Attempt an on-demand time fetch when encountering a date invalid error

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/metrics/field_trial.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/histogram_tester.h"
 #include "base/test/simple_test_clock.h"
 #include "base/threading/thread_task_runner_handle.h"
+#include "base/time/default_clock.h"
+#include "base/time/default_tick_clock.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
 #include "chrome/browser/ssl/cert_report_helper.h"
@@ skipping 10 matching lines @@
 #include "chrome/browser/ui/browser_navigator.h"
 #include "chrome/browser/ui/browser_navigator_params.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "components/network_time/network_time_test_utils.h"
 #include "components/network_time/network_time_tracker.h"
-#include "components/prefs/pref_service.h"
+#include "components/prefs/testing_pref_service.h"
 #include "components/security_interstitials/core/controller_client.h"
 #include "components/security_interstitials/core/metrics_helper.h"
 #include "components/security_state/security_state_model.h"
 #include "components/security_state/switches.h"
 #include "components/ssl_errors/error_classification.h"
 #include "components/variations/variations_associated_data.h"
 #include "components/web_modal/web_contents_modal_dialog_manager.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
@@ skipping 14 matching lines @@
 #include "content/public/test/download_test_observer.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "content/public/test/test_renderer_host.h"
 #include "content/public/test/test_utils.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/mock_cert_verifier.h"
 #include "net/cert/x509_certificate.h"
 #include "net/dns/mock_host_resolver.h"
+#include "net/http/http_response_headers.h"
 #include "net/ssl/ssl_info.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/request_handler_util.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "net/test/test_certificate_data.h"
 #include "net/test/test_data_directory.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_filter.h"
 #include "net/url_request/url_request_job.h"
@@ skipping 2747 matching lines @@
 
   // Grab the SSLStatus from the page and check that it is the same as
   // on the clock interstitial.
   entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
   content::SSLStatus after_interstitial_ssl_status = entry->GetSSL();
   ASSERT_NO_FATAL_FAILURE(
       after_interstitial_ssl_status.Equals(clock_interstitial_ssl_status));
 }
 
