Chromium Code Reviews Chromium Code Reviews
Issue 14192017:
Extract certificate policy application from NetworkLibrary. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/chromeos/policy/network_configuration_updater_impl_cros_unittest.cc |
| diff --git a/chrome/browser/chromeos/policy/network_configuration_updater_impl_cros_unittest.cc b/chrome/browser/chromeos/policy/network_configuration_updater_impl_cros_unittest.cc |
| index b1df6570050f6ea9f65bb92d60a0a31cd618f056..fa3bb2590be1098e114a34fdaea4ffc9c920a17b 100644 |
| --- a/chrome/browser/chromeos/policy/network_configuration_updater_impl_cros_unittest.cc |
| +++ b/chrome/browser/chromeos/policy/network_configuration_updater_impl_cros_unittest.cc |
| @@ -10,12 +10,15 @@ |
| #include "base/memory/scoped_ptr.h" |
| #include "base/message_loop.h" |
| #include "base/run_loop.h" |
| +#include "base/values.h" |
| #include "chrome/browser/chromeos/cros/mock_network_library.h" |
| #include "chrome/browser/policy/mock_configuration_policy_provider.h" |
| #include "chrome/browser/policy/policy_map.h" |
| #include "chrome/browser/policy/policy_service_impl.h" |
| #include "chrome/common/chrome_switches.h" |
| +#include "chromeos/network/mock_certificate_handler.h" |
| #include "chromeos/network/onc/onc_constants.h" |
| +#include "chromeos/network/onc/onc_test_utils.h" |
| #include "chromeos/network/onc/onc_utils.h" |
| #include "content/public/test/test_browser_thread.h" |
| #include "content/public/test/test_utils.h" |
| @@ -31,24 +34,56 @@ using testing::AnyNumber; |
| using testing::Mock; |
| using testing::Ne; |
| using testing::Return; |
| +using testing::StrictMock; |
| using testing::_; |
| +namespace onc = ::chromeos::onc; |
| + |
| namespace policy { |
| namespace { |
| -const char kFakeONC[] = "{ \"GUID\": \"1234\" }"; |
| +const char kFakeONC[] = |
| + "{ \"NetworkConfigurations\": [" |
| + " { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\"," |
| + " \"Type\": \"WiFi\"," |
| + " \"Name\": \"My WiFi Network\"," |
| + " \"WiFi\": {" |
| + " \"SSID\": \"ssid-none\"," |
| + " \"Security\": \"None\" }" |
| + " }" |
| + " ]," |
| + " \"Certificates\": [" |
| + " { \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\"," |
| + " \"PKCS12\": \"abc\"," |
| + " \"Type\": \"Client\" }" |
| + " ]," |
| + " \"Type\": \"UnencryptedConfiguration\"" |
| + "}"; |
| + |
| +std::string ValueToString(const base::Value* value) { |
| + std::stringstream str; |
| + str << *value; |
| + return str.str(); |
| +} |
| + |
| +// Matcher to match base::Value. |
| +MATCHER_P(IsEqualTo, |
| + value, |
| + std::string(negation ? "isn't" : "is") + " equal to " + |
| + ValueToString(value)) { |
| + return value->Equals(&arg); |
| +} |
| ACTION_P(SetCertificateList, list) { |
| - *arg3 = list; |
| + *arg2 = list; |
| return true; |
| } |
| } // namespace |
| // Tests of NetworkConfigurationUpdaterImplCros |
| -class NetworkConfigurationUpdaterTest |
| - : public testing::TestWithParam<const char*>{ |
| +class NetworkConfigurationUpdaterTest : public testing::Test { |
| protected: |
| NetworkConfigurationUpdaterTest() |
| : ui_thread_(content::BrowserThread::UI, &loop_), |
| @@ -64,6 +99,29 @@ class NetworkConfigurationUpdaterTest |
| CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| command_line->AppendSwitch(switches::kEnableWebTrustCerts); |
| + |
| + empty_network_configs_.reset(new base::ListValue); |
