Add checkbox for reporting invalid TLS/SSL cert chains

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "chrome/app/chrome_command_ids.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
+#include "chrome/browser/net/certificate_error_reporter.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/safe_browsing/ping_manager.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/browser_navigator.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/in_process_browser_test.h"
@@ skipping 14 matching lines @@
 #include "content/public/common/ssl_status.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/download_test_observer.h"
 #include "content/public/test/test_renderer_host.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_info.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
+#include "net/url_request/url_request_context.h"
 
 #if defined(USE_NSS)
 #include "chrome/browser/net/nss_context.h"
 #include "net/base/crypto_module.h"
 #include "net/cert/nss_cert_database.h"
 #endif  // defined(USE_NSS)
 
 using base::ASCIIToUTF16;
 using chrome_browser_interstitials::SecurityInterstitialIDNTest;
+using chrome_browser_net::CertificateErrorReporter;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 using content::SSLStatus;
 using content::WebContents;
 using web_modal::WebContentsModalDialogManager;
 
 const base::FilePath::CharType kDocRoot[] =
     FILE_PATH_LITERAL("chrome/test/data");
 
@@ skipping 96 matching lines @@
                         content::SecurityStyle expected_security_style,
                         int expected_authentication_state) {
   ASSERT_FALSE(tab->IsCrashed());
   NavigationEntry* entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
   CertError::Check(*entry, error);
   SecurityStyle::Check(*entry, expected_security_style);
   AuthState::Check(*entry, expected_authentication_state);
 }
 
+namespace CertificateReporting {
+
+enum OptIn { EXTENDED_REPORTING_OPT_IN, EXTENDED_REPORTING_DO_NOT_OPT_IN };
+
+enum Proceed { SSL_INTERSTITIAL_PROCEED, SSL_INTERSTITIAL_DO_NOT_PROCEED };
+
+enum ExpectReport { CERT_REPORT_EXPECTED, CERT_REPORT_NOT_EXPECTED };
+
+// This class is used to test invalid certificate chain reporting when
+// the user opts in to do so on the interstitial.
+class MockReporter : public CertificateErrorReporter {
+ public:
+  explicit MockReporter(net::URLRequestContext* request_context,
+                        const GURL& upload_url,
+                        CookiesPreference cookies_preference)
+      : CertificateErrorReporter(request_context,
+                                 upload_url,
+                                 cookies_preference) {}
+
+  void SendReport(CertificateErrorReporter::ReportType type,
+                  const std::string& hostname,
+                  const net::SSLInfo& ssl_info) override {
+    EXPECT_EQ(CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, type);
+    latest_hostname_reported_ = hostname;
+  }
+
+  const std::string& latest_hostname_reported() {
+    return latest_hostname_reported_;
+  }
+
+ private:
+  std::string latest_hostname_reported_;
+};
+
+void SetUpMockReporter(SafeBrowsingService* safe_browsing_service,
+                       MockReporter* reporter) {
+  safe_browsing_service->ping_manager()->SetCertificateErrorReporterForTesting(
+      scoped_ptr<CertificateErrorReporter>(reporter));
+}
+
+}  // namespace CertificateReporting
+
 }  // namespace
 
 class SSLUITest : public InProcessBrowserTest {
  public:
   SSLUITest()
       : https_server_(net::SpawnedTestServer::TYPE_HTTPS,
                       SSLOptions(SSLOptions::CERT_OK),
                       base::FilePath(kDocRoot)),
         https_server_expired_(net::SpawnedTestServer::TYPE_HTTPS,
                               SSLOptions(SSLOptions::CERT_EXPIRED),
                               base::FilePath(kDocRoot)),
         https_server_mismatched_(net::SpawnedTestServer::TYPE_HTTPS,
                                  SSLOptions(SSLOptions::CERT_MISMATCHED_NAME),
                                  base::FilePath(kDocRoot)),
         wss_server_expired_(net::SpawnedTestServer::TYPE_WSS,
                             SSLOptions(SSLOptions::CERT_EXPIRED),
                             net::GetWebSocketTestDataDirectory()) {}
 