+// A URLRequestJob that serves valid time server responses, but delays
+// them until Resume() is called. If Resume() is called before a request
+// is made, then the request will not be delayed.
+class DelayableNetworkTimeURLRequestJob : public net::URLRequestJob {
+ public:
+  DelayableNetworkTimeURLRequestJob(net::URLRequest* request,
+                                    net::NetworkDelegate* network_delegate,
+                                    bool delayed)
+      : net::URLRequestJob(request, network_delegate),
+        delayed_(delayed),
+        weak_factory_(this) {}
+
+  ~DelayableNetworkTimeURLRequestJob() override {}
+
+  /// URLRequestJob:
+  void Start() override {
+    if (delayed_) {
+      // Do nothing until Resume() is called.
+      return;
+    }
+    Resume(response_callback_);
+  }
+
+  int ReadRawData(net::IOBuffer* buf, int buf_size) override {
+    int bytes_read =
+        std::min(static_cast<size_t>(buf_size),
+                 strlen(network_time::kGoodTimeResponseBody) - data_offset_);
+    memcpy(buf->data(), network_time::kGoodTimeResponseBody + data_offset_,
+           bytes_read);
+    data_offset_ += bytes_read;
+    return bytes_read;
+  }
+
+  int GetResponseCode() const override { return 200; }
+
+  void GetResponseInfo(net::HttpResponseInfo* info) override {
+    std::string raw_headers;
+    raw_headers.append(
+        "HTTP/1.1 200 OK\n"
+        "Content-type: text/plain\n");
+    raw_headers.append(base::StringPrintf(
+        "Content-Length: %1d\n",
+        static_cast<int>(strlen(network_time::kGoodTimeResponseBody))));
+    info->headers =
+        new net::HttpResponseHeaders(net::HttpUtil::AssembleRawHeaders(
+            raw_headers.c_str(), static_cast<int>(raw_headers.length())));
+    info->headers->AddHeader(
+        "x-cup-server-proof: " +
+        std::string(network_time::kGoodTimeResponseServerProofHeader));
+    if (!response_callback_.is_null()) {
+      content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE,
+                                       response_callback_);
+    }
+  }
+
+  void StartAsync() {
+    if (!request_)
+      return;
+    NotifyHeadersComplete();
+  }
+
+  // Resumes delayed requests. When the response info for a request is
+  // read (i.e. GetResponseInfo() is called), then |callback| will be
+  // called.
+  void Resume(const base::Closure& callback) {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    response_callback_ = callback;
+    // Start reading asynchronously as would a normal network request.
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, base::Bind(&DelayableNetworkTimeURLRequestJob::StartAsync,
+                              weak_factory_.GetWeakPtr()));
+  }
+
+ private:
+  bool delayed_;
+  int data_offset_ = 0;
+  base::Closure response_callback_;
+  base::WeakPtrFactory<DelayableNetworkTimeURLRequestJob> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(DelayableNetworkTimeURLRequestJob);
+};
+
+// A URLRequestInterceptor that intercepts requests to use
+// DelayableNetworkTimeURLRequestJobs.
+class DelayedNetworkTimeInterceptor : public net::URLRequestInterceptor {
+ public:
+  DelayedNetworkTimeInterceptor() : net::URLRequestInterceptor() {}
+  ~DelayedNetworkTimeInterceptor() override {}
+
+  net::URLRequestJob* MaybeInterceptRequest(
+      net::URLRequest* request,
+      net::NetworkDelegate* network_delegate) const override {
+    // If requests have been resumed before this request is created,
+    // then |delay_requests_| will be false and the request will not delay.
+    DelayableNetworkTimeURLRequestJob* job =
+        new DelayableNetworkTimeURLRequestJob(request, network_delegate,
+                                              delay_requests_);
+    if (delay_requests_) {
+      delayed_requests_.push_back(job);
+    }
+    return job;
+  }
+
+  void ResumeAll(const base::Closure& callback) {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    if (!delay_requests_) {
+      return;
+    }
+    delay_requests_ = false;
+    for (const auto& request : delayed_requests_) {
+      request->Resume(callback);
+    }
+    delayed_requests_.clear();
+  }
+
+ private:
+  bool delay_requests_ = true;
+  mutable std::vector<DelayableNetworkTimeURLRequestJob*> delayed_requests_;
+
+  DISALLOW_COPY_AND_ASSIGN(DelayedNetworkTimeInterceptor);
+};
+
+// Helper method for SSLNetworkTimeBrowserTest.
+void CleanUpOnIOThread() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+  net::URLRequestFilter::GetInstance()->ClearHandlers();
+}
+
+// A fixture for testing on-demand network time queries on SSL
+// certificate date errors. It can simulate delayed network time
+// requests, and it allows the user to configure the experimental
+// parameters of the NetworkTimeTracker.
+class SSLNetworkTimeBrowserTest : public SSLUITest {
+ public:
+  SSLNetworkTimeBrowserTest()
+      : SSLUITest(),
+        field_trial_test_(network_time::FieldTrialTest::CreateForBrowserTest()),
+        interceptor_(nullptr),
+        weak_factory_(this) {}
+  ~SSLNetworkTimeBrowserTest() override {}
+
+  void TearDownOnMainThread() override {
+    content::BrowserThread::PostTask(content::BrowserThread::IO, FROM_HERE,
+                                     base::Bind(&CleanUpOnIOThread));
+  }
+
+ protected:
+  network_time::FieldTrialTest* field_trial_test() const {
+    return field_trial_test_.get();
+  }
+
+  void SetUpNetworkTimeServer() {
+    field_trial_test()->SetNetworkQueriesWithVariationsService(
+        true, 0.0, network_time::FieldTrialTest::FETCHES_ON_DEMAND_ONLY);
+
+    // Install the URL interceptor that serves delayed network time
+    // responses.
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(
+            &SSLNetworkTimeBrowserTest::SetUpNetworkTimeInterceptorOnIOThread,
+            weak_factory_.GetWeakPtr(),

[meacer, 2016/11/04 01:17:26]

You can also create the interceptor here, and pass a unique pointer to it to the
other thread using base::Passed.

You can then move SetUpNetworkTimeInterceptorOnIOThread outside this class. That
way, you can get rid of the weak ptr.

Something like this:

void AddInterceptor(const GURL& time_service_url, 
                    std::unique_ptr<Interceptor> interceptor) {
  // DCHECK IO thread
  // Your code in SetUpNetworkTimeInterceptorOnIOThread
}

void SetUpNetworkTimeServer() {
  interceptor_ = new DelayedNetworkTimeInterceptor();
  PostTask(...,
    base::Bind(&AddInterceptor,
               time_server_url(),
               base::Passed(std::unique_ptr<Interceptor>(interceptor)));
}


But that might complicate things with ResumeDelayedNetworkTimeRequests. I think
I now understand why you had the io_thread_helper class in the first place (to
wrap all of this).

[estark, 2016/11/04 20:43:30]

Hmm, not sure if you were making a suggestion here or concluded that it wouldn't
be good because it would muddle things with ResumeDelayedNetworkTimeRequests()?
I think I could do what you're saying but would have to pass
base::Unretained(interceptor_) to ResumeDelayedNetworkTimeRequests. WDYT? Is
that better than having a test fixture method and passing
`base::Unretained(this)` as you suggested below?

