OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/ssl_errors/error_classification.h" | 5 #include "components/ssl_errors/error_classification.h" |
6 | 6 |
7 #include <limits.h> | 7 #include <limits.h> |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 | 9 |
10 #include <vector> | 10 #include <vector> |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
66 UNUSED_INTERSTITIAL_CAUSE_ENTRY); | 66 UNUSED_INTERSTITIAL_CAUSE_ENTRY); |
67 } | 67 } |
68 } | 68 } |
69 | 69 |
70 std::vector<HostnameTokens> GetTokenizedDNSNames( | 70 std::vector<HostnameTokens> GetTokenizedDNSNames( |
71 const std::vector<std::string>& dns_names) { | 71 const std::vector<std::string>& dns_names) { |
72 std::vector<HostnameTokens> dns_name_tokens; | 72 std::vector<HostnameTokens> dns_name_tokens; |
73 for (const auto& dns_name : dns_names) { | 73 for (const auto& dns_name : dns_names) { |
74 HostnameTokens dns_name_token_single; | 74 HostnameTokens dns_name_token_single; |
75 if (dns_name.empty() || dns_name.find('\0') != std::string::npos || | 75 if (dns_name.empty() || dns_name.find('\0') != std::string::npos || |
76 !(IsHostNameKnownTLD(dns_name))) { | 76 !(HostNameHasKnownTLD(dns_name))) { |
Peter Kasting
2016/10/25 01:33:32
Nit: Remove extra parens
| |
77 dns_name_token_single.push_back(std::string()); | 77 dns_name_token_single.push_back(std::string()); |
78 } else { | 78 } else { |
79 dns_name_token_single = Tokenize(dns_name); | 79 dns_name_token_single = Tokenize(dns_name); |
80 } | 80 } |
81 dns_name_tokens.push_back(dns_name_token_single); | 81 dns_name_tokens.push_back(dns_name_token_single); |
82 } | 82 } |
83 return dns_name_tokens; | 83 return dns_name_tokens; |
84 } | 84 } |
85 | 85 |
86 // If |potential_subdomain| is a subdomain of |parent|, return the number of | 86 // If |potential_subdomain| is a subdomain of |parent|, return the number of |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
141 // Note: not reached when displaying the bad clock interstitial. | 141 // Note: not reached when displaying the bad clock interstitial. |
142 // See |RecordUMAStatisticsForClockInterstitial| below. | 142 // See |RecordUMAStatisticsForClockInterstitial| below. |
143 if (cert.HasExpired() && | 143 if (cert.HasExpired() && |
144 (current_time - cert.valid_expiry()).InDays() < 28) { | 144 (current_time - cert.valid_expiry()).InDays() < 28) { |
145 RecordSSLInterstitialCause(overridable, EXPIRED_RECENTLY); | 145 RecordSSLInterstitialCause(overridable, EXPIRED_RECENTLY); |
146 } | 146 } |
147 break; | 147 break; |
148 } | 148 } |
149 case ssl_errors::ErrorInfo::CERT_COMMON_NAME_INVALID: { | 149 case ssl_errors::ErrorInfo::CERT_COMMON_NAME_INVALID: { |
150 std::string host_name = request_url.host(); | 150 std::string host_name = request_url.host(); |
151 if (IsHostNameKnownTLD(host_name)) { | 151 if (HostNameHasKnownTLD(host_name)) { |
152 HostnameTokens host_name_tokens = Tokenize(host_name); | 152 HostnameTokens host_name_tokens = Tokenize(host_name); |
153 if (IsWWWSubDomainMatch(request_url, cert)) | 153 if (IsWWWSubDomainMatch(request_url, cert)) |
154 RecordSSLInterstitialCause(overridable, WWW_SUBDOMAIN_MATCH); | 154 RecordSSLInterstitialCause(overridable, WWW_SUBDOMAIN_MATCH); |
155 if (IsSubDomainOutsideWildcard(request_url, cert)) | 155 if (IsSubDomainOutsideWildcard(request_url, cert)) |
156 RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD); | 156 RecordSSLInterstitialCause(overridable, SUBDOMAIN_OUTSIDE_WILDCARD); |
157 std::vector<std::string> dns_names; | 157 std::vector<std::string> dns_names; |
158 cert.GetDNSNames(&dns_names); | 158 cert.GetDNSNames(&dns_names); |
159 std::vector<HostnameTokens> dns_name_tokens = | 159 std::vector<HostnameTokens> dns_name_tokens = |
160 GetTokenizedDNSNames(dns_names); | 160 GetTokenizedDNSNames(dns_names); |
161 if (NameUnderAnyNames(host_name_tokens, dns_name_tokens)) | 161 if (NameUnderAnyNames(host_name_tokens, dns_name_tokens)) |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
271 } | 271 } |
272 | 272 |
273 NOTREACHED(); | 273 NOTREACHED(); |
274 return CLOCK_STATE_UNKNOWN; | 274 return CLOCK_STATE_UNKNOWN; |
275 } | 275 } |
276 | 276 |
277 void SetBuildTimeForTesting(const base::Time& testing_time) { | 277 void SetBuildTimeForTesting(const base::Time& testing_time) { |
278 g_testing_build_time.Get() = testing_time; | 278 g_testing_build_time.Get() = testing_time; |
279 } | 279 } |
280 | 280 |
281 bool IsHostNameKnownTLD(const std::string& host_name) { | 281 bool HostNameHasKnownTLD(const std::string& host_name) { |
282 size_t tld_length = net::registry_controlled_domains::GetRegistryLength( | 282 return net::registry_controlled_domains::HostHasRegistryControlledDomain( |
283 host_name, net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, | 283 host_name, |
284 net::registry_controlled_domains::EXCLUDE_UNKNOWN_REGISTRIES, | |
