Chromium Code Reviews Chromium Code Reviews
Issue 2102783003:
Add enterprise policy to exempt hosts from Certificate Transparency (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "components/certificate_transparency/ct_policy_manager.h" | |
| 6 | |
| 7 #include <iterator> | |
| 8 | |
| 9 #include "base/run_loop.h" | |
| 10 #include "base/sequenced_task_runner.h" | |
| 11 #include "base/single_thread_task_runner.h" | |
| 12 #include "base/test/test_message_loop.h" | |
| 13 #include "base/values.h" | |
| 14 #include "components/certificate_transparency/pref_names.h" | |
| 15 #include "components/prefs/pref_registry_simple.h" | |
| 16 #include "components/prefs/testing_pref_service.h" | |
| 17 #include "testing/gtest/include/gtest/gtest.h" | |
| 18 | |
| 19 namespace certificate_transparency { | |
| 20 | |
| 21 namespace { | |
| 22 | |
| 23 template <size_t N> | |
| 24 base::ListValue* ListValueFromStrings(const char* const (&strings)[N]) { | |
| 25 std::unique_ptr<base::ListValue> result(new base::ListValue); | |
| 26 for (const auto& str : strings) { | |
| 27 result->AppendString(str); | |
| 28 } | |
| 29 return result.release(); | |
| 30 } | |
| 31 | |
| 32 class CTPolicyManagerTest : public ::testing::Test { | |
| 33 public: | |
| 34 CTPolicyManagerTest() : message_loop_(base::MessageLoop::TYPE_IO) {} | |
| 35 | |
| 36 protected: | |
| 37 base::TestMessageLoop message_loop_; | |
| 38 TestingPrefServiceSimple pref_service_; | |
| 39 }; | |
| 40 | |
| 41 // Treat the preferences as a black box as far as naming, but ensure that | |
| 42 // preferences get registered. | |
| 43 TEST_F(CTPolicyManagerTest, RegistersPrefs) { | |
| 44 ssize_t registered_prefs = std::distance(pref_service_.registry()->begin(), | |
| 45 pref_service_.registry()->end()); | |
| 46 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | |
| 47 ssize_t newly_registered_prefs = std::distance( | |
| 48 pref_service_.registry()->begin(), pref_service_.registry()->end()); | |
| 49 EXPECT_NE(registered_prefs, newly_registered_prefs); | |
| 50 } | |
| 51 | |
| 52 TEST_F(CTPolicyManagerTest, DelegateChecksRequired) { | |
| 53 using CTRequirementLevel = | |
| 54 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | |
| 55 // Register preferences and set up initial state | |
| 56 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | |
| 57 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | |
| 58 base::RunLoop().RunUntilIdle(); | |
| 59 | |
| 60 net::TransportSecurityState::RequireCTDelegate* delegate = | |
| 61 manager.GetDelegate(); | |
| 62 ASSERT_TRUE(delegate); | |
| 63 | |
| 64 // No preferences should yield the default results. | |
| 65 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 66 delegate->IsCTRequiredForHost("google.com")); | |
| 67 | |
| 68 // Now set a preference, pump the message loop, and ensure things are now | |
| 69 // reflected. | |
| 70 pref_service_.SetManagedPref(prefs::kCTRequiredHosts, | |
| 71 ListValueFromStrings({"google.com"})); | |
| 72 base::RunLoop().RunUntilIdle(); | |
| 73 | |
| 74 // The new preferences should take effect. | |
| 75 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 76 delegate->IsCTRequiredForHost("google.com")); | |
| 77 } | |
| 78 | |
| 79 TEST_F(CTPolicyManagerTest, DelegateChecksExcluded) { | |
| 80 using CTRequirementLevel = | |
| 81 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | |
| 82 // Register preferences and set up initial state | |
| 83 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | |
| 84 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | |
| 85 base::RunLoop().RunUntilIdle(); | |
| 86 | |
| 87 net::TransportSecurityState::RequireCTDelegate* delegate = | |
| 88 manager.GetDelegate(); | |
| 89 ASSERT_TRUE(delegate); | |
| 90 | |
| 91 // No preferences should yield the default results. | |
| 92 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 93 delegate->IsCTRequiredForHost("google.com")); | |
| 94 | |
| 95 // Now set a preference, pump the message loop, and ensure things are now | |
| 96 // reflected. | |
| 97 pref_service_.SetManagedPref(prefs::kCTExcludedHosts, | |
| 98 ListValueFromStrings({"google.com"})); | |
| 99 base::RunLoop().RunUntilIdle(); | |
| 100 | |
| 101 // The new preferences should take effect. | |
| 102 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | |
| 103 delegate->IsCTRequiredForHost("google.com")); | |
| 104 } | |
| 105 | |
| 106 TEST_F(CTPolicyManagerTest, IgnoresInvalidEntries) { | |
| 107 using CTRequirementLevel = | |
| 108 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | |
| 109 // Register preferences and set up initial state | |
| 110 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | |
| 111 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | |
| 112 base::RunLoop().RunUntilIdle(); | |
| 113 | |
| 114 net::TransportSecurityState::RequireCTDelegate* delegate = | |
| 115 manager.GetDelegate(); | |
| 116 ASSERT_TRUE(delegate); | |
| 117 | |
| 118 // No preferences should yield the default results. | |
| 119 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 120 delegate->IsCTRequiredForHost("google.com")); | |
| 121 | |
| 122 // Now setup invalid preferences (that is, that fail to be parsable as | |
| 123 // URLs). | |
| 124 pref_service_.SetManagedPref( | |
| 125 prefs::kCTRequiredHosts, | |
| 126 ListValueFromStrings({ | |
| 127 "file:///etc/fstab", "file://withahost/etc/fstab", | |
| 128 "file:///c|/Windows", "*", "https://*", "example.com", | |
| 129 "https://example.test:invalid_port", | |
| 130 })); | |
| 131 base::RunLoop().RunUntilIdle(); | |
| 132 | |
| 133 // The new preferences should take effect. | |
|
battre
2016/06/28 08:33:13
This comment needs to be updated.
| |
| 134 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 135 delegate->IsCTRequiredForHost("google.com")); | |
|
battre
2016/06/28 08:33:13
Add comment that "*" and "https://" should be igno
| |
| 136 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 137 delegate->IsCTRequiredForHost("withahost")); | |
| 138 | |
| 139 // While the partially parsed hosts should take effect. | |
| 140 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 141 delegate->IsCTRequiredForHost("example.test")); | |
| 142 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 143 delegate->IsCTRequiredForHost("example.com")); | |
| 144 } | |
| 145 | |
| 146 // Make sure the various 'undocumented' priorities apply: | |
| 147 // - non-wildcards beat wildcards | |
| 148 // - more specific hosts beat less specific hosts | |
| 149 // - requiring beats excluding | |
| 150 TEST_F(CTPolicyManagerTest, AppliesPriority) { | |
| 151 using CTRequirementLevel = | |
| 152 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | |
| 153 // Register preferences and set up initial state | |
| 154 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | |
| 155 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | |
| 156 base::RunLoop().RunUntilIdle(); | |
| 157 | |
| 158 net::TransportSecurityState::RequireCTDelegate* delegate = | |
| 159 manager.GetDelegate(); | |
| 160 ASSERT_TRUE(delegate); | |
| 161 | |
| 162 // No preferences should yield the default results. | |
| 163 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 164 delegate->IsCTRequiredForHost("example.com")); | |
| 165 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 166 delegate->IsCTRequiredForHost("sub.example.com")); | |
| 167 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 168 delegate->IsCTRequiredForHost("accounts.example.com")); | |
| 169 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 170 delegate->IsCTRequiredForHost("login.accounts.example.com")); | |
| 171 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 172 delegate->IsCTRequiredForHost("sub.accounts.example.com")); | |
| 173 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 174 delegate->IsCTRequiredForHost("login.sub.accounts.example.com")); | |
| 175 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 176 delegate->IsCTRequiredForHost("test.example.com")); | |
| 177 | |
| 178 // Set up policies that exclude it for a domain and all of its subdomains, | |
| 179 // but then require it for a specific host. | |
| 180 pref_service_.SetManagedPref( | |
| 181 prefs::kCTExcludedHosts, | |
| 182 ListValueFromStrings({"example.com", ".sub.example.com", | |
| 183 ".sub.accounts.example.com", "test.example.com"})); | |
| 184 pref_service_.SetManagedPref( | |
| 185 prefs::kCTRequiredHosts, | |
| 186 ListValueFromStrings( | |
