Chromium Code Reviews Chromium Code Reviews
Issue 1306183007:
Switch to id-based affiliation determination (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc |
| diff --git a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc |
| index c936d30e04af163d30bfad40fe22745e9875092d..f22f7afa996b42b3e11503c587c5f857686cf00d 100644 |
| --- a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc |
| +++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc |
| @@ -5,29 +5,51 @@ |
| #include <cryptohi.h> |
| #include "base/macros.h" |
| +#include "base/memory/scoped_ptr.h" |
| +#include "base/path_service.h" |
| +#include "base/prefs/pref_service.h" |
| #include "base/strings/stringprintf.h" |
| +#include "chrome/browser/browser_process.h" |
| +#include "chrome/browser/chromeos/login/test/https_forwarder.h" |
| +#include "chrome/browser/chromeos/policy/affiliation_test_helper.h" |
| #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" |
| #include "chrome/browser/extensions/extension_apitest.h" |
| #include "chrome/browser/net/nss_context.h" |
| #include "chrome/browser/net/url_request_mock_util.h" |
| +#include "chrome/common/chrome_paths.h" |
| +#include "chrome/test/base/ui_test_utils.h" |
| #include "chromeos/chromeos_switches.h" |
| +#include "chromeos/dbus/dbus_thread_manager.h" |
| +#include "chromeos/dbus/fake_session_manager_client.h" |
| +#include "chromeos/dbus/session_manager_client.h" |
| #include "chromeos/login/user_names.h" |
| #include "components/policy/core/browser/browser_policy_connector.h" |
| #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| #include "components/policy/core/common/policy_map.h" |
| -#include "components/policy/core/common/policy_types.h" |
| #include "components/signin/core/account_id/account_id.h" |
| +#include "components/user_manager/user_manager.h" |
| #include "content/public/common/content_switches.h" |
| -#include "content/public/test/test_utils.h" |
| #include "crypto/nss_util_internal.h" |
| #include "crypto/scoped_test_system_nss_key_slot.h" |
| #include "extensions/browser/extension_registry.h" |
| #include "extensions/browser/test_extension_registry_observer.h" |
| +#include "extensions/browser/test_extension_registry_observer.h" |
| +#include "extensions/test/result_catcher.h" |
| +#include "google_apis/gaia/fake_gaia.h" |
| +#include "google_apis/gaia/gaia_constants.h" |
| +#include "google_apis/gaia/gaia_switches.h" |
| +#include "google_apis/gaia/gaia_urls.h" |
| #include "net/base/net_errors.h" |
| #include "net/cert/nss_cert_database.h" |
| +#include "net/dns/mock_host_resolver.h" |
| +#include "net/test/embedded_test_server/embedded_test_server.h" |
| +#include "net/test/embedded_test_server/http_request.h" |
| +#include "net/test/embedded_test_server/http_response.h" |
| #include "net/test/url_request/url_request_mock_http_job.h" |
| #include "policy/policy_constants.h" |
| #include "testing/gmock/include/gmock/gmock.h" |
| +#include "testing/gtest/include/gtest/gtest.h" |
| + |
| namespace { |
| @@ -134,6 +156,10 @@ void ImportPrivateKeyPKCS8ToSlot(const unsigned char* pkcs8_der, |
| // its extension ID is well-known and the policy system can push policies for |
| // the extension. |
| const char kTestExtensionID[] = "aecpbnckhoppanpmefllkdkohionpmig"; |
| +const char kAffiliationID[] = "some-affiliation-id"; |
| +const char kTestUserinfoToken[] = "fake-userinfo-token"; |
| + |
| +using chromeos::affiliation_test_helper::kEnterpriseUser; |
| enum SystemToken { |
| SYSTEM_TOKEN_EXISTS, |
| @@ -167,7 +193,34 @@ class EnterprisePlatformKeysTest |
| : public ExtensionApiTest, |
| public ::testing::WithParamInterface<Params> { |
| public: |
| - EnterprisePlatformKeysTest() {} |
| + EnterprisePlatformKeysTest() { |
| + // Command line should not be tweaked as if user is already logged in. |
