| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| 6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 // A function which calculates the severity score when the ssl error is | 65 // A function which calculates the severity score when the ssl error is |
| 66 // |CERT_AUTHORITY_INVALID|, returns a score between 0.0 and 1.0, higher | 66 // |CERT_AUTHORITY_INVALID|, returns a score between 0.0 and 1.0, higher |
| 67 // values being more severe, indicating how severe the certificate's | 67 // values being more severe, indicating how severe the certificate's |
| 68 // authority invalid error is. | 68 // authority invalid error is. |
| 69 void InvalidAuthoritySeverityScore(); | 69 void InvalidAuthoritySeverityScore(); |
| 70 | 70 |
| 71 void RecordUMAStatistics(bool overridable) const; | 71 void RecordUMAStatistics(bool overridable) const; |
| 72 void RecordCaptivePortalUMAStatistics(bool overridable) const; | 72 void RecordCaptivePortalUMAStatistics(bool overridable) const; |
| 73 base::TimeDelta TimePassedSinceExpiry() const; | 73 base::TimeDelta TimePassedSinceExpiry() const; |
| 74 | 74 |
| 75 // Returns true if the site's hostname differs from one of the DNS |
| 76 // names in the certificate (CN or SANs) only by the presence or |
| 77 // absence of the single-label prefix "www". E.g.: (The first domain |
| 78 // is hostname and the second domain is a DNS name in the certificate) |
| 79 // |
| 80 // www.example.com ~ example.com -> true |
| 81 // example.com ~ www.example.com -> true |
| 82 // www.food.example.com ~ example.com -> false |
| 83 // mail.example.com ~ example.com -> false |
| 84 static bool GetWWWSubDomainMatch(const std::string& host_name, |
| 85 const std::vector<std::string>& dns_names, |
| 86 std::string* www_match_host_name); |
| 87 |
| 75 private: | 88 private: |
| 76 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore); | 89 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore); |
| 77 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch); | 90 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch); |
| 78 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, | 91 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, |
| 79 TestHostNameHasKnownTLD); | 92 TestHostNameHasKnownTLD); |
| 80 | 93 |
| 81 typedef std::vector<std::string> Tokens; | 94 typedef std::vector<std::string> Tokens; |
| 82 | 95 |
| 83 // Returns true if the hostname has a known Top Level Domain. | 96 // Returns true if the hostname has a known Top Level Domain. |
| 84 static bool IsHostNameKnownTLD(const std::string& host_name); | 97 static bool IsHostNameKnownTLD(const std::string& host_name); |
| 85 | 98 |
| 86 // Returns true if the site's hostname differs from one of the DNS | 99 // Returns true if GetWWWSubDomainMatch finds a www mismatch. |
| 87 // names in the certificate (CN or SANs) only by the presence or | |
| 88 // absence of the single-label prefix "www". E.g.: | |
| 89 // | |
| 90 // www.example.com ~ example.com -> true | |
| 91 // example.com ~ www.example.com -> true | |
| 92 // www.food.example.com ~ example.com -> false | |
| 93 // mail.example.com ~ example.com -> false | |
| 94 bool IsWWWSubDomainMatch() const; | 100 bool IsWWWSubDomainMatch() const; |
| 95 | 101 |
| 96 // Returns true if |child| is a subdomain of any of the |potential_parents|. | 102 // Returns true if |child| is a subdomain of any of the |potential_parents|. |
| 97 bool NameUnderAnyNames(const Tokens& child, | 103 bool NameUnderAnyNames(const Tokens& child, |
| 98 const std::vector<Tokens>& potential_parents) const; | 104 const std::vector<Tokens>& potential_parents) const; |
| 99 | 105 |
| 100 // Returns true if any of the |potential_children| is a subdomain of the | 106 // Returns true if any of the |potential_children| is a subdomain of the |
| 101 // |parent|. The inverse case should be treated carefully as this is most | 107 // |parent|. The inverse case should be treated carefully as this is most |
| 102 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for | 108 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for |
| 103 // appspot.com. | 109 // appspot.com. |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 bool captive_portal_probe_completed_; | 161 bool captive_portal_probe_completed_; |
| 156 // Did the captive portal probe receive an error or get a non-HTTP response? | 162 // Did the captive portal probe receive an error or get a non-HTTP response? |
| 157 bool captive_portal_no_response_; | 163 bool captive_portal_no_response_; |
| 158 // Was a captive portal detected? | 164 // Was a captive portal detected? |
| 159 bool captive_portal_detected_; | 165 bool captive_portal_detected_; |
| 160 | 166 |
| 161 content::NotificationRegistrar registrar_; | 167 content::NotificationRegistrar registrar_; |
| 162 }; | 168 }; |
| 163 | 169 |
| 164 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 170 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master