Add --ignore-certificate-errors-spki-list switch and UMA histogram.

chrome/browser/io_thread.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/io_thread.h"
 
 #include <utility>
 #include <vector>
 
 #include "base/base64.h"
@@ skipping 57 matching lines @@
 #include "net/base/host_mapping_rules.h"
 #include "net/base/logging_network_change_observer.h"
 #include "net/base/sdch_manager.h"
 #include "net/cert/caching_cert_verifier.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_proc.h"
 #include "net/cert/ct_known_logs.h"
 #include "net/cert/ct_log_verifier.h"
 #include "net/cert/ct_policy_enforcer.h"
 #include "net/cert/ct_verifier.h"
+#include "net/cert/ignore_errors_cert_verifier.h"
 #include "net/cert/multi_log_ct_verifier.h"
 #include "net/cert/multi_threaded_cert_verifier.h"
 #include "net/cert/sth_distributor.h"
 #include "net/cert/sth_observer.h"
 #include "net/cookies/cookie_store.h"
 #include "net/dns/host_cache.h"
 #include "net/dns/host_resolver.h"
 #include "net/dns/mapped_host_resolver.h"
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_factory.h"
@@ skipping 486 matching lines @@
       std::move(external_estimate_provider), network_quality_estimator_params,
       net_log_));
 
   UpdateDnsClientEnabled();
 #if defined(OS_CHROMEOS)
   // Creates a CertVerifyProc that doesn't allow any profile-provided certs.
   globals_->cert_verifier = base::MakeUnique<net::CachingCertVerifier>(
       base::MakeUnique<net::MultiThreadedCertVerifier>(
           new chromeos::CertVerifyProcChromeOS()));
 #else
-  globals_->cert_verifier = net::CertVerifier::CreateDefault();
+  if (command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)) {

[Ryan Sleevi, 2017/04/07 16:08:05]

I wasn't sure, but I thought you were thinking --user-data-dir was a
sufficient/appropriate hurdle (even if it could be set to the user's data dir)

[martinkr, 2017/04/07 21:40:57]

Yup, forgot about this. Done (and updated the flag description).

+    auto spki_list =
+        base::SplitString(command_line.GetSwitchValueASCII(
+                              switches::kIgnoreCertificateErrorsSPKIList),
+                          ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+    globals_->cert_verifier = base::MakeUnique<net::IgnoreErrorsCertVerifier>(
+        net::CertVerifier::CreateDefault(),
+        net::IgnoreErrorsCertVerifier::MakeWhitelist(spki_list));

[Ryan Sleevi, 2017/04/07 16:08:05]

This removes the command-line validation aspect, right? Since the CertVerifier
will be created w/o issue?

[martinkr, 2017/04/07 21:40:57]

MakeWhitelist has the same "validation" as before, in that it logs an error if
any of the fingerprints aren't valid.

+  } else {
+    globals_->cert_verifier = net::CertVerifier::CreateDefault();
+  }
+  UMA_HISTOGRAM_BOOLEAN(
+      "Net.Certificate.kIgnoreCertificateErrorsSPKIList",
+      command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList));
 #endif
 
   globals_->transport_security_state.reset(new net::TransportSecurityState());
 
   std::vector<scoped_refptr<const net::CTLogVerifier>> ct_logs(
       net::ct::CreateLogVerifiersForKnownLogs());
 
   globals_->ct_logs.assign(ct_logs.begin(), ct_logs.end());
 
   net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier();
@@ skipping 517 matching lines @@
 
   // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the
   // system URLRequestContext too. There's no reason this should be tied to a
   // profile.
   return context;
 }
 
 metrics::UpdateUsagePrefCallbackType IOThread::GetMetricsDataUseForwarder() {
   return base::Bind(&UpdateMetricsUsagePrefsOnUIThread);
 }