Record UMA metrics for Must-Staple certificates on private roots

net/cert/x509_certificate_unittest.cc

Index: net/cert/x509_certificate_unittest.cc
diff --git a/net/cert/x509_certificate_unittest.cc b/net/cert/x509_certificate_unittest.cc
index 771dda1212237d9d1697aae710aee517d7b39a6c..44699eec7aa545bcc22a2b5f1b35d78c6b2c1c28 100644
--- a/net/cert/x509_certificate_unittest.cc
+++ b/net/cert/x509_certificate_unittest.cc
@@ -492,6 +492,38 @@ TEST(X509CertificateTest, ExtractCRLURLsFromDERCert) {
   }
 }
 
+TEST(X509CertificateTest, HasTLSFeatureExtension) {
+  base::FilePath certs_dir = GetTestCertsDirectory();
+  scoped_refptr<X509Certificate> cert =
+      ImportCertFromFile(certs_dir, "tls_feature_extension.pem");
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get());
+
+  std::string derBytes;
+  EXPECT_TRUE(
+      X509Certificate::GetDEREncoded(cert->os_cert_handle(), &derBytes));
+
+  bool has_tls_feature_extension = true;
+  EXPECT_TRUE(
+      asn1::HasTLSFeatureExtension(derBytes, &has_tls_feature_extension));
+  EXPECT_TRUE(has_tls_feature_extension);
+}
+
+TEST(X509CertificateTest, DoesNotHaveTLSFeatureExtension) {
+  base::FilePath certs_dir = GetTestCertsDirectory();
+  scoped_refptr<X509Certificate> cert =
+      ImportCertFromFile(certs_dir, "ok_cert.pem");
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), cert.get());
+
+  std::string derBytes;
+  EXPECT_TRUE(
+      X509Certificate::GetDEREncoded(cert->os_cert_handle(), &derBytes));
+
+  bool has_tls_feature_extension = true;
+  EXPECT_TRUE(
+      asn1::HasTLSFeatureExtension(derBytes, &has_tls_feature_extension));
+  EXPECT_FALSE(has_tls_feature_extension);
+}
+
 // Tests X509CertificateCache via X509Certificate::CreateFromHandle.  We
 // call X509Certificate::CreateFromHandle several times and observe whether
 // it returns a cached or new OSCertHandle.