Add util method to obtain policy scope This is to be combined with the AutoSelectCertificateForUrls for the getCertificate API, so this CL also adds this prefs to the local_state registry. Bug: 1194759 Change-Id: I39fe6c16c4254d402b4fcbf108525bda6b990128 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821909 Reviewed-by: Dominique Fauteux-Chapleau <[email protected]> Reviewed-by: Gabriel Charette <[email protected]> Reviewed-by: anthonyvd <[email protected]> Auto-Submit: Dominique Fauteux-Chapleau <[email protected]> Commit-Queue: Gabriel Charette <[email protected]> Cr-Commit-Position: refs/heads/master@{#873889}

commit: 0e897db0295a95b24bdffc869f1b2cee4af99b71 [log] [tgz]
author: Dominique Fauteux-Chapleau <[email protected]> Mon Apr 19 18:42:22 2021
committer: Chromium LUCI CQ <[email protected]> Mon Apr 19 18:42:22 2021
tree: 6a4ba29e524cb5a244a03679d4f6c6c676f3acdf
parent: c515f5351c8f5aa54146683a3479ed161e4d7184 [diff]
diff --git a/chrome/browser/enterprise/util/managed_browser_utils.cc b/chrome/browser/enterprise/util/managed_browser_utils.cc
index f9cc0ad..38829f47 100644
--- a/chrome/browser/enterprise/util/managed_browser_utils.cc
+++ b/chrome/browser/enterprise/util/managed_browser_utils.cc

@@ -13,6 +13,9 @@
 #include "chrome/browser/profiles/profile.h"
 #include "components/certificate_matching/certificate_principal_pattern.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "components/content_settings/core/common/pref_names.h"
+#include "components/prefs/pref_registry_simple.h"
+#include "components/prefs/pref_service.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "url/gurl.h"
 
@@ -116,7 +119,6 @@
         ParseFromOptionalDict(
             filter.FindKeyOfType("ISSUER", base::Value::Type::DICTIONARY), "CN",
             "L", "O", "OU");
-
     auto subject_pattern = certificate_matching::CertificatePrincipalPattern::
         ParseFromOptionalDict(
             filter.FindKeyOfType("SUBJECT", base::Value::Type::DICTIONARY),
@@ -133,6 +135,17 @@
   return nullptr;
 }
 
+bool IsMachinePolicyPref(const std::string& pref_name) {
+  const PrefService::Preference* pref =
+      g_browser_process->local_state()->FindPreference(pref_name);
+
+  return pref && pref->IsManaged();
+}
+
+void RegisterLocalStatePrefs(PrefRegistrySimple* registry) {
+  registry->RegisterListPref(prefs::kManagedAutoSelectCertificateForUrls);
+}
+
 }  // namespace enterprise_util
 }  // namespace chrome
 

diff --git a/chrome/browser/enterprise/util/managed_browser_utils.h b/chrome/browser/enterprise/util/managed_browser_utils.h
index fe27628..3b81d62 100644
--- a/chrome/browser/enterprise/util/managed_browser_utils.h
+++ b/chrome/browser/enterprise/util/managed_browser_utils.h

@@ -12,6 +12,7 @@
 #include "net/ssl/client_cert_identity.h"
 
 class GURL;
+class PrefRegistrySimple;
 class Profile;
 
 namespace chrome {
@@ -33,6 +34,11 @@
     const GURL& requesting_url,
     net::ClientCertIdentityList& client_certs);
 
+// Returns true if the given pref is set through a machine-scope policy.
+bool IsMachinePolicyPref(const std::string& pref_name);
+
+void RegisterLocalStatePrefs(PrefRegistrySimple* registry);
+
 }  // namespace enterprise_util
 }  // namespace chrome
 

diff --git a/chrome/browser/enterprise/util/managed_browser_utils_browsertest.cc b/chrome/browser/enterprise/util/managed_browser_utils_browsertest.cc
new file mode 100644
index 0000000..03e7698a
--- /dev/null
+++ b/chrome/browser/enterprise/util/managed_browser_utils_browsertest.cc

