Stop on redirects while checking for www mismatches

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "base/base64.h"
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 88 matching lines @@
 #include "net/base/net_errors.h"
 #include "net/cert/asn1_util.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/mock_cert_verifier.h"
 #include "net/cert/x509_certificate.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/http/http_response_headers.h"
 #include "net/ssl/ssl_info.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
+#include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/request_handler_util.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "net/test/test_certificate_data.h"
 #include "net/test/test_data_directory.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_filter.h"
 #include "net/url_request/url_request_job.h"
 #include "net/url_request/url_request_test_util.h"
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
@@ skipping 3477 matching lines @@
 
   // Open a second tab, close the first, and then trigger the network time
   // response and wait for the response; no crash should occur.
   ASSERT_TRUE(https_server_.Start());
   AddTabAtIndex(1, https_server_.GetURL("/"), ui::PAGE_TRANSITION_TYPED);
   chrome::CloseWebContents(browser(), contents, false);
   ASSERT_NO_FATAL_FAILURE(CheckTimeQueryPending());
   TriggerTimeResponse();
 }
 
+namespace {
+
+// Fails with a CHECK for all requests over HTTP except for favicons. This is to
+// ensure that name mismatch redirect feature's suggest URL ping stops on
+// redirects and never hits an HTTP URL.
+class HttpNameMismatchPingInterceptor : public net::URLRequestInterceptor {
+ public:
+  HttpNameMismatchPingInterceptor() {}
+  ~HttpNameMismatchPingInterceptor() override {}
+
+  net::URLRequestJob* MaybeInterceptRequest(
+      net::URLRequest* request,
+      net::NetworkDelegate* delegate) const override {
+    if (request->url().path() == "/favicon.ico") {
+      // When a page doesn't list a favicon, a favicon request is automatically
+      // made over HTTP. These are harmless and don't leak the original page's
+      // URL, so ignore them.
+      return nullptr;
+    }
+
+    EXPECT_TRUE(false)
+        << "Name mismatch pings must never be over HTTP. This request was for "
+        << request->url();
+    return nullptr;
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(HttpNameMismatchPingInterceptor);
+};
+
+void SetUpHttpNameMismatchPingInterceptorOnIOThread() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+  // Add interceptors for HTTP versions of example.org and www.example.org.
+  // These are the hostnames used in the tests, and we never want them to be
+  // contacted over HTTP.
+  net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+      "http", "example.org",
+      std::unique_ptr<HttpNameMismatchPingInterceptor>(
+          new HttpNameMismatchPingInterceptor()));
+  net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+      "http", "www.example.org",
+      std::unique_ptr<HttpNameMismatchPingInterceptor>(
+          new HttpNameMismatchPingInterceptor()));
+}
+
+}  // namespace
+
 class CommonNameMismatchBrowserTest : public CertVerifierBrowserTest {
  public:
   CommonNameMismatchBrowserTest() : CertVerifierBrowserTest() {}
-  ~CommonNameMismatchBrowserTest() override {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Enable finch experiment for SSL common name mismatch handling.
     command_line->AppendSwitchASCII(switches::kForceFieldTrials,
                                     "SSLCommonNameMismatchHandling/Enabled/");
   }
 
   void SetUpOnMainThread() override {
     CertVerifierBrowserTest::SetUpOnMainThread();
     host_resolver()->AddRule("*", "127.0.0.1");
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&SetUpHttpNameMismatchPingInterceptorOnIOThread));
+  }
+
+  void TearDownOnMainThread() override {
+    content::BrowserThread::PostTask(content::BrowserThread::IO, FROM_HERE,
+                                     base::Bind(&CleanUpOnIOThread));
+    CertVerifierBrowserTest::TearDownOnMainThread();
   }
 };
 