| + set_chromeos_user_ = false; |
| + // We log in without running browser. |
| + set_exit_when_last_browser_closes(false); |
| + } |
| + |
| + void SetUp() override { |
| + base::FilePath test_data_dir; |
| + PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir); |
| + embedded_test_server()->ServeFilesFromDirectory(test_data_dir); |
| + |
| + embedded_test_server()->RegisterRequestHandler( |
| + base::Bind(&FakeGaia::HandleRequest, |
| + base::Unretained(&fake_gaia_))); |
| + |
| + // Don't spin up the IO thread yet since no threads are allowed while |
| + // spawning sandbox host process. See crbug.com/322732. |
| + ASSERT_TRUE(embedded_test_server()->InitializeAndListen()); |
| + |
| + // Start https wrapper here so that the URLs can be pointed at it in |
| + // SetUpCommandLine(). |
| + ASSERT_TRUE(gaia_https_forwarder_.Initialize( |
| + GaiaUrls::GetInstance()->gaia_url().host(), |
| + embedded_test_server()->base_url())); |
| + |
| + ExtensionApiTest::SetUp(); |
| + } |
| void SetUpCommandLine(base::CommandLine* command_line) override { |
| ExtensionApiTest::SetUpCommandLine(command_line); |
| @@ -176,27 +229,49 @@ class EnterprisePlatformKeysTest |
| command_line->AppendSwitch( |
| switches::kEnableExperimentalWebPlatformFeatures); |
| - std::string user_email = "someuser@anydomain.com"; |
| + chromeos::affiliation_test_helper:: |
| + AppendCommandLineSwitchesForLoginManager(command_line); |
| - // The command line flag kLoginUser determines the user's email and thus |
| - // his affiliation to the domain that the device is enrolled to. |
| - if (GetParam().user_affiliation_ == USER_AFFILIATION_ENROLLED_DOMAIN) |
| - user_email = chromeos::login::StubAccountId().GetUserEmail(); |
| + const GURL gaia_url = gaia_https_forwarder_.GetURLForSSLHost(std::string()); |
| + command_line->AppendSwitchASCII(::switches::kGaiaUrl, gaia_url.spec()); |
| + command_line->AppendSwitchASCII(::switches::kLsoUrl, gaia_url.spec()); |
| + command_line->AppendSwitchASCII(::switches::kGoogleApisUrl, |
| + gaia_url.spec()); |
| - command_line->AppendSwitchASCII(chromeos::switches::kLoginUser, user_email); |
| + fake_gaia_.Initialize(); |
| + fake_gaia_.set_issue_oauth_code_cookie(true); |
| } |
| void SetUpInProcessBrowserTestFixture() override { |
| ExtensionApiTest::SetUpInProcessBrowserTestFixture(); |
| + host_resolver()->AddRule("*", "127.0.0.1"); |
| + |
| + chromeos::FakeSessionManagerClient* fake_session_manager_client = |
| + new chromeos::FakeSessionManagerClient; |
| + chromeos::DBusThreadManager::GetSetterForTesting()->SetSessionManagerClient( |
| + scoped_ptr<chromeos::SessionManagerClient>( |
| + fake_session_manager_client)); |
| + |
| if (GetParam().device_status_ == DEVICE_STATUS_ENROLLED) { |
| - device_policy_test_helper_.device_policy()->policy_data().set_username( |
| - chromeos::login::StubAccountId().GetUserEmail()); |
| + std::set<std::string> device_affiliation_ids; |
| + device_affiliation_ids.insert(kAffiliationID); |
| + chromeos::affiliation_test_helper::SetDeviceAffiliationID( |
| + &device_policy_test_helper_, fake_session_manager_client, |
| + device_affiliation_ids); |
| + } |
| - device_policy_test_helper_.device_policy()->Build(); |
| - device_policy_test_helper_.MarkAsEnterpriseOwned(); |
| + |
| + if (GetParam().user_affiliation_ == USER_AFFILIATION_ENROLLED_DOMAIN) { |
| + std::set<std::string> user_affiliation_ids; |
| + user_affiliation_ids.insert(kAffiliationID); |
| + policy::UserPolicyBuilder user_policy; |
| + chromeos::affiliation_test_helper::SetUserAffiliationIDs( |
| + &user_policy, fake_session_manager_client, kEnterpriseUser, |
| + user_affiliation_ids); |
| } |
| + |
| EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_)) |
| .WillRepeatedly(testing::Return(true)); |
