Chromium Code Reviews Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
| 6 #include "base/metrics/field_trial.h" | 6 #include "base/metrics/field_trial.h" |
| 7 #include "base/prefs/pref_registry_simple.h" | |
| 8 #include "base/prefs/pref_service.h" | |
| 9 #include "base/prefs/testing_pref_service.h" | |
| 10 #include "base/run_loop.h" | |
| 7 #include "base/test/mock_entropy_provider.h" | 11 #include "base/test/mock_entropy_provider.h" |
| 12 #include "chrome/browser/extensions/event_router_forwarder.h" | |
| 8 #include "chrome/browser/io_thread.h" | 13 #include "chrome/browser/io_thread.h" |
| 9 #include "chrome/common/chrome_switches.h" | 14 #include "chrome/common/chrome_switches.h" |
| 15 #include "chrome/common/pref_names.h" | |
| 10 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_param s.h" | 16 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_param s.h" |
| 17 #include "components/policy/core/common/mock_policy_service.h" | |
| 18 #include "components/proxy_config/pref_proxy_config_tracker_impl.h" | |
| 19 #include "components/proxy_config/proxy_config_pref_names.h" | |
| 20 #include "content/public/browser/browser_thread.h" | |
| 21 #include "content/public/test/test_browser_thread_bundle.h" | |
| 22 #include "net/http/http_auth_handler_negotiate.h" | |
| 23 #include "net/http/http_auth_scheme.h" | |
| 11 #include "net/http/http_network_session.h" | 24 #include "net/http/http_network_session.h" |
| 12 #include "net/http/http_server_properties_impl.h" | 25 #include "net/http/http_server_properties_impl.h" |
| 13 #include "net/quic/quic_protocol.h" | 26 #include "net/quic/quic_protocol.h" |
| 14 #include "testing/gmock/include/gmock/gmock.h" | 27 #include "testing/gmock/include/gmock/gmock.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" | 28 #include "testing/gtest/include/gtest/gtest.h" |
| 16 | 29 |
| 30 #if defined(OS_CHROMEOS) | |
| 31 #include "chromeos/dbus/dbus_thread_manager.h" | |
| 32 #include "chromeos/network/network_handler.h" | |
| 33 #endif | |
| 34 | |
| 17 namespace test { | 35 namespace test { |
| 18 | 36 |
| 19 using ::testing::ElementsAre; | 37 using ::testing::ElementsAre; |
| 38 using ::testing::ReturnRef; | |
| 20 | 39 |
| 40 // Class used for accessing IOThread methods (friend of IOThread). | |
| 21 class IOThreadPeer { | 41 class IOThreadPeer { |
| 22 public: | 42 public: |
| 23 static void ConfigureQuicGlobals( | 43 static void ConfigureQuicGlobals( |
| 24 const base::CommandLine& command_line, | 44 const base::CommandLine& command_line, |
| 25 base::StringPiece quic_trial_group, | 45 base::StringPiece quic_trial_group, |
| 26 const std::map<std::string, std::string>& quic_trial_params, | 46 const std::map<std::string, std::string>& quic_trial_params, |
| 27 bool is_quic_allowed_by_policy, | 47 bool is_quic_allowed_by_policy, |
| 28 IOThread::Globals* globals) { | 48 IOThread::Globals* globals) { |
| 29 IOThread::ConfigureQuicGlobals(command_line, quic_trial_group, | 49 IOThread::ConfigureQuicGlobals(command_line, quic_trial_group, |
| 30 quic_trial_params, is_quic_allowed_by_policy, | 50 quic_trial_params, is_quic_allowed_by_policy, |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 43 static void ConfigureNPNGlobals(base::StringPiece npn_trial_group, | 63 static void ConfigureNPNGlobals(base::StringPiece npn_trial_group, |
| 44 IOThread::Globals* globals) { | 64 IOThread::Globals* globals) { |
| 45 IOThread::ConfigureNPNGlobals(npn_trial_group, globals); | 65 IOThread::ConfigureNPNGlobals(npn_trial_group, globals); |