| 187 {"sub.example.com", "accounts.example.com", "test.example.com"})); | |
| 188 base::RunLoop().RunUntilIdle(); | |
| 189 | |
| 190 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | |
| 191 delegate->IsCTRequiredForHost("example.com")); | |
| 192 // Non-wildcarding (.sub.example.com) beats wildcarding (sub.example.com). | |
| 193 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | |
| 194 delegate->IsCTRequiredForHost("sub.example.com")); | |
| 195 // More specific hosts (accounts.example.com) beat less specific hosts | |
| 196 // (example.com + wildcard). | |
| 197 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 198 delegate->IsCTRequiredForHost("accounts.example.com")); | |
| 199 // More specific hosts (accounts.example.com) beat less specific hosts | |
| 200 // (example.com). | |
| 201 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 202 delegate->IsCTRequiredForHost("login.accounts.example.com")); | |
| 203 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | |
| 204 delegate->IsCTRequiredForHost("sub.accounts.example.com")); | |
| 205 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 206 delegate->IsCTRequiredForHost("login.sub.accounts.example.com")); | |
| 207 // Requiring beats excluding. | |
| 208 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 209 delegate->IsCTRequiredForHost("test.example.com")); | |
| 210 } | |
| 211 | |
| 212 // Ensure that the RequireCTDelegate is still valid and usable after Shutdown | |
| 213 // has been called. Preferences should no longer sync, but the old results | |
| 214 // should still be returned. | |
| 215 TEST_F(CTPolicyManagerTest, UsableAfterShutdown) { | |
| 216 using CTRequirementLevel = | |
| 217 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | |
| 218 // Register preferences and set up initial state | |
| 219 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | |
| 220 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | |
| 221 base::RunLoop().RunUntilIdle(); | |
| 222 | |
| 223 net::TransportSecurityState::RequireCTDelegate* delegate = | |
| 224 manager.GetDelegate(); | |
| 225 ASSERT_TRUE(delegate); | |
| 226 | |
| 227 // No preferences should yield the default results. | |
| 228 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 229 delegate->IsCTRequiredForHost("google.com")); | |
| 230 | |
| 231 // Now set a preference, pump the message loop, and ensure things are now | |
| 232 // reflected. | |
| 233 pref_service_.SetManagedPref(prefs::kCTRequiredHosts, | |
| 234 ListValueFromStrings({"google.com"})); | |
| 235 base::RunLoop().RunUntilIdle(); | |
| 236 | |
| 237 // The new preferences should take effect. | |
| 238 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 239 delegate->IsCTRequiredForHost("google.com")); | |
| 240 | |
| 241 // Shut down the preferences, which should unregister any observers. | |
| 242 manager.Shutdown(); | |
| 243 base::RunLoop().RunUntilIdle(); | |
| 244 | |
| 245 // Update the preferences again, which should do nothing; the | |
| 246 // RequireCTDelegate should continue to be valid and return the old results. | |
| 247 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 248 delegate->IsCTRequiredForHost("google.com")); | |
| 249 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 250 delegate->IsCTRequiredForHost("example.com")); | |
| 251 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 252 delegate->IsCTRequiredForHost("sub.example.com")); | |
| 253 pref_service_.SetManagedPref(prefs::kCTRequiredHosts, | |
| 254 ListValueFromStrings({"sub.example.com"})); | |
| 255 base::RunLoop().RunUntilIdle(); | |
| 256 EXPECT_EQ(CTRequirementLevel::REQUIRED, | |
| 257 delegate->IsCTRequiredForHost("google.com")); | |
| 258 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 259 delegate->IsCTRequiredForHost("example.com")); | |
| 260 EXPECT_EQ(CTRequirementLevel::DEFAULT, | |
| 261 delegate->IsCTRequiredForHost("sub.example.com")); | |
| 262 | |
| 263 // And it should still be possible to get the delegate, even after calling | |
| 264 // Shutdown(). | |
| 265 EXPECT_TRUE(manager.GetDelegate()); | |
| 266 } | |
| 267 | |
| 268 } // namespace | |
| 269 | |
| 270 } // namespace certificate_transparency | |
| OLD | NEW |
