New SSL metric added: Likely From Same Domain

chrome/browser/ssl/ssl_error_classification.cc

Index: chrome/browser/ssl/ssl_error_classification.cc
diff --git a/chrome/browser/ssl/ssl_error_classification.cc b/chrome/browser/ssl/ssl_error_classification.cc
index eea89250afa724677523c9a09e001a80b2e5b6ae..026f179f678ad840e7a7c0831ab57023aa3985c5 100644
--- a/chrome/browser/ssl/ssl_error_classification.cc
+++ b/chrome/browser/ssl/ssl_error_classification.cc
@@ -55,6 +55,7 @@ enum SSLInterstitialCause {
   AUTHORITY_ERROR_CAPTIVE_PORTAL,
   SELF_SIGNED,
   EXPIRED_RECENTLY,
+  LIKELY_SAME_DOMAIN,
   UNUSED_INTERSTITIAL_CAUSE_ENTRY,
 };
 
@@ -208,6 +209,8 @@ void SSLErrorClassification::RecordUMAStatistics(
           RecordSSLInterstitialCause(overridable, SUBDOMAIN_INVERSE_MATCH);
         if (IsCertLikelyFromMultiTenantHosting())
           RecordSSLInterstitialCause(overridable, LIKELY_MULTI_TENANT_HOSTING);
+        if (IsCertLikelyFromSameDomain())
+          RecordSSLInterstitialCause(overridable, LIKELY_SAME_DOMAIN);
       } else {
          RecordSSLInterstitialCause(overridable, HOST_NAME_NOT_KNOWN_TLD);
       }
@@ -463,6 +466,35 @@ bool SSLErrorClassification::IsCertLikelyFromMultiTenantHosting() const {
   return true;
 }
 
+bool SSLErrorClassification::IsCertLikelyFromSameDomain() const {
+  std::string host_name = request_url_.host();
+  std::vector<std::string> dns_names;
+  std::vector<std::string> dns_names_domain;

[palmer, 2015/07/09 19:33:13]

Declare this closer to where it is used: Just above the for loop that starts on
line 479.

[Bhanu Dev, 2015/07/09 22:49:52]

Done.

+  cert_.GetDNSNames(&dns_names);
+
+  // Add current host name to dns_names vector.

[palmer, 2015/07/09 19:33:13]

This comment is superfluous.

[Bhanu Dev, 2015/07/09 22:49:52]

Done.

+  dns_names.push_back(host_name);
+  size_t dns_names_size = dns_names.size();
+
+  for (size_t i = 0; i < dns_names_size; ++i) {
+    dns_names_domain.push_back(
+        net::registry_controlled_domains::
+        GetDomainAndRegistry(
+            dns_names[i],
+            net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES));
+  }
+
+  size_t dns_names_domain_size = dns_names_domain.size();
+  std::string host_name_domain = dns_names_domain[dns_names_domain_size - 1];
+  for (size_t i = 0; i < dns_names_domain_size - 1; ++i) {

[palmer, 2015/07/09 19:33:13]

You might be able to use std::find here instead of an explicit for loop?

[Bhanu Dev, 2015/07/09 22:49:52]

Done.

+    if (dns_names_domain[i] == host_name_domain)
+      return true;
+  }
+
+  return false;
+

[palmer, 2015/07/09 19:33:13]

No blank line here.

[Bhanu Dev, 2015/07/09 22:49:52]

Done.

+}
+
 // static
 bool SSLErrorClassification::IsHostnameNonUniqueOrDotless(
     const std::string& hostname) {