| 46 } | 66 } |
| 47 | 67 |
| 48 static void InitializeNetworkSessionParamsFromGlobals( | 68 static void InitializeNetworkSessionParamsFromGlobals( |
| 49 const IOThread::Globals& globals, | 69 const IOThread::Globals& globals, |
| 50 net::HttpNetworkSession::Params* params) { | 70 net::HttpNetworkSession::Params* params) { |
| 51 IOThread::InitializeNetworkSessionParamsFromGlobals(globals, params); | 71 IOThread::InitializeNetworkSessionParamsFromGlobals(globals, params); |
| 52 } | 72 } |
| 73 | |
| 74 static void InitIOThread(IOThread* io_thread) { io_thread->Init(); } | |
| 75 | |
| 76 static void CleanUpIOThread(IOThread* io_thread) { io_thread->CleanUp(); } | |
| 53 }; | 77 }; |
| 54 | 78 |
| 55 class IOThreadTest : public testing::Test { | 79 class IOThreadTest : public testing::Test { |
| 56 public: | 80 public: |
| 57 IOThreadTest() | 81 IOThreadTest() |
| 58 : command_line_(base::CommandLine::NO_PROGRAM), | 82 : command_line_(base::CommandLine::NO_PROGRAM), |
| 59 is_quic_allowed_by_policy_(true) { | 83 is_quic_allowed_by_policy_(true) { |
| 60 globals_.http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 84 globals_.http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
| 61 } | 85 } |
| 62 | 86 |
| (...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 516 TEST_F(IOThreadTest, QuicDisallowedByPolicy) { | 540 TEST_F(IOThreadTest, QuicDisallowedByPolicy) { |
| 517 command_line_.AppendSwitch(switches::kEnableQuic); | 541 command_line_.AppendSwitch(switches::kEnableQuic); |
| 518 is_quic_allowed_by_policy_ = false; | 542 is_quic_allowed_by_policy_ = false; |
| 519 ConfigureQuicGlobals(); | 543 ConfigureQuicGlobals(); |
| 520 | 544 |
| 521 net::HttpNetworkSession::Params params; | 545 net::HttpNetworkSession::Params params; |
| 522 InitializeNetworkSessionParams(¶ms); | 546 InitializeNetworkSessionParams(¶ms); |
| 523 EXPECT_FALSE(params.enable_quic); | 547 EXPECT_FALSE(params.enable_quic); |
| 524 } | 548 } |
| 525 | 549 |
| 550 class IOThreadTestWithIOThreadObject : public testing::Test { | |
| 551 public: | |
| 552 // These functions need to be public, since it is difficult to bind to | |
| 553 // protected functions in a test (the code would need to explicitly contain | |
| 554 // the name of the actual test class). | |
| 555 void CheckCnameLookup(bool expected) { | |
| 556 auto negotiate_factory = getNegotiateFactory(); | |
| 557 // If we don't have a negotiate factory (net wasn't built with Kerberos) the | |
| 558 // policy does nothing so we can't test anything. | |
| 559 if (!negotiate_factory) | |
| 560 return; | |
| 561 EXPECT_EQ(expected, negotiate_factory->disable_cname_lookup()); | |
| 562 } | |
| 563 | |
| 564 void CheckUsePort(bool expected) { | |
| 565 auto negotiate_factory = getNegotiateFactory(); | |
| 566 // If we don't have a negotiate factory (net wasn't built with Kerberos) the | |
| 567 // policy does nothing so we can't test anything. | |
| 568 if (!negotiate_factory) | |
| 569 return; | |
| 570 EXPECT_EQ(expected, negotiate_factory->use_port()); | |
| 571 } | |
| 572 | |
| 573 #if defined(OS_ANDROID) | |
| 574 void CheckLibrary(std::string expected) { | |
| 575 auto negotiate_factory = getNegotiateFactory(); | |
| 576 // If we don't have a negotiate factory (net wasn't built with Kerberos) the | |
| 577 // policy does nothing so we can't test anything. | |
| 578 if (!negotiate_factory) | |
| 579 return; | |
| 580 EXPECT_EQ(expected, *(negotiate_factory->library())); | |
| 581 } | |
| 582 #endif | |
| 583 | |
