New SSL metric added: Likely From Same Domain

chrome/browser/ssl/ssl_error_classification.cc

Index: chrome/browser/ssl/ssl_error_classification.cc
diff --git a/chrome/browser/ssl/ssl_error_classification.cc b/chrome/browser/ssl/ssl_error_classification.cc
index eea89250afa724677523c9a09e001a80b2e5b6ae..d1f01c63e6efbe76e2d2e14c48865b549f343a97 100644
--- a/chrome/browser/ssl/ssl_error_classification.cc
+++ b/chrome/browser/ssl/ssl_error_classification.cc
@@ -55,6 +55,7 @@ enum SSLInterstitialCause {
   AUTHORITY_ERROR_CAPTIVE_PORTAL,
   SELF_SIGNED,
   EXPIRED_RECENTLY,
+  LIKELY_SAME_DOMAIN,
   UNUSED_INTERSTITIAL_CAUSE_ENTRY,
 };
 
@@ -208,6 +209,8 @@ void SSLErrorClassification::RecordUMAStatistics(
           RecordSSLInterstitialCause(overridable, SUBDOMAIN_INVERSE_MATCH);
         if (IsCertLikelyFromMultiTenantHosting())
           RecordSSLInterstitialCause(overridable, LIKELY_MULTI_TENANT_HOSTING);
+        if (IsCertLikelyFromSameDomain())
+          RecordSSLInterstitialCause(overridable, LIKELY_SAME_DOMAIN);
       } else {
          RecordSSLInterstitialCause(overridable, HOST_NAME_NOT_KNOWN_TLD);
       }
@@ -463,6 +466,30 @@ bool SSLErrorClassification::IsCertLikelyFromMultiTenantHosting() const {
   return true;
 }
 
+bool SSLErrorClassification::IsCertLikelyFromSameDomain() const {
+  std::string host_name = request_url_.host();
+  std::vector<std::string> dns_names;
+  cert_.GetDNSNames(&dns_names);
+
+  dns_names.push_back(host_name);
+  size_t dns_names_size = dns_names.size();
+  std::vector<std::string> dns_names_domain;
+
+  for (size_t i = 0; i < dns_names_size; ++i) {

[meacer, 2015/07/11 00:26:07]

Use C++11 style loop:

for (const string& dns_name: dns_names)

[Bhanu Dev, 2015/07/13 19:22:43]

Done.

+    dns_names_domain.push_back(
+        net::registry_controlled_domains::
+        GetDomainAndRegistry(
+            dns_names[i],
+            net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES));
+  }
+
+  size_t dns_names_domain_size = dns_names_domain.size();

[meacer, 2015/07/11 00:26:07]

This is just used once, no need to create a separate variable.

[Bhanu Dev, 2015/07/13 19:22:43]

Done.

+  std::string host_name_domain = dns_names_domain[dns_names_domain_size - 1];

[meacer, 2015/07/11 00:26:07]

Need to check if dns_names_domain_size==0. In fact, just do an early exit after
cert_.GetDNSNames in that case.

[Bhanu Dev, 2015/07/13 19:22:43]

I think dns_names_domain_size cannot be 0, since host_name is appended to it. I
added a DCHECK.

+
+  return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1,

[meacer, 2015/07/11 00:26:07]

You might want to add a small comment here saying why you are excluding the last
item (that it's the original domain pushed above).

[Bhanu Dev, 2015/07/13 19:22:43]

Done.

+                   host_name_domain) != dns_names_domain.end() - 1;
+}
+
 // static
 bool SSLErrorClassification::IsHostnameNonUniqueOrDotless(
     const std::string& hostname) {