[meacer, 2016/11/04 22:23:00]

I started with a suggestion then realized it would muddle things with
ResumeDelayedNetworkTimeRequests, precisely because you'd have to pass the
interceptor as unretained there.

That looks a bit awkward though, to pass the interceptor as unretained to the
thread that already owns it. Instead, you could add a
|ResumeDelayedNetworkTimeRequestsOnIOThread| to the interceptor, and make
|Interceptor::ResumeDelayedNetworkTimeRequests| post to it, and also make the
interceptor a weak pointer. It's basically pushing the thread switching to the
interceptor while also making it a weak pointer.

The reason I'm saying these is that this is a pattern I've seen in other
chrome/browser/net code. E.g. see how link_doctor_interceptor is used in
https://cs.chromium.org/chromium/src/chrome/browser/net/errorpage_browsertest...

But then again, I think you might want to get a second person to review this
code in addition to me, as I'm not quite familiar with the lifecycle of
interceptors et al.

+            g_browser_process->network_time_tracker()
+                ->GetTimeServerURLForTesting()));
+  }
+
+  void TriggerTimeResponse(const base::Closure& callback) {

[meacer, 2016/11/04 19:21:07]

Since |callback| is always a quit closure, you might want to rename it to
quit_closure, here and elsewhere.

[estark, 2016/11/04 20:43:30]

Done.

+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&SSLNetworkTimeBrowserTest::ResumeDelayedNetworkTimeRequests,
+                   weak_factory_.GetWeakPtr(), callback));
+  }
+
+ private:
+  void SetUpNetworkTimeInterceptorOnIOThread(const GURL& time_server_url) {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    interceptor_ = new DelayedNetworkTimeInterceptor();
+    net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        time_server_url.scheme(), time_server_url.host(),
+        std::unique_ptr<DelayedNetworkTimeInterceptor>(interceptor_));
+  }
+
+  void ResumeDelayedNetworkTimeRequests(const base::Closure& callback) {
+    DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+    interceptor_->ResumeAll(callback);
+  }
+
+  std::unique_ptr<network_time::FieldTrialTest> field_trial_test_;
+
+  // Should only be accessed on the IO thread.
+  DelayedNetworkTimeInterceptor* interceptor_;
+
+  base::WeakPtrFactory<SSLNetworkTimeBrowserTest> weak_factory_;

[meacer, 2016/11/04 19:21:07]

I don't think this is necessary as the fixture will outlive all the callbacks
anyways.

[estark, 2016/11/04 20:43:30]

Done.

