chrome/browser/ssl/ssl_error_handler.cc - Issue 2449193002: Attempt an on-demand time fetch when encountering a date invalid error

Unified Diff: chrome/browser/ssl/ssl_error_handler.cc

Issue 2449193002: Attempt an on-demand time fetch when encountering a date invalid error (Closed)

Patch Set: Check that network time query state is as expected before triggering response Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/ssl/ssl_browser_tests.cc ('K') | « chrome/browser/ssl/ssl_error_handler.h ('k') | chrome/browser/ssl/ssl_error_handler_unittest.cc » ('j') | components/network_time/network_time_tracker.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/ssl/ssl_error_handler.cc

diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc

index b35cf835d7de62fdf1ae8d62be94aa0536accd4b..e9bce7b753272453fea007c4a94f2bc5309037d1 100644

--- a/chrome/browser/ssl/ssl_error_handler.cc

+++ b/chrome/browser/ssl/ssl_error_handler.cc

@@ -20,6 +20,7 @@

#include "chrome/browser/ssl/ssl_blocking_page.h"

#include "chrome/browser/ssl/ssl_cert_reporter.h"

#include "chrome/common/features.h"

+#include "components/network_time/network_time_tracker.h"

#include "components/ssl_errors/error_classification.h"

#include "components/ssl_errors/error_info.h"

#include "content/public/browser/notification_service.h"

@@ -56,6 +57,8 @@ SSLErrorHandler::TimerStartedCallback* g_timer_started_callback = nullptr;

// The clock to use when deciding which error type to display. Used for testing.

base::Clock* g_testing_clock = nullptr;

+network_time::NetworkTimeTracker* g_network_time_tracker = nullptr;

// Events for UMA.

enum SSLErrorHandlerEvent {

HANDLE_ALL,

@@ -183,6 +186,12 @@ void SSLErrorHandler::SetClockForTest(base::Clock* testing_clock) {

g_testing_clock = testing_clock;

}

+// static

+void SSLErrorHandler::SetNetworkTimeTrackerForTest(

+ network_time::NetworkTimeTracker* tracker) {

+ g_network_time_tracker = tracker;

SSLErrorHandler::SSLErrorHandler(

content::WebContents* web_contents,

int cert_error,

@@ -199,7 +208,8 @@ SSLErrorHandler::SSLErrorHandler(

options_mask_(options_mask),

callback_(callback),

profile_(Profile::FromBrowserContext(web_contents->GetBrowserContext())),

- ssl_cert_reporter_(std::move(ssl_cert_reporter)) {}

+ ssl_cert_reporter_(std::move(ssl_cert_reporter)),

+ weak_ptr_factory_(this) {}

SSLErrorHandler::~SSLErrorHandler() {

}

@@ -207,18 +217,10 @@ SSLErrorHandler::~SSLErrorHandler() {

void SSLErrorHandler::StartHandlingError() {

RecordUMA(HANDLE_ALL);

- const base::Time now = g_testing_clock == nullptr

- ? base::Time::NowFromSystemTime()

- : g_testing_clock->Now();

if (ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_) ==

ssl_errors::ErrorInfo::CERT_DATE_INVALID) {

- ssl_errors::ClockState clock_state = ssl_errors::GetClockState(

- now, g_browser_process->network_time_tracker());

- if (clock_state == ssl_errors::CLOCK_STATE_FUTURE ||

- clock_state == ssl_errors::CLOCK_STATE_PAST) {

- ShowBadClockInterstitial(now, clock_state);

- return; // |this| is deleted after showing the interstitial.

- }

+ HandleCertDateInvalidError();

+ return;

}

std::vector<std::string> dns_names;

@@ -421,3 +423,46 @@ void SSLErrorHandler::DeleteSSLErrorHandler() {

// Deletes |this| and also destroys the timer.

web_contents_->RemoveUserData(UserDataKey());

}

+void SSLErrorHandler::HandleCertDateInvalidError() {

+ network_time::NetworkTimeTracker* tracker =

+ g_network_time_tracker ? g_network_time_tracker

+ : g_browser_process->network_time_tracker();

+ timer_.Start(FROM_HERE, base::TimeDelta::FromMilliseconds(

+ g_interstitial_delay_in_milliseconds),

+ base::Bind(&SSLErrorHandler::HandleCertDateInvalidErrorImpl,

+ base::Unretained(this)));

+ // Try kicking off a time fetch to get an up-to-date estimate of the

+ // true time. This will only have an effect if network time is

+ // unavailable or if there is not already a query in progress.

+ //

+ // Pass a weak pointer as the callback; if the timer fires before the

+ // fetch completes and shows an interstitial, this SSLErrorHandler

+ // will be deleted.

+ if (!tracker->StartTimeFetch(

+ base::Bind(&SSLErrorHandler::HandleCertDateInvalidErrorImpl,

+ weak_ptr_factory_.GetWeakPtr()))) {

+ HandleCertDateInvalidErrorImpl();

+ return;

+ }

+ if (g_timer_started_callback)

+ g_timer_started_callback->Run(web_contents_);

+void SSLErrorHandler::HandleCertDateInvalidErrorImpl() {

+ network_time::NetworkTimeTracker* tracker =

+ g_network_time_tracker ? g_network_time_tracker

+ : g_browser_process->network_time_tracker();

+ timer_.Stop();

+ const base::Time now = g_testing_clock == nullptr

+ ? base::Time::NowFromSystemTime()

+ : g_testing_clock->Now();

+ ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker);

+ if (clock_state == ssl_errors::CLOCK_STATE_FUTURE ||

+ clock_state == ssl_errors::CLOCK_STATE_PAST) {

+ ShowBadClockInterstitial(now, clock_state);

+ return; // |this| is deleted after showing the interstitial.

+ }

+ ShowSSLInterstitial();