| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
| 7 | 7 |
| 8 #include <map> |
| 8 #include <string> | 9 #include <string> |
| 9 #include <vector> | 10 #include <vector> |
| 10 | 11 |
| 11 #include "base/at_exit.h" | 12 #include "base/at_exit.h" |
| 12 #include "base/callback.h" | 13 #include "base/callback.h" |
| 13 #include "base/file_util.h" | 14 #include "base/file_util.h" |
| 14 #include "base/files/scoped_temp_dir.h" | 15 #include "base/files/scoped_temp_dir.h" |
| 15 #include "base/json/json_reader.h" | 16 #include "base/json/json_reader.h" |
| 16 #include "base/lazy_instance.h" | 17 #include "base/lazy_instance.h" |
| 17 #include "base/path_service.h" | 18 #include "base/path_service.h" |
| 18 #include "chrome/browser/chromeos/cros/cros_library.h" | 19 #include "chrome/browser/chromeos/cros/cros_library.h" |
| 19 #include "chrome/browser/chromeos/cros/network_library.h" | 20 #include "chrome/browser/chromeos/cros/network_library.h" |
| 20 #include "chrome/browser/chromeos/cros/network_library_impl_stub.h" | 21 #include "chrome/browser/chromeos/cros/network_library_impl_stub.h" |
| 21 #include "chrome/browser/chromeos/login/mock_user_manager.h" | 22 #include "chrome/browser/chromeos/login/mock_user_manager.h" |
| 22 #include "chrome/browser/google_apis/test_util.h" | 23 #include "chrome/browser/google_apis/test_util.h" |
| 23 #include "chrome/common/chrome_paths.h" | 24 #include "chrome/common/chrome_paths.h" |
| 24 #include "chromeos/network/onc/onc_certificate_importer.h" | 25 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 25 #include "chromeos/network/onc/onc_constants.h" | 26 #include "chromeos/network/onc/onc_constants.h" |
| 26 #include "chromeos/network/onc/onc_test_utils.h" | 27 #include "chromeos/network/onc/onc_test_utils.h" |
| 27 #include "chromeos/network/onc/onc_utils.h" | 28 #include "chromeos/network/onc/onc_utils.h" |
| 28 #include "crypto/nss_util.h" | 29 #include "crypto/nss_util.h" |
| 29 #include "net/base/crypto_module.h" | 30 #include "net/base/crypto_module.h" |
| 30 #include "net/cert/nss_cert_database.h" | 31 #include "net/cert/nss_cert_database.h" |
| 31 #include "net/cert/x509_certificate.h" | 32 #include "net/cert/x509_certificate.h" |
| 32 #include "testing/gmock/include/gmock/gmock.h" | 33 #include "testing/gmock/include/gmock/gmock.h" |
| 33 #include "testing/gtest/include/gtest/gtest.h" | 34 #include "testing/gtest/include/gtest/gtest.h" |
| 34 | 35 |
| 36 using ::testing::AnyNumber; |
| 35 using ::testing::Return; | 37 using ::testing::Return; |
| 36 using ::testing::AtLeast; | |
| 37 | 38 |
| 38 namespace chromeos { | 39 namespace chromeos { |
| 39 | 40 |
| 40 namespace { | 41 namespace { |
| 41 | 42 |
| 42 // Have to do a stub here because MOCK can't handle closure arguments. | 43 // Have to do a stub here because MOCK can't handle closure arguments. |
| 43 class StubEnrollmentDelegate : public EnrollmentDelegate { | 44 class StubEnrollmentDelegate : public EnrollmentDelegate { |
| 44 public: | 45 public: |
| 45 explicit StubEnrollmentDelegate() | 46 explicit StubEnrollmentDelegate() |
| 46 : did_enroll(false), | 47 : did_enroll(false), |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 // Load the ONC from |onc_file| using NetworkLibrary::LoadOncNetworks. Check | 162 // Load the ONC from |onc_file| using NetworkLibrary::LoadOncNetworks. Check |
| 162 // that return value matches |expect_successful_import| and the configuration | 163 // that return value matches |expect_successful_import| and the configuration |
| 163 // that would be sent to Shill matches |shill_json|. | 164 // that would be sent to Shill matches |shill_json|. |
| 164 void LoadOncAndVerifyNetworks(std::string onc_file, | 165 void LoadOncAndVerifyNetworks(std::string onc_file, |
| 165 std::string shill_json, | 166 std::string shill_json, |
| 166 onc::ONCSource source, | 167 onc::ONCSource source, |
