Calculate severity score for date_invalid error

chrome/browser/ssl/ssl_severity_date_invalid.cc

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/ssl_severity_date_invalid.h"
+
+#include "base/build_time.h"
+#include "base/time/time.h"
+#include "chrome/browser/browser_process.h"
+#include "components/network_time/network_time_tracker.h"
+#include "net/cert/x509_certificate.h"
+
+using base::Time;
+using base::TimeTicks;
+using base::TimeDelta;
+
+SSLSeverityDateInvalid::SSLSeverityDateInvalid(
+    base::Time current_time,
+    net::X509Certificate* cert)
+  : current_time_(current_time),
+  cert_(cert) { }
+
+SSLSeverityDateInvalid::~SSLSeverityDateInvalid() { }
+
+float SSLSeverityDateInvalid::ServerCharacteristics(){
+  if (cert_->HasExpired()) {
+    return 0.3 * TimePassedSinceExpiry();
+  }
+  if (current_time_ < cert_->valid_start())
+    return 0.2;
+  return 0.0;
+}
+
+float SSLSeverityDateInvalid::ClientCharacteristics() {
+  float severity_client_score = 0.0;
+  severity_client_score = 0.75 * IsUserClockWrong();
+  //TODO(radhikabhar): Check website settings.
+  return severity_client_score;
+}
+
+float SSLSeverityDateInvalid::TimePassedSinceExpiry() {
+  base::TimeDelta delta = current_time_ - cert_->valid_expiry();
+  int64 time_passed = delta.InDays();
+  const int kHighThreshold = 7;
+  const int kLowThreshold = 4;
+  if (time_passed >= kHighThreshold)
+    return 0.4;
+  else if (time_passed >= kLowThreshold)
+    return 0.3;
+  else
+    return 0.2;
+}
+
+float SSLSeverityDateInvalid::IsUserClockWrong() {

[felt, 2014/07/07 22:01:34]

It doesn't make sense to have both ::IsUserClockWrong and
::IsErrorProbablyCausedByClock. Can you combine the two?

[radhikabhar, 2014/07/09 17:17:12]

Done.

+  base::Time network_time;
+  base::TimeDelta uncertainty;
+  if (!g_browser_process->network_time_tracker()->GetNetworkTime(
+      base::TimeTicks::Now(), &network_time, &uncertainty)) {
+    // When network time has not been initialized yet, simply rely on the
+    // machine's build time.
+    network_time = base::GetBuildTime();

[felt, 2014/07/07 22:01:34]

Why not check *both* the build time and the network time? Then return true if
either one fails.

[radhikabhar, 2014/07/09 17:17:12]

Done.

+  }
+  if (current_time_ < network_time - base::TimeDelta::FromDays(1)) {
+    return 0.1;
+  }
+  if (current_time_ > network_time + base::TimeDelta::FromDays(1)) {
+    return 0.1;
+  }
+  return 0.9;
+}