| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 #include <stdint.h> | 6 #include <stdint.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> | 10 #include <string> |
| 11 #include <utility> | 11 #include <utility> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "ash/display/display_manager.h" | 14 #include "ash/display/display_manager.h" |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/bind_helpers.h" | 16 #include "base/bind_helpers.h" |
| 17 #include "base/callback.h" | 17 #include "base/callback.h" |
| 18 #include "base/callback_helpers.h" |
| 18 #include "base/command_line.h" | 19 #include "base/command_line.h" |
| 19 #include "base/files/file_enumerator.h" | 20 #include "base/files/file_enumerator.h" |
| 20 #include "base/files/file_path.h" | 21 #include "base/files/file_path.h" |
| 21 #include "base/files/file_util.h" | 22 #include "base/files/file_util.h" |
| 22 #include "base/files/scoped_temp_dir.h" | 23 #include "base/files/scoped_temp_dir.h" |
| 23 #include "base/macros.h" | 24 #include "base/macros.h" |
| 24 #include "base/memory/ptr_util.h" | 25 #include "base/memory/ptr_util.h" |
| 25 #include "base/memory/ref_counted.h" | 26 #include "base/memory/ref_counted.h" |
| 26 #include "base/path_service.h" | 27 #include "base/path_service.h" |
| 27 #include "base/run_loop.h" | 28 #include "base/run_loop.h" |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 163 #include "extensions/browser/scoped_ignore_content_verifier_for_test.h" | 164 #include "extensions/browser/scoped_ignore_content_verifier_for_test.h" |
| 164 #include "extensions/browser/test_extension_registry_observer.h" | 165 #include "extensions/browser/test_extension_registry_observer.h" |
| 165 #include "extensions/browser/uninstall_reason.h" | 166 #include "extensions/browser/uninstall_reason.h" |
| 166 #include "extensions/common/constants.h" | 167 #include "extensions/common/constants.h" |
| 167 #include "extensions/common/extension.h" | 168 #include "extensions/common/extension.h" |
| 168 #include "extensions/common/extension_set.h" | 169 #include "extensions/common/extension_set.h" |
| 169 #include "extensions/common/manifest_handlers/shared_module_info.h" | 170 #include "extensions/common/manifest_handlers/shared_module_info.h" |
| 170 #include "net/base/net_errors.h" | 171 #include "net/base/net_errors.h" |
| 171 #include "net/base/url_util.h" | 172 #include "net/base/url_util.h" |
| 172 #include "net/http/http_stream_factory.h" | 173 #include "net/http/http_stream_factory.h" |
| 174 #include "net/http/transport_security_state.h" |
| 173 #include "net/ssl/ssl_config.h" | 175 #include "net/ssl/ssl_config.h" |
| 174 #include "net/ssl/ssl_config_service.h" | 176 #include "net/ssl/ssl_config_service.h" |
| 175 #include "net/test/embedded_test_server/embedded_test_server.h" | 177 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 176 #include "net/test/url_request/url_request_failed_job.h" | 178 #include "net/test/url_request/url_request_failed_job.h" |
| 177 #include "net/test/url_request/url_request_mock_http_job.h" | 179 #include "net/test/url_request/url_request_mock_http_job.h" |
| 178 #include "net/url_request/url_request.h" | 180 #include "net/url_request/url_request.h" |
| 179 #include "net/url_request/url_request_filter.h" | 181 #include "net/url_request/url_request_filter.h" |
| 180 #include "net/url_request/url_request_interceptor.h" | 182 #include "net/url_request/url_request_interceptor.h" |
| 181 #include "policy/policy_constants.h" | 183 #include "policy/policy_constants.h" |
| 182 #include "testing/gmock/include/gmock/gmock.h" | 184 #include "testing/gmock/include/gmock/gmock.h" |
| (...skipping 3364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3547 web_contents, | 3549 web_contents, |
| 3548 "navigator.bluetooth.requestDevice({filters: [{name: 'Hello'}]})" | 3550 "navigator.bluetooth.requestDevice({filters: [{name: 'Hello'}]})" |
| 3549 " .then(() => { domAutomationController.send('Success'); }," | 3551 " .then(() => { domAutomationController.send('Success'); }," |
| 3550 " reason => {" | 3552 " reason => {" |
| 3551 " domAutomationController.send(reason.name + ': ' + reason.message);" | 3553 " domAutomationController.send(reason.name + ': ' + reason.message);" |
| 3552 " });", | 3554 " });", |
| 3553 &rejection)); | 3555 &rejection)); |
| 3554 EXPECT_THAT(rejection, testing::MatchesRegex("NotFoundError: .*policy.*")); | 3556 EXPECT_THAT(rejection, testing::MatchesRegex("NotFoundError: .*policy.*")); |
| 3555 } | 3557 } |
| 3556 | 3558 |
| 3559 IN_PROC_BROWSER_TEST_F(PolicyTest, |
| 3560 CertificateTransparencyEnforcementDisabledForUrls) { |
| 3561 // Cleanup any globals even if the test fails. |
