Add initial version of captive portal list checking.

chrome/browser/ssl/ssl_browser_tests.cc

Index: chrome/browser/ssl/ssl_browser_tests.cc
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index a947940022ff082d6b7904ca949c71e4f4139e0c..7804e1a83a5402d36cf9e53376b0a974ace1f9c5 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -31,6 +31,7 @@
 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
+#include "chrome/browser/ssl/captive_portal_blocking_page.h"
 #include "chrome/browser/ssl/cert_report_helper.h"
 #include "chrome/browser/ssl/cert_verifier_browser_test.h"
 #include "chrome/browser/ssl/certificate_reporting_test_utils.h"
@@ -39,6 +40,7 @@
 #include "chrome/browser/ssl/security_state_tab_helper.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ssl/ssl_error_handler.h"
+#include "chrome/browser/ssl/tls_error_assistant.pb.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/browser_finder.h"
@@ -122,6 +124,14 @@ const base::FilePath::CharType kDocRoot[] =
 
 namespace {
 
+// Sha256 fingerprint of okay.pem's Subject Public Key Information.
+// Compute the hash as follows:
+// openssl x509 -noout -in net/data/ssl/certificates/ok_cert.pem -pubkey | \
+// openssl asn1parse -noout -inform pem -out public.key; \
+// openssl dgst -sha256 -binary public.key  | openssl enc -base64
+const char* kOkayPemSPKI =
+    "sha256/2zCMVDKgnKec0721Sp1zVh2yiHeW/LJK4STkNnEa1og=";
+
 enum ProceedDecision {
   SSL_INTERSTITIAL_PROCEED,
   SSL_INTERSTITIAL_DO_NOT_PROCEED
@@ -224,12 +234,17 @@ class SSLInterstitialTimerObserver {
   // Waits until the interstitial delay timer in SSLErrorHandler is started.
   void WaitForTimerStarted() { message_loop_runner_->Run(); }
 
+  // Returns true if the timer has been started.

[estark, 2017/01/20 23:31:18]

nit: "timer" => "interstitial delay timer"
(otherwise it mostly repeats the method name and isn't that useful)

[meacer, 2017/01/31 00:22:46]

Done.

+  bool timer_started() const { return timer_started_; }
+
  private:
   void OnTimerStarted(content::WebContents* web_contents) {
+    timer_started_ = true;
     if (web_contents_ == web_contents)
       message_loop_runner_->Quit();
   }
 
+  bool timer_started_ = false;
   const content::WebContents* web_contents_;
   SSLErrorHandler::TimerStartedCallback callback_;
 
@@ -3884,6 +3899,35 @@ IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreLocalhostCertErrors,
   ASSERT_TRUE(content::ExecuteScript(tab, "window.open()"));
 }
 
+IN_PROC_BROWSER_TEST_F(SSLUITest, CaptivePortalListTest) {
+  ASSERT_TRUE(https_server_mismatched_.Start());
+  base::HistogramTester histograms;
+
+  // Mark the server's cert as a captive portal cert.
+  chrome_browser_ssl::TLSErrorAssistantConfig config_proto;
+  config_proto.add_captive_portal_cert()->set_sha256_hash(kOkayPemSPKI);
+  SSLErrorHandler::SetErrorAssistantProtoForTesting(config_proto);
+
+  // Navigate to an unsafe site. Proceed with interstitial page to indicate

[estark, 2017/01/20 23:31:18]

The "Proceed with..." part doesn't apply, right? (copy-paste error?)

[meacer, 2017/01/31 00:22:46]

Done.

+  // the user approves the bad certificate.
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  SSLInterstitialTimerObserver interstitial_timer_observer(tab);
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html"));
+  content::WaitForInterstitialAttach(tab);
+
+  InterstitialPage* interstitial_page = tab->GetInterstitialPage();
+  ASSERT_EQ(CaptivePortalBlockingPage::kTypeForTesting,
+            interstitial_page->GetDelegateForTesting()->GetTypeForTesting());
+  EXPECT_FALSE(interstitial_timer_observer.timer_started());
+
+  // Check that the histogram for the captive portal cert was recorded.

[estark, 2017/01/20 23:31:18]

optional nit: I usually throw in an ExpectTotalCount() also to make sure no
other buckets were recorded unexpectedly.

[meacer, 2017/01/31 00:22:46]

Done.

+  histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
+                               SSLErrorHandler::HANDLE_ALL, 1);
+  histograms.ExpectBucketCount(SSLErrorHandler::GetHistogramNameForTesting(),
+                               SSLErrorHandler::CAPTIVE_PORTAL_CERT_FOUND, 1);
+}
+
 // TODO(jcampan): more tests to do below.
 
 // Visit a page over https that contains a frame with a redirect.