OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/ssl_errors/error_classification.h" | 5 #include "components/ssl_errors/error_classification.h" |
6 | 6 |
7 #include <limits.h> | 7 #include <limits.h> |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 | 9 |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/build_time.h" | 12 #include "base/build_time.h" |
13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
14 #include "base/metrics/histogram_macros.h" | 14 #include "base/metrics/histogram_macros.h" |
15 #include "base/strings/string_split.h" | 15 #include "base/strings/string_split.h" |
16 #include "base/strings/utf_string_conversions.h" | 16 #include "base/strings/utf_string_conversions.h" |
17 #include "base/time/time.h" | 17 #include "base/time/time.h" |
18 #include "build/build_config.h" | 18 #include "build/build_config.h" |
19 #include "components/network_time/network_time_tracker.h" | |
19 #include "components/ssl_errors/error_info.h" | 20 #include "components/ssl_errors/error_info.h" |
20 #include "components/url_formatter/url_formatter.h" | 21 #include "components/url_formatter/url_formatter.h" |
21 #include "net/base/network_change_notifier.h" | 22 #include "net/base/network_change_notifier.h" |
22 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 23 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
23 #include "net/base/url_util.h" | 24 #include "net/base/url_util.h" |
24 #include "net/cert/x509_cert_types.h" | 25 #include "net/cert/x509_cert_types.h" |
25 #include "net/cert/x509_certificate.h" | 26 #include "net/cert/x509_certificate.h" |
26 #include "url/gurl.h" | 27 #include "url/gurl.h" |
27 | 28 |
28 #if defined(OS_WIN) | 29 #if defined(OS_WIN) |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
121 const base::Time& current_time, | 122 const base::Time& current_time, |
122 const GURL& request_url, | 123 const GURL& request_url, |
123 int cert_error, | 124 int cert_error, |
124 const net::X509Certificate& cert) { | 125 const net::X509Certificate& cert) { |
125 ssl_errors::ErrorInfo::ErrorType type = | 126 ssl_errors::ErrorInfo::ErrorType type = |
126 ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error); | 127 ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error); |
127 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_type", type, | 128 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_type", type, |
128 ssl_errors::ErrorInfo::END_OF_ENUM); | 129 ssl_errors::ErrorInfo::END_OF_ENUM); |
129 switch (type) { | 130 switch (type) { |
130 case ssl_errors::ErrorInfo::CERT_DATE_INVALID: { | 131 case ssl_errors::ErrorInfo::CERT_DATE_INVALID: { |
131 if (IsUserClockInThePast(base::Time::NowFromSystemTime())) { | 132 // Note: not reached when displaying the bad clock interstitial. |
132 RecordSSLInterstitialCause(overridable, CLOCK_PAST); | 133 // See |RecordUMAStatisticsForClockInterstitial| below. |
133 } else if (IsUserClockInTheFuture(base::Time::NowFromSystemTime())) { | 134 if (cert.HasExpired() && |
134 RecordSSLInterstitialCause(overridable, CLOCK_FUTURE); | 135 (current_time - cert.valid_expiry()).InDays() < 28) { |
135 } else if (cert.HasExpired() && | |
136 (current_time - cert.valid_expiry()).InDays() < 28) { | |
137 RecordSSLInterstitialCause(overridable, EXPIRED_RECENTLY); | 136 RecordSSLInterstitialCause(overridable, EXPIRED_RECENTLY); |
138 } | 137 } |
139 break; | 138 break; |
140 } | 139 } |
141 case ssl_errors::ErrorInfo::CERT_COMMON_NAME_INVALID: { | 140 case ssl_errors::ErrorInfo::CERT_COMMON_NAME_INVALID: { |
142 std::string host_name = request_url.host(); | 141 std::string host_name = request_url.host(); |
143 if (IsHostNameKnownTLD(host_name)) { | 142 if (IsHostNameKnownTLD(host_name)) { |
144 HostnameTokens host_name_tokens = Tokenize(host_name); | 143 HostnameTokens host_name_tokens = Tokenize(host_name); |
145 if (IsWWWSubDomainMatch(request_url, cert)) | 144 if (IsWWWSubDomainMatch(request_url, cert)) |
146 RecordSSLInterstitialCause(overridable, WWW_SUBDOMAIN_MATCH); | 145 RecordSSLInterstitialCause(overridable, WWW_SUBDOMAIN_MATCH); |
(...skipping 27 matching lines...) Expand all Loading... | |
174 break; | 173 break; |
175 } | 174 } |
176 default: | 175 default: |
177 break; | 176 break; |
178 } | 177 } |
179 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.connection_type", | 178 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.connection_type", |
180 net::NetworkChangeNotifier::GetConnectionType(), | 179 net::NetworkChangeNotifier::GetConnectionType(), |
181 net::NetworkChangeNotifier::CONNECTION_LAST); | 180 net::NetworkChangeNotifier::CONNECTION_LAST); |
182 } | 181 } |
183 | 182 |
184 bool IsUserClockInThePast(const base::Time& time_now) { | 183 void RecordUMAStatisticsForClockInterstitial(bool overridable, |
estark
