Add --ignore-certificate-errors-spki-list switch and UMA histogram.

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
+#include "base/base64.h"
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/metrics/field_trial.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_split.h"
@@ skipping 29 matching lines @@
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/browser_navigator.h"
 #include "chrome/browser/ui/browser_navigator_params.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/test_launcher_utils.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/network_time/network_time_test_utils.h"
 #include "components/network_time/network_time_tracker.h"
 #include "components/prefs/testing_pref_service.h"
 #include "components/security_interstitials/core/controller_client.h"
 #include "components/security_interstitials/core/metrics_helper.h"
 #include "components/security_state/core/security_state.h"
 #include "components/security_state/core/switches.h"
 #include "components/ssl_errors/error_classification.h"
@@ skipping 244 matching lines @@
 }  // namespace
 
 class SSLUITest : public InProcessBrowserTest {
  public:
   SSLUITest()
       : https_server_(net::EmbeddedTestServer::TYPE_HTTPS),
         https_server_expired_(net::EmbeddedTestServer::TYPE_HTTPS),
         https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS),
         wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
                             SSLOptions(SSLOptions::CERT_EXPIRED),
-                            net::GetWebSocketTestDataDirectory()) {
+                            net::GetWebSocketTestDataDirectory()),
+        wss_server_mismatched_(net::SpawnedTestServer::TYPE_WSS,
+                               SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
+                               net::GetWebSocketTestDataDirectory()) {
     https_server_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
     https_server_expired_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_mismatched_.SetSSLConfig(
         net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
     https_server_mismatched_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     // Sometimes favicons load before tests check the authentication
@@ skipping 293 matching lines @@
     } else {
       base::RunLoop().RunUntilIdle();
       EXPECT_EQ(std::string(), reporter_callback.GetLatestHostnameReported());
     }
   }
 
   net::EmbeddedTestServer https_server_;
   net::EmbeddedTestServer https_server_expired_;
   net::EmbeddedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
+  net::SpawnedTestServer wss_server_mismatched_;
 
  protected:
   // Navigates to an interstitial and clicks through the certificate
   // error; then navigates to a page at |path| that loads unsafe content.
   void SetUpUnsafeContentsWithUserException(const std::string& path) {
     ASSERT_TRUE(https_server_.Start());
     // Note that it is necessary to user https_server_mismatched_ here over the
     // other invalid cert servers. This is because the test relies on the two
     // servers having different hosts since SSL exceptions are per-host, not per
     // origin, and https_server_mismatched_ uses 'localhost' rather than
@@ skipping 38 matching lines @@
 class SSLUITestIgnoreCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreCertErrors() : SSLUITest() {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors.
     command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
   }
 };
 
+static std::string MakeCertSPKIFingerprint(net::X509Certificate* cert) {
+  net::HashValue hash = GetSPKIHash(cert);
+  std::string hash_base64;
+  base::Base64Encode(
+      base::StringPiece(reinterpret_cast<const char*>(hash.data()),
+                        hash.size()),
+      &hash_base64);
+  return hash_base64;
+}
+
+class SSLUITestIgnoreCertErrorsBySPKIHTTPS : public SSLUITest {
+ protected:
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    std::string whitelist_flag = MakeCertSPKIFingerprint(
+        https_server_mismatched_.GetCertificate().get());
+    command_line->AppendSwitchASCII(switches::kIgnoreCertificateErrorsSPKIList,
+                                    whitelist_flag);
+  }
+};
+
+class SSLUITestIgnoreCertErrorsBySPKIWSS : public SSLUITest {
+ public:
+  SSLUITestIgnoreCertErrorsBySPKIWSS() : SSLUITest() {}
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    std::string whitelist_flag =
+        MakeCertSPKIFingerprint(wss_server_expired_.GetCertificate().get());
+    // Browser will ignore certificate errors for chains matching one of the
+    // public keys from the list.

[estark, 2017/05/17 18:04:18]

optional nit: just for consistency, include this comment above line 713

[martinkr, 2017/05/23 18:30:43]

Done.

+    command_line->AppendSwitchASCII(switches::kIgnoreCertificateErrorsSPKIList,
+                                    whitelist_flag);
+  }
+};
+
 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors on localhost.
     command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
   }
 };
 
@@ skipping 1955 matching lines @@
                                    .ReplaceComponents(replacements));
 
   // We shouldn't have an interstitial page showing here.
 
   // Test page run a WebSocket wss connection test. The result will be shown
   // as page title.
   const base::string16 result = watcher.WaitAndGetTitle();
   EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
 }
 
+// Visit a page and establish a WebSocket connection over bad https with

[estark, 2017/05/17 18:04:18]

Question: are you testing WebSockets because they are handled in a special way,
or to test that certificate errors on non-main-frame resources are ignored, or
both?

It might be good to have  a test that the flag works properly on subresources,
e.g. navigate to http://blah which loads an image (or script or whatever) from
https://expired.com, where the https://expired.com cert is in
--ignore-cert-errors-spki-list, and check that the image is loaded properly.

[martinkr, 2017/05/23 18:30:43]

I was actually just aping SSLUITestIgnoreCertErrors, but assumed it was to cover
both websocket specialness and non-mainframe resourcey behavior. I added the
suggested test.

+// --disable-certificate-errors-spki-list. The connection should be established

[estark, 2017/05/17 18:04:18]

nit: s/disable/ignore? (same on line 2735)

[martinkr, 2017/05/23 18:30:43]

Done.

+// without interstitial page showing.
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKIWSS, TestWSSExpired) {
+  ASSERT_TRUE(embedded_test_server()->Start());

[estark, 2017/05/17 18:04:19]

Do you need this? Doesn't look like you use it unless I'm missing it.

[martinkr, 2017/05/23 18:30:43]

Done.

+  ASSERT_TRUE(wss_server_expired_.Start());
+
+  // Setup page title observer.
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+  watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+  // Visit bad HTTPS page.
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr("https");
+  ui_test_utils::NavigateToURL(browser(),
+                               wss_server_expired_.GetURL("connect_check.html")
+                                   .ReplaceComponents(replacements));
+
+  // We shouldn't have an interstitial page showing here.
+
+  // Test page run a WebSocket wss connection test. The result will be shown
+  // as page title.
+  const base::string16 result = watcher.WaitAndGetTitle();
+  EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
+}
+
+// Test that HTTPS pages with a bad certificate don't show an interstitial if
+// the public key matches a value from --disable-certificate-errors-spki-list.
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKIHTTPS, TestHTTPS) {
+  ASSERT_TRUE(https_server_mismatched_.Start());
+
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+
+  ui_test_utils::NavigateToURL(
+      browser(),
+      https_server_mismatched_.GetURL("/ssl/page_with_subresource.html"));
+
+  // We should see no interstitial. The script tag in the page should have
+  // loaded and ran (and wasn't blocked by the certificate error).
+  CheckAuthenticatedState(tab, AuthState::NONE);
+  base::string16 title;
+  ui_test_utils::GetCurrentTabTitle(browser(), &title);
+  EXPECT_EQ(title, base::ASCIIToUTF16("This script has loaded"));
+}
+
 // Verifies that the interstitial can proceed, even if JavaScript is disabled.
 // http://crbug.com/322948
 #if defined(OS_LINUX)
 // flaky http://crbug.com/396458
 #define MAYBE_TestInterstitialJavaScriptProceeds \
     DISABLED_TestInterstitialJavaScriptProceeds
 #else
 #define MAYBE_TestInterstitialJavaScriptProceeds \
     TestInterstitialJavaScriptProceeds
 #endif
@@ skipping 1730 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.