| + empty_certificates_.reset(new base::ListValue); |
| + |
| + scoped_ptr<base::DictionaryValue> fake_toplevel_onc = |
| + onc::ReadDictionaryFromJson(kFakeONC); |
| + |
| + base::Value* network_configs_value = NULL; |
| + base::ListValue* network_configs = NULL; |
| + fake_toplevel_onc->RemoveWithoutPathExpansion( |
| + onc::toplevel_config::kNetworkConfigurations, |
| + &network_configs_value); |
| + network_configs_value->GetAsList(&network_configs); |
| + fake_network_configs_.reset(network_configs); |
| + |
| + base::Value* certs_value = NULL; |
| + base::ListValue* certs = NULL; |
| + fake_toplevel_onc->RemoveWithoutPathExpansion( |
| + onc::toplevel_config::kCertificates, |
| + &certs_value); |
| + certs_value->GetAsList(&certs); |
| + fake_certificates_.reset(certs); |
| + |
|
Joao da Silva
2013/04/22 10:38:09
nit: remove newline
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| } |
| virtual void TearDown() OVERRIDE { |
| @@ -78,24 +136,81 @@ class NetworkConfigurationUpdaterTest |
| } |
| // Maps configuration policy name to corresponding ONC source. |
| - static chromeos::onc::ONCSource NameToONCSource( |
| + static onc::ONCSource NameToONCSource( |
| const std::string& name) { |
| if (name == key::kDeviceOpenNetworkConfiguration) |
| - return chromeos::onc::ONC_SOURCE_DEVICE_POLICY; |
| + return onc::ONC_SOURCE_DEVICE_POLICY; |
| if (name == key::kOpenNetworkConfiguration) |
| - return chromeos::onc::ONC_SOURCE_USER_POLICY; |
| - return chromeos::onc::ONC_SOURCE_NONE; |
| + return onc::ONC_SOURCE_USER_POLICY; |
| + return onc::ONC_SOURCE_NONE; |
| } |
| - chromeos::MockNetworkLibrary network_library_; |
| - MockConfigurationPolicyProvider provider_; |
| + scoped_ptr<base::ListValue> empty_network_configs_; |
| + scoped_ptr<base::ListValue> empty_certificates_; |
| + scoped_ptr<base::ListValue> fake_network_configs_; |
| + scoped_ptr<base::ListValue> fake_certificates_; |
| + StrictMock<chromeos::MockNetworkLibrary> network_library_; |
| + StrictMock<chromeos::MockCertificateHandler> certificate_handler_; |
| + StrictMock<MockConfigurationPolicyProvider> provider_; |
| scoped_ptr<PolicyServiceImpl> policy_service_; |
| MessageLoop loop_; |
| content::TestBrowserThread ui_thread_; |
| content::TestBrowserThread io_thread_; |
| }; |
| -TEST_P(NetworkConfigurationUpdaterTest, InitialUpdates) { |
| +TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { |
| + std::string onc_policy = |
| + onc::test_utils::ReadTestData("toplevel_partially_invalid.onc"); |
| + |
| + scoped_ptr<base::DictionaryValue> onc_repaired = |
| + onc::test_utils::ReadTestDictionary( |
| + "repaired_toplevel_partially_invalid.onc"); |
| + |
| + base::ListValue* network_configs_repaired = NULL; |
| + onc_repaired->GetListWithoutPathExpansion( |
| + onc::toplevel_config::kNetworkConfigurations, |
| + &network_configs_repaired); |
| + ASSERT_TRUE(network_configs_repaired); |
| + |
| + PolicyMap policy; |
| + policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, |
| + POLICY_SCOPE_USER, Value::CreateStringValue(onc_policy)); |
| + UpdateProviderPolicy(policy); |
| + |
| + EXPECT_CALL(network_library_, AddNetworkProfileObserver(_)); |
| + |
| + // Ignore the device policy update. |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates(_, _, _)); |
| + |
| + { |
|
Joao da Silva
2013/04/22 10:38:09
Extra {} scope not needed.
