SUBDOMAIN_OUTSIDE_WILDCARD,
HOST_NAME_NOT_KNOWN_TLD,
LIKELY_MULTI_TENANT_HOSTING,
+ LOCALHOST,
+ PRIVATE_URL,
+ AUTHORITY_ERROR_CAPTIVE_PORTAL,
UNUSED_INTERSTITIAL_CAUSE_ENTRY,
};
UMA_HISTOGRAM_COUNTS_100(
"interstitial.ssl.severity_score.common_name_invalid",
static_cast<int>(ssl_severity_score * 100));
+ } else if (SSLErrorInfo::NetErrorToErrorType(cert_error) ==
+ SSLErrorInfo::CERT_AUTHORITY_INVALID) {
+ UMA_HISTOGRAM_COUNTS_100(
+ "interstitial.ssl.severity_score.authority_invalid",
+ static_cast<int>(ssl_severity_score * 100));
}
}
void SSLErrorClassification::InvalidDateSeverityScore() {
SSLErrorInfo::ErrorType type =
SSLErrorInfo::NetErrorToErrorType(cert_error_);
- DCHECK(type == SSLErrorInfo::CERT_DATE_INVALID);
+ DCHECK_EQ(type, SSLErrorInfo::CERT_DATE_INVALID);
// Client-side characteristics. Check whether or not the system's clock is
// wrong and whether or not the user has encountered this error before.
void SSLErrorClassification::InvalidCommonNameSeverityScore() {
SSLErrorInfo::ErrorType type =
SSLErrorInfo::NetErrorToErrorType(cert_error_);
- DCHECK(type == SSLErrorInfo::CERT_COMMON_NAME_INVALID);
+ DCHECK_EQ(type, SSLErrorInfo::CERT_COMMON_NAME_INVALID);
float severity_name_score = 0.0f;
static const float kWWWDifferenceWeight = 0.3f;
RecordSSLInterstitialSeverityScore(severity_name_score, cert_error_);
}
+void SSLErrorClassification::InvalidAuthoritySeverityScore() {
+ SSLErrorInfo::ErrorType type = SSLErrorInfo::NetErrorToErrorType(cert_error_);
+ DCHECK_EQ(type, SSLErrorInfo::CERT_AUTHORITY_INVALID);
+
+ // For |CERT_AUTHORITY_INVALID| errors if captive portals have been detected
+ // then don't calculate the score, just return.
+ if (captive_portal_probe_completed_ && captive_portal_detected_)
+ return;
+
+ float severity_authority_score = 0.0f;
+
+ static const float kLocalhostWeight = 0.7f;
+ static const float kPrivateURLWeight = 0.3f;
+ if (net::IsLocalhost(request_url_.HostNoBrackets()))
+ severity_authority_score += kClientWeight * kLocalhostWeight;
+ if (IsHostnameNonUniqueOrDotless(request_url_.HostNoBrackets()))
+ severity_authority_score += kClientWeight * kPrivateURLWeight;
+
+ RecordSSLInterstitialSeverityScore(severity_authority_score, cert_error_);
+}
+
void SSLErrorClassification::RecordUMAStatistics(
bool overridable) const {
SSLErrorInfo::ErrorType type =
}
break;
}
- default: {
+ case SSLErrorInfo::CERT_AUTHORITY_INVALID: {
+ const std::string& hostname = request_url_.HostNoBrackets();
+ if (net::IsLocalhost(hostname))
+ RecordSSLInterstitialCause(overridable, LOCALHOST);
+ if (IsHostnameNonUniqueOrDotless(hostname))
+ RecordSSLInterstitialCause(overridable, PRIVATE_URL);
+ if (captive_portal_probe_completed_ && captive_portal_detected_)
+ RecordSSLInterstitialCause(overridable, AUTHORITY_ERROR_CAPTIVE_PORTAL);
break;
}
+ default:
+ break;
}
}
}
bool SSLErrorClassification::IsUserClockInThePast(const base::Time& time_now) {
+#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
+ return false;
+#else
base::Time build_time = base::GetBuildTime();
if (time_now < build_time - base::TimeDelta::FromDays(2))
return true;
return false;
+#endif
}
bool SSLErrorClassification::IsUserClockInTheFuture(
const base::Time& time_now) {
+#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
+ return false;
+#else
base::Time build_time = base::GetBuildTime();
if (time_now > build_time + base::TimeDelta::FromDays(365))
return true;
return false;
+#endif
}
bool SSLErrorClassification::MaybeWindowsLacksSHA256Support() {
return true;
}
+// static
+bool SSLErrorClassification::IsHostnameNonUniqueOrDotless(
+ const std::string& hostname) {
+ return net::IsHostnameNonUnique(hostname) ||
+ hostname.find('.') == std::string::npos;
+}
+
void SSLErrorClassification::Observe(
int type,
const content::NotificationSource& source,