| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "chrome/browser/chromeos/login/user.h" | 12 #include "chrome/browser/chromeos/login/user.h" |
| 13 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" | 13 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" |
| 14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 15 #include "chrome/browser/chromeos/settings/cros_settings.h" | 15 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 16 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 16 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 17 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" | 17 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" |
| 18 #include "chrome/test/base/testing_profile.h" |
| 18 #include "chromeos/network/fake_network_device_handler.h" | 19 #include "chromeos/network/fake_network_device_handler.h" |
| 19 #include "chromeos/network/mock_managed_network_configuration_handler.h" | 20 #include "chromeos/network/mock_managed_network_configuration_handler.h" |
| 20 #include "chromeos/network/onc/mock_certificate_importer.h" | 21 #include "chromeos/network/onc/mock_certificate_importer.h" |
| 21 #include "chromeos/network/onc/onc_test_utils.h" | 22 #include "chromeos/network/onc/onc_test_utils.h" |
| 22 #include "chromeos/network/onc/onc_utils.h" | 23 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/onc/onc_constants.h" | 24 #include "components/onc/onc_constants.h" |
| 24 #include "components/policy/core/common/external_data_fetcher.h" | 25 #include "components/policy/core/common/external_data_fetcher.h" |
| 25 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 26 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 26 #include "components/policy/core/common/policy_map.h" | 27 #include "components/policy/core/common/policy_map.h" |
| 27 #include "components/policy/core/common/policy_service_impl.h" | 28 #include "components/policy/core/common/policy_service_impl.h" |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 | 142 |
| 142 } // namespace | 143 } // namespace |
| 143 | 144 |
| 144 class NetworkConfigurationUpdaterTest : public testing::Test { | 145 class NetworkConfigurationUpdaterTest : public testing::Test { |
| 145 protected: | 146 protected: |
| 146 NetworkConfigurationUpdaterTest() { | 147 NetworkConfigurationUpdaterTest() { |
| 147 } | 148 } |
| 148 | 149 |
| 149 virtual void SetUp() OVERRIDE { | 150 virtual void SetUp() OVERRIDE { |
| 150 EXPECT_CALL(provider_, IsInitializationComplete(_)) | 151 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 151 .WillRepeatedly(Return(true)); | 152 .WillRepeatedly(Return(false)); |
| 152 provider_.Init(); | 153 provider_.Init(); |
| 153 PolicyServiceImpl::Providers providers; | 154 PolicyServiceImpl::Providers providers; |
| 154 providers.push_back(&provider_); | 155 providers.push_back(&provider_); |
| 155 policy_service_.reset(new PolicyServiceImpl(providers)); | 156 policy_service_.reset(new PolicyServiceImpl(providers)); |
| 156 | 157 |
| 157 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = | 158 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = |
| 158 chromeos::onc::ReadDictionaryFromJson(kFakeONC); | 159 chromeos::onc::ReadDictionaryFromJson(kFakeONC); |
| 159 | 160 |
| 160 base::ListValue* network_configs = NULL; | 161 base::ListValue* network_configs = NULL; |
| 161 fake_toplevel_onc->GetListWithoutPathExpansion( | 162 fake_toplevel_onc->GetListWithoutPathExpansion( |
| (...skipping 14 matching lines...) Expand all Loading... |
| 176 new StrictMock<chromeos::onc::MockCertificateImporter>(); | 177 new StrictMock<chromeos::onc::MockCertificateImporter>(); |
| 177 certificate_importer_owned_.reset(certificate_importer_); | 178 certificate_importer_owned_.reset(certificate_importer_); |
| 178 } | 179 } |
| 179 | 180 |
| 180 virtual void TearDown() OVERRIDE { | 181 virtual void TearDown() OVERRIDE { |
| 181 network_configuration_updater_.reset(); | 182 network_configuration_updater_.reset(); |
| 182 provider_.Shutdown(); | 183 provider_.Shutdown(); |
| 183 base::RunLoop().RunUntilIdle(); | 184 base::RunLoop().RunUntilIdle(); |
