Add --ignore-certificate-errors-spki-list switch and UMA histogram.

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
@@ skipping 290 matching lines @@
 }  // namespace
 
 class SSLUITest : public InProcessBrowserTest {
  public:
   SSLUITest()
       : https_server_(net::EmbeddedTestServer::TYPE_HTTPS),
         https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS),
         https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS),
         wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
                             SSLOptions(SSLOptions::CERT_EXPIRED),
-                            net::GetWebSocketTestDataDirectory()) {
+                            net::GetWebSocketTestDataDirectory()),
+        wss_server_mismatched_(net::SpawnedTestServer::TYPE_WSS,
+                               SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
+                               net::GetWebSocketTestDataDirectory()) {
     https_server_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
     https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_mismatched_.SetSSLConfig(
         net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
     https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     // Sometimes favicons load before tests check the authentication
@@ skipping 289 matching lines @@
     } else {
       base::RunLoop().RunUntilIdle();
       EXPECT_EQ(std::string(), reporter_callback.GetLatestHostnameReported());
     }
   }
 
   net::EmbeddedTestServer https_server_;
   net::EmbeddedTestServer https_server_expired_;
   net::EmbeddedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
+  net::SpawnedTestServer wss_server_mismatched_;
 
  protected:
   // Navigates to an interstitial and clicks through the certificate
   // error; then navigates to a page at |path| that loads unsafe content.
   void SetUpUnsafeContentsWithUserException(const std::string& path) {
     ASSERT_TRUE(https_server_.Start());
     // Note that it is necessary to user https_server_mismatched_ here over the
     // other invalid cert servers. This is because the test relies on the two
     // servers having different hosts since SSL exceptions are per-host, not per
     // origin, and https_server_mismatched_ uses 'localhost' rather than
@@ skipping 38 matching lines @@
 class SSLUITestIgnoreCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreCertErrors() : SSLUITest() {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors.
     command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
   }
 };
 
+class SSLUITestIgnoreCertErrorsBySPKI : public SSLUITest {
+ public:
+  SSLUITestIgnoreCertErorsBySPKI() : SSLUITest() {}
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    // Browser will ignore certificate errors for chains matching one of the
+    // public keys from the list.
+    command_line->AppendSwitchASCII(
+        switches::kIgnoreCertificateErrorsSPKIList,
+        "2zCMVDKgnKec0721Sp1zVh2yiHeW/LJK4STkNnEa1og=,"  // wss_mismatched_
+        "gTjFgaNzSnz5cxMlIfW1WfGGJVzf11v+YePflME9WSU="   // wss_expired_
+        );
+  }
+};
+
 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors on localhost.
     command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
   }
 };
 
@@ skipping 1961 matching lines @@
                                    .ReplaceComponents(replacements));
 
   // We shouldn't have an interstitial page showing here.
 
   // Test page run a WebSocket wss connection test. The result will be shown
   // as page title.
   const base::string16 result = watcher.WaitAndGetTitle();
   EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
 }
 
+// Visit a page and establish a WebSocket connection over bad https with
+// --disable-certificate-errors-spki-list. The connection should be established
+// without interstitial page showing.
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSMismatched) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  ASSERT_TRUE(wss_server_mismatched_.Start());
+
+  // Setup page title observer.
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+  watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+  // Visit bad HTTPS page.
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr("https");
+  ui_test_utils::NavigateToURL(
+      browser(), wss_server_mismatched_.GetURL("connect_check.html")
+                     .ReplaceComponents(replacements));
+
+  // We shouldn't have an interstitial page showing here.
+
+  // Test page run a WebSocket wss connection test. The result will be shown
+  // as page title.
+  const base::string16 result = watcher.WaitAndGetTitle();
+  EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
+}
+
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSExpired) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  ASSERT_TRUE(wss_server_expired_.Start());
+
+  // Setup page title observer.
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+  watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+  // Visit bad HTTPS page.
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr("https");
+  ui_test_utils::NavigateToURL(browser(),
+                               wss_server_expired_.GetURL("connect_check.html")
+                                   .ReplaceComponents(replacements));
+
+  // We shouldn't have an interstitial page showing here.
+
+  // Test page run a WebSocket wss connection test. The result will be shown
+  // as page title.
+  const base::string16 result = watcher.WaitAndGetTitle();
+  EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
+}
+
 // Verifies that the interstitial can proceed, even if JavaScript is disabled.
 // http://crbug.com/322948
 #if defined(OS_LINUX)
 // flaky http://crbug.com/396458
 #define MAYBE_TestInterstitialJavaScriptProceeds \
     DISABLED_TestInterstitialJavaScriptProceeds
 #else
 #define MAYBE_TestInterstitialJavaScriptProceeds \
     TestInterstitialJavaScriptProceeds
 #endif
@@ skipping 1753 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.