Add DCHECKs when NetworkContext is passed an empty NetworkIsolationKey.

In particular, add DCHECKs when an empty NIK is passed when sending a
report, or when verifying a signed exchange's cert (which can send a
report of another type). The DCHECK is only enabled when
require_network_isolation_key is set. Actually respecting the received
NIK is disabled by default, but all consumers outside the network
service should now always be passing a non-empty NIK when using these
APIs.

Bug: 993805, 1087091
Change-Id: I5f4eef6f9f7b3b4faaaedca62e110e695ccabf2e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2595630Reviewed-by: Lily Chen <chlily@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#837748}

services/network/network_context.cc

@@ -853,9 +853,9 @@ void NetworkContext::QueueReport(
     const net::NetworkIsolationKey& network_isolation_key,
     const base::Optional<std::string>& user_agent,
     base::Value body) {
-  // TODO(mmenke): Once all callers have been updated to send a
-  // NetworkIsolationKey, DCHECK network_isolation_key() is not null, when
-  // require_network_isolation_key() is set on the URLRequestContext.
+  if (url_request_context_->require_network_isolation_key())
+    DCHECK(!network_isolation_key.IsEmpty());
+
   DCHECK(body.is_dict());
   if (!body.is_dict())
     return;
@@ -885,18 +885,17 @@ void NetworkContext::QueueReport(
 void NetworkContext::QueueSignedExchangeReport(
     mojom::SignedExchangeReportPtr report,
     const net::NetworkIsolationKey& network_isolation_key) {
-  // TODO(mmenke): Once all callers have been updated to send a
-  // NetworkIsolationKey, DCHECK network_isolation_key() is not null, when
-  // require_network_isolation_key() is set on the URLRequestContext.
+  if (url_request_context_->require_network_isolation_key())
+    DCHECK(!network_isolation_key.IsEmpty());
 
-  net::URLRequestContext* request_context = url_request_context();
   net::NetworkErrorLoggingService* logging_service =
-      request_context->network_error_logging_service();
+      url_request_context_->network_error_logging_service();
   if (!logging_service)
     return;
   std::string user_agent;
-  if (request_context->http_user_agent_settings() != nullptr) {
-    user_agent = request_context->http_user_agent_settings()->GetUserAgent();
+  if (url_request_context_->http_user_agent_settings() != nullptr) {
+    user_agent =
+        url_request_context_->http_user_agent_settings()->GetUserAgent();
   }
   net::NetworkErrorLoggingService::SignedExchangeReportDetails details;
   details.network_isolation_key = network_isolation_key;
@@ -1388,9 +1387,8 @@ void NetworkContext::VerifyCertForSignedExchange(
     const std::string& ocsp_result,
     const std::string& sct_list,
     VerifyCertForSignedExchangeCallback callback) {
-  // TODO(https://crbug.com/1087091): DCHECK that |network_isolation_key| is
-  // populated when |require_network_isolation_key| is true, once all consumers
-  // are passing in a NetworkIsolationKey.
+  if (url_request_context_->require_network_isolation_key())
+    DCHECK(!network_isolation_key.IsEmpty());
 
   int cert_verify_id = ++next_cert_verify_id_;
   auto pending_cert_verify = std::make_unique<PendingCertVerify>();