mattgrill/x509_certificate.cc

## x509_certificate.cc
if (!reference_domain.empty()) {
  DCHECK(reference_domain.starts_with("."));

  // Do not allow wildcards for public/ICANN registry controlled domains -
  // that is, prevent *.com or *.co.uk as valid presented names, but do not
  // prevent *.appspot.com (a private registry controlled domain).
  // In addition, unknown top-level domains (such as 'intranet' domains or
  // new TLDs/gTLDs not yet added to the registry controlled domain dataset)
  // are also implicitly prevented.
  // Because |reference_domain| must contain at least one name component that
  // is not registry controlled, this ensures that all reference domains
  // contain at least three domain components when using wildcards.
  size_t registry_length =
    registry_controlled_domains::GetRegistryLength(
      reference_name,
      registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
      registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);

  // Because |reference_name| was already canonicalized, the following
  // should never happen.
  CHECK_NE(std::string::npos, registry_length);

  // Account for the leading dot in |reference_domain|.
  bool is_registry_controlled =
    registry_length != 0 &&
    registry_length == (reference_domain.size() - 1);

  // Additionally, do not attempt wildcard matching for purely numeric
  // hostnames.
    allow_wildcards =
      !is_registry_controlled &&
      reference_name.find_first_not_of("0123456789.") != std::string::npos;
}
	if (!reference_domain.empty()) {
	DCHECK(reference_domain.starts_with("."));

	// Do not allow wildcards for public/ICANN registry controlled domains -
	// that is, prevent .com or .co.uk as valid presented names, but do not
	// prevent *.appspot.com (a private registry controlled domain).
	// In addition, unknown top-level domains (such as 'intranet' domains or
	// new TLDs/gTLDs not yet added to the registry controlled domain dataset)
	// are also implicitly prevented.
	// Because \|reference_domain\| must contain at least one name component that
	// is not registry controlled, this ensures that all reference domains
	// contain at least three domain components when using wildcards.
	size_t registry_length =
	registry_controlled_domains::GetRegistryLength(
	reference_name,
	registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES,
	registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES);

	// Because \|reference_name\| was already canonicalized, the following
	// should never happen.
	CHECK_NE(std::string::npos, registry_length);

	// Account for the leading dot in \|reference_domain\|.
	bool is_registry_controlled =
	registry_length != 0 &&
	registry_length == (reference_domain.size() - 1);

	// Additionally, do not attempt wildcard matching for purely numeric
	// hostnames.
	allow_wildcards =
	!is_registry_controlled &&
	reference_name.find_first_not_of("0123456789.") != std::string::npos;
	}