Adding the Finch code for the certificate error reporter experiment

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
+#include "base/metrics/field_trial.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
 #include "chrome/browser/net/certificate_error_reporter.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/ping_manager.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/browser_navigator.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "components/variations/variations_associated_data.h"
 #include "components/web_modal/web_contents_modal_dialog_manager.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/render_widget_host_view.h"
 #include "content/public/browser/web_contents.h"
@@ skipping 23 matching lines @@
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 using content::SSLStatus;
 using content::WebContents;
 using web_modal::WebContentsModalDialogManager;
 
 const base::FilePath::CharType kDocRoot[] =
     FILE_PATH_LITERAL("chrome/test/data");
 
+// Const for the Finch group DontShowDontSend
+const char kHTTPSErrorReporterFinchGroupDontShowDontSend[] =
+    "DontShowAndDontSend";
+
 namespace {
 
 class ProvisionalLoadWaiter : public content::WebContentsObserver {
  public:
   explicit ProvisionalLoadWaiter(WebContents* tab)
     : WebContentsObserver(tab), waiting_(false), seen_(false) {}
 
   void Wait() {
     if (seen_)
       return;
@@ skipping 379 matching lines @@
 
     if (expect_report == CertificateReporting::CERT_REPORT_EXPECTED) {
       // Check that the mock reporter received a request to send a report.
       EXPECT_EQ(https_server_expired_.GetURL("/").host(),
                 reporter_->latest_hostname_reported());
     } else {
       EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
     }
   }
 
+  // Helper function to set the Finch options
+  void SetCertReportingFinchConfig(const std::string& group_name,
+                                   const std::string& param_value) {
+    base::FieldTrialList::CreateFieldTrial(
+        kHTTPSErrorReporterFinchExperimentName, group_name);
+    if (!param_value.empty()) {
+      std::map<std::string, std::string> params;
+      params[kHTTPSErrorReporterFinchParamName] = param_value;
+      variations::AssociateVariationParams(
+          kHTTPSErrorReporterFinchExperimentName, group_name, params);
+    }
+  }
+
+  // Helper function to set the Finch options in case we have no parameter
+  void SetCertReportingFinchConfig(const std::string& group_name) {
+    SetCertReportingFinchConfig(group_name, std::string());
+  }
+
   net::SpawnedTestServer https_server_;
   net::SpawnedTestServer https_server_expired_;
   net::SpawnedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
 
  private:
   typedef net::SpawnedTestServer::SSLOptions SSLOptions;
   CertificateReporting::MockReporter* reporter_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLUITest);
@@ skipping 25 matching lines @@
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors on localhost.
     command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
   }
 };
 
 class SSLUITestWithExtendedReporting : public SSLUITest {
  public:
   SSLUITestWithExtendedReporting() : SSLUITest() {}
-
-  void SetUpCommandLine(base::CommandLine* command_line) override {
-    // Enable a checkbox on SSL interstitials that allows users to opt
-    // in to reporting invalid certificate chains.
-    command_line->AppendSwitch(switches::kEnableInvalidCertCollection);
-  }
 };
 
 // Visits a regular page over http.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
   ASSERT_TRUE(test_server()->Start());
 
   ui_test_utils::NavigateToURL(browser(),
                                test_server()->GetURL("files/ssl/google.html"));
 
   CheckUnauthenticatedState(
@@ skipping 579 matching lines @@
       &replacement_path));
 
   // Load a page that displays insecure content.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
-// Test that when the checkbox is checked and the user proceeds through
-// the interstitial, the FraudulentCertificateReporter sees a request to
-// send a report.
-IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
-                       TestBrokenHTTPSProceedWithReporting) {
+// User proceeds, checkbox is shown and checked, Finch parameter is set
+// -> we expect a report.
+IN_PROC_BROWSER_TEST_F(
+    SSLUITestWithExtendedReporting,
+    TestBrokenHTTPSProceedWithShowYesCheckYesParamYesReportYes) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "1.0");
   TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
                            CertificateReporting::SSL_INTERSTITIAL_PROCEED,
                            CertificateReporting::CERT_REPORT_EXPECTED,
                            browser());
 }
 
