Move error classification into the ssl_errors component

components/ssl_errors/error_classification.h

Index: components/ssl_errors/error_classification.h
diff --git a/components/ssl_errors/error_classification.h b/components/ssl_errors/error_classification.h
new file mode 100644
index 0000000000000000000000000000000000000000..c709671784d6dbeb45f8a15871c83f7237004290
--- /dev/null
+++ b/components/ssl_errors/error_classification.h
@@ -0,0 +1,104 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
+#define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
+
+#include <string>
+#include <vector>
+
+#include "base/gtest_prod_util.h"
+#include "base/time/time.h"
+#include "net/cert/x509_certificate.h"
+#include "url/gurl.h"
+
+namespace ssl_errors {
+
+typedef std::vector<std::string> UrlTokens;

[estark, 2015/10/02 22:17:21]

Not quite sure yet what this will contain but presumably this will be the result
of tokenizing a hostname/DNS name rather than a full URL, so maybe
HostnameTokens or DNSNameTokens?

[felt, 2015/10/05 18:23:07]

It can hold either. I was struggling to come up with a name for it (since before
it was just "Tokens" which is really broad). I've gone with HostnameTokens for
now.

Also, ideally this should be moved out of the header file in a follow-up CL.

+
+// Methods for identifying specific error causes. ------------------------------
+
+// Returns true if the system time is in the past.
+bool IsUserClockInThePast(const base::Time& time_now);
+
+// Returns true if the system time is too far in the future or the user is
+// using a version of Chrome which is more than 1 year old.
+bool IsUserClockInTheFuture(const base::Time& time_now);
+
+// Returns true if |hostname| is too broad for the scope of a wildcard
+// certificate. E.g.:
+//     a.b.example.com ~ *.example.com --> true
+//     b.example.com ~ *.example.com --> false
+bool IsSubDomainOutsideWildcard(const GURL& request_url,
+                                const net::X509Certificate& cert);
+
+// Returns true if the certificate is a shared certificate. Note - This
+// function should be used with caution (only for UMA histogram) as an
+// attacker could easily get a certificate with more than 5 names in the SAN
+// fields.
+bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
+                                        const net::X509Certificate& cert);
+
+// Returns true if the hostname in |request_url_| has the same domain
+// (effective TLD + 1 label) as at least one of the subject
+// alternative names in |cert_|.
+bool IsCertLikelyFromSameDomain(const GURL& request_url,
+                                const net::X509Certificate& cert);
+
+// Returns true if the site's hostname differs from one of the DNS
+// names in the certificate (CN or SANs) only by the presence or
+// absence of the single-label prefix "www". E.g.: (The first domain
+// is hostname and the second domain is a DNS name in the certificate)
+//     www.example.com ~ example.com -> true
+//     example.com ~ www.example.com -> true
+//     www.food.example.com ~ example.com -> false
+//     mail.example.com ~ example.com -> false
+bool IsWWWSubDomainMatch(const GURL& request_url,
+                         const net::X509Certificate& cert);
+
+// Provides the output of IsWWWSubDomainMatch() as well as the matching name.
+bool GetWWWSubDomainMatch(const GURL& request_url,
+                          const std::vector<std::string>& dns_names,
+                          std::string* www_match_host_name);
+
+// Method for recording results. -----------------------------------------------
+
+void RecordUMAStatistics(bool overridable,
+                         const base::Time& current_time,
+                         const GURL& request_url,
+                         int cert_error,
+                         const net::X509Certificate& cert);
+
+// Helper methods for classification. ------------------------------------------
+
+// Tokenize DNS names and hostnames.
+UrlTokens Tokenize(const std::string& name);

[estark, 2015/10/02 22:17:21]

This doesn't look like it's unit-tested so it shouldn't need to be in the .h

[felt, 2015/10/05 18:23:07]

Hmmm, it seems weird to expose UrlTokens but not Tokenize tho.

[estark, 2015/10/06 02:35:41]

Ah, yeah, that makes sense. So maybe we can get rid of this once we move the
other helper functions that takes UrlTokens as arguments out of the header.

+
+// Sets a clock for browser tests that check the build time. Used by
+// IsUserClockInThePast and IsUserClockInTheFuture.
+void SetBuildTimeForTesting(const base::Time& testing_time);
+
+// Returns true if the hostname has a known Top Level Domain.
+bool IsHostNameKnownTLD(const std::string& host_name);
+
+// Returns true if any one of the following conditions hold:
+// 1.|hostname| is an IP Address in an IANA-reserved range.
+// 2.|hostname| is a not-yet-assigned by ICANN gTLD.
+// 3.|hostname| is a dotless domain.
+bool IsHostnameNonUniqueOrDotless(const std::string& hostname);

[estark, 2015/10/02 22:17:22]

Suggestion for (possibly future?) cleanup: this function and the two below it
are only called from one place in non-test code, so maybe we should be
unit-testing the public function (RecordUMAStatistics()) instead of these helper
functions. That would allow us to remove them from the .h file.

And we probably should be unit-testing RecordUMAStatistics() anyway. And if we
do so, we can probably move more functions out of the .h, like
IsSubdomainOutsideWildcard(). I guess what I'm saying is that we should be
testing that RecordUMAStatistics() behaves correctly rather than that all of its
miscellaneous helper functions test correctly. But I'd be fine doing that in a
future cleanup CL if you don't want to do it now.

[felt, 2015/10/05 18:23:07]

Follow-up CL

+
+// Returns true if |child| is a subdomain of any of the |potential_parents|.
+bool NameUnderAnyNames(const UrlTokens& child,
+                       const std::vector<UrlTokens>& potential_parents);
+
+// Returns true if any of the |potential_children| is a subdomain of the
+// |parent|. The inverse case should be treated carefully as this is most
+// likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
+// appspot.com.
+bool AnyNamesUnderName(const std::vector<UrlTokens>& potential_children,
+                       const UrlTokens& parent);
+
+}  // namespace ssl_errors
+
+#endif  // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_