Add a method to the HostContentSettings map to return the |Value| of a content setting

chrome/browser/content_settings/content_settings_policy_provider.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/content_settings/content_settings_policy_provider.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
+#include "base/json/json_reader.h"
 #include "chrome/browser/content_settings/content_settings_pattern.h"
 #include "chrome/browser/content_settings/content_settings_utils.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/pref_names.h"
 #include "content/browser/browser_thread.h"
 #include "content/common/notification_service.h"
 #include "content/common/notification_source.h"
 #include "webkit/plugins/npapi/plugin_group.h"
 #include "webkit/plugins/npapi/plugin_list.h"
 
 namespace {
 
 // The preferences used to manage ContentSettingsTypes.
 const char* kPrefToManageType[CONTENT_SETTINGS_NUM_TYPES] = {
   prefs::kManagedDefaultCookiesSetting,
   prefs::kManagedDefaultImagesSetting,
   prefs::kManagedDefaultJavaScriptSetting,
   prefs::kManagedDefaultPluginsSetting,
   prefs::kManagedDefaultPopupsSetting,
   prefs::kManagedDefaultGeolocationSetting,
   prefs::kManagedDefaultNotificationsSetting,
-  NULL,
-  prefs::kManagedDefaultAutoSelectCertificateSetting,
+  NULL,  // No policy for default value of content type intents
+  NULL,  // No policy for default value of content type auto-select-certificate
 };
 
 struct PrefsForManagedContentSettingsMapEntry {
   const char* pref_name;
   ContentSettingsType content_type;
   ContentSetting setting;
 };
 
 const PrefsForManagedContentSettingsMapEntry
     kPrefsForManagedContentSettingsMap[] = {
   {
-    prefs::kManagedAutoSelectCertificateForUrls,
-    CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
-    CONTENT_SETTING_ALLOW
-  }, {
     prefs::kManagedCookiesAllowedForUrls,
     CONTENT_SETTINGS_TYPE_COOKIES,
     CONTENT_SETTING_ALLOW
   }, {
     prefs::kManagedCookiesSessionOnlyForUrls,
     CONTENT_SETTINGS_TYPE_COOKIES,
     CONTENT_SETTING_SESSION_ONLY
   }, {
     prefs::kManagedCookiesBlockedForUrls,
     CONTENT_SETTINGS_TYPE_COOKIES,
@@ skipping 52 matching lines @@
   // in parallel to the preference default-content-settings.  If a
   // default-content-settings-type is managed any user defined excpetions
   // (patterns) for this type are ignored.
   pref_change_registrar_.Add(prefs::kManagedDefaultCookiesSetting, this);
   pref_change_registrar_.Add(prefs::kManagedDefaultImagesSetting, this);
   pref_change_registrar_.Add(prefs::kManagedDefaultJavaScriptSetting, this);
   pref_change_registrar_.Add(prefs::kManagedDefaultPluginsSetting, this);
   pref_change_registrar_.Add(prefs::kManagedDefaultPopupsSetting, this);
   pref_change_registrar_.Add(prefs::kManagedDefaultGeolocationSetting, this);
   pref_change_registrar_.Add(prefs::kManagedDefaultNotificationsSetting, this);
-  pref_change_registrar_.Add(
-      prefs::kManagedDefaultAutoSelectCertificateSetting, this);
 }
 