| policy_provider_.SetAutoRefresh(); |
| @@ -205,6 +280,30 @@ class EnterprisePlatformKeysTest |
| } |
| void SetUpOnMainThread() override { |
| + // Start the accept thread as the sandbox host process has already been |
| + // spawned. |
| + embedded_test_server()->StartAcceptingConnections(); |
| + |
| + FakeGaia::AccessTokenInfo token_info; |
| + token_info.scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth); |
| + token_info.scopes.insert(GaiaConstants::kOAuthWrapBridgeUserInfoScope); |
| + token_info.audience = GaiaUrls::GetInstance()->oauth2_chrome_client_id(); |
| + token_info.token = kTestUserinfoToken; |
| + token_info.email = kEnterpriseUser; |
| + fake_gaia_.IssueOAuthToken( |
| + chromeos::affiliation_test_helper::kFakeRefreshToken, |
| + token_info); |
| + |
| + // On PRE_ test stage list of users is empty at this point. Then in the body |
| + // of PRE_ test kEnterpriseUser is added. Afterwards in the main test flow |
| + // after PRE_ test the list of user contains one kEnterpriseUser user. |
| + // This user logs in. |
| + const base::ListValue* users = |
| + g_browser_process->local_state()->GetList("LoggedInUsers"); |
| + if (!users->empty()) { // This condition is not held in PRE_ test. |
| + chromeos::affiliation_test_helper::LoginUser(kEnterpriseUser); |
| + } |
|
oshima
2015/11/13 19:53:05
nuke {}
peletskyi
2015/11/16 14:33:15
Done.
|
| + |
| if (GetParam().system_token_ == SYSTEM_TOKEN_EXISTS) { |
| base::RunLoop loop; |
| content::BrowserThread::PostTask( |
| @@ -212,31 +311,11 @@ class EnterprisePlatformKeysTest |
| FROM_HERE, |
| base::Bind(&EnterprisePlatformKeysTest::SetUpTestSystemSlotOnIO, |
| base::Unretained(this), |
| - browser()->profile()->GetResourceContext(), |
| loop.QuitClosure())); |
| loop.Run(); |
| } |
| ExtensionApiTest::SetUpOnMainThread(); |
| - |
| - // Enable the URLRequestMock, which is required for force-installing the |
| - // test extension through policy. |
| - content::BrowserThread::PostTask( |
| - content::BrowserThread::IO, |
| - FROM_HERE, |
| - base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true)); |
| - |
| - { |
| - base::RunLoop loop; |
| - GetNSSCertDatabaseForProfile( |
| - browser()->profile(), |
| - base::Bind(&EnterprisePlatformKeysTest::DidGetCertDatabase, |
| - base::Unretained(this), |
| - loop.QuitClosure())); |
| - loop.Run(); |
| - } |
| - |
| - SetPolicy(); |
| } |
| void TearDownOnMainThread() override { |
| @@ -252,9 +331,9 @@ class EnterprisePlatformKeysTest |
| loop.QuitClosure())); |
| loop.Run(); |
| } |
| + EXPECT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete()); |
| } |
| - private: |
| void DidGetCertDatabase(const base::Closure& done_callback, |
| net::NSSCertDatabase* cert_db) { |
| // In order to use a prepared certificate, import a private key to the |
| @@ -265,28 +344,6 @@ class EnterprisePlatformKeysTest |
| done_callback.Run(); |
| } |
| - void SetUpTestSystemSlotOnIO(content::ResourceContext* context, |
| - const base::Closure& done_callback) { |
| - test_system_slot_.reset(new crypto::ScopedTestSystemNSSKeySlot()); |
| - ASSERT_TRUE(test_system_slot_->ConstructedSuccessfully()); |
| - |
| - // Import a private key to the system slot. The Javascript part of this |
| - // test has a prepared certificate for this key. |
| - ImportPrivateKeyPKCS8ToSlot(privateKeyPkcs8System, |
| - arraysize(privateKeyPkcs8System), |
| - test_system_slot_->slot()); |
| - |
| - content::BrowserThread::PostTask( |
| - content::BrowserThread::UI, FROM_HERE, done_callback); |
| - } |
| - |
| - void TearDownTestSystemSlotOnIO(const base::Closure& done_callback) { |
| - test_system_slot_.reset(); |
| - |
| - content::BrowserThread::PostTask( |
| - content::BrowserThread::UI, FROM_HERE, done_callback); |
| - } |
| - |
