Extend the enterprise policy for SSL overrides to the "danger" command

If overriding cert errors is disabed by policy, users shouldn't be able to use the "danger" command to bypass it. BUG=440949 R=meacer@chromium.org Review URL: https://codereview.chromium.org/1119963004 Cr-Commit-Position: refs/heads/master@{#330365}

Extend the enterprise policy for SSL overrides to the "danger" command
If overriding cert errors is disabed by policy, users shouldn't be able to use the "danger" command to bypass it. BUG=440949 R=meacer@chromium.org Review URL: https://codereview.chromium.org/1119963004 Cr-Commit-Position: refs/heads/master@{#330365}
2d3f65ef · felt · Commit bot · 01c34a83 · 2d3f65ef · 2d3f65ef
Commit 2d3f65ef authored May 18, 2015 by felt Committed by Commit bot May 18, 2015
3 changed files
--- a/chrome/browser/policy/policy_browsertest.cc
+++ b/chrome/browser/policy/policy_browsertest.cc
@@ -19,6 +19,7 @@
 #include "base/prefs/pref_service.h"
 #include "base/run_loop.h"
 #include "base/strings/string16.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
@@ -62,6 +63,7 @@
 #include "chrome/browser/search/instant_service_factory.h"
 #include "chrome/browser/search/search.h"
 #include "chrome/browser/search_engines/template_url_service_factory.h"
+#include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/translate/chrome_translate_client.h"
 #include "chrome/browser/translate/cld_data_harness.h"
 #include "chrome/browser/translate/cld_data_harness_factory.h"
@@ -3652,7 +3654,8 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingAllowed) {
 }

 // Test that when SSL error overriding is disallowed by policy, the
-// proceed link does not appear on SSL blocking pages.
+// proceed link does not appear on SSL blocking pages and users should not
+// be able to proceed.
 IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingDisallowed) {
  net::SpawnedTestServer https_server_expired(
      net::SpawnedTestServer::TYPE_HTTPS,
@@ -3685,6 +3688,24 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingDisallowed) {
  // The interstitial should not display the proceed link.
  EXPECT_FALSE(chrome_browser_interstitials::IsInterstitialDisplayingText(
      interstitial, "proceed-link"));
+
+  // The interstitial should not proceed, even if the command is sent in
+  // some other way (e.g., via the keyboard shortcut).
+  content::InterstitialPageDelegate* interstitial_delegate =
+      content::InterstitialPage::GetInterstitialPage(
+          browser()->tab_strip_model()->GetActiveWebContents())
+          ->GetDelegateForTesting();
+  ASSERT_EQ(SSLBlockingPage::kTypeForTesting,
+            interstitial_delegate->GetTypeForTesting());
+  SSLBlockingPage* ssl_delegate =
+      static_cast<SSLBlockingPage*>(interstitial_delegate);
+  ssl_delegate->CommandReceived(
+      base::IntToString(SecurityInterstitialPage::CMD_PROCEED));
+  EXPECT_TRUE(interstitial);
+  EXPECT_TRUE(browser()
+                  ->tab_strip_model()
+                  ->GetActiveWebContents()
+                  ->ShowingInterstitialPage());
 }

 #if !defined(OS_CHROMEOS)

--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -252,7 +252,8 @@ SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents,
      overridable_(IsOverridable(
          options_mask,
          Profile::FromBrowserContext(web_contents->GetBrowserContext()))),
-      danger_overridable_(true),
+      danger_overridable_(DoesPolicyAllowDangerOverride(
+          Profile::FromBrowserContext(web_contents->GetBrowserContext()))),
      strict_enforcement_((options_mask & STRICT_ENFORCEMENT) != 0),
      expired_but_previously_allowed_(
          (options_mask & EXPIRED_BUT_PREVIOUSLY_ALLOWED) != 0),
@@ -721,3 +722,9 @@ bool SSLBlockingPage::IsOverridable(int options_mask,
      profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed);
  return is_overridable;
 }
+
+// static
+bool SSLBlockingPage::DoesPolicyAllowDangerOverride(
+    const Profile* const profile) {
+  return profile->GetPrefs()->GetBoolean(prefs::kSSLErrorOverrideAllowed);
+}
--- a/chrome/browser/ssl/ssl_blocking_page.h
+++ b/chrome/browser/ssl/ssl_blocking_page.h
@@ -30,6 +30,10 @@ class ExperienceSamplingEvent;
 }
 #endif

+namespace policy {
+class PolicyTest_SSLErrorOverridingDisallowed_Test;
+}
+
 class SSLErrorClassification;

 // This class is responsible for showing/hiding the interstitial page that is
@@ -76,10 +80,14 @@ class SSLBlockingPage : public SecurityInterstitialPage {
  // if SSL error overriding is allowed by policy.
  static bool IsOverridable(int options_mask, const Profile* const profile);

+  static bool DoesPolicyAllowDangerOverride(const Profile* const profile);
+
  void SetSSLCertReporterForTesting(
      scoped_ptr<SSLCertReporter> ssl_cert_reporter);

 protected:
+  friend class policy::PolicyTest_SSLErrorOverridingDisallowed_Test;
+
  // InterstitialPageDelegate implementation.
  void CommandReceived(const std::string& command) override;
  void OverrideEntry(content::NavigationEntry* entry) override;