Disable Name Mismatch redirection for non-overridable SSL errors

chrome/browser/ssl/ssl_error_handler.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_error_handler.h"
 
 #include "base/callback_helpers.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ssl/ssl_cert_reporter.h"
 #include "chrome/browser/ssl/ssl_error_classification.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
+#include "net/base/net_errors.h"
 
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 #include "chrome/browser/captive_portal/captive_portal_service.h"
 #include "chrome/browser/captive_portal/captive_portal_service_factory.h"
 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
 #include "chrome/browser/ssl/captive_portal_blocking_page.h"
 #endif
 
 namespace {
 
@@ skipping 119 matching lines @@
 }
 
 void SSLErrorHandler::StartHandlingError() {
   RecordUMA(HANDLE_ALL);
 
   std::vector<std::string> dns_names;
   ssl_info_.cert->GetDNSNames(&dns_names);
   DCHECK(!dns_names.empty());
   GURL suggested_url;
   if (IsSSLCommonNameMismatchHandlingEnabled() &&
-      ssl_info_.cert_status == net::CERT_STATUS_COMMON_NAME_INVALID &&
-      GetSuggestedUrl(dns_names, &suggested_url)) {
+      cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
+      IsErrorOverridable() && GetSuggestedUrl(dns_names, &suggested_url)) {
     RecordUMA(WWW_MISMATCH_FOUND);
     net::CertStatus extra_cert_errors =
         ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID;
 
     // Show the SSL intersitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
     // the only error. Need not check for captive portal in this case.
     // (See the comment below).
     if (net::IsCertStatusError(extra_cert_errors) &&
         !net::IsCertStatusMinorError(ssl_info_.cert_status)) {
       ShowSSLInterstitial();
@@ skipping 57 matching lines @@
       base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
                  base::Unretained(this)));
 }
 
 void SSLErrorHandler::NavigateToSuggestedURL(const GURL& suggested_url) {
   content::NavigationController::LoadURLParams load_params(suggested_url);
   load_params.transition_type = ui::PAGE_TRANSITION_TYPED;
   web_contents()->GetController().LoadURLWithParams(load_params);
 }
 
+bool SSLErrorHandler::IsErrorOverridable() const {
+  return SSLBlockingPage::IsOverridable(options_mask_, profile_);
+}
+
 void SSLErrorHandler::CheckForCaptivePortal() {
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
   CaptivePortalService* captive_portal_service =
       CaptivePortalServiceFactory::GetForProfile(profile_);
   captive_portal_service->DetectCaptivePortal();
 #else
   NOTREACHED();
 #endif
 }
 
 void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
   // Show captive portal blocking page. The interstitial owns the blocking page.
-  RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile_)
+  RecordUMA(IsErrorOverridable()
                 ? SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE
                 : SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE);
   (new CaptivePortalBlockingPage(web_contents_, request_url_, landing_url,
                                  ssl_cert_reporter_.Pass(), ssl_info_,
                                  callback_))->Show();
   // Once an interstitial is displayed, no need to keep the handler around.
   // This is the equivalent of "delete this".
   web_contents_->RemoveUserData(UserDataKey());
 #else
   NOTREACHED();
 #endif
 }
 
 void SSLErrorHandler::ShowSSLInterstitial() {
   // Show SSL blocking page. The interstitial owns the blocking page.
-  RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile_)
-                ? SHOW_SSL_INTERSTITIAL_OVERRIDABLE
-                : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
+  RecordUMA(IsErrorOverridable() ? SHOW_SSL_INTERSTITIAL_OVERRIDABLE
+                                 : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
 
   (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
                        options_mask_, base::Time::NowFromSystemTime(),
                        ssl_cert_reporter_.Pass(), callback_))
       ->Show();
   // Once an interstitial is displayed, no need to keep the handler around.
   // This is the equivalent of "delete this".
   web_contents_->RemoveUserData(UserDataKey());
 }
 
@@ skipping 106 matching lines @@
                     SUGGESTED_URL_AVAILABLE) {
     RecordUMA(WWW_MISMATCH_URL_AVAILABLE);
     CommonNameMismatchRedirectObserver::AddToConsoleAfterNavigation(
         web_contents(), request_url_.host(), suggested_url.host());
     NavigateToSuggestedURL(suggested_url);
   } else {
     RecordUMA(WWW_MISMATCH_URL_NOT_AVAILABLE);
     ShowSSLInterstitial();
   }
 }