Use network time for bad clock interstitial.

chrome/browser/ssl/ssl_error_handler.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_error_handler.h"
 
 #include <stdint.h>
 #include <utility>
 
 #include "base/callback_helpers.h"
 #include "base/macros.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/clock.h"
 #include "base/time/time.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ssl/ssl_cert_reporter.h"
 #include "components/ssl_errors/error_classification.h"
 #include "components/ssl_errors/error_info.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "net/base/net_errors.h"
 
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 #include "chrome/browser/captive_portal/captive_portal_service.h"
 #include "chrome/browser/captive_portal/captive_portal_service_factory.h"
 #include "chrome/browser/captive_portal/captive_portal_tab_helper.h"
 #include "chrome/browser/ssl/captive_portal_blocking_page.h"
 #endif
 
+namespace network_time {
+class NetworkTimeTracker;
+}
+
 namespace {
 
 // The delay in milliseconds before displaying the SSL interstitial.
 // This can be changed in tests.
 // - If there is a name mismatch and a suggested URL available result arrives
 //   during this time, the user is redirected to the suggester URL.
 // - If a "captive portal detected" result arrives during this time,
 //   a captive portal interstitial is displayed.
 // - Otherwise, an SSL interstitial is displayed.
 int64_t g_interstitial_delay_in_milliseconds = 2000;
@@ skipping 83 matching lines @@
   return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
          "Enabled";
 }
 #endif
 
 bool IsSSLCommonNameMismatchHandlingEnabled() {
   return base::FieldTrialList::FindFullName("SSLCommonNameMismatchHandling") ==
          "Enabled";
 }
 
-bool IsErrorDueToBadClock(const base::Time& now, int error) {
-  if (ssl_errors::ErrorInfo::NetErrorToErrorType(error) !=
-      ssl_errors::ErrorInfo::CERT_DATE_INVALID) {
-    return false;
-  }
-  return ssl_errors::IsUserClockInThePast(now) ||
-         ssl_errors::IsUserClockInTheFuture(now);
-}
-
 }  // namespace
 
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SSLErrorHandler);
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(CommonNameMismatchRedirectObserver);
 
 void SSLErrorHandler::HandleSSLError(
     content::WebContents* web_contents,
     int cert_error,
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
@@ skipping 44 matching lines @@
 
 SSLErrorHandler::~SSLErrorHandler() {
 }
 
 void SSLErrorHandler::StartHandlingError() {
   RecordUMA(HANDLE_ALL);
 
   const base::Time now = g_testing_clock == nullptr
                              ? base::Time::NowFromSystemTime()
                              : g_testing_clock->Now();
-  if (IsErrorDueToBadClock(now, cert_error_)) {
-    ShowBadClockInterstitial(now);
-    return;  // |this| is deleted after showing the interstitial.
+  if (ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_) ==
+      ssl_errors::ErrorInfo::CERT_DATE_INVALID) {
+    ssl_errors::ClockState clock_state = ssl_errors::GetClockState(
+        now, g_browser_process->network_time_tracker());
+    if (clock_state == ssl_errors::CLOCK_STATE_FUTURE ||
+        clock_state == ssl_errors::CLOCK_STATE_PAST) {
+      ShowBadClockInterstitial(now, clock_state);
+      return;  // |this| is deleted after showing the interstitial.
+    }
   }
 
   std::vector<std::string> dns_names;
   ssl_info_.cert->GetDNSNames(&dns_names);
   DCHECK(!dns_names.empty());
   GURL suggested_url;
   if (IsSSLCommonNameMismatchHandlingEnabled() &&
       cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
       IsErrorOverridable() && GetSuggestedUrl(dns_names, &suggested_url)) {
     RecordUMA(WWW_MISMATCH_FOUND);
@@ skipping 108 matching lines @@
 
   (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
                        options_mask_, base::Time::NowFromSystemTime(),
                        std::move(ssl_cert_reporter_), callback_))
       ->Show();
   // Once an interstitial is displayed, no need to keep the handler around.
   // This is the equivalent of "delete this".
   web_contents_->RemoveUserData(UserDataKey());
 }
 
-void SSLErrorHandler::ShowBadClockInterstitial(const base::Time& now) {
+void SSLErrorHandler::ShowBadClockInterstitial(
+    const base::Time& now,
+    ssl_errors::ClockState clock_state) {
   RecordUMA(SHOW_BAD_CLOCK);
   (new BadClockBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
-                            now, std::move(ssl_cert_reporter_), callback_))
+                            now, clock_state, std::move(ssl_cert_reporter_),
+                            callback_))
       ->Show();
   // Once an interstitial is displayed, no need to keep the handler around.
   // This is the equivalent of "delete this".
   web_contents_->RemoveUserData(UserDataKey());
 }
 
 void SSLErrorHandler::CommonNameMismatchHandlerCallback(
     const CommonNameMismatchHandler::SuggestedUrlCheckResult& result,
     const GURL& suggested_url) {
   timer_.Stop();
@@ skipping 46 matching lines @@
   if (!callback_.is_null()) {
     base::ResetAndReturn(&callback_).Run(false);
   }
   if (common_name_mismatch_handler_) {
     common_name_mismatch_handler_->Cancel();
     common_name_mismatch_handler_.reset();
   }
   // Deletes |this| and also destroys the timer.
   web_contents_->RemoveUserData(UserDataKey());
 }