OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 10 matching lines...) Expand all Loading... |
21 namespace network_time { | 21 namespace network_time { |
22 class NetworkTimeTracker; | 22 class NetworkTimeTracker; |
23 } | 23 } |
24 | 24 |
25 namespace ssl_errors { | 25 namespace ssl_errors { |
26 | 26 |
27 typedef std::vector<std::string> HostnameTokens; | 27 typedef std::vector<std::string> HostnameTokens; |
28 | 28 |
29 // Methods for identifying specific error causes. ------------------------------ | 29 // Methods for identifying specific error causes. ------------------------------ |
30 | 30 |
| 31 // Events for UMA. Do not reorder or change! |
| 32 enum SSLInterstitialCause { |
| 33 CLOCK_PAST, |
| 34 CLOCK_FUTURE, |
| 35 WWW_SUBDOMAIN_MATCH, // Deprecated |
| 36 SUBDOMAIN_MATCH, // Deprecated |
| 37 SUBDOMAIN_INVERSE_MATCH, // Deprecated |
| 38 SUBDOMAIN_OUTSIDE_WILDCARD, // Deprecated |
| 39 HOST_NAME_NOT_KNOWN_TLD, |
| 40 LIKELY_MULTI_TENANT_HOSTING, // Deprecated |
| 41 LOCALHOST, |
| 42 PRIVATE_URL, |
| 43 AUTHORITY_ERROR_CAPTIVE_PORTAL, // Deprecated in M47. |
| 44 SELF_SIGNED, |
| 45 EXPIRED_RECENTLY, |
| 46 LIKELY_SAME_DOMAIN, // Deprecated |
| 47 // In Chrome 58, SubjectCN matching was deprecated, deprecating original |
| 48 // metrics to be replaced with the 2-suffixed variants below. |
| 49 NO_SUBJECT_ALT_NAMES, |
| 50 WWW_SUBDOMAIN_MATCH2, |
| 51 SUBDOMAIN_MATCH2, |
| 52 SUBDOMAIN_INVERSE_MATCH2, |
| 53 SUBDOMAIN_OUTSIDE_WILDCARD2, |
| 54 LIKELY_MULTI_TENANT_HOSTING2, |
| 55 LIKELY_SAME_DOMAIN2, |
| 56 UNUSED_INTERSTITIAL_CAUSE_ENTRY, |
| 57 }; |
| 58 |
31 // What is known about the accuracy of system clock. Do not change or | 59 // What is known about the accuracy of system clock. Do not change or |
32 // reorder; these values are used in an UMA histogram. | 60 // reorder; these values are used in an UMA histogram. |
33 enum ClockState { | 61 enum ClockState { |
34 // Not known whether system clock is close enough. | 62 // Not known whether system clock is close enough. |
35 CLOCK_STATE_UNKNOWN, | 63 CLOCK_STATE_UNKNOWN, |
36 | 64 |
37 // System clock is "close enough", per network time. | 65 // System clock is "close enough", per network time. |
38 CLOCK_STATE_OK, | 66 CLOCK_STATE_OK, |
39 | 67 |
40 // System clock is behind. | 68 // System clock is behind. |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 // fields. | 131 // fields. |
104 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url, | 132 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url, |
105 const net::X509Certificate& cert); | 133 const net::X509Certificate& cert); |
106 | 134 |
107 // Returns true if the hostname in |request_url_| has the same domain | 135 // Returns true if the hostname in |request_url_| has the same domain |
108 // (effective TLD + 1 label) as at least one of the subject | 136 // (effective TLD + 1 label) as at least one of the subject |
109 // alternative names in |cert_|. | 137 // alternative names in |cert_|. |
110 bool IsCertLikelyFromSameDomain(const GURL& request_url, | 138 bool IsCertLikelyFromSameDomain(const GURL& request_url, |
111 const net::X509Certificate& cert); | 139 const net::X509Certificate& cert); |
112 | 140 |
113 // Returns true if the site's hostname differs from one of the DNS | 141 // Returns true if the site's hostname differs from one of the DNS names in |
114 // names in the certificate (CN or SANs) only by the presence or | 142 // |dns_names| only by the presence or absence of the single-label prefix "www". |
115 // absence of the single-label prefix "www". E.g.: (The first domain | 143 // The matching name from the certificate is returned in |www_match_host_name|. |
116 // is hostname and the second domain is a DNS name in the certificate) | |
117 // www.example.com ~ example.com -> true | |
118 // example.com ~ www.example.com -> true | |
119 // www.food.example.com ~ example.com -> false | |
120 // mail.example.com ~ example.com -> false | |
121 bool GetWWWSubDomainMatch(const GURL& request_url, | 144 bool GetWWWSubDomainMatch(const GURL& request_url, |
122 const std::vector<std::string>& dns_names, | 145 const std::vector<std::string>& dns_names, |
123 std::string* www_match_host_name); | 146 std::string* www_match_host_name); |
124 | 147 |
125 // Method for recording results. ----------------------------------------------- | 148 // Method for recording results. ----------------------------------------------- |
126 | 149 |
127 void RecordUMAStatistics(bool overridable, | 150 void RecordUMAStatistics(bool overridable, |
128 const base::Time& current_time, | 151 const base::Time& current_time, |
129 const GURL& request_url, | 152 const GURL& request_url, |
130 int cert_error, | 153 int cert_error, |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 // appspot.com. | 188 // appspot.com. |
166 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children, | 189 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children, |
167 const HostnameTokens& parent); | 190 const HostnameTokens& parent); |
168 | 191 |
169 // Exposed for teshting. | 192 // Exposed for teshting. |
170 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2); | 193 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2); |
171 | 194 |
172 } // namespace ssl_errors | 195 } // namespace ssl_errors |
173 | 196 |
174 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 197 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
OLD | NEW |