Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / ssl / ssl_error_classification.h
blob8fe69589f98bb93aee9c11cb2f9c2b6ffe8de227
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
6 #define CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_
8 #include <string>
9 #include <vector>
11 #include "base/time/time.h"
12 #include "content/public/browser/notification_observer.h"
13 #include "content/public/browser/notification_registrar.h"
14 #include "net/cert/x509_certificate.h"
15 #include "url/gurl.h"
17 namespace content {
18 class WebContents;
21 // This class classifies characteristics of SSL errors, including information
22 // about captive portal detection.
24 // This class should only be used on the UI thread because its
25 // implementation uses captive_portal::CaptivePortalService which can only be
26 // accessed on the UI thread.
27 class SSLErrorClassification : public content::NotificationObserver {
28 public:
29 SSLErrorClassification(content::WebContents* web_contents,
30 const base::Time& current_time,
31 const GURL& url,
32 int cert_error,
33 const net::X509Certificate& cert);
34 ~SSLErrorClassification() override;
36 // Returns true if the system time is in the past.
37 static bool IsUserClockInThePast(const base::Time& time_now);
39 // Returns true if the system time is too far in the future or the user is
40 // using a version of Chrome which is more than 1 year old.
41 static bool IsUserClockInTheFuture(const base::Time& time_now);
43 // Sets a clock for browser tests that check the build time. Used by
44 // IsUserClockInThePast and IsUserClockInTheFuture.
45 static void SetBuildTimeForTesting(const base::Time& testing_time);
47 // Returns true if the Windows platform is likely to not have SHA-256 support.
48 // On other platforms, returns false always.
49 static bool MaybeWindowsLacksSHA256Support();
51 // Returns true if any one of the following conditions hold:
52 // 1.|hostname| is an IP Address in an IANA-reserved range.
53 // 2.|hostname| is a not-yet-assigned by ICANN gTLD.
54 // 3.|hostname| is a dotless domain.
55 static bool IsHostnameNonUniqueOrDotless(const std::string& hostname);
57 // Returns true if the site's hostname differs from one of the DNS
58 // names in the certificate (CN or SANs) only by the presence or
59 // absence of the single-label prefix "www". E.g.: (The first domain
60 // is hostname and the second domain is a DNS name in the certificate)
62 // www.example.com ~ example.com -> true
63 // example.com ~ www.example.com -> true
64 // www.food.example.com ~ example.com -> false
65 // mail.example.com ~ example.com -> false
66 static bool GetWWWSubDomainMatch(const std::string& host_name,
67 const std::vector<std::string>& dns_names,
68 std::string* www_match_host_name);
70 // A function which calculates the severity score when the ssl error is
71 // |CERT_DATE_INVALID|. The calculated score is between 0.0 and 1.0, higher
72 // being more severe, indicating how severe the certificate's
73 // date invalid error is.
74 void InvalidDateSeverityScore();
76 // A function which calculates the severity score when the ssl error is
77 // |CERT_COMMON_NAME_INVALID|. The calculated score is between 0.0 and 1.0,
78 // higher being more severe, indicating how severe the certificate's common
79 // name invalid error is.
80 void InvalidCommonNameSeverityScore();
82 // A function which calculates the severity score when the ssl error is
83 // |CERT_AUTHORITY_INVALID|, returns a score between 0.0 and 1.0, higher
84 // values being more severe, indicating how severe the certificate's
85 // authority invalid error is.
86 void InvalidAuthoritySeverityScore();
88 void RecordUMAStatistics(bool overridable) const;
89 void RecordCaptivePortalUMAStatistics(bool overridable) const;
90 base::TimeDelta TimePassedSinceExpiry() const;
92 private:
93 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestDateInvalidScore);
94 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest, TestNameMismatch);
95 FRIEND_TEST_ALL_PREFIXES(SSLErrorClassificationTest,
96 TestHostNameHasKnownTLD);
98 typedef std::vector<std::string> Tokens;
100 // Returns true if the hostname has a known Top Level Domain.
101 static bool IsHostNameKnownTLD(const std::string& host_name);
103 // Returns true if GetWWWSubDomainMatch finds a www mismatch.
104 bool IsWWWSubDomainMatch() const;
106 // Returns true if |child| is a subdomain of any of the |potential_parents|.
107 bool NameUnderAnyNames(const Tokens& child,
108 const std::vector<Tokens>& potential_parents) const;
110 // Returns true if any of the |potential_children| is a subdomain of the
111 // |parent|. The inverse case should be treated carefully as this is most
112 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
113 // appspot.com.
114 bool AnyNamesUnderName(const std::vector<Tokens>& potential_children,
115 const Tokens& parent) const;
117 // Returns true if |hostname| is too broad for the scope of a wildcard
118 // certificate. E.g.:
120 // a.b.example.com ~ *.example.com --> true
121 // b.example.com ~ *.example.com --> false
122 bool IsSubDomainOutsideWildcard(const Tokens& hostname) const;
124 // Returns true if the certificate is a shared certificate. Note - This
125 // function should be used with caution (only for UMA histogram) as an
126 // attacker could easily get a certificate with more than 5 names in the SAN
127 // fields.
128 bool IsCertLikelyFromMultiTenantHosting() const;
130 // Returns true if the hostname in |request_url_| has the same domain
131 // (effective TLD + 1 label) as at least one of the subject
132 // alternative names in |cert_|.
133 bool IsCertLikelyFromSameDomain() const;
135 static std::vector<Tokens> GetTokenizedDNSNames(
136 const std::vector<std::string>& dns_names);
138 // If |potential_subdomain| is a subdomain of |parent|, returns the
139 // number of DNS labels by which |potential_subdomain| is under
140 // |parent|. Otherwise, returns 0.
142 // For example,
144 // FindSubDomainDifference(Tokenize("a.b.example.com"),
145 // Tokenize("example.com"))
146 // --> 2.
147 size_t FindSubDomainDifference(const Tokens& potential_subdomain,
148 const Tokens& parent) const;
150 static Tokens Tokenize(const std::string& name);
152 float CalculateScoreTimePassedSinceExpiry() const;
153 float CalculateScoreEnvironments() const;
155 // content::NotificationObserver:
156 void Observe(int type,
157 const content::NotificationSource& source,
158 const content::NotificationDetails& details) override;
160 content::WebContents* web_contents_;
161 // This stores the current time.
162 base::Time current_time_;
163 const GURL request_url_;
164 int cert_error_;
165 // This stores the certificate.
166 const net::X509Certificate& cert_;
167 // Is captive portal detection enabled?
168 bool captive_portal_detection_enabled_;
169 // Did the probe complete before the interstitial was closed?
170 bool captive_portal_probe_completed_;
171 // Did the captive portal probe receive an error or get a non-HTTP response?
172 bool captive_portal_no_response_;
173 // Was a captive portal detected?
174 bool captive_portal_detected_;
176 content::NotificationRegistrar registrar_;
179 #endif // CHROME_BROWSER_SSL_SSL_ERROR_CLASSIFICATION_H_