Common Name Mismatch Handler For WWW Subdomain Mismatch case

chrome/browser/ssl/ssl_error_classification.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 32 matching lines @@
   // Returns true if the Windows platform is likely to not have SHA-256 support.
   // On other platforms, returns false always.
   static bool MaybeWindowsLacksSHA256Support();
 
   // Returns true if any one of the following conditions hold:
   // 1.|hostname| is an IP Address in an IANA-reserved range.
   // 2.|hostname| is a not-yet-assigned by ICANN gTLD.
   // 3.|hostname| is a dotless domain.
   static bool IsHostnameNonUniqueOrDotless(const std::string& hostname);
 
+  // Returns true if the site's hostname differs from one of the DNS
+  // names in the certificate (CN or SANs) only by the presence or
+  // absence of the single-label prefix "www". E.g.: (The first domain
+  // is hostname and the second domain is a DNS name in the certificate)
+  //
+  //     www.example.com ~ example.com -> true
+  //     example.com ~ www.example.com -> true
+  //     www.food.example.com ~ example.com -> false
+  //     mail.example.com ~ example.com -> false
+  static bool GetWWWSubDomainMatch(const std::string& host_name,
+                                   const std::vector<std::string>& dns_names,
+                                   std::string* www_match_host_name);
+
   // A function which calculates the severity score when the ssl error is
   // |CERT_DATE_INVALID|. The calculated score is between 0.0 and 1.0, higher
   // being more severe, indicating how severe the certificate's
   // date invalid error is.
   void InvalidDateSeverityScore();
 
   // A function which calculates the severity score when the ssl error is
   // |CERT_COMMON_NAME_INVALID|. The calculated score is between 0.0 and 1.0,
   // higher being more severe, indicating how severe the certificate's common
   // name invalid error is.
@@ skipping 13 matching lines @@
   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore);
   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch);
   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest,
                            TestHostNameHasKnownTLD);
 
   typedef std::vector<std::string> Tokens;
 
   // Returns true if the hostname has a known Top Level Domain.
   static bool IsHostNameKnownTLD(const std::string& host_name);
 
-  // Returns true if the site's hostname differs from one of the DNS
-  // names in the certificate (CN or SANs) only by the presence or
-  // absence of the single-label prefix "www". E.g.:
-  //
-  //     www.example.com ~ example.com -> true
-  //     example.com ~ www.example.com -> true
-  //     www.food.example.com ~ example.com -> false
-  //     mail.example.com ~ example.com -> false
+  // Returns true if GetWWWSubDomainMatch finds a www mismatch.
   bool IsWWWSubDomainMatch() const;
 
   // Returns true if |child| is a subdomain of any of the |potential_parents|.
   bool NameUnderAnyNames(const Tokens& child,
                         const std::vector<Tokens>& potential_parents) const;
 
   // Returns true if any of the |potential_children| is a subdomain of the
   // |parent|. The inverse case should be treated carefully as this is most
   // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
   // appspot.com.
@@ skipping 56 matching lines @@
   bool captive_portal_probe_completed_;
   // Did the captive portal probe receive an error or get a non-HTTP response?
   bool captive_portal_no_response_;
   // Was a captive portal detected?
   bool captive_portal_detected_;
 
   content::NotificationRegistrar registrar_;
 };
 
 #endif  // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_