OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 namespace base { | 11 namespace base { |
12 class Time; | 12 class Time; |
13 } | 13 } |
14 | 14 |
15 class GURL; | 15 class GURL; |
16 | 16 |
17 namespace net { | 17 namespace net { |
18 class X509Certificate; | 18 class X509Certificate; |
19 } | 19 } |
20 | 20 |
| 21 namespace network_time { |
| 22 class NetworkTimeTracker; |
| 23 } |
| 24 |
21 namespace ssl_errors { | 25 namespace ssl_errors { |
22 | 26 |
23 typedef std::vector<std::string> HostnameTokens; | 27 typedef std::vector<std::string> HostnameTokens; |
24 | 28 |
25 // Methods for identifying specific error causes. ------------------------------ | 29 // Methods for identifying specific error causes. ------------------------------ |
26 | 30 |
27 // Returns true if the system time is in the past. | 31 // What is known about the accuracy of system clock. Do not change or |
28 bool IsUserClockInThePast(const base::Time& time_now); | 32 // reorder; these values are used in an UMA histogram. |
| 33 enum ClockState { |
| 34 // Not known whether system clock is close enough. |
| 35 CLOCK_STATE_UNKNOWN, |
29 | 36 |
30 // Returns true if the system time is too far in the future or the user is | 37 // System clock is "close enough", per network time. |
31 // using a version of Chrome which is more than 1 year old. | 38 CLOCK_STATE_OK, |
32 bool IsUserClockInTheFuture(const base::Time& time_now); | 39 |
| 40 // System clock is behind. |
| 41 CLOCK_STATE_PAST, |
| 42 |
| 43 // System clock is ahead. |
| 44 CLOCK_STATE_FUTURE, |
| 45 |
| 46 CLOCK_STATE_MAX, |
| 47 }; |
| 48 |
| 49 // Compares |now_system| to the build time and to the current network time, and |
| 50 // returns an inference about the state of the system clock. A result from |
| 51 // network time, if available, will always be preferred to a result from the |
| 52 // build time. Calling this function records UMA statistics: it's assumed that |
| 53 // it's called in the course of handling an SSL error. |
| 54 ClockState GetClockState( |
| 55 const base::Time& now_system, |
| 56 const network_time::NetworkTimeTracker* network_time_tracker); |
33 | 57 |
34 // Returns true if |hostname| is too broad for the scope of a wildcard | 58 // Returns true if |hostname| is too broad for the scope of a wildcard |
35 // certificate. E.g.: | 59 // certificate. E.g.: |
36 // a.b.example.com ~ *.example.com --> true | 60 // a.b.example.com ~ *.example.com --> true |
37 // b.example.com ~ *.example.com --> false | 61 // b.example.com ~ *.example.com --> false |
38 bool IsSubDomainOutsideWildcard(const GURL& request_url, | 62 bool IsSubDomainOutsideWildcard(const GURL& request_url, |
39 const net::X509Certificate& cert); | 63 const net::X509Certificate& cert); |
40 | 64 |
41 // Returns true if the certificate is a shared certificate. Note - This | 65 // Returns true if the certificate is a shared certificate. Note - This |
42 // function should be used with caution (only for UMA histogram) as an | 66 // function should be used with caution (only for UMA histogram) as an |
(...skipping 21 matching lines...) Expand all Loading... |
64 std::string* www_match_host_name); | 88 std::string* www_match_host_name); |
65 | 89 |
66 // Method for recording results. ----------------------------------------------- | 90 // Method for recording results. ----------------------------------------------- |
67 | 91 |
68 void RecordUMAStatistics(bool overridable, | 92 void RecordUMAStatistics(bool overridable, |
69 const base::Time& current_time, | 93 const base::Time& current_time, |
70 const GURL& request_url, | 94 const GURL& request_url, |
71 int cert_error, | 95 int cert_error, |
72 const net::X509Certificate& cert); | 96 const net::X509Certificate& cert); |
73 | 97 |
| 98 // Specialization of |RecordUMAStatistics| to be used when the bad clock |
| 99 // interstitial is shown. |cert_error| is required only for sanity-checking: it |
| 100 // must always be |ssl_errors::ErrorInfo::CERT_DATE_INVALID|. |
| 101 void RecordUMAStatisticsForClockInterstitial(bool overridable, |
| 102 ssl_errors::ClockState clock_state, |
| 103 int cert_error); |
| 104 |
74 // Helper methods for classification. ------------------------------------------ | 105 // Helper methods for classification. ------------------------------------------ |
75 | 106 |
76 // Tokenize DNS names and hostnames. | 107 // Tokenize DNS names and hostnames. |
77 HostnameTokens Tokenize(const std::string& name); | 108 HostnameTokens Tokenize(const std::string& name); |
78 | 109 |
79 // Sets a clock for browser tests that check the build time. Used by | 110 // Sets a clock for browser tests that check the build time. Used by |
80 // IsUserClockInThePast and IsUserClockInTheFuture. | 111 // IsUserClockInThePast and IsUserClockInTheFuture. |
81 void SetBuildTimeForTesting(const base::Time& testing_time); | 112 void SetBuildTimeForTesting(const base::Time& testing_time); |
82 | 113 |
83 // Returns true if the hostname has a known Top Level Domain. | 114 // Returns true if the hostname has a known Top Level Domain. |
(...skipping 15 matching lines...) Expand all Loading... |
99 // appspot.com. | 130 // appspot.com. |
100 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children, | 131 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children, |
101 const HostnameTokens& parent); | 132 const HostnameTokens& parent); |
102 | 133 |
103 // Exposed for teshting. | 134 // Exposed for teshting. |
104 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2); | 135 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2); |
105 | 136 |
106 } // namespace ssl_errors | 137 } // namespace ssl_errors |
107 | 138 |
108 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 139 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
OLD | NEW |