+
+  DISALLOW_COPY_AND_ASSIGN(SSLNetworkTimeBrowserTest);
+};
+
+// Tests that if an on-demand network time fetch returns that the clock
+// is okay, a normal SSL interstitial is shown.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest, OnDemandFetchClockOk) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  SetUpNetworkTimeServer();
+  // Use a testing clock set to the time that GoodTimeResponseHandler
+  // returns, to simulate the system clock matching the network time.
+  base::SimpleTestClock testing_clock;
+  SSLErrorHandler::SetClockForTest(&testing_clock);
+  testing_clock.SetNow(
+      base::Time::FromJsTime(network_time::kGoodTimeResponseHandlerJsTime));
+  // Set the build time to match the testing clock, to ensure that the
+  // build time heuristic doesn't fire.
+  ssl_errors::SetBuildTimeForTesting(testing_clock.Now());
+
+  // Set a long timeout to ensure that the on-demand time fetch completes.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
+
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  SSLInterstitialTimerObserver interstitial_timer_observer(contents);
+
+  content::WindowedNotificationObserver observer(
+      content::NOTIFICATION_LOAD_STOP,
+      content::NotificationService::AllSources());
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), https_server_expired_.GetURL("/"),
+      WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
+
+  // Once |interstitial_timer_observer| has fired, the request has been
+  // sent. Override the nonce that NetworkTimeTracker expects so that
+  // when the response comes back, it will validate. The nonce can only
+  // be overriden for the current in-flight request, so the test must
+  // call OverrideNonceForTesting() after the request has been sent and
+  // before the response has been received.
+  interstitial_timer_observer.WaitForTimerStarted();
+  g_browser_process->network_time_tracker()->OverrideNonceForTesting(123123123);
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+
+  EXPECT_TRUE(contents->IsLoading());
+  observer.Wait();
+  content::WaitForInterstitialAttach(contents);
+  wait_for_time_response.Run();
+
+  EXPECT_TRUE(contents->ShowingInterstitialPage());
+  InterstitialPage* interstitial_page = contents->GetInterstitialPage();
+  ASSERT_TRUE(interstitial_page);
+  ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
+            interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
+}
+
+// Tests that if an on-demand network time fetch returns that the clock
+// is wrong, a bad clock interstitial is shown.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest, OnDemandFetchClockWrong) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  SetUpNetworkTimeServer();
+  // Use a testing clock set to a time that is different from what
+  // GoodTimeResponseHandler returns, simulating a system clock that is
+  // 30 days ahead of the network time.
+  base::SimpleTestClock testing_clock;
+  SSLErrorHandler::SetClockForTest(&testing_clock);
+  testing_clock.SetNow(
+      base::Time::FromJsTime(network_time::kGoodTimeResponseHandlerJsTime));
+  testing_clock.Advance(base::TimeDelta::FromDays(30));
+  // Set the build time to match the testing clock, to ensure that the
+  // build time heuristic doesn't fire.
+  ssl_errors::SetBuildTimeForTesting(testing_clock.Now());
+
+  // Set a long timeout to ensure that the on-demand time fetch completes.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
+
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  SSLInterstitialTimerObserver interstitial_timer_observer(contents);
+
+  content::WindowedNotificationObserver observer(
+      content::NOTIFICATION_LOAD_STOP,
+      content::NotificationService::AllSources());
+
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), https_server_expired_.GetURL("/"),
+      WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
+
+  // Once |interstitial_timer_observer| has fired, the request has been
+  // sent. Override the nonce that NetworkTimeTracker expects so that
+  // when the response comes back, it will validate. The nonce can only
+  // be overriden for the current in-flight request, so the test must
+  // call OverrideNonceForTesting() after the request has been sent and
+  // before the response has been received.
+  interstitial_timer_observer.WaitForTimerStarted();
+  g_browser_process->network_time_tracker()->OverrideNonceForTesting(123123123);
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+
+  EXPECT_TRUE(contents->IsLoading());
+  observer.Wait();
+  content::WaitForInterstitialAttach(contents);
+  wait_for_time_response.Run();
+
+  EXPECT_TRUE(contents->ShowingInterstitialPage());
+  InterstitialPage* interstitial_page = contents->GetInterstitialPage();
+  ASSERT_TRUE(interstitial_page);
+  ASSERT_EQ(BadClockBlockingPage::kTypeForTesting,
+            interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
+}
+
+// Tests that if the timeout expires before the network time fetch
+// returns, then a normal SSL intersitial is shown.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest,
+                       TimeoutExpiresBeforeFetchCompletes) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  SetUpNetworkTimeServer();
+  // Set the timer to fire immediately.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta());
+
+  ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/"));
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  content::WaitForInterstitialAttach(contents);
+
+  EXPECT_TRUE(contents->ShowingInterstitialPage());
+  InterstitialPage* interstitial_page = contents->GetInterstitialPage();
+  ASSERT_TRUE(interstitial_page);
+  ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
+            interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
+
+  // Navigate away, and then trigger the network time response and wait
+  // for the response; no crash should occur.
+  ASSERT_TRUE(https_server_.Start());
+  ui_test_utils::NavigateToURL(browser(), https_server_.GetURL("/"));
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+  wait_for_time_response.Run();
+}
+
+// Tests that if the user stops the page load before either the network
