chrome/browser/content_settings/content_settings_policy_provider_unittest.cc - chromium/src - Git at Google

 // Copyright 2011 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "components/content_settings/core/browser/content_settings_policy_provider.h"

 #include <memory>
 #include <string>

 #include "base/auto_reset.h"
 #include "base/command_line.h"
 #include "base/test/metrics/histogram_tester.h"
 #include "base/test/scoped_feature_list.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/content_settings/core/browser/content_settings_mock_observer.h"
 #include "components/content_settings/core/browser/content_settings_rule.h"
 #include "components/content_settings/core/browser/content_settings_utils.h"
 #include "components/content_settings/core/common/content_settings_pattern.h"
 #include "components/content_settings/core/common/content_settings_utils.h"
 #include "components/content_settings/core/common/pref_names.h"
 #include "components/content_settings/core/test/content_settings_test_utils.h"
 #include "components/prefs/pref_service.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "content/public/test/browser_task_environment.h"
 #include "net/cookies/cookie_constants.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"

 using ::testing::_;

 namespace content_settings {

 class PolicyProviderTest : public testing::Test {
   content::BrowserTaskEnvironment task_environment_;
 };

 TEST_F(PolicyProviderTest, DefaultGeolocationContentSetting) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();
   PolicyProvider provider(prefs);

   std::unique_ptr<RuleIterator> rule_iterator(provider.GetRuleIterator(
       ContentSettingsType::GEOLOCATION, false,
       content_settings::PartitionKey::GetDefaultForTesting()));
   EXPECT_FALSE(rule_iterator);

   // Change the managed value of the default geolocation setting
   prefs->SetManagedPref(prefs::kManagedDefaultGeolocationSetting,
                         std::make_unique<base::Value>(CONTENT_SETTING_BLOCK));

   rule_iterator = provider.GetRuleIterator(
       ContentSettingsType::GEOLOCATION, false,
       content_settings::PartitionKey::GetDefaultForTesting());
   ASSERT_TRUE(rule_iterator);
   EXPECT_TRUE(rule_iterator->HasNext());
   std::unique_ptr<Rule> rule = rule_iterator->Next();
   EXPECT_FALSE(rule_iterator->HasNext());

   EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->primary_pattern);
   EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->secondary_pattern);
   EXPECT_EQ(CONTENT_SETTING_BLOCK, ValueToContentSetting(rule->value));

   provider.ShutdownOnUIThread();
 }

 TEST_F(PolicyProviderTest, ManagedDefaultContentSettings) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();
   PolicyProvider provider(prefs);

   prefs->SetManagedPref(prefs::kManagedDefaultCookiesSetting,
                         std::make_unique<base::Value>(CONTENT_SETTING_BLOCK));

   std::unique_ptr<RuleIterator> rule_iterator(provider.GetRuleIterator(
       ContentSettingsType::COOKIES, false,
       content_settings::PartitionKey::GetDefaultForTesting()));
   EXPECT_TRUE(rule_iterator->HasNext());
   std::unique_ptr<Rule> rule = rule_iterator->Next();
   EXPECT_FALSE(rule_iterator->HasNext());

   EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->primary_pattern);
   EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->secondary_pattern);
   EXPECT_EQ(CONTENT_SETTING_BLOCK, ValueToContentSetting(rule->value));

   provider.ShutdownOnUIThread();
 }

 // When a default-content-setting is set to a managed setting a
 // CONTENT_SETTINGS_CHANGED notification should be fired. The same should happen
 // if the managed setting is removed.
 TEST_F(PolicyProviderTest, ObserveManagedSettingsChange) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();
   PolicyProvider provider(prefs);

   MockObserver mock_observer;
   EXPECT_CALL(mock_observer,
               OnContentSettingChanged(_, _, ContentSettingsType::DEFAULT));
   provider.AddObserver(&mock_observer);

   // Set the managed default-content-setting.
   prefs->SetManagedPref(prefs::kManagedDefaultCookiesSetting,
                         std::make_unique<base::Value>(CONTENT_SETTING_BLOCK));
   ::testing::Mock::VerifyAndClearExpectations(&mock_observer);
   EXPECT_CALL(mock_observer,
               OnContentSettingChanged(_, _, ContentSettingsType::DEFAULT));
   // Remove the managed default-content-setting.
   prefs->RemoveManagedPref(prefs::kManagedDefaultCookiesSetting);
   provider.ShutdownOnUIThread();
 }

 TEST_F(PolicyProviderTest, GettingManagedContentSettings) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();

   base::Value::List list;
   list.Append("[*.]google.com");
   prefs->SetManagedPref(prefs::kManagedImagesBlockedForUrls, std::move(list));

   PolicyProvider provider(prefs);

   ContentSettingsPattern yt_url_pattern =
       ContentSettingsPattern::FromString("www.youtube.com");
   GURL youtube_url("http://www.youtube.com");
   GURL google_url("http://mail.google.com");

   EXPECT_EQ(CONTENT_SETTING_DEFAULT,
             TestUtils::GetContentSetting(&provider, youtube_url, youtube_url,
                                          ContentSettingsType::COOKIES, false));
   EXPECT_EQ(base::Value(), TestUtils::GetContentSettingValue(
                                &provider, youtube_url, youtube_url,
                                ContentSettingsType::COOKIES, false));

   EXPECT_EQ(CONTENT_SETTING_BLOCK,
             TestUtils::GetContentSetting(&provider, google_url, google_url,
                                          ContentSettingsType::IMAGES, false));
   base::Value value = TestUtils::GetContentSettingValue(
       &provider, google_url, google_url, ContentSettingsType::IMAGES, false);

   EXPECT_EQ(CONTENT_SETTING_BLOCK,
             IntToContentSetting(value.GetIfInt().value_or(-1)));

   // The PolicyProvider does not allow setting content settings as they are
   // enforced via policies and not set by the user or extension. So a call to
   // SetWebsiteSetting does nothing.
   bool owned = provider.SetWebsiteSetting(
       yt_url_pattern, yt_url_pattern, ContentSettingsType::COOKIES,
       base::Value(CONTENT_SETTING_BLOCK), /*constraints=*/{},
       content_settings::PartitionKey::GetDefaultForTesting());
   EXPECT_FALSE(owned);
   EXPECT_EQ(CONTENT_SETTING_DEFAULT,
             TestUtils::GetContentSetting(&provider, youtube_url, youtube_url,
                                          ContentSettingsType::COOKIES, false));

   provider.ShutdownOnUIThread();
 }

 TEST_F(PolicyProviderTest, AutoSelectCertificateList) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();

   PolicyProvider provider(prefs);
   GURL google_url("https://mail.google.com");
   // Tests the default setting for auto selecting certificates
   EXPECT_EQ(base::Value(),
             TestUtils::GetContentSettingValue(
                 &provider, google_url, google_url,
                 ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

   // Set the content settings pattern list for origins to auto select
   // certificates.
   std::string pattern_str("\"pattern\":\"[*.]google.com\"");
   std::string filter_str("\"filter\":{\"ISSUER\":{\"CN\":\"issuer name\"}}");
   base::Value::List list;
   list.Append("{" + pattern_str + "," + filter_str + "}");
   prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
                         std::move(list));
   GURL youtube_url("https://www.youtube.com");
   EXPECT_EQ(base::Value(),
             TestUtils::GetContentSettingValue(
                 &provider, youtube_url, youtube_url,
                 ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));
   base::Value cert_filter_setting = TestUtils::GetContentSettingValue(
       &provider, google_url, google_url,
       ContentSettingsType::AUTO_SELECT_CERTIFICATE, false);

   ASSERT_EQ(base::Value::Type::DICT, cert_filter_setting.type());
   base::Value::List* cert_filters =
       cert_filter_setting.GetDict().FindList("filters");
   ASSERT_TRUE(cert_filters);
   ASSERT_FALSE(cert_filters->empty());
   auto& filter = cert_filters->front();
   ASSERT_TRUE(filter.is_dict());
   const std::string* actual_common_name =
       filter.GetDict().FindStringByDottedPath("ISSUER.CN");
   ASSERT_TRUE(actual_common_name);
   EXPECT_EQ("issuer name", *actual_common_name);
   provider.ShutdownOnUIThread();
 }