| 184 } | 185 } |
| 185 | 186 |
| 187 void MarkPolicyProviderInitialized() { |
| 188 Mock::VerifyAndClearExpectations(&provider_); |
| 189 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 190 .WillRepeatedly(Return(true)); |
| 191 provider_.SetAutoRefresh(); |
| 192 provider_.RefreshPolicies(); |
| 193 base::RunLoop().RunUntilIdle(); |
| 194 } |
| 195 |
| 186 void UpdateProviderPolicy(const PolicyMap& policy) { | 196 void UpdateProviderPolicy(const PolicyMap& policy) { |
| 187 provider_.UpdateChromePolicy(policy); | 197 provider_.UpdateChromePolicy(policy); |
| 188 base::RunLoop().RunUntilIdle(); | 198 base::RunLoop().RunUntilIdle(); |
| 189 } | 199 } |
| 190 | 200 |
| 191 UserNetworkConfigurationUpdater* | 201 UserNetworkConfigurationUpdater* |
| 192 CreateNetworkConfigurationUpdaterForUserPolicy( | 202 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 193 bool allow_trusted_certs_from_policy) { | 203 bool allow_trusted_certs_from_policy, |
| 204 bool set_cert_importer) { |
| 194 UserNetworkConfigurationUpdater* updater = | 205 UserNetworkConfigurationUpdater* updater = |
| 195 UserNetworkConfigurationUpdater::CreateForUserPolicy( | 206 UserNetworkConfigurationUpdater::CreateForUserPolicy( |
| 207 &profile_, |
| 196 allow_trusted_certs_from_policy, | 208 allow_trusted_certs_from_policy, |
| 197 fake_user_, | 209 fake_user_, |
| 198 certificate_importer_owned_.Pass(), | |
| 199 policy_service_.get(), | 210 policy_service_.get(), |
| 200 &network_config_handler_).release(); | 211 &network_config_handler_).release(); |
| 212 if (set_cert_importer) { |
| 213 EXPECT_TRUE(certificate_importer_owned_); |
| 214 updater->SetCertificateImporterForTest( |
| 215 certificate_importer_owned_.Pass()); |
| 216 } |
| 201 network_configuration_updater_.reset(updater); | 217 network_configuration_updater_.reset(updater); |
| 202 return updater; | 218 return updater; |
| 203 } | 219 } |
| 204 | 220 |
| 205 void CreateNetworkConfigurationUpdaterForDevicePolicy() { | 221 void CreateNetworkConfigurationUpdaterForDevicePolicy() { |
| 206 network_configuration_updater_ = | 222 network_configuration_updater_ = |
| 207 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( | 223 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( |
| 208 certificate_importer_owned_.Pass(), | |
| 209 policy_service_.get(), | 224 policy_service_.get(), |
| 210 &network_config_handler_, | 225 &network_config_handler_, |
| 211 &network_device_handler_, | 226 &network_device_handler_, |
| 212 chromeos::CrosSettings::Get()); | 227 chromeos::CrosSettings::Get()); |
| 213 } | 228 } |
| 214 | 229 |
| 215 base::ListValue fake_network_configs_; | 230 base::ListValue fake_network_configs_; |
| 216 base::DictionaryValue fake_global_network_config_; | 231 base::DictionaryValue fake_global_network_config_; |
| 217 base::ListValue fake_certificates_; | 232 base::ListValue fake_certificates_; |
| 218 StrictMock<chromeos::MockManagedNetworkConfigurationHandler> | 233 StrictMock<chromeos::MockManagedNetworkConfigurationHandler> |
| 219 network_config_handler_; | 234 network_config_handler_; |
| 220 FakeNetworkDeviceHandler network_device_handler_; | 235 FakeNetworkDeviceHandler network_device_handler_; |
| 221 | 236 |
| 222 // Not used directly. Required for CrosSettings. | 237 // Not used directly. Required for CrosSettings. |
| 223 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; | 238 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; |
| 224 chromeos::ScopedTestCrosSettings scoped_cros_settings_; | 239 chromeos::ScopedTestCrosSettings scoped_cros_settings_; |
| 225 | 240 |
| 226 // Ownership of certificate_importer_owned_ is passed to the | 241 // Ownership of certificate_importer_owned_ is passed to the |
| 227 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| | 242 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| |
| 228 // continues to point to that instance but |certificate_importer_owned_| is | 243 // continues to point to that instance but |certificate_importer_owned_| is |
| 229 // released. | 244 // released. |