| 167 bool expect_successful_import) { | 168 bool expect_successful_import) { |
| 168 ScopedMockUserManagerEnabler mock_user_manager; | 169 ScopedMockUserManagerEnabler mock_user_manager; |
| 169 mock_user_manager.user_manager()->SetLoggedInUser("madmax@my.domain.com"); | 170 mock_user_manager.user_manager()->SetLoggedInUser("madmax@my.domain.com"); |
| 170 EXPECT_CALL(*mock_user_manager.user_manager(), IsUserLoggedIn()) | 171 EXPECT_CALL(*mock_user_manager.user_manager(), IsUserLoggedIn()) |
| 171 .Times(AtLeast(0)) | 172 .Times(AnyNumber()) |
| 172 .WillRepeatedly(Return(true)); | 173 .WillRepeatedly(Return(true)); |
| 173 | 174 |
| 174 std::string onc_blob = | 175 std::string onc_blob = |
| 175 onc::test_utils::ReadTestData(onc_file); | 176 onc::test_utils::ReadTestData(onc_file); |
| 176 | 177 |
| 177 scoped_ptr<base::Value> expected_value = | 178 scoped_ptr<base::Value> expected_value = |
| 178 google_apis::test_util::LoadJSONFile(shill_json); | 179 google_apis::test_util::LoadJSONFile(shill_json); |
| 179 base::DictionaryValue* expected_configs; | 180 base::DictionaryValue* expected_configs; |
| 180 expected_value->GetAsDictionary(&expected_configs); | 181 expected_value->GetAsDictionary(&expected_configs); |
| 181 | 182 |
| 183 net::CertificateList cert_list; |
| 182 EXPECT_EQ(expect_successful_import, | 184 EXPECT_EQ(expect_successful_import, |
| 183 cros_->LoadOncNetworks(onc_blob, "", source, true)); | 185 cros_->LoadOncNetworks(onc_blob, "", source, &cert_list)); |
| 184 | 186 |
| 185 const std::map<std::string, base::DictionaryValue*>& configs = | 187 const std::map<std::string, base::DictionaryValue*>& configs = |
| 186 cros_->GetConfigurations(); | 188 cros_->GetConfigurations(); |
| 187 | 189 |
| 188 EXPECT_EQ(expected_configs->size(), configs.size()); | 190 EXPECT_EQ(expected_configs->size(), configs.size()); |
| 189 | 191 |
| 190 for (base::DictionaryValue::Iterator it(*expected_configs); it.HasNext(); | 192 for (base::DictionaryValue::Iterator it(*expected_configs); it.HasNext(); |
| 191 it.Advance()) { | 193 it.Advance()) { |
| 192 const base::DictionaryValue* expected_config; | 194 const base::DictionaryValue* expected_config; |
| 193 it.value().GetAsDictionary(&expected_config); | 195 it.value().GetAsDictionary(&expected_config); |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 EXPECT_TRUE(wifi1->connected()); | 319 EXPECT_TRUE(wifi1->connected()); |
| 318 } | 320 } |
| 319 | 321 |
| 320 TEST_F(NetworkLibraryStubTest, NetworkConnectWifiWithCertPattern) { | 322 TEST_F(NetworkLibraryStubTest, NetworkConnectWifiWithCertPattern) { |
| 321 scoped_ptr<base::DictionaryValue> onc_root = | 323 scoped_ptr<base::DictionaryValue> onc_root = |
| 322 onc::test_utils::ReadTestDictionary("toplevel_wifi_eap_clientcert.onc"); | 324 onc::test_utils::ReadTestDictionary("toplevel_wifi_eap_clientcert.onc"); |
| 323 base::ListValue* certificates; | 325 base::ListValue* certificates; |
| 324 onc_root->GetListWithoutPathExpansion(onc::toplevel_config::kCertificates, | 326 onc_root->GetListWithoutPathExpansion(onc::toplevel_config::kCertificates, |
| 325 &certificates); | 327 &certificates); |
| 326 | 328 |
| 327 onc::CertificateImporter importer(true /* allow webtrust */); | 329 onc::CertificateImporter importer(true /* allow trust imports */); |
| 330 net::CertificateList cert_list; |
| 328 ASSERT_EQ(onc::CertificateImporter::IMPORT_OK, | 331 ASSERT_EQ(onc::CertificateImporter::IMPORT_OK, |
| 329 importer.ParseAndStoreCertificates(*certificates)); | 332 importer.ParseAndStoreCertificates(*certificates, &cert_list)); |
| 330 | 333 |
| 331 WifiNetwork* wifi = cros_->FindWifiNetworkByPath("wifi_cert_pattern"); | 334 WifiNetwork* wifi = cros_->FindWifiNetworkByPath("wifi_cert_pattern"); |
| 332 | 335 |
| 333 StubEnrollmentDelegate* enrollment_delegate = new StubEnrollmentDelegate(); | 336 StubEnrollmentDelegate* enrollment_delegate = new StubEnrollmentDelegate(); |
