Distinguish between SCT invalidity reasons in UMA

chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h"
 
 #include <string>
 
 #include "base/base64.h"
 #include "base/command_line.h"
@@ skipping 115 matching lines @@
 
     switch (status) {
       case net::ct::SCT_STATUS_LOG_UNKNOWN:
         // SCTs from unknown logs only have an origin.
         EXPECT_FALSE(report_sct->HasKey("sct"));
         EXPECT_FALSE(report_sct->HasKey("id"));
         if (SCTOriginStringToOrigin(origin) == sct->origin)
           found = true;
         break;
 
-      case net::ct::SCT_STATUS_INVALID: {
+      case net::ct::SCT_STATUS_INVALID_SIGNATURE:
+      case net::ct::SCT_STATUS_INVALID_TIMESTAMP: {
         // Invalid SCTs have a log id and an origin and nothing else.
         EXPECT_FALSE(report_sct->HasKey("sct"));
         std::string id_base64;
         ASSERT_TRUE(report_sct->GetString("id", &id_base64));
         std::string id;
         ASSERT_TRUE(base::Base64Decode(id_base64, &id));
         if (SCTOriginStringToOrigin(origin) == sct->origin && id == sct->log_id)
           found = true;
         break;
       }
@@ skipping 43 matching lines @@
     const base::ListValue& valid_scts) {
   EXPECT_EQ(
       expected_scts.size(),
       unknown_scts.GetSize() + invalid_scts.GetSize() + valid_scts.GetSize());
   for (const auto& expected_sct : expected_scts) {
     switch (expected_sct.status) {
       case net::ct::SCT_STATUS_LOG_UNKNOWN:
         ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
             expected_sct.sct, net::ct::SCT_STATUS_LOG_UNKNOWN, unknown_scts));
         break;
-      case net::ct::SCT_STATUS_INVALID:
+      case net::ct::SCT_STATUS_INVALID_SIGNATURE:
         ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
-            expected_sct.sct, net::ct::SCT_STATUS_INVALID, invalid_scts));
+            expected_sct.sct, net::ct::SCT_STATUS_INVALID_SIGNATURE,
+            invalid_scts));
+        break;
+      case net::ct::SCT_STATUS_INVALID_TIMESTAMP:
+        ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
+            expected_sct.sct, net::ct::SCT_STATUS_INVALID_TIMESTAMP,
+            invalid_scts));
         break;
       case net::ct::SCT_STATUS_OK:
         ASSERT_NO_FATAL_FAILURE(FindSCTInReportList(
             expected_sct.sct, net::ct::SCT_STATUS_OK, valid_scts));
         break;
       default:
         NOTREACHED();
     }
   }
 }
@@ skipping 221 matching lines @@
                        net::ct::SCT_STATUS_LOG_UNKNOWN,
                        &ssl_info.signed_certificate_timestamps);
   MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
                        "unknown_log_id2", "extensions2", "signature2", now,
                        net::ct::SCT_STATUS_LOG_UNKNOWN,
                        &ssl_info.signed_certificate_timestamps);
 
   MakeTestSCTAndStatus(
       net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
       "invalid_log_id1", "extensions1", "signature1", now,
-      net::ct::SCT_STATUS_INVALID, &ssl_info.signed_certificate_timestamps);
+      net::ct::SCT_STATUS_INVALID_TIMESTAMP,
+      &ssl_info.signed_certificate_timestamps);
+
+  MakeTestSCTAndStatus(
+      net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION,
+      "invalid_log_id1", "extensions1", "signature1", now,
+      net::ct::SCT_STATUS_INVALID_SIGNATURE,
+      &ssl_info.signed_certificate_timestamps);
+
   MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
                        "invalid_log_id2", "extensions2", "signature2", now,
-                       net::ct::SCT_STATUS_INVALID,
+                       net::ct::SCT_STATUS_INVALID_SIGNATURE,
                        &ssl_info.signed_certificate_timestamps);
 
   MakeTestSCTAndStatus(
       net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE,
       "valid_log_id1", "extensions1", "signature1", now, net::ct::SCT_STATUS_OK,
       &ssl_info.signed_certificate_timestamps);
   MakeTestSCTAndStatus(net::ct::SignedCertificateTimestamp::SCT_EMBEDDED,
                        "valid_log_id2", "extensions2", "signature2", now,
                        net::ct::SCT_STATUS_OK,
                        &ssl_info.signed_certificate_timestamps);
 
   net::HostPortPair host_port("example.test", 443);
   GURL report_uri("http://example-report.test");
 
   // Check that the report is sent and contains the correct information.
   reporter.OnExpectCTFailed(host_port, report_uri, ssl_info);
   EXPECT_EQ(report_uri, sender->latest_report_uri());
   EXPECT_FALSE(sender->latest_serialized_report().empty());
   ASSERT_NO_FATAL_FAILURE(CheckExpectCTReport(
       sender->latest_serialized_report(), host_port, ssl_info));
 
   histograms.ExpectTotalCount(kFailureHistogramName, 0);
   histograms.ExpectTotalCount(kSendHistogramName, 1);
   histograms.ExpectBucketCount(kSendHistogramName, true, 1);
 }