Add Legacy TLS metrics support code

This adds support code for collecting user behavior metrics for the legacy TLS deprecation UI. Bug: 1016105 Change-Id: Ia8ebde562fbd882055b285866d6351c4d30860c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1872296 Commit-Queue: Christopher Thompson <cthomp@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/master@{#708099}

Add Legacy TLS metrics support code
This adds support code for collecting user behavior metrics for the legacy TLS deprecation UI. Bug: 1016105 Change-Id: Ia8ebde562fbd882055b285866d6351c4d30860c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1872296 Commit-Queue: Christopher Thompson <cthomp@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/master@{#708099}
cca4c341 · Christopher Thompson · Commit Bot · 2cf74a83 · cca4c341 · cca4c341
Commit cca4c341 authored Oct 22, 2019 by Christopher Thompson Committed by Commit Bot Oct 22, 2019
6 changed files
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -5518,6 +5518,8 @@ static_library("test_support") {
    "signin/scoped_account_consistency.h",
    "ssl/ssl_client_auth_requestor_mock.cc",
    "ssl/ssl_client_auth_requestor_mock.h",
+    "ssl/tls_deprecation_test_utils.cc",
+    "ssl/tls_deprecation_test_utils.h",
    "translate/translate_test_utils.cc",
    "translate/translate_test_utils.h",
  ]

--- a/chrome/browser/ssl/tls_deprecation_test_utils.cc
+++ b/chrome/browser/ssl/tls_deprecation_test_utils.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/tls_deprecation_test_utils.h"
+
+#include "chrome/browser/ssl/tls_deprecation_config.h"
+#include "chrome/browser/ssl/tls_deprecation_config.pb.h"
+#include "content/public/test/navigation_simulator.h"
+#include "net/cert/x509_certificate.h"
+#include "net/ssl/ssl_config.h"
+#include "net/ssl/ssl_connection_status_flags.h"
+#include "net/ssl/ssl_info.h"
+#include "net/test/cert_test_util.h"
+#include "net/test/test_data_directory.h"
+#include "url/gurl.h"
+
+void InitializeEmptyLegacyTLSConfig() {
+  auto config =
+      std::make_unique<chrome_browser_ssl::LegacyTLSExperimentConfig>();
+  SetRemoteTLSDeprecationConfigProto(std::move(config));
+}
+
+void InitializeLegacyTLSConfigWithControl() {
+  auto config =
+      std::make_unique<chrome_browser_ssl::LegacyTLSExperimentConfig>();
+  config->add_control_site_hashes(kLegacyTlsControlUrlHash);
+  SetRemoteTLSDeprecationConfigProto(std::move(config));
+}
+
+std::unique_ptr<content::NavigationSimulator> CreateTLSNavigation(
+    const GURL& url,
+    content::WebContents* web_contents,
+    uint16_t ssl_protocol_version) {
+  auto navigation_simulator =
+      content::NavigationSimulator::CreateBrowserInitiated(url, web_contents);
+  navigation_simulator->Start();
+
+  // Setup the SSLInfo to specify the TLS version used.
+  auto cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
+  net::SSLInfo ssl_info = net::SSLInfo();
+  net::SSLConnectionStatusSetVersion(ssl_protocol_version,
+                                     &ssl_info.connection_status);
+  ssl_info.cert = cert;
+  navigation_simulator->SetSSLInfo(ssl_info);
+
+  return navigation_simulator;
+}
+
+std::unique_ptr<content::NavigationSimulator> CreateLegacyTLSNavigation(
+    const GURL& url,
+    content::WebContents* web_contents) {
+  return CreateTLSNavigation(url, web_contents,
+                             net::SSL_CONNECTION_VERSION_TLS1);
+}
+
+std::unique_ptr<content::NavigationSimulator> CreateNonlegacyTLSNavigation(
+    const GURL& url,
+    content::WebContents* web_contents) {
+  return CreateTLSNavigation(url, web_contents,
+                             net::SSL_CONNECTION_VERSION_TLS1_2);
+}
--- a/chrome/browser/ssl/tls_deprecation_test_utils.h
+++ b/chrome/browser/ssl/tls_deprecation_test_utils.h
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_TLS_DEPRECATION_TEST_UTILS_H_
+#define CHROME_BROWSER_SSL_TLS_DEPRECATION_TEST_UTILS_H_
+
+#include <memory>
+
+namespace content {
+class NavigationSimulator;
+class WebContents;
+}  // namespace content
+
+class GURL;
+
+const char kLegacyTLSDefaultURL[] = "https://example.test";
+const char kLegacyTLSControlURL[] = "https://control.test";
+// SHA-256 hash of kMockNonsecureHostname for use in setting a control site in
+// the LegacyTLSExperimentConfig for Legacy TLS tests. Generated with
+// `echo -n "control.test" | openssl sha256`.
+const char kLegacyTlsControlUrlHash[] =
+    "f12b47771bb3c2bcc85a5347d195523013ec5a23b4c761b5d6aacf04bafc5e23";
+
+void InitializeEmptyLegacyTLSConfig();
+
+void InitializeLegacyTLSConfigWithControl();
+
+// Creates and starts a simulated navigation using the specified SSL protocol
+// version (e.g., net::SSL_CONNECTION_VERSION_TLS1_2).
+std::unique_ptr<content::NavigationSimulator> CreateTLSNavigation(
+    const GURL& url,
+    content::WebContents* web_contents,
+    uint16_t ssl_protocol_version);
+
+// Creates and starts a simulated navigation using TLS 1.0.
+std::unique_ptr<content::NavigationSimulator> CreateLegacyTLSNavigation(
+    const GURL& url,
+    content::WebContents* web_contents);
+
+// Creates and starts a simulated navigation using TLS 1.2.
+std::unique_ptr<content::NavigationSimulator> CreateNonlegacyTLSNavigation(
+    const GURL& url,
+    content::WebContents* web_contents);
+
+#endif  // CHROME_BROWSER_SSL_TLS_DEPRECATION_TEST_UTILS_H_
--- a/components/security_state/core/security_state.cc
+++ b/components/security_state/core/security_state.cc
@@ -267,6 +267,11 @@ VisibleSecurityState::VisibleSecurityState()
      connection_used_legacy_tls(false),
      should_suppress_legacy_tls_warning(false) {}

