OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 5 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 6 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 10 matching lines...) Expand all Loading... | |
21 namespace network_time { | 21 namespace network_time { |
22 class NetworkTimeTracker; | 22 class NetworkTimeTracker; |
23 } | 23 } |
24 | 24 |
25 namespace ssl_errors { | 25 namespace ssl_errors { |
26 | 26 |
27 typedef std::vector<std::string> HostnameTokens; | 27 typedef std::vector<std::string> HostnameTokens; |
28 | 28 |
29 // Methods for identifying specific error causes. ------------------------------ | 29 // Methods for identifying specific error causes. ------------------------------ |
30 | 30 |
31 // Events for UMA. Do not reorder or change! | |
Mark P
2017/04/05 18:18:25
nit: Please follow the comment and value setting r
elawrence
2017/04/05 23:05:16
Done.
| |
32 enum SSLInterstitialCause { | |
33 CLOCK_PAST, | |
34 CLOCK_FUTURE, | |
35 WWW_SUBDOMAIN_MATCH, // Deprecated | |
Mark P
2017/04/05 18:18:25
nit: in M__
here and below
elawrence
2017/04/05 23:05:16
Done.
| |
36 SUBDOMAIN_MATCH, // Deprecated | |
37 SUBDOMAIN_INVERSE_MATCH, // Deprecated | |
38 SUBDOMAIN_OUTSIDE_WILDCARD, // Deprecated | |
39 HOST_NAME_NOT_KNOWN_TLD, | |
40 LIKELY_MULTI_TENANT_HOSTING, // Deprecated | |
41 LOCALHOST, | |
42 PRIVATE_URL, | |
43 AUTHORITY_ERROR_CAPTIVE_PORTAL, // Deprecated in M47. | |
44 SELF_SIGNED, | |
45 EXPIRED_RECENTLY, | |
46 LIKELY_SAME_DOMAIN, // Deprecated | |
47 // In Chrome 58, SubjectCN matching was deprecated, deprecating original | |
Mark P
2017/04/05 18:18:25
optional nit: This comment seems out of place to m
Mark P
2017/04/05 18:18:25
^58^59, right?
elawrence
2017/04/05 23:05:16
I've just removed this.
elawrence
2017/04/05 23:05:16
SubjectCN matching was deprecated in M58. This cha
| |
48 // metrics to be replaced with the 2-suffixed variants below. | |
49 NO_SUBJECT_ALT_NAME, | |
50 WWW_SUBDOMAIN_MATCH2, | |
51 SUBDOMAIN_MATCH2, | |
52 SUBDOMAIN_INVERSE_MATCH2, | |
53 SUBDOMAIN_OUTSIDE_WILDCARD2, | |
54 LIKELY_MULTI_TENANT_HOSTING2, | |
55 LIKELY_SAME_DOMAIN2, | |
56 UNUSED_INTERSTITIAL_CAUSE_ENTRY, | |
Mark P
2017/04/05 18:18:25
Please use a name like SLL_INTERSTITIAL_CAUSE_MAX.
elawrence
2017/04/05 23:05:16
Done.
| |
57 }; | |
58 | |
31 // What is known about the accuracy of system clock. Do not change or | 59 // What is known about the accuracy of system clock. Do not change or |
32 // reorder; these values are used in an UMA histogram. | 60 // reorder; these values are used in an UMA histogram. |
33 enum ClockState { | 61 enum ClockState { |
34 // Not known whether system clock is close enough. | 62 // Not known whether system clock is close enough. |
35 CLOCK_STATE_UNKNOWN, | 63 CLOCK_STATE_UNKNOWN, |
36 | 64 |
37 // System clock is "close enough", per network time. | 65 // System clock is "close enough", per network time. |
38 CLOCK_STATE_OK, | 66 CLOCK_STATE_OK, |
39 | 67 |
40 // System clock is behind. | 68 // System clock is behind. |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
103 // fields. | 131 // fields. |
104 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url, | 132 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url, |
105 const net::X509Certificate& cert); | 133 const net::X509Certificate& cert); |
106 | 134 |
107 // Returns true if the hostname in |request_url_| has the same domain | 135 // Returns true if the hostname in |request_url_| has the same domain |
108 // (effective TLD + 1 label) as at least one of the subject | 136 // (effective TLD + 1 label) as at least one of the subject |
109 // alternative names in |cert_|. | 137 // alternative names in |cert_|. |
110 bool IsCertLikelyFromSameDomain(const GURL& request_url, | 138 bool IsCertLikelyFromSameDomain(const GURL& request_url, |
111 const net::X509Certificate& cert); | 139 const net::X509Certificate& cert); |
112 | 140 |
113 // Returns true if the site's hostname differs from one of the DNS | 141 // Returns true if the site's hostname differs from one of the DNS names in |
114 // names in the certificate (CN or SANs) only by the presence or | 142 // |dns_names| only by the presence or absence of the single-label prefix "www". |
115 // absence of the single-label prefix "www". E.g.: (The first domain | 143 // The matching name from the certificate is returned in |www_match_host_name|. |
116 // is hostname and the second domain is a DNS name in the certificate) | |
117 // www.example.com ~ example.com -> true | |
118 // example.com ~ www.example.com -> true | |
119 // www.food.example.com ~ example.com -> false | |
120 // mail.example.com ~ example.com -> false | |
121 bool GetWWWSubDomainMatch(const GURL& request_url, | 144 bool GetWWWSubDomainMatch(const GURL& request_url, |
122 const std::vector<std::string>& dns_names, | 145 const std::vector<std::string>& dns_names, |
123 std::string* www_match_host_name); | 146 std::string* www_match_host_name); |
124 | 147 |
125 // Method for recording results. ----------------------------------------------- | 148 // Method for recording results. ----------------------------------------------- |
126 | 149 |
127 void RecordUMAStatistics(bool overridable, | 150 void RecordUMAStatistics(bool overridable, |
128 const base::Time& current_time, | 151 const base::Time& current_time, |
129 const GURL& request_url, | 152 const GURL& request_url, |
130 int cert_error, | 153 int cert_error, |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
165 // appspot.com. | 188 // appspot.com. |
166 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children, | 189 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children, |
167 const HostnameTokens& parent); | 190 const HostnameTokens& parent); |
168 | 191 |
169 // Exposed for teshting. | 192 // Exposed for teshting. |
170 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2); | 193 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2); |
171 | 194 |
172 } // namespace ssl_errors | 195 } // namespace ssl_errors |
173 | 196 |
174 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ | 197 #endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_ |
OLD | NEW |