 // Visit the URL www.mail.example.com on a server that presents a valid
 // certificate for mail.example.com. Verify that the page navigates to
 // mail.example.com.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        ShouldShowWWWSubdomainMismatchInterstitial) {
-  net::EmbeddedTestServer https_server_example_domain_(
+  net::EmbeddedTestServer https_server_example_domain(
       net::EmbeddedTestServer::TYPE_HTTPS);
-  https_server_example_domain_.ServeFilesFromSourceDirectory(
+  https_server_example_domain.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
-  ASSERT_TRUE(https_server_example_domain_.Start());
+  ASSERT_TRUE(https_server_example_domain.Start());
 
   scoped_refptr<net::X509Certificate> cert =
-      https_server_example_domain_.GetCertificate();
+      https_server_example_domain.GetCertificate();
 
   // Use the "spdy_pooling.pem" cert which has "mail.example.com"
   // as one of its SANs.
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   // Request to "www.mail.example.com" should result in
   // |net::ERR_CERT_COMMON_NAME_INVALID| error.
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   // Request to "www.mail.example.com" should not result in any error.
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
   // Use a complex URL to ensure the path, etc., are preserved. The path itself
   // does not matter.
-  GURL https_server_url =
-      https_server_example_domain_.GetURL("/ssl/google.html?a=b#anchor");
+  const GURL https_server_url =
+      https_server_example_domain.GetURL("/ssl/google.html?a=b#anchor");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
-  GURL https_server_mismatched_url =
+  const GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   content::TestNavigationObserver observer(
       contents,
       // With PlzNavigate, the renderer only sees one navigation (i.e. not the
       // redirect, since that happens in the browser).
       content::IsBrowserSideNavigationEnabled() ? 1 : 2);
   ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
   observer.Wait();
 
   CheckSecurityState(contents, CertError::NONE, security_state::SECURE,
                      AuthState::NONE);
   replacements.SetHostStr("mail.example.com");
   GURL https_server_new_url = https_server_url.ReplaceComponents(replacements);
   // Verify that the current URL is the suggested URL.
   EXPECT_EQ(https_server_new_url.spec(),
             contents->GetLastCommittedURL().spec());
 }
 
 // Visit the URL example.org on a server that presents a valid certificate
 // for www.example.org. Verify that the page redirects to www.example.org.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        CheckWWWSubdomainMismatchInverse) {
-  net::EmbeddedTestServer https_server_example_domain_(
+  net::EmbeddedTestServer https_server_example_domain(
       net::EmbeddedTestServer::TYPE_HTTPS);
-  https_server_example_domain_.ServeFilesFromSourceDirectory(
+  https_server_example_domain.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
-  ASSERT_TRUE(https_server_example_domain_.Start());
+  ASSERT_TRUE(https_server_example_domain.Start());
 
   scoped_refptr<net::X509Certificate> cert =
-      https_server_example_domain_.GetCertificate();
+      https_server_example_domain.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "example.org", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "www.example.org",
                                                 verify_result_valid, net::OK);
 
-  GURL https_server_url =
-      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
+  const GURL https_server_url =
+      https_server_example_domain.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("example.org");
-  GURL https_server_mismatched_url =
+  const GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   content::TestNavigationObserver observer(
       contents,
       // With PlzNavigate, the renderer only sees one navigation (i.e. not the
       // redirect, since that happens in the browser).
       content::IsBrowserSideNavigationEnabled() ? 1 : 2);
   ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
   observer.Wait();
 
   CheckSecurityState(contents, CertError::NONE, security_state::SECURE,
                      AuthState::NONE);
 }
 
