components/ssl_errors/error_classification.h - chromium/src.git - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_

 #include <string>
 #include <vector>

 namespace base {
 class Time;
 }

 class GURL;

 namespace net {
 class X509Certificate;
 }

 namespace network_time {
 class NetworkTimeTracker;
 }

 namespace ssl_errors {

 typedef std::vector<std::string> HostnameTokens;

 // Methods for identifying specific error causes. ------------------------------

 // What is known about the accuracy of system clock.  Do not change or
 // reorder; these values are used in an UMA histogram.
 enum ClockState {
   // Not known whether system clock is close enough.
   CLOCK_STATE_UNKNOWN,

   // System clock is "close enough", per network time.
   CLOCK_STATE_OK,

   // System clock is behind.
   CLOCK_STATE_PAST,

   // System clock is ahead.
   CLOCK_STATE_FUTURE,

   CLOCK_STATE_MAX,
 };

 // Describes the result of getting network time and if it was
 // unavailable, why it was unavailable. This enum is being histogrammed
 // so do not reorder or remove values.
 //
 // Exposed for testing.
 enum NetworkClockState {
   // Value 0 was NETWORK_CLOCK_STATE_UNKNOWN_NO_SYNC, which is obsolete
   // in favor of the finer-grained values below.

   // The clock state relative to network time is unknown because the
   // user's clock has fallen out of sync with the latest information
   // from the network (due to e.g. suspend/resume).
   NETWORK_CLOCK_STATE_UNKNOWN_SYNC_LOST = 1,
   // The clock is "close enough" to the network time.
   NETWORK_CLOCK_STATE_OK,
   // The clock is in the past relative to network time.
   NETWORK_CLOCK_STATE_CLOCK_IN_PAST,
   // The clock is in the future relative to network time.
   NETWORK_CLOCK_STATE_CLOCK_IN_FUTURE,
   // The clock state relative to network time is unknown because no sync
   // attempt has been made yet.
   NETWORK_CLOCK_STATE_UNKNOWN_NO_SYNC_ATTEMPT,
   // The clock state relative to network time is unknown because one or
   // more sync attempts has failed.
   NETWORK_CLOCK_STATE_UNKNOWN_NO_SUCCESSFUL_SYNC,
   // The clock state relative to network time is unknown because the
   // first sync attempt is still pending.
   NETWORK_CLOCK_STATE_UNKNOWN_FIRST_SYNC_PENDING,
   // The clock state relative to network time is unknown because one or
   // more time query attempts have failed, and a subsequent sync attempt
   // is still pending.
   NETWORK_CLOCK_STATE_UNKNOWN_SUBSEQUENT_SYNC_PENDING,
   NETWORK_CLOCK_STATE_MAX
 };

 // Compares |now_system| to the build time and to the current network time, and
 // returns an inference about the state of the system clock.  A result from
 // network time, if available, will always be preferred to a result from the
 // build time.  Calling this function records UMA statistics: it's assumed that
 // it's called in the course of handling an SSL error.
 ClockState GetClockState(
     const base::Time& now_system,
     const network_time::NetworkTimeTracker* network_time_tracker);

 // Returns true if |hostname| is too broad for the scope of a wildcard
 // certificate. E.g.:
 //     a.b.example.com ~ *.example.com --> true
 //     b.example.com ~ *.example.com --> false
 bool IsSubDomainOutsideWildcard(const GURL& request_url,
                                 const net::X509Certificate& cert);

 // Returns true if the certificate is a shared certificate. Note - This
 // function should be used with caution (only for UMA histogram) as an
 // attacker could easily get a certificate with more than 5 names in the SAN
 // fields.
 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
                                         const net::X509Certificate& cert);

 // Returns true if the hostname in |request_url_| has the same domain
 // (effective TLD + 1 label) as at least one of the subject
 // alternative names in |cert_|.
 bool IsCertLikelyFromSameDomain(const GURL& request_url,
                                 const net::X509Certificate& cert);

 // Returns true if the site's hostname differs from one of the DNS
 // names in the certificate (CN or SANs) only by the presence or
 // absence of the single-label prefix "www". E.g.: (The first domain
 // is hostname and the second domain is a DNS name in the certificate)
 //     www.example.com ~ example.com -> true
 //     example.com ~ www.example.com -> true
 //     www.food.example.com ~ example.com -> false
 //     mail.example.com ~ example.com -> false
 bool GetWWWSubDomainMatch(const GURL& request_url,
                           const std::vector<std::string>& dns_names,
                           std::string* www_match_host_name);

