| Index: chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc
|
| diff --git a/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc b/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc
|
| index 7290ff3bfe8d9a84fcaf2129330f52be75d3ab63..1a6360aea9a7ff209a3ecbcf472fe5604b1997ee 100644
|
| --- a/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc
|
| +++ b/chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc
|
| @@ -4,6 +4,9 @@
|
|
|
| #include "chrome/browser/chromeos/policy/network_configuration_updater.h"
|
|
|
| +#include "base/command_line.h"
|
| +#include "base/file_util.h"
|
| +#include "base/files/file_path.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/message_loop.h"
|
| #include "base/run_loop.h"
|
| @@ -11,13 +14,20 @@
|
| #include "chrome/browser/policy/mock_configuration_policy_provider.h"
|
| #include "chrome/browser/policy/policy_map.h"
|
| #include "chrome/browser/policy/policy_service_impl.h"
|
| +#include "chrome/common/chrome_switches.h"
|
| #include "chromeos/network/onc/onc_constants.h"
|
| #include "chromeos/network/onc/onc_utils.h"
|
| +#include "content/public/test/test_browser_thread.h"
|
| +#include "content/public/test/test_utils.h"
|
| +#include "net/base/test_data_directory.h"
|
| +#include "net/cert/cert_trust_anchor_provider.h"
|
| +#include "net/cert/x509_certificate.h"
|
| +#include "net/test/cert_test_util.h"
|
| #include "policy/policy_constants.h"
|
| #include "testing/gmock/include/gmock/gmock.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
|
|
| -using testing::AtLeast;
|
| +using testing::AnyNumber;
|
| using testing::Mock;
|
| using testing::Ne;
|
| using testing::Return;
|
| @@ -25,11 +35,24 @@ using testing::_;
|
|
|
| namespace policy {
|
|
|
| -static const char kFakeONC[] = "{ \"GUID\": \"1234\" }";
|
| +namespace {
|
| +
|
| +const char kFakeONC[] = "{ \"GUID\": \"1234\" }";
|
| +
|
| +ACTION_P(SetCertificateList, list) {
|
| + *arg3 = list;
|
| + return true;
|
| +}
|
| +
|
| +} // namespace
|
|
|
| class NetworkConfigurationUpdaterTest
|
| : public testing::TestWithParam<const char*>{
|
| protected:
|
| + NetworkConfigurationUpdaterTest()
|
| + : ui_thread_(content::BrowserThread::UI, &loop_),
|
| + io_thread_(content::BrowserThread::IO, &loop_) {}
|
| +
|
| virtual void SetUp() OVERRIDE {
|
| EXPECT_CALL(provider_, IsInitializationComplete(_))
|
| .WillRepeatedly(Return(true));
|
| @@ -37,10 +60,14 @@ class NetworkConfigurationUpdaterTest
|
| PolicyServiceImpl::Providers providers;
|
| providers.push_back(&provider_);
|
| policy_service_.reset(new PolicyServiceImpl(providers));
|
| +
|
| + CommandLine* command_line = CommandLine::ForCurrentProcess();
|
| + command_line->AppendSwitch(switches::kEnableWebTrustCerts);
|
| }
|
|
|
| virtual void TearDown() OVERRIDE {
|
| provider_.Shutdown();
|
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO);
|
| }
|
|
|
| void UpdateProviderPolicy(const PolicyMap& policy) {
|
| @@ -63,6 +90,8 @@ class NetworkConfigurationUpdaterTest
|
| MockConfigurationPolicyProvider provider_;
|
| scoped_ptr<PolicyServiceImpl> policy_service_;
|
| MessageLoop loop_;
|
| + content::TestBrowserThread ui_thread_;
|
| + content::TestBrowserThread io_thread_;
|
| };
|
|
|
| TEST_P(NetworkConfigurationUpdaterTest, InitialUpdates) {
|
| @@ -102,30 +131,58 @@ TEST_P(NetworkConfigurationUpdaterTest, InitialUpdates) {
|
| Mock::VerifyAndClearExpectations(&network_library_);
|
| }
|
|
|
| -TEST_P(NetworkConfigurationUpdaterTest, AllowWebTrust) {
|
| +TEST_P(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) {
|
| {
|
| EXPECT_CALL(network_library_, AddNetworkProfileObserver(_));
|
|
|
| - // Initially web trust is disabled.
|
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, false))
|
| - .Times(AtLeast(0));
|
| + const net::CertificateList empty_cert_list;
|
| +
|
| + const net::CertificateList cert_list =
|
| + net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
|
| + "ok_cert.pem",
|
| + net::X509Certificate::FORMAT_AUTO);
|
| + ASSERT_EQ(1u, cert_list.size());
|
| +
|
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _))
|
| + .WillRepeatedly(SetCertificateList(empty_cert_list));
|
| NetworkConfigurationUpdater updater(policy_service_.get(),
|
| &network_library_);
|
| + net::CertTrustAnchorProvider* trust_provider =
|
| + updater.GetCertTrustAnchorProvider();
|
| + ASSERT_TRUE(trust_provider);
|
| + // The initial list of trust anchors is empty.
|
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO);
|
| + EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty());
|
| +
|
| + // Initially, certificates imported from policy don't have trust flags.
|
| updater.OnUserPolicyInitialized();
|
| + content::RunAllPendingInMessageLoop(content::BrowserThread::IO);
|
| Mock::VerifyAndClearExpectations(&network_library_);
|
| + EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty());
|
|
|
| - // Web trust should be forwarded to LoadOncNetworks.
|
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, true))
|
| - .Times(AtLeast(0));
|
| -
|
| - updater.set_allow_web_trust(true);
|
| -
|
| + // Certificates with the "Web" trust flag set should be forwarded to the
|
| + // trust provider.
|
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _))
|
| + .WillRepeatedly(SetCertificateList(empty_cert_list));
|
| + chromeos::onc::ONCSource current_source = NameToONCSource(GetParam());
|
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _, current_source, _))
|
| + .WillRepeatedly(SetCertificateList(cert_list));
|
| + updater.set_allow_trusted_certificates_from_policy(true);
|
| + // Trigger a policy update.
|
| PolicyMap policy;
|
| policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
|
| - Value::CreateStringValue(kFakeONC));
|
| + base::Value::CreateStringValue(kFakeONC));
|
| UpdateProviderPolicy(policy);
|
| Mock::VerifyAndClearExpectations(&network_library_);
|
|
|
| + // Certificates are only provided as trust anchors if they come from user
|
| + // policy.
|
| + size_t expected_certs = 0u;
|
| + if (GetParam() == key::kOpenNetworkConfiguration)
|
| + expected_certs = 1u;
|
| + EXPECT_EQ(expected_certs,
|
| + trust_provider->GetAdditionalTrustAnchors().size());
|
| +
|
| EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_));
|
| }
|
| Mock::VerifyAndClearExpectations(&network_library_);
|
| @@ -137,7 +194,7 @@ TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) {
|
|
|
| // Ignore the initial updates.
|
| EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _))
|
| - .Times(AtLeast(0));
|
| + .Times(AnyNumber());
|
| NetworkConfigurationUpdater updater(policy_service_.get(),
|
| &network_library_);
|
| updater.OnUserPolicyInitialized();
|
|
|
Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src