 TEST_F(PolicyProviderTest, InvalidAutoSelectCertificateList) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();

   PolicyProvider provider(prefs);
   GURL google_url("https://mail.google.com");

   std::string pattern_str("\"pattern\":\"[*.]google.com\"");
   std::string filter_str("\"filter\":{\"ISSUER\":{\"CN\":\"issuer name\"}}");

   // Missing pattern should be rejected.
   base::Value::List missing_pattern_value;
   missing_pattern_value.Append("{" + filter_str + "}");
   prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
                         std::move(missing_pattern_value));
   EXPECT_EQ(base::Value(),
             TestUtils::GetContentSettingValue(
                 &provider, google_url, google_url,
                 ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

   // Non-dict value should be rejected.
   base::Value::List no_dict_value;
   no_dict_value.Append(pattern_str + "," + filter_str);
   prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
                         std::move(no_dict_value));
   EXPECT_EQ(base::Value(),
             TestUtils::GetContentSettingValue(
                 &provider, google_url, google_url,
                 ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

   // Missing filter should be rejected.
   base::Value::List missing_filter_value;
   missing_filter_value.Append("{" + pattern_str + "}");
   prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
                         std::move(missing_filter_value));
   EXPECT_EQ(base::Value(),
             TestUtils::GetContentSettingValue(
                 &provider, google_url, google_url,
                 ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

   // Valid configuration should not be rejected.
   base::Value::List valid_value;
   valid_value.Append("{" + pattern_str + "," + filter_str + "}");
   prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
                         std::move(valid_value));
   EXPECT_NE(base::Value(),
             TestUtils::GetContentSettingValue(
                 &provider, google_url, google_url,
                 ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

   provider.ShutdownOnUIThread();
 }

 TEST_F(PolicyProviderTest, InvalidManagedDefaultContentSetting) {
   TestingProfile profile;
   sync_preferences::TestingPrefServiceSyncable* prefs =
       profile.GetTestingPrefService();
   PolicyProvider provider(prefs);

   prefs->SetManagedPref(
       prefs::kManagedDefaultCookiesSetting,
       std::make_unique<base::Value>(CONTENT_SETTING_DETECT_IMPORTANT_CONTENT));

   // The setting provided in the cookies pref is not valid for cookies. It
   // should be ignored.
   std::unique_ptr<RuleIterator> rule_iterator(provider.GetRuleIterator(
       ContentSettingsType::COOKIES, false,
       content_settings::PartitionKey::GetDefaultForTesting()));
   EXPECT_FALSE(rule_iterator);

   provider.ShutdownOnUIThread();
 }

 TEST_F(PolicyProviderTest, CookiesAllowedForUrlsUsageHistogram) {
   const struct TestCase {
     std::string desc;
     base::Value::List managed_pref;
     std::optional<net::CookiesAllowedForUrlsUsage> expected_bucket;
   } test_cases[] = {
       {
           "NoRules",
           base::Value::List(),
           std::nullopt,
       },
       {
           "WildcardPrimaryOnly",
           base::Value::List().Append("*,https://www.a.com/"),
           net::CookiesAllowedForUrlsUsage::kWildcardPrimaryOnly,
       },
       {
           "WildcardSecondaryOnly",
           base::Value::List().Append("https://www.a.com/"),
           net::CookiesAllowedForUrlsUsage::kWildcardSecondaryOnly,
       },
       {"ExplicitOnly",
        base::Value::List().Append("https://www.a.com/,https://www.b.com/"),
        net::CookiesAllowedForUrlsUsage::kExplicitOnly},
       {
           "ExplicitAndPrimaryWildcard",
           base::Value::List()
               .Append("*,https://www.a.com/")
               .Append("https://www.a.com/,https://www.b.com/"),
           net::CookiesAllowedForUrlsUsage::kExplicitAndPrimaryWildcard,
       },
       {
           "ExplicityAndSecondaryWildcard",
           base::Value::List()
               .Append("https://www.a.com/")
               .Append("https://www.a.com/,https://www.b.com/"),
           net::CookiesAllowedForUrlsUsage::kExplicitAndSecondaryWildcard,
       },
       {
           "WildcardOnly",
           base::Value::List()
               .Append("*,https://www.a.com/")
               .Append("https://www.a.com/"),
           net::CookiesAllowedForUrlsUsage::kWildcardOnly,
       },
       {
           "AllPresent",
           base::Value::List()
               .Append("*,https://www.a.com/")
               .Append("https://www.a.com/")
               .Append("https://www.a.com/,https://www.b.com/"),
           net::CookiesAllowedForUrlsUsage::kAllPresent,
       },
   };

