added clock interstitial to chrome://interstitials

chrome/browser/ssl/ssl_blocking_page.cc

Index: chrome/browser/ssl/ssl_blocking_page.cc
diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc
index ecf70291056c8b47e64f534c76b29a09aad97083..82e63340e2e1f7502b34dd218101787785888df2 100644
--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -205,6 +205,7 @@ bool IsErrorDueToBadClock(const base::Time& now, int error) {
           SSLErrorInfo::CERT_DATE_INVALID) {
     return false;
   }
+

[lgarron, 2015/02/19 22:57:06]

Nit: I try to avoid introducing extra whitespace, just to make the diffs as
minimal and easy to read as possible.

[felt, 2015/02/20 16:01:53]

looks like you haven't addressed this?

[fahl, 2015/02/23 23:47:49]

Acknowledged.

   return SSLErrorClassification::IsUserClockInThePast(now) ||
       SSLErrorClassification::IsUserClockInTheFuture(now);
 }
@@ -232,9 +233,18 @@ SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents,
       strict_enforcement_((options_mask & STRICT_ENFORCEMENT) != 0),
       expired_but_previously_allowed_(
           (options_mask & EXPIRED_BUT_PREVIOUSLY_ALLOWED) != 0) {
-  interstitial_reason_ =
-      IsErrorDueToBadClock(base::Time::NowFromSystemTime(), cert_error_) ?
-      SSL_REASON_BAD_CLOCK : SSL_REASON_SSL;
+  // somehow we need to override the clockcheck - otherwise the interstitial
+  // will not be shown
+  std::string testHost("yourclockiswrong.com");

[lgarron, 2015/02/19 22:57:06]

If we have to hardcode a website, I think we should try to avoid something that
can conflict with a real website.

It seems the appropriate reserved TLD for this is .example:
https://tools.ietf.org/html/rfc2606#section-2
Maybe something like badclock.example?

I've spent a while trying to understand if this is needed; if you use the
"clock_error=1" URL parameter, does CERT_DATE_INVALID propagate here?

[felt, 2015/02/19 23:16:07]

We probably shouldn't be hardcoding anything for a test into production code. Is
there a better way to do this?

+  if ((SSLErrorInfo::NetErrorToErrorType(cert_error_) ==
+          SSLErrorInfo::CERT_DATE_INVALID) &&
+     (request_url.host().compare(testHost) == 0)) {
+    interstitial_reason_ = SSL_REASON_BAD_CLOCK;
+  } else {
+    interstitial_reason_ =
+        IsErrorDueToBadClock(base::Time::NowFromSystemTime(), cert_error_) ?
+        SSL_REASON_BAD_CLOCK : SSL_REASON_SSL;
+  }
 
   // We collapse the Rappor metric name to just "ssl" so we don't leak
   // the "overridable" bit.  We skip Rappor altogether for bad clocks.