OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
6 | 6 |
7 #include <stdint.h> | 7 #include <stdint.h> |
8 #include <unordered_set> | 8 #include <unordered_set> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
(...skipping 551 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
562 if (base::FeatureList::IsEnabled(kCaptivePortalCertificateList) && | 562 if (base::FeatureList::IsEnabled(kCaptivePortalCertificateList) && |
563 only_error_is_name_mismatch && | 563 only_error_is_name_mismatch && |
564 g_config.Pointer()->IsKnownCaptivePortalCert(ssl_info_)) { | 564 g_config.Pointer()->IsKnownCaptivePortalCert(ssl_info_)) { |
565 RecordUMA(CAPTIVE_PORTAL_CERT_FOUND); | 565 RecordUMA(CAPTIVE_PORTAL_CERT_FOUND); |
566 ShowCaptivePortalInterstitial( | 566 ShowCaptivePortalInterstitial( |
567 GURL(captive_portal::CaptivePortalDetector::kDefaultURL)); | 567 GURL(captive_portal::CaptivePortalDetector::kDefaultURL)); |
568 return; | 568 return; |
569 } | 569 } |
570 #endif | 570 #endif |
571 | 571 |
572 std::vector<std::string> dns_names; | |
573 ssl_info_.cert->GetDNSNames(&dns_names); | |
574 DCHECK(!dns_names.empty()); | |
575 GURL suggested_url; | |
576 if (IsSSLCommonNameMismatchHandlingEnabled() && | 572 if (IsSSLCommonNameMismatchHandlingEnabled() && |
577 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && | 573 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && |
578 delegate_->IsErrorOverridable() && | 574 delegate_->IsErrorOverridable()) { |
579 delegate_->GetSuggestedUrl(dns_names, &suggested_url)) { | 575 std::vector<std::string> dns_names; |
580 RecordUMA(WWW_MISMATCH_FOUND); | 576 ssl_info_.cert->GetSubjectAltName(&dns_names, nullptr); |
| 577 GURL suggested_url; |
| 578 if (!dns_names.empty() && |
| 579 delegate_->GetSuggestedUrl(dns_names, &suggested_url)) { |
| 580 RecordUMA(WWW_MISMATCH_FOUND_IN_SAN); |
581 | 581 |
582 // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not | 582 // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not |
583 // the only error. Need not check for captive portal in this case. | 583 // the only error. Need not check for captive portal in this case. |
584 // (See the comment below). | 584 // (See the comment below). |
585 if (!only_error_is_name_mismatch) { | 585 if (!only_error_is_name_mismatch) { |
586 ShowSSLInterstitial(); | 586 ShowSSLInterstitial(); |
| 587 return; |
| 588 } |
| 589 delegate_->CheckSuggestedUrl( |
| 590 suggested_url, |
| 591 base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback, |
| 592 weak_ptr_factory_.GetWeakPtr())); |
| 593 timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this, |
| 594 &SSLErrorHandler::ShowSSLInterstitial); |
| 595 |
| 596 if (g_config.Pointer()->timer_started_callback()) |
| 597 g_config.Pointer()->timer_started_callback()->Run(web_contents_); |
| 598 |
| 599 // Do not check for a captive portal in this case, because a captive |
| 600 // portal most likely cannot serve a valid certificate which passes the |
| 601 // similarity check. |
587 return; | 602 return; |
588 } | 603 } |
589 delegate_->CheckSuggestedUrl( | |
590 suggested_url, | |
591 base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback, | |
592 weak_ptr_factory_.GetWeakPtr())); | |
593 timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this, | |
594 &SSLErrorHandler::ShowSSLInterstitial); | |
595 | |
596 if (g_config.Pointer()->timer_started_callback()) | |
597 g_config.Pointer()->timer_started_callback()->Run(web_contents_); | |
598 | |
599 // Do not check for a captive portal in this case, because a captive | |
600 // portal most likely cannot serve a valid certificate which passes the | |
601 // similarity check. | |
602 return; | |
603 } | 604 } |
604 | 605 |
605 // Always listen to captive portal notifications, otherwise build fails | 606 // Always listen to captive portal notifications, otherwise build fails |
606 // because profile_ isn't used. This is a no-op on platforms where | 607 // because profile_ isn't used. This is a no-op on platforms where |
607 // captive portal detection is disabled. | 608 // captive portal detection is disabled. |
608 registrar_.Add(this, chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT, | 609 registrar_.Add(this, chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT, |
609 content::Source<Profile>(profile_)); | 610 content::Source<Profile>(profile_)); |
610 | 611 |
611 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) | 612 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
612 CaptivePortalTabHelper* captive_portal_tab_helper = | 613 CaptivePortalTabHelper* captive_portal_tab_helper = |
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
768 network_time::NetworkTimeTracker* tracker = | 769 network_time::NetworkTimeTracker* tracker = |
769 g_config.Pointer()->network_time_tracker(); | 770 g_config.Pointer()->network_time_tracker(); |
770 ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker); | 771 ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker); |
771 if (clock_state == ssl_errors::CLOCK_STATE_FUTURE || | 772 if (clock_state == ssl_errors::CLOCK_STATE_FUTURE || |
772 clock_state == ssl_errors::CLOCK_STATE_PAST) { | 773 clock_state == ssl_errors::CLOCK_STATE_PAST) { |
773 ShowBadClockInterstitial(now, clock_state); | 774 ShowBadClockInterstitial(now, clock_state); |
774 return; // |this| is deleted after showing the interstitial. | 775 return; // |this| is deleted after showing the interstitial. |
775 } | 776 } |
776 ShowSSLInterstitial(); | 777 ShowSSLInterstitial(); |
777 } | 778 } |
OLD | NEW |