Add SSL error assistant component to dynamically update captive portal list

chrome/browser/ssl/ssl_error_handler.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_error_handler.h"
 
 #include <stdint.h>
 #include <unordered_set>
 #include <utility>
 
@@ skipping 121 matching lines @@
   UMA_HISTOGRAM_ENUMERATION(kHistogram, event,
                             SSLErrorHandler::SSL_ERROR_HANDLER_EVENT_COUNT);
 }
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
 bool IsCaptivePortalInterstitialEnabled() {
   return base::FeatureList::IsEnabled(kCaptivePortalInterstitial);
 }
 
 // Reads the SSL error assistant configuration from the resource bundle.
-bool ReadErrorAssistantProtoFromResourceBundle(
-    chrome_browser_ssl::SSLErrorAssistantConfig* proto) {
+std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
+ReadErrorAssistantProtoFromResourceBundle() {
+  auto proto = base::MakeUnique<chrome_browser_ssl::SSLErrorAssistantConfig>();
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   DCHECK(proto);
   ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance();
   base::StringPiece data =
       bundle.GetRawDataResource(IDR_SSL_ERROR_ASSISTANT_PB);
   google::protobuf::io::ArrayInputStream stream(data.data(), data.size());
-  return proto->ParseFromZeroCopyStream(&stream);
+  return proto->ParseFromZeroCopyStream(&stream) ? std::move(proto) : nullptr;
 }
 
 std::unique_ptr<std::unordered_set<std::string>> LoadCaptivePortalCertHashes(
     const chrome_browser_ssl::SSLErrorAssistantConfig& proto) {
   auto hashes = base::MakeUnique<std::unordered_set<std::string>>();
   for (const chrome_browser_ssl::CaptivePortalCert& cert :
        proto.captive_portal_cert()) {
     hashes.get()->insert(cert.sha256_hash());
   }
   return hashes;
@@ skipping 24 matching lines @@
   // Testing methods:
   void ResetForTesting();
   void SetInterstitialDelayForTesting(const base::TimeDelta& delay);
   void SetTimerStartedCallbackForTesting(
       SSLErrorHandler::TimerStartedCallback* callback);
   void SetClockForTesting(base::Clock* clock);
   void SetNetworkTimeTrackerForTesting(
       network_time::NetworkTimeTracker* tracker);
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
-  void SetErrorAssistantProtoForTesting(
-      const chrome_browser_ssl::SSLErrorAssistantConfig& error_assistant_proto);
+  void SetErrorAssistantProto(
+      std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
+          error_assistant_proto);
 #endif
 
  private:
   base::TimeDelta interstitial_delay_;
 
   // Callback to call when the interstitial timer is started. Used for
   // testing.
   SSLErrorHandler::TimerStartedCallback* timer_started_callback_ = nullptr;
 
   // The clock to use when deciding which error type to display. Used for
   // testing.
   base::Clock* testing_clock_ = nullptr;
 
   network_time::NetworkTimeTracker* network_time_tracker_ = nullptr;
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  // Error assistant configuration.
+  std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
+      error_assistant_proto_;
+
   // SPKI hashes belonging to certs treated as captive portals. Null until the
-  // first time IsKnownCaptivePortalCert() or SetErrorAssistantProtoForTesting()
+  // first time IsKnownCaptivePortalCert() or SetErrorAssistantProto()
   // is called.
   std::unique_ptr<std::unordered_set<std::string>> captive_portal_spki_hashes_;
 #endif
 };
 
 ConfigSingleton::ConfigSingleton()
     : interstitial_delay_(
           base::TimeDelta::FromMilliseconds(kInterstitialDelayInMilliseconds)) {
 }
 
