Component updater must fallback on using HTTP on Windows XPSP2 and below

chrome/browser/component_updater/chrome_component_updater_configurator.cc

Index: chrome/browser/component_updater/chrome_component_updater_configurator.cc
diff --git a/chrome/browser/component_updater/chrome_component_updater_configurator.cc b/chrome/browser/component_updater/chrome_component_updater_configurator.cc
index fdba227896645fa7f923cb22c1220a2b73e9d8c5..8a56772b990b97cb0a11ee590dbd48bd237a92c6 100644
--- a/chrome/browser/component_updater/chrome_component_updater_configurator.cc
+++ b/chrome/browser/component_updater/chrome_component_updater_configurator.cc
@@ -12,6 +12,9 @@
 #include "base/compiler_specific.h"
 #include "base/strings/string_util.h"
 #include "base/version.h"
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif  // OS_WIN
 #include "build/build_config.h"
 #include "chrome/browser/component_updater/component_patcher_operation_out_of_process.h"
 #include "chrome/browser/omaha_query_params/chrome_omaha_query_params_delegate.h"
@@ -47,10 +50,13 @@ const char kSwitchUrlSource[] = "url-source";
 #define COMPONENT_UPDATER_SERVICE_ENDPOINT \
   "//clients2.google.com/service/update2"
 
-// The default url for the v3 protocol service endpoint.
+// The default URL for the v3 protocol service endpoint. In some cases, the
+// component updater is allowed to fall back to and alternate URL source, if
+// the request to the default URL source fails.
 // The value of |kDefaultUrlSource| can be overridden with
 // --component-updater=url-source=someurl.
 const char kDefaultUrlSource[] = "https:" COMPONENT_UPDATER_SERVICE_ENDPOINT;
+const char kAltUrlSource[] = "http:" COMPONENT_UPDATER_SERVICE_ENDPOINT;
 
 // Disables differential updates.
 const char kSwitchDisableDeltaUpdates[] = "disable-delta-updates";
@@ -67,6 +73,24 @@ bool HasSwitchValue(const std::vector<std::string>& vec, const char* test) {
   return (std::find(vec.begin(), vec.end(), test) != vec.end());
 }
 
+// Returns true if falling back on an alternate, unsafe, service URL is
+// allowed. In the fallback case, the security of the component update relies
+// only on the integrity of the CRX payloads, which is self-validating.
+// This is allowed only for Windows XP systems up to and including SP2. As a
+// side note, pings could be sent to the alternate URL too.
+bool CanUseAltUrlSource() {
+#if defined(OS_WIN)
+  const base::win::OSInfo* os_info = base::win::OSInfo::GetInstance();

[cpu_(ooo_6.6-7.5), 2014/09/17 21:28:18]

no need to cache with os_info. GetInstance has it cached.

[Sorin Jianu, 2014/09/17 21:45:35]

Agreed on caching. 
The local variable is to make the call site prettier. Plus, it might save a
function call to GetInstance, since that stuff is not inlined and might or might
not get PGO.

I could rewrite the code if you'd like me to.

+  if (os_info->version() != base::win::VERSION_XP)

[waffles, 2014/09/17 21:26:45]

Do we need to do anything for VERSION_SERVER_2003 (includes 64-bit XP)?

[cpu_(ooo_6.6-7.5), 2014/09/17 21:28:18]

use (version() < base::win::VERSION_VISTA)

[Sorin Jianu, 2014/09/17 21:29:06]

We could, I hope cpu@ helps me clarify the condition.

[Sorin Jianu, 2014/09/17 21:45:36]

Will it be possible that catches some other previous versions that we want to
support but the condition rejects?

There is also a test for the SP. The way the code is written makes the SP test
apply to XP only. With this proposed change, the SP applies to anything less
than VISTA. 

This might be a pedantic observation. I will make the change if needed.

+    return false;
+  if (os_info->service_pack().major >= 3)
+    return false;
+  return true;
+#else
+  return false;
+#endif  // OS_WIN
+}
+
 // If there is an element of |vec| of the form |test|=.*, returns the right-
 // hand side of that assignment. Otherwise, returns an empty string.
 // The right-hand side may contain additional '=' characters, allowing for
@@ -127,6 +151,7 @@ class ChromeConfigurator : public Configurator {
   bool pings_enabled_;
   bool deltas_enabled_;
   bool background_downloads_enabled_;
+  bool fallback_to_alt_source_url_enabled_;
 };
 
 ChromeConfigurator::ChromeConfigurator(
@@ -136,7 +161,8 @@ ChromeConfigurator::ChromeConfigurator(
       fast_update_(false),
       pings_enabled_(false),
       deltas_enabled_(false),
-      background_downloads_enabled_(false) {
+      background_downloads_enabled_(false),
+      fallback_to_alt_source_url_enabled_(false) {
   // Parse comma-delimited debug flags.
   std::vector<std::string> switch_values;
   Tokenize(cmdline->GetSwitchValueASCII(switches::kComponentUpdater),
@@ -162,6 +188,8 @@ ChromeConfigurator::ChromeConfigurator(
 
   if (HasSwitchValue(switch_values, kSwitchRequestParam))
     extra_info_ += "testrequest=\"1\"";
+
+  fallback_to_alt_source_url_enabled_ = CanUseAltUrlSource();
 }
 
 int ChromeConfigurator::InitialDelay() const {
@@ -194,6 +222,9 @@ std::vector<GURL> ChromeConfigurator::UpdateUrl() const {
     urls.push_back(GURL(url_source_override_));
   } else {
     urls.push_back(GURL(kDefaultUrlSource));
+    if (fallback_to_alt_source_url_enabled_) {
+      urls.push_back(GURL(kAltUrlSource));
+    }
   }
   return urls;
 }