Chromium Code Reviews Chromium Code Reviews
Issue 2581903002:
Add SSL error assistant component to dynamically update captive portal list (Closed)
| Index: chrome/browser/ssl/ssl_error_handler.cc |
| diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc |
| index 5cbf4bec5bed7ce089f333d7b4ed0b15800d0614..0b852f403488cb5eec80bd6b263fc55242c701b2 100644 |
| --- a/chrome/browser/ssl/ssl_error_handler.cc |
| +++ b/chrome/browser/ssl/ssl_error_handler.cc |
| @@ -139,15 +139,16 @@ bool IsCaptivePortalInterstitialEnabled() { |
| } |
| // Reads the SSL error assistant configuration from the resource bundle. |
| -bool ReadErrorAssistantProtoFromResourceBundle( |
| - chrome_browser_ssl::SSLErrorAssistantConfig* proto) { |
| +std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> |
| +ReadErrorAssistantProtoFromResourceBundle() { |
| + auto proto = base::MakeUnique<chrome_browser_ssl::SSLErrorAssistantConfig>(); |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| DCHECK(proto); |
| ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance(); |
| base::StringPiece data = |
| bundle.GetRawDataResource(IDR_SSL_ERROR_ASSISTANT_PB); |
| google::protobuf::io::ArrayInputStream stream(data.data(), data.size()); |
| - return proto->ParseFromZeroCopyStream(&stream); |
| + return proto->ParseFromZeroCopyStream(&stream) ? std::move(proto) : nullptr; |
| } |
| std::unique_ptr<std::unordered_set<std::string>> LoadCaptivePortalCertHashes( |
| @@ -192,8 +193,9 @@ class ConfigSingleton : public base::NonThreadSafe { |
| network_time::NetworkTimeTracker* tracker); |
| #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| - void SetErrorAssistantProtoForTesting( |
| - const chrome_browser_ssl::SSLErrorAssistantConfig& error_assistant_proto); |
| + void SetErrorAssistantProto( |
| + std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> |
| + error_assistant_proto); |
| #endif |
| private: |
| @@ -210,8 +212,12 @@ class ConfigSingleton : public base::NonThreadSafe { |
| network_time::NetworkTimeTracker* network_time_tracker_ = nullptr; |
| #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| + // Error assistant configuration. |
| + std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> |
| + error_assistant_proto_; |
| + |
| // SPKI hashes belonging to certs treated as captive portals. Null until the |
| - // first time IsKnownCaptivePortalCert() or SetErrorAssistantProtoForTesting() |
| + // first time IsKnownCaptivePortalCert() or SetErrorAssistantProto() |
| // is called. |
| std::unique_ptr<std::unordered_set<std::string>> captive_portal_spki_hashes_; |
| #endif |
| @@ -248,6 +254,7 @@ void ConfigSingleton::ResetForTesting() { |
| network_time_tracker_ = nullptr; |
| testing_clock_ = nullptr; |
| #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| + error_assistant_proto_.reset(); |
| captive_portal_spki_hashes_.reset(); |
| #endif |
| } |
| @@ -273,20 +280,27 @@ void ConfigSingleton::SetNetworkTimeTrackerForTesting( |
| } |
| #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| -void ConfigSingleton::SetErrorAssistantProtoForTesting( |
| - const chrome_browser_ssl::SSLErrorAssistantConfig& error_assistant_proto) { |
| +void ConfigSingleton::SetErrorAssistantProto( |
| + std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> proto) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| - DCHECK(!captive_portal_spki_hashes_); |
| + CHECK(proto); |
|
estark
2017/02/08 20:31:17
Why is this a CHECK instead of a DCHECK? (probably
meacer
2017/02/08 22:34:32
If it's null, it's going to crash a couple of line
|
| + // Ignore versions that are not new. |
| + if (error_assistant_proto_ && |
| + proto->version_id() <= error_assistant_proto_->version_id()) { |
| + return; |
| + } |
| + error_assistant_proto_ = std::move(proto); |
| captive_portal_spki_hashes_ = |
| - LoadCaptivePortalCertHashes(error_assistant_proto); |
| + LoadCaptivePortalCertHashes(*error_assistant_proto_); |
| } |
| bool ConfigSingleton::IsKnownCaptivePortalCert(const net::SSLInfo& ssl_info) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| if (!captive_portal_spki_hashes_) { |
| - chrome_browser_ssl::SSLErrorAssistantConfig proto; |
| - CHECK(ReadErrorAssistantProtoFromResourceBundle(&proto)); |
| - captive_portal_spki_hashes_ = LoadCaptivePortalCertHashes(proto); |
| + error_assistant_proto_ = ReadErrorAssistantProtoFromResourceBundle(); |
| + CHECK(error_assistant_proto_); |
| + captive_portal_spki_hashes_ = |
| + LoadCaptivePortalCertHashes(*error_assistant_proto_); |
| } |
| for (const net::HashValue& hash_value : ssl_info.public_key_hashes) { |
| @@ -496,10 +510,10 @@ bool SSLErrorHandler::IsTimerRunningForTesting() const { |
| return timer_.IsRunning(); |
| } |
| -void SSLErrorHandler::SetErrorAssistantProtoForTesting( |
| - const chrome_browser_ssl::SSLErrorAssistantConfig& config_proto) { |
| +void SSLErrorHandler::SetErrorAssistantProto( |
| + std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> config_proto) { |
| #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| - g_config.Pointer()->SetErrorAssistantProtoForTesting(config_proto); |
| + g_config.Pointer()->SetErrorAssistantProto(std::move(config_proto)); |
| #endif |
| } |