| 230 StrictMock<chromeos::onc::MockCertificateImporter>* certificate_importer_; | 245 StrictMock<chromeos::onc::MockCertificateImporter>* certificate_importer_; |
| 231 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; | 246 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; |
| 232 | 247 |
| 233 StrictMock<MockConfigurationPolicyProvider> provider_; | 248 StrictMock<MockConfigurationPolicyProvider> provider_; |
| 234 scoped_ptr<PolicyServiceImpl> policy_service_; | 249 scoped_ptr<PolicyServiceImpl> policy_service_; |
| 235 FakeUser fake_user_; | 250 FakeUser fake_user_; |
| 236 | 251 |
| 252 TestingProfile profile_; |
| 253 |
| 237 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; | 254 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; |
| 238 content::TestBrowserThreadBundle thread_bundle_; | 255 content::TestBrowserThreadBundle thread_bundle_; |
| 239 }; | 256 }; |
| 240 | 257 |
| 241 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { | 258 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { |
| 242 // Ignore networ config updates. | 259 // Ignore network config updates. |
| 243 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); | 260 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); |
| 244 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | |
| 245 .Times(AtLeast(1)); | |
| 246 | 261 |
| 247 // Setup the DataRoaming device setting. | 262 // Setup the DataRoaming device setting. |
| 248 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); | 263 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); |
| 249 chromeos::CrosSettingsProvider* device_settings_provider = | 264 chromeos::CrosSettingsProvider* device_settings_provider = |
| 250 cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled); | 265 cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled); |
| 251 cros_settings->RemoveSettingsProvider(device_settings_provider); | 266 cros_settings->RemoveSettingsProvider(device_settings_provider); |
| 252 delete device_settings_provider; | 267 delete device_settings_provider; |
| 253 chromeos::StubCrosSettingsProvider* stub_settings_provider = | 268 chromeos::StubCrosSettingsProvider* stub_settings_provider = |
| 254 new chromeos::StubCrosSettingsProvider; | 269 new chromeos::StubCrosSettingsProvider; |
| 255 cros_settings->AddSettingsProvider(stub_settings_provider); | 270 cros_settings->AddSettingsProvider(stub_settings_provider); |
| 256 | 271 |
| 257 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, | 272 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, |
| 258 base::FundamentalValue(false)); | 273 base::FundamentalValue(false)); |
| 259 EXPECT_FALSE(network_device_handler_.allow_roaming_); | 274 EXPECT_FALSE(network_device_handler_.allow_roaming_); |
| 260 | 275 |
| 261 CreateNetworkConfigurationUpdaterForDevicePolicy(); | 276 CreateNetworkConfigurationUpdaterForDevicePolicy(); |
| 277 MarkPolicyProviderInitialized(); |
| 262 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, | 278 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, |
| 263 base::FundamentalValue(true)); | 279 base::FundamentalValue(true)); |
| 264 EXPECT_TRUE(network_device_handler_.allow_roaming_); | 280 EXPECT_TRUE(network_device_handler_.allow_roaming_); |
| 265 | 281 |
| 266 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, | 282 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, |
| 267 base::FundamentalValue(false)); | 283 base::FundamentalValue(false)); |
| 268 EXPECT_FALSE(network_device_handler_.allow_roaming_); | 284 EXPECT_FALSE(network_device_handler_.allow_roaming_); |
| 269 } | 285 } |
| 270 | 286 |
| 271 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { | 287 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { |
| (...skipping 21 matching lines...) Expand all Loading... |
| 293 new base::StringValue(onc_policy), | 309 new base::StringValue(onc_policy), |
| 294 NULL); | 310 NULL); |
| 295 UpdateProviderPolicy(policy); | 311 UpdateProviderPolicy(policy); |
| 296 | 312 |
| 297 EXPECT_CALL(network_config_handler_, | 313 EXPECT_CALL(network_config_handler_, |
