Chromium Code Reviews Chromium Code Reviews
Issue 376333003:
Find reasons for the SSL common name invalid error. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/ssl/ssl_error_classification.h |
| diff --git a/chrome/browser/ssl/ssl_error_classification.h b/chrome/browser/ssl/ssl_error_classification.h |
| index c37ce2e007b820ec55483a50b8fd7de5bda821ad..5c3f900f232fb6f0833819bd4df49e9f09c9444b 100644 |
| --- a/chrome/browser/ssl/ssl_error_classification.h |
| +++ b/chrome/browser/ssl/ssl_error_classification.h |
| @@ -5,39 +5,78 @@ |
| #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| +#include <string> |
| +#include <vector> |
| + |
| #include "base/time/time.h" |
| #include "net/cert/x509_certificate.h" |
| +#include "url/gurl.h" |
| // This class calculates the severity scores for the different type of SSL |
| // errors. |
| class SSLErrorClassification { |
| public: |
| SSLErrorClassification(base::Time current_time, |
| + const GURL& url, |
| const net::X509Certificate& cert); |
| ~SSLErrorClassification(); |
| - // This method checks whether the user clock is in the past or not. |
| + // This method checks whether the system time is in the past. |
| static bool IsUserClockInThePast(base::Time time_now); |
| // This method checks whether the system time is too far in the future or |
| // the user is using a version of Chrome which is more than 1 year old. |
| static bool IsUserClockInTheFuture(base::Time time_now); |
| + // This method checks whether the URL has a known Top Level Domain or not. |
| + static bool IsNotValidURL(const GURL& url); |
|
felt
2014/07/16 23:31:47
does this need to be public? does it have a caller
radhikabhar
2014/07/17 01:02:12
Done.
|
| + |
| // A method which calculates the severity score when the ssl error is |
| // CERT_DATE_INVALID. |
| float InvalidDateSeverityScore() const; |
| - static void RecordUMAStatistics(bool overridable); |
| + // A method which calculates the severity score when the ssl error is |
| + // CERT_COMMON_NAME_INVALID. |
| + float InvalidCommonNameSeverityScore() const; |
| + |
| + void RecordUMAStatisticsDateInvalid(bool overridable); |
| + void RecordUMAStatisticsNameInvalid(bool overridable); |
| + void RecordUMAStatisticsAuthorityInvalid(bool overridable); |
| base::TimeDelta TimePassedSinceExpiry() const; |
| private: |
| FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestDateInvalidScore); |
| + FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestNameMismatch); |
| + |
| + // This method checks whether or not the difference between the hostname in |
| + // the given URL and any DNS name given in the CN or SAN fields of the SSL |
| + // certificate is "www.". |
| + bool IsWWWSubDomainMatch() const; |
| + |
| + // This method checks whether or not the hostname in the given URL is a |
| + // subdomain of any DNS name given in the CN or SAN fields of the SSL |
| + // certificate. |
| + bool IsSubDomainMatch() const; |
| + |
| + // This method checks whether any DNS name given in the CN or SAN fields of |
| + // the SSL certificate is a subdomain of the given URL or not. |
| + bool IsSubDomainInverseMatch() const; |
| + |
| + // This method checks whether the hostname is too broad for the scope of a |
| + // wildcard certificate or not. For e.g. it returns true if the host name of |
| + // the URL is "a.b.example.com" and the DNS name in the CN or SAN field of the |
| + // SSL certificate is "*.example.com". But, it retuns false for the hostname |
| + // "b.example.com". |
| + bool IsSubDomainOutsideWildcard() const; |
| + bool IsSelfSigned() const; |
| float CalculateScoreTimePassedSinceExpiry() const; |
| // This stores the current time. |
| base::Time current_time_; |
| + const GURL& request_url_; |
| + |
| // This stores the certificate. |
| const net::X509Certificate& cert_; |
| }; |
