Use network time for bad clock interstitial.

components/ssl_errors/error_classification.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 
 #include <string>
 #include <vector>
 
 namespace base {
 class Time;
 }
 
 class GURL;
 
 namespace net {
 class X509Certificate;
 }
 
+namespace network_time {
+class NetworkTimeTracker;
+}
+
 namespace ssl_errors {
 
 typedef std::vector<std::string> HostnameTokens;
 
 // Methods for identifying specific error causes. ------------------------------
 
-// Returns true if the system time is in the past.
-bool IsUserClockInThePast(const base::Time& time_now);
+// What is known about the accuracy of system clock.  Do not change or
+// reorder; these values are used in an UMA histogram.
+enum ClockState {
+  // Not known whether system clock is close enough.
+  CLOCK_STATE_UNKNOWN,
 
-// Returns true if the system time is too far in the future or the user is
-// using a version of Chrome which is more than 1 year old.
-bool IsUserClockInTheFuture(const base::Time& time_now);
+  // System clock is "close enough", per network time.
+  CLOCK_STATE_OK,
+
+  // System clock is behind.
+  CLOCK_STATE_PAST,
+
+  // System clock is ahead.
+  CLOCK_STATE_FUTURE,
+};
+
+// Returns the current state of the clock.  The states are documented with the
+// |CLOCK_STATE| enum.  A result from network time, if available, will always be
+// preferred to a result from the build time.
+ClockState GetClockState(
+    const base::Time& now_system,
+    const network_time::NetworkTimeTracker* network_time_tracker,
+    bool record_results);
 
 // Returns true if |hostname| is too broad for the scope of a wildcard
 // certificate. E.g.:
 //     a.b.example.com ~ *.example.com --> true
 //     b.example.com ~ *.example.com --> false
 bool IsSubDomainOutsideWildcard(const GURL& request_url,
                                 const net::X509Certificate& cert);
 
 // Returns true if the certificate is a shared certificate. Note - This
 // function should be used with caution (only for UMA histogram) as an
@@ skipping 17 matching lines @@
 //     www.food.example.com ~ example.com -> false
 //     mail.example.com ~ example.com -> false
 bool GetWWWSubDomainMatch(const GURL& request_url,
                           const std::vector<std::string>& dns_names,
                           std::string* www_match_host_name);
 
 // Method for recording results. -----------------------------------------------
 
 void RecordUMAStatistics(bool overridable,
                          const base::Time& current_time,
+                         const network_time::NetworkTimeTracker* network_time,
                          const GURL& request_url,
                          int cert_error,
                          const net::X509Certificate& cert);
 
 // Helper methods for classification. ------------------------------------------
 
 // Tokenize DNS names and hostnames.
 HostnameTokens Tokenize(const std::string& name);
 
 // Sets a clock for browser tests that check the build time. Used by
@@ skipping 19 matching lines @@
 // appspot.com.
 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
                        const HostnameTokens& parent);
 
 // Exposed for teshting.
 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2);
 
 }  // namespace ssl_errors
 
 #endif  // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_