 // Method for recording results. -----------------------------------------------

 void RecordUMAStatistics(bool overridable,
                          const base::Time& current_time,
                          const GURL& request_url,
                          int cert_error,
                          const net::X509Certificate& cert);

 // Specialization of |RecordUMAStatistics| to be used when the bad clock
 // interstitial is shown.  |cert_error| is required only for sanity-checking: it
 // must always be |ssl_errors::ErrorInfo::CERT_DATE_INVALID|.
 void RecordUMAStatisticsForClockInterstitial(bool overridable,
                                              ssl_errors::ClockState clock_state,
                                              int cert_error);

 // Helper methods for classification. ------------------------------------------

 // Tokenize DNS names and hostnames.
 HostnameTokens Tokenize(const std::string& name);

 // Sets a clock for browser tests that check the build time. Used by
 // GetClockState().
 void SetBuildTimeForTesting(const base::Time& testing_time);

 // Returns true if the hostname has a known Top Level Domain.
 bool HostNameHasKnownTLD(const std::string& host_name);

 // Returns true if any one of the following conditions hold:
 // 1.|hostname| is an IP Address in an IANA-reserved range.
 // 2.|hostname| is a not-yet-assigned by ICANN gTLD.
 // 3.|hostname| is a dotless domain.
 bool IsHostnameNonUniqueOrDotless(const std::string& hostname);

 // Returns true if |child| is a subdomain of any of the |potential_parents|.
 bool NameUnderAnyNames(const HostnameTokens& child,
                        const std::vector<HostnameTokens>& potential_parents);

 // Returns true if any of the |potential_children| is a subdomain of the
 // |parent|. The inverse case should be treated carefully as this is most
 // likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
 // appspot.com.
 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
                        const HostnameTokens& parent);

 // Exposed for teshting.
 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2);

 }  // namespace ssl_errors

 #endif  // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
	#define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_

	#include <string>
	#include <vector>

	namespace base {
	class Time;
	}

	class GURL;

	namespace net {
	class X509Certificate;
	}

	namespace network_time {
	class NetworkTimeTracker;
	}

	namespace ssl_errors {

	typedef std::vector<std::string> HostnameTokens;

	// Methods for identifying specific error causes. ------------------------------

	// What is known about the accuracy of system clock. Do not change or
	// reorder; these values are used in an UMA histogram.
	enum ClockState {
	// Not known whether system clock is close enough.
	CLOCK_STATE_UNKNOWN,

	// System clock is "close enough", per network time.
	CLOCK_STATE_OK,

	// System clock is behind.
	CLOCK_STATE_PAST,

	// System clock is ahead.
	CLOCK_STATE_FUTURE,

	CLOCK_STATE_MAX,
	};

	// Describes the result of getting network time and if it was
	// unavailable, why it was unavailable. This enum is being histogrammed
	// so do not reorder or remove values.
	//
	// Exposed for testing.
	enum NetworkClockState {
	// Value 0 was NETWORK_CLOCK_STATE_UNKNOWN_NO_SYNC, which is obsolete
	// in favor of the finer-grained values below.

	// The clock state relative to network time is unknown because the
	// user's clock has fallen out of sync with the latest information
	// from the network (due to e.g. suspend/resume).
	NETWORK_CLOCK_STATE_UNKNOWN_SYNC_LOST = 1,
	// The clock is "close enough" to the network time.
	NETWORK_CLOCK_STATE_OK,
	// The clock is in the past relative to network time.
	NETWORK_CLOCK_STATE_CLOCK_IN_PAST,
	// The clock is in the future relative to network time.
	NETWORK_CLOCK_STATE_CLOCK_IN_FUTURE,
	// The clock state relative to network time is unknown because no sync
	// attempt has been made yet.
	NETWORK_CLOCK_STATE_UNKNOWN_NO_SYNC_ATTEMPT,
	// The clock state relative to network time is unknown because one or
	// more sync attempts has failed.
	NETWORK_CLOCK_STATE_UNKNOWN_NO_SUCCESSFUL_SYNC,
	// The clock state relative to network time is unknown because the
	// first sync attempt is still pending.
	NETWORK_CLOCK_STATE_UNKNOWN_FIRST_SYNC_PENDING,
	// The clock state relative to network time is unknown because one or
	// more time query attempts have failed, and a subsequent sync attempt
	// is still pending.
	NETWORK_CLOCK_STATE_UNKNOWN_SUBSEQUENT_SYNC_PENDING,
	NETWORK_CLOCK_STATE_MAX
	};

	// Compares \|now_system\| to the build time and to the current network time, and
	// returns an inference about the state of the system clock. A result from
	// network time, if available, will always be preferred to a result from the
	// build time. Calling this function records UMA statistics: it's assumed that
	// it's called in the course of handling an SSL error.
	ClockState GetClockState(
	const base::Time& now_system,
	const network_time::NetworkTimeTracker* network_time_tracker);

	// Returns true if \|hostname\| is too broad for the scope of a wildcard
	// certificate. E.g.:
	// a.b.example.com ~ *.example.com --> true
	// b.example.com ~ *.example.com --> false
	bool IsSubDomainOutsideWildcard(const GURL& request_url,
	const net::X509Certificate& cert);

	// Returns true if the certificate is a shared certificate. Note - This
	// function should be used with caution (only for UMA histogram) as an
	// attacker could easily get a certificate with more than 5 names in the SAN
	// fields.
	bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
	const net::X509Certificate& cert);

	// Returns true if the hostname in \|request_url_\| has the same domain
	// (effective TLD + 1 label) as at least one of the subject
	// alternative names in \|cert_\|.
	bool IsCertLikelyFromSameDomain(const GURL& request_url,
	const net::X509Certificate& cert);

	// Returns true if the site's hostname differs from one of the DNS
	// names in the certificate (CN or SANs) only by the presence or
	// absence of the single-label prefix "www". E.g.: (The first domain
	// is hostname and the second domain is a DNS name in the certificate)
	// www.example.com ~ example.com -> true
	// example.com ~ www.example.com -> true
	// www.food.example.com ~ example.com -> false
	// mail.example.com ~ example.com -> false
	bool GetWWWSubDomainMatch(const GURL& request_url,
	const std::vector<std::string>& dns_names,
	std::string* www_match_host_name);

	// Method for recording results. -----------------------------------------------

	void RecordUMAStatistics(bool overridable,
	const base::Time& current_time,
	const GURL& request_url,
	int cert_error,
	const net::X509Certificate& cert);

	// Specialization of \|RecordUMAStatistics\| to be used when the bad clock
	// interstitial is shown. \|cert_error\| is required only for sanity-checking: it
	// must always be \|ssl_errors::ErrorInfo::CERT_DATE_INVALID\|.
	void RecordUMAStatisticsForClockInterstitial(bool overridable,
	ssl_errors::ClockState clock_state,
	int cert_error);

	// Helper methods for classification. ------------------------------------------

	// Tokenize DNS names and hostnames.
	HostnameTokens Tokenize(const std::string& name);

	// Sets a clock for browser tests that check the build time. Used by
	// GetClockState().
	void SetBuildTimeForTesting(const base::Time& testing_time);

	// Returns true if the hostname has a known Top Level Domain.
	bool HostNameHasKnownTLD(const std::string& host_name);

	// Returns true if any one of the following conditions hold:
	// 1.\|hostname\| is an IP Address in an IANA-reserved range.
	// 2.\|hostname\| is a not-yet-assigned by ICANN gTLD.
	// 3.\|hostname\| is a dotless domain.
	bool IsHostnameNonUniqueOrDotless(const std::string& hostname);

	// Returns true if \|child\| is a subdomain of any of the \|potential_parents\|.
	bool NameUnderAnyNames(const HostnameTokens& child,
	const std::vector<HostnameTokens>& potential_parents);

	// Returns true if any of the \|potential_children\| is a subdomain of the
	// \|parent\|. The inverse case should be treated carefully as this is most
	// likely a MITM attack. We don't want foo.appspot.com to be able to MITM for
	// appspot.com.
	bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
	const HostnameTokens& parent);

	// Exposed for teshting.
	size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2);

	} // namespace ssl_errors

	#endif // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_