2016/03/16 00:51:36
Note for future: it seems inevitable that we'll ad
mab
2016/03/17 00:38:09
Eh, why don't I just get it done. How does this l
| |
185 base::Time build_time; | 184 ssl_errors::ClockState clock_state, |
186 if (!g_testing_build_time.Get().is_null()) { | 185 int cert_error) { |
187 build_time = g_testing_build_time.Get(); | 186 ssl_errors::ErrorInfo::ErrorType type = |
187 ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error); | |
188 DCHECK(type == ssl_errors::ErrorInfo::CERT_DATE_INVALID); | |
189 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl_error_type", type, | |
190 ssl_errors::ErrorInfo::END_OF_ENUM); | |
191 if (clock_state == ssl_errors::CLOCK_STATE_FUTURE) { | |
192 RecordSSLInterstitialCause(overridable, CLOCK_FUTURE); | |
193 } else if (clock_state == ssl_errors::CLOCK_STATE_PAST) { | |
194 RecordSSLInterstitialCause(overridable, CLOCK_PAST); | |
188 } else { | 195 } else { |
189 build_time = base::GetBuildTime(); | 196 NOTREACHED(); |
197 } | |
198 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.connection_type", | |
199 net::NetworkChangeNotifier::GetConnectionType(), | |
200 net::NetworkChangeNotifier::CONNECTION_LAST); | |
201 } | |
202 | |
203 ClockState GetClockState( | |
204 const base::Time& now_system, | |
205 const network_time::NetworkTimeTracker* network_time_tracker) { | |
206 base::Time now_network; | |
207 base::TimeDelta uncertainty; | |
208 const base::TimeDelta kNetworkTimeFudge = base::TimeDelta::FromMinutes(5); | |
209 ClockState network_state = CLOCK_STATE_UNKNOWN; | |
210 if (network_time_tracker->GetNetworkTime(&now_network, &uncertainty)) { | |
211 if (now_system < now_network - uncertainty - kNetworkTimeFudge) { | |
212 network_state = CLOCK_STATE_PAST; | |
213 } else if (now_system > now_network + uncertainty + kNetworkTimeFudge) { | |
214 network_state = CLOCK_STATE_FUTURE; | |
215 } else { | |
216 network_state = CLOCK_STATE_OK; | |
217 } | |
190 } | 218 } |
191 | 219 |
192 if (time_now < build_time - base::TimeDelta::FromDays(2)) | 220 ClockState build_time_state = CLOCK_STATE_UNKNOWN; |
193 return true; | 221 base::Time build_time = g_testing_build_time.Get().is_null() |
194 return false; | 222 ? base::GetBuildTime() |
195 } | 223 : g_testing_build_time.Get(); |
196 | 224 if (now_system < build_time - base::TimeDelta::FromDays(2)) { |
197 bool IsUserClockInTheFuture(const base::Time& time_now) { | 225 build_time_state = CLOCK_STATE_PAST; |
198 base::Time build_time; | 226 } else if (now_system > build_time + base::TimeDelta::FromDays(365)) { |
199 if (!g_testing_build_time.Get().is_null()) { | 227 build_time_state = CLOCK_STATE_FUTURE; |
200 build_time = g_testing_build_time.Get(); | |
201 } else { | |
202 build_time = base::GetBuildTime(); | |
203 } | 228 } |
204 | 229 |
205 if (time_now > build_time + base::TimeDelta::FromDays(365)) | 230 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.clockstate.network", |
206 return true; | 231 network_state, CLOCK_STATE_MAX); |
207 return false; | 232 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.clockstate.build_time", |
233 build_time_state, CLOCK_STATE_MAX); | |
234 | |
235 return network_state == CLOCK_STATE_UNKNOWN ? build_time_state | |
236 : network_state; | |
208 } | 237 } |
209 | 238 |
210 void SetBuildTimeForTesting(const base::Time& testing_time) { | 239 void SetBuildTimeForTesting(const base::Time& testing_time) { |
211 g_testing_build_time.Get() = testing_time; | 240 g_testing_build_time.Get() = testing_time; |
212 } | 241 } |
213 | 242 |
214 bool IsHostNameKnownTLD(const std::string& host_name) { | 243 bool IsHostNameKnownTLD(const std::string& host_name) { |
215 size_t tld_length = net::registry_controlled_domains::GetRegistryLength( | 244 size_t tld_length = net::registry_controlled_domains::GetRegistryLength( |
216 host_name, net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, | 245 host_name, net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, |
217 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | 246 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
412 return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1, | 441 return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1, |
413 host_name_domain) != dns_names_domain.end() - 1; | 442 host_name_domain) != dns_names_domain.end() - 1; |
414 } | 443 } |
415 | 444 |
416 bool IsHostnameNonUniqueOrDotless(const std::string& hostname) { | 445 bool IsHostnameNonUniqueOrDotless(const std::string& hostname) { |
417 return net::IsHostnameNonUnique(hostname) || | 446 return net::IsHostnameNonUnique(hostname) || |
418 hostname.find('.') == std::string::npos; | 447 hostname.find('.') == std::string::npos; |
419 } | 448 } |
420 | 449 |
421 } // namespace ssl_errors | 450 } // namespace ssl_errors |
OLD | NEW |