From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Fri, 10 Jun 2022 14:20:02 +0200 Subject: Enable Certificate Transparency Reporting/auditing functionalities are disabled; a flag is exposed. Add guard to make sure that certificate transparency stays enabled by default. License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html --- chrome/browser/about_flags.cc | 5 +++++ chrome/browser/browser_features.cc | 13 +++++++------ chrome/browser/browser_features.h | 1 + chrome/browser/flag_descriptions.cc | 6 +++++- chrome/browser/flag_descriptions.h | 5 ++++- .../browser/net/system_network_context_manager.cc | 6 +----- chrome/browser/ssl/sct_reporting_service.cc | 5 +++++ chrome/common/chrome_features.cc | 10 ++-------- net/http/transport_security_state.cc | 5 +++-- net/url_request/report_sender.cc | 3 ++- services/network/network_context.cc | 2 +- .../network/sct_auditing/sct_auditing_handler.cc | 2 ++ 12 files changed, 38 insertions(+), 25 deletions(-) diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc --- a/chrome/browser/about_flags.cc +++ b/chrome/browser/about_flags.cc @@ -9878,6 +9878,11 @@ const FeatureEntry kFeatureEntries[] = { flag_descriptions::kWebMidiDescription, kOsAll, FEATURE_VALUE_TYPE(features::kWebMidi)}, + {"certificate-transparency-enabled", + flag_descriptions::kCTEnabledName, + flag_descriptions::kCTEnabledDescription, kOsAll, + FEATURE_VALUE_TYPE(features::kCertificateTransparency)}, + #if BUILDFLAG(IS_CHROMEOS_ASH) {"dns-over-https-with-identifiers-reuse-old-policy", flag_descriptions::kDnsOverHttpsWithIdentifiersReuseOldPolicyName, diff --git a/chrome/browser/browser_features.cc b/chrome/browser/browser_features.cc --- a/chrome/browser/browser_features.cc +++ b/chrome/browser/browser_features.cc @@ -77,6 +77,11 @@ BASE_FEATURE(kEnableUniveralLinks, base::FEATURE_ENABLED_BY_DEFAULT); #endif +// Enables Certificate Transparency +BASE_FEATURE(kCertificateTransparency, + "CertificateTransparency", // must be enabled + base::FEATURE_ENABLED_BY_DEFAULT); // in Bromite + #if BUILDFLAG(IS_CHROMEOS_ASH) // Enables reading and writing PWA notification permissions from quick settings // menu. @@ -177,12 +182,8 @@ BASE_FEATURE(kWebUsbDeviceDetection, // update the list of accepted logs. Embedders who are planning to enable this // should first reach out to chrome-certificate-transparency@google.com. BASE_FEATURE(kCertificateTransparencyAskBeforeEnabling, - "CertificateTransparencyAskBeforeEnabling", -#if BUILDFLAG(GOOGLE_CHROME_BRANDING) - base::FEATURE_ENABLED_BY_DEFAULT); -#else - base::FEATURE_DISABLED_BY_DEFAULT); -#endif // BUILDFLAG(GOOGLE_CHROME_BRANDING) + "CertificateTransparencyAskBeforeEnabling", // enabled + base::FEATURE_ENABLED_BY_DEFAULT); // by default BASE_FEATURE(kLargeFaviconFromGoogle, "LargeFaviconFromGoogle", diff --git a/chrome/browser/browser_features.h b/chrome/browser/browser_features.h --- a/chrome/browser/browser_features.h +++ b/chrome/browser/browser_features.h @@ -58,6 +58,7 @@ BASE_DECLARE_FEATURE(kTabCaptureBlueBorderCrOS); BASE_DECLARE_FEATURE(kWebUsbDeviceDetection); +BASE_DECLARE_FEATURE(kCertificateTransparency); BASE_DECLARE_FEATURE(kCertificateTransparencyAskBeforeEnabling); BASE_DECLARE_FEATURE(kLargeFaviconFromGoogle); diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc --- a/chrome/browser/flag_descriptions.cc +++ b/chrome/browser/flag_descriptions.cc @@ -7760,7 +7760,11 @@ const char kAutofillCreditCardUploadDescription[] = #endif // defined(TOOLKIT_VIEWS) || BUILDFLAG(IS_ANDROID) -#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID) +#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) +const char kCTEnabledName[] = "Enable Certificate Transparency"; +const char kCTEnabledDescription[] = + "Enables compliance against the Certificate Transparency Policy, with reporting disabled."; + const char kElasticOverscrollName[] = "Elastic Overscroll"; const char kElasticOverscrollDescription[] = "Enables Elastic Overscrolling on touchscreens and precision touchpads."; diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h --- a/chrome/browser/flag_descriptions.h +++ b/chrome/browser/flag_descriptions.h @@ -4496,7 +4496,10 @@ extern const char kAutofillCreditCardUploadDescription[]; #endif // defined(TOOLKIT_VIEWS) || BUILDFLAG(IS_ANDROID) -#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID) +#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) +extern const char kCTEnabledName[]; +extern const char kCTEnabledDescription[]; + extern const char kElasticOverscrollName[]; extern const char kElasticOverscrollDescription[]; #endif // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID) diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc --- a/chrome/browser/net/system_network_context_manager.cc +++ b/chrome/browser/net/system_network_context_manager.cc @@ -957,7 +957,6 @@ void SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( bool SystemNetworkContextManager::IsCertificateTransparencyEnabled() { if (certificate_transparency_enabled_for_testing_.has_value()) return certificate_transparency_enabled_for_testing_.value(); -#if defined(OFFICIAL_BUILD) // TODO(carlosil): Figure out if we can/should remove the OFFICIAL_BUILD // check now that enforcement does not rely on build dates. // Certificate Transparency is enabled: @@ -965,10 +964,7 @@ bool SystemNetworkContextManager::IsCertificateTransparencyEnabled() { // - on an opt-in basis for other builds and embedders, controlled with the // kCertificateTransparencyAskBeforeEnabling flag return base::FeatureList::IsEnabled( - features::kCertificateTransparencyAskBeforeEnabling); -#else - return false; -#endif // defined(OFFICIAL_BUILD) + features::kCertificateTransparency); } #if BUILDFLAG(CHROME_ROOT_STORE_OPTIONAL) diff --git a/chrome/browser/ssl/sct_reporting_service.cc b/chrome/browser/ssl/sct_reporting_service.cc --- a/chrome/browser/ssl/sct_reporting_service.cc +++ b/chrome/browser/ssl/sct_reporting_service.cc @@ -211,6 +211,11 @@ void SetSCTAuditingEnabledForStoragePartition( } // namespace network::mojom::SCTAuditingMode SCTReportingService::GetReportingMode() { + if ((true)) { + // always disabled in Bromite + return network::mojom::SCTAuditingMode::kDisabled; + } + if (profile_->IsOffTheRecord() || !base::FeatureList::IsEnabled(features::kSCTAuditing)) { return network::mojom::SCTAuditingMode::kDisabled; diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc --- a/chrome/common/chrome_features.cc +++ b/chrome/common/chrome_features.cc @@ -1127,15 +1127,9 @@ BASE_FEATURE(kSchedulerConfiguration, base::FEATURE_DISABLED_BY_DEFAULT); #endif // BUILDFLAG(IS_CHROMEOS_ASH) -// Controls whether SCT audit reports are queued and the rate at which they -// should be sampled. Default sampling rate is 1/10,000 certificates. -#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_ANDROID) -BASE_FEATURE(kSCTAuditing, "SCTAuditing", base::FEATURE_ENABLED_BY_DEFAULT); -#else // This requires backend infrastructure and a data collection policy. // Non-Chrome builds should not use Chrome's infrastructure. BASE_FEATURE(kSCTAuditing, "SCTAuditing", base::FEATURE_DISABLED_BY_DEFAULT); -#endif constexpr base::FeatureParam kSCTAuditingSamplingRate{ &kSCTAuditing, "sampling_rate", 0.0001}; @@ -1144,8 +1138,8 @@ constexpr base::FeatureParam kSCTAuditingSamplingRate{ // about an SCT seen in the wild. If it hasn't been seen, then it is considered // a security incident and uploaded to Google. BASE_FEATURE(kSCTAuditingHashdance, - "SCTAuditingHashdance", - base::FEATURE_ENABLED_BY_DEFAULT); + "SCTAuditingHashdance", // disabled + base::FEATURE_DISABLED_BY_DEFAULT); // by default // An estimated high bound for the time it takes Google to ingest updates to an // SCT log. Chrome will wait for at least this time plus the Log's Maximum Merge diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc --- a/net/http/transport_security_state.cc +++ b/net/http/transport_security_state.cc @@ -329,6 +329,7 @@ class HSTSPreloadDecoder : public net::extras::PreloadDecoder { bool DecodeHSTSPreload(const std::string& search_hostname, PreloadResult* out) { #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) +#error "BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) must be enabled" if (g_hsts_source == nullptr) return false; #endif @@ -374,8 +375,8 @@ bool DecodeHSTSPreload(const std::string& search_hostname, PreloadResult* out) { // static BASE_FEATURE(kCertificateTransparencyEnforcement, - "CertificateTransparencyEnforcement", - base::FEATURE_ENABLED_BY_DEFAULT); + "CertificateTransparencyEnforcement", // must be enabled + base::FEATURE_ENABLED_BY_DEFAULT); // in Bromite void SetTransportSecurityStateSourceForTesting( const TransportSecurityStateSource* source) { diff --git a/net/url_request/report_sender.cc b/net/url_request/report_sender.cc --- a/net/url_request/report_sender.cc +++ b/net/url_request/report_sender.cc @@ -87,7 +87,8 @@ void ReportSender::Send( URLRequest* raw_url_request = url_request.get(); inflight_requests_[raw_url_request] = std::move(url_request); - raw_url_request->Start(); + // pretend that request completed + OnResponseStarted(raw_url_request, OK); } void ReportSender::OnResponseStarted(URLRequest* request, int net_error) { diff --git a/services/network/network_context.cc b/services/network/network_context.cc --- a/services/network/network_context.cc +++ b/services/network/network_context.cc @@ -2796,7 +2796,7 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext( // TransportSecurityState. Since no requests have been made yet, safe to do // this even after the call to Build(). - if (params_->enable_certificate_reporting) { + if ((false) /* params_->enable_certificate_reporting*/) { net::NetworkTrafficAnnotationTag traffic_annotation = net::DefineNetworkTrafficAnnotation("domain_security_policy", R"( semantics { diff --git a/services/network/sct_auditing/sct_auditing_handler.cc b/services/network/sct_auditing/sct_auditing_handler.cc --- a/services/network/sct_auditing/sct_auditing_handler.cc +++ b/services/network/sct_auditing/sct_auditing_handler.cc @@ -109,6 +109,7 @@ void SCTAuditingHandler::MaybeEnqueueReport( if (mode_ == mojom::SCTAuditingMode::kDisabled) { return; } + if ((true)) return; // Only audit valid SCTs. This ensures that they come from a known log, have // a valid signature, and thus are expected to be public certificates. If @@ -324,6 +325,7 @@ void SCTAuditingHandler::AddReporter( if (mode_ == mojom::SCTAuditingMode::kDisabled) { return; } + if ((true)) return; auto reporter = std::make_unique( owner_network_context_, reporter_key, std::move(report), -- 2.25.1