@@ skipping 16 matching lines @@
   return testing_clock_;
 }
 
 void ConfigSingleton::ResetForTesting() {
   interstitial_delay_ =
       base::TimeDelta::FromMilliseconds(kInterstitialDelayInMilliseconds);
   timer_started_callback_ = nullptr;
   network_time_tracker_ = nullptr;
   testing_clock_ = nullptr;
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  error_assistant_proto_.reset();
   captive_portal_spki_hashes_.reset();
 #endif
 }
 
 void ConfigSingleton::SetInterstitialDelayForTesting(
     const base::TimeDelta& delay) {
   interstitial_delay_ = delay;
 }
 
 void ConfigSingleton::SetTimerStartedCallbackForTesting(
     SSLErrorHandler::TimerStartedCallback* callback) {
   DCHECK(!callback || !callback->is_null());
   timer_started_callback_ = callback;
 }
 
 void ConfigSingleton::SetClockForTesting(base::Clock* clock) {
   testing_clock_ = clock;
 }
 
 void ConfigSingleton::SetNetworkTimeTrackerForTesting(
     network_time::NetworkTimeTracker* tracker) {
   network_time_tracker_ = tracker;
 }
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
-void ConfigSingleton::SetErrorAssistantProtoForTesting(
-    const chrome_browser_ssl::SSLErrorAssistantConfig& error_assistant_proto) {
+void ConfigSingleton::SetErrorAssistantProto(
+    std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> proto) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-  DCHECK(!captive_portal_spki_hashes_);
+  CHECK(proto);

[estark, 2017/02/08 20:31:17]

Why is this a CHECK instead of a DCHECK? (probably worth a comment)

[meacer, 2017/02/08 22:34:32]

If it's null, it's going to crash a couple of lines below anyways, so better to
do it early.

+  // Ignore versions that are not new.
+  if (error_assistant_proto_ &&
+      proto->version_id() <= error_assistant_proto_->version_id()) {
+    return;
+  }
+  error_assistant_proto_ = std::move(proto);
   captive_portal_spki_hashes_ =
-      LoadCaptivePortalCertHashes(error_assistant_proto);
+      LoadCaptivePortalCertHashes(*error_assistant_proto_);
 }
 
 bool ConfigSingleton::IsKnownCaptivePortalCert(const net::SSLInfo& ssl_info) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   if (!captive_portal_spki_hashes_) {
-    chrome_browser_ssl::SSLErrorAssistantConfig proto;
-    CHECK(ReadErrorAssistantProtoFromResourceBundle(&proto));
-    captive_portal_spki_hashes_ = LoadCaptivePortalCertHashes(proto);
+    error_assistant_proto_ = ReadErrorAssistantProtoFromResourceBundle();
+    CHECK(error_assistant_proto_);
+    captive_portal_spki_hashes_ =
+        LoadCaptivePortalCertHashes(*error_assistant_proto_);
   }
 
   for (const net::HashValue& hash_value : ssl_info.public_key_hashes) {
     if (hash_value.tag != net::HASH_VALUE_SHA256) {
       continue;
     }
     if (captive_portal_spki_hashes_->find(hash_value.ToString()) !=
         captive_portal_spki_hashes_->end()) {
       return true;
     }
@@ skipping 189 matching lines @@
 
 // static
 std::string SSLErrorHandler::GetHistogramNameForTesting() {
   return kHistogram;
 }
 
 bool SSLErrorHandler::IsTimerRunningForTesting() const {
   return timer_.IsRunning();
 }
 
-void SSLErrorHandler::SetErrorAssistantProtoForTesting(
-    const chrome_browser_ssl::SSLErrorAssistantConfig& config_proto) {
+void SSLErrorHandler::SetErrorAssistantProto(
+    std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> config_proto) {
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
-  g_config.Pointer()->SetErrorAssistantProtoForTesting(config_proto);
+  g_config.Pointer()->SetErrorAssistantProto(std::move(config_proto));
 #endif
 }
 
 SSLErrorHandler::SSLErrorHandler(
     std::unique_ptr<Delegate> delegate,
     content::WebContents* web_contents,
     Profile* profile,
     int cert_error,
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
@@ skipping 233 matching lines @@
   network_time::NetworkTimeTracker* tracker =
       g_config.Pointer()->network_time_tracker();
   ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker);
   if (clock_state == ssl_errors::CLOCK_STATE_FUTURE ||
       clock_state == ssl_errors::CLOCK_STATE_PAST) {
     ShowBadClockInterstitial(now, clock_state);
     return;  // |this| is deleted after showing the interstitial.
   }
   ShowSSLInterstitial();
 }