Calculate severity score for date_invalid error

chrome/browser/ssl/ssl_error_classification.cc

Index: chrome/browser/ssl/ssl_error_classification.cc
diff --git a/chrome/browser/ssl/ssl_error_classification.cc b/chrome/browser/ssl/ssl_error_classification.cc
new file mode 100644
index 0000000000000000000000000000000000000000..adfb9c23be025b72c834eb0f74e2f943162870f6
--- /dev/null
+++ b/chrome/browser/ssl/ssl_error_classification.cc
@@ -0,0 +1,108 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/ssl_error_classification.h"
+
+#include "base/build_time.h"
+#include "base/metrics/field_trial.h"
+#include "base/metrics/histogram.h"
+#include "base/time/time.h"
+#include "chrome/browser/browser_process.h"
+#include "components/network_time/network_time_tracker.h"
+#include "net/cert/x509_certificate.h"
+
+using base::Time;
+using base::TimeTicks;
+using base::TimeDelta;
+
+namespace {
+
+// Events for UMA. Do not reorder or change!
+enum SSLInterstitialCause {
+   CLOCK_PAST,

[felt, 2014/07/10 18:41:10]

nit: how many spaces in the indentation here? it looks wrong

[radhikabhar, 2014/07/10 20:04:43]

Done.

+   CLOCK_FUTURE,
+   UNUSED_INTERSTITIAL_CAUSE_ENTRY,
+};
+
+void RecordSSLInterstitialCause(bool overridable, SSLInterstitialCause event) {
+  if (overridable) {
+    UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.cause.overridable", event,
+                              UNUSED_INTERSTITIAL_CAUSE_ENTRY);
+  } else {
+    UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.cause.nonoverridable", event,
+                              UNUSED_INTERSTITIAL_CAUSE_ENTRY);
+  }
+}
+
+} // namespace
+
+SSLErrorClassification::SSLErrorClassification(
+    base::Time current_time,
+    net::X509Certificate* cert)
+  : current_time_(current_time),
+    cert_(cert) { }
+
+SSLErrorClassification::~SSLErrorClassification() { }
+
+float SSLErrorClassification::InvalidDateSeverityScore() {
+  // Client side characterisitics. Check whether the user clock is wrong and
+  // whether he has encountered this error before or not.
+  float severity_date_score = 0.0;
+  if (IsUserClockInThePast(true, current_time_)  ||
+      IsUserClockInTheFuture(true, current_time_)) {
+    severity_date_score = 0.5 * 0.75 * 0.1;
+  } else {
+    severity_date_score = 0.5 * 0.75 * 1;
+  }
+  // TODO(radhikabhar): Check website settings.
+
+  // Server Side characterisitics. Check whether the certificate has expired or
+  // is not yet valid. If the certificate has expired then factor the time which
+  // has passed since expiry.
+  if (cert_->HasExpired()) {
+    severity_date_score += 0.5 * 0.3 *
+        CalculateScoreTimePassedSinceExpiry();
+  }
+  if (current_time_ < cert_->valid_start())
+    severity_date_score += 0.5 * 0.2;
+  return severity_date_score;
+}
+
+base::TimeDelta SSLErrorClassification::TimePassedSinceExpiry() {
+  base::TimeDelta delta = current_time_ - cert_->valid_expiry();
+  return delta;
+}
+
+float SSLErrorClassification::CalculateScoreTimePassedSinceExpiry() {
+  base::TimeDelta delta = TimePassedSinceExpiry();
+  int64 time_passed = delta.InDays();
+  const int kHighThreshold = 7;
+  const int kLowThreshold = 4;
+  if (time_passed >= kHighThreshold)
+    return 0.4;
+  else if (time_passed >= kLowThreshold)
+    return 0.3;
+  else
+    return 0.2;
+}
+
+bool SSLErrorClassification::IsUserClockInThePast(bool overridable,
+                                                  base::Time time_now) {
+  base::Time build_time = base::GetBuildTime();
+  if (time_now < build_time) {
+    RecordSSLInterstitialCause(overridable, CLOCK_PAST);

[felt, 2014/07/10 18:41:10]

since IsUserClockInThePast() has multiple call sites, it doesn't make sense to
do the UMA stat inside the method. can you add another method like:

void SSLErrorClassification::RecordUMAStatistics(bool overridable) {
  IsUserClockInThePast(...);
  IsUserClockInTheFuture(...);
}

then invoke SSLErrorClassificaiton::RecordUMAStatistics() from the
SSLBlockingPage() constructor. as a bonus, this means that IsUserClockInThePast
and IsUserClockInTheFuture no longer need to take the overridable bool in the
method name

[radhikabhar, 2014/07/10 20:04:43]

Done.

+    return true;
+  }
+  return false;
+}
+
+bool SSLErrorClassification::IsUserClockInTheFuture(bool overridable,
+                                                    base::Time time_now) {
+  base::Time build_time = base::GetBuildTime();
+  if (time_now > build_time + base::TimeDelta::FromDays(365)) {
+    RecordSSLInterstitialCause(overridable, CLOCK_FUTURE);
+    return true;
+  }
+  return false;
+}