 PolicyDefaultProvider::~PolicyDefaultProvider() {
   DCHECK(!prefs_);
 }
 
 ContentSetting PolicyDefaultProvider::ProvideDefaultSetting(
     ContentSettingsType content_type) const {
   base::AutoLock auto_lock(lock_);
   return managed_default_content_settings_.settings[content_type];
@@ skipping 30 matching lines @@
     } else if (*name == prefs::kManagedDefaultJavaScriptSetting) {
       UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_JAVASCRIPT);
     } else if (*name == prefs::kManagedDefaultPluginsSetting) {
       UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_PLUGINS);
     } else if (*name == prefs::kManagedDefaultPopupsSetting) {
       UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_POPUPS);
     } else if (*name == prefs::kManagedDefaultGeolocationSetting) {
       UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_GEOLOCATION);
     } else if (*name == prefs::kManagedDefaultNotificationsSetting) {
       UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_NOTIFICATIONS);
-    } else if (*name == prefs::kManagedDefaultAutoSelectCertificateSetting) {
-      UpdateManagedDefaultSetting(
-          CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE);
     } else {
       NOTREACHED() << "Unexpected preference observed";
       return;
     }
 
     NotifyObservers(ContentSettingsPattern(),
                     ContentSettingsPattern(),
                     CONTENT_SETTINGS_TYPE_DEFAULT,
                     std::string());
   } else {
@@ skipping 51 matching lines @@
                              PrefService::UNSYNCABLE_PREF);
   prefs->RegisterIntegerPref(prefs::kManagedDefaultPopupsSetting,
                              CONTENT_SETTING_DEFAULT,
                              PrefService::UNSYNCABLE_PREF);
   prefs->RegisterIntegerPref(prefs::kManagedDefaultGeolocationSetting,
                              CONTENT_SETTING_DEFAULT,
                              PrefService::UNSYNCABLE_PREF);
   prefs->RegisterIntegerPref(prefs::kManagedDefaultNotificationsSetting,
                              CONTENT_SETTING_DEFAULT,
                              PrefService::UNSYNCABLE_PREF);
-  prefs->RegisterIntegerPref(prefs::kManagedDefaultAutoSelectCertificateSetting,
-                             CONTENT_SETTING_ASK,
-                             PrefService::UNSYNCABLE_PREF);
 }
 
 // ////////////////////////////////////////////////////////////////////////////
 // PolicyProvider
 
 // static
 void PolicyProvider::RegisterUserPrefs(PrefService* prefs) {
   prefs->RegisterListPref(prefs::kManagedAutoSelectCertificateForUrls,
                           PrefService::UNSYNCABLE_PREF);
   prefs->RegisterListPref(prefs::kManagedCookiesAllowedForUrls,
@@ skipping 71 matching lines @@
       PatternPair pattern_pair = ParsePatternString(original_pattern_str);
       // Ignore invalid patterns.
       if (!pattern_pair.first.IsValid()) {
         VLOG(1) << "Ignoring invalid content settings pattern: " <<
                    original_pattern_str;
         continue;
       }
 
       ContentSettingsType content_type =
           kPrefsForManagedContentSettingsMap[i].content_type;
+      DCHECK_NE(content_type, CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE);
       // If only one pattern was defined auto expand it to a pattern pair.
       ContentSettingsPattern secondary_pattern =
           !pattern_pair.second.IsValid() ? ContentSettingsPattern::Wildcard()
                                          : pattern_pair.second;
       value_map->SetValue(
           pattern_pair.first,
           secondary_pattern,
           content_type,
           ResourceIdentifier(NO_RESOURCE_IDENTIFIER),
           static_cast<Value*>(Value::CreateIntegerValue(

[wtc, 2011/09/06 22:11:42]

Is this static_cast necessary?

Value::CreateIntegerValue() returns FundamentalValue*.

FundamentalValue is derived from Value.

So FundamentalValue* should be converted to Value*
automatically.

