diff options
author | bhanudev <bhanudev@google.com> | 2015-08-18 15:21:18 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-08-18 22:22:06 +0000 |
commit | 2051ce7a01a4026ec1611c940a3d83a55a6e19ef (patch) | |
tree | 2409169e8a1e7262b718cd16842504dce8bf6d3e /chrome/browser/ssl/common_name_mismatch_handler.cc | |
parent | 75eee56c732dd56ad5c733db0c4522adc8ce5029 (diff) | |
download | chromium_src-2051ce7a01a4026ec1611c940a3d83a55a6e19ef.zip chromium_src-2051ce7a01a4026ec1611c940a3d83a55a6e19ef.tar.gz chromium_src-2051ce7a01a4026ec1611c940a3d83a55a6e19ef.tar.bz2 |
Common Name Mismatch Handler For WWW Subdomain Mismatch case
This CL displays a modified interstitial for the WWW subdomain
mismatch error. When there is a WWW sub domain mismatch between
the hostname entered in the URL and the dns name present in the
certificate, we ping the www mismatched domain. If a valid response
code is received, we display an interstitial with a link to that domain.
BUG=507454
Review URL: https://codereview.chromium.org/1223233002
Cr-Commit-Position: refs/heads/master@{#344052}
Diffstat (limited to 'chrome/browser/ssl/common_name_mismatch_handler.cc')
-rw-r--r-- | chrome/browser/ssl/common_name_mismatch_handler.cc | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/chrome/browser/ssl/common_name_mismatch_handler.cc b/chrome/browser/ssl/common_name_mismatch_handler.cc new file mode 100644 index 0000000..941127b --- /dev/null +++ b/chrome/browser/ssl/common_name_mismatch_handler.cc @@ -0,0 +1,104 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/browser/ssl/common_name_mismatch_handler.h" + +#include "base/callback_helpers.h" +#include "base/logging.h" +#include "base/strings/string_number_conversions.h" +#include "chrome/browser/ssl/ssl_error_classification.h" +#include "net/base/load_flags.h" +#include "net/http/http_response_headers.h" +#include "net/http/http_util.h" +#include "net/url_request/url_request_status.h" + +CommonNameMismatchHandler::CommonNameMismatchHandler( + const GURL& request_url, + const scoped_refptr<net::URLRequestContextGetter>& request_context) + : request_url_(request_url), request_context_(request_context) {} + +CommonNameMismatchHandler::~CommonNameMismatchHandler() {} + +// static +CommonNameMismatchHandler::TestingState + CommonNameMismatchHandler::testing_state_ = NOT_TESTING; + +void CommonNameMismatchHandler::CheckSuggestedUrl( + const GURL& url, + const CheckUrlCallback& callback) { + // Should be used only in tests. + if (testing_state_ == IGNORE_REQUESTS_FOR_TESTING) + return; + + DCHECK(CalledOnValidThread()); + DCHECK(!IsCheckingSuggestedUrl()); + DCHECK(check_url_callback_.is_null()); + + check_url_callback_ = callback; + + url_fetcher_ = net::URLFetcher::Create(url, net::URLFetcher::HEAD, this); + url_fetcher_->SetAutomaticallyRetryOn5xx(false); + url_fetcher_->SetRequestContext(request_context_.get()); + + // Can't safely use net::LOAD_DISABLE_CERT_REVOCATION_CHECKING here, + // since then the connection may be reused without checking the cert. + url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SAVE_COOKIES | + net::LOAD_DO_NOT_SEND_COOKIES | + net::LOAD_DO_NOT_SEND_AUTH_DATA); + url_fetcher_->Start(); +} + +// static +bool CommonNameMismatchHandler::GetSuggestedUrl( + const GURL& request_url, + const std::vector<std::string>& dns_names, + GURL* suggested_url) { + std::string host_name = request_url.host(); + std::string www_mismatch_hostname; + if (!SSLErrorClassification::GetWWWSubDomainMatch(host_name, dns_names, + &www_mismatch_hostname)) { + return false; + } + // The full URL should be pinged, not just the new hostname. So, get the + // |suggested_url| with the |request_url|'s hostname replaced with + // new hostname. Keep resource path, query params the same. + GURL::Replacements replacements; + replacements.SetHostStr(www_mismatch_hostname); + *suggested_url = request_url.ReplaceComponents(replacements); + return true; +} + +void CommonNameMismatchHandler::Cancel() { + url_fetcher_.reset(); + check_url_callback_.Reset(); +} + +void CommonNameMismatchHandler::OnURLFetchComplete( + const net::URLFetcher* source) { + DCHECK(CalledOnValidThread()); + DCHECK(IsCheckingSuggestedUrl()); + DCHECK_EQ(url_fetcher_.get(), source); + DCHECK(!check_url_callback_.is_null()); + DCHECK(!url_fetcher_.get()->GetStatus().is_io_pending()); + + SuggestedUrlCheckResult result = SUGGESTED_URL_NOT_AVAILABLE; + // Save a copy of |suggested_url| so it can be used after |url_fetcher_| + // is destroyed. + const GURL suggested_url = url_fetcher_->GetOriginalURL(); + const GURL& landing_url = url_fetcher_->GetURL(); + + // Make sure the |landing_url| is a HTTPS page and returns a proper response + // code. + if (url_fetcher_.get()->GetResponseCode() == 200 && + landing_url.SchemeIsCryptographic() && + landing_url.host() != request_url_.host()) { + result = SUGGESTED_URL_AVAILABLE; + } + url_fetcher_.reset(); + base::ResetAndReturn(&check_url_callback_).Run(result, suggested_url); +} + +bool CommonNameMismatchHandler::IsCheckingSuggestedUrl() const { + return url_fetcher_; +} |