Add --ignore-certificate-errors-spki-list switch and UMA histogram.

chrome/browser/ssl/ssl_browser_tests.cc

Index: chrome/browser/ssl/ssl_browser_tests.cc
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index ad0ecec81037a155cea230351eefdba728c168c6..13feee0f5e231487624f8606f2668f4e1c46e352 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -308,7 +308,10 @@ class SSLUITest : public InProcessBrowserTest {
         https_server_mismatched_(net::EmbeddedTestServer::TYPE_HTTPS),
         wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
                             SSLOptions(SSLOptions::CERT_EXPIRED),
-                            net::GetWebSocketTestDataDirectory()) {
+                            net::GetWebSocketTestDataDirectory()),
+        wss_server_mismatched_(net::SpawnedTestServer::TYPE_WSS,
+                               SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
+                               net::GetWebSocketTestDataDirectory()) {
     https_server_.AddDefaultHandlers(base::FilePath(kDocRoot));
 
     https_server_expired_.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
@@ -618,6 +621,7 @@ class SSLUITest : public InProcessBrowserTest {
   net::EmbeddedTestServer https_server_expired_;
   net::EmbeddedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
+  net::SpawnedTestServer wss_server_mismatched_;
 
  protected:
   // Navigates to an interstitial and clicks through the certificate
@@ -676,6 +680,21 @@ class SSLUITestIgnoreCertErrors : public SSLUITest {
   }
 };
 
+class SSLUITestIgnoreCertErrorsBySPKI : public SSLUITest {
+ public:
+  SSLUITestIgnoreCertErrorsBySPKI() : SSLUITest() {}
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    // Browser will ignore certificate errors for chains matching one of the
+    // public keys from the list.
+    command_line->AppendSwitchASCII(
+        switches::kIgnoreCertificateErrorsSPKIList,
+        "2zCMVDKgnKec0721Sp1zVh2yiHeW/LJK4STkNnEa1og=,"  // wss_mismatched_
+        "gTjFgaNzSnz5cxMlIfW1WfGGJVzf11v+YePflME9WSU="   // wss_expired_
+        );
+  }
+};
+
 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
@@ -2657,6 +2676,57 @@ IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
   EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
 }
 
+// Visit a page and establish a WebSocket connection over bad https with
+// --disable-certificate-errors-spki-list. The connection should be established
+// without interstitial page showing.
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSMismatched) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  ASSERT_TRUE(wss_server_mismatched_.Start());
+
+  // Setup page title observer.
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+  watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+  // Visit bad HTTPS page.
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr("https");
+  ui_test_utils::NavigateToURL(
+      browser(), wss_server_mismatched_.GetURL("connect_check.html")
+                     .ReplaceComponents(replacements));
+
+  // We shouldn't have an interstitial page showing here.
+
+  // Test page run a WebSocket wss connection test. The result will be shown
+  // as page title.
+  const base::string16 result = watcher.WaitAndGetTitle();
+  EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
+}
+
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrorsBySPKI, TestWSSExpired) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  ASSERT_TRUE(wss_server_expired_.Start());
+
+  // Setup page title observer.
+  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+  content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+  watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+  // Visit bad HTTPS page.
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr("https");
+  ui_test_utils::NavigateToURL(browser(),
+                               wss_server_expired_.GetURL("connect_check.html")
+                                   .ReplaceComponents(replacements));
+
+  // We shouldn't have an interstitial page showing here.
+
+  // Test page run a WebSocket wss connection test. The result will be shown
+  // as page title.
+  const base::string16 result = watcher.WaitAndGetTitle();
+  EXPECT_TRUE(base::LowerCaseEqualsASCII(result, "pass"));
+}
+
 // Verifies that the interstitial can proceed, even if JavaScript is disabled.
 // http://crbug.com/322948
 #if defined(OS_LINUX)