net: make HSTS hosts use the normal SSL interstitials

(Reland of r102947, which was reverted in r102950.)

SSL interstitials have better translations for the error messages and this
returns us to the point where we have only a single UI for SSL errors, which
will make some future changes easier.

First, this change changes the SSL error callbacks to take an SSLInfo& rather
than a X509Certificate* (which was already a TODO(wtc) in the code). Most of
this change is the resulting plumbing.

It also adds a |is_hsts_host| flag to the callbacks to denote an HSTS host.

Finally, in ssl_policy.cc the |is_hsts_host| flag causes any error to be
fatal.

BUG=93527

http://codereview.chromium.org/7976036/

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102994 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 33 insertions, 44 deletions

diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index 02667b5..3c12da6 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -112,8 +112,8 @@ void URLRequest::Delegate::OnCertificateRequested(
 }
 
 void URLRequest::Delegate::OnSSLCertificateError(URLRequest* request,
-                                                 int cert_error,
-                                                 X509Certificate* cert) {
+                                                 const SSLInfo& ssl_info,
+                                                 bool is_hsts_ok) {
   request->Cancel();
 }
 
@@ -783,10 +783,10 @@ void URLRequest::NotifyCertificateRequested(
     delegate_->OnCertificateRequested(this, cert_request_info);
 }
 
-void URLRequest::NotifySSLCertificateError(int cert_error,
-                                           X509Certificate* cert) {
+void URLRequest::NotifySSLCertificateError(const SSLInfo& ssl_info,
+                                           bool is_hsts_host) {
   if (delegate_)
-    delegate_->OnSSLCertificateError(this, cert_error, cert);
+    delegate_->OnSSLCertificateError(this, ssl_info, is_hsts_host);
 }
 
 bool URLRequest::CanGetCookies(const CookieList& cookie_list) const {
diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h
index 640f045..7f5f961 100644
--- a/net/url_request/url_request.h
+++ b/net/url_request/url_request.h
@@ -83,6 +83,7 @@ class CookieOptions;
 class HostPortPair;
 class IOBuffer;
 class SSLCertRequestInfo;
+class SSLInfo;
 class UploadData;
 class URLRequestContext;
 class URLRequestJob;
@@ -266,9 +267,12 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe) {
     // safe thing and Cancel() the request or decide to proceed by calling
     // ContinueDespiteLastError().  cert_error is a ERR_* error code
     // indicating what's wrong with the certificate.
+    // If |is_hsts_host| is true then the host in question is an HSTS host
+    // which demands a higher level of security. In this case, errors must not
+    // be bypassable by the user.
     virtual void OnSSLCertificateError(URLRequest* request,
-                                       int cert_error,
-                                       X509Certificate* cert);
+                                       const SSLInfo& ssl_info,
+                                       bool is_hsts_host);
 
     // Called when reading cookies to allow the delegate to block access to the
     // cookie. This method will never be invoked when LOAD_DO_NOT_SEND_COOKIES
@@ -713,7 +717,8 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe) {
   // of these functions.
   void NotifyAuthRequired(AuthChallengeInfo* auth_info);
   void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info);
-  void NotifySSLCertificateError(int cert_error, X509Certificate* cert);
+  void NotifySSLCertificateError(const SSLInfo& ssl_info,
+                                 bool is_hsts_host);
   bool CanGetCookies(const CookieList& cookie_list) const;
   bool CanSetCookie(const std::string& cookie_line,
                     CookieOptions* options) const;
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index cdb94fa..08b7762 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -686,13 +686,18 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
 
   if (result == OK) {
     SaveCookiesAndNotifyHeadersComplete();
-  } else if (ShouldTreatAsCertificateError(result)) {
+  } else if (IsCertificateError(result)) {
     // We encountered an SSL certificate error.  Ask our delegate to decide
     // what we should do.
-    // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole
-    // ssl_info.
-    NotifySSLCertificateError(
-        result, transaction_->GetResponseInfo()->ssl_info.cert);
+
+    TransportSecurityState::DomainState domain_state;
+    const bool is_hsts_host =
+        context_->transport_security_state() &&
+        context_->transport_security_state()->IsEnabledForHost(
+            &domain_state, request_info_.url.host(),
+            SSLConfigService::IsSNIAvailable(context_->ssl_config_service()));
+    NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info,
+                              is_hsts_host);
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
     NotifyCertificateRequested(
         transaction_->GetResponseInfo()->cert_request_info);
@@ -719,27 +724,6 @@ void URLRequestHttpJob::OnReadCompleted(int result) {
   NotifyReadComplete(result);
 }
 
-bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) {
-  if (!IsCertificateError(result))
-    return false;
-
-  // Revocation check failures are always certificate errors, even if the host
-  // is using Strict-Transport-Security.
-  if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION)
-    return true;
-
-  // Check whether our context is using Strict-Transport-Security.
-  if (!context_->transport_security_state())
-    return true;
-
-  TransportSecurityState::DomainState domain_state;
-  const bool r = context_->transport_security_state()->IsEnabledForHost(
-      &domain_state, request_info_.url.host(),
-      SSLConfigService::IsSNIAvailable(context_->ssl_config_service()));
-
-  return !r;
-}
-
 void URLRequestHttpJob::RestartTransactionWithAuth(
     const string16& username,
     const string16& password) {
diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h
index 8293c13..883948d 100644
--- a/net/url_request/url_request_http_job.h
+++ b/net/url_request/url_request_http_job.h
@@ -59,8 +59,6 @@ class URLRequestHttpJob : public URLRequestJob {
   void OnReadCompleted(int result);
   void NotifyBeforeSendHeadersCallback(int result);
 
-  bool ShouldTreatAsCertificateError(int result);
-
   void RestartTransactionWithAuth(const string16& username,
                                   const string16& password);
 
diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc
index 47e38e9..2a23d61 100644
--- a/net/url_request/url_request_job.cc
+++ b/net/url_request/url_request_job.cc
@@ -228,12 +228,12 @@ void URLRequestJob::NotifyCertificateRequested(
   request_->NotifyCertificateRequested(cert_request_info);
 }
 
-void URLRequestJob::NotifySSLCertificateError(int cert_error,
-                                              X509Certificate* cert) {
+void URLRequestJob::NotifySSLCertificateError(const SSLInfo& ssl_info,
+                                              bool is_hsts_host) {
   if (!request_)
     return;  // The request was destroyed, so there is no more work to do.
 
-  request_->NotifySSLCertificateError(cert_error, cert);
+  request_->NotifySSLCertificateError(ssl_info, is_hsts_host);
 }
 
 bool URLRequestJob::CanGetCookies(const CookieList& cookie_list) const {
diff --git a/net/url_request/url_request_job.h b/net/url_request/url_request_job.h
index 01547cc..4231ddd 100644
--- a/net/url_request/url_request_job.h
+++ b/net/url_request/url_request_job.h
@@ -30,6 +30,7 @@ class HttpRequestHeaders;
 class HttpResponseInfo;
 class IOBuffer;
 class SSLCertRequestInfo;
+class SSLInfo;
 class URLRequest;
 class UploadData;
 class URLRequestStatus;
@@ -197,7 +198,8 @@ class NET_EXPORT URLRequestJob : public base::RefCounted<URLRequestJob>,
   void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info);
 
   // Notifies the job about an SSL certificate error.
-  void NotifySSLCertificateError(int cert_error, X509Certificate* cert);
+  void NotifySSLCertificateError(const SSLInfo& ssl_info,
+                                 bool is_hsts_host);
 
   // Delegates to URLRequest::Delegate.
   bool CanGetCookies(const CookieList& cookie_list) const;
diff --git a/net/url_request/url_request_test_util.cc b/net/url_request/url_request_test_util.cc
index f49d0c4..bffad74 100644
--- a/net/url_request/url_request_test_util.cc
+++ b/net/url_request/url_request_test_util.cc
@@ -193,8 +193,8 @@ void TestDelegate::OnAuthRequired(net::URLRequest* request,
 }
 
 void TestDelegate::OnSSLCertificateError(net::URLRequest* request,
-                                         int cert_error,
-                                         net::X509Certificate* cert) {
+                                         const net::SSLInfo& ssl_info,
+                                         bool is_hsts_host) {
   // The caller can control whether it needs all SSL requests to go through,
   // independent of any possible errors, or whether it wants SSL errors to
   // cancel the request.
diff --git a/net/url_request/url_request_test_util.h b/net/url_request/url_request_test_util.h
index cac7a72..f8ef867 100644
--- a/net/url_request/url_request_test_util.h
+++ b/net/url_request/url_request_test_util.h
@@ -129,8 +129,8 @@ class TestDelegate : public net::URLRequest::Delegate {
   virtual void OnAuthRequired(net::URLRequest* request,
                               net::AuthChallengeInfo* auth_info) OVERRIDE;
   virtual void OnSSLCertificateError(net::URLRequest* request,
-                                     int cert_error,
-                                     net::X509Certificate* cert) OVERRIDE;
+                                     const net::SSLInfo& ssl_info,
+                                     bool is_hsts_host) OVERRIDE;
   virtual bool CanGetCookies(const net::URLRequest* request,
                              const net::CookieList& cookie_list) const OVERRIDE;
   virtual bool CanSetCookie(const net::URLRequest* request,