Find reasons for the SSL common name invalid error.

chrome/browser/ssl/ssl_error_classification.h

-// Copyright 2014 The Chromium Authors. All rights reserved.
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
 
+#include <string>
+
 #include "base/time/time.h"
 #include "net/cert/x509_certificate.h"
+#include "url/gurl.h"
 
 // This class calculates the severity scores for the different type of SSL
 // errors.
 class SSLErrorClassification {
  public:
   SSLErrorClassification(base::Time current_time,
-                         const net::X509Certificate& cert);
+                         const::GURL& url,

[felt, 2014/07/15 20:44:35]

I'm surprised this compiles, I don't think you want those extra ::

[radhikabhar, 2014/07/16 22:35:15]

Done.

+                         const::net::X509Certificate& cert);
   ~SSLErrorClassification();
 
-  // This method checks whether the user clock is in the past or not.
+  // This method checks whether the system time is in the past.
   static bool IsUserClockInThePast(base::Time time_now);
 
   // This method checks whether the system time is too far in the future or
   // the user is using a version of Chrome which is more than 1 year old.
   static bool IsUserClockInTheFuture(base::Time time_now);
 
   // A method which calculates the severity score when the ssl error is
   // CERT_DATE_INVALID.
   float InvalidDateSeverityScore() const;
 
+  // A method which calculates the severity score when the ssl error is
+  // CERT_COMMON_NAME_INVALID.
+  float InvalidCommonNameSeverityScore() const;
+
   static void RecordUMAStatistics(bool overridable);
   base::TimeDelta TimePassedSinceExpiry() const;
 
  private:
   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestDateInvalidScore);
+  FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestNameMismatch);
+
+  bool IsWWWDifference() const;

[felt, 2014/07/15 20:44:35]

can you add a comment to this one too?

[radhikabhar, 2014/07/16 22:35:15]

Done.

+
+  // This method checks whether the given url is a subdomain of the dns name

[palmer, 2014/07/15 21:23:23]

Nit: Capitalize "DNS" and "URL" (throughout this file, and generally).

Also, I would be more precise: "...whether or not the hostname in the given URL
is a subdomain of any DNS name in the CN or SAN fields of the certificate."

[radhikabhar, 2014/07/16 22:35:15]

Done.

+  // given in the SSL certificate or not.
+  bool IsSubDomainMatch() const;
+
+  // This method checks whether the dns name given in the SSL certificate is a
+  // subdomain of the given url or not.

[palmer, 2014/07/15 21:23:23]

Same precision concern as above.

[radhikabhar, 2014/07/16 22:35:15]

Done.

+  bool IsSubDomainInverseMatch() const;
+
+  // This method check whether the host name is too broad for the scope of a

[palmer, 2014/07/15 21:23:23]

Typo: "checks", "hostname"

[radhikabhar, 2014/07/16 22:35:15]

Done.

+  // wildcard certificate or not.
+  bool IsHostNameTooBroad() const;
+  bool IsSelfSigned() const;
 
   float CalculateScoreTimePassedSinceExpiry() const;
 
   // This stores the current time.
   base::Time current_time_;
 
+  const GURL request_url_;

[palmer, 2014/07/15 21:23:23]

Can this be const GURL&, or does it need to be a copy?

[radhikabhar, 2014/07/16 22:35:15]

Done.

+
   // This stores the certificate.
   const net::X509Certificate& cert_;
 };
 
 #endif  // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_