Index: components/ssl_errors/error_classification.h |
diff --git a/components/ssl_errors/error_classification.h b/components/ssl_errors/error_classification.h |
index d15adb292fc80c3e59a27d4875bfeb0455099c73..f88e2568dde46aac5d4f61e14fb892cf9466ade4 100644 |
--- a/components/ssl_errors/error_classification.h |
+++ b/components/ssl_errors/error_classification.h |
@@ -18,18 +18,48 @@ namespace net { |
class X509Certificate; |
} |
+namespace network_time { |
+class NetworkTimeTracker; |
+} |
+ |
namespace ssl_errors { |
typedef std::vector<std::string> HostnameTokens; |
// Methods for identifying specific error causes. ------------------------------ |
-// Returns true if the system time is in the past. |
-bool IsUserClockInThePast(const base::Time& time_now); |
+// What is known about the accuracy of system clock. Note that these do not |
+// represent a uniform level of certainty! The names are prefixed by the source |
+// of the information. |
+enum ClockState { |
+ // Not known whether system clock is close enough. |
+ CLOCK_STATE_UNKNOWN, |
+ |
+ // System clock is "close enough", per network time. |
+ CLOCK_STATE_NETWORK_OK, |
+ |
+ // System clock is behind the network time, i.e. in the past. |
+ CLOCK_STATE_NETWORK_PAST, |
+ |
+ // System clock is ahead of the network time, i.e. in the future. |
+ CLOCK_STATE_NETWORK_FUTURE, |
+ |
+ // System clock is behind the build time (which should be impossible, so it |
+ // probably means the system clock is behind). |
+ CLOCK_STATE_BUILD_PAST, |
+ |
+ // System clock is so far ahead of the build time that either this is a very |
+ // old binary or the clock is ahead. (This is a slightly weaker indication |
+ // than the other values of this enum.) |
+ CLOCK_STATE_BUILD_FUTURE, |
+}; |
-// Returns true if the system time is too far in the future or the user is |
-// using a version of Chrome which is more than 1 year old. |
-bool IsUserClockInTheFuture(const base::Time& time_now); |
+// Returns the current state of the clock. The states are documented with the |
+// |CLOCK_STATE| enum. A result from network time, if available, will always be |
+// preferred to a result from the build time. |
+ClockState GetClockState( |
+ const base::Time& now_system, |
+ const network_time::NetworkTimeTracker* network_time_tracker); |
// Returns true if |hostname| is too broad for the scope of a wildcard |
// certificate. E.g.: |
@@ -67,6 +97,7 @@ bool GetWWWSubDomainMatch(const GURL& request_url, |
void RecordUMAStatistics(bool overridable, |
const base::Time& current_time, |
+ const network_time::NetworkTimeTracker* network_time, |
const GURL& request_url, |
int cert_error, |
const net::X509Certificate& cert); |