Improve the SSL error display when the clock is wrong.

chrome/browser/ssl/ssl_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 
 #include "base/build_time.h"
 #include "base/command_line.h"
 #include "base/i18n/rtl.h"
 #include "base/i18n/time_formatting.h"
@@ skipping 262 matching lines @@
 #if !defined(OS_CHROMEOS)
   base::LaunchOptions options;
   options.wait = false;
 #if defined(OS_LINUX)
   options.allow_new_privs = true;
 #endif
   base::LaunchProcess(command, options, NULL);
 #endif
 }
 
+bool IsErrorDueToBadClock(const base::Time& now, int error) {
+  if (SSLErrorInfo::NetErrorToErrorType(error) !=
+          SSLErrorInfo::CERT_DATE_INVALID) {
+    return false;
+  }
+  return SSLErrorClassification::IsUserClockInThePast(now) ||
+      SSLErrorClassification::IsUserClockInTheFuture(now);
+}
+
 }  // namespace
 
 // Note that we always create a navigation entry with SSL errors.
 // No error happening loading a sub-resource triggers an interstitial so far.
 SSLBlockingPage::SSLBlockingPage(
     content::WebContents* web_contents,
     int cert_error,
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
     bool overridable,
@@ skipping 101 matching lines @@
     base::i18n::WrapStringWithLTRFormatting(&url);
   webui::SetFontAndTextDirection(&load_time_data);
 
   // Shared values for both the overridable and non-overridable versions.
   load_time_data.SetBoolean("ssl", true);
   load_time_data.SetBoolean("overridable", overridable_);
   load_time_data.SetString(
       "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE));
   load_time_data.SetString(
       "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING));
-  if ((SSLErrorClassification::IsUserClockInThePast(
-      base::Time::NowFromSystemTime()))
-      && (SSLErrorInfo::NetErrorToErrorType(cert_error_) ==
-          SSLErrorInfo::CERT_DATE_INVALID)) {
+
+  base::Time now = base::Time::NowFromSystemTime();
+  bool bad_clock = IsErrorDueToBadClock(now, cert_error_);
+  if (bad_clock) {
     load_time_data.SetString("primaryParagraph",
                              l10n_util::GetStringFUTF16(
                                  IDS_SSL_CLOCK_ERROR,
                                  url,
-                                 base::TimeFormatShortDate(base::Time::Now())));
+                                 base::TimeFormatShortDate(now)));
   } else {
     load_time_data.SetString(
         "primaryParagraph",
         l10n_util::GetStringFUTF16(IDS_SSL_V2_PRIMARY_PARAGRAPH, url));
   }
+
   load_time_data.SetString(
      "openDetails",
      l10n_util::GetStringUTF16(IDS_SSL_V2_OPEN_DETAILS_BUTTON));
   load_time_data.SetString(
      "closeDetails",
      l10n_util::GetStringUTF16(IDS_SSL_V2_CLOSE_DETAILS_BUTTON));
   load_time_data.SetString("errorCode", net::ErrorToString(cert_error_));
 
-  if (overridable_) {  // Overridable.
+  if (overridable_) {
     SSLErrorInfo error_info =
         SSLErrorInfo::CreateError(
             SSLErrorInfo::NetErrorToErrorType(cert_error_),
             ssl_info_.cert.get(),
             request_url_);
-    load_time_data.SetString(
-        "explanationParagraph", error_info.details());
+    if (bad_clock) {
+      load_time_data.SetString("explanationParagraph",
+                               l10n_util::GetStringFUTF16(
+                                   IDS_SSL_CLOCK_ERROR_EXPLANATION, url));
+    } else {
+      load_time_data.SetString("explanationParagraph", error_info.details());
+    }
     load_time_data.SetString(
         "primaryButtonText",
         l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
     load_time_data.SetString(
         "finalParagraph",
-        l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH, url));
-  } else {  // Non-overridable.
-    load_time_data.SetBoolean("overridable", false);
+        l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH,
+                                   url));
+  } else {
     SSLErrorInfo::ErrorType type =
         SSLErrorInfo::NetErrorToErrorType(cert_error_);
     if (type == SSLErrorInfo::CERT_INVALID && SSLErrorClassification::
         IsWindowsVersionSP3OrLower()) {
       load_time_data.SetString(
           "explanationParagraph",
           l10n_util::GetStringFUTF16(
               IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3, url));
+    } else if (bad_clock) {
+      load_time_data.SetString("explanationParagraph",
+                               l10n_util::GetStringFUTF16(
+                                   IDS_SSL_CLOCK_ERROR_EXPLANATION, url));
     } else {
       load_time_data.SetString("explanationParagraph",
                                l10n_util::GetStringFUTF16(
                                    IDS_SSL_NONOVERRIDABLE_MORE, url));
     }
     load_time_data.SetString(
         "primaryButtonText",
         l10n_util::GetStringUTF16(IDS_SSL_NONOVERRIDABLE_RELOAD_BUTTON));
     // Customize the help link depending on the specific error type.
     // Only mark as HSTS if none of the more specific error types apply, and use
@@ skipping 196 matching lines @@
     // sure we don't clear the captive portal flag, since the interstitial was
     // potentially caused by the captive portal.
     captive_portal_detected_ = captive_portal_detected_ ||
         (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL);
     // Also keep track of non-HTTP portals and error cases.
     captive_portal_no_response_ = captive_portal_no_response_ ||
         (results->result == captive_portal::RESULT_NO_RESPONSE);
   }
 #endif
 }