Use network time for bad clock interstitial.

components/ssl_errors/error_classification.h

Index: components/ssl_errors/error_classification.h
diff --git a/components/ssl_errors/error_classification.h b/components/ssl_errors/error_classification.h
index d15adb292fc80c3e59a27d4875bfeb0455099c73..641ad12f1cabacabfba86038e0ea3ffc2b4180ac 100644
--- a/components/ssl_errors/error_classification.h
+++ b/components/ssl_errors/error_classification.h
@@ -18,18 +18,48 @@ namespace net {
 class X509Certificate;
 }
 
+namespace network_time {
+class NetworkTimeTracker;
+}
+
 namespace ssl_errors {
 
 typedef std::vector<std::string> HostnameTokens;
 
 // Methods for identifying specific error causes. ------------------------------
 
-// Returns true if the system time is in the past.
-bool IsUserClockInThePast(const base::Time& time_now);
+// What is known about the accuracy of system clock.  Note that these do not
+// represent a uniform level of certainty!  The names are prefixed by the source
+// of the information.
+enum ClockState {
+  // Not known whether system clock is close enough.
+  UNKNOWN,

[estark, 2016/03/10 20:10:08]

The usual Chromium style would be to name these CLOCK_STATE_UNKNOWN,
CLOCK_STATE_NETWORK_OK, etc. Even though it's a little longer, it helps with
readability (ssl_errors::UNKNOWN is ambiguous, for example).

[mab, 2016/03/11 04:18:41]

Done.

+
+  // System clock is "close enough", per network time.
+  NETWORK_OK,
+
+  // System clock is behind the network time, i.e. in the past.
+  NETWORK_PAST,
+
+  // System clock is ahead of the network time, i.e. in the future.
+  NETWORK_FUTURE,
+
+  // System clock is behind the build time (which should be impossible, so it
+  // probably means the system clock is behind).
+  BUILD_PAST,
+
+  // System clock is so far ahead of the build time that either this is a very
+  // old binary or the clock is ahead.  (This is a slightly weaker indication
+  // than the other values of this enum.)
+  BUILD_FUTURE

[estark, 2016/03/10 20:10:08]

nit: add trailing comma

[mab, 2016/03/11 04:18:41]

Done.

+};
 
-// Returns true if the system time is too far in the future or the user is
-// using a version of Chrome which is more than 1 year old.
-bool IsUserClockInTheFuture(const base::Time& time_now);
+// Returns the current state of the clock.  The states are documented with the
+// |CLOCK_STATE| enum.  A result from network time, if available, will always be
+// preferred to a result from the build time.
+ClockState GetClockState(
+    const base::Time& now_system,
+    const network_time::NetworkTimeTracker* network_time_tracker);
 
 // Returns true if |hostname| is too broad for the scope of a wildcard
 // certificate. E.g.:
@@ -67,6 +97,7 @@ bool GetWWWSubDomainMatch(const GURL& request_url,
 
 void RecordUMAStatistics(bool overridable,
                          const base::Time& current_time,
+                         const network_time::NetworkTimeTracker* network_time,
                          const GURL& request_url,
                          int cert_error,
                          const net::X509Certificate& cert);