   for (const auto& test_case : test_cases) {
     SCOPED_TRACE(test_case.desc);
     TestingProfile profile;
     sync_preferences::TestingPrefServiceSyncable* prefs =
         profile.GetTestingPrefService();
     prefs->SetManagedPref(prefs::kManagedCookiesAllowedForUrls,
                           test_case.managed_pref.Clone());
     // Set some other cookie-related prefs to make sure they do not impact
     // results.
     prefs->SetManagedPref(prefs::kManagedCookiesBlockedForUrls,
                           base::Value::List()
                               .Append("https://www.c.com/")
                               .Append("*,https://www.c.com/"));
     prefs->SetManagedPref(prefs::kManagedCookiesSessionOnlyForUrls,
                           base::Value::List()
                               .Append("https://www.d.com/")
                               .Append("https://www.d.com/,https://www.e.com/"));
     base::HistogramTester histogram_tester;

     PolicyProvider provider(prefs);

     histogram_tester.ExpectTotalCount(
         "Cookie.Experimental.CookiesAllowedForUrlsUsage",
         test_case.expected_bucket ? 1 : 0);
     if (test_case.expected_bucket) {
       histogram_tester.ExpectUniqueSample(
           "Cookie.Experimental.CookiesAllowedForUrlsUsage",
           *test_case.expected_bucket,
           /*expected_bucket_count=*/1);
     }

     provider.ShutdownOnUIThread();
   }
 }

 }  // namespace content_settings
	// Copyright 2011 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "components/content_settings/core/browser/content_settings_policy_provider.h"

	#include <memory>
	#include <string>

	#include "base/auto_reset.h"
	#include "base/command_line.h"
	#include "base/test/metrics/histogram_tester.h"
	#include "base/test/scoped_feature_list.h"
	#include "chrome/common/chrome_switches.h"
	#include "chrome/common/url_constants.h"
	#include "chrome/test/base/testing_profile.h"
	#include "components/content_settings/core/browser/content_settings_mock_observer.h"
	#include "components/content_settings/core/browser/content_settings_rule.h"
	#include "components/content_settings/core/browser/content_settings_utils.h"
	#include "components/content_settings/core/common/content_settings_pattern.h"
	#include "components/content_settings/core/common/content_settings_utils.h"
	#include "components/content_settings/core/common/pref_names.h"
	#include "components/content_settings/core/test/content_settings_test_utils.h"
	#include "components/prefs/pref_service.h"
	#include "components/sync_preferences/testing_pref_service_syncable.h"
	#include "content/public/test/browser_task_environment.h"
	#include "net/cookies/cookie_constants.h"
	#include "testing/gtest/include/gtest/gtest.h"
	#include "url/gurl.h"

	using ::testing::_;

	namespace content_settings {

	class PolicyProviderTest : public testing::Test {
	content::BrowserTaskEnvironment task_environment_;
	};

	TEST_F(PolicyProviderTest, DefaultGeolocationContentSetting) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();
	PolicyProvider provider(prefs);

	std::unique_ptr<RuleIterator> rule_iterator(provider.GetRuleIterator(
	ContentSettingsType::GEOLOCATION, false,
	content_settings::PartitionKey::GetDefaultForTesting()));
	EXPECT_FALSE(rule_iterator);