284 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); | 285 net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
285 if (tld_length == 0 || tld_length == std::string::npos) | |
286 return false; | |
287 return true; | |
288 } | 286 } |
289 | 287 |
290 HostnameTokens Tokenize(const std::string& name) { | 288 HostnameTokens Tokenize(const std::string& name) { |
291 return base::SplitString(name, ".", base::KEEP_WHITESPACE, | 289 return base::SplitString(name, ".", base::KEEP_WHITESPACE, |
292 base::SPLIT_WANT_ALL); | 290 base::SPLIT_WANT_ALL); |
293 } | 291 } |
294 | 292 |
295 bool GetWWWSubDomainMatch(const GURL& request_url, | 293 bool GetWWWSubDomainMatch(const GURL& request_url, |
296 const std::vector<std::string>& dns_names, | 294 const std::vector<std::string>& dns_names, |
297 std::string* www_match_host_name) { | 295 std::string* www_match_host_name) { |
298 const std::string& host_name = request_url.host(); | 296 const std::string& host_name = request_url.host(); |
299 | 297 |
300 if (IsHostNameKnownTLD(host_name)) { | 298 if (HostNameHasKnownTLD(host_name)) { |
301 // Need to account for all possible domains given in the SSL certificate. | 299 // Need to account for all possible domains given in the SSL certificate. |
302 for (const auto& dns_name : dns_names) { | 300 for (const auto& dns_name : dns_names) { |
303 if (dns_name.empty() || dns_name.find('\0') != std::string::npos || | 301 if (dns_name.empty() || dns_name.find('\0') != std::string::npos || |
304 dns_name.length() == host_name.length() || | 302 dns_name.length() == host_name.length() || |
305 !IsHostNameKnownTLD(dns_name)) { | 303 !HostNameHasKnownTLD(dns_name)) { |
306 continue; | 304 continue; |
307 } else if (dns_name.length() > host_name.length()) { | 305 } else if (dns_name.length() > host_name.length()) { |
308 if (url_formatter::StripWWW(base::ASCIIToUTF16(dns_name)) == | 306 if (url_formatter::StripWWW(base::ASCIIToUTF16(dns_name)) == |
309 base::ASCIIToUTF16(host_name)) { | 307 base::ASCIIToUTF16(host_name)) { |
310 *www_match_host_name = dns_name; | 308 *www_match_host_name = dns_name; |
311 return true; | 309 return true; |
312 } | 310 } |
313 } else { | 311 } else { |
314 if (url_formatter::StripWWW(base::ASCIIToUTF16(host_name)) == | 312 if (url_formatter::StripWWW(base::ASCIIToUTF16(host_name)) == |
315 base::ASCIIToUTF16(dns_name)) { | 313 base::ASCIIToUTF16(dns_name)) { |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
386 HostnameTokens host_name_tokens = Tokenize(host_name); | 384 HostnameTokens host_name_tokens = Tokenize(host_name); |
387 std::vector<std::string> dns_names; | 385 std::vector<std::string> dns_names; |
388 cert.GetDNSNames(&dns_names); | 386 cert.GetDNSNames(&dns_names); |
389 bool result = false; | 387 bool result = false; |
390 | 388 |
391 // This method requires that the host name be longer than the dns name on | 389 // This method requires that the host name be longer than the dns name on |
392 // the certificate. | 390 // the certificate. |
393 for (const auto& dns_name : dns_names) { | 391 for (const auto& dns_name : dns_names) { |
394 if (dns_name.length() < 2 || dns_name.length() >= host_name.length() || | 392 if (dns_name.length() < 2 || dns_name.length() >= host_name.length() || |
395 dns_name.find('\0') != std::string::npos || | 393 dns_name.find('\0') != std::string::npos || |
396 !IsHostNameKnownTLD(dns_name) || dns_name[0] != '*' || | 394 !HostNameHasKnownTLD(dns_name) || dns_name[0] != '*' || |
397 dns_name[1] != '.') { | 395 dns_name[1] != '.') { |
398 continue; | 396 continue; |
399 } | 397 } |
400 | 398 |
401 // Move past the "*.". | 399 // Move past the "*.". |
402 std::string extracted_dns_name = dns_name.substr(2); | 400 std::string extracted_dns_name = dns_name.substr(2); |
403 if (FindSubdomainDifference(host_name_tokens, | 401 if (FindSubdomainDifference(host_name_tokens, |
404 Tokenize(extracted_dns_name)) == 2) { | 402 Tokenize(extracted_dns_name)) == 2) { |
405 return true; | 403 return true; |
406 } | 404 } |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
479 return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1, | 477 return std::find(dns_names_domain.begin(), dns_names_domain.end() - 1, |
480 host_name_domain) != dns_names_domain.end() - 1; | 478 host_name_domain) != dns_names_domain.end() - 1; |
481 } | 479 } |
482 | 480 |
483 bool IsHostnameNonUniqueOrDotless(const std::string& hostname) { | 481 bool IsHostnameNonUniqueOrDotless(const std::string& hostname) { |
484 return net::IsHostnameNonUnique(hostname) || | 482 return net::IsHostnameNonUnique(hostname) || |
485 hostname.find('.') == std::string::npos; | 483 hostname.find('.') == std::string::npos; |
486 } | 484 } |
487 | 485 |
488 } // namespace ssl_errors | 486 } // namespace ssl_errors |
OLD | NEW |