chrome/browser/ssl/ssl_error_classification.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
   6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/time/time.h"
  12 #include "content/public/browser/notification_observer.h"
  13 #include "content/public/browser/notification_registrar.h"
  14 #include "net/cert/x509_certificate.h"
  15 #include "url/gurl.h"
  16
  17 namespace content {
  18 class WebContents;
  19 }
  20
  21 // This class classifies characteristics of SSL errors, including information
  22 // about captive portal detection.
  23 //
  24 // This class should only be used on the UI thread because its
  25 // implementation uses captive_portal::CaptivePortalService which can only be
  26 // accessed on the UI thread.
  27 class SSLErrorClassification : public content::NotificationObserver {
  28  public:
  29   SSLErrorClassification(content::WebContents* web_contents,
  30                          const base::Time& current_time,
  31                          const GURL& url,
  32                          int cert_error,
  33                          const net::X509Certificate& cert);
  34   ~SSLErrorClassification() override;
  35
  36   // Returns true if the system time is in the past.
  37   static bool IsUserClockInThePast(const base::Time& time_now);
  38
  39   // Returns true if the system time is too far in the future or the user is
  40   // using a version of Chrome which is more than 1 year old.
  41   static bool IsUserClockInTheFuture(const base::Time& time_now);
  42
  43   // Returns true if the Windows platform is likely to not have SHA-256 support.
  44   // On other platforms, returns false always.
  45   static bool MaybeWindowsLacksSHA256Support();
  46
  47   // Returns true if any one of the following conditions hold:
  48   // 1.|hostname| is an IP Address in an IANA-reserved range.
  49   // 2.|hostname| is a not-yet-assigned by ICANN gTLD.
  50   // 3.|hostname| is a dotless domain.
  51   static bool IsHostnameNonUniqueOrDotless(const std::string& hostname);
  52
  53   // A function which calculates the severity score when the ssl error is
  54   // |CERT_DATE_INVALID|. The calculated score is between 0.0 and 1.0, higher
  55   // being more severe, indicating how severe the certificate's
  56   // date invalid error is.
  57   void InvalidDateSeverityScore();
  58
  59   // A function which calculates the severity score when the ssl error is
  60   // |CERT_COMMON_NAME_INVALID|. The calculated score is between 0.0 and 1.0,
  61   // higher being more severe, indicating how severe the certificate's common
  62   // name invalid error is.
  63   void InvalidCommonNameSeverityScore();
  64
  65   // A function which calculates the severity score when the ssl error is
  66   // |CERT_AUTHORITY_INVALID|, returns a score between 0.0 and 1.0, higher
  67   // values being more severe, indicating how severe the certificate's
  68   // authority invalid error is.
  69   void InvalidAuthoritySeverityScore();
  70
  71   void RecordUMAStatistics(bool overridable) const;
  72   void RecordCaptivePortalUMAStatistics(bool overridable) const;
  73   base::TimeDelta TimePassedSinceExpiry() const;
  74
  75  private:
  76   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore);
  77   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch);
  78   FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest,
  79                            TestHostNameHasKnownTLD);
  80
  81   typedef std::vector<std::string> Tokens;
  82
  83   // Returns true if the hostname has a known Top Level Domain.
  84   static bool IsHostNameKnownTLD(const std::string& host_name);
  85
  86   // Returns true if the site's hostname differs from one of the DNS
  87   // names in the certificate (CN or SANs) only by the presence or
  88   // absence of the single-label prefix "www". E.g.:
  89   //
  90   //     www.example.com ~ example.com -> true
  91   //     example.com ~ www.example.com -> true
  92   //     www.food.example.com ~ example.com -> false
  93   //     mail.example.com ~ example.com -> false
  94   bool IsWWWSubDomainMatch() const;
  95
  96   // Returns true if |child| is a subdomain of any of the |potential_parents|.
  97   bool NameUnderAnyNames(const Tokens& child,
  98                         const std::vector<Tokens>& potential_parents) const;
  99
 100   // Returns true if any of the |potential_children| is a subdomain of the
 101   // |parent|. The inverse case should be treated carefully as this is most
 102   // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
 103   // appspot.com.
 104   bool AnyNamesUnderName(const std::vector<Tokens>& potential_children,
 105                         const Tokens& parent) const;
 106
 107   // Returns true if |hostname| is too broad for the scope of a wildcard
 108   // certificate. E.g.:
 109   //
 110   //     a.b.example.com ~ *.example.com --> true
 111   //     b.example.com ~ *.example.com --> false
 112   bool IsSubDomainOutsideWildcard(const Tokens& hostname) const;
 113
 114   // Returns true if the certificate is a shared certificate. Note - This
 115   // function should be used with caution (only for UMA histogram) as an
 116   // attacker could easily get a certificate with more than 5 names in the SAN
 117   // fields.
 118   bool IsCertLikelyFromMultiTenantHosting() const;
 119
 120   static std::vector<Tokens> GetTokenizedDNSNames(
 121       const std::vector<std::string>& dns_names);
 122
 123   // If |potential_subdomain| is a subdomain of |parent|, returns the
 124   // number of DNS labels by which |potential_subdomain| is under
 125   // |parent|. Otherwise, returns 0.
 126   //
 127   // For example,
 128   //
 129   //   FindSubDomainDifference(Tokenize("a.b.example.com"),
 130   //                           Tokenize("example.com"))
 131   // --> 2.
 132   size_t FindSubDomainDifference(const Tokens& potential_subdomain,
 133                                  const Tokens& parent) const;
 134
 135   static Tokens Tokenize(const std::string& name);
 136
 137   float CalculateScoreTimePassedSinceExpiry() const;
 138   float CalculateScoreEnvironments() const;
 139
 140   // content::NotificationObserver:
 141   void Observe(int type,
 142                const content::NotificationSource& source,
 143                const content::NotificationDetails& details) override;
 144
 145   content::WebContents* web_contents_;
 146   // This stores the current time.
 147   base::Time current_time_;
 148   const GURL request_url_;
 149   int cert_error_;
 150   // This stores the certificate.
 151   const net::X509Certificate& cert_;
 152   // Is captive portal detection enabled?
 153   bool captive_portal_detection_enabled_;
 154   // Did the probe complete before the interstitial was closed?
 155   bool captive_portal_probe_completed_;
 156   // Did the captive portal probe receive an error or get a non-HTTP response?
 157   bool captive_portal_no_response_;
 158   // Was a captive portal detected?
 159   bool captive_portal_detected_;
 160
 161   content::NotificationRegistrar registrar_;
 162 };
 163
 164 #endif  // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_