| 298 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | 314 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 299 _, | 315 _, |
| 300 IsEqualTo(network_configs_repaired), | 316 IsEqualTo(network_configs_repaired), |
| 301 IsEqualTo(global_config_repaired))); | 317 IsEqualTo(global_config_repaired))); |
| 302 EXPECT_CALL(*certificate_importer_, | 318 EXPECT_CALL(*certificate_importer_, |
| 303 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)); | 319 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)); |
| 304 | 320 |
| 305 CreateNetworkConfigurationUpdaterForUserPolicy( | 321 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 306 false /* do not allow trusted certs from policy */ ); | 322 false /* do not allow trusted certs from policy */, |
| 323 true /* set certificate importer */); |
| 324 MarkPolicyProviderInitialized(); |
| 307 } | 325 } |
| 308 | 326 |
| 309 TEST_F(NetworkConfigurationUpdaterTest, | 327 TEST_F(NetworkConfigurationUpdaterTest, |
| 310 DoNotAllowTrustedCertificatesFromPolicy) { | 328 DoNotAllowTrustedCertificatesFromPolicy) { |
| 311 net::CertificateList cert_list; | 329 net::CertificateList cert_list; |
| 312 cert_list = | 330 cert_list = |
| 313 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 331 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 314 "ok_cert.pem", | 332 "ok_cert.pem", |
| 315 net::X509Certificate::FORMAT_AUTO); | 333 net::X509Certificate::FORMAT_AUTO); |
| 316 ASSERT_EQ(1u, cert_list.size()); | 334 ASSERT_EQ(1u, cert_list.size()); |
| 317 | 335 |
| 318 EXPECT_CALL(network_config_handler_, | 336 EXPECT_CALL(network_config_handler_, |
| 319 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); | 337 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); |
| 320 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | 338 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) |
| 321 .WillRepeatedly(SetCertificateList(cert_list)); | 339 .WillRepeatedly(SetCertificateList(cert_list)); |
| 322 | 340 |
| 323 UserNetworkConfigurationUpdater* updater = | 341 UserNetworkConfigurationUpdater* updater = |
| 324 CreateNetworkConfigurationUpdaterForUserPolicy( | 342 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 325 false /* do not allow trusted certs from policy */); | 343 false /* do not allow trusted certs from policy */, |
| 344 true /* set certificate importer */); |
| 345 MarkPolicyProviderInitialized(); |
| 326 | 346 |
| 327 // Certificates with the "Web" trust flag set should not be forwarded to | 347 // Certificates with the "Web" trust flag set should not be forwarded to |
| 328 // observers. | 348 // observers. |
| 329 FakeWebTrustedCertsObserver observer; | 349 FakeWebTrustedCertsObserver observer; |
| 330 updater->AddTrustedCertsObserver(&observer); | 350 updater->AddTrustedCertsObserver(&observer); |
| 331 | 351 |
| 332 base::RunLoop().RunUntilIdle(); | 352 base::RunLoop().RunUntilIdle(); |
| 333 | 353 |
| 334 net::CertificateList trust_anchors; | 354 net::CertificateList trust_anchors; |
| 335 updater->GetWebTrustedCertificates(&trust_anchors); | 355 updater->GetWebTrustedCertificates(&trust_anchors); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 351 "ok_cert.pem", | 371 "ok_cert.pem", |
| 352 net::X509Certificate::FORMAT_AUTO); | 372 net::X509Certificate::FORMAT_AUTO); |
| 353 ASSERT_EQ(1u, cert_list.size()); | 373 ASSERT_EQ(1u, cert_list.size()); |
| 354 | 374 |
| 355 EXPECT_CALL(*certificate_importer_, | 375 EXPECT_CALL(*certificate_importer_, |
| 356 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | 376 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) |
| 357 .WillRepeatedly(SetCertificateList(cert_list)); | 377 .WillRepeatedly(SetCertificateList(cert_list)); |
| 358 | 378 |
| 359 UserNetworkConfigurationUpdater* updater = | 379 UserNetworkConfigurationUpdater* updater = |
| 360 CreateNetworkConfigurationUpdaterForUserPolicy( | 380 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 361 true /* allow trusted certs from policy */); | 381 true /* allow trusted certs from policy */, |
| 382 true /* set certificate importer */); |
