Find reasons for the SSL common name invalid error.

chrome/browser/ssl/ssl_error_classification.h

Index: chrome/browser/ssl/ssl_error_classification.h
diff --git a/chrome/browser/ssl/ssl_error_classification.h b/chrome/browser/ssl/ssl_error_classification.h
index c37ce2e007b820ec55483a50b8fd7de5bda821ad..a15ad0f60404ddf3189874403f8db2548bca5f26 100644
--- a/chrome/browser/ssl/ssl_error_classification.h
+++ b/chrome/browser/ssl/ssl_error_classification.h
@@ -5,18 +5,23 @@
 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
 
+#include <string>
+#include <vector>
+
 #include "base/time/time.h"
 #include "net/cert/x509_certificate.h"
+#include "url/gurl.h"
 
 // This class calculates the severity scores for the different type of SSL
 // errors.
 class SSLErrorClassification {
  public:
   SSLErrorClassification(base::Time current_time,
+                         const GURL& url,
                          const net::X509Certificate& cert);
   ~SSLErrorClassification();
 
-  // This method checks whether the user clock is in the past or not.
+  // This method checks whether the system time is in the past.
   static bool IsUserClockInThePast(base::Time time_now);
 
   // This method checks whether the system time is too far in the future or
@@ -27,17 +32,50 @@ class SSLErrorClassification {
   // CERT_DATE_INVALID.
   float InvalidDateSeverityScore() const;
 
-  static void RecordUMAStatistics(bool overridable);
+  // A method which calculates the severity score when the ssl error is
+  // CERT_COMMON_NAME_INVALID.
+  float InvalidCommonNameSeverityScore() const;
+
+  void RecordUMAStatistics(bool overridable, int cert_error);
   base::TimeDelta TimePassedSinceExpiry() const;
 
  private:
   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestDateInvalidScore);
+  FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestNameMismatch);
+  FRIEND_TEST_ALL_PREFIXES(SSLErrorClassification, TestValidURL);
+
+  // This method checks whether the URL has a known Top Level Domain or not.

[palmer, 2014/07/17 20:11:20]

Nit: This function checks hostname strings, not entire URLs. Make sure the
comment is precise.

[radhikabhar, 2014/07/18 16:29:29]

Done.

+  static bool IsNotValidURL(const std::string& host_name);

[palmer, 2014/07/17 20:11:20]

Naming: The comment does not exactly match the name of the function. Maybe call
the function |URLHasKnownTLD| or something.

[radhikabhar, 2014/07/18 16:29:29]

Done.

+
+  // This method checks whether or not the difference between the hostname in
+  // the given URL and any DNS name given in the CN or SAN fields of the SSL
+  // certificate is "www.".
+  bool IsWWWSubDomainMatch() const;
+
+  // This method checks whether or not the hostname in the given URL is a
+  // subdomain of any DNS name given in the CN or SAN fields of the SSL
+  // certificate.
+  bool IsSubDomainMatch() const;
+
+  // This method checks whether any DNS name given in the CN or SAN fields of
+  // the SSL certificate is a subdomain of the given URL or not.
+  bool IsSubDomainInverseMatch() const;
+
+  // This method checks whether the hostname is too broad for the scope of a
+  // wildcard certificate or not. For e.g. it returns true if the host name of
+  // the URL is "a.b.example.com" and the DNS name in the CN or SAN field of the
+  // SSL certificate is "*.example.com". But, it retuns false for the hostname
+  // "b.example.com".
+  bool IsSubDomainOutsideWildcard() const;
+  bool IsSelfSigned() const;
 
   float CalculateScoreTimePassedSinceExpiry() const;
 
   // This stores the current time.
   base::Time current_time_;
 
+  const GURL& request_url_;
+
   // This stores the certificate.
   const net::X509Certificate& cert_;
 };