@@ -0,0 +1,58 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/enterprise/util/managed_browser_utils.h"
+
+#include "chrome/browser/policy/policy_test_utils.h"
+#include "components/content_settings/core/common/pref_names.h"
+#include "components/policy/policy_constants.h"
+#include "content/public/test/browser_test.h"
+
+namespace {
+
+class ManagedBrowserUtilsBrowserTest
+    : public policy::PolicyTest,
+      public testing::WithParamInterface<bool> {
+ public:
+  ManagedBrowserUtilsBrowserTest() = default;
+  ~ManagedBrowserUtilsBrowserTest() override = default;
+
+  bool managed_policy() { return GetParam(); }
+
+  base::Value policy_value() {
+    constexpr char kAutoSelectCertificateValue[] = R"({
+      "pattern": "https://foo.com",
+      "filter": {
+        "ISSUER": {
+          "O": "Chrome",
+          "OU": "Chrome Org Unit",
+          "CN": "Chrome Common Name"
+        }
+      }
+    })";
+    base::Value list(base::Value::Type::LIST);
+    list.Append(kAutoSelectCertificateValue);
+    return list;
+  }
+};
+
+INSTANTIATE_TEST_SUITE_P(, ManagedBrowserUtilsBrowserTest, testing::Bool());
+
+}  // namespace
+
+IN_PROC_BROWSER_TEST_P(ManagedBrowserUtilsBrowserTest, LocalState) {
+  EXPECT_FALSE(chrome::enterprise_util::IsMachinePolicyPref(
+      prefs::kManagedAutoSelectCertificateForUrls));
+
+  policy::PolicyMap policies;
+  policies.Set(policy::key::kAutoSelectCertificateForUrls,
+               managed_policy() ? policy::POLICY_LEVEL_MANDATORY
+                                : policy::POLICY_LEVEL_RECOMMENDED,
+               policy::POLICY_SCOPE_MACHINE, policy::POLICY_SOURCE_CLOUD,
+               policy_value(), nullptr);
+  UpdateProviderPolicy(policies);
+
+  EXPECT_EQ(managed_policy(), chrome::enterprise_util::IsMachinePolicyPref(
+                                  prefs::kManagedAutoSelectCertificateForUrls));
+}

diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index fe0ebc3..26954b0 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc

@@ -26,6 +26,7 @@
 #include "chrome/browser/download/download_prefs.h"
 #include "chrome/browser/engagement/important_sites_util.h"
 #include "chrome/browser/enterprise/connectors/connectors_prefs.h"
+#include "chrome/browser/enterprise/util/managed_browser_utils.h"
 #include "chrome/browser/external_protocol/external_protocol_handler.h"
 #include "chrome/browser/first_run/first_run.h"
 #include "chrome/browser/gpu/gpu_mode_manager.h"
@@ -696,6 +697,7 @@
   ChromeContentBrowserClient::RegisterLocalStatePrefs(registry);
   ChromeMetricsServiceClient::RegisterPrefs(registry);
   ChromeTracingDelegate::RegisterPrefs(registry);
+  chrome::enterprise_util::RegisterLocalStatePrefs(registry);
   component_updater::RegisterPrefs(registry);
   embedder_support::OriginTrialPrefs::RegisterPrefs(registry);
   ExternalProtocolHandler::RegisterPrefs(registry);

diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
index 63164d1..3c55c8ac 100644
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn

@@ -1087,6 +1087,7 @@
       "../browser/enterprise/connectors/analysis/content_analysis_dialog_browsertest.cc",
       "../browser/enterprise/connectors/connectors_service_browsertest.cc",
       "../browser/enterprise/reporting/report_scheduler_browsertest.cc",
+      "../browser/enterprise/util/managed_browser_utils_browsertest.cc",
       "../browser/extensions/protocol_handler_apitest.cc",
       "../browser/fast_shutdown_browsertest.cc",
       "../browser/favicon/content_favicon_driver_browsertest.cc",
commit	0e897db0295a95b24bdffc869f1b2cee4af99b71	[log] [tgz]
author	Dominique Fauteux-Chapleau <[email protected]>	Mon Apr 19 18:42:22 2021
committer	Chromium LUCI CQ <[email protected]>	Mon Apr 19 18:42:22 2021
tree	6a4ba29e524cb5a244a03679d4f6c6c676f3acdf
parent	c515f5351c8f5aa54146683a3479ed161e4d7184 [diff]