[markusheintz_, 2011/09/07 19:29:48]

Done

               kPrefsForManagedContentSettingsMap[i].setting)));
     }
   }
 }
 
+void PolicyProvider::GetAutoSelectCertificateSettingsFromPreferences(
+    OriginIdentifierValueMap* value_map) {
+  const char* pref_name = prefs::kManagedAutoSelectCertificateForUrls;
+
+  if (!prefs_->HasPrefPath(pref_name)) {
+    VLOG(2) << "Skipping unset preference: " << pref_name;
+    return;
+  }
+
+  const PrefService::Preference* pref = prefs_->FindPreference(pref_name);
+  DCHECK(pref);
+  DCHECK(pref->IsManaged());
+
+  const ListValue* pattern_filter_str_list = NULL;
+  if (!pref->GetValue()->GetAsList(&pattern_filter_str_list)) {
+    NOTREACHED();
+    return;
+  }
+
+  // Parse the list of pattern filter strings. A pattern filter string has
+  // the following JSON format:
+  //
+  // {
+  //   "pattern": <content settings pattern string>,
+  //   "filter" : <certificate filter in JSON format>
+  // }
+  //
+  // e.g.
+  // {
+  //   "pattern": "[*.]example.com",
+  //   "filter": {
+  //      "ISSUER": {
+  //        "CN": "some name"
+  //      }
+  // }
+  for (size_t j = 0; j < pattern_filter_str_list->GetSize(); ++j) {
+    std::string pattern_filter_json;
+    pattern_filter_str_list->GetString(j, &pattern_filter_json);
+
+    scoped_ptr<Value> value(base::JSONReader::Read(pattern_filter_json, true));
+    if (!value.get()) {
+      VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:"
+              << " Invalid JSON format: " << pattern_filter_json;
+      continue;
+    }
+
+    scoped_ptr<DictionaryValue> pattern_filter_pair(
+        static_cast<DictionaryValue*>(value.release()));
+    std::string pattern_str;
+    bool pattern_read = pattern_filter_pair->GetString("pattern", &pattern_str);
+    Value* cert_filter_ptr = NULL;
+    bool filter_read = pattern_filter_pair->Remove("filter", &cert_filter_ptr);
+    scoped_ptr<Value> cert_filter(cert_filter_ptr);
+    if (!pattern_read || !filter_read) {

[wtc, 2011/09/07 17:27:48]

We need to allow a policy that specifies no additional cert
filtering.  So we need to decide how such a policy looks
like.

Should it have no "filter" entry in the JSON?

Or should it have an empty "filter" entry in the JSON?

If the former, then we may need to allow filter_read to
be false here.  Or does pattern_filter_pair->Remove return
true and set cert_filter_ptr to NULL in that case?

[markusheintz_, 2011/09/07 19:29:48]

I guess my question here is why do we need this? 
One reason I can think of is convenience. Are there others I don't see yet?  

My assumption is that admins want to say: certificate "foo" should be used for
"https://www.sample.com and certificate" "bar" should be used for "*" all other
origins. I assume foo and bar would be something specific rather than a
wildcard.
I think the "filter" should be mandatory but there should be a match all filter.

Having a mandatory filter prevents admins from accidentally forgetting to
specify one. A match all pattern would be a conscious decision that is taken at
own "risk".  

[wtc, 2011/09/07 21:31:35]

An SSL/TLS server can specify the list of acceptable
issuer names.  All we need on the Chrome side is a
policy that suppresses the prompting for that server.
It is not necessary to repeat the list of acceptable
issuer names in the policy.
If https://www.sample.com specifies a list of acceptable
issuer names that narrows the list of acceptable client
certificates to just certificate "foo", then the policy
can be a wildcard.

The policy for all other origins "*" should not be a
wildcard.  If that policy is a wildcard, then it implements
the old Firefox behavior of "Select Automatically".  (The
current Firefox probably still supports that option.)
This is fine.  Just wanted to reiterate that a match all
filter is not necessary a risk as I explained above.
It is only a risk for the origin pattern "*", but is not
a risk for the origin pattern https://www.sample.com if
the server already specifies a list of acceptable issuer
names properly.

[markusheintz_, 2011/09/07 22:23:37]

I'm not really a TLS expert but I'm trying to fill my gaps as fast a possible.
In the TSL handshake the TSL server can request the client certificate with a
CertificateRequest message right? And the CertificateRequest message contains
three fields: certificate_types, supported_signature_algorithme and
certificate_authorities. So I guess you mean the certificate_authorities field
which is list of distinguished names. Can a Distinguished Name in this message
contain a set of AttributetypeAndValue pairs like "CN=... O=... C=... "
 
"risk" was probably the wrong word fir what I wanted to say. What you are saying
here makes totally sense to me. Thanks for explaining.

