From 2051ce7a01a4026ec1611c940a3d83a55a6e19ef Mon Sep 17 00:00:00 2001
From: bhanudev <bhanudev@google.com>
Date: Tue, 18 Aug 2015 15:21:18 -0700
Subject: Common Name Mismatch Handler For WWW Subdomain Mismatch case

This CL displays a modified interstitial for the WWW subdomain
mismatch error. When there is a WWW sub domain mismatch between
the hostname entered in the URL and the dns name present in the
certificate, we ping the www mismatched domain. If a valid response
code is received, we display an interstitial with a link to that domain.

BUG=507454

Review URL: https://codereview.chromium.org/1223233002

Cr-Commit-Position: refs/heads/master@{#344052}
---
 chrome/browser/ssl/ssl_error_handler.cc | 123 ++++++++++++++++++++++++--------
 1 file changed, 94 insertions(+), 29 deletions(-)

(limited to 'chrome/browser/ssl/ssl_error_handler.cc')

diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index 594a683..60cd2ae 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -11,6 +11,7 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ssl/ssl_cert_reporter.h"
+#include "chrome/browser/ssl/ssl_error_classification.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/web_contents.h"
@@ -39,6 +40,8 @@ enum SSLErrorHandlerEvent {
   SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE,
   SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE,
   SHOW_SSL_INTERSTITIAL_OVERRIDABLE,
+  SHOW_COMMON_NAME_MISMATCH_INTERSTITIAL_NONOVERRIDABLE,
+  SHOW_COMMON_NAME_MISMATCH_INTERSTITIAL_OVERRIDABLE,
   SSL_ERROR_HANDLER_EVENT_COUNT
 };
 
@@ -48,10 +51,10 @@ void RecordUMA(SSLErrorHandlerEvent event) {
                             SSL_ERROR_HANDLER_EVENT_COUNT);
 }
 
-#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 // The delay before displaying the SSL interstitial for cert errors.
-// - If a "captive portal detected" result arrives in this many seconds,
-//   a captive portal interstitial is displayed.
+// - If a "captive portal detected" or "suggested URL valid" result
+//   arrives in this many seconds, then a captive portal interstitial
+//   or a common name mismatch interstitial is displayed.
 // - Otherwise, an SSL interstitial is displayed.
 const int kDefaultInterstitialDisplayDelayInSeconds = 2;
 
@@ -74,6 +77,7 @@ base::TimeDelta GetInterstitialDisplayDelay(
   return base::TimeDelta();
 }
 
+#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 bool IsCaptivePortalInterstitialEnabled() {
   return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
          "Enabled";
@@ -92,13 +96,6 @@ void SSLErrorHandler::HandleSSLError(
     int options_mask,
     scoped_ptr<SSLCertReporter> ssl_cert_reporter,
     const base::Callback<void(bool)>& callback) {
-#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
-  CaptivePortalTabHelper* captive_portal_tab_helper =
-      CaptivePortalTabHelper::FromWebContents(web_contents);
-  if (captive_portal_tab_helper) {
-    captive_portal_tab_helper->OnSSLCertError(ssl_info);
-  }
-#endif
   DCHECK(!FromWebContents(web_contents));
   web_contents->SetUserData(
       UserDataKey(),
@@ -137,15 +134,8 @@ SSLErrorHandler::SSLErrorHandler(content::WebContents* web_contents,
       request_url_(request_url),
       options_mask_(options_mask),
       callback_(callback),
-      ssl_cert_reporter_(ssl_cert_reporter.Pass()) {
-#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
-  Profile* profile = Profile::FromBrowserContext(
-      web_contents->GetBrowserContext());
-  registrar_.Add(this,
-                 chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
-                 content::Source<Profile>(profile));
-#endif
-}
+      profile_(Profile::FromBrowserContext(web_contents->GetBrowserContext())),
+      ssl_cert_reporter_(ssl_cert_reporter.Pass()) {}
 
 SSLErrorHandler::~SSLErrorHandler() {
 }
@@ -153,7 +143,46 @@ SSLErrorHandler::~SSLErrorHandler() {
 void SSLErrorHandler::StartHandlingError() {
   RecordUMA(HANDLE_ALL);
 
