| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 #include <stdint.h> | 6 #include <stdint.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> | 10 #include <string> |
| 11 #include <utility> | 11 #include <utility> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "ash/display/display_manager.h" | 14 #include "ash/display/display_manager.h" |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/bind_helpers.h" | 16 #include "base/bind_helpers.h" |
| 17 #include "base/callback.h" | 17 #include "base/callback.h" |
| 18 #include "base/callback_helpers.h" |
| 18 #include "base/command_line.h" | 19 #include "base/command_line.h" |
| 19 #include "base/files/file_enumerator.h" | 20 #include "base/files/file_enumerator.h" |
| 20 #include "base/files/file_path.h" | 21 #include "base/files/file_path.h" |
| 21 #include "base/files/file_util.h" | 22 #include "base/files/file_util.h" |
| 22 #include "base/files/scoped_temp_dir.h" | 23 #include "base/files/scoped_temp_dir.h" |
| 23 #include "base/macros.h" | 24 #include "base/macros.h" |
| 24 #include "base/memory/ptr_util.h" | 25 #include "base/memory/ptr_util.h" |
| 25 #include "base/memory/ref_counted.h" | 26 #include "base/memory/ref_counted.h" |
| 26 #include "base/path_service.h" | 27 #include "base/path_service.h" |
| 27 #include "base/run_loop.h" | 28 #include "base/run_loop.h" |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 162 #include "extensions/browser/scoped_ignore_content_verifier_for_test.h" | 163 #include "extensions/browser/scoped_ignore_content_verifier_for_test.h" |
| 163 #include "extensions/browser/test_extension_registry_observer.h" | 164 #include "extensions/browser/test_extension_registry_observer.h" |
| 164 #include "extensions/browser/uninstall_reason.h" | 165 #include "extensions/browser/uninstall_reason.h" |
| 165 #include "extensions/common/constants.h" | 166 #include "extensions/common/constants.h" |
| 166 #include "extensions/common/extension.h" | 167 #include "extensions/common/extension.h" |
| 167 #include "extensions/common/extension_set.h" | 168 #include "extensions/common/extension_set.h" |
| 168 #include "extensions/common/manifest_handlers/shared_module_info.h" | 169 #include "extensions/common/manifest_handlers/shared_module_info.h" |
| 169 #include "net/base/net_errors.h" | 170 #include "net/base/net_errors.h" |
| 170 #include "net/base/url_util.h" | 171 #include "net/base/url_util.h" |
| 171 #include "net/http/http_stream_factory.h" | 172 #include "net/http/http_stream_factory.h" |
| 173 #include "net/http/transport_security_state.h" |
| 172 #include "net/test/embedded_test_server/embedded_test_server.h" | 174 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 173 #include "net/test/url_request/url_request_failed_job.h" | 175 #include "net/test/url_request/url_request_failed_job.h" |
| 174 #include "net/test/url_request/url_request_mock_http_job.h" | 176 #include "net/test/url_request/url_request_mock_http_job.h" |
| 175 #include "net/url_request/url_request.h" | 177 #include "net/url_request/url_request.h" |
| 176 #include "net/url_request/url_request_filter.h" | 178 #include "net/url_request/url_request_filter.h" |
| 177 #include "net/url_request/url_request_interceptor.h" | 179 #include "net/url_request/url_request_interceptor.h" |
| 178 #include "policy/policy_constants.h" | 180 #include "policy/policy_constants.h" |
| 179 #include "testing/gmock/include/gmock/gmock.h" | 181 #include "testing/gmock/include/gmock/gmock.h" |
| 180 #include "testing/gtest/include/gtest/gtest.h" | 182 #include "testing/gtest/include/gtest/gtest.h" |
| 181 #include "third_party/WebKit/public/web/WebInputEvent.h" | 183 #include "third_party/WebKit/public/web/WebInputEvent.h" |
| (...skipping 3315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3497 web_contents, | 3499 web_contents, |
| 3498 "navigator.bluetooth.requestDevice({filters: [{name: 'Hello'}]})" | 3500 "navigator.bluetooth.requestDevice({filters: [{name: 'Hello'}]})" |
| 3499 " .then(() => { domAutomationController.send('Success'); }," | 3501 " .then(() => { domAutomationController.send('Success'); }," |
| 3500 " reason => {" | 3502 " reason => {" |
| 3501 " domAutomationController.send(reason.name + ': ' + reason.message);" | 3503 " domAutomationController.send(reason.name + ': ' + reason.message);" |
| 3502 " });", | 3504 " });", |
| 3503 &rejection)); | 3505 &rejection)); |
| 3504 EXPECT_THAT(rejection, testing::MatchesRegex("NotFoundError: .*policy.*")); | 3506 EXPECT_THAT(rejection, testing::MatchesRegex("NotFoundError: .*policy.*")); |
| 3505 } | 3507 } |
| 3506 | 3508 |
| 3509 IN_PROC_BROWSER_TEST_F(PolicyTest, |
| 3510 CertificateTransparencyEnforcementDisabledForUrls) { |
| 3511 // Cleanup any globals even if the test fails. |
| 3512 base::ScopedClosureRunner cleanup(base::Bind( |
| 3513 base::IgnoreResult(&BrowserThread::PostTask), BrowserThread::IO, |
| 3514 FROM_HERE, |
| 3515 base::Bind(&net::TransportSecurityState::SetShouldRequireCTForTesting, |
| 3516 nullptr))); |
| 3517 |
| 3518 net::EmbeddedTestServer https_server_ok(net::EmbeddedTestServer::TYPE_HTTPS); |
| 3519 https_server_ok.SetSSLConfig(net::EmbeddedTestServer::CERT_OK); |
| 3520 https_server_ok.ServeFilesFromSourceDirectory("chrome/test/data"); |
| 3521 ASSERT_TRUE(https_server_ok.Start()); |
| 3522 |
| 3523 // Require CT for all hosts (in the absence of policy). |
| 3524 BrowserThread::PostTask( |
| 3525 BrowserThread::IO, FROM_HERE, |
| 3526 base::Bind(net::TransportSecurityState::SetShouldRequireCTForTesting, |
| 3527 base::Owned(new bool(true)))); |
| 3528 |
| 3529 ui_test_utils::NavigateToURL(browser(), https_server_ok.GetURL("/")); |
| 3530 |
| 3531 // The page should initially be blocked. |
| 3532 const content::InterstitialPage* interstitial = |
| 3533 content::InterstitialPage::GetInterstitialPage( |
| 3534 browser()->tab_strip_model()->GetActiveWebContents()); |
| 3535 ASSERT_TRUE(interstitial); |
| 3536 ASSERT_TRUE(content::WaitForRenderFrameReady(interstitial->GetMainFrame())); |
| 3537 |
| 3538 EXPECT_TRUE(chrome_browser_interstitials::IsInterstitialDisplayingText( |
| 3539 interstitial, "proceed-link")); |
| 3540 EXPECT_NE(base::UTF8ToUTF16("OK"), |
| 3541 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); |
| 3542 |
| 3543 // Now exempt the URL from being blocked by setting policy. |
| 3544 std::unique_ptr<base::ListValue> disabled_urls = |
| 3545 base::MakeUnique<base::ListValue>(); |
| 3546 disabled_urls->AppendString(https_server_ok.host_port_pair().HostForURL()); |
| 3547 |
| 3548 PolicyMap policies; |
| 3549 policies.Set(key::kCertificateTransparencyEnforcementDisabledForUrls, |
| 3550 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, |
| 3551 std::move(disabled_urls), nullptr); |
| 3552 UpdateProviderPolicy(policies); |
| 3553 FlushBlacklistPolicy(); |
| 3554 |
| 3555 ui_test_utils::NavigateToURL(browser(), |
| 3556 https_server_ok.GetURL("/simple.html")); |
| 3557 |
| 3558 // There should be no interstitial after the page loads. |
| 3559 interstitial = content::InterstitialPage::GetInterstitialPage( |
| 3560 browser()->tab_strip_model()->GetActiveWebContents()); |
| 3561 ASSERT_FALSE(interstitial); |
| 3562 |
| 3563 EXPECT_EQ(base::UTF8ToUTF16("OK"), |
| 3564 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); |
| 3565 } |
| 3566 |
| 3507 // Test that when extended reporting opt-in is disabled by policy, the | 3567 // Test that when extended reporting opt-in is disabled by policy, the |
| 3508 // opt-in checkbox does not appear on SSL blocking pages. | 3568 // opt-in checkbox does not appear on SSL blocking pages. |
| 3509 IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingOptInAllowed) { | 3569 IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingOptInAllowed) { |
| 3510 net::EmbeddedTestServer https_server_expired( | 3570 net::EmbeddedTestServer https_server_expired( |
| 3511 net::EmbeddedTestServer::TYPE_HTTPS); | 3571 net::EmbeddedTestServer::TYPE_HTTPS); |
| 3512 https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); | 3572 https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED); |
| 3513 https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data"); | 3573 https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data"); |
| 3514 ASSERT_TRUE(https_server_expired.Start()); | 3574 ASSERT_TRUE(https_server_expired.Start()); |
| 3515 | 3575 |
| 3516 // Set the enterprise policy to disallow opt-in. | 3576 // Set the enterprise policy to disallow opt-in. |
| (...skipping 530 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4047 | 4107 |
| 4048 SetEmptyPolicy(); | 4108 SetEmptyPolicy(); |
| 4049 // Policy not set. | 4109 // Policy not set. |
| 4050 CheckSystemTimezoneAutomaticDetectionPolicyUnset(); | 4110 CheckSystemTimezoneAutomaticDetectionPolicyUnset(); |
| 4051 EXPECT_TRUE(CheckResolveTimezoneByGeolocation(true, false)); | 4111 EXPECT_TRUE(CheckResolveTimezoneByGeolocation(true, false)); |
| 4052 EXPECT_TRUE(manager->TimeZoneResolverShouldBeRunningForTests()); | 4112 EXPECT_TRUE(manager->TimeZoneResolverShouldBeRunningForTests()); |
| 4053 } | 4113 } |
| 4054 #endif // defined(OS_CHROMEOS) | 4114 #endif // defined(OS_CHROMEOS) |
| 4055 | 4115 |
| 4056 } // namespace policy | 4116 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2102783003:
Add enterprise policy to exempt hosts from Certificate Transparency (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct