Chromium Code Reviews Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc |
| diff --git a/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc b/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc |
| index 7290ff3bfe8d9a84fcaf2129330f52be75d3ab63..b50f777c26410b57f46f3af73cb06348503815d3 100644 |
| --- a/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc |
| +++ b/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc |
| @@ -4,6 +4,9 @@ |
| #include "chrome/browser/chromeos/policy/network_configuration_updater.h" |
| +#include "base/command_line.h" |
| +#include "base/file_util.h" |
| +#include "base/files/file_path.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/message_loop.h" |
| #include "base/run_loop.h" |
| @@ -11,13 +14,19 @@ |
| #include "chrome/browser/policy/mock_configuration_policy_provider.h" |
| #include "chrome/browser/policy/policy_map.h" |
| #include "chrome/browser/policy/policy_service_impl.h" |
| +#include "chrome/common/chrome_switches.h" |
| #include "chromeos/network/onc/onc_constants.h" |
| #include "chromeos/network/onc/onc_utils.h" |
| +#include "content/public/test/test_browser_thread.h" |
| +#include "content/public/test/test_utils.h" |
| +#include "net/base/cert_trust_anchor_provider.h" |
| +#include "net/base/test_data_directory.h" |
| +#include "net/base/x509_certificate.h" |
| #include "policy/policy_constants.h" |
| #include "testing/gmock/include/gmock/gmock.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| -using testing::AtLeast; |
| +using testing::AnyNumber; |
| using testing::Mock; |
| using testing::Ne; |
| using testing::Return; |
| @@ -25,11 +34,24 @@ using testing::_; |
| namespace policy { |
| -static const char kFakeONC[] = "{ \"GUID\": \"1234\" }"; |
| +namespace { |
| + |
| +const char kFakeONC[] = "{ \"GUID\": \"1234\" }"; |
| + |
| +ACTION_P(SetCertificateList, list) { |
| + *arg3 = list; |
| + return true; |
| +} |
| + |
| +} // namespace |
| class NetworkConfigurationUpdaterTest |
| : public testing::TestWithParam<const char*>{ |
| protected: |
| + NetworkConfigurationUpdaterTest() |
| + : ui_thread_(content::BrowserThread::UI, &loop_), |
| + io_thread_(content::BrowserThread::IO, &loop_) {} |
| + |
| virtual void SetUp() OVERRIDE { |
| EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| .WillRepeatedly(Return(true)); |
| @@ -37,10 +59,14 @@ class NetworkConfigurationUpdaterTest |
| PolicyServiceImpl::Providers providers; |
| providers.push_back(&provider_); |
| policy_service_.reset(new PolicyServiceImpl(providers)); |
| + |
| + CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| + command_line->AppendSwitch(switches::kEnableWebTrustCerts); |
| } |
| virtual void TearDown() OVERRIDE { |
| provider_.Shutdown(); |
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| } |
| void UpdateProviderPolicy(const PolicyMap& policy) { |
| @@ -63,6 +89,8 @@ class NetworkConfigurationUpdaterTest |
| MockConfigurationPolicyProvider provider_; |
| scoped_ptr<PolicyServiceImpl> policy_service_; |
| MessageLoop loop_; |
| + content::TestBrowserThread ui_thread_; |
| + content::TestBrowserThread io_thread_; |
| }; |
| TEST_P(NetworkConfigurationUpdaterTest, InitialUpdates) { |
| @@ -106,26 +134,52 @@ TEST_P(NetworkConfigurationUpdaterTest, AllowWebTrust) { |
| { |
| EXPECT_CALL(network_library_, AddNetworkProfileObserver(_)); |
| - // Initially web trust is disabled. |
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, false)) |
| - .Times(AtLeast(0)); |
| + const net::CertificateList empty_cert_list; |
| + |
| + base::FilePath cert_path = |
| + net::GetTestCertsDirectory().AppendASCII("ok_cert.pem"); |
| + std::string cert_data; |
| + ASSERT_TRUE(file_util::ReadFileToString(cert_path, &cert_data)); |
|
pneubeck (no reviews)
2013/03/26 10:01:25
is there a way to create fake certs?
how about tha
Joao da Silva
2013/03/31 19:22:14
These certificate files are used in several unit t
|
| + net::CertificateList cert_list = |
| + net::X509Certificate::CreateCertificateListFromBytes( |
| + cert_data.data(), |
| + cert_data.size(), |
| + net::X509Certificate::FORMAT_AUTO); |
| + ASSERT_EQ(1u, cert_list.size()); |
|
Ryan Sleevi
2013/03/25 21:09:53
Use https://code.google.com/p/chromium/codesearch#
Joao da Silva
2013/03/31 19:22:14
Thanks for the pointer, done.
|
| + |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _)) |
| + .WillRepeatedly(SetCertificateList(empty_cert_list)); |
| NetworkConfigurationUpdater updater(policy_service_.get(), |
| &network_library_); |
| + net::CertTrustAnchorProvider* trust_provider = |
| + updater.GetCertTrustAnchorProvider(); |
| + ASSERT_TRUE(trust_provider); |
| + // The initial list of trust anchors is empty. |
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| + EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty()); |
| + |
| + // Initially web trust is disabled. |
|
Ryan Sleevi
2013/03/25 21:09:53
nit: same comments re: "web trust"
Joao da Silva
2013/03/31 19:22:14
Done.
|
| updater.OnUserPolicyInitialized(); |
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty()); |
| - // Web trust should be forwarded to LoadOncNetworks. |
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, true)) |
| - .Times(AtLeast(0)); |
| - |
| + // Certificates with web trust should be forwarded to the trust provider. |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _)) |
| + .WillRepeatedly(SetCertificateList(cert_list)); |
| updater.set_allow_web_trust(true); |
| - |
| - PolicyMap policy; |
| - policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| - Value::CreateStringValue(kFakeONC)); |
| - UpdateProviderPolicy(policy); |
| + updater.OnUserPolicyInitialized(); |
|
pneubeck (no reviews)
2013/03/26 10:01:25
this call shouldn't be used a second time.
the imp
Joao da Silva
2013/03/31 19:22:14
Using the old trigger.
|
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + // Certificates are only provided as trust anchors if they come from user |
| + // policy. |
| + size_t expected_certs = 0u; |
| + if (GetParam() == key::kOpenNetworkConfiguration) |
| + expected_certs = 1u; |
| + EXPECT_EQ(expected_certs, |
| + trust_provider->GetAdditionalTrustAnchors().size()); |
| + |
| EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_)); |
| } |
| Mock::VerifyAndClearExpectations(&network_library_); |
| @@ -137,7 +191,7 @@ TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) { |
| // Ignore the initial updates. |
| EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _)) |
| - .Times(AtLeast(0)); |
| + .Times(AnyNumber()); |
| NetworkConfigurationUpdater updater(policy_service_.get(), |
| &network_library_); |
| updater.OnUserPolicyInitialized(); |
