Add additional UMA stats for remembering certificate decisions.

In the new experiment for remembering certificate decisions by users, decisions
expire after a certain amount of time. This CL adds measures to explicitly
measure how ofter users change their mind after an expiration of their prior
decision.

BUG=262615
R=felt@chromium.org
TBR=gunsch@chromium.org,torne@chromium.org

Review URL: https://codereview.chromium.org/450833002

Cr-Commit-Position: refs/heads/master@{#289787}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289787 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 47 insertions, 17 deletions

diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index c06c7db..18fdde4 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -32,11 +32,13 @@ SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
 }
 
 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
+  bool expired_previous_decision;
   // First we check if we know the policy for this error.
   net::CertPolicy::Judgment judgment =
       backend_->QueryPolicy(handler->ssl_info().cert.get(),
                             handler->request_url().host(),
-                            handler->cert_error());
+                            handler->cert_error(),
+                            &expired_previous_decision);
 
   if (judgment == net::CertPolicy::ALLOWED) {
     handler->ContinueRequest();
@@ -47,6 +49,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
   // For now we handle the DENIED as the UNKNOWN, which means a blocking
   // page is shown to the user every time he comes back to the page.
 
+  int options_mask = 0;
   switch (handler->cert_error()) {
     case net::ERR_CERT_COMMON_NAME_INVALID:
     case net::ERR_CERT_DATE_INVALID:
@@ -54,7 +57,13 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
     case net::ERR_CERT_WEAK_KEY:
     case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
-      OnCertErrorInternal(handler, !handler->fatal(), handler->fatal());
+      if (!handler->fatal())
+        options_mask |= OVERRIDABLE;
+      else
+        options_mask |= STRICT_ENFORCEMENT;
+      if (expired_previous_decision)
+        options_mask |= EXPIRED_PREVIOUS_DECISION;
+      OnCertErrorInternal(handler, options_mask);
       break;
     case net::ERR_CERT_NO_REVOCATION_MECHANISM:
       // Ignore this error.
@@ -70,7 +79,11 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     case net::ERR_CERT_INVALID:
     case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
     case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
-      OnCertErrorInternal(handler, false, handler->fatal());
+      if (handler->fatal())
+        options_mask |= STRICT_ENFORCEMENT;
+      if (expired_previous_decision)
+        options_mask |= EXPIRED_PREVIOUS_DECISION;
+      OnCertErrorInternal(handler, options_mask);
       break;
     default:
       NOTREACHED();
@@ -182,8 +195,11 @@ void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
 // Certificate Error Routines
 
 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
-                                    bool overridable,
-                                    bool strict_enforcement) {
+                                    int options_mask) {
+  bool overridable = (options_mask & OVERRIDABLE) != 0;
+  bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0;
+  bool expired_previous_decision =
+      (options_mask & EXPIRED_PREVIOUS_DECISION) != 0;
   CertificateRequestResultType result =
       CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
   GetContentClient()->browser()->AllowCertificateError(
@@ -195,7 +211,9 @@ void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
       handler->resource_type(),
       overridable,
       strict_enforcement,
-      base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this),
+      expired_previous_decision,
+      base::Bind(&SSLPolicy::OnAllowCertificate,
+                 base::Unretained(this),
                  make_scoped_refptr(handler)),
       &result);
   switch (result) {
diff --git a/content/browser/ssl/ssl_policy.h b/content/browser/ssl/ssl_policy.h
index 64b9c3a..78dbb6d 100644
--- a/content/browser/ssl/ssl_policy.h
+++ b/content/browser/ssl/ssl_policy.h
@@ -44,20 +44,27 @@ class SSLPolicy {
   SSLPolicyBackend* backend() const { return backend_; }
 
  private:
+  enum OnCertErrorInternalOptionsMask {
+    OVERRIDABLE = 1 << 0,
+    STRICT_ENFORCEMENT = 1 << 1,
+    EXPIRED_PREVIOUS_DECISION = 1 << 2
+  };
+
   // Callback that the user chose to accept or deny the certificate.
   void OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
                           bool allow);
 
   // Helper method for derived classes handling certificate errors.
   //
-  // |overridable| indicates whether or not the user could (assuming perfect
+  // Options should be a bitmask combination of OnCertErrorInternalOptionsMask.
+  // OVERRIDABLE indicates whether or not the user could (assuming perfect
   // knowledge) successfully override the error and still get the security
-  // guarantees of TLS. |strict_enforcement| indicates whether or not the
-  // site the user is trying to connect to has requested strict enforcement
-  // of certificate validation (e.g. with HTTP Strict-Transport-Security).
-  void OnCertErrorInternal(SSLCertErrorHandler* handler,
-                           bool overridable,
-                           bool strict_enforcement);
+  // guarantees of TLS. STRICT_ENFORCEMENT indicates whether or not the site the
+  // user is trying to connect to has requested strict enforcement of
+  // certificate validation (e.g. with HTTP Strict-Transport-Security).
+  // EXPIRED_PREVIOUS_DECISION indicates whether a user decision had been
+  // previously made but the decision has expired.
+  void OnCertErrorInternal(SSLCertErrorHandler* handler, int options_mask);
 
   // If the security style of |entry| has not been initialized, then initialize
   // it with the default style for its URL.
diff --git a/content/browser/ssl/ssl_policy_backend.cc b/content/browser/ssl/ssl_policy_backend.cc
index 3d0ea01..e81c35d 100644
--- a/content/browser/ssl/ssl_policy_backend.cc
+++ b/content/browser/ssl/ssl_policy_backend.cc
@@ -48,11 +48,13 @@ void SSLPolicyBackend::AllowCertForHost(net::X509Certificate* cert,
 net::CertPolicy::Judgment SSLPolicyBackend::QueryPolicy(
     net::X509Certificate* cert,
     const std::string& host,
-    net::CertStatus error) {
+    net::CertStatus error,
+    bool* expired_previous_decision) {
   if (!ssl_host_state_delegate_)
     return net::CertPolicy::UNKNOWN;
 
-  return ssl_host_state_delegate_->QueryPolicy(host, cert, error);
+  return ssl_host_state_delegate_->QueryPolicy(
+      host, cert, error, expired_previous_decision);
 }
 
 }  // namespace content
diff --git a/content/browser/ssl/ssl_policy_backend.h b/content/browser/ssl/ssl_policy_backend.h
index a5222e9..5997b28 100644
--- a/content/browser/ssl/ssl_policy_backend.h
+++ b/content/browser/ssl/ssl_policy_backend.h
@@ -39,10 +39,13 @@ class SSLPolicyBackend {
                         const std::string& host,
                         net::CertStatus error);
 
-  // Queries whether |cert| is allowed or denied for |host|.
+  // Queries whether |cert| is allowed or denied for |host|. Returns true in
+  // |expired_previous_decision| if a user decision had been made previously but
+  // that decision has expired, otherwise false.
   net::CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,
                                         const std::string& host,
-                                        net::CertStatus error);
+                                        net::CertStatus error,
+                                        bool* expired_previous_decision);
 
  private:
   // SSL state delegate specific for each host.