+  void SetUpOnMainThread() override {
+    // Set up the mock reporter to track the hostnames that reports get
+    // sent for. The request_context argument is NULL here
+    // because the MockReporter doesn't actually use a
+    // request_context. (In order to pass a real request_context, the
+    // reporter would have to be constructed on the IO thread.)
+    reporter_ = new CertificateReporting::MockReporter(
+        NULL, GURL("http://example.test"),
+        CertificateReporting::MockReporter::DO_NOT_SEND_COOKIES);
+    scoped_refptr<SafeBrowsingService> safe_browsing_service =
+        g_browser_process->safe_browsing_service();
+    ASSERT_TRUE(safe_browsing_service);
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(CertificateReporting::SetUpMockReporter,
+                   safe_browsing_service, reporter_));
+  }
+
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will both run and display insecure content.
     command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
     // Use process-per-site so that navigating to a same-site page in a
     // new tab will use the same process.
     command_line->AppendSwitch(switches::kProcessPerSite);
   }
 
   void CheckAuthenticatedState(WebContents* tab,
                                int expected_authentication_state) {
@@ skipping 144 matching lines @@
     std::vector<net::SpawnedTestServer::StringPair>
         replacement_text_for_page_with_unsafe_worker;
     replacement_text_for_page_with_unsafe_worker.push_back(
         make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
     return net::SpawnedTestServer::GetFilePathWithReplacements(
         "files/ssl/page_with_unsafe_worker.html",
         replacement_text_for_page_with_unsafe_worker,
         page_with_unsafe_worker_path);
   }
 
+  // Helper function for testing invalid certificate chain reporting.
+  void TestBrokenHTTPSReporting(
+      CertificateReporting::OptIn opt_in,
+      CertificateReporting::Proceed proceed,
+      CertificateReporting::ExpectReport expect_report,
+      Browser* browser) {
+    ASSERT_TRUE(https_server_expired_.Start());
+
+    // Opt in to sending reports for invalid certificate chains.
+    browser->profile()->GetPrefs()->SetBoolean(
+        prefs::kSafeBrowsingExtendedReportingEnabled,
+        opt_in == CertificateReporting::EXTENDED_REPORTING_OPT_IN);
+
+    ui_test_utils::NavigateToURL(browser, https_server_expired_.GetURL("/"));
+
+    WebContents* tab = browser->tab_strip_model()->GetActiveWebContents();
+    CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
+                                   AuthState::SHOWING_INTERSTITIAL);
+
+    // Set up a callback so that the test is notified when the report
+    // has been sent on the IO thread (or not sent).
+    base::RunLoop report_run_loop;
+    base::Closure report_callback = report_run_loop.QuitClosure();
+    SSLBlockingPage* interstitial_page = static_cast<SSLBlockingPage*>(
+        tab->GetInterstitialPage()->GetDelegateForTesting());
+    interstitial_page->SetCertificateReportCallbackForTesting(report_callback);
+
+    EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
+
+    // Leave the interstitial (either by proceeding or going back)
+    if (proceed == CertificateReporting::SSL_INTERSTITIAL_PROCEED) {
+      ProceedThroughInterstitial(tab);
+    } else {
+      // Click "Take me back"
+      InterstitialPage* interstitial_page = tab->GetInterstitialPage();
+      ASSERT_TRUE(interstitial_page);
+      interstitial_page->DontProceed();
+    }
+
+    // Wait until the report has been sent on the IO thread.
+    report_run_loop.Run();
+
+    if (expect_report == CertificateReporting::CERT_REPORT_EXPECTED) {
+      // Check that the mock reporter received a request to send a report.
+      EXPECT_EQ(https_server_expired_.GetURL("/").host(),
+                reporter_->latest_hostname_reported());
+    } else {
+      EXPECT_EQ(std::string(), reporter_->latest_hostname_reported());
+    }
+  }
+
   net::SpawnedTestServer https_server_;
   net::SpawnedTestServer https_server_expired_;
   net::SpawnedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
 
  private:
   typedef net::SpawnedTestServer::SSLOptions SSLOptions;
+  CertificateReporting::MockReporter* reporter_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLUITest);
 };
 
 class SSLUITestBlock : public SSLUITest {
  public:
   SSLUITestBlock() : SSLUITest() {}
 
   // Browser will neither run nor display insecure content.
   void SetUpCommandLine(base::CommandLine* command_line) override {
@@ skipping 14 matching lines @@
 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors on localhost.
     command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
   }
 };
 
+class SSLUITestWithExtendedReporting : public SSLUITest {
+ public:
+  SSLUITestWithExtendedReporting() : SSLUITest() {}
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    // Enable a checkbox on SSL interstitials that allows users to opt
+    // in to reporting invalid certificate chains.
+    command_line->AppendSwitch(switches::kEnableInvalidCertCollection);
+  }
+};
+
 // Visits a regular page over http.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
   ASSERT_TRUE(test_server()->Start());
 
   ui_test_utils::NavigateToURL(browser(),
                                test_server()->GetURL("files/ssl/google.html"));
 
