chrome/browser/ssl/ssl_severity_date_invalid.cc - Issue 376663002: Calculate severity score for date_invalid error

Unified Diff: chrome/browser/ssl/ssl_severity_date_invalid.cc

Issue 376663002: Calculate severity score for date_invalid error (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Added test cases Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/ssl/ssl_severity_date_invalid.h ('K') | « chrome/browser/ssl/ssl_severity_date_invalid.h ('k') | chrome/browser/ssl/ssl_severity_date_invalid_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/ssl/ssl_severity_date_invalid.cc

diff --git a/chrome/browser/ssl/ssl_severity_date_invalid.cc b/chrome/browser/ssl/ssl_severity_date_invalid.cc

new file mode 100644

index 0000000000000000000000000000000000000000..95de194e55f2856cddfdd1162fc9660657501af3

--- /dev/null

+++ b/chrome/browser/ssl/ssl_severity_date_invalid.cc

@@ -0,0 +1,70 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "chrome/browser/ssl/ssl_severity_date_invalid.h"

+#include "base/build_time.h"

+#include "base/time/time.h"

+#include "chrome/browser/browser_process.h"

+#include "components/network_time/network_time_tracker.h"

+#include "net/cert/x509_certificate.h"

+using base::Time;

+using base::TimeTicks;

+using base::TimeDelta;

+SSLSeverityDateInvalid::SSLSeverityDateInvalid(

+ base::Time current_time,

+ net::X509Certificate* cert)

+ : current_time_(current_time),

+ cert_(cert) { }

+SSLSeverityDateInvalid::~SSLSeverityDateInvalid() { }

+float SSLSeverityDateInvalid::ServerCharacteristics(){

+ if (cert_->HasExpired()) {

+ return 0.3 * TimePassedSinceExpiry();

+ }

+ if (current_time_ < cert_->valid_start())

+ return 0.2;

+ return 0.0;

+float SSLSeverityDateInvalid::ClientCharacteristics() {

+ float severity_client_score = 0.0;

+ severity_client_score = 0.75 * IsUserClockWrong();

+ //TODO(radhikabhar): Check website settings.

+ return severity_client_score;

+float SSLSeverityDateInvalid::TimePassedSinceExpiry() {

+ base::TimeDelta delta = current_time_ - cert_->valid_expiry();

+ int64 time_passed = delta.InDays();

+ const int kHighThreshold = 7;

+ const int kLowThreshold = 4;

+ if (time_passed >= kHighThreshold)

+ return 0.4;

+ else if (time_passed >= kLowThreshold)

+ return 0.3;

+ else

+ return 0.2;

+float SSLSeverityDateInvalid::IsUserClockWrong() {

felt 2014/07/07 22:01:34 It doesn't make sense to have both ::IsUserClockWr

radhikabhar 2014/07/09 17:17:12 Done.

+ base::Time network_time;

+ base::TimeDelta uncertainty;

+ if (!g_browser_process->network_time_tracker()->GetNetworkTime(

+ base::TimeTicks::Now(), &network_time, &uncertainty)) {

+ // When network time has not been initialized yet, simply rely on the

+ // machine's build time.

+ network_time = base::GetBuildTime();

felt 2014/07/07 22:01:34 Why not check *both* the build time and the networ

radhikabhar 2014/07/09 17:17:12 Done.

+ }

+ if (current_time_ < network_time - base::TimeDelta::FromDays(1)) {

+ return 0.1;

+ }

+ if (current_time_ > network_time + base::TimeDelta::FromDays(1)) {

+ return 0.1;

+ }

+ return 0.9;