From c5383dd2883385aa29924a70ec9e644fb4f86b1a Mon Sep 17 00:00:00 2001 From: Tomas Popela Date: Wed, 4 Sep 2019 10:48:30 +0200 Subject: [PATCH] More fixes to a backported patch for certificate transparency --- ....0.3809.132-certificate-transparency.patch | 409 ++++++++++++++++-- 1 file changed, 371 insertions(+), 38 deletions(-) diff --git a/chromium-76.0.3809.132-certificate-transparency.patch b/chromium-76.0.3809.132-certificate-transparency.patch index 51937e0..8bfbced 100644 --- a/chromium-76.0.3809.132-certificate-transparency.patch +++ b/chromium-76.0.3809.132-certificate-transparency.patch @@ -1,6 +1,73 @@ +diff -up chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager_browsertest.cc.certificate-transparency chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager_browsertest.cc +--- chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager_browsertest.cc.certificate-transparency 2019-09-03 22:08:28.931786496 +0200 ++++ chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager_browsertest.cc 2019-09-03 22:15:24.743555759 +0200 +@@ -17,6 +17,7 @@ + #include "chrome/common/pref_names.h" + #include "chrome/test/base/in_process_browser_test.h" + #include "components/prefs/pref_service.h" ++#include "services/network/public/cpp/network_service_buildflags.h" + #include "services/network/public/mojom/network_context.mojom.h" + #include "services/network/public/mojom/network_service.mojom.h" + #include "testing/gmock/include/gmock/gmock.h" +@@ -297,3 +298,55 @@ IN_PROC_BROWSER_TEST_P(SystemNetworkCont + INSTANTIATE_TEST_SUITE_P(, + SystemNetworkContextManagerStubResolverBrowsertest, + ::testing::Values(false, true)); ++ ++class SystemNetworkContextManagerCertificateTransparencyBrowsertest ++ : public SystemNetworkContextManagerBrowsertest, ++ public testing::WithParamInterface> { ++ public: ++ SystemNetworkContextManagerCertificateTransparencyBrowsertest() { ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ GetParam()); ++ } ++ ~SystemNetworkContextManagerCertificateTransparencyBrowsertest() override { ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ base::nullopt); ++ } ++}; ++ ++#if BUILDFLAG(IS_CT_SUPPORTED) ++IN_PROC_BROWSER_TEST_P( ++ SystemNetworkContextManagerCertificateTransparencyBrowsertest, ++ CertificateTransparencyConfig) { ++ network::mojom::NetworkContextParamsPtr context_params = ++ g_browser_process->system_network_context_manager() ++ ->CreateDefaultNetworkContextParams(); ++ ++ const bool kDefault = ++#if defined(GOOGLE_CHROME_BUILD) && defined(OFFICIAL_BUILD) && \ ++ !defined(OS_ANDROID) ++ true; ++#else ++ false; ++#endif ++ ++ EXPECT_EQ(GetParam().value_or(kDefault), ++ context_params->enforce_chrome_ct_policy); ++ EXPECT_NE(GetParam().value_or(kDefault), context_params->ct_logs.empty()); ++ ++ if (GetParam().value_or(kDefault)) { ++ bool has_google_log = false; ++ bool has_disqualified_log = false; ++ for (const auto& ct_log : context_params->ct_logs) { ++ has_google_log |= ct_log->operated_by_google; ++ has_disqualified_log |= ct_log->disqualified_at.has_value(); ++ } ++ EXPECT_TRUE(has_google_log); ++ EXPECT_TRUE(has_disqualified_log); ++ } ++} ++#endif ++ ++INSTANTIATE_TEST_SUITE_P( ++ , ++ SystemNetworkContextManagerCertificateTransparencyBrowsertest, ++ ::testing::Values(base::nullopt, true, false)); diff -up chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.cc.certificate-transparency chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.cc --- chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.cc.certificate-transparency 2019-08-26 21:02:05.000000000 +0200 -+++ chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.cc 2019-09-03 12:01:33.004949320 +0200 ++++ chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.cc 2019-09-03 22:13:26.451198970 +0200 @@ -4,11 +4,13 @@ #include "chrome/browser/net/system_network_context_manager.h" @@ -23,52 +90,205 @@ diff -up chromium-76.0.3809.132/chrome/browser/net/system_network_context_manage #include "mojo/public/cpp/bindings/associated_interface_ptr.h" #include "net/dns/public/util.h" #include "net/net_buildflags.h" -@@ -686,15 +689,41 @@ SystemNetworkContextManager::CreateDefau +@@ -81,6 +84,20 @@ + + namespace { + ++constexpr bool kCertificateTransparencyEnabled = ++#if defined(GOOGLE_CHROME_BUILD) && defined(OFFICIAL_BUILD) && \ ++ !defined(OS_ANDROID) ++ // Certificate Transparency is only enabled if: ++ // - Desktop (!OS_ANDROID); OS_IOS does not use this file ++ // - base::GetBuildTime() is deterministic to the source (OFFICIAL_BUILD) ++ // - The build in reliably updatable (GOOGLE_CHROME_BUILD) ++ true; ++#else ++ false; ++#endif ++ ++bool g_enable_certificate_transparency = kCertificateTransparencyEnabled; ++ + // The global instance of the SystemNetworkContextmanager. + SystemNetworkContextManager* g_system_network_context_manager = nullptr; + +@@ -686,14 +703,35 @@ SystemNetworkContextManager::CreateDefau bool http_09_on_non_default_ports_enabled = false; #if !defined(OS_ANDROID) - // CT is only enabled on Desktop platforms for now. +- network_context_params->enforce_chrome_ct_policy = true; +- for (const auto& ct_log : certificate_transparency::GetKnownLogs()) { +- // TODO(rsleevi): https://crbug.com/702062 - Remove this duplication. +- network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New(); +- log_info->public_key = std::string(ct_log.log_key, ct_log.log_key_length); +- log_info->name = ct_log.log_name; +- network_context_params->ct_logs.push_back(std::move(log_info)); + -+#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && defined(OFFICIAL_BUILD) && \ -+ !defined(OS_IOS) -+ // Certificate Transparency is only enabled if: -+ // - Desktop (!OS_ANDROID, !OS_IOS) -+ // - base::GetBuildTime() is deterministic to the source (OFFICIAL_BUILD) -+ // - The build in reliably updatable (GOOGLE_CHROME_BRANDING) - network_context_params->enforce_chrome_ct_policy = true; -+ network_context_params->ct_log_update_time = base::GetBuildTime(); ++ if (g_enable_certificate_transparency) { ++ network_context_params->enforce_chrome_ct_policy = true; ++ network_context_params->ct_log_update_time = base::GetBuildTime(); + -+ std::vector operated_by_google_logs = -+ certificate_transparency::GetLogsOperatedByGoogle(); -+ std::vector> disqualified_logs = -+ certificate_transparency::GetDisqualifiedLogs(); - for (const auto& ct_log : certificate_transparency::GetKnownLogs()) { - // TODO(rsleevi): https://crbug.com/702062 - Remove this duplication. - network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New(); - log_info->public_key = std::string(ct_log.log_key, ct_log.log_key_length); - log_info->name = ct_log.log_name; ++ std::vector operated_by_google_logs = ++ certificate_transparency::GetLogsOperatedByGoogle(); ++ std::vector> disqualified_logs = ++ certificate_transparency::GetDisqualifiedLogs(); ++ for (const auto& ct_log : certificate_transparency::GetKnownLogs()) { ++ // TODO(rsleevi): https://crbug.com/702062 - Remove this duplication. ++ network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New(); ++ log_info->public_key = std::string(ct_log.log_key, ct_log.log_key_length); ++ log_info->name = ct_log.log_name; + -+ std::string log_id = crypto::SHA256HashString(log_info->public_key); -+ log_info->operated_by_google = -+ std::binary_search(std::begin(operated_by_google_logs), -+ std::end(operated_by_google_logs), log_id); -+ auto it = std::lower_bound( -+ std::begin(disqualified_logs), std::end(disqualified_logs), log_id, -+ [](const auto& disqualified_log, const std::string& log_id) { -+ return disqualified_log.first < log_id; -+ }); -+ if (it != std::end(disqualified_logs) && it->first == log_id) { -+ log_info->disqualified_at = it->second; ++ std::string log_id = crypto::SHA256HashString(log_info->public_key); ++ log_info->operated_by_google = ++ std::binary_search(std::begin(operated_by_google_logs), ++ std::end(operated_by_google_logs), log_id); ++ auto it = std::lower_bound( ++ std::begin(disqualified_logs), std::end(disqualified_logs), log_id, ++ [](const auto& disqualified_log, const std::string& log_id) { ++ return disqualified_log.first < log_id; ++ }); ++ if (it != std::end(disqualified_logs) && it->first == log_id) { ++ log_info->disqualified_at = it->second; ++ } ++ network_context_params->ct_logs.push_back(std::move(log_info)); + } - network_context_params->ct_logs.push_back(std::move(log_info)); } -+#endif const base::Value* value = - g_browser_process->policy_service() +@@ -756,6 +794,12 @@ SystemNetworkContextManager::GetHttpAuth + return CreateHttpAuthDynamicParams(g_browser_process->local_state()); + } + ++void SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ base::Optional enabled) { ++ g_enable_certificate_transparency = ++ enabled.value_or(kCertificateTransparencyEnabled); ++} ++ + network::mojom::NetworkContextParamsPtr + SystemNetworkContextManager::CreateNetworkContextParams() { + // TODO(mmenke): Set up parameters here (in memory cookie store, etc). +diff -up chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.h.certificate-transparency chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.h +--- chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.h.certificate-transparency 2019-08-26 21:02:05.000000000 +0200 ++++ chromium-76.0.3809.132/chrome/browser/net/system_network_context_manager.h 2019-09-03 22:08:28.931786496 +0200 +@@ -158,6 +158,12 @@ class SystemNetworkContextManager { + static network::mojom::HttpAuthDynamicParamsPtr + GetHttpAuthDynamicParamsForTesting(); + ++ // Enables Certificate Transparency and enforcing the Chrome Certificate ++ // Transparency Policy. For test use only. Use base::nullopt_t to reset to ++ // the default state. ++ static void SetEnableCertificateTransparencyForTesting( ++ base::Optional enabled); ++ + private: + class URLLoaderFactoryForSystem; + +diff -up chromium-76.0.3809.132/chrome/browser/policy/policy_browsertest.cc.certificate-transparency chromium-76.0.3809.132/chrome/browser/policy/policy_browsertest.cc +--- chromium-76.0.3809.132/chrome/browser/policy/policy_browsertest.cc.certificate-transparency 2019-08-26 21:02:05.000000000 +0200 ++++ chromium-76.0.3809.132/chrome/browser/policy/policy_browsertest.cc 2019-09-03 22:08:28.932786508 +0200 +@@ -4834,7 +4834,7 @@ IN_PROC_BROWSER_TEST_P(SSLPolicyTestComm + browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); + } + +-IN_PROC_BROWSER_TEST_F(PolicyTest, ++IN_PROC_BROWSER_TEST_F(CertificateTransparencyPolicyTest, + CertificateTransparencyEnforcementDisabledForCas) { + net::EmbeddedTestServer https_server_ok(net::EmbeddedTestServer::TYPE_HTTPS); + https_server_ok.SetSSLConfig(net::EmbeddedTestServer::CERT_OK); +diff -up chromium-76.0.3809.132/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc.certificate-transparency chromium-76.0.3809.132/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc +--- chromium-76.0.3809.132/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc.certificate-transparency 2019-08-26 21:02:07.000000000 +0200 ++++ chromium-76.0.3809.132/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc 2019-09-03 22:08:28.932786508 +0200 +@@ -8,6 +8,7 @@ + #include "base/callback.h" + #include "base/run_loop.h" + #include "base/test/scoped_feature_list.h" ++#include "chrome/browser/net/system_network_context_manager.h" + #include "chrome/browser/profiles/profile.h" + #include "chrome/browser/ssl/cert_verifier_browser_test.h" + #include "chrome/browser/ui/browser.h" +@@ -27,7 +28,17 @@ namespace { + // received by a server. + class ExpectCTBrowserTest : public CertVerifierBrowserTest { + public: +- ExpectCTBrowserTest() : CertVerifierBrowserTest() {} ++ ExpectCTBrowserTest() : CertVerifierBrowserTest() { ++ // Expect-CT reporting depends on actually enforcing Certificate ++ // Transparency. ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ true); ++ } ++ ++ ~ExpectCTBrowserTest() override { ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ base::nullopt); ++ } + + void SetUpOnMainThread() override { + run_loop_ = std::make_unique(); +diff -up chromium-76.0.3809.132/chrome/browser/ssl/security_state_tab_helper_browsertest.cc.certificate-transparency chromium-76.0.3809.132/chrome/browser/ssl/security_state_tab_helper_browsertest.cc +--- chromium-76.0.3809.132/chrome/browser/ssl/security_state_tab_helper_browsertest.cc.certificate-transparency 2019-08-26 21:02:07.000000000 +0200 ++++ chromium-76.0.3809.132/chrome/browser/ssl/security_state_tab_helper_browsertest.cc 2019-09-03 22:08:28.932786508 +0200 +@@ -457,6 +457,13 @@ class SecurityStateTabHelperTest : publi + SecurityStateTabHelperTest() + : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { + https_server_.ServeFilesFromSourceDirectory(GetChromeTestDataDir()); ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ true); ++ } ++ ++ ~SecurityStateTabHelperTest() override { ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ base::nullopt); + } + + void SetUpOnMainThread() override { +diff -up chromium-76.0.3809.132/chrome/browser/ssl/ssl_browsertest.cc.certificate-transparency chromium-76.0.3809.132/chrome/browser/ssl/ssl_browsertest.cc +--- chromium-76.0.3809.132/chrome/browser/ssl/ssl_browsertest.cc.certificate-transparency 2019-08-26 21:02:07.000000000 +0200 ++++ chromium-76.0.3809.132/chrome/browser/ssl/ssl_browsertest.cc 2019-09-03 22:08:28.934786531 +0200 +@@ -2008,8 +2008,14 @@ class CertificateTransparencySSLUITest : + public: + CertificateTransparencySSLUITest() + : CertVerifierBrowserTest(), +- https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {} +- ~CertificateTransparencySSLUITest() override {} ++ https_server_(net::EmbeddedTestServer::TYPE_HTTPS) { ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ true); ++ } ++ ~CertificateTransparencySSLUITest() override { ++ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting( ++ base::nullopt); ++ } + + void SetUpOnMainThread() override { + CertVerifierBrowserTest::SetUpOnMainThread(); +diff -up chromium-76.0.3809.132/components/certificate_transparency/chrome_ct_policy_enforcer.h.certificate-transparency chromium-76.0.3809.132/components/certificate_transparency/chrome_ct_policy_enforcer.h +--- chromium-76.0.3809.132/components/certificate_transparency/chrome_ct_policy_enforcer.h.certificate-transparency 2019-08-26 21:02:14.000000000 +0200 ++++ chromium-76.0.3809.132/components/certificate_transparency/chrome_ct_policy_enforcer.h 2019-09-03 22:08:28.934786531 +0200 +@@ -45,6 +45,19 @@ class ChromeCTPolicyEnforcer : public ne + + void SetClockForTesting(const base::Clock* clock) { clock_ = clock; } + ++ // TODO(https://crbug.com/999240): These are exposed to allow end-to-end ++ // testing by higher layers (i.e. that the ChromeCTPolicyEnforcer is ++ // correctly constructed). When either this issue or https://crbug.com/848277 ++ // are fixed, the configuration can be tested independently, and these can ++ // be removed. ++ const std::vector& operated_by_google_logs_for_testing() { ++ return operated_by_google_logs_; ++ } ++ const std::vector>& ++ disqualified_logs_for_testing() { ++ return disqualified_logs_; ++ } ++ + private: + // Returns true if the log identified by |log_id| (the SHA-256 hash of the + // log's DER-encoded SPKI) has been disqualified, and sets diff -up chromium-76.0.3809.132/services/network/network_context.cc.certificate-transparency chromium-76.0.3809.132/services/network/network_context.cc --- chromium-76.0.3809.132/services/network/network_context.cc.certificate-transparency 2019-08-26 21:02:33.000000000 +0200 -+++ chromium-76.0.3809.132/services/network/network_context.cc 2019-09-03 12:04:01.983890928 +0200 ++++ chromium-76.0.3809.132/services/network/network_context.cc 2019-09-03 22:17:27.977834857 +0200 @@ -35,6 +35,7 @@ #include "components/prefs/pref_registry_simple.h" #include "components/prefs/pref_service.h" @@ -115,12 +335,16 @@ diff -up chromium-76.0.3809.132/services/network/network_context.cc.certificate- scoped_refptr log_verifier = net::CTLogVerifier::Create(log->public_key, log->name); if (!log_verifier) { -@@ -1924,6 +1927,13 @@ URLRequestContextOwner NetworkContext::A +@@ -1924,6 +1927,17 @@ URLRequestContextOwner NetworkContext::A ct_verifier->AddLogs(ct_logs); builder->set_ct_verifier(std::move(ct_verifier)); } + + if (params_->enforce_chrome_ct_policy) { ++ std::sort(std::begin(operated_by_google_logs), ++ std::end(operated_by_google_logs)); ++ std::sort(std::begin(disqualified_logs), std::end(disqualified_logs)); ++ + builder->set_ct_policy_enforcer( + std::make_unique( + params_->ct_log_update_time, disqualified_logs, @@ -129,9 +353,118 @@ diff -up chromium-76.0.3809.132/services/network/network_context.cc.certificate- #endif // BUILDFLAG(IS_CT_SUPPORTED) const base::CommandLine* command_line = +diff -up chromium-76.0.3809.132/services/network/network_context_unittest.cc.certificate-transparency chromium-76.0.3809.132/services/network/network_context_unittest.cc +--- chromium-76.0.3809.132/services/network/network_context_unittest.cc.certificate-transparency 2019-08-26 21:02:33.000000000 +0200 ++++ chromium-76.0.3809.132/services/network/network_context_unittest.cc 2019-09-03 22:20:22.382888089 +0200 +@@ -2,6 +2,7 @@ + // Use of this source code is governed by a BSD-style license that can be + // found in the LICENSE file. + ++#include + #include + #include + #include +@@ -38,10 +39,12 @@ + #include "base/threading/thread_task_runner_handle.h" + #include "base/time/default_clock.h" + #include "base/time/default_tick_clock.h" ++#include "base/time/time.h" + #include "build/build_config.h" + #include "components/network_session_configurator/browser/network_session_configurator.h" + #include "components/network_session_configurator/common/network_switches.h" + #include "components/prefs/testing_pref_service.h" ++#include "crypto/sha2.h" + #include "mojo/public/cpp/bindings/interface_request.h" + #include "mojo/public/cpp/bindings/strong_binding.h" + #include "mojo/public/cpp/system/data_pipe_utils.h" +@@ -113,6 +116,11 @@ + #include "url/scheme_host_port.h" + #include "url/url_constants.h" + ++#if BUILDFLAG(IS_CT_SUPPORTED) ++#include "components/certificate_transparency/chrome_ct_policy_enforcer.h" ++#include "services/network/public/mojom/ct_log_info.mojom.h" ++#endif ++ + #if BUILDFLAG(ENABLE_REPORTING) + #include "net/network_error_logging/network_error_logging_service.h" + #include "net/reporting/reporting_cache.h" +@@ -5566,6 +5574,72 @@ TEST_F(NetworkContextTest, BlockAllCooki + EXPECT_EQ("None", response_body); + } + ++#if BUILDFLAG(IS_CT_SUPPORTED) ++TEST_F(NetworkContextTest, CertificateTransparencyConfig) { ++ mojom::NetworkContextParamsPtr params = CreateContextParams(); ++ params->enforce_chrome_ct_policy = true; ++ params->ct_log_update_time = base::Time::Now(); ++ ++ // The log public keys do not matter for the test, so invalid keys are used. ++ // However, because the log IDs are derived from the SHA-256 hash of the log ++ // key, the log keys are generated such that qualified logs are in the form ++ // of four digits (e.g. "0000", "1111"), while disqualified logs are in the ++ // form of four letters (e.g. "AAAA", "BBBB"). ++ ++ for (int i = 0; i < 6; ++i) { ++ network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New(); ++ // Shift to ASCII '0' (0x30) ++ log_info->public_key = std::string(4, 0x30 + static_cast(i)); ++ log_info->name = std::string(4, 0x30 + static_cast(i)); ++ log_info->operated_by_google = i % 2; ++ ++ params->ct_logs.push_back(std::move(log_info)); ++ } ++ for (int i = 0; i < 3; ++i) { ++ network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New(); ++ // Shift to ASCII 'A' (0x41) ++ log_info->public_key = std::string(4, 0x41 + static_cast(i)); ++ log_info->name = std::string(4, 0x41 + static_cast(i)); ++ log_info->operated_by_google = false; ++ log_info->disqualified_at = base::TimeDelta::FromSeconds(i); ++ ++ params->ct_logs.push_back(std::move(log_info)); ++ } ++ std::unique_ptr network_context = ++ CreateContextWithParams(std::move(params)); ++ ++ net::CTPolicyEnforcer* request_enforcer = ++ network_context->url_request_context()->ct_policy_enforcer(); ++ ASSERT_TRUE(request_enforcer); ++ ++ // Completely unsafe if |enforce_chrome_ct_policy| is false. ++ certificate_transparency::ChromeCTPolicyEnforcer* policy_enforcer = ++ reinterpret_cast( ++ request_enforcer); ++ ++ EXPECT_TRUE(std::is_sorted( ++ policy_enforcer->operated_by_google_logs_for_testing().begin(), ++ policy_enforcer->operated_by_google_logs_for_testing().end())); ++ EXPECT_TRUE( ++ std::is_sorted(policy_enforcer->disqualified_logs_for_testing().begin(), ++ policy_enforcer->disqualified_logs_for_testing().end())); ++ ++ EXPECT_THAT( ++ policy_enforcer->operated_by_google_logs_for_testing(), ++ ::testing::UnorderedElementsAreArray({crypto::SHA256HashString("1111"), ++ crypto::SHA256HashString("3333"), ++ crypto::SHA256HashString("5555")})); ++ EXPECT_THAT(policy_enforcer->disqualified_logs_for_testing(), ++ ::testing::UnorderedElementsAre( ++ ::testing::Pair(crypto::SHA256HashString("AAAA"), ++ base::TimeDelta::FromSeconds(0)), ++ ::testing::Pair(crypto::SHA256HashString("BBBB"), ++ base::TimeDelta::FromSeconds(1)), ++ ::testing::Pair(crypto::SHA256HashString("CCCC"), ++ base::TimeDelta::FromSeconds(2)))); ++} ++#endif ++ + } // namespace + + } // namespace network diff -up chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom.certificate-transparency chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom --- chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom.certificate-transparency 2019-08-26 21:02:33.000000000 +0200 -+++ chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom 2019-09-03 11:59:48.423862022 +0200 ++++ chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom 2019-09-03 22:08:28.936786554 +0200 @@ -4,6 +4,8 @@ module network.mojom; @@ -148,7 +481,7 @@ diff -up chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom. + + // Whether or not the log should should be considered a Google Log for the + // purposes of enforcing the "Certificate Transparency in Chrome" policy. -+ bool operated_by_google; ++ bool operated_by_google = false; + + // If set, the time since the Unix Epoch when the log was disqualified. This + // is used to determine the "once or currently qualified" status of the log. @@ -157,7 +490,7 @@ diff -up chromium-76.0.3809.132/services/network/public/mojom/ct_log_info.mojom. }; diff -up chromium-76.0.3809.132/services/network/public/mojom/network_context.mojom.certificate-transparency chromium-76.0.3809.132/services/network/public/mojom/network_context.mojom --- chromium-76.0.3809.132/services/network/public/mojom/network_context.mojom.certificate-transparency 2019-08-26 21:02:33.000000000 +0200 -+++ chromium-76.0.3809.132/services/network/public/mojom/network_context.mojom 2019-09-03 11:59:48.424862032 +0200 ++++ chromium-76.0.3809.132/services/network/public/mojom/network_context.mojom 2019-09-03 22:08:28.936786554 +0200 @@ -238,15 +238,6 @@ struct NetworkContextParams { [EnableIf=is_android] bool check_clear_text_permitted = false;