+// time fetch completes or the timeout expires, then there is no interstitial.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest, StopBeforeTimeoutExpires) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  SetUpNetworkTimeServer();
+  // Set the timer to a long delay.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
+
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  SSLInterstitialTimerObserver interstitial_timer_observer(contents);
+
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), https_server_expired_.GetURL("/"),
+      WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
+  interstitial_timer_observer.WaitForTimerStarted();
+
+  EXPECT_TRUE(contents->IsLoading());
+  content::WindowedNotificationObserver observer(
+      content::NOTIFICATION_LOAD_STOP,
+      content::NotificationService::AllSources());
+  contents->Stop();
+  observer.Wait();
+
+  // Make sure that the |SSLErrorHandler| is deleted.
+  EXPECT_FALSE(SSLErrorHandler::FromWebContents(contents));
+  EXPECT_FALSE(contents->ShowingInterstitialPage());
+  EXPECT_FALSE(contents->IsLoading());
+
+  // Navigate away, and then trigger the network time response and wait
+  // for the response; no crash should occur.
+  ASSERT_TRUE(https_server_.Start());
+  ui_test_utils::NavigateToURL(browser(), https_server_.GetURL("/title1.html"));
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+  wait_for_time_response.Run();
+}
+
+// Tests that if the user reloads the page before either the network
+// time fetch completes or the timeout expires, then there is no interstitial.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest, ReloadBeforeTimeoutExpires) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  SetUpNetworkTimeServer();
+  // Set the timer to a long delay.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
+
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  SSLInterstitialTimerObserver interstitial_timer_observer(contents);
+
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), https_server_expired_.GetURL("/"),
+      WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
+  interstitial_timer_observer.WaitForTimerStarted();
+
+  EXPECT_TRUE(contents->IsLoading());
+  content::TestNavigationObserver observer(contents, 1);
+  chrome::Reload(browser(), WindowOpenDisposition::CURRENT_TAB);
+  observer.Wait();
+
+  // Make sure that the |SSLErrorHandler| is deleted.
+  EXPECT_FALSE(SSLErrorHandler::FromWebContents(contents));
+  EXPECT_FALSE(contents->ShowingInterstitialPage());
+  EXPECT_FALSE(contents->IsLoading());
+
+  // Navigate away, and then trigger the network time response and wait
+  // for the response; no crash should occur.
+  ASSERT_TRUE(https_server_.Start());
+  ui_test_utils::NavigateToURL(browser(), https_server_.GetURL("/"));
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+  wait_for_time_response.Run();
+}
+
+// Tests that if the user navigates away before either the network time
+// fetch completes or the timeout expires, then there is no
+// interstitial.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest,
+                       NavigateAwayBeforeTimeoutExpires) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  ASSERT_TRUE(https_server_.Start());
+  SetUpNetworkTimeServer();
+  // Set the timer to a long delay.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta::FromHours(1));
+
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  SSLInterstitialTimerObserver interstitial_timer_observer(contents);
+
+  ui_test_utils::NavigateToURLWithDisposition(
+      browser(), https_server_expired_.GetURL("/"),
+      WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
+  interstitial_timer_observer.WaitForTimerStarted();
+
+  EXPECT_TRUE(contents->IsLoading());
+  content::TestNavigationObserver observer(contents, 1);
+  browser()->OpenURL(content::OpenURLParams(
+      https_server_.GetURL("/"), content::Referrer(),
+      WindowOpenDisposition::CURRENT_TAB, ui::PAGE_TRANSITION_TYPED, false));
+  observer.Wait();
+
+  // Make sure that the |SSLErrorHandler| is deleted.
+  EXPECT_FALSE(SSLErrorHandler::FromWebContents(contents));
+  EXPECT_FALSE(contents->ShowingInterstitialPage());
+  EXPECT_FALSE(contents->IsLoading());
+
+  // Navigate away, and then trigger the network time response and wait
+  // for the response; no crash should occur.
+  ui_test_utils::NavigateToURL(browser(), https_server_.GetURL("/"));
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+  wait_for_time_response.Run();
+}
+
+// Tests that if the user closes the tab before the network time fetch
+// completes, it doesn't cause a crash.
+IN_PROC_BROWSER_TEST_F(SSLNetworkTimeBrowserTest,
+                       CloseTabBeforeNetworkFetchCompletes) {
+  ASSERT_TRUE(https_server_expired_.Start());
+  SetUpNetworkTimeServer();
+  // Set the timer to fire immediately.
+  SSLErrorHandler::SetInterstitialDelayForTest(base::TimeDelta());
+
+  ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/"));
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  content::WaitForInterstitialAttach(contents);
+
+  EXPECT_TRUE(contents->ShowingInterstitialPage());
+  InterstitialPage* interstitial_page = contents->GetInterstitialPage();
+  ASSERT_TRUE(interstitial_page);
+  ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
+            interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
+
+  // Open a second tab, close the first, and then trigger the network time
+  // response and wait for the response; no crash should occur.
+  ASSERT_TRUE(https_server_.Start());
+  AddTabAtIndex(1, https_server_.GetURL("/"), ui::PAGE_TRANSITION_TYPED);
+  chrome::CloseWebContents(browser(), contents, false);
+  base::RunLoop wait_for_time_response;
+  TriggerTimeResponse(wait_for_time_response.QuitClosure());
+  wait_for_time_response.Run();
+}
+
 class CommonNameMismatchBrowserTest : public CertVerifierBrowserTest {
  public:
   CommonNameMismatchBrowserTest() : CertVerifierBrowserTest() {}
   ~CommonNameMismatchBrowserTest() override {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Enable finch experiment for SSL common name mismatch handling.
     command_line->AppendSwitchASCII(switches::kForceFieldTrials,
                                     "SSLCommonNameMismatchHandling/Enabled/");
   }
@@ skipping 544 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.