| Index: chrome/browser/ssl/common_name_mismatch_handler.cc
|
| diff --git a/chrome/browser/ssl/common_name_mismatch_handler.cc b/chrome/browser/ssl/common_name_mismatch_handler.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..8c848bc1007f675f8d4a0438bcc27470bd702f9a
|
| --- /dev/null
|
| +++ b/chrome/browser/ssl/common_name_mismatch_handler.cc
|
| @@ -0,0 +1,113 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/browser/ssl/common_name_mismatch_handler.h"
|
| +
|
| +#include "base/logging.h"
|
| +#include "base/strings/string_number_conversions.h"
|
| +#include "chrome/browser/ssl/ssl_error_classification.h"
|
| +#include "net/base/load_flags.h"
|
| +#include "net/http/http_response_headers.h"
|
| +#include "net/http/http_util.h"
|
| +#include "net/url_request/url_request_status.h"
|
| +
|
| +CommonNameMismatchHandler::CommonNameMismatchHandler(
|
| + const GURL request_url,
|
| + const scoped_refptr<net::URLRequestContextGetter>& request_context)
|
| + : request_url_(request_url), request_context_(request_context) {}
|
| +
|
| +CommonNameMismatchHandler::~CommonNameMismatchHandler() {}
|
| +
|
| +// static
|
| +CommonNameMismatchHandler::TestingState
|
| + CommonNameMismatchHandler::testing_state_ = NOT_TESTING;
|
| +
|
| +void CommonNameMismatchHandler::CheckSuggestedUrl(
|
| + const GURL& url,
|
| + const CheckUrlCallback& callback) {
|
| + // Should be used only in tests.
|
| + if (testing_state_ == IGNORE_REQUESTS_FOR_TESTING)
|
| + return;
|
| +
|
| + DCHECK(CalledOnValidThread());
|
| + DCHECK(!CheckingSuggestedUrl());
|
| + DCHECK(check_url_callback_.is_null());
|
| +
|
| + check_url_callback_ = callback;
|
| +
|
| + url_fetcher_ = net::URLFetcher::Create(0 /* testing ID */, url,
|
| + net::URLFetcher::HEAD, this);
|
| + url_fetcher_->SetAutomaticallyRetryOn5xx(false);
|
| + url_fetcher_->SetRequestContext(request_context_.get());
|
| +
|
| + // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here,
|
| + // since then the connection may be reused without checking the cert.
|
| + url_fetcher_->SetLoadFlags(
|
| + net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES |
|
| + net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA);
|
| + url_fetcher_->Start();
|
| +}
|
| +
|
| +void CommonNameMismatchHandler::OnURLFetchComplete(
|
| + const net::URLFetcher* source) {
|
| + DCHECK(CalledOnValidThread());
|
| + DCHECK(CheckingSuggestedUrl());
|
| + DCHECK_EQ(url_fetcher_.get(), source);
|
| + DCHECK(!check_url_callback_.is_null());
|
| +
|
| + Results results;
|
| + GetSuggestedUrlCheckResult(url_fetcher_.get(), &results);
|
| + CheckUrlCallback callback = check_url_callback_;
|
| + url_fetcher_.reset();
|
| + check_url_callback_.Reset();
|
| + callback.Run(results);
|
| +}
|
| +
|
| +// Takes a net::URLFetcher that has finished trying to retrieve the test
|
| +// URL, and returns a CommonNameMismatchHandler::Result based on its result.
|
| +void CommonNameMismatchHandler::GetSuggestedUrlCheckResult(
|
| + const net::URLFetcher* url_fetcher,
|
| + Results* results) const {
|
| + DCHECK(results);
|
| + DCHECK(!url_fetcher->GetStatus().is_io_pending());
|
| +
|
| + results->result = SUGGESTED_URL_NOT_AVAILABLE;
|
| +
|
| + // |suggested_url| and |landing_url| can be different in case of a redirect.
|
| + const GURL& suggested_url = url_fetcher->GetOriginalURL();
|
| + const GURL& landing_url = url_fetcher->GetURL();
|
| +
|
| + // Make sure the |landing_url| is a valid https page.
|
| + if (url_fetcher->GetResponseCode() == 200 &&
|
| + landing_url.SchemeIsCryptographic() &&
|
| + landing_url.host() != request_url_.host()) {
|
| + results->result = SUGGESTED_URL_AVAILABLE;
|
| + // Display |suggested_url| to user even if it redirects to |landing_url|.
|
| + results->suggested_url = suggested_url;
|
| + }
|
| +}
|
| +
|
| +bool CommonNameMismatchHandler::GetSuggestedUrl(
|
| + const GURL& request_url,
|
| + const std::vector<std::string>& dns_names,
|
| + GURL* suggested_url) {
|
| + std::string host_name = request_url.host();
|
| + std::string www_mismatch_hostname;
|
| + if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names,
|
| + &www_mismatch_hostname)) {
|
| + return false;
|
| + } else {
|
| + // The full URL should be pinged, not just the new hostname. So, get the
|
| + // |suggested_url| with the |request_url|'s hostname replaced with
|
| + // new hostname. Keep resource path, query params the same.
|
| + GURL::Replacements replacements;
|
| + replacements.SetHostStr(www_mismatch_hostname);
|
| + *suggested_url = request_url.ReplaceComponents(replacements);
|
| + return true;
|
| + }
|
| +}
|
| +
|
| +bool CommonNameMismatchHandler::CheckingSuggestedUrl() const {
|
| + return url_fetcher_.get() != NULL;
|
| +}
|
|
|
Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master