Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(696)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/ssl_errors/error_classification.h

Issue 1772143002: Use network time for bad clock interstitial. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: estark review 2 Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/security_interstitials/core/bad_clock_ui.cc ('K') | « components/ssl_errors/DEPS ('k') | components/ssl_errors/error_classification.cc » ('j') | components/ssl_errors/error_classification.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/ssl_errors/error_classification.h
diff --git a/components/ssl_errors/error_classification.h b/components/ssl_errors/error_classification.h
index d15adb292fc80c3e59a27d4875bfeb0455099c73..f88e2568dde46aac5d4f61e14fb892cf9466ade4 100644
--- a/components/ssl_errors/error_classification.h
+++ b/components/ssl_errors/error_classification.h
@@ -18,18 +18,48 @@ namespace net {
class X509Certificate;
}
+namespace network_time {
+class NetworkTimeTracker;
+}
+
namespace ssl_errors {
typedef std::vector<std::string> HostnameTokens;
// Methods for identifying specific error causes. ------------------------------
-// Returns true if the system time is in the past.
-bool IsUserClockInThePast(const base::Time& time_now);
+// What is known about the accuracy of system clock. Note that these do not
+// represent a uniform level of certainty! The names are prefixed by the source
+// of the information.
+enum ClockState {
+ // Not known whether system clock is close enough.
+ CLOCK_STATE_UNKNOWN,
+
+ // System clock is "close enough", per network time.
+ CLOCK_STATE_NETWORK_OK,
+
+ // System clock is behind the network time, i.e. in the past.
+ CLOCK_STATE_NETWORK_PAST,
+
+ // System clock is ahead of the network time, i.e. in the future.
+ CLOCK_STATE_NETWORK_FUTURE,
+
+ // System clock is behind the build time (which should be impossible, so it
+ // probably means the system clock is behind).
+ CLOCK_STATE_BUILD_PAST,
+
+ // System clock is so far ahead of the build time that either this is a very
+ // old binary or the clock is ahead. (This is a slightly weaker indication
+ // than the other values of this enum.)
+ CLOCK_STATE_BUILD_FUTURE,
+};
-// Returns true if the system time is too far in the future or the user is
-// using a version of Chrome which is more than 1 year old.
-bool IsUserClockInTheFuture(const base::Time& time_now);
+// Returns the current state of the clock. The states are documented with the
+// |CLOCK_STATE| enum. A result from network time, if available, will always be
+// preferred to a result from the build time.
+ClockState GetClockState(
+ const base::Time& now_system,
+ const network_time::NetworkTimeTracker* network_time_tracker);
// Returns true if |hostname| is too broad for the scope of a wildcard
// certificate. E.g.:
@@ -67,6 +97,7 @@ bool GetWWWSubDomainMatch(const GURL& request_url,
void RecordUMAStatistics(bool overridable,
const base::Time& current_time,
+ const network_time::NetworkTimeTracker* network_time,
const GURL& request_url,
int cert_error,
const net::X509Certificate& cert);
« components/security_interstitials/core/bad_clock_ui.cc ('K') | « components/ssl_errors/DEPS ('k') | components/ssl_errors/error_classification.cc » ('j') | components/ssl_errors/error_classification.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698