+  std::vector<std::string> dns_names;
+  ssl_info_.cert->GetDNSNames(&dns_names);
+  DCHECK(!dns_names.empty());
+  GURL suggested_url;
+  if (ssl_info_.cert_status == net::CERT_STATUS_COMMON_NAME_INVALID &&
+      GetSuggestedUrl(dns_names, &suggested_url)) {
+    net::CertStatus extra_cert_errors =
+        ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID;
+
+    // Show the SSL intersitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
+    // the only error. Need not check for captive portal in this case.
+    // (See the comment below).
+    if (net::IsCertStatusError(extra_cert_errors) &&
+        !net::IsCertStatusMinorError(ssl_info_.cert_status)) {
+      ShowSSLInterstitial();
+      return;
+    }
+    CheckSuggestedUrl(suggested_url);
+    timer_.Start(FROM_HERE,
+                 GetInterstitialDisplayDelay(g_interstitial_delay_type), this,
+                 &SSLErrorHandler::OnTimerExpired);
+    if (g_timer_started_callback)
+      g_timer_started_callback->Run(web_contents_);
+
+    // Do not check for a captive portal in this case, because a captive
+    // portal most likely cannot serve a valid certificate which passes the
+    // similarity check.
+    return;
+  }
+
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
+  CaptivePortalTabHelper* captive_portal_tab_helper =
+      CaptivePortalTabHelper::FromWebContents(web_contents_);
+  if (captive_portal_tab_helper) {
+    captive_portal_tab_helper->OnSSLCertError(ssl_info_);
+  }
+
+  registrar_.Add(this, chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
+                 content::Source<Profile>(profile_));
+
   if (IsCaptivePortalInterstitialEnabled()) {
     CheckForCaptivePortal();
     timer_.Start(FROM_HERE,
@@ -172,12 +201,34 @@ void SSLErrorHandler::OnTimerExpired() {
   ShowSSLInterstitial();
 }
 
+bool SSLErrorHandler::GetSuggestedUrl(const std::vector<std::string>& dns_names,
+                                      GURL* suggested_url) const {
+  return CommonNameMismatchHandler::GetSuggestedUrl(request_url_, dns_names,
+                                                    suggested_url);
+}
+
+void SSLErrorHandler::CheckSuggestedUrl(const GURL& suggested_url) {
+  scoped_refptr<net::URLRequestContextGetter> request_context(
+      profile_->GetRequestContext());
+  common_name_mismatch_handler_.reset(
+      new CommonNameMismatchHandler(request_url_, request_context));
+
+  common_name_mismatch_handler_->CheckSuggestedUrl(
+      suggested_url,
+      base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
+                 base::Unretained(this)));
+}
+
+void SSLErrorHandler::NavigateToSuggestedURL(const GURL& suggested_url) {
+  content::NavigationController::LoadURLParams load_params(suggested_url);
+  load_params.transition_type = ui::PAGE_TRANSITION_TYPED;
+  web_contents()->GetController().LoadURLWithParams(load_params);
+}
+
 void SSLErrorHandler::CheckForCaptivePortal() {
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
-  Profile* profile = Profile::FromBrowserContext(
-      web_contents_->GetBrowserContext());
   CaptivePortalService* captive_portal_service =
-      CaptivePortalServiceFactory::GetForProfile(profile);
+      CaptivePortalServiceFactory::GetForProfile(profile_);
   captive_portal_service->DetectCaptivePortal();
 #else
   NOTREACHED();
@@ -187,9 +238,7 @@ void SSLErrorHandler::CheckForCaptivePortal() {
 void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
   // Show captive portal blocking page. The interstitial owns the blocking page.
-  const Profile* const profile =
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext());
-  RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile)
+  RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile_)
                 ? SHOW_CAPTIVE_PORTAL_INTERSTITIAL_OVERRIDABLE
                 : SHOW_CAPTIVE_PORTAL_INTERSTITIAL_NONOVERRIDABLE);
   (new CaptivePortalBlockingPage(web_contents_, request_url_, landing_url,
@@ -205,14 +254,14 @@ void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
 
 void SSLErrorHandler::ShowSSLInterstitial() {
   // Show SSL blocking page. The interstitial owns the blocking page.
-  const Profile* const profile =
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext());
-  RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile)
+  RecordUMA(SSLBlockingPage::IsOverridable(options_mask_, profile_)
                 ? SHOW_SSL_INTERSTITIAL_OVERRIDABLE
                 : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
+
   (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
                        options_mask_, base::Time::NowFromSystemTime(),
-                       ssl_cert_reporter_.Pass(), callback_))->Show();
+                       ssl_cert_reporter_.Pass(), callback_))
+      ->Show();
   // Once an interstitial is displayed, no need to keep the handler around.
   // This is the equivalent of "delete this".
   web_contents_->RemoveUserData(UserDataKey());
@@ -255,5 +304,21 @@ void SSLErrorHandler::DeleteSSLErrorHandler() {
   if (!callback_.is_null()) {
     base::ResetAndReturn(&callback_).Run(false);
   }
+  if (common_name_mismatch_handler_) {
+    common_name_mismatch_handler_->Cancel();
+    common_name_mismatch_handler_.reset();
+  }
   web_contents_->RemoveUserData(UserDataKey());
 }
+
+void SSLErrorHandler::CommonNameMismatchHandlerCallback(
+    const CommonNameMismatchHandler::SuggestedUrlCheckResult& result,
+    const GURL& suggested_url) {
+  timer_.Stop();
+  if (result == CommonNameMismatchHandler::SuggestedUrlCheckResult::
+                    SUGGESTED_URL_AVAILABLE) {
+    NavigateToSuggestedURL(suggested_url);
+  } else {
+    ShowSSLInterstitial();
+  }
+}
-- 
cgit v1.1