Improve the SSL error display when the clock is wrong.

chrome/browser/ssl/ssl_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 
 #include "base/build_time.h"
 #include "base/command_line.h"
 #include "base/i18n/rtl.h"
 #include "base/i18n/time_formatting.h"
@@ skipping 262 matching lines @@
 #if !defined(OS_CHROMEOS)
   base::LaunchOptions options;
   options.wait = false;
 #if defined(OS_LINUX)
   options.allow_new_privs = true;
 #endif
   base::LaunchProcess(command, options, NULL);
 #endif
 }
 
+bool IsErrorDueToBadClock(const base::Time& now, int error) {
+  if (SSLErrorInfo::NetErrorToErrorType(error) !=
+          SSLErrorInfo::CERT_DATE_INVALID) {
+    return false;
+  }
+  return SSLErrorClassification::IsUserClockInThePast(now) ||
+      SSLErrorClassification::IsUserClockInTheFuture(now);
+}
+
 }  // namespace
 
 // Note that we always create a navigation entry with SSL errors.
 // No error happening loading a sub-resource triggers an interstitial so far.
 SSLBlockingPage::SSLBlockingPage(
     content::WebContents* web_contents,
     int cert_error,
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
     bool overridable,
@@ skipping 101 matching lines @@
     base::i18n::WrapStringWithLTRFormatting(&url);
   webui::SetFontAndTextDirection(&load_time_data);
 
   // Shared values for both the overridable and non-overridable versions.
   load_time_data.SetBoolean("ssl", true);
   load_time_data.SetBoolean("overridable", overridable_);
   load_time_data.SetString(
       "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE));
   load_time_data.SetString(
       "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING));
-  if ((SSLErrorClassification::IsUserClockInThePast(
-      base::Time::NowFromSystemTime()))
-      && (SSLErrorInfo::NetErrorToErrorType(cert_error_) ==
-          SSLErrorInfo::CERT_DATE_INVALID)) {
+
+  base::Time now = base::Time::NowFromSystemTime();
+  bool bad_clock = IsErrorDueToBadClock(now, cert_error_);
+  if (bad_clock) {
     load_time_data.SetString("primaryParagraph",
                              l10n_util::GetStringFUTF16(
                                  IDS_SSL_CLOCK_ERROR,
                                  url,
-                                 base::TimeFormatShortDate(base::Time::Now())));
+                                 base::TimeFormatShortDate(now)));
   } else {
     load_time_data.SetString(
         "primaryParagraph",
         l10n_util::GetStringFUTF16(IDS_SSL_V2_PRIMARY_PARAGRAPH, url));
   }
+
   load_time_data.SetString(
      "openDetails",
      l10n_util::GetStringUTF16(IDS_SSL_V2_OPEN_DETAILS_BUTTON));
   load_time_data.SetString(
      "closeDetails",
      l10n_util::GetStringUTF16(IDS_SSL_V2_CLOSE_DETAILS_BUTTON));
   load_time_data.SetString("errorCode", net::ErrorToString(cert_error_));
 
-  if (overridable_) {  // Overridable.
+  if (overridable_) {
     SSLErrorInfo error_info =
         SSLErrorInfo::CreateError(
             SSLErrorInfo::NetErrorToErrorType(cert_error_),
             ssl_info_.cert.get(),
             request_url_);
-    load_time_data.SetString(
-        "explanationParagraph", error_info.details());
+    if (bad_clock) {
+      load_time_data.SetString("explanationParagraph",
+                               l10n_util::GetStringFUTF16(
+                                   IDS_SSL_CLOCK_ERROR_EXPLANATION, url));
+    } else {
+      load_time_data.SetString("explanationParagraph", error_info.details());
+    }
     load_time_data.SetString(
         "primaryButtonText",
         l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
-    load_time_data.SetString(
-        "finalParagraph",
-        l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH, url));
-  } else {  // Non-overridable.
-    load_time_data.SetBoolean("overridable", false);
+    if (!bad_clock) {

[felt, 2014/08/12 19:35:08]

The "final paragraph" is the sentence with a link to proceed through the error.
Removing the final paragraph has the effect of making it impossible to proceed
through the error.

Is that intentional? If so, perhaps you should set overridable_ to false and
follow that logic path. Otherwise, simply hiding the final paragraph will cause
the warning page to explode since it expects it to be there for an overridable
SSL error.

interstitial_v2.html assumes that finalParagraph is always set, and there will
be an error if it isn't:
<p i18n-values=".innerHTML:finalParagraph" id="final-paragraph"></p>

Similarly, interstitial_v2.js assumes that there is a proceed link in the
finalParagraph if the page is an overridable SSL warning:

  if (overridable) {
    $('proceed-link').addEventListener('click', function(event) {
      sendCommand(ssl ? CMD_PROCEED : SB_CMD_PROCEED);
    });
  } else if (!ssl) {
    $('final-paragraph').classList.add('hidden');
  }

[palmer, 2014/08/12 22:45:33]

No, it was an artefact of previous hacking. Fixed now.

+      load_time_data.SetString(
+          "finalParagraph",
+          l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH,
+                                     url));
+    }
+  } else {
     SSLErrorInfo::ErrorType type =
         SSLErrorInfo::NetErrorToErrorType(cert_error_);
     if (type == SSLErrorInfo::CERT_INVALID && SSLErrorClassification::
         IsWindowsVersionSP3OrLower()) {
       load_time_data.SetString(
           "explanationParagraph",
           l10n_util::GetStringFUTF16(
               IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3, url));
+    } else if (bad_clock) {
+      load_time_data.SetString("explanationParagraph",
+                               l10n_util::GetStringFUTF16(
+                                   IDS_SSL_CLOCK_ERROR_EXPLANATION, url));
     } else {
       load_time_data.SetString("explanationParagraph",
                                l10n_util::GetStringFUTF16(
                                    IDS_SSL_NONOVERRIDABLE_MORE, url));
     }
     load_time_data.SetString(
         "primaryButtonText",
         l10n_util::GetStringUTF16(IDS_SSL_NONOVERRIDABLE_RELOAD_BUTTON));
     // Customize the help link depending on the specific error type.
     // Only mark as HSTS if none of the more specific error types apply, and use
@@ skipping 196 matching lines @@
     // sure we don't clear the captive portal flag, since the interstitial was
     // potentially caused by the captive portal.
     captive_portal_detected_ = captive_portal_detected_ ||
         (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL);
     // Also keep track of non-HTTP portals and error cases.
     captive_portal_no_response_ = captive_portal_no_response_ ||
         (results->result == captive_portal::RESULT_NO_RESPONSE);
   }
 #endif
 }