| 584 void CheckCanUseDefaultCredentials(bool expected, const GURL& url) { | |
| 585 auto security_manager = io_thread()->globals()->url_security_manager.get(); | |
| 586 EXPECT_EQ(expected, security_manager->CanUseDefaultCredentials(url)); | |
| 587 } | |
| 588 | |
| 589 void CheckCanDelegate(bool expected, const GURL& url) { | |
| 590 auto security_manager = io_thread()->globals()->url_security_manager.get(); | |
| 591 EXPECT_EQ(expected, security_manager->CanDelegate(url)); | |
| 592 } | |
| 593 | |
| 594 protected: | |
| 595 // IOThreadTestWithIOThreadObject() : | |
| 596 // thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) { | |
| 597 IOThreadTestWithIOThreadObject() | |
| 598 : thread_bundle_(content::TestBrowserThreadBundle::REAL_IO_THREAD) { | |
| 599 // IOThreadTestWithIOThreadObject() { | |
| 600 #if defined(ENABLE_EXTENSIONS) | |
| 601 event_router_forwarder_ = new extensions::EventRouterForwarder; | |
| 602 #endif | |
| 603 PrefRegistrySimple* pref_registry = pref_service_.registry(); | |
| 604 IOThread::RegisterPrefs(pref_registry); | |
| 605 PrefProxyConfigTrackerImpl::RegisterPrefs(pref_registry); | |
| 606 ssl_config::SSLConfigServiceManager::RegisterPrefs(pref_registry); | |
| 607 | |
| 608 // Set up default function behaviour. | |
| 609 EXPECT_CALL(policy_service_, | |
| 610 GetPolicies(policy::PolicyNamespace( | |
| 611 policy::POLICY_DOMAIN_CHROME, std::string()))) | |
| 612 .WillRepeatedly(ReturnRef(policy_map_)); | |
| 613 | |
| 614 #if defined(OS_CHROMEOS) | |
| 615 // Needed by IOThread constructor. | |
| 616 chromeos::DBusThreadManager::Initialize(); | |
| 617 chromeos::NetworkHandler::Initialize(); | |
| 618 #endif | |
| 619 io_thread_.reset(new IOThread(&pref_service_, &policy_service_, nullptr, | |
| 620 event_router_forwarder_.get())); | |
| 621 // Init must be run on the IO thread. | |
| 622 RunOnIOThreadBlocking( | |
| 623 base::Bind(&IOThreadPeer::InitIOThread, io_thread_.get())); | |
| 624 } | |
| 625 | |
| 626 ~IOThreadTestWithIOThreadObject() override { | |
| 627 RunOnIOThreadBlocking( | |
| 628 base::Bind(&IOThreadPeer::CleanUpIOThread, io_thread_.get())); | |
| 629 #if defined(OS_CHROMEOS) | |
| 630 chromeos::NetworkHandler::Shutdown(); | |
| 631 chromeos::DBusThreadManager::Shutdown(); | |
| 632 #endif | |
| 633 } | |
| 634 TestingPrefServiceSimple* pref_service() { return &pref_service_; } | |
| 635 | |
| 636 IOThread* io_thread() { return io_thread_.get(); } | |
| 637 | |
| 638 void RunOnIOThreadBlocking(base::Closure task) { | |
| 639 base::RunLoop run_loop; | |
| 640 content::BrowserThread::PostTaskAndReply( | |
| 641 content::BrowserThread::IO, FROM_HERE, task, run_loop.QuitClosure()); | |
| 642 run_loop.Run(); | |
| 643 } | |
| 644 | |
| 645 private: | |
| 646 content::TestBrowserThreadBundle thread_bundle_; | |
| 647 TestingPrefServiceSimple pref_service_; | |
| 648 scoped_refptr<extensions::EventRouterForwarder> event_router_forwarder_; | |
| 649 policy::PolicyMap policy_map_; | |
| 650 policy::MockPolicyService policy_service_; | |
| 651 scoped_ptr<IOThread> io_thread_; | |
| 652 IOThread::Globals globals_; | |
| 653 | |
| 654 net::HttpAuthHandlerNegotiate::Factory* getNegotiateFactory() { | |
|
asanka
2015/11/10 15:48:06
GetNegotiateFactory
| |
| 655 auto factory = static_cast<net::HttpAuthHandlerRegistryFactory*>( | |
| 656 io_thread()->globals()->http_auth_handler_factory.get()); | |
| 657 auto negotiate_factory = | |
|
asanka
2015/11/10 15:48:06
This test relies on implementation details in //ne
aberent
2015/11/13 17:46:32
Done.