| 3562 base::ScopedClosureRunner cleanup(base::Bind( |
| 3563 base::IgnoreResult(&BrowserThread::PostTask), BrowserThread::IO, |
| 3564 FROM_HERE, |
| 3565 base::Bind(&net::TransportSecurityState::SetShouldRequireCTForTesting, |
| 3566 nullptr))); |
| 3567 |
| 3568 net::EmbeddedTestServer https_server_ok(net::EmbeddedTestServer::TYPE_HTTPS); |
| 3569 https_server_ok.SetSSLConfig(net::EmbeddedTestServer::CERT_OK); |
| 3570 https_server_ok.ServeFilesFromSourceDirectory("chrome/test/data"); |
| 3571 ASSERT_TRUE(https_server_ok.Start()); |
| 3572 |
| 3573 // Require CT for all hosts (in the absence of policy). |
| 3574 BrowserThread::PostTask( |
| 3575 BrowserThread::IO, FROM_HERE, |
| 3576 base::Bind(net::TransportSecurityState::SetShouldRequireCTForTesting, |
| 3577 base::Owned(new bool(true)))); |
| 3578 |
| 3579 ui_test_utils::NavigateToURL(browser(), https_server_ok.GetURL("/")); |
| 3580 |
| 3581 // The page should initially be blocked. |
| 3582 const content::InterstitialPage* interstitial = |
| 3583 content::InterstitialPage::GetInterstitialPage( |
| 3584 browser()->tab_strip_model()->GetActiveWebContents()); |
| 3585 ASSERT_TRUE(interstitial); |
| 3586 ASSERT_TRUE(content::WaitForRenderFrameReady(interstitial->GetMainFrame())); |
| 3587 |
| 3588 EXPECT_TRUE(chrome_browser_interstitials::IsInterstitialDisplayingText( |
| 3589 interstitial, "proceed-link")); |
| 3590 EXPECT_NE(base::UTF8ToUTF16("OK"), |
| 3591 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); |
| 3592 |
| 3593 // Now exempt the URL from being blocked by setting policy. |
| 3594 std::unique_ptr<base::ListValue> disabled_urls = |
| 3595 base::MakeUnique<base::ListValue>(); |
| 3596 disabled_urls->AppendString(https_server_ok.host_port_pair().HostForURL()); |
| 3597 |
| 3598 PolicyMap policies; |
| 3599 policies.Set(key::kCertificateTransparencyEnforcementDisabledForUrls, |
| 3600 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, |
| 3601 std::move(disabled_urls), nullptr); |
| 3602 UpdateProviderPolicy(policies); |
| 3603 FlushBlacklistPolicy(); |
| 3604 |
| 3605 ui_test_utils::NavigateToURL(browser(), |
| 3606 https_server_ok.GetURL("/simple.html")); |
| 3607 |
| 3608 // There should be no interstitial after the page loads. |
| 3609 interstitial = content::InterstitialPage::GetInterstitialPage( |
| 3610 browser()->tab_strip_model()->GetActiveWebContents()); |
| 3611 ASSERT_FALSE(interstitial); |
| 3612 |
| 3613 EXPECT_EQ(base::UTF8ToUTF16("OK"), |
| 3614 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); |
| 3615 } |
| 3616 |
| 3557 // Test that when extended reporting opt-in is disabled by policy, the | 3617 // Test that when extended reporting opt-in is disabled by policy, the |
| 3558 // opt-in checkbox does not appear on SSL blocking pages. | 3618 // opt-in checkbox does not appear on SSL blocking pages. |
| 3559 IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingOptInAllowed) { | 3619 IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingOptInAllowed) { |
| 3560 net::EmbeddedTestServer https_server_expired( | 3620 net::EmbeddedTestServer https_server_expired( |
| 3561 net::EmbeddedTestServer::TYPE_HTTPS); | 3621 net::EmbeddedTestServer::TYPE_HTTPS); |
| 3562 https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); | 3622 https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); |
| 3563 https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data"); | 3623 https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data"); |
| 3564 ASSERT_TRUE(https_server_expired.Start()); | 3624 ASSERT_TRUE(https_server_expired.Start()); |
| 3565 | 3625 |
| 3566 // Set the enterprise policy to disallow opt-in. | 3626 // Set the enterprise policy to disallow opt-in. |
| (...skipping 530 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4097 | 4157 |
| 4098 SetEmptyPolicy(); | 4158 SetEmptyPolicy(); |
| 4099 // Policy not set. | 4159 // Policy not set. |
| 4100 CheckSystemTimezoneAutomaticDetectionPolicyUnset(); | 4160 CheckSystemTimezoneAutomaticDetectionPolicyUnset(); |
| 4101 EXPECT_TRUE(CheckResolveTimezoneByGeolocation(true, false)); | 4161 EXPECT_TRUE(CheckResolveTimezoneByGeolocation(true, false)); |
| 4102 EXPECT_TRUE(manager->TimeZoneResolverShouldBeRunningForTests()); | 4162 EXPECT_TRUE(manager->TimeZoneResolverShouldBeRunningForTests()); |
| 4103 } | 4163 } |
| 4104 #endif // defined(OS_CHROMEOS) | 4164 #endif // defined(OS_CHROMEOS) |
| 4105 | 4165 |
| 4106 } // namespace policy | 4166 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2102783003:
Add enterprise policy to exempt hosts from Certificate Transparency (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct