// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/net/secure_dns_policy_handler.h" #include <memory> #include <string> #include <utility> #include <vector> #include "base/compiler_specific.h" #include "base/memory/ptr_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "base/values.h" #include "chrome/browser/net/secure_dns_config.h" #include "chrome/browser/prefs/session_startup_pref.h" #include "chrome/common/pref_names.h" #include "components/policy/core/browser/configuration_policy_handler.h" #include "components/policy/core/browser/policy_error_map.h" #include "components/policy/core/common/policy_map.h" #include "components/policy/core/common/policy_types.h" #include "components/policy/policy_constants.h" #include "components/prefs/pref_value_map.h" #include "components/strings/grit/components_strings.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "ui/base/l10n/l10n_util.h" #if BUILDFLAG(IS_CHROMEOS_ASH) #include "ash/constants/ash_features.h" #include "base/test/scoped_feature_list.h" namespace { constexpr char kDohSalt[] = "test-salt"; } // namespace #endif namespace policy { class SecureDnsPolicyHandlerTest : public testing::Test { … }; TEST_F(SecureDnsPolicyHandlerTest, PoliciesNotSet) { … } // Sanity check tests to ensure the policy errors have the correct name. TEST_F(SecureDnsPolicyHandlerTest, ModePolicyErrorName) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesPolicyErrorName) { … } TEST_F(SecureDnsPolicyHandlerTest, EmptyModePolicyValue) { … } TEST_F(SecureDnsPolicyHandlerTest, InvalidModePolicyValue) { … } TEST_F(SecureDnsPolicyHandlerTest, InvalidModePolicyType) { … } TEST_F(SecureDnsPolicyHandlerTest, ValidModePolicyValueOff) { … } TEST_F(SecureDnsPolicyHandlerTest, ValidModePolicyValueAutomatic) { … } TEST_F(SecureDnsPolicyHandlerTest, ValidModePolicySecure) { … } TEST_F(SecureDnsPolicyHandlerTest, InvalidTemplatesPolicyValue) { … } TEST_F(SecureDnsPolicyHandlerTest, InvalidTemplatesPolicyType) { … } // Templates policy should error when the Mode makes its value irrelevant. TEST_F(SecureDnsPolicyHandlerTest, IrrelevantTemplatesPolicyWithModeOff) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesWithModeNotSet) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesWithModeInvalid) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesNotSetWithModeSecure) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesNotStringWithModeSecure) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesEmptyWithModeSecure) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesEmptyWithModeAutomatic) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesPolicyWithModeAutomatic) { … } TEST_F(SecureDnsPolicyHandlerTest, TemplatesPolicyWithModeSecure) { … } #if BUILDFLAG(IS_CHROMEOS_ASH) TEST_F(SecureDnsPolicyHandlerTest, TemplatesWithIdentifiers) { SetPolicyValue(key::kDnsOverHttpsMode, base::Value(SecureDnsConfig::kModeSecure)); const std::string test_policy_value = "https://foo.test/"; SetPolicyValue(key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value(test_policy_value)); SetPolicyValue(key::kDnsOverHttpsSalt, base::Value(kDohSalt)); CheckAndApplyPolicySettings(); EXPECT_TRUE(errors().empty()); std::string templates, templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplates, &templates)); EXPECT_EQ(templates, ""); EXPECT_EQ(templates_with_identifiers, test_policy_value); EXPECT_EQ(salt, kDohSalt); } // Testing that setting the both the cross policy DnsOverHttpsTemplates and the // Chrome OS policy DnsOverHttpsTemplatesWithIdentifiers result in both prefs // being set. TEST_F(SecureDnsPolicyHandlerTest, BothPoliciesSet) { SetPolicyValue(key::kDnsOverHttpsMode, base::Value(SecureDnsConfig::kModeSecure)); const std::string test_policy_value = "https://foo.test/"; SetPolicyValue(key::kDnsOverHttpsTemplates, base::Value(test_policy_value)); const std::string test_policy_identifiers_value = "https://foo.test.identifiers/"; SetPolicyValue(key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value(test_policy_identifiers_value)); SetPolicyValue(key::kDnsOverHttpsSalt, base::Value(kDohSalt)); CheckAndApplyPolicySettings(); EXPECT_TRUE(errors().empty()); std::string templates, templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplates, &templates)); EXPECT_EQ(templates, test_policy_value); EXPECT_EQ(templates_with_identifiers, test_policy_identifiers_value); EXPECT_EQ(salt, kDohSalt); } TEST_F(SecureDnsPolicyHandlerTest, TemplatesWithIdentifiersInvalid) { SetPolicyValue(key::kDnsOverHttpsMode, base::Value(SecureDnsConfig::kModeSecure)); SetPolicyValue(key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value(1)); SetPolicyValue(key::kDnsOverHttpsSalt, base::Value(kDohSalt)); CheckAndApplyPolicySettings(); EXPECT_EQ(errors().size(), 3U); auto expected_error1 = l10n_util::GetStringFUTF16( IDS_POLICY_TYPE_ERROR, base::ASCIIToUTF16(base::Value::GetTypeName(base::Value::Type::STRING))); auto expected_error2 = l10n_util::GetStringUTF16( IDS_POLICY_SECURE_DNS_TEMPLATES_NOT_SPECIFIED_ERROR); auto expected_error3 = l10n_util::GetStringFUTF16( IDS_POLICY_DEPENDENCY_ERROR_ANY_VALUE, base::UTF8ToUTF16(policy::key::kDnsOverHttpsTemplatesWithIdentifiers)); EXPECT_EQ( errors().GetErrorMessages(key::kDnsOverHttpsTemplatesWithIdentifiers), expected_error1); EXPECT_EQ(errors().GetErrorMessages(key::kDnsOverHttpsTemplates), expected_error2); EXPECT_EQ(errors().GetErrorMessages(key::kDnsOverHttpsSalt), expected_error3); std::string templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_TRUE(templates_with_identifiers.empty()); EXPECT_TRUE(salt.empty()); } // The salt is optional, so this is a valid configuration. TEST_F(SecureDnsPolicyHandlerTest, NoSalt) { SetPolicyValue(key::kDnsOverHttpsMode, base::Value(SecureDnsConfig::kModeSecure)); const std::string test_policy_identifiers_value = "https://foo.test.identifiers/"; SetPolicyValue(key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value(test_policy_identifiers_value)); CheckAndApplyPolicySettings(); EXPECT_TRUE(errors().empty()); std::string templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_EQ(templates_with_identifiers, test_policy_identifiers_value); EXPECT_EQ(salt, ""); } TEST_F(SecureDnsPolicyHandlerTest, NoTemplatesWithIdentifiers) { SetPolicyValue(key::kDnsOverHttpsMode, base::Value(SecureDnsConfig::kModeSecure)); SetPolicyValue(key::kDnsOverHttpsSalt, base::Value(kDohSalt)); CheckAndApplyPolicySettings(); EXPECT_EQ(errors().size(), 2U); auto expected_error1 = l10n_util::GetStringUTF16( IDS_POLICY_SECURE_DNS_TEMPLATES_NOT_SPECIFIED_ERROR); auto expected_error2 = l10n_util::GetStringFUTF16( IDS_POLICY_DEPENDENCY_ERROR_ANY_VALUE, base::UTF8ToUTF16(policy::key::kDnsOverHttpsTemplatesWithIdentifiers)); EXPECT_EQ(errors().GetErrorMessages(key::kDnsOverHttpsTemplates), expected_error1); EXPECT_EQ(errors().GetErrorMessages(key::kDnsOverHttpsSalt), expected_error2); std::string templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_TRUE(templates_with_identifiers.empty()); EXPECT_TRUE(salt.empty()); } TEST_F(SecureDnsPolicyHandlerTest, TemplatesWithIdentifiersEmpty) { SetPolicyValue(key::kDnsOverHttpsMode, base::Value(SecureDnsConfig::kModeSecure)); SetPolicyValue(key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value("")); SetPolicyValue(key::kDnsOverHttpsSalt, base::Value(kDohSalt)); CheckAndApplyPolicySettings(); EXPECT_EQ(errors().size(), 2U); auto expected_error1 = l10n_util::GetStringUTF16( IDS_POLICY_SECURE_DNS_TEMPLATES_NOT_SPECIFIED_ERROR); auto expected_error2 = l10n_util::GetStringFUTF16( IDS_POLICY_DEPENDENCY_ERROR_ANY_VALUE, base::UTF8ToUTF16(policy::key::kDnsOverHttpsTemplatesWithIdentifiers)); EXPECT_EQ(errors().GetErrorMessages(key::kDnsOverHttpsTemplates), expected_error1); EXPECT_EQ(errors().GetErrorMessages(key::kDnsOverHttpsSalt), expected_error2); std::string templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_TRUE(templates_with_identifiers.empty()); EXPECT_TRUE(salt.empty()); } TEST_F(SecureDnsPolicyHandlerTest, NoMode) { const std::string test_policy_identifiers_value = "https://foo.test.identifiers/"; SetPolicyValue(key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value(test_policy_identifiers_value)); SetPolicyValue(key::kDnsOverHttpsSalt, base::Value(kDohSalt)); CheckAndApplyPolicySettings(); EXPECT_EQ(errors().size(), 1U); auto expected_error = l10n_util::GetStringUTF16( IDS_POLICY_SECURE_DNS_TEMPLATES_UNSET_MODE_ERROR); EXPECT_EQ( errors().GetErrorMessages(key::kDnsOverHttpsTemplatesWithIdentifiers), expected_error); std::string templates_with_identifiers, salt; EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsTemplatesWithIdentifiers, &templates_with_identifiers)); EXPECT_TRUE(prefs().GetString(prefs::kDnsOverHttpsSalt, &salt)); EXPECT_EQ(templates_with_identifiers, test_policy_identifiers_value); EXPECT_EQ(salt, kDohSalt); } #endif // BUILDFLAG(IS_CHROMEOS_ASH) } // namespace policy
Codebase Browser
chromium