Add checkbox for reporting invalid TLS/SSL cert chains

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/chrome_notification_types.h"
+#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/browser_navigator.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
@@ skipping 13 matching lines @@
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/common/security_style.h"
 #include "content/public/common/ssl_status.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/download_test_observer.h"
 #include "content/public/test/test_renderer_host.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
+#include "net/url_request/fraudulent_certificate_reporter.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
 
 #if defined(USE_NSS)
 #include "chrome/browser/net/nss_context.h"
 #include "net/base/crypto_module.h"
 #include "net/cert/nss_cert_database.h"
 #endif  // defined(USE_NSS)
 
 using base::ASCIIToUTF16;
+using chrome_browser_net::ChromeFraudulentCertificateReporter;
 using content::InterstitialPage;
 using content::NavigationController;
 using content::NavigationEntry;
 using content::SSLStatus;
 using content::WebContents;
+using net::FraudulentCertificateReporter;
 using web_modal::WebContentsModalDialogManager;
 
 const base::FilePath::CharType kDocRoot[] =
     FILE_PATH_LITERAL("chrome/test/data");
 
 namespace {
 
 class ProvisionalLoadWaiter : public content::WebContentsObserver {
  public:
   explicit ProvisionalLoadWaiter(WebContents* tab)
@@ skipping 271 matching lines @@
     std::vector<net::SpawnedTestServer::StringPair>
         replacement_text_for_page_with_unsafe_worker;
     replacement_text_for_page_with_unsafe_worker.push_back(
         make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
     return net::SpawnedTestServer::GetFilePathWithReplacements(
         "files/ssl/page_with_unsafe_worker.html",
         replacement_text_for_page_with_unsafe_worker,
         page_with_unsafe_worker_path);
   }
 
+  // Helper function for the testing invalid certificate chain reporting.
+  void TestBrokenHTTPSReporting(bool opt_in,
+                                bool proceed,
+                                bool switch_enabled = true) {
+    ASSERT_TRUE(https_server_expired_.Start());
+
+    // Set up the mock reporter to track the hostnames that reports get
+    // sent for.
+    net::URLRequestContext* context =
+        browser()->profile()->GetRequestContext()->GetURLRequestContext();
+    MockReporter reporter(context);
+    FraudulentCertificateReporter* orig_reporter =
+        context->fraudulent_certificate_reporter();
+    context->set_fraudulent_certificate_reporter(&reporter);
+
+    // Opt in to sending reports for invalid certificate chains.
+    browser()->profile()->GetPrefs()->SetBoolean(
+        prefs::kSafeBrowsingExtendedReportingEnabled, opt_in);
+
+    EXPECT_EQ(reporter.GetLatestHostnameReported(), "");
+
+    ui_test_utils::NavigateToURL(browser(), https_server_expired_.GetURL("/"));
+
+    WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+    CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID,
+                                   AuthState::SHOWING_INTERSTITIAL);
+
+    if (proceed) {
+      ProceedThroughInterstitial(tab);
+    } else {
+      // Click "Take me back"
+      InterstitialPage* interstitial_page = tab->GetInterstitialPage();
+      ASSERT_TRUE(interstitial_page);
+      interstitial_page->DontProceed();
+    }
+
+    base::RunLoop().RunUntilIdle();

[Ryan Sleevi, 2015/02/27 00:46:33]

May want a comment explaining why this is.

[estark, 2015/02/27 02:49:37]

Done.

+
+    if (opt_in) {
+      // Check that the mock reporter received a request to send a report.
+      if (switch_enabled) {
+        EXPECT_EQ(reporter.GetLatestHostnameReported(),
+                  https_server_expired_.GetURL("/").host());
+      } else {
+        EXPECT_EQ(reporter.GetLatestHostnameReported(), "");
+      }
+    } else {
+      EXPECT_EQ(reporter.GetLatestHostnameReported(), "");
+    }
+
+    context->set_fraudulent_certificate_reporter(orig_reporter);
+  }
+
   net::SpawnedTestServer https_server_;
   net::SpawnedTestServer https_server_expired_;
   net::SpawnedTestServer https_server_mismatched_;
   net::SpawnedTestServer wss_server_expired_;
 
  private:
   typedef net::SpawnedTestServer::SSLOptions SSLOptions;
 
+  // This class is used to test invalid certificate chain reporting when
+  // the user opts in to do so on the interstitial.
+  class MockReporter : public ChromeFraudulentCertificateReporter {

[Ryan Sleevi, 2015/02/27 00:46:33]

Since you're not relying on this class being able to access members of this
test, I'd instead move this from being a nested class to being a member of an
unnamed namespace, moving it wholesale to line 177

[estark, 2015/02/27 02:49:37]

Done.