	// Change the managed value of the default geolocation setting
	prefs->SetManagedPref(prefs::kManagedDefaultGeolocationSetting,
	std::make_unique<base::Value>(CONTENT_SETTING_BLOCK));

	rule_iterator = provider.GetRuleIterator(
	ContentSettingsType::GEOLOCATION, false,
	content_settings::PartitionKey::GetDefaultForTesting());
	ASSERT_TRUE(rule_iterator);
	EXPECT_TRUE(rule_iterator->HasNext());
	std::unique_ptr<Rule> rule = rule_iterator->Next();
	EXPECT_FALSE(rule_iterator->HasNext());

	EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->primary_pattern);
	EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->secondary_pattern);
	EXPECT_EQ(CONTENT_SETTING_BLOCK, ValueToContentSetting(rule->value));

	provider.ShutdownOnUIThread();
	}

	TEST_F(PolicyProviderTest, ManagedDefaultContentSettings) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();
	PolicyProvider provider(prefs);

	prefs->SetManagedPref(prefs::kManagedDefaultCookiesSetting,
	std::make_unique<base::Value>(CONTENT_SETTING_BLOCK));

	std::unique_ptr<RuleIterator> rule_iterator(provider.GetRuleIterator(
	ContentSettingsType::COOKIES, false,
	content_settings::PartitionKey::GetDefaultForTesting()));
	EXPECT_TRUE(rule_iterator->HasNext());
	std::unique_ptr<Rule> rule = rule_iterator->Next();
	EXPECT_FALSE(rule_iterator->HasNext());

	EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->primary_pattern);
	EXPECT_EQ(ContentSettingsPattern::Wildcard(), rule->secondary_pattern);
	EXPECT_EQ(CONTENT_SETTING_BLOCK, ValueToContentSetting(rule->value));

	provider.ShutdownOnUIThread();
	}

	// When a default-content-setting is set to a managed setting a
	// CONTENT_SETTINGS_CHANGED notification should be fired. The same should happen
	// if the managed setting is removed.
	TEST_F(PolicyProviderTest, ObserveManagedSettingsChange) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();
	PolicyProvider provider(prefs);

	MockObserver mock_observer;
	EXPECT_CALL(mock_observer,
	OnContentSettingChanged(_, _, ContentSettingsType::DEFAULT));
	provider.AddObserver(&mock_observer);

	// Set the managed default-content-setting.
	prefs->SetManagedPref(prefs::kManagedDefaultCookiesSetting,
	std::make_unique<base::Value>(CONTENT_SETTING_BLOCK));
	::testing::Mock::VerifyAndClearExpectations(&mock_observer);
	EXPECT_CALL(mock_observer,
	OnContentSettingChanged(_, _, ContentSettingsType::DEFAULT));
	// Remove the managed default-content-setting.
	prefs->RemoveManagedPref(prefs::kManagedDefaultCookiesSetting);
	provider.ShutdownOnUIThread();
	}

	TEST_F(PolicyProviderTest, GettingManagedContentSettings) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();

	base::Value::List list;
	list.Append("[*.]google.com");
	prefs->SetManagedPref(prefs::kManagedImagesBlockedForUrls, std::move(list));

	PolicyProvider provider(prefs);

	ContentSettingsPattern yt_url_pattern =
	ContentSettingsPattern::FromString("www.youtube.com");
	GURL youtube_url("http://www.youtube.com");
	GURL google_url("http://mail.google.com");

	EXPECT_EQ(CONTENT_SETTING_DEFAULT,
	TestUtils::GetContentSetting(&provider, youtube_url, youtube_url,
	ContentSettingsType::COOKIES, false));
	EXPECT_EQ(base::Value(), TestUtils::GetContentSettingValue(
	&provider, youtube_url, youtube_url,
	ContentSettingsType::COOKIES, false));

	EXPECT_EQ(CONTENT_SETTING_BLOCK,
	TestUtils::GetContentSetting(&provider, google_url, google_url,
	ContentSettingsType::IMAGES, false));
	base::Value value = TestUtils::GetContentSettingValue(
	&provider, google_url, google_url, ContentSettingsType::IMAGES, false);

	EXPECT_EQ(CONTENT_SETTING_BLOCK,
	IntToContentSetting(value.GetIfInt().value_or(-1)));