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| + NetworkConfigurationUpdaterImplCros updater(policy_service_.get(), |
| + &network_library_, |
| + &certificate_handler_); |
| + Mock::VerifyAndClearExpectations(&network_library_); |
| + Mock::VerifyAndClearExpectations(&certificate_handler_); |
| + |
| + // After the user policy is initialized, we always push both policies to the |
| + // NetworkLibrary. Ignore the device policy. |
| + EXPECT_CALL(network_library_, LoadOncNetworks( |
| + _, onc::ONC_SOURCE_DEVICE_POLICY)); |
| + EXPECT_CALL(network_library_, LoadOncNetworks( |
| + IsEqualTo(network_configs_repaired), |
| + onc::ONC_SOURCE_USER_POLICY)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates(_, _, _)).Times(2); |
| + |
| + EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_)); |
| + |
| + updater.OnUserPolicyInitialized(); |
| + } |
| +} |
| + |
| +class NetworkConfigurationUpdaterTestWithParam |
| + : public NetworkConfigurationUpdaterTest, |
|
Joao da Silva
2013/04/22 10:38:09
nit: single space after 'public'
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| + public testing::WithParamInterface<const char*> { |
| +}; |
| + |
| +TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { |
| PolicyMap policy; |
| policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| Value::CreateStringValue(kFakeONC)); |
| @@ -105,34 +220,54 @@ TEST_P(NetworkConfigurationUpdaterTest, InitialUpdates) { |
| // Initially, only the device policy is applied. The user policy is only |
| // applied after the user profile was initialized. |
| - const char* device_onc = GetParam() == key::kDeviceOpenNetworkConfiguration ? |
| - kFakeONC : chromeos::onc::kEmptyUnencryptedConfiguration; |
| + base::ListValue* device_networks; |
| + base::ListValue* device_certs; |
| + base::ListValue* user_networks; |
| + base::ListValue* user_certs; |
| + if (GetParam() == key::kDeviceOpenNetworkConfiguration) { |
| + device_networks = fake_network_configs_.get(); |
| + device_certs = fake_certificates_.get(); |
| + user_networks = empty_network_configs_.get(); |
| + user_certs = empty_certificates_.get(); |
| + } else { |
| + device_networks = empty_network_configs_.get(); |
| + device_certs = empty_certificates_.get(); |
| + user_networks = fake_network_configs_.get(); |
| + user_certs = fake_certificates_.get(); |
| + } |
| + |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - device_onc, "", chromeos::onc::ONC_SOURCE_DEVICE_POLICY, _)); |
| + IsEqualTo(device_networks), onc::ONC_SOURCE_DEVICE_POLICY)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(device_certs), onc::ONC_SOURCE_DEVICE_POLICY, _)); |
| { |
|
Joao da Silva
2013/04/22 10:38:09
Extra {} scope not needed.
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| NetworkConfigurationUpdaterImplCros updater(policy_service_.get(), |
| - &network_library_); |
| + &network_library_, |
| + &certificate_handler_); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + Mock::VerifyAndClearExpectations(&certificate_handler_); |
| // After the user policy is initialized, we always push both policies to the |
| // NetworkLibrary. |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - kFakeONC, "", NameToONCSource(GetParam()), _)); |
| + IsEqualTo(device_networks), onc::ONC_SOURCE_DEVICE_POLICY)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(device_certs), onc::ONC_SOURCE_DEVICE_POLICY, _)); |
| + |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - chromeos::onc::kEmptyUnencryptedConfiguration, |
| - "", |
| - Ne(NameToONCSource(GetParam())), |
| - _)); |
| + IsEqualTo(user_networks), onc::ONC_SOURCE_USER_POLICY)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(user_certs), onc::ONC_SOURCE_USER_POLICY, _)); |
| EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_)); |
| updater.OnUserPolicyInitialized(); |
| } |
| - Mock::VerifyAndClearExpectations(&network_library_); |
| } |
| -TEST_P(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) { |
| +TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| + AllowTrustedCertificatesFromPolicy) { |
| { |
|
Joao da Silva
2013/04/22 10:38:09
The extra {} scope is not needed.
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| EXPECT_CALL(network_library_, AddNetworkProfileObserver(_)); |
| @@ -144,10 +279,12 @@ TEST_P(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) { |
| net::X509Certificate::FORMAT_AUTO); |
| ASSERT_EQ(1u, cert_list.size()); |
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _)) |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _)).Times(AnyNumber()); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates(_, _, _)) |
| .WillRepeatedly(SetCertificateList(empty_cert_list)); |
| NetworkConfigurationUpdaterImplCros updater(policy_service_.get(), |
| - &network_library_); |
| + &network_library_, |
| + &certificate_handler_); |
| net::CertTrustAnchorProvider* trust_provider = |
| updater.GetCertTrustAnchorProvider(); |
| ASSERT_TRUE(trust_provider); |
| @@ -159,14 +296,17 @@ TEST_P(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) { |
| updater.OnUserPolicyInitialized(); |
| content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + Mock::VerifyAndClearExpectations(&certificate_handler_); |
| EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty()); |
| // Certificates with the "Web" trust flag set should be forwarded to the |
| // trust provider. |
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _)) |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates(_, _, _)) |
| .WillRepeatedly(SetCertificateList(empty_cert_list)); |
| - chromeos::onc::ONCSource current_source = NameToONCSource(GetParam()); |
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, current_source, _)) |
| + onc::ONCSource current_source = NameToONCSource(GetParam()); |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, current_source)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates(_, current_source, _)) |
| .WillRepeatedly(SetCertificateList(cert_list)); |
| updater.set_allow_trusted_certificates_from_policy(true); |
| // Trigger a policy update. |
| @@ -175,6 +315,7 @@ TEST_P(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) { |
| base::Value::CreateStringValue(kFakeONC)); |
| UpdateProviderPolicy(policy); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + Mock::VerifyAndClearExpectations(&certificate_handler_); |
| // Certificates are only provided as trust anchors if they come from user |
| // policy. |
| @@ -186,29 +327,36 @@ TEST_P(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) { |
| EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_)); |
| } |
| - Mock::VerifyAndClearExpectations(&network_library_); |
| } |
| -TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) { |
| +TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { |
| { |
|
Joao da Silva
2013/04/22 10:38:09
Extra {} scope not needed.