+VisibleSecurityState::VisibleSecurityState(const VisibleSecurityState& other) =
+    default;
+VisibleSecurityState& VisibleSecurityState::operator=(
+    const VisibleSecurityState& other) = default;
+
 VisibleSecurityState::~VisibleSecurityState() {}

 bool IsSchemeCryptographic(const GURL& url) {
@@ -293,6 +298,22 @@ std::string GetSafetyTipHistogramName(const std::string& prefix,
  return prefix + "." + GetHistogramSuffixForSafetyTipStatus(safety_tip_status);
 }

+bool GetLegacyTLSWarningStatus(
+    const VisibleSecurityState& visible_security_state) {
+  return visible_security_state.connection_used_legacy_tls &&
+         !visible_security_state.should_suppress_legacy_tls_warning;
+}
+
+std::string GetLegacyTLSHistogramName(
+    const std::string& prefix,
+    const VisibleSecurityState& visible_security_state) {
+  if (GetLegacyTLSWarningStatus(visible_security_state)) {
+    return prefix + "." + "LegacyTLS_Triggered";
+  } else {
+    return prefix + "." + "LegacyTLS_NotTriggered";
+  }
+}
+
 bool IsSHA1InChain(const VisibleSecurityState& visible_security_state) {
  return visible_security_state.certificate &&
         (visible_security_state.cert_status &

--- a/components/security_state/core/security_state.h
+++ b/components/security_state/core/security_state.h
@@ -143,7 +143,10 @@ struct SafetyTipInfo {
 // for a page. This is the input to GetSecurityLevel().
 struct VisibleSecurityState {
  VisibleSecurityState();
+  VisibleSecurityState(const VisibleSecurityState& other);
+  VisibleSecurityState& operator=(const VisibleSecurityState& other);
  ~VisibleSecurityState();
+
  GURL url;

  MaliciousContentStatus malicious_content_status;
@@ -240,6 +243,18 @@ std::string GetSecurityLevelHistogramName(
 std::string GetSafetyTipHistogramName(const std::string& prefix,
                                      SafetyTipStatus safety_tip_status);

+// Returns whether the given VisibleSecurityState would trigger a legacy TLS
+// warning (i.e., uses legacy TLS and isn't in the control group), if the user
+// were in the appropriate field trial.
+bool GetLegacyTLSWarningStatus(
+    const VisibleSecurityState& visible_security_state);
+
+// Returns the given prefix suffixed with a dot and the legacy TLS status
+// derived from the VisibleSecurityStatus.
+std::string GetLegacyTLSHistogramName(
+    const std::string& prefix,
+    const VisibleSecurityState& visible_security_state);
+
 bool IsSHA1InChain(const VisibleSecurityState& visible_security_state);

 }  // namespace security_state

--- a/components/security_state/core/security_state_unittest.cc
+++ b/components/security_state/core/security_state_unittest.cc
@@ -443,6 +443,28 @@ TEST(SecurityStateTest, SslCertificateValid) {
  EXPECT_FALSE(IsSslCertificateValid(SecurityLevel::WARNING));
 }

+// Tests GetLegacyTLSWarningStatus function.
+TEST(SecurityStateTest, LegacyTLSWarningStatus) {
+  const struct {
+    bool connection_used_legacy_tls;
+    bool should_suppress_legacy_tls_warning;
+    bool expected_legacy_tls_warning_status;
+  } kTestCases[] = {
+      {true, false, true},
+      {true, true, false},
+      {false, false, false},
+      {false, true, false},
+  };
+  for (auto testcase : kTestCases) {
+    auto state = VisibleSecurityState();
+    state.connection_used_legacy_tls = testcase.connection_used_legacy_tls;
+    state.should_suppress_legacy_tls_warning =
+        testcase.should_suppress_legacy_tls_warning;
+    EXPECT_EQ(testcase.expected_legacy_tls_warning_status,
+              GetLegacyTLSWarningStatus(state));
+  }
+}
+
 // Tests that WARNING is not set for error pages.
 TEST(SecurityStateTest, ErrorPage) {
  TestSecurityStateHelper helper;