Common Name Mismatch Handler For WWW Subdomain Mismatch case

chrome/browser/ssl/ssl_error_handler.cc

Index: chrome/browser/ssl/ssl_error_handler.cc
diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index adeac656ee511246ced3116bbb536808a32fe1b1..2dbf6129359ad278c17f3d6cf96acb9b15a5322b 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -11,6 +11,7 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ssl/ssl_cert_reporter.h"
+#include "chrome/browser/ssl/ssl_error_classification.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/web_contents.h"
@@ -48,10 +49,10 @@ void RecordUMA(SSLErrorHandlerEvent event) {
                             SSL_ERROR_HANDLER_EVENT_COUNT);
 }
 
-#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 // The delay before displaying the SSL interstitial for cert errors.
-// - If a "captive portal detected" result arrives in this many seconds,
-//   a captive portal interstitial is displayed.
+// - If a "captive portal detected" or "suggested url valid" result
+//   arrives in this many seconds, then a captive portal interstitial
+//   or a common name mismatch interstitial is displayed.
 // - Otherwise, an SSL interstitial is displayed.
 const int kDefaultInterstitialDisplayDelayInSeconds = 2;
 
@@ -74,6 +75,7 @@ base::TimeDelta GetInterstitialDisplayDelay(
   return base::TimeDelta();
 }
 
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 bool IsCaptivePortalInterstitialEnabled() {
   return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
          "Enabled";
@@ -153,6 +155,20 @@ SSLErrorHandler::~SSLErrorHandler() {
 void SSLErrorHandler::StartHandlingError() {
   RecordUMA(HANDLE_ALL);
 
+  std::vector<std::string> dns_names;
+  ssl_info_.cert->GetDNSNames(&dns_names);
+  DCHECK(!dns_names.empty());
+  GURL suggested_url;
+  if (GetSuggestedUrl(request_url_, dns_names, &suggested_url)) {
+    CheckSuggestedUrl(suggested_url);
+    timer_.Start(FROM_HERE,
+                 GetInterstitialDisplayDelay(g_interstitial_delay_type), this,
+                 &SSLErrorHandler::OnTimerExpired);
+    if (g_timer_started_callback)
+      g_timer_started_callback->Run(web_contents_);

[meacer, 2015/07/15 20:11:46]

nit: Add a comment here explanining why we don't need to do captive portal check
if there is a common name mismatch.

[Bhanu Dev, 2015/07/16 23:38:06]

Done.

+    return;
+  }
+
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
   if (IsCaptivePortalInterstitialEnabled()) {
     CheckForCaptivePortal();
@@ -165,11 +181,31 @@ void SSLErrorHandler::StartHandlingError() {
   }
 #endif
   // Display an SSL interstitial.
-  ShowSSLInterstitial();
+  ShowSSLInterstitial(GURL());
 }
 
 void SSLErrorHandler::OnTimerExpired() {
-  ShowSSLInterstitial();
+  ShowSSLInterstitial(GURL());
+}
+
+bool SSLErrorHandler::GetSuggestedUrl(const GURL& request_url,
+                                      const std::vector<std::string>& dns_names,
+                                      GURL* suggested_url) {
+  return CommonNameMismatchHandler::GetSuggestedUrl(request_url_, dns_names,
+                                                    suggested_url);
+}
+
+void SSLErrorHandler::CheckSuggestedUrl(const GURL& suggested_url) {
+  Profile* profile =
+      Profile::FromBrowserContext(web_contents_->GetBrowserContext());
+  scoped_refptr<net::URLRequestContextGetter> request_context(
+      profile->GetRequestContext());
+  common_name_mismatch_handler_.reset(
+      new CommonNameMismatchHandler(request_url_, request_context));
+  common_name_mismatch_handler_->CheckSuggestedUrl(
+      suggested_url,
+      base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
+                 base::Unretained(this)));
 }
 
 void SSLErrorHandler::CheckForCaptivePortal() {
@@ -203,7 +239,7 @@ void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
 #endif
 }
 
-void SSLErrorHandler::ShowSSLInterstitial() {
+void SSLErrorHandler::ShowSSLInterstitial(const GURL& suggested_url) {
   // Show SSL blocking page. The interstitial owns the blocking page.
   const Profile* const profile =
       Profile::FromBrowserContext(web_contents_->GetBrowserContext());
@@ -212,7 +248,8 @@ void SSLErrorHandler::ShowSSLInterstitial() {
                 : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
   (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
                        options_mask_, base::Time::NowFromSystemTime(),
-                       ssl_cert_reporter_.Pass(), callback_))->Show();
+                       ssl_cert_reporter_.Pass(), callback_, suggested_url))
+      ->Show();
   // Once an interstitial is displayed, no need to keep the handler around.
   // This is the equivalent of "delete this".
   web_contents_->RemoveUserData(UserDataKey());
@@ -230,7 +267,7 @@ void SSLErrorHandler::Observe(
     if (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL)
       ShowCaptivePortalInterstitial(results->landing_url);
     else
-      ShowSSLInterstitial();
+      ShowSSLInterstitial(GURL());
   }
 #endif
 }
@@ -248,3 +285,14 @@ void SSLErrorHandler::DidStartNavigationToPendingEntry(
   }
   web_contents_->RemoveUserData(UserDataKey());
 }
+
+void SSLErrorHandler::CommonNameMismatchHandlerCallback(
+    const CommonNameMismatchHandler::Results& results) {
+  timer_.Stop();
+  if (results.result == CommonNameMismatchHandler::SuggestedUrlCheckResult::
+                            RESULT_SUGGESTED_URL_VALID) {
+    ShowSSLInterstitial(results.new_url);
+  } else {
+    ShowSSLInterstitial(GURL());
+  }
+}