Chromium Code Reviews Chromium Code Reviews
Issue 516373003:
Refactor captive portal code from SSLBlockingPage to SSLErrorClassification (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| 6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/time/time.h" | 11 #include "base/time/time.h" |
| 12 #include "content/public/browser/notification_observer.h" | |
| 13 #include "content/public/browser/notification_registrar.h" | |
| 12 #include "net/cert/x509_certificate.h" | 14 #include "net/cert/x509_certificate.h" |
| 13 #include "url/gurl.h" | 15 #include "url/gurl.h" |
| 14 | 16 |
| 15 // This class calculates the severity scores for the different type of SSL | 17 namespace content { |
| 16 // errors. | 18 class WebContents; |
| 17 class SSLErrorClassification { | 19 } |
| 20 | |
| 21 // This class classifies characteristics of SSL errors, including information | |
| 22 // about captive portal detection. | |
| 23 // | |
| 24 // This class should only be used on the UI thread because its | |
| 25 // implementation uses captive_portal::CaptivePortalService which can only be | |
| 26 // accessed on the UI thread. | |
| 27 class SSLErrorClassification : public content::NotificationObserver { | |
| 18 public: | 28 public: |
| 19 SSLErrorClassification(const base::Time& current_time, | 29 SSLErrorClassification(content::WebContents* web_contents, |
| 30 const base::Time& current_time, | |
| 20 const GURL& url, | 31 const GURL& url, |
| 32 int cert_error, | |
| 21 const net::X509Certificate& cert); | 33 const net::X509Certificate& cert); |
| 22 ~SSLErrorClassification(); | 34 virtual ~SSLErrorClassification(); |
|
palmer
2014/08/30 00:28:19
Why virtual?
felt
2014/08/30 01:11:52
I believe this should be virtual because the Obser
| |
| 23 | 35 |
| 24 // Returns true if the system time is in the past. | 36 // Returns true if the system time is in the past. |
| 25 static bool IsUserClockInThePast(const base::Time& time_now); | 37 static bool IsUserClockInThePast(const base::Time& time_now); |
| 26 | 38 |
| 27 // Returns true if the system time is too far in the future or the user is | 39 // Returns true if the system time is too far in the future or the user is |
| 28 // using a version of Chrome which is more than 1 year old. | 40 // using a version of Chrome which is more than 1 year old. |
| 29 static bool IsUserClockInTheFuture(const base::Time& time_now); | 41 static bool IsUserClockInTheFuture(const base::Time& time_now); |
| 30 | 42 |
| 31 static bool IsWindowsVersionSP3OrLower(); | 43 static bool IsWindowsVersionSP3OrLower(); |
| 32 | 44 |
| 33 // A function which calculates the severity score when the ssl error is | 45 // A function which calculates the severity score when the ssl error is |
| 34 // CERT_DATE_INVALID, returns a score between 0.0 and 1.0, higher values | 46 // |CERT_DATE_INVALID|. The calculated score is between 0.0 and 1.0, higher |
| 35 // being more severe, indicating how severe the certificate's invalid | 47 // being more severe, indicating how severe the certificate's |
| 36 // date error is. | 48 // date invalid error is. |
| 37 float InvalidDateSeverityScore(int cert_error) const; | 49 void InvalidDateSeverityScore(); |
| 38 | 50 |
| 39 // A function which calculates the severity score when the ssl error is | 51 // A function which calculates the severity score when the ssl error is |
| 40 // when the SSL error is |CERT_COMMON_NAME_INVALID|, returns a score between | 52 // |CERT_COMMON_NAME_INVALID|. The calculated score is between 0.0 and 1.0, |
| 41 // between 0.0 and 1.0, higher values being more severe, indicating how | 53 // higher being more severe, indicating how severe the certificate's common |
| 42 // severe the certificate's common name invalid error is. | 54 // name invalid error is. |
| 43 float InvalidCommonNameSeverityScore(int cert_error) const; | 55 void InvalidCommonNameSeverityScore(); |
| 44 | 56 |
| 45 void RecordUMAStatistics(bool overridable, int cert_error); | 57 void RecordUMAStatistics(bool overridable) const; |
| 58 void RecordCaptivePortalUMAStatistics(bool overridable) const; | |
| 46 base::TimeDelta TimePassedSinceExpiry() const; | 59 base::TimeDelta TimePassedSinceExpiry() const; |
| 47 | 60 |
| 48 private: | 61 private: |
| 49 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore); | 62 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore); |