| 383 MarkPolicyProviderInitialized(); |
| 362 | 384 |
| 363 base::RunLoop().RunUntilIdle(); | 385 base::RunLoop().RunUntilIdle(); |
| 364 | 386 |
| 365 // Certificates with the "Web" trust flag set will be returned. | 387 // Certificates with the "Web" trust flag set will be returned. |
| 366 net::CertificateList trust_anchors; | 388 net::CertificateList trust_anchors; |
| 367 updater->GetWebTrustedCertificates(&trust_anchors); | 389 updater->GetWebTrustedCertificates(&trust_anchors); |
| 368 EXPECT_EQ(1u, trust_anchors.size()); | 390 EXPECT_EQ(1u, trust_anchors.size()); |
| 369 } | 391 } |
| 370 | 392 |
| 371 TEST_F(NetworkConfigurationUpdaterTest, | 393 TEST_F(NetworkConfigurationUpdaterTest, |
| 372 AllowTrustedCertificatesFromPolicyOnUpdate) { | 394 AllowTrustedCertificatesFromPolicyOnUpdate) { |
| 373 // Ignore network configuration changes. | 395 // Ignore network configuration changes. |
| 374 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) | 396 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) |
| 375 .Times(AnyNumber()); | 397 .Times(AnyNumber()); |
| 376 | 398 |
| 377 // Start with an empty certificate list. | 399 // Start with an empty certificate list. |
| 378 EXPECT_CALL(*certificate_importer_, | 400 EXPECT_CALL(*certificate_importer_, |
| 379 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | 401 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) |
| 380 .WillRepeatedly(SetCertificateList(net::CertificateList())); | 402 .WillRepeatedly(SetCertificateList(net::CertificateList())); |
| 381 | 403 |
| 382 UserNetworkConfigurationUpdater* updater = | 404 UserNetworkConfigurationUpdater* updater = |
| 383 CreateNetworkConfigurationUpdaterForUserPolicy( | 405 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 384 true /* allow trusted certs from policy */); | 406 true /* allow trusted certs from policy */, |
| 407 true /* set certificate importer */); |
| 408 MarkPolicyProviderInitialized(); |
| 385 | 409 |
| 386 FakeWebTrustedCertsObserver observer; | 410 FakeWebTrustedCertsObserver observer; |
| 387 updater->AddTrustedCertsObserver(&observer); | 411 updater->AddTrustedCertsObserver(&observer); |
| 388 | 412 |
| 389 base::RunLoop().RunUntilIdle(); | 413 base::RunLoop().RunUntilIdle(); |
| 390 | 414 |
| 391 // Verify that the returned certificate list is empty. | 415 // Verify that the returned certificate list is empty. |
| 392 Mock::VerifyAndClearExpectations(certificate_importer_); | 416 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 393 { | 417 { |
| 394 net::CertificateList trust_anchors; | 418 net::CertificateList trust_anchors; |
| (...skipping 30 matching lines...) Expand all Loading... |
| 425 { | 449 { |
| 426 net::CertificateList trust_anchors; | 450 net::CertificateList trust_anchors; |
| 427 updater->GetWebTrustedCertificates(&trust_anchors); | 451 updater->GetWebTrustedCertificates(&trust_anchors); |
| 428 EXPECT_EQ(1u, trust_anchors.size()); | 452 EXPECT_EQ(1u, trust_anchors.size()); |
| 429 } | 453 } |
| 430 EXPECT_EQ(1u, observer.trust_anchors_.size()); | 454 EXPECT_EQ(1u, observer.trust_anchors_.size()); |
| 431 | 455 |
| 432 updater->RemoveTrustedCertsObserver(&observer); | 456 updater->RemoveTrustedCertsObserver(&observer); |
| 433 } | 457 } |
| 434 | 458 |
| 459 TEST_F(NetworkConfigurationUpdaterTest, |
| 460 DontImportCertificateBeforeCertificateImporterSet) { |
| 461 PolicyMap policy; |
| 462 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, |
| 463 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); |
| 464 UpdateProviderPolicy(policy); |
| 465 |
| 466 EXPECT_CALL(network_config_handler_, |
| 467 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 468 kFakeUsernameHash, |
| 469 IsEqualTo(&fake_network_configs_), |
| 470 IsEqualTo(&fake_global_network_config_))); |
| 471 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _ , _)).Times(0); |
| 472 |
| 473 UserNetworkConfigurationUpdater* updater = |
| 474 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 475 true /* allow trusted certs from policy */, |
| 476 false /* do not set certificate importer */); |
| 477 MarkