Update To 11.40.268.0

[platform/framework/web/crosswalk.git] / src / chrome / browser / ssl / ssl_error_classification.cc
diff --git a/src/chrome/browser/ssl/ssl_error_classification.cc b/src/chrome/browser/ssl/ssl_error_classification.cc

index 12983f5..583ee19 100644 (file)
--- a/src/chrome/browser/ssl/ssl_error_classification.cc
+++ b/src/chrome/browser/ssl/ssl_error_classification.cc
@@ -50,6 +50,9 @@ enum SSLInterstitialCause {
    SUBDOMAIN_OUTSIDE_WILDCARD,
    HOST_NAME_NOT_KNOWN_TLD,
    LIKELY_MULTI_TENANT_HOSTING,
+  LOCALHOST,
+  PRIVATE_URL,
+  AUTHORITY_ERROR_CAPTIVE_PORTAL,
    UNUSED_INTERSTITIAL_CAUSE_ENTRY,
  };
  
@@ -77,6 +80,11 @@ void RecordSSLInterstitialSeverityScore(float ssl_severity_score,
      UMA_HISTOGRAM_COUNTS_100(
          "interstitial.ssl.severity_score.common_name_invalid",
          static_cast<int>(ssl_severity_score * 100));
+  } else if (SSLErrorInfo::NetErrorToErrorType(cert_error) ==
+             SSLErrorInfo::CERT_AUTHORITY_INVALID) {
+    UMA_HISTOGRAM_COUNTS_100(
+        "interstitial.ssl.severity_score.authority_invalid",
+        static_cast<int>(ssl_severity_score * 100));
    }
  }
  
@@ -190,7 +198,7 @@ void SSLErrorClassification::RecordCaptivePortalUMAStatistics(
  void SSLErrorClassification::InvalidDateSeverityScore() {
    SSLErrorInfo::ErrorType type =
        SSLErrorInfo::NetErrorToErrorType(cert_error_);
-  DCHECK(type == SSLErrorInfo::CERT_DATE_INVALID);
+  DCHECK_EQ(type, SSLErrorInfo::CERT_DATE_INVALID);
  
    // Client-side characteristics. Check whether or not the system's clock is
    // wrong and whether or not the user has encountered this error before.
@@ -229,7 +237,7 @@ void SSLErrorClassification::InvalidDateSeverityScore() {
  void SSLErrorClassification::InvalidCommonNameSeverityScore() {
    SSLErrorInfo::ErrorType type =
        SSLErrorInfo::NetErrorToErrorType(cert_error_);
-  DCHECK(type == SSLErrorInfo::CERT_COMMON_NAME_INVALID);
+  DCHECK_EQ(type, SSLErrorInfo::CERT_COMMON_NAME_INVALID);
    float severity_name_score = 0.0f;
  
    static const float kWWWDifferenceWeight = 0.3f;
@@ -265,6 +273,27 @@ void SSLErrorClassification::InvalidCommonNameSeverityScore() {
    RecordSSLInterstitialSeverityScore(severity_name_score, cert_error_);
  }
  
+void SSLErrorClassification::InvalidAuthoritySeverityScore() {
+  SSLErrorInfo::ErrorType type = SSLErrorInfo::NetErrorToErrorType(cert_error_);
+  DCHECK_EQ(type, SSLErrorInfo::CERT_AUTHORITY_INVALID);
+
+  // For |CERT_AUTHORITY_INVALID| errors if captive portals have been detected
+  // then don't calculate the score, just return.
+  if (captive_portal_probe_completed_ && captive_portal_detected_)
+    return;
+
+  float severity_authority_score = 0.0f;
+
+  static const float kLocalhostWeight = 0.7f;
+  static const float kPrivateURLWeight = 0.3f;
+  if (net::IsLocalhost(request_url_.HostNoBrackets()))
+    severity_authority_score += kClientWeight * kLocalhostWeight;
+  if (IsHostnameNonUniqueOrDotless(request_url_.HostNoBrackets()))
+    severity_authority_score += kClientWeight * kPrivateURLWeight;
+
+  RecordSSLInterstitialSeverityScore(severity_authority_score, cert_error_);
+}
+
  void SSLErrorClassification::RecordUMAStatistics(
      bool overridable) const {
    SSLErrorInfo::ErrorType type =
@@ -299,9 +328,18 @@ void SSLErrorClassification::RecordUMAStatistics(
        }
        break;
      }
-    default: {
+    case SSLErrorInfo::CERT_AUTHORITY_INVALID: {
+      const std::string& hostname = request_url_.HostNoBrackets();
+      if (net::IsLocalhost(hostname))
+        RecordSSLInterstitialCause(overridable, LOCALHOST);
+      if (IsHostnameNonUniqueOrDotless(hostname))
+        RecordSSLInterstitialCause(overridable, PRIVATE_URL);
+      if (captive_portal_probe_completed_ && captive_portal_detected_)
+        RecordSSLInterstitialCause(overridable, AUTHORITY_ERROR_CAPTIVE_PORTAL);
        break;
      }
+    default:
+      break;
    }
  }
  
@@ -353,18 +391,26 @@ float SSLErrorClassification::CalculateScoreEnvironments() const {
  }
  
  bool SSLErrorClassification::IsUserClockInThePast(const base::Time& time_now) {
+#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
+  return false;
+#else
    base::Time build_time = base::GetBuildTime();
    if (time_now < build_time - base::TimeDelta::FromDays(2))
      return true;
    return false;
+#endif
  }
  
  bool SSLErrorClassification::IsUserClockInTheFuture(
      const base::Time& time_now) {
+#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
+  return false;
+#else
    base::Time build_time = base::GetBuildTime();
    if (time_now > build_time + base::TimeDelta::FromDays(365))
      return true;
    return false;
+#endif
  }
  
  bool SSLErrorClassification::MaybeWindowsLacksSHA256Support() {
@@ -569,6 +615,13 @@ bool SSLErrorClassification::IsCertLikelyFromMultiTenantHosting() const {
    return true;
  }
  
+// static
+bool SSLErrorClassification::IsHostnameNonUniqueOrDotless(
+    const std::string& hostname) {
+  return net::IsHostnameNonUnique(hostname) ||
+         hostname.find('.') == std::string::npos;
+}
+
  void SSLErrorClassification::Observe(
      int type,
      const content::NotificationSource& source,