Common Name Mismatch Handler For WWW Subdomain Mismatch case

chrome/browser/ssl/common_name_mismatch_handler.cc

Index: chrome/browser/ssl/common_name_mismatch_handler.cc
diff --git a/chrome/browser/ssl/common_name_mismatch_handler.cc b/chrome/browser/ssl/common_name_mismatch_handler.cc
new file mode 100644
index 0000000000000000000000000000000000000000..3a3bfb736b51d8e1990246aeaefc1ebfee80d62f
--- /dev/null
+++ b/chrome/browser/ssl/common_name_mismatch_handler.cc
@@ -0,0 +1,98 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.

[meacer, 2015/07/09 17:58:55]

nit: New style uses "Copyright 2015" instead of "Copyright (c) 2015".

[Bhanu Dev, 2015/07/11 04:00:42]

Done.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/common_name_mismatch_handler.h"
+
+#include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
+#include "chrome/browser/ssl/ssl_error_classification.h"
+#include "net/base/load_flags.h"
+#include "net/http/http_response_headers.h"
+#include "net/http/http_util.h"
+#include "net/url_request/url_request_status.h"
+
+CommonNameMismatchHandler::CommonNameMismatchHandler(
+    const scoped_refptr<net::URLRequestContextGetter>& request_context)
+    : request_context_(request_context) {
+}
+
+CommonNameMismatchHandler::~CommonNameMismatchHandler() {
+}
+
+void CommonNameMismatchHandler::CheckSuggestedUrl(
+    const GURL& url,
+    const CheckUrlCallback& check_url_callback) {
+  DCHECK(CalledOnValidThread());
+  DCHECK(!CheckingSuggestedUrl());
+  DCHECK(check_url_callback_.is_null());
+
+  check_url_callback_ = check_url_callback;
+
+  // The first 0 means this can use a TestURLFetcherFactory in unit tests.
+  url_fetcher_ = net::URLFetcher::Create(0, url, net::URLFetcher::HEAD, this);
+  url_fetcher_->SetAutomaticallyRetryOn5xx(false);
+  url_fetcher_->SetRequestContext(request_context_.get());
+
+  // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here,
+  // since then the connection may be reused without checking the cert.
+  url_fetcher_->SetLoadFlags(
+      net::LOAD_BYPASS_CACHE | net::LOAD_DO_NOT_SAVE_COOKIES |
+      net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  url_fetcher_->Start();
+}
+
+void CommonNameMismatchHandler::CancelUrlCheck() {
+  url_fetcher_.reset();
+  check_url_callback_.Reset();
+}
+
+void CommonNameMismatchHandler::OnURLFetchComplete(
+    const net::URLFetcher* source) {
+  DCHECK(CalledOnValidThread());
+  DCHECK(CheckingSuggestedUrl());
+  DCHECK_EQ(url_fetcher_.get(), source);
+  DCHECK(!check_url_callback_.is_null());
+
+  Results results;
+  GetSuggestedUrlCheckResult(url_fetcher_.get(), &results);
+  CheckUrlCallback callback = check_url_callback_;
+  url_fetcher_.reset();
+  check_url_callback_.Reset();
+  callback.Run(results);
+}
+
+// Takes a net::URLFetcher that has finished trying to retrieve the test
+// URL, and returns a CaptivePortalService::Result based on its result.
+void CommonNameMismatchHandler::GetSuggestedUrlCheckResult(
+    const net::URLFetcher* url_fetcher,
+    Results* results) const {
+  DCHECK(results);
+  DCHECK(!url_fetcher->GetStatus().is_io_pending());
+
+  results->result = RESULT_SUGGESTED_URL_INVALID;
+  results->new_url = url_fetcher->GetURL();
+
+  if (url_fetcher->GetResponseCode() == 200) {

[palmer, 2015/07/09 19:13:01]

Eventually, we will want to accept response codes other than 200, right? How
about:

static const int kGoodResponseCodes[] = { 200, 301, 302 };
static const int* kGoodResonseCodesEnd = kGoodResponseCodes +
arraysize(kGoodResponseCodes);

auto found = std::find(kGoodResponseCodes, kGoodResonseCodesEnd,
url_fetcher->GetResponseCode());
results->result = found == kGoodResonseCodesEnd ? RESULT_SUGGESTED_URL_INVALID :
RESULT_SUGGESTED_URL_VALID;

Also, should we update results->new_url if RESULT_SUGGESTED_URL_INVALID?

[Bhanu Dev, 2015/07/11 04:00:42]

Thanks for the code. |url_fetcher| is automatically following the redirects. It
is not returning a 301 or 302 response code even when there is a redirect. So, I
think we can just checking for response code 200.

I tested it with https://google.com and it returned a 200 response code with the
value of |url_fetcher->GetURL()| being https://www.google.com

I will add a check to make sure it doesn't redirect to the current page.

+    results->result = RESULT_SUGGESTED_URL_VALID;
+    return;

[meacer, 2015/07/09 17:58:55]

no need for |return|

[Bhanu Dev, 2015/07/11 04:00:42]

Done.

+  }
+}
+
+bool CommonNameMismatchHandler::GetSuggestedUrl(
+    const GURL request_url,
+    const std::vector<std::string>& dns_names,
+    GURL& suggested_url) {
+  std::string host_name = request_url.host();
+  std::string www_mismatch_host_name;
+  if (SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names,
+                                                   &www_mismatch_host_name)) {

[meacer, 2015/07/09 17:58:55]

Early exit from here:

if (!...)
  return false;

[Bhanu Dev, 2015/07/11 04:00:42]

Done.

+    // Replaces the hostname in the request url with new host name.

[palmer, 2015/07/09 19:13:01]

This comment is superfluous.

[Bhanu Dev, 2015/07/11 04:00:42]

Done.

+    GURL::Replacements replacements;
+    replacements.SetHostStr(www_mismatch_host_name);
+    suggested_url = request_url.ReplaceComponents(replacements);
+    return true;
+  } else {
+    return false;
+  }
+}