Update the root store histograms for Windows 2017-11-21 update

Also distinguish between no hashes available (e.g. loaded from disk
cache) and no publicly trusted hashes (e.g. private CA) in the
.Request metric. Given that this only affected Canary metrics for
a week, the metric is intentionally not renamed.

BUG=787635,788563

Change-Id: I7ff97cd3ecd20b308e6cc85df5c549608251dcbe
Reviewed-on: https://chromium-review.googlesource.com/802214Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520788}

net/cert/root_cert_list_generated.h

@@ -453,6 +453,12 @@ const struct RootCertData {
          0x95, 0x92, 0xA8, 0x2E, 0x75, 0x35, 0x11, 0x3A, 0x12, 0xD3,
      },
      163},
+    {{
+         0x28, 0x2F, 0xB5, 0xCF, 0xBA, 0xF0, 0x15, 0x18, 0xD9, 0x70, 0x4D,
+         0xE7, 0x88, 0x4D, 0x7A, 0x25, 0xFF, 0x01, 0xCF, 0x88, 0x2E, 0x99,
+         0x42, 0x90, 0xD5, 0x99, 0x5D, 0x5E, 0xB6, 0xC4, 0x49, 0x88,
+     },
+     489},
     {{
          0x28, 0x33, 0x10, 0x81, 0x9F, 0x5E, 0x09, 0x20, 0x49, 0x95, 0xD8,
          0xAD, 0x9F, 0xF6, 0xFC, 0x10, 0x74, 0x62, 0x97, 0xB5, 0xC0, 0xAE,
@@ -2715,6 +2721,12 @@ const struct RootCertData {
          0xB5, 0x34, 0x9B, 0x3F, 0xDA, 0xCA, 0x49, 0x6F, 0x5E, 0xB8,
      },
      9},
+    {{
+         0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4,
+         0xC8, 0x99, 0x6F, 0xB9, 0x24, 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B,
+         0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55,
+     },
+     488},
     {{
          0xE4, 0x2F, 0x24, 0xBD, 0x4D, 0x37, 0xF4, 0xAA, 0x2E, 0x56, 0xB9,
          0x79, 0xD8, 0x3D, 0x1E, 0x65, 0x21, 0x9F, 0xE0, 0xE9, 0xE3, 0xA3,
@@ -2925,6 +2937,12 @@ const struct RootCertData {
          0xC1, 0xFD, 0x4C, 0xAC, 0xC3, 0x39, 0xF6, 0xBD, 0xBB, 0x2A,
      },
      28},
+    {{
+         0xFD, 0x37, 0x1B, 0xEA, 0x97, 0x55, 0xFF, 0x60, 0xC8, 0x82, 0x8C,
+         0x84, 0x9B, 0x8E, 0x52, 0x15, 0xDE, 0x53, 0x2D, 0x61, 0xB0, 0x09,
+         0x85, 0x5F, 0xA0, 0xAD, 0x63, 0x0D, 0x90, 0xEE, 0xF8, 0x2E,
+     },
+     490},
     {{
          0xFD, 0x87, 0x2D, 0x17, 0x66, 0x17, 0xE5, 0x0C, 0x26, 0x61, 0x19,
          0xD0, 0xFD, 0xB0, 0x47, 0xB0, 0x73, 0x2D, 0xA2, 0x04, 0x8B, 0x12,

net/url_request/url_request_http_job.cc

@@ -88,6 +88,12 @@ namespace {
 // last. This complements the per-verification histogram
 // Net.Certificate.TrustAnchor.Verify
 void LogTrustAnchor(const net::HashValueVector& spki_hashes) {
+  // Don't record metrics if there are no hashes; this is true if the HTTP
+  // load did not come from an active network connection, such as the disk
+  // cache or a synthesized response.
+  if (spki_hashes.empty())
+    return;
+
   int32_t id = 0;
   for (const auto& hash : spki_hashes) {
     id = net::GetNetTrustAnchorHistogramIdForSPKI(hash);

net/url_request/url_request_http_job_unittest.cc

@@ -1016,6 +1016,39 @@ TEST_F(URLRequestHttpJobWithMockSocketsTest,
                                 kGTSRootR4HistogramID, 1);
 }
 
+TEST_F(URLRequestHttpJobWithMockSocketsTest,
+       TestHttpJobDoesNotRecordTrustAnchorHistogramsWhenNoNetworkLoad) {
+  SSLSocketDataProvider ssl_socket_data(net::ASYNC, net::OK);
+  ssl_socket_data.ssl_info.cert =
+      ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
+  // Simulate a request loaded from a non-network source, such as a disk
+  // cache.
+  ssl_socket_data.ssl_info.public_key_hashes.clear();
+
+  socket_factory_.AddSSLSocketDataProvider(&ssl_socket_data);
+
+  MockWrite writes[] = {MockWrite(kSimpleGetMockWrite)};
+  MockRead reads[] = {MockRead("HTTP/1.1 200 OK\r\n"
+                               "Content-Length: 12\r\n\r\n"),
+                      MockRead("Test Content")};
+  StaticSocketDataProvider socket_data(reads, arraysize(reads), writes,
+                                       arraysize(writes));
+  socket_factory_.AddSocketDataProvider(&socket_data);
+
+  base::HistogramTester histograms;
+  histograms.ExpectTotalCount(kTrustAnchorRequestHistogram, 0);
+
+  TestDelegate delegate;
+  std::unique_ptr<URLRequest> request = context_->CreateRequest(
+      GURL("https://www.example.com/"), DEFAULT_PRIORITY, &delegate,
+      TRAFFIC_ANNOTATION_FOR_TESTS);
+  request->Start();
+  base::RunLoop().Run();
+  EXPECT_THAT(delegate.request_status(), IsOk());
+
+  histograms.ExpectTotalCount(kTrustAnchorRequestHistogram, 0);
+}
+
 TEST_F(URLRequestHttpJobWithMockSocketsTest,
        TestHttpJobRecordsMostSpecificTrustAnchorHistograms) {
   SSLSocketDataProvider ssl_socket_data(net::ASYNC, net::OK);

tools/metrics/histograms/enums.xml

@@ -29716,7 +29716,11 @@ Called by update_net_trust_anchors.py.-->
   <int value="487"
       label="682747f8ba621b87cdd3bc295ed5cabce722a1c0c0363d1d68b38928d2787f1e"/>
   <int value="488"
-      label="682747f8ba621b87cdd3bc295ed5cabce722a1c0c0363d1d68b38928d2787f1e"/>
+      label="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"/>
+  <int value="489"
+      label="282fb5cfbaf01518d9704de7884d7a25ff01cf882e994290d5995d5eb6c44988"/>
+  <int value="490"
+      label="fd371bea9755ff60c8828c849b8e5215de532d61b009855fa0ad630d90eef82e"/>
 </enum>
 
 <enum name="Network3GGobiError">