+namespace {
+// Redirects incoming request to http://example.org.
+std::unique_ptr<net::test_server::HttpResponse> HTTPSToHTTPRedirectHandler(
+    const net::EmbeddedTestServer* test_server,
+    const net::test_server::HttpRequest& request) {
+  GURL::Replacements replacements;
+  replacements.SetHostStr("example.org");
+  replacements.SetSchemeStr("http");
+  const GURL redirect_url =
+      test_server->base_url().ReplaceComponents(replacements);
+
+  std::unique_ptr<net::test_server::BasicHttpResponse> http_response(
+      new net::test_server::BasicHttpResponse);
+  http_response->set_code(net::HTTP_MOVED_PERMANENTLY);
+  http_response->AddCustomHeader("Location", redirect_url.spec());
+  return std::move(http_response);
+}
+}  // namespace
+
+// Common name mismatch handling feature should ignore redirects when pinging
+// the suggested hostname. Visit the URL example.org on a server that presents a
+// valid certificate for www.example.org. In this case, www.example.org
+// redirects to http://example.org, and the SSL error should not be redirected
+// to this URL.
+IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
+                       WWWSubdomainMismatch_StopOnRedirects) {
+  net::EmbeddedTestServer https_server_example_domain(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+
+  // Redirect all URLs to http://example.org. Since this test will trigger only
+  // one request to check the suggested URL, redirecting all requests is OK.
+  // We would normally use content::SetupCrossSiteRedirector here, but that
+  // function does not support https to http redirects.
+  // This must be done before ServeFilesFromSourceDirectory(), otherwise the
+  // test server will serve files instead of redirecting requests to them.
+  https_server_example_domain.RegisterRequestHandler(
+      base::Bind(&HTTPSToHTTPRedirectHandler, &https_server_example_domain));
+
+  https_server_example_domain.ServeFilesFromSourceDirectory(
+      base::FilePath(kDocRoot));
+
+  ASSERT_TRUE(https_server_example_domain.Start());
+
+  scoped_refptr<net::X509Certificate> cert =
+      https_server_example_domain.GetCertificate();
+
+  net::CertVerifyResult verify_result;
+  verify_result.verified_cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
+  verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
+
+  mock_cert_verifier()->AddResultForCertAndHost(
+      cert.get(), "example.org", verify_result,
+      net::ERR_CERT_COMMON_NAME_INVALID);
+
+  net::CertVerifyResult verify_result_valid;
+  verify_result_valid.verified_cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
+  mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "www.example.org",
+                                                verify_result_valid, net::OK);
+
+  // The user will visit https://example.org:port/ssl/blank.html.
+  GURL::Replacements replacements;
+  replacements.SetHostStr("example.org");
+  const GURL https_server_mismatched_url =
+      https_server_example_domain.GetURL("/ssl/blank.html")
+          .ReplaceComponents(replacements);
+
+  // Should simply show an interstitial, because the suggested URL
+  // (https://www.example.org) redirected to http://example.org.
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
+  WaitForInterstitialAttach(contents);
+
+  CheckSecurityState(contents, net::CERT_STATUS_COMMON_NAME_INVALID,
+                     security_state::DANGEROUS,
+                     AuthState::SHOWING_INTERSTITIAL);
+}
+
 // Tests this scenario:
 // - |CommonNameMismatchHandler| does not give a callback as it's set into the
 //   state |IGNORE_REQUESTS_FOR_TESTING|. So no suggested URL check result can
 //   arrive.
 // - A cert error triggers an interstitial timer with a very long timeout.
 // - No suggested URL check results arrive, causing the tab to appear as loading
 //   indefinitely (also because the timer has a long timeout).
 // - Stopping the page load shouldn't result in any interstitials.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        InterstitialStopNavigationWhileLoading) {
-  net::EmbeddedTestServer https_server_example_domain_(
+  net::EmbeddedTestServer https_server_example_domain(
       net::EmbeddedTestServer::TYPE_HTTPS);
-  https_server_example_domain_.ServeFilesFromSourceDirectory(
+  https_server_example_domain.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
-  ASSERT_TRUE(https_server_example_domain_.Start());
+  ASSERT_TRUE(https_server_example_domain.Start());
 
   scoped_refptr<net::X509Certificate> cert =
-      https_server_example_domain_.GetCertificate();
+      https_server_example_domain.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
-  GURL https_server_url =
-      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
+  const GURL https_server_url =
+      https_server_example_domain.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
-  GURL https_server_mismatched_url =
+  const GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   CommonNameMismatchHandler::set_state_for_testing(
       CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING);
   // Set delay long enough so that the page appears loading.
   SSLErrorHandler::SetInterstitialDelayForTesting(
       base::TimeDelta::FromHours(1));
   SSLInterstitialTimerObserver interstitial_timer_observer(contents);
 
