Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(506)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/ssl_errors/error_classification.h

Issue 1355413003: Move error classification into the ssl_errors component (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove size_t / int mixing Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/ssl_errors/DEPS ('k') | components/ssl_errors/error_classification.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
7
8 #include <string>
9 #include <vector>
10
11 namespace base {
12 class Time;
13 }
14
15 class GURL;
16
17 namespace net {
18 class X509Certificate;
19 }
20
21 namespace ssl_errors {
22
23 typedef std::vector<std::string> HostnameTokens;
24
25 // Methods for identifying specific error causes. ------------------------------
26
27 // Returns true if the system time is in the past.
28 bool IsUserClockInThePast(const base::Time& time_now);
29
30 // Returns true if the system time is too far in the future or the user is
31 // using a version of Chrome which is more than 1 year old.
32 bool IsUserClockInTheFuture(const base::Time& time_now);
33
34 // Returns true if |hostname| is too broad for the scope of a wildcard
35 // certificate. E.g.:
36 // a.b.example.com ~ *.example.com --> true
37 // b.example.com ~ *.example.com --> false
38 bool IsSubDomainOutsideWildcard(const GURL& request_url,
39 const net::X509Certificate& cert);
40
41 // Returns true if the certificate is a shared certificate. Note - This
42 // function should be used with caution (only for UMA histogram) as an
43 // attacker could easily get a certificate with more than 5 names in the SAN
44 // fields.
45 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
46 const net::X509Certificate& cert);
47
48 // Returns true if the hostname in |request_url_| has the same domain
49 // (effective TLD + 1 label) as at least one of the subject
50 // alternative names in |cert_|.
51 bool IsCertLikelyFromSameDomain(const GURL& request_url,
52 const net::X509Certificate& cert);
53
54 // Returns true if the site's hostname differs from one of the DNS
55 // names in the certificate (CN or SANs) only by the presence or
56 // absence of the single-label prefix "www". E.g.: (The first domain
57 // is hostname and the second domain is a DNS name in the certificate)
58 // www.example.com ~ example.com -> true
59 // example.com ~ www.example.com -> true
60 // www.food.example.com ~ example.com -> false
61 // mail.example.com ~ example.com -> false
62 bool IsWWWSubDomainMatch(const GURL& request_url,
63 const net::X509Certificate& cert);
64
65 // Provides the output of IsWWWSubDomainMatch() as well as the matching name.
66 bool GetWWWSubDomainMatch(const GURL& request_url,
67 const std::vector<std::string>& dns_names,
68 std::string* www_match_host_name);
69
70 // Method for recording results. -----------------------------------------------
71
72 void RecordUMAStatistics(bool overridable,
73 const base::Time& current_time,
74 const GURL& request_url,
75 int cert_error,
76 const net::X509Certificate& cert);
77
78 // Helper methods for classification. ------------------------------------------
79
80 // Tokenize DNS names and hostnames.
81 HostnameTokens Tokenize(const std::string& name);
82
83 // Sets a clock for browser tests that check the build time. Used by
84 // IsUserClockInThePast and IsUserClockInTheFuture.
85 void SetBuildTimeForTesting(const base::Time& testing_time);
86
87 // Returns true if the hostname has a known Top Level Domain.
88 bool IsHostNameKnownTLD(const std::string& host_name);
89
90 // Returns true if any one of the following conditions hold:
91 // 1.|hostname| is an IP Address in an IANA-reserved range.
92 // 2.|hostname| is a not-yet-assigned by ICANN gTLD.
93 // 3.|hostname| is a dotless domain.
94 bool IsHostnameNonUniqueOrDotless(const std::string& hostname);
95
96 // Returns true if |child| is a subdomain of any of the |potential_parents|.
97 bool NameUnderAnyNames(const HostnameTokens& child,
98 const std::vector<HostnameTokens>& potential_parents);
99
100 // Returns true if any of the |potential_children| is a subdomain of the
101 // |parent|. The inverse case should be treated carefully as this is most
102 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
103 // appspot.com.
104 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
105 const HostnameTokens& parent);
106
107 } // namespace ssl_errors
108
109 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
OLDNEW
« no previous file with comments | « components/ssl_errors/DEPS ('k') | components/ssl_errors/error_classification.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698