| |
| 658 static_cast<net::HttpAuthHandlerNegotiate::Factory*>( | |
| 659 factory->GetSchemeFactory(net::kNegotiateAuthScheme)); | |
| 660 return negotiate_factory; | |
| 661 } | |
| 662 }; | |
| 663 | |
| 664 TEST_F(IOThreadTestWithIOThreadObject, UpdateNegotiateDisableCnameLookup) { | |
| 665 pref_service()->SetBoolean(prefs::kDisableAuthNegotiateCnameLookup, false); | |
| 666 RunOnIOThreadBlocking( | |
| 667 base::Bind(&IOThreadTestWithIOThreadObject::CheckCnameLookup, | |
| 668 base::Unretained(this), false)); | |
| 669 pref_service()->SetBoolean(prefs::kDisableAuthNegotiateCnameLookup, true); | |
| 670 RunOnIOThreadBlocking( | |
| 671 base::Bind(&IOThreadTestWithIOThreadObject::CheckCnameLookup, | |
| 672 base::Unretained(this), true)); | |
| 673 } | |
| 674 | |
| 675 TEST_F(IOThreadTestWithIOThreadObject, UpdateEnableAuthNegotiatePort) { | |
| 676 pref_service()->SetBoolean(prefs::kEnableAuthNegotiatePort, false); | |
| 677 RunOnIOThreadBlocking( | |
| 678 base::Bind(&IOThreadTestWithIOThreadObject::CheckUsePort, | |
| 679 base::Unretained(this), false)); | |
| 680 pref_service()->SetBoolean(prefs::kEnableAuthNegotiatePort, true); | |
| 681 RunOnIOThreadBlocking( | |
| 682 base::Bind(&IOThreadTestWithIOThreadObject::CheckUsePort, | |
| 683 base::Unretained(this), true)); | |
| 684 } | |
| 685 | |
| 686 TEST_F(IOThreadTestWithIOThreadObject, UpdateServerWhitelist) { | |
| 687 GURL url("http://test.example.com"); | |
| 688 | |
| 689 pref_service()->SetString(prefs::kAuthServerWhitelist, ""); | |
| 690 RunOnIOThreadBlocking( | |
| 691 base::Bind(&IOThreadTestWithIOThreadObject::CheckCanUseDefaultCredentials, | |
| 692 base::Unretained(this), false, url)); | |
| 693 | |
| 694 pref_service()->SetString(prefs::kAuthServerWhitelist, "*"); | |
| 695 RunOnIOThreadBlocking( | |
| 696 base::Bind(&IOThreadTestWithIOThreadObject::CheckCanUseDefaultCredentials, | |
| 697 base::Unretained(this), true, url)); | |
| 698 } | |
| 699 | |
| 700 TEST_F(IOThreadTestWithIOThreadObject, UpdateDelegateWhitelist) { | |
| 701 GURL url("http://test.example.com"); | |
| 702 | |
| 703 pref_service()->SetString(prefs::kAuthNegotiateDelegateWhitelist, ""); | |
| 704 RunOnIOThreadBlocking( | |
| 705 base::Bind(&IOThreadTestWithIOThreadObject::CheckCanDelegate, | |
| 706 base::Unretained(this), false, url)); | |
| 707 | |
| 708 pref_service()->SetString(prefs::kAuthNegotiateDelegateWhitelist, "*"); | |
| 709 RunOnIOThreadBlocking( | |
| 710 base::Bind(&IOThreadTestWithIOThreadObject::CheckCanDelegate, | |
| 711 base::Unretained(this), true, url)); | |
| 712 } | |
| 713 | |
| 714 #if defined(OS_ANDROID) | |
| 715 // AuthAndroidNegotiateAccountType is only used on Android. | |
| 716 TEST_F(IOThreadTestWithIOThreadObject, UpdateAuthAndroidNegotiateAccountType) { | |
| 717 pref_service()->SetString(prefs::kAuthAndroidNegotiateAccountType, "acc1"); | |
| 718 RunOnIOThreadBlocking( | |
| 719 base::Bind(&IOThreadTestWithIOThreadObject::CheckLibrary, | |
| 720 base::Unretained(this), "acc1")); | |
| 721 pref_service()->SetString(prefs::kAuthAndroidNegotiateAccountType, "acc2"); | |
| 722 RunOnIOThreadBlocking( | |
| 723 base::Bind(&IOThreadTestWithIOThreadObject::CheckLibrary, | |
| 724 base::Unretained(this), "acc2")); | |
| 725 } | |
| 726 #endif | |
| 727 | |
| 526 } // namespace test | 728 } // namespace test |
| OLD | NEW |