[wtc, 2011/09/07 23:14:20]

Yes, that's how a TLS server requests client authentication.
Yes.  I'm sorry I used inaccurate terminology.
A TLS server can specify the list of acceptable
certificate authorities in the CertificateRequest
message.
Yes, a Distinguished Name is a set of AttributetypeAndValue
pairs like "CN=... O=... C=... ".

For this work, it's useful to understand the CertificateRequest
message.  The info inside the CertificateRequest message
helps the browser narrow down the acceptable client
certificates, ideally to just one certificate.

+      VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:"
+              << " Missing pattern or filtern.";

[wtc, 2011/09/06 22:11:42]

Typo: filtern => filter

Nit: to concatendate string literals, you don't need the
<< operator on lines 391, 404, 413.

[markusheintz_, 2011/09/07 19:29:48]

What the suggested style for this? Jost ommitting the leading << but indenting
by two more spaces

[wtc, 2011/09/07 21:31:35]

There is no suggested style in the Style Guide.  Just
make it look nice

+      continue;
+    }
+
+    ContentSettingsPattern pattern =
+        ContentSettingsPattern::FromString(pattern_str);
+    // Ignore invalid patterns.
+    if (!pattern.IsValid()) {
+      VLOG(1) << "Ignoring invalid certificate auto select setting:"
+              << " Invalid content settings pattern: " << pattern;
+      continue;
+    }
+
+    DCHECK(cert_filter->IsType(Value::TYPE_DICTIONARY));
+    value_map->SetValue(pattern,
+                        ContentSettingsPattern::Wildcard(),
+                        CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
+                        std::string(),
+                        cert_filter.release());
+  }
+}
+
 void PolicyProvider::ReadManagedContentSettings(bool overwrite) {
   {
     base::AutoLock auto_lock(lock_);
     if (overwrite)
       value_map_.clear();
     GetContentSettingsFromPreferences(&value_map_);
+    GetAutoSelectCertificateSettingsFromPreferences(&value_map_);
   }

[wtc, 2011/09/06 22:11:42]

Remove the curly braces on lines 427 and 433.

[markusheintz_, 2011/09/07 19:29:48]

Done.

 }
 
 // Since the PolicyProvider is a read only content settings provider, all
 // methodes of the ProviderInterface that set or delete any settings do nothing.
 void PolicyProvider::SetContentSetting(
     const ContentSettingsPattern& primary_pattern,
     const ContentSettingsPattern& secondary_pattern,
     ContentSettingsType content_type,
     const ResourceIdentifier& resource_identifier,
     ContentSetting content_setting) {
 }
 
 ContentSetting PolicyProvider::GetContentSetting(
     const GURL& primary_url,
     const GURL& secondary_url,
     ContentSettingsType content_type,
     const ResourceIdentifier& resource_identifier) const {
+  DCHECK_NE(content_type, CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE);
   // Resource identifier are not supported by policies as long as the feature is
   // behind a flag. So resource identifiers are simply ignored.
   scoped_ptr<Value> value(GetContentSettingValue(primary_url,
                                                  secondary_url,
                                                  content_type,
                                                  resource_identifier));
   ContentSetting setting =
       value.get() ? ValueToContentSetting(value.get())
                   : CONTENT_SETTING_DEFAULT;
   if (setting == CONTENT_SETTING_DEFAULT && default_provider_)
@@ skipping 80 matching lines @@
                       ContentSettingsPattern(),
                       CONTENT_SETTINGS_TYPE_DEFAULT,
                       std::string());
     }
   } else {
     NOTREACHED() << "Unexpected notification";
   }
 }
 
 }  // namespace content_settings