| void SetPolicy() { |
| // Extensions that are force-installed come from an update URL, which |
| // defaults to the webstore. Use a mock URL for this test with an update |
| @@ -315,14 +372,84 @@ class EnterprisePlatformKeysTest |
| observer.WaitForExtensionWillBeInstalled(); |
| } |
| + // Load |page_url| in |browser| and wait for PASSED or FAILED notification. |
| + // The functionality of this function is reduced functionality of |
| + // RunExtensionSubtest(), but we don't use it here because it requires |
| + // function InProcessBrowserTest::browser() to return non-NULL pointer. |
| + // Unfortunately it returns the value which is set in constructor and can't be |
| + // modified. Because on login flow there is no browser, the function |
| + // InProcessBrowserTest::browser() always returns NULL. Besides this we need |
| + // only very little functionality from RunExtensionSubtest(). Thus so that |
| + // don't make RunExtensionSubtest() to complex we just introduce a new |
| + // function. |
| + bool TestExtension(Browser* browser, const std::string& page_url) { |
| + DCHECK(!page_url.empty()) << "page_url cannot be empty"; |
| + |
| + extensions::ResultCatcher catcher; |
| + ui_test_utils::NavigateToURL(browser, GURL(page_url)); |
| + |
| + if (!catcher.GetNextResult()) { |
| + message_ = catcher.message(); |
| + return false; |
| + } |
| + return true; |
| + } |
| + |
| + private: |
| + |
| + void SetUpTestSystemSlotOnIO(const base::Closure& done_callback) { |
| + test_system_slot_.reset(new crypto::ScopedTestSystemNSSKeySlot()); |
| + ASSERT_TRUE(test_system_slot_->ConstructedSuccessfully()); |
| + |
| + // Import a private key to the system slot. The Javascript part of this |
| + // test has a prepared certificate for this key. |
| + ImportPrivateKeyPKCS8ToSlot(privateKeyPkcs8System, |
| + arraysize(privateKeyPkcs8System), |
| + test_system_slot_->slot()); |
| + |
| + content::BrowserThread::PostTask( |
| + content::BrowserThread::UI, FROM_HERE, done_callback); |
| + } |
| + |
| + void TearDownTestSystemSlotOnIO(const base::Closure& done_callback) { |
| + test_system_slot_.reset(); |
| + |
| + content::BrowserThread::PostTask( |
| + content::BrowserThread::UI, FROM_HERE, done_callback); |
| + } |
| + |
| policy::DevicePolicyCrosTestHelper device_policy_test_helper_; |
| scoped_ptr<crypto::ScopedTestSystemNSSKeySlot> test_system_slot_; |
| policy::MockConfigurationPolicyProvider policy_provider_; |
| + FakeGaia fake_gaia_; |
| + chromeos::HTTPSForwarder gaia_https_forwarder_; |
| }; |
| } // namespace |
| +IN_PROC_BROWSER_TEST_P(EnterprisePlatformKeysTest, PRE_Basic) { |
| + chromeos::affiliation_test_helper::PreLoginUser(kEnterpriseUser); |
| +} |
| + |
| IN_PROC_BROWSER_TEST_P(EnterprisePlatformKeysTest, Basic) { |
| + // Enable the URLRequestMock, which is required for force-installing the |
| + // test extension through policy. |
| + content::BrowserThread::PostTask( |
| + content::BrowserThread::IO, |
| + FROM_HERE, |
| + base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true)); |
| + |
| + { |
| + base::RunLoop loop; |
| + GetNSSCertDatabaseForProfile( |
| + profile(), |
| + base::Bind(&EnterprisePlatformKeysTest::DidGetCertDatabase, |
| + base::Unretained(this), |
| + loop.QuitClosure())); |
| + loop.Run(); |
| + } |
| + SetPolicy(); |
| + |
| // By default, the system token is disabled. |
| std::string system_token_availability = ""; |
| @@ -335,8 +462,7 @@ IN_PROC_BROWSER_TEST_P(EnterprisePlatformKeysTest, Basic) { |
| system_token_availability = "systemTokenEnabled"; |
| } |
| - ASSERT_TRUE(RunExtensionSubtest( |
| - "", |
| + ASSERT_TRUE(TestExtension(CreateBrowser(profile()), |
| base::StringPrintf("chrome-extension://%s/basic.html?%s", |
| kTestExtensionID, |
| system_token_availability.c_str()))) |