   CheckUnauthenticatedState(
       browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
 }
@@ skipping 577 matching lines @@
       &replacement_path));
 
   // Load a page that displays insecure content.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckAuthenticatedState(browser()->tab_strip_model()->GetActiveWebContents(),
                           AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
+// Test that when the checkbox is checked and the user proceeds through
+// the interstitial, the FraudulentCertificateReporter sees a request to
+// send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSProceedWithReporting) {
+  TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+                           CertificateReporting::SSL_INTERSTITIAL_PROCEED,
+                           CertificateReporting::CERT_REPORT_EXPECTED,
+                           browser());
+}
+
+// Test that when the checkbox is checked and the user goes back (does
+// not proceed through the interstitial), the
+// FraudulentCertificateReporter sees a request to send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSGoBackWithReporting) {
+  TestBrokenHTTPSReporting(
+      CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+      CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
+      CertificateReporting::CERT_REPORT_EXPECTED, browser());
+}
+
+// Test that when the checkbox is not checked and the user proceeds
+// through the interstitial, the FraudulentCertificateReporter does not
+// see a request to send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSProceedWithNoReporting) {
+  TestBrokenHTTPSReporting(
+      CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
+      CertificateReporting::SSL_INTERSTITIAL_PROCEED,
+      CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
+}
+
+// Test that when the checkbox is not checked and the user does not proceed
+// through the interstitial, the FraudulentCertificateReporter does not
+// see a request to send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSGoBackWithNoReporting) {
+  TestBrokenHTTPSReporting(
+      CertificateReporting::EXTENDED_REPORTING_DO_NOT_OPT_IN,
+      CertificateReporting::SSL_INTERSTITIAL_DO_NOT_PROCEED,
+      CertificateReporting::CERT_REPORT_NOT_EXPECTED, browser());
+}
+
+// Test that when the command-line switch for reporting invalid cert
+// chains is not enabled, reports don't get sent, even if the opt-in
+// preference is set. (i.e. if a user enables invalid cert collection in
+// chrome://flags, checks the box on an interstitial, and then disables
+// the flag in chrome://flags, reports shouldn't be sent on the next
+// interstitial).
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) {
+  TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+                           CertificateReporting::SSL_INTERSTITIAL_PROCEED,
+                           CertificateReporting::CERT_REPORT_NOT_EXPECTED,
+                           browser());
+}
+
+// Test that reports don't get sent in incognito mode even if the opt-in
+// preference is set and the command-line switch is enabled.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSNoReportingInIncognito) {
+  TestBrokenHTTPSReporting(CertificateReporting::EXTENDED_REPORTING_OPT_IN,
+                           CertificateReporting::SSL_INTERSTITIAL_PROCEED,
+                           CertificateReporting::CERT_REPORT_NOT_EXPECTED,
+                           CreateIncognitoBrowser());
+}
+
 // Visits a page that runs insecure content and tries to suppress the insecure
 // content warnings by randomizing location.hash.
 // Based on http://crbug.com/8706
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        TestRunsInsecuredContentRandomizeHash) {
   ASSERT_TRUE(test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
       "files/ssl/page_runs_insecure_content.html"));
@@ skipping 930 matching lines @@
  protected:
   // SecurityInterstitialIDNTest implementation
   SecurityInterstitialPage* CreateInterstitial(
       content::WebContents* contents,
       const GURL& request_url) const override {
     net::SSLInfo ssl_info;
     ssl_info.cert = new net::X509Certificate(
         request_url.host(), "CA", base::Time::Max(), base::Time::Max());
     return new SSLBlockingPage(
         contents, net::ERR_CERT_CONTAINS_ERRORS, ssl_info, request_url, 0,
-        base::Time::NowFromSystemTime(), base::Callback<void(bool)>());
+        base::Time::NowFromSystemTime(), nullptr, base::Callback<void(bool)>());
   }
 };
 
 IN_PROC_BROWSER_TEST_F(SSLBlockingPageIDNTest, SSLBlockingPageDecodesIDN) {
   EXPECT_TRUE(VerifyIDNDecoded());
 }
 
 // TODO(jcampan): more tests to do below.
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.