Chromium Code Reviews Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| 6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 // A function which calculates the severity score when the ssl error is | 65 // A function which calculates the severity score when the ssl error is |
| 66 // |CERT_AUTHORITY_INVALID|, returns a score between 0.0 and 1.0, higher | 66 // |CERT_AUTHORITY_INVALID|, returns a score between 0.0 and 1.0, higher |
| 67 // values being more severe, indicating how severe the certificate's | 67 // values being more severe, indicating how severe the certificate's |
| 68 // authority invalid error is. | 68 // authority invalid error is. |
| 69 void InvalidAuthoritySeverityScore(); | 69 void InvalidAuthoritySeverityScore(); |
| 70 | 70 |
| 71 void RecordUMAStatistics(bool overridable) const; | 71 void RecordUMAStatistics(bool overridable) const; |
| 72 void RecordCaptivePortalUMAStatistics(bool overridable) const; | 72 void RecordCaptivePortalUMAStatistics(bool overridable) const; |
| 73 base::TimeDelta TimePassedSinceExpiry() const; | 73 base::TimeDelta TimePassedSinceExpiry() const; |
| 74 | 74 |
| 75 // Returns true if the site's hostname differs from one of the DNS | |
| 76 // names in the certificate (CN or SANs) only by the presence or | |
| 77 // absence of the single-label prefix "www". E.g.: | |
| 78 // | |
| 79 // www.example.com ~ example.com -> true | |
|
meacer
2015/07/09 17:58:56
I understand this isn't your comment, but can you
Bhanu Dev
2015/07/11 04:00:43
Done.
| |
| 80 // example.com ~ www.example.com -> true | |
| 81 // www.food.example.com ~ example.com -> false | |
| 82 // mail.example.com ~ example.com -> false | |
| 83 static bool GetWWWSubDomainMatch(const std::string& host_name, | |
| 84 const std::vector<std::string>& dns_names, | |
| 85 std::string* www_match_host_name); | |
| 86 | |
| 75 private: | 87 private: |
| 76 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore); | 88 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore); |
| 77 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch); | 89 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch); |
| 78 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, | 90 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, |
| 79 TestHostNameHasKnownTLD); | 91 TestHostNameHasKnownTLD); |
| 80 | 92 |
| 81 typedef std::vector<std::string> Tokens; | 93 typedef std::vector<std::string> Tokens; |
| 82 | 94 |
| 83 // Returns true if the hostname has a known Top Level Domain. | 95 // Returns true if the hostname has a known Top Level Domain. |
| 84 static bool IsHostNameKnownTLD(const std::string& host_name); | 96 static bool IsHostNameKnownTLD(const std::string& host_name); |
| 85 | 97 |
| 86 // Returns true if the site's hostname differs from one of the DNS | 98 // Returns true if GetWWWSubDomainMatch finds a www mismatch. |
| 87 // names in the certificate (CN or SANs) only by the presence or | |
| 88 // absence of the single-label prefix "www". E.g.: | |
| 89 // | |
| 90 // www.example.com ~ example.com -> true | |
| 91 // example.com ~ www.example.com -> true | |
| 92 // www.food.example.com ~ example.com -> false | |
| 93 // mail.example.com ~ example.com -> false | |
| 94 bool IsWWWSubDomainMatch() const; | 99 bool IsWWWSubDomainMatch() const; |
| 95 | 100 |
| 96 // Returns true if |child| is a subdomain of any of the |potential_parents|. | 101 // Returns true if |child| is a subdomain of any of the |potential_parents|. |
| 97 bool NameUnderAnyNames(const Tokens& child, | 102 bool NameUnderAnyNames(const Tokens& child, |
| 98 const std::vector<Tokens>& potential_parents) const; | 103 const std::vector<Tokens>& potential_parents) const; |
| 99 | 104 |
| 100 // Returns true if any of the |potential_children| is a subdomain of the | 105 // Returns true if any of the |potential_children| is a subdomain of the |
| 101 // |parent|. The inverse case should be treated carefully as this is most | 106 // |parent|. The inverse case should be treated carefully as this is most |
| 102 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for | 107 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for |
| 103 // appspot.com. | 108 // appspot.com. |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 155 bool captive_portal_probe_completed_; | 160 bool captive_portal_probe_completed_; |
| 156 // Did the captive portal probe receive an error or get a non-HTTP response? | 161 // Did the captive portal probe receive an error or get a non-HTTP response? |
| 157 bool captive_portal_no_response_; | 162 bool captive_portal_no_response_; |
| 158 // Was a captive portal detected? | 163 // Was a captive portal detected? |
| 159 bool captive_portal_detected_; | 164 bool captive_portal_detected_; |
| 160 | 165 |
| 161 content::NotificationRegistrar registrar_; | 166 content::NotificationRegistrar registrar_; |
| 162 }; | 167 }; |
| 163 | 168 |
| 164 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 169 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| OLD | NEW |