| 50 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch); | 63 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch); |
| 51 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, | 64 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, |
| 52 TestHostNameHasKnownTLD); | 65 TestHostNameHasKnownTLD); |
| 53 | 66 |
| 54 typedef std::vector<std::string> Tokens; | 67 typedef std::vector<std::string> Tokens; |
| 55 | 68 |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 83 // a.b.example.com ~ *.example.com --> true | 96 // a.b.example.com ~ *.example.com --> true |
| 84 // b.example.com ~ *.example.com --> false | 97 // b.example.com ~ *.example.com --> false |
| 85 bool IsSubDomainOutsideWildcard(const Tokens& hostname) const; | 98 bool IsSubDomainOutsideWildcard(const Tokens& hostname) const; |
| 86 | 99 |
| 87 // Returns true if the certificate is a shared certificate. Note - This | 100 // Returns true if the certificate is a shared certificate. Note - This |
| 88 // function should be used with caution (only for UMA histogram) as an | 101 // function should be used with caution (only for UMA histogram) as an |
| 89 // attacker could easily get a certificate with more than 5 names in the SAN | 102 // attacker could easily get a certificate with more than 5 names in the SAN |
| 90 // fields. | 103 // fields. |
| 91 bool IsCertLikelyFromMultiTenantHosting() const; | 104 bool IsCertLikelyFromMultiTenantHosting() const; |
| 92 | 105 |
| 93 float CalculateScoreTimePassedSinceExpiry() const; | |
| 94 | |
| 95 static std::vector<Tokens> GetTokenizedDNSNames( | 106 static std::vector<Tokens> GetTokenizedDNSNames( |
| 96 const std::vector<std::string>& dns_names); | 107 const std::vector<std::string>& dns_names); |
| 97 | 108 |
| 98 // If |potential_subdomain| is a subdomain of |parent|, returns the | 109 // If |potential_subdomain| is a subdomain of |parent|, returns the |
| 99 // number of DNS labels by which |potential_subdomain| is under | 110 // number of DNS labels by which |potential_subdomain| is under |
| 100 // |parent|. Otherwise, returns 0. | 111 // |parent|. Otherwise, returns 0. |
| 101 // | 112 // |
| 102 // For example, | 113 // For example, |
| 103 // | 114 // |
| 104 // FindSubDomainDifference(Tokenize("a.b.example.com"), | 115 // FindSubDomainDifference(Tokenize("a.b.example.com"), |
| 105 // Tokenize("example.com")) | 116 // Tokenize("example.com")) |
| 106 // --> 2. | 117 // --> 2. |
| 107 size_t FindSubDomainDifference(const Tokens& potential_subdomain, | 118 size_t FindSubDomainDifference(const Tokens& potential_subdomain, |
| 108 const Tokens& parent) const; | 119 const Tokens& parent) const; |
| 109 | 120 |
| 110 static Tokens Tokenize(const std::string& name); | 121 static Tokens Tokenize(const std::string& name); |
| 111 | 122 |
| 123 float CalculateScoreTimePassedSinceExpiry() const; | |
| 124 float CalculateScoreEnvironments() const; | |
| 125 | |
| 126 // content::NotificationObserver: | |
| 127 virtual void Observe( | |
| 128 int type, | |
| 129 const content::NotificationSource& source, | |
| 130 const content::NotificationDetails& details) OVERRIDE; | |
| 131 | |
| 132 content::WebContents* web_contents_; | |
| 112 // This stores the current time. | 133 // This stores the current time. |
| 113 base::Time current_time_; | 134 base::Time current_time_; |
| 114 | |
| 115 const GURL& request_url_; | 135 const GURL& request_url_; |
| 116 | 136 int cert_error_; |
| 117 // This stores the certificate. | 137 // This stores the certificate. |
| 118 const net::X509Certificate& cert_; | 138 const net::X509Certificate& cert_; |
| 139 // Is captive portal detection enabled? | |
| 140 bool captive_portal_detection_enabled_; | |
| 141 // Did the probe complete before the interstitial was closed? | |
| 142 bool captive_portal_probe_completed_; | |
| 143 // Did the captive portal probe receive an error or get a non-HTTP response? | |
| 144 bool captive_portal_no_response_; | |
| 145 // Was a captive portal detected? | |
| 146 bool captive_portal_detected_; | |
| 147 | |
| 148 content::NotificationRegistrar registrar_; | |
| 119 }; | 149 }; |
| 120 | 150 |
| 121 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ | 151 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_ |
| OLD | NEW |