-// Test that when the checkbox is checked and the user goes back (does
-// not proceed through the interstitial), the
-// FraudulentCertificateReporter sees a request to send a report.
-IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
-                       TestBrokenHTTPSGoBackWithReporting) {
+// User goes back, checkbox is shown and checked, Finch parameter is set
+// -> we expect a report.
+IN_PROC_BROWSER_TEST_F(
+    SSLUITestWithExtendedReporting,
+    TestBrokenHTTPSGoBackWithShowYesCheckYesParamYesReportYes) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "1.0");
   TestBrokenHTTPSReporting(
       CertificateReporting::EXTENDED_REPORTING_OPT_IN,
       CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
       CertificateReporting::CERT_REPORT_EXPECTED, browser());
 }
 
-// Test that when the checkbox is not checked and the user proceeds
-// through the interstitial, the FraudulentCertificateReporter does not
-// see a request to send a report.
-IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
-                       TestBrokenHTTPSProceedWithNoReporting) {
+// User proceeds, checkbox is shown but unchecked, Finch parameter is set
+// -> we expect no report.
+IN_PROC_BROWSER_TEST_F(
+    SSLUITestWithExtendedReporting,
+    TestBrokenHTTPSProceedWithShowYesCheckNoParamYesReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "1.0");
   TestBrokenHTTPSReporting(
       CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
       CertificateReporting::SSL_INTERSTITIAL_PROCEED,
       CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
 }
 
-// Test that when the checkbox is not checked and the user does not proceed
-// through the interstitial, the FraudulentCertificateReporter does not
-// see a request to send a report.
+// User goes back, checkbox is shown but unchecked, Finch parameter is set
+// -> we expect no report.
 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
-                       TestBrokenHTTPSGoBackWithNoReporting) {
+                       TestBrokenHTTPSGoBackShowYesCheckNoParamYesReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "1.0");
   TestBrokenHTTPSReporting(
       CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
       CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
       CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
 }
 
-// Test that when the command-line switch for reporting invalid cert
-// chains is not enabled, reports don't get sent, even if the opt-in
-// preference is set. (i.e. if a user enables invalid cert collection in
-// chrome://flags, checks the box on an interstitial, and then disables
-// the flag in chrome://flags, reports shouldn't be sent on the next
-// interstitial).
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) {
+// User proceeds, checkbox is shown and checked, Finch parameter is not
+// set -> we expect no report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSProceedShowYesCheckYesParamNoReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "-1.0");
   TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
                            CertificateReporting::SSL_INTERSTITIAL_PROCEED,
                            CertificateReporting::CERT_REPORT_NOT_EXPECTED,
                            browser());
 }
 
-// Test that reports don't get sent in incognito mode even if the opt-in
-// preference is set and the command-line switch is enabled.
+// User goes back, checkbox is shown and checked, Finch parameter is not set
+// -> we expect no report.
 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
-                       TestBrokenHTTPSNoReportingInIncognito) {
+                       TestBrokenHTTPSGoBackShowYesCheckYesParamNoReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "-1.0");
+  TestBrokenHTTPSReporting(
+      CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+      CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
+      CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
+}
+
+// User proceeds, checkbox is not shown but checked -> we expect no report
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSProceedShowNoCheckYesReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupDontShowDontSend);
+  TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+                           CertificateReporting::SSL_INTERSTITIAL_PROCEED,
+                           CertificateReporting::CERT_REPORT_NOT_EXPECTED,
+                           browser());
+}
+
+// Browser is incognito, user proceeds, checkbox is shown and checked, Finch
+// parameter is set -> we expect no report
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSInIncognitoReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "1.0");
   TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
                            CertificateReporting::SSL_INTERSTITIAL_PROCEED,
                            CertificateReporting::CERT_REPORT_NOT_EXPECTED,
                            CreateIncognitoBrowser());
 }
 
+// User proceeds, checkbox is shown and checked, Finch parameter is invalid
+// -> we expect no report.
+IN_PROC_BROWSER_TEST_F(
+    SSLUITestWithExtendedReporting,
+    TestBrokenHTTPSProceedWithShowYesCheckYesParamInvalidReportNo) {
+  SetCertReportingFinchConfig(kHTTPSErrorReporterFinchGroupShowPossiblySend,
+                              "abcdef");
+  TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+                           CertificateReporting::SSL_INTERSTITIAL_PROCEED,
+                           CertificateReporting::CERT_REPORT_NOT_EXPECTED,
+                           browser());
+}
+
 // Visits a page that runs insecure content and tries to suppress the insecure
 // content warnings by randomizing location.hash.
 // Based on http://crbug.com/8706
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        TestRunsInsecuredContentRandomizeHash) {
   ASSERT_TRUE(test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
       "files/ssl/page_runs_insecure_content.html"));
@@ skipping 949 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.