+   public:
+    explicit MockReporter(net::URLRequestContext* request_context)
+        : ChromeFraudulentCertificateReporter(request_context) {
+      latest_hostname_reported_ = "";

[Ryan Sleevi, 2015/02/27 00:46:33]

This is not necessary. Strings are default initialized to empty

(Note, in terms of preference, prefer .clear(), then = std::string(), then = "";
although all are unnecessary here)

[estark, 2015/02/27 02:49:37]

Done.

+    }
+
+    void SendReport(ReportType type,
+                    const std::string& hostname,
+                    const net::SSLInfo& ssl_info) override {
+      latest_hostname_reported_ = hostname;
+      EXPECT_EQ(type, REPORT_TYPE_EXTENDED_REPORTING);
+    }
+
+    const std::string& GetLatestHostnameReported() {
+      return latest_hostname_reported_;
+    }
+
+   private:
+    std::string latest_hostname_reported_;
+  };
+
   DISALLOW_COPY_AND_ASSIGN(SSLUITest);
 };
 
 class SSLUITestBlock : public SSLUITest {
  public:
   SSLUITestBlock() : SSLUITest() {}
 
   // Browser will neither run nor display insecure content.
   void SetUpCommandLine(base::CommandLine* command_line) override {
     command_line->AppendSwitch(switches::kNoDisplayingInsecureContent);
@@ skipping 13 matching lines @@
 class SSLUITestIgnoreLocalhostCertErrors : public SSLUITest {
  public:
   SSLUITestIgnoreLocalhostCertErrors() : SSLUITest() {}
 
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will ignore certificate errors on localhost.
     command_line->AppendSwitch(switches::kAllowInsecureLocalhost);
   }
 };
 
+class SSLUITestWithExtendedReporting : public SSLUITest {
+ public:
+  SSLUITestWithExtendedReporting() : SSLUITest() {}
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    // Enable a checkbox on SSL interstitials that allows users to opt
+    // in to reporting invalid certificate chains.
+    command_line->AppendSwitch(switches::kEnableInvalidCertCollection);
+  }
+};
+
 // Visits a regular page over http.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
   ASSERT_TRUE(test_server()->Start());
 
   ui_test_utils::NavigateToURL(browser(),
                                test_server()->GetURL("files/ssl/google.html"));
 
   CheckUnauthenticatedState(
       browser()->tab_strip_model()->GetActiveWebContents(), AuthState::NONE);
 }
@@ skipping 36 matching lines @@
   CheckAuthenticationBrokenState(
       tab, net::CERT_STATUS_DATE_INVALID, AuthState::SHOWING_INTERSTITIAL);
 
   ProceedThroughInterstitial(tab);
 
   CheckAuthenticationBrokenState(tab,
                                  net::CERT_STATUS_DATE_INVALID,
                                  AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
+// Test that when the checkbox is checked and the user proceeds through
+// the interstitial, the FraudulentCertificateReporter sees a request to
+// send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSProceedWithReporting) {
+  TestBrokenHTTPSReporting(true, true);
+}
+
+// Test that when the checkbox is checked and the user goes back (does
+// not proceed through the interstitial), the
+// FraudulentCertificateReporter sees a request to send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSGoBackWithReporting) {
+  TestBrokenHTTPSReporting(true, false);
+}
+
+// Test that when the checkbox is not checked and the user proceeds
+// through the interstitial, the FraudulentCertificateReporter does not
+// see a request to send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSProceedWithNoReporting) {
+  TestBrokenHTTPSReporting(false, true);
+}
+
+// Test that when the checkbox is not checked and the user does not proceed
+// through the interstitial, the FraudulentCertificateReporter does not
+// see a request to send a report.
+IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
+                       TestBrokenHTTPSGoBackWithNoReporting) {
+  TestBrokenHTTPSReporting(false, false);
+}
+
+// Test that when the command-line switch for reporting invalid cert
+// chains is not enabled, reports don't get sent, even if the opt-in
+// preference is set. (i.e. if a user enables invalid cert collection in
+// chrome://flags, checks the box on an interstitial, and then disables
+// the flag in chrome://flags, reports shouldn't be sent on the next
+// interstitial).
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestBrokenHTTPSNoReportingWithoutSwitch) {
+  TestBrokenHTTPSReporting(true, true, false);
+}
+
 // http://crbug.com/91745
 #if defined(OS_CHROMEOS)
 #define MAYBE_TestOKHTTPS DISABLED_TestOKHTTPS
 #else
 #define MAYBE_TestOKHTTPS TestOKHTTPS
 #endif
 
 // Visits a page over OK https:
 IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestOKHTTPS) {
   ASSERT_TRUE(https_server_.Start());
@@ skipping 1456 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.