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| EXPECT_CALL(network_library_, AddNetworkProfileObserver(_)); |
| // Ignore the initial updates. |
| - EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _, _)) |
| + EXPECT_CALL(network_library_, LoadOncNetworks(_, _)) |
| + .Times(AnyNumber()); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates(_, _, _)) |
| .Times(AnyNumber()); |
| NetworkConfigurationUpdaterImplCros updater(policy_service_.get(), |
| - &network_library_); |
| + &network_library_, |
| + &certificate_handler_); |
| updater.OnUserPolicyInitialized(); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + Mock::VerifyAndClearExpectations(&certificate_handler_); |
| // We should update if policy changes. |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - kFakeONC, "", NameToONCSource(GetParam()), _)); |
| + IsEqualTo(fake_network_configs_.get()), NameToONCSource(GetParam()))); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(fake_certificates_.get()), NameToONCSource(GetParam()), _)); |
| // In the current implementation, we always apply both policies. |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - chromeos::onc::kEmptyUnencryptedConfiguration, |
| - "", |
| + IsEqualTo(empty_network_configs_.get()), |
| + Ne(NameToONCSource(GetParam())))); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(empty_certificates_.get()), |
| Ne(NameToONCSource(GetParam())), |
| _)); |
| @@ -217,28 +365,36 @@ TEST_P(NetworkConfigurationUpdaterTest, PolicyChange) { |
| Value::CreateStringValue(kFakeONC)); |
| UpdateProviderPolicy(policy); |
| Mock::VerifyAndClearExpectations(&network_library_); |
| + Mock::VerifyAndClearExpectations(&certificate_handler_); |
| // Another update is expected if the policy goes away. In the current |
| // implementation, we always apply both policies. |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - chromeos::onc::kEmptyUnencryptedConfiguration, "", |
| - chromeos::onc::ONC_SOURCE_DEVICE_POLICY, _)); |
| + IsEqualTo(empty_network_configs_.get()), |
| + onc::ONC_SOURCE_DEVICE_POLICY)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(empty_certificates_.get()), |
| + onc::ONC_SOURCE_DEVICE_POLICY, |
| + _)); |
| EXPECT_CALL(network_library_, LoadOncNetworks( |
| - chromeos::onc::kEmptyUnencryptedConfiguration, "", |
| - chromeos::onc::ONC_SOURCE_USER_POLICY, _)); |
| + IsEqualTo(empty_network_configs_.get()), |
| + onc::ONC_SOURCE_USER_POLICY)); |
| + EXPECT_CALL(certificate_handler_, ImportCertificates( |
| + IsEqualTo(empty_certificates_.get()), |
| + onc::ONC_SOURCE_USER_POLICY, |
| + _)); |
| EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_)); |
| policy.Erase(GetParam()); |
| UpdateProviderPolicy(policy); |
| } |
| - Mock::VerifyAndClearExpectations(&network_library_); |
| } |
| INSTANTIATE_TEST_CASE_P( |
| - NetworkConfigurationUpdaterTestInstance, |
| - NetworkConfigurationUpdaterTest, |
| + NetworkConfigurationUpdaterTestWithParamInstance, |
| + NetworkConfigurationUpdaterTestWithParam, |
| testing::Values(key::kDeviceOpenNetworkConfiguration, |
| key::kOpenNetworkConfiguration)); |
