Use network time for bad clock interstitial.

components/ssl_errors/error_classification.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 
 #include <string>
 #include <vector>
 
 namespace base {
 class Time;
 }
 
 class GURL;
 
 namespace net {
 class X509Certificate;
 }
 
+namespace network_time {
+class NetworkTimeTracker;
+}
+
 namespace ssl_errors {
 
 typedef std::vector<std::string> HostnameTokens;
 
 // Methods for identifying specific error causes. ------------------------------
 
-// Returns true if the system time is in the past.
-bool IsUserClockInThePast(const base::Time& time_now);
+// What is known about the accuracy of system clock.  Note that these do not
+// represent a uniform level of certainty!  The names are prefixed by the source
+// of the information.
+enum ClockState {
+  // Not known whether system clock is close enough.
+  UNKNOWN,

[estark, 2016/03/10 20:10:08]

The usual Chromium style would be to name these CLOCK_STATE_UNKNOWN,
CLOCK_STATE_NETWORK_OK, etc. Even though it's a little longer, it helps with
readability (ssl_errors::UNKNOWN is ambiguous, for example).

[mab, 2016/03/11 04:18:41]

Done.

 
-// Returns true if the system time is too far in the future or the user is
-// using a version of Chrome which is more than 1 year old.
-bool IsUserClockInTheFuture(const base::Time& time_now);
+  // System clock is "close enough", per network time.
+  NETWORK_OK,
+
+  // System clock is behind the network time, i.e. in the past.
+  NETWORK_PAST,
+
+  // System clock is ahead of the network time, i.e. in the future.
+  NETWORK_FUTURE,
+
+  // System clock is behind the build time (which should be impossible, so it
+  // probably means the system clock is behind).
+  BUILD_PAST,
+
+  // System clock is so far ahead of the build time that either this is a very
+  // old binary or the clock is ahead.  (This is a slightly weaker indication
+  // than the other values of this enum.)
+  BUILD_FUTURE

[estark, 2016/03/10 20:10:08]

nit: add trailing comma

[mab, 2016/03/11 04:18:41]

Done.

+};
+
+// Returns the current state of the clock.  The states are documented with the
+// |CLOCK_STATE| enum.  A result from network time, if available, will always be
+// preferred to a result from the build time.
+ClockState GetClockState(
+    const base::Time& now_system,
+    const network_time::NetworkTimeTracker* network_time_tracker);
 
 // Returns true if |hostname| is too broad for the scope of a wildcard
 // certificate. E.g.:
 //     a.b.example.com ~ *.example.com --> true
 //     b.example.com ~ *.example.com --> false
 bool IsSubDomainOutsideWildcard(const GURL& request_url,
                                 const net::X509Certificate& cert);
 
 // Returns true if the certificate is a shared certificate. Note - This
 // function should be used with caution (only for UMA histogram) as an
@@ skipping 17 matching lines @@
 //     www.food.example.com ~ example.com -> false
 //     mail.example.com ~ example.com -> false
 bool GetWWWSubDomainMatch(const GURL& request_url,
                           const std::vector<std::string>& dns_names,
                           std::string* www_match_host_name);
 
 // Method for recording results. -----------------------------------------------
 
 void RecordUMAStatistics(bool overridable,
                          const base::Time& current_time,
+                         const network_time::NetworkTimeTracker* network_time,
                          const GURL& request_url,
                          int cert_error,
                          const net::X509Certificate& cert);
 
 // Helper methods for classification. ------------------------------------------
 
 // Tokenize DNS names and hostnames.
 HostnameTokens Tokenize(const std::string& name);
 
 // Sets a clock for browser tests that check the build time. Used by
@@ skipping 19 matching lines @@
 // appspot.com.
 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
                        const HostnameTokens& parent);
 
 // Exposed for teshting.
 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2);
 
 }  // namespace ssl_errors
 
 #endif  // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_