| 334 wifi->SetEnrollmentDelegate(enrollment_delegate); | 337 wifi->SetEnrollmentDelegate(enrollment_delegate); |
| 335 EXPECT_FALSE(enrollment_delegate->did_enroll); | 338 EXPECT_FALSE(enrollment_delegate->did_enroll); |
| 336 EXPECT_FALSE(enrollment_delegate->correct_args); | 339 EXPECT_FALSE(enrollment_delegate->correct_args); |
| 337 | 340 |
| 338 ASSERT_NE(static_cast<const WifiNetwork*>(NULL), wifi); | 341 ASSERT_NE(static_cast<const WifiNetwork*>(NULL), wifi); |
| 339 EXPECT_FALSE(wifi->connected()); | 342 EXPECT_FALSE(wifi->connected()); |
| 340 EXPECT_TRUE(cros_->CanConnectToNetwork(wifi)); | 343 EXPECT_TRUE(cros_->CanConnectToNetwork(wifi)); |
| 341 EXPECT_FALSE(wifi->connected()); | 344 EXPECT_FALSE(wifi->connected()); |
| 342 wifi->AttemptConnection( | 345 wifi->AttemptConnection( |
| 343 base::Bind(&WifiNetworkConnectCallback, cros_, wifi)); | 346 base::Bind(&WifiNetworkConnectCallback, cros_, wifi)); |
| 344 EXPECT_TRUE(wifi->connected()); | 347 EXPECT_TRUE(wifi->connected()); |
| 345 EXPECT_TRUE(enrollment_delegate->did_enroll); | 348 EXPECT_TRUE(enrollment_delegate->did_enroll); |
| 346 EXPECT_TRUE(enrollment_delegate->correct_args); | 349 EXPECT_TRUE(enrollment_delegate->correct_args); |
| 347 } | 350 } |
| 348 | 351 |
| 349 TEST_F(NetworkLibraryStubTest, NetworkConnectVPNWithCertPattern) { | 352 TEST_F(NetworkLibraryStubTest, NetworkConnectVPNWithCertPattern) { |
| 350 scoped_ptr<base::DictionaryValue> onc_root = | 353 scoped_ptr<base::DictionaryValue> onc_root = |
| 351 onc::test_utils::ReadTestDictionary("toplevel_openvpn_clientcert.onc"); | 354 onc::test_utils::ReadTestDictionary("toplevel_openvpn_clientcert.onc"); |
| 352 base::ListValue* certificates; | 355 base::ListValue* certificates; |
| 353 onc_root->GetListWithoutPathExpansion(onc::toplevel_config::kCertificates, | 356 onc_root->GetListWithoutPathExpansion(onc::toplevel_config::kCertificates, |
| 354 &certificates); | 357 &certificates); |
| 355 | 358 |
| 356 onc::CertificateImporter importer(true /* allow webtrust */); | 359 onc::CertificateImporter importer(true /* allow trust imports */); |
| 360 net::CertificateList cert_list; |
| 357 ASSERT_EQ(onc::CertificateImporter::IMPORT_OK, | 361 ASSERT_EQ(onc::CertificateImporter::IMPORT_OK, |
| 358 importer.ParseAndStoreCertificates(*certificates)); | 362 importer.ParseAndStoreCertificates(*certificates, &cert_list)); |
| 359 | 363 |
| 360 VirtualNetwork* vpn = cros_->FindVirtualNetworkByPath("vpn_cert_pattern"); | 364 VirtualNetwork* vpn = cros_->FindVirtualNetworkByPath("vpn_cert_pattern"); |
| 361 | 365 |
| 362 StubEnrollmentDelegate* enrollment_delegate = new StubEnrollmentDelegate(); | 366 StubEnrollmentDelegate* enrollment_delegate = new StubEnrollmentDelegate(); |
| 363 vpn->SetEnrollmentDelegate(enrollment_delegate); | 367 vpn->SetEnrollmentDelegate(enrollment_delegate); |
| 364 EXPECT_FALSE(enrollment_delegate->did_enroll); | 368 EXPECT_FALSE(enrollment_delegate->did_enroll); |
| 365 EXPECT_FALSE(enrollment_delegate->correct_args); | 369 EXPECT_FALSE(enrollment_delegate->correct_args); |
| 366 | 370 |
| 367 ASSERT_NE(static_cast<const VirtualNetwork*>(NULL), vpn); | 371 ASSERT_NE(static_cast<const VirtualNetwork*>(NULL), vpn); |
| 368 EXPECT_FALSE(vpn->connected()); | 372 EXPECT_FALSE(vpn->connected()); |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 497 | 501 |
| 498 // TODO(stevenjb): Test network profiles. | 502 // TODO(stevenjb): Test network profiles. |
| 499 | 503 |
| 500 // TODO(stevenjb): Test network devices. | 504 // TODO(stevenjb): Test network devices. |
| 501 | 505 |
| 502 // TODO(stevenjb): Test data plans. | 506 // TODO(stevenjb): Test data plans. |
| 503 | 507 |
| 504 // TODO(stevenjb): Test monitor network / device. | 508 // TODO(stevenjb): Test monitor network / device. |
| 505 | 509 |
| 506 } // namespace chromeos | 510 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src