	// The PolicyProvider does not allow setting content settings as they are
	// enforced via policies and not set by the user or extension. So a call to
	// SetWebsiteSetting does nothing.
	bool owned = provider.SetWebsiteSetting(
	yt_url_pattern, yt_url_pattern, ContentSettingsType::COOKIES,
	base::Value(CONTENT_SETTING_BLOCK), /constraints=/{},
	content_settings::PartitionKey::GetDefaultForTesting());
	EXPECT_FALSE(owned);
	EXPECT_EQ(CONTENT_SETTING_DEFAULT,
	TestUtils::GetContentSetting(&provider, youtube_url, youtube_url,
	ContentSettingsType::COOKIES, false));

	provider.ShutdownOnUIThread();
	}

	TEST_F(PolicyProviderTest, AutoSelectCertificateList) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();

	PolicyProvider provider(prefs);
	GURL google_url("https://mail.google.com");
	// Tests the default setting for auto selecting certificates
	EXPECT_EQ(base::Value(),
	TestUtils::GetContentSettingValue(
	&provider, google_url, google_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

	// Set the content settings pattern list for origins to auto select
	// certificates.
	std::string pattern_str("\"pattern\":\"[*.]google.com\"");
	std::string filter_str("\"filter\":{\"ISSUER\":{\"CN\":\"issuer name\"}}");
	base::Value::List list;
	list.Append("{" + pattern_str + "," + filter_str + "}");
	prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
	std::move(list));
	GURL youtube_url("https://www.youtube.com");
	EXPECT_EQ(base::Value(),
	TestUtils::GetContentSettingValue(
	&provider, youtube_url, youtube_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));
	base::Value cert_filter_setting = TestUtils::GetContentSettingValue(
	&provider, google_url, google_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false);

	ASSERT_EQ(base::Value::Type::DICT, cert_filter_setting.type());
	base::Value::List* cert_filters =
	cert_filter_setting.GetDict().FindList("filters");
	ASSERT_TRUE(cert_filters);
	ASSERT_FALSE(cert_filters->empty());
	auto& filter = cert_filters->front();
	ASSERT_TRUE(filter.is_dict());
	const std::string* actual_common_name =
	filter.GetDict().FindStringByDottedPath("ISSUER.CN");
	ASSERT_TRUE(actual_common_name);
	EXPECT_EQ("issuer name", *actual_common_name);
	provider.ShutdownOnUIThread();
	}

	TEST_F(PolicyProviderTest, InvalidAutoSelectCertificateList) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();

	PolicyProvider provider(prefs);
	GURL google_url("https://mail.google.com");

	std::string pattern_str("\"pattern\":\"[*.]google.com\"");
	std::string filter_str("\"filter\":{\"ISSUER\":{\"CN\":\"issuer name\"}}");

	// Missing pattern should be rejected.
	base::Value::List missing_pattern_value;
	missing_pattern_value.Append("{" + filter_str + "}");
	prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
	std::move(missing_pattern_value));
	EXPECT_EQ(base::Value(),
	TestUtils::GetContentSettingValue(
	&provider, google_url, google_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

	// Non-dict value should be rejected.
	base::Value::List no_dict_value;
	no_dict_value.Append(pattern_str + "," + filter_str);
	prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
	std::move(no_dict_value));
	EXPECT_EQ(base::Value(),
	TestUtils::GetContentSettingValue(
	&provider, google_url, google_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

	// Missing filter should be rejected.
	base::Value::List missing_filter_value;
	missing_filter_value.Append("{" + pattern_str + "}");
	prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
	std::move(missing_filter_value));
	EXPECT_EQ(base::Value(),
	TestUtils::GetContentSettingValue(
	&provider, google_url, google_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

	// Valid configuration should not be rejected.
	base::Value::List valid_value;
	valid_value.Append("{" + pattern_str + "," + filter_str + "}");
	prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls,
	std::move(valid_value));
	EXPECT_NE(base::Value(),
	TestUtils::GetContentSettingValue(
	&provider, google_url, google_url,
	ContentSettingsType::AUTO_SELECT_CERTIFICATE, false));

	provider.ShutdownOnUIThread();
	}

	TEST_F(PolicyProviderTest, InvalidManagedDefaultContentSetting) {
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();
	PolicyProvider provider(prefs);

	prefs->SetManagedPref(
	prefs::kManagedDefaultCookiesSetting,
	std::make_unique<base::Value>(CONTENT_SETTING_DETECT_IMPORTANT_CONTENT));

	// The setting provided in the cookies pref is not valid for cookies. It
	// should be ignored.
	std::unique_ptr<RuleIterator> rule_iterator(provider.GetRuleIterator(
	ContentSettingsType::COOKIES, false,
	content_settings::PartitionKey::GetDefaultForTesting()));
	EXPECT_FALSE(rule_iterator);

	provider.ShutdownOnUIThread();
	}

	TEST_F(PolicyProviderTest, CookiesAllowedForUrlsUsageHistogram) {
	const struct TestCase {
	std::string desc;
	base::Value::List managed_pref;
	std::optional<net::CookiesAllowedForUrlsUsage> expected_bucket;
	} test_cases[] = {
	{
	"NoRules",
	base::Value::List(),
	std::nullopt,
	},
	{
	"WildcardPrimaryOnly",
	base::Value::List().Append("*,https://www.a.com/"),
	net::CookiesAllowedForUrlsUsage::kWildcardPrimaryOnly,
	},
	{
	"WildcardSecondaryOnly",
	base::Value::List().Append("https://www.a.com/"),
	net::CookiesAllowedForUrlsUsage::kWildcardSecondaryOnly,
	},
	{"ExplicitOnly",
	base::Value::List().Append("https://www.a.com/,https://www.b.com/"),
	net::CookiesAllowedForUrlsUsage::kExplicitOnly},
	{
	"ExplicitAndPrimaryWildcard",
	base::Value::List()
	.Append("*,https://www.a.com/")
	.Append("https://www.a.com/,https://www.b.com/"),
	net::CookiesAllowedForUrlsUsage::kExplicitAndPrimaryWildcard,
	},
	{
	"ExplicityAndSecondaryWildcard",
	base::Value::List()
	.Append("https://www.a.com/")
	.Append("https://www.a.com/,https://www.b.com/"),
	net::CookiesAllowedForUrlsUsage::kExplicitAndSecondaryWildcard,
	},
	{
	"WildcardOnly",
	base::Value::List()
	.Append("*,https://www.a.com/")
	.Append("https://www.a.com/"),
	net::CookiesAllowedForUrlsUsage::kWildcardOnly,
	},
	{
	"AllPresent",
	base::Value::List()
	.Append("*,https://www.a.com/")
	.Append("https://www.a.com/")
	.Append("https://www.a.com/,https://www.b.com/"),
	net::CookiesAllowedForUrlsUsage::kAllPresent,
	},
	};

	for (const auto& test_case : test_cases) {
	SCOPED_TRACE(test_case.desc);
	TestingProfile profile;
	sync_preferences::TestingPrefServiceSyncable* prefs =
	profile.GetTestingPrefService();
	prefs->SetManagedPref(prefs::kManagedCookiesAllowedForUrls,
	test_case.managed_pref.Clone());
	// Set some other cookie-related prefs to make sure they do not impact
	// results.
	prefs->SetManagedPref(prefs::kManagedCookiesBlockedForUrls,
	base::Value::List()
	.Append("https://www.c.com/")
	.Append("*,https://www.c.com/"));
	prefs->SetManagedPref(prefs::kManagedCookiesSessionOnlyForUrls,
	base::Value::List()
	.Append("https://www.d.com/")
	.Append("https://www.d.com/,https://www.e.com/"));
	base::HistogramTester histogram_tester;

	PolicyProvider provider(prefs);

	histogram_tester.ExpectTotalCount(
	"Cookie.Experimental.CookiesAllowedForUrlsUsage",
	test_case.expected_bucket ? 1 : 0);
	if (test_case.expected_bucket) {
	histogram_tester.ExpectUniqueSample(
	"Cookie.Experimental.CookiesAllowedForUrlsUsage",
	*test_case.expected_bucket,
	/expected_bucket_count=/1);
	}

	provider.ShutdownOnUIThread();
	}
	}

	} // namespace content_settings