@@ skipping 14 matching lines @@
   // Make sure that the |SSLErrorHandler| is deleted.
   EXPECT_FALSE(ssl_error_handler);
   EXPECT_FALSE(contents->ShowingInterstitialPage());
   EXPECT_FALSE(contents->IsLoading());
 }
 
 // Same as above, but instead of stopping, the loading page is reloaded. The end
 // result is the same. (i.e. page load stops, no interstitials shown)
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        InterstitialReloadNavigationWhileLoading) {
-  net::EmbeddedTestServer https_server_example_domain_(
+  net::EmbeddedTestServer https_server_example_domain(
       net::EmbeddedTestServer::TYPE_HTTPS);
-  https_server_example_domain_.ServeFilesFromSourceDirectory(
+  https_server_example_domain.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
-  ASSERT_TRUE(https_server_example_domain_.Start());
+  ASSERT_TRUE(https_server_example_domain.Start());
 
   scoped_refptr<net::X509Certificate> cert =
-      https_server_example_domain_.GetCertificate();
+      https_server_example_domain.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
-  GURL https_server_url =
-      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
+  const GURL https_server_url =
+      https_server_example_domain.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
-  GURL https_server_mismatched_url =
+  const GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   CommonNameMismatchHandler::set_state_for_testing(
       CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING);
   // Set delay long enough so that the page appears loading.
   SSLErrorHandler::SetInterstitialDelayForTesting(
       base::TimeDelta::FromHours(1));
   SSLInterstitialTimerObserver interstitial_timer_observer(contents);
 
@@ skipping 12 matching lines @@
   // Make sure that the |SSLErrorHandler| is deleted.
   EXPECT_FALSE(ssl_error_handler);
   EXPECT_FALSE(contents->ShowingInterstitialPage());
   EXPECT_FALSE(contents->IsLoading());
 }
 
 // Same as above, but instead of reloading, the page is navigated away. The
 // new page should load, and no interstitials should be shown.
 IN_PROC_BROWSER_TEST_F(CommonNameMismatchBrowserTest,
                        InterstitialNavigateAwayWhileLoading) {
-  net::EmbeddedTestServer https_server_example_domain_(
+  net::EmbeddedTestServer https_server_example_domain(
       net::EmbeddedTestServer::TYPE_HTTPS);
-  https_server_example_domain_.ServeFilesFromSourceDirectory(
+  https_server_example_domain.ServeFilesFromSourceDirectory(
       base::FilePath(kDocRoot));
-  ASSERT_TRUE(https_server_example_domain_.Start());
+  ASSERT_TRUE(https_server_example_domain.Start());
 
   scoped_refptr<net::X509Certificate> cert =
-      https_server_example_domain_.GetCertificate();
+      https_server_example_domain.GetCertificate();
 
   net::CertVerifyResult verify_result;
   verify_result.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
 
   mock_cert_verifier()->AddResultForCertAndHost(
       cert.get(), "www.mail.example.com", verify_result,
       net::ERR_CERT_COMMON_NAME_INVALID);
 
   net::CertVerifyResult verify_result_valid;
   verify_result_valid.verified_cert =
       net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
   mock_cert_verifier()->AddResultForCertAndHost(cert.get(), "mail.example.com",
                                                 verify_result_valid, net::OK);
 
-  GURL https_server_url =
-      https_server_example_domain_.GetURL("/ssl/google.html?a=b");
+  const GURL https_server_url =
+      https_server_example_domain.GetURL("/ssl/google.html?a=b");
   GURL::Replacements replacements;
   replacements.SetHostStr("www.mail.example.com");
-  GURL https_server_mismatched_url =
+  const GURL https_server_mismatched_url =
       https_server_url.ReplaceComponents(replacements);
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   CommonNameMismatchHandler::set_state_for_testing(
       CommonNameMismatchHandler::IGNORE_REQUESTS_FOR_TESTING);
   // Set delay long enough so that the page appears loading.
   SSLErrorHandler::SetInterstitialDelayForTesting(
       base::TimeDelta::FromHours(1));
   SSLInterstitialTimerObserver interstitial_timer_observer(contents);
 
@@ skipping 851 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.