher will fail to properly handle client auth,
proxy auth, HTTP auth, and a variety of ways in which it doesn't align with an
actual navigation request, other than mentioning it here]

[Bhanu Dev, 2015/08/07 22:28:48]

Acknowledged.

+                                  public base::NonThreadSafe {
+ public:
+  enum SuggestedUrlCheckResult {
+    // The request succeeds with good response code i.e. URL exists and its
+    // certificate is valid.
+    SUGGESTED_URL_AVAILABLE,
+    // Suggested URL is either not available or has a bad certificate.
+    SUGGESTED_URL_NOT_AVAILABLE
+  };
+
+  enum TestingState {
+    NOT_TESTING,
+    // Disables the actual request to the |suggested_url|.
+    IGNORE_REQUESTS_FOR_TESTING
+  };
+
+  struct Results {
+    Results() : result(SUGGESTED_URL_NOT_AVAILABLE) {}
+
+    SuggestedUrlCheckResult result;
+    GURL suggested_url;
+  };
+
+  typedef base::Callback<void(const Results& results)> CheckUrlCallback;
+
+  CommonNameMismatchHandler(
+      const GURL request_url,
+      const scoped_refptr<net::URLRequestContextGetter>& request_context);
+  ~CommonNameMismatchHandler() override;
+
+  // Triggers a check to validate suggested URL. After completion, runs the
+  // |callback|.
+  void CheckSuggestedUrl(const GURL& url, const CheckUrlCallback& callback);
+
+  // Returns true if any other DNS names in the certificate's subject
+  // alternative names list closely match the original request hostname.
+  // If such a domain name exists, writes a suggestion for a new URL
+  // to try into |suggested_url|.
+  static bool GetSuggestedUrl(const GURL& request_url,
+                              const std::vector<std::string>& dns_names,
+                              GURL* suggested_url);
+
+  // Used in tests, to disable the request to |suggested_url|.
+  static void set_state_for_testing(TestingState testing_state) {
+    testing_state_ = testing_state;
+  }
+  static TestingState get_state_for_testing() { return testing_state_; }
+
+ private:
+  // net::URLFetcherDelegate:
+  void OnURLFetchComplete(const net::URLFetcher* source) override;
+
+  // Takes a |net::URLFetcher| that has finished trying to retrieve the
+  // suggested URL, and fills a |Results| struct based on its result.
+  void GetSuggestedUrlCheckResult(const net::URLFetcher* url_fetcher,
+                                  Results* results) const;
+
+  // Returns true if the check is currently running.
+  bool CheckingSuggestedUrl() const;
+
+  static TestingState testing_state_;
+
+  const GURL request_url_;
+
+  scoped_refptr<net::URLRequestContextGetter> request_context_;
+
+  CheckUrlCallback check_url_callback_;
+
+  scoped_ptr<net::URLFetcher> url_fetcher_;
+
+  DISALLOW_COPY_AND_ASSIGN(CommonNameMismatchHandler);
+};
+
+#endif  // CHROME_BROWSER_SSL_COMMON_NAME_MISMATCH_HANDLER_H_