Add enterprise policy to exempt hosts from Certificate Transparency

components/certificate_transparency/ct_policy_manager_unittest.cc

Index: components/certificate_transparency/ct_policy_manager_unittest.cc
diff --git a/components/certificate_transparency/ct_policy_manager_unittest.cc b/components/certificate_transparency/ct_policy_manager_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..51fe6dbf728831740b1ec6c90507ed2271d35ee4
--- /dev/null
+++ b/components/certificate_transparency/ct_policy_manager_unittest.cc
@@ -0,0 +1,271 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/certificate_transparency/ct_policy_manager.h"
+
+#include <iterator>
+
+#include "base/run_loop.h"
+#include "base/sequenced_task_runner.h"
+#include "base/single_thread_task_runner.h"
+#include "base/test/test_message_loop.h"
+#include "base/values.h"
+#include "components/certificate_transparency/pref_names.h"
+#include "components/prefs/pref_registry_simple.h"
+#include "components/prefs/testing_pref_service.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace certificate_transparency {
+
+namespace {
+
+template <size_t N>
+base::ListValue* ListValueFromStrings(const char* const (&strings)[N]) {
+  std::unique_ptr<base::ListValue> result(new base::ListValue);
+  for (const auto& str : strings) {
+    result->AppendString(str);
+  }
+  return result.release();
+}
+
+class CTPolicyManagerTest : public ::testing::Test {
+ public:
+  CTPolicyManagerTest() : message_loop_(base::MessageLoop::TYPE_IO) {}
+
+ protected:
+  base::TestMessageLoop message_loop_;
+  TestingPrefServiceSimple pref_service_;
+};
+
+// Treat the preferences as a black box as far as naming, but ensure that
+// preferences get registered.
+TEST_F(CTPolicyManagerTest, RegistersPrefs) {
+  auto registered_prefs = std::distance(pref_service_.registry()->begin(),
+                                        pref_service_.registry()->end());
+  CTPolicyManager::RegisterPrefs(pref_service_.registry());
+  auto newly_registered_prefs = std::distance(pref_service_.registry()->begin(),
+                                              pref_service_.registry()->end());
+  EXPECT_NE(registered_prefs, newly_registered_prefs);
+}
+
+TEST_F(CTPolicyManagerTest, DelegateChecksRequired) {
+  using CTRequirementLevel =
+      net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel;
+  // Register preferences and set up initial state
+  CTPolicyManager::RegisterPrefs(pref_service_.registry());
+  CTPolicyManager manager(&pref_service_, message_loop_.task_runner());
+  base::RunLoop().RunUntilIdle();
+
+  net::TransportSecurityState::RequireCTDelegate* delegate =
+      manager.GetDelegate();
+  ASSERT_TRUE(delegate);
+
+  // No preferences should yield the default results.
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("google.com"));
+
+  // Now set a preference, pump the message loop, and ensure things are now
+  // reflected.
+  pref_service_.SetManagedPref(prefs::kCTRequiredHosts,
+                               ListValueFromStrings({"google.com"}));
+  base::RunLoop().RunUntilIdle();
+
+  // The new preferences should take effect.
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("google.com"));
+}
+
+TEST_F(CTPolicyManagerTest, DelegateChecksExcluded) {
+  using CTRequirementLevel =
+      net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel;
+  // Register preferences and set up initial state
+  CTPolicyManager::RegisterPrefs(pref_service_.registry());
+  CTPolicyManager manager(&pref_service_, message_loop_.task_runner());
+  base::RunLoop().RunUntilIdle();
+
+  net::TransportSecurityState::RequireCTDelegate* delegate =
+      manager.GetDelegate();
+  ASSERT_TRUE(delegate);
+
+  // No preferences should yield the default results.
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("google.com"));
+
+  // Now set a preference, pump the message loop, and ensure things are now
+  // reflected.
+  pref_service_.SetManagedPref(prefs::kCTExcludedHosts,
+                               ListValueFromStrings({"google.com"}));
+  base::RunLoop().RunUntilIdle();
+
+  // The new preferences should take effect.
+  EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED,
+            delegate->IsCTRequiredForHost("google.com"));
+}
+
+TEST_F(CTPolicyManagerTest, IgnoresInvalidEntries) {
+  using CTRequirementLevel =
+      net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel;
+  // Register preferences and set up initial state
+  CTPolicyManager::RegisterPrefs(pref_service_.registry());
+  CTPolicyManager manager(&pref_service_, message_loop_.task_runner());
+  base::RunLoop().RunUntilIdle();
+
+  net::TransportSecurityState::RequireCTDelegate* delegate =
+      manager.GetDelegate();
+  ASSERT_TRUE(delegate);
+
+  // No preferences should yield the default results.
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("google.com"));
+
+  // Now setup invalid preferences (that is, that fail to be parsable as
+  // URLs).
+  pref_service_.SetManagedPref(
+      prefs::kCTRequiredHosts,
+      ListValueFromStrings({
+          "file:///etc/fstab", "file://withahost/etc/fstab",
+          "file:///c|/Windows", "*", "https://*", "example.com",
+          "https://example.test:invalid_port",
+      }));
+  base::RunLoop().RunUntilIdle();
+
+  // Wildcards are ignored (both * and https://*).
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("google.com"));
+  // File URL hosts are ignored.
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("withahost"));
+
+  // While the partially parsed hosts should take effect.
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("example.test"));
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("example.com"));
+}
+
+// Make sure the various 'undocumented' priorities apply:
+//   - non-wildcards beat wildcards
+//   - more specific hosts beat less specific hosts
+//   - requiring beats excluding
+TEST_F(CTPolicyManagerTest, AppliesPriority) {
+  using CTRequirementLevel =
+      net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel;
+  // Register preferences and set up initial state
+  CTPolicyManager::RegisterPrefs(pref_service_.registry());
+  CTPolicyManager manager(&pref_service_, message_loop_.task_runner());
+  base::RunLoop().RunUntilIdle();
+
+  net::TransportSecurityState::RequireCTDelegate* delegate =
+      manager.GetDelegate();
+  ASSERT_TRUE(delegate);
+
+  // No preferences should yield the default results.
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("sub.example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("accounts.example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("login.accounts.example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("sub.accounts.example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("login.sub.accounts.example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("test.example.com"));
+
+  // Set up policies that exclude it for a domain and all of its subdomains,
+  // but then require it for a specific host.
+  pref_service_.SetManagedPref(
+      prefs::kCTExcludedHosts,
+      ListValueFromStrings({"example.com", ".sub.example.com",
+                            ".sub.accounts.example.com", "test.example.com"}));
+  pref_service_.SetManagedPref(
+      prefs::kCTRequiredHosts,
+      ListValueFromStrings(
+          {"sub.example.com", "accounts.example.com", "test.example.com"}));
+  base::RunLoop().RunUntilIdle();
+
+  EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED,
+            delegate->IsCTRequiredForHost("example.com"));
+  // Non-wildcarding (.sub.example.com) beats wildcarding (sub.example.com).
+  EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED,
+            delegate->IsCTRequiredForHost("sub.example.com"));
+  // More specific hosts (accounts.example.com) beat less specific hosts
+  // (example.com + wildcard).
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("accounts.example.com"));
+  // More specific hosts (accounts.example.com) beat less specific hosts
+  // (example.com).
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("login.accounts.example.com"));
+  EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED,
+            delegate->IsCTRequiredForHost("sub.accounts.example.com"));
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("login.sub.accounts.example.com"));
+  // Requiring beats excluding.
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("test.example.com"));
+}
+
+// Ensure that the RequireCTDelegate is still valid and usable after Shutdown
+// has been called. Preferences should no longer sync, but the old results
+// should still be returned.
+TEST_F(CTPolicyManagerTest, UsableAfterShutdown) {
+  using CTRequirementLevel =
+      net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel;
+  // Register preferences and set up initial state
+  CTPolicyManager::RegisterPrefs(pref_service_.registry());
+  CTPolicyManager manager(&pref_service_, message_loop_.task_runner());
+  base::RunLoop().RunUntilIdle();
+
+  net::TransportSecurityState::RequireCTDelegate* delegate =
+      manager.GetDelegate();
+  ASSERT_TRUE(delegate);
+
+  // No preferences should yield the default results.
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("google.com"));
+
+  // Now set a preference, pump the message loop, and ensure things are now
+  // reflected.
+  pref_service_.SetManagedPref(prefs::kCTRequiredHosts,
+                               ListValueFromStrings({"google.com"}));
+  base::RunLoop().RunUntilIdle();
+
+  // The new preferences should take effect.
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("google.com"));
+
+  // Shut down the preferences, which should unregister any observers.
+  manager.Shutdown();
+  base::RunLoop().RunUntilIdle();
+
+  // Update the preferences again, which should do nothing; the
+  // RequireCTDelegate should continue to be valid and return the old results.
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("google.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("sub.example.com"));
+  pref_service_.SetManagedPref(prefs::kCTRequiredHosts,
+                               ListValueFromStrings({"sub.example.com"}));
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(CTRequirementLevel::REQUIRED,
+            delegate->IsCTRequiredForHost("google.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("example.com"));
+  EXPECT_EQ(CTRequirementLevel::DEFAULT,
+            delegate->IsCTRequiredForHost("sub.example.com"));
+
+  // And it should still be possible to get the delegate, even after calling
+  // Shutdown().
+  EXPECT_TRUE(manager.GetDelegate());
+}
+
+}  // namespace
+
+}  // namespace certificate_transparency