| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/certificate_transparency/ct_policy_manager.h" | 5 #include "components/certificate_transparency/ct_policy_manager.h" |
| 6 | 6 |
| 7 #include <iterator> | 7 #include <iterator> |
| 8 | 8 |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "base/sequenced_task_runner.h" | 10 #include "base/sequenced_task_runner.h" |
| 11 #include "base/single_thread_task_runner.h" | 11 #include "base/single_thread_task_runner.h" |
| 12 #include "base/test/test_message_loop.h" | 12 #include "base/test/test_message_loop.h" |
| 13 #include "base/values.h" | 13 #include "base/values.h" |
| 14 #include "components/certificate_transparency/pref_names.h" | 14 #include "components/certificate_transparency/pref_names.h" |
| 15 #include "components/prefs/pref_registry_simple.h" | 15 #include "components/prefs/pref_registry_simple.h" |
| 16 #include "components/prefs/testing_pref_service.h" | 16 #include "components/prefs/testing_pref_service.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 18 |
| 19 namespace certificate_transparency { | 19 namespace certificate_transparency { |
| 20 | 20 |
| 21 namespace { | 21 namespace { |
| 22 | 22 |
| 23 template <size_t N> | 23 base::ListValue* ListValueFromStrings(const std::vector<const char*>& strings) { |
| 24 base::ListValue* ListValueFromStrings(const char* const (&strings)[N]) { | |
| 25 std::unique_ptr<base::ListValue> result(new base::ListValue); | 24 std::unique_ptr<base::ListValue> result(new base::ListValue); |
| 26 for (const auto& str : strings) { | 25 for (auto* const str : strings) { |
| 27 result->AppendString(str); | 26 result->AppendString(str); |
| 28 } | 27 } |
| 29 return result.release(); | 28 return result.release(); |
| 30 } | 29 } |
| 31 | 30 |
| 32 class CTPolicyManagerTest : public ::testing::Test { | 31 class CTPolicyManagerTest : public ::testing::Test { |
| 33 public: | 32 public: |
| 34 CTPolicyManagerTest() : message_loop_(base::MessageLoop::TYPE_IO) {} | 33 CTPolicyManagerTest() : message_loop_(base::MessageLoop::TYPE_IO) {} |
| 35 | 34 |
| 36 protected: | 35 protected: |
| (...skipping 23 matching lines...) Expand all Loading... |
| 60 net::TransportSecurityState::RequireCTDelegate* delegate = | 59 net::TransportSecurityState::RequireCTDelegate* delegate = |
| 61 manager.GetDelegate(); | 60 manager.GetDelegate(); |
| 62 ASSERT_TRUE(delegate); | 61 ASSERT_TRUE(delegate); |
| 63 | 62 |
| 64 // No preferences should yield the default results. | 63 // No preferences should yield the default results. |
| 65 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 64 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 66 delegate->IsCTRequiredForHost("google.com")); | 65 delegate->IsCTRequiredForHost("google.com")); |
| 67 | 66 |
| 68 // Now set a preference, pump the message loop, and ensure things are now | 67 // Now set a preference, pump the message loop, and ensure things are now |
| 69 // reflected. | 68 // reflected. |
| 70 pref_service_.SetManagedPref(prefs::kCTRequiredHosts, | 69 pref_service_.SetManagedPref( |
| 71 ListValueFromStrings({"google.com"})); | 70 prefs::kCTRequiredHosts, |
| 71 ListValueFromStrings(std::vector<const char*>{"google.com"})); |
| 72 base::RunLoop().RunUntilIdle(); | 72 base::RunLoop().RunUntilIdle(); |
| 73 | 73 |
| 74 // The new preferences should take effect. | 74 // The new preferences should take effect. |
| 75 EXPECT_EQ(CTRequirementLevel::REQUIRED, | 75 EXPECT_EQ(CTRequirementLevel::REQUIRED, |
| 76 delegate->IsCTRequiredForHost("google.com")); | 76 delegate->IsCTRequiredForHost("google.com")); |
| 77 } | 77 } |
| 78 | 78 |
| 79 TEST_F(CTPolicyManagerTest, DelegateChecksExcluded) { | 79 TEST_F(CTPolicyManagerTest, DelegateChecksExcluded) { |
| 80 using CTRequirementLevel = | 80 using CTRequirementLevel = |
| 81 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | 81 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; |
| 82 // Register preferences and set up initial state | 82 // Register preferences and set up initial state |
| 83 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | 83 CTPolicyManager::RegisterPrefs(pref_service_.registry()); |
| 84 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | 84 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); |
| 85 base::RunLoop().RunUntilIdle(); | 85 base::RunLoop().RunUntilIdle(); |
| 86 | 86 |
| 87 net::TransportSecurityState::RequireCTDelegate* delegate = | 87 net::TransportSecurityState::RequireCTDelegate* delegate = |
| 88 manager.GetDelegate(); | 88 manager.GetDelegate(); |
| 89 ASSERT_TRUE(delegate); | 89 ASSERT_TRUE(delegate); |
| 90 | 90 |
| 91 // No preferences should yield the default results. | 91 // No preferences should yield the default results. |
| 92 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 92 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 93 delegate->IsCTRequiredForHost("google.com")); | 93 delegate->IsCTRequiredForHost("google.com")); |
| 94 | 94 |
| 95 // Now set a preference, pump the message loop, and ensure things are now | 95 // Now set a preference, pump the message loop, and ensure things are now |
| 96 // reflected. | 96 // reflected. |
| 97 pref_service_.SetManagedPref(prefs::kCTExcludedHosts, | 97 pref_service_.SetManagedPref( |
| 98 ListValueFromStrings({"google.com"})); | 98 prefs::kCTExcludedHosts, |
| 99 ListValueFromStrings(std::vector<const char*>{"google.com"})); |
| 99 base::RunLoop().RunUntilIdle(); | 100 base::RunLoop().RunUntilIdle(); |
| 100 | 101 |
| 101 // The new preferences should take effect. | 102 // The new preferences should take effect. |
| 102 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | 103 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, |
| 103 delegate->IsCTRequiredForHost("google.com")); | 104 delegate->IsCTRequiredForHost("google.com")); |
| 104 } | 105 } |
| 105 | 106 |
| 106 TEST_F(CTPolicyManagerTest, IgnoresInvalidEntries) { | 107 TEST_F(CTPolicyManagerTest, IgnoresInvalidEntries) { |
| 107 using CTRequirementLevel = | 108 using CTRequirementLevel = |
| 108 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; | 109 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel; |
| 109 // Register preferences and set up initial state | 110 // Register preferences and set up initial state |
| 110 CTPolicyManager::RegisterPrefs(pref_service_.registry()); | 111 CTPolicyManager::RegisterPrefs(pref_service_.registry()); |
| 111 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); | 112 CTPolicyManager manager(&pref_service_, message_loop_.task_runner()); |
| 112 base::RunLoop().RunUntilIdle(); | 113 base::RunLoop().RunUntilIdle(); |
| 113 | 114 |
| 114 net::TransportSecurityState::RequireCTDelegate* delegate = | 115 net::TransportSecurityState::RequireCTDelegate* delegate = |
| 115 manager.GetDelegate(); | 116 manager.GetDelegate(); |
| 116 ASSERT_TRUE(delegate); | 117 ASSERT_TRUE(delegate); |
| 117 | 118 |
| 118 // No preferences should yield the default results. | 119 // No preferences should yield the default results. |
| 119 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 120 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 120 delegate->IsCTRequiredForHost("google.com")); | 121 delegate->IsCTRequiredForHost("google.com")); |
| 121 | 122 |
| 122 // Now setup invalid preferences (that is, that fail to be parsable as | 123 // Now setup invalid preferences (that is, that fail to be parsable as |
| 123 // URLs). | 124 // URLs). |
| 124 pref_service_.SetManagedPref( | 125 pref_service_.SetManagedPref( |
| 125 prefs::kCTRequiredHosts, | 126 prefs::kCTRequiredHosts, |
| 126 ListValueFromStrings({ | 127 ListValueFromStrings(std::vector<const char*>{ |
| 127 "file:///etc/fstab", "file://withahost/etc/fstab", | 128 "file:///etc/fstab", "file://withahost/etc/fstab", |
| 128 "file:///c|/Windows", "*", "https://*", "example.com", | 129 "file:///c|/Windows", "*", "https://*", "example.com", |
| 129 "https://example.test:invalid_port", | 130 "https://example.test:invalid_port", |
| 130 })); | 131 })); |
| 131 base::RunLoop().RunUntilIdle(); | 132 base::RunLoop().RunUntilIdle(); |
| 132 | 133 |
| 133 // Wildcards are ignored (both * and https://*). | 134 // Wildcards are ignored (both * and https://*). |
| 134 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 135 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 135 delegate->IsCTRequiredForHost("google.com")); | 136 delegate->IsCTRequiredForHost("google.com")); |
| 136 // File URL hosts are ignored. | 137 // File URL hosts are ignored. |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 173 delegate->IsCTRequiredForHost("sub.accounts.example.com")); | 174 delegate->IsCTRequiredForHost("sub.accounts.example.com")); |
| 174 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 175 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 175 delegate->IsCTRequiredForHost("login.sub.accounts.example.com")); | 176 delegate->IsCTRequiredForHost("login.sub.accounts.example.com")); |
| 176 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 177 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 177 delegate->IsCTRequiredForHost("test.example.com")); | 178 delegate->IsCTRequiredForHost("test.example.com")); |
| 178 | 179 |
| 179 // Set up policies that exclude it for a domain and all of its subdomains, | 180 // Set up policies that exclude it for a domain and all of its subdomains, |
| 180 // but then require it for a specific host. | 181 // but then require it for a specific host. |
| 181 pref_service_.SetManagedPref( | 182 pref_service_.SetManagedPref( |
| 182 prefs::kCTExcludedHosts, | 183 prefs::kCTExcludedHosts, |
| 183 ListValueFromStrings({"example.com", ".sub.example.com", | 184 ListValueFromStrings(std::vector<const char*>{ |
| 184 ".sub.accounts.example.com", "test.example.com"})); | 185 "example.com", ".sub.example.com", ".sub.accounts.example.com", |
| 186 "test.example.com"})); |
| 185 pref_service_.SetManagedPref( | 187 pref_service_.SetManagedPref( |
| 186 prefs::kCTRequiredHosts, | 188 prefs::kCTRequiredHosts, |
| 187 ListValueFromStrings( | 189 ListValueFromStrings(std::vector<const char*>{ |
| 188 {"sub.example.com", "accounts.example.com", "test.example.com"})); | 190 "sub.example.com", "accounts.example.com", "test.example.com"})); |
| 189 base::RunLoop().RunUntilIdle(); | 191 base::RunLoop().RunUntilIdle(); |
| 190 | 192 |
| 191 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | 193 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, |
| 192 delegate->IsCTRequiredForHost("example.com")); | 194 delegate->IsCTRequiredForHost("example.com")); |
| 193 // Non-wildcarding (.sub.example.com) beats wildcarding (sub.example.com). | 195 // Non-wildcarding (.sub.example.com) beats wildcarding (sub.example.com). |
| 194 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, | 196 EXPECT_EQ(CTRequirementLevel::NOT_REQUIRED, |
| 195 delegate->IsCTRequiredForHost("sub.example.com")); | 197 delegate->IsCTRequiredForHost("sub.example.com")); |
| 196 // More specific hosts (accounts.example.com) beat less specific hosts | 198 // More specific hosts (accounts.example.com) beat less specific hosts |
| 197 // (example.com + wildcard). | 199 // (example.com + wildcard). |
| 198 EXPECT_EQ(CTRequirementLevel::REQUIRED, | 200 EXPECT_EQ(CTRequirementLevel::REQUIRED, |
| (...skipping 25 matching lines...) Expand all Loading... |
| 224 net::TransportSecurityState::RequireCTDelegate* delegate = | 226 net::TransportSecurityState::RequireCTDelegate* delegate = |
| 225 manager.GetDelegate(); | 227 manager.GetDelegate(); |
| 226 ASSERT_TRUE(delegate); | 228 ASSERT_TRUE(delegate); |
| 227 | 229 |
| 228 // No preferences should yield the default results. | 230 // No preferences should yield the default results. |
| 229 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 231 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 230 delegate->IsCTRequiredForHost("google.com")); | 232 delegate->IsCTRequiredForHost("google.com")); |
| 231 | 233 |
| 232 // Now set a preference, pump the message loop, and ensure things are now | 234 // Now set a preference, pump the message loop, and ensure things are now |
| 233 // reflected. | 235 // reflected. |
| 234 pref_service_.SetManagedPref(prefs::kCTRequiredHosts, | 236 pref_service_.SetManagedPref( |
| 235 ListValueFromStrings({"google.com"})); | 237 prefs::kCTRequiredHosts, |
| 238 ListValueFromStrings(std::vector<const char*>{"google.com"})); |
| 236 base::RunLoop().RunUntilIdle(); | 239 base::RunLoop().RunUntilIdle(); |
| 237 | 240 |
| 238 // The new preferences should take effect. | 241 // The new preferences should take effect. |
| 239 EXPECT_EQ(CTRequirementLevel::REQUIRED, | 242 EXPECT_EQ(CTRequirementLevel::REQUIRED, |
| 240 delegate->IsCTRequiredForHost("google.com")); | 243 delegate->IsCTRequiredForHost("google.com")); |
| 241 | 244 |
| 242 // Shut down the preferences, which should unregister any observers. | 245 // Shut down the preferences, which should unregister any observers. |
| 243 manager.Shutdown(); | 246 manager.Shutdown(); |
| 244 base::RunLoop().RunUntilIdle(); | 247 base::RunLoop().RunUntilIdle(); |
| 245 | 248 |
| 246 // Update the preferences again, which should do nothing; the | 249 // Update the preferences again, which should do nothing; the |
| 247 // RequireCTDelegate should continue to be valid and return the old results. | 250 // RequireCTDelegate should continue to be valid and return the old results. |
| 248 EXPECT_EQ(CTRequirementLevel::REQUIRED, | 251 EXPECT_EQ(CTRequirementLevel::REQUIRED, |
| 249 delegate->IsCTRequiredForHost("google.com")); | 252 delegate->IsCTRequiredForHost("google.com")); |
| 250 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 253 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 251 delegate->IsCTRequiredForHost("example.com")); | 254 delegate->IsCTRequiredForHost("example.com")); |
| 252 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 255 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 253 delegate->IsCTRequiredForHost("sub.example.com")); | 256 delegate->IsCTRequiredForHost("sub.example.com")); |
| 254 pref_service_.SetManagedPref(prefs::kCTRequiredHosts, | 257 pref_service_.SetManagedPref( |
| 255 ListValueFromStrings({"sub.example.com"})); | 258 prefs::kCTRequiredHosts, |
| 259 ListValueFromStrings(std::vector<const char*>{"sub.example.com"})); |
| 256 base::RunLoop().RunUntilIdle(); | 260 base::RunLoop().RunUntilIdle(); |
| 257 EXPECT_EQ(CTRequirementLevel::REQUIRED, | 261 EXPECT_EQ(CTRequirementLevel::REQUIRED, |
| 258 delegate->IsCTRequiredForHost("google.com")); | 262 delegate->IsCTRequiredForHost("google.com")); |
| 259 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 263 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 260 delegate->IsCTRequiredForHost("example.com")); | 264 delegate->IsCTRequiredForHost("example.com")); |
| 261 EXPECT_EQ(CTRequirementLevel::DEFAULT, | 265 EXPECT_EQ(CTRequirementLevel::DEFAULT, |
| 262 delegate->IsCTRequiredForHost("sub.example.com")); | 266 delegate->IsCTRequiredForHost("sub.example.com")); |
| 263 | 267 |
| 264 // And it should still be possible to get the delegate, even after calling | 268 // And it should still be possible to get the delegate, even after calling |
| 265 // Shutdown(). | 269 // Shutdown(). |
| 266 EXPECT_TRUE(manager.GetDelegate()); | 270 EXPECT_TRUE(manager.GetDelegate()); |
| 267 } | 271 } |
| 268 | 272 |
| 269 } // namespace | 273 } // namespace |
| 270 | 274 |
| 271 } // namespace certificate_transparency | 275 } // namespace certificate_transparency |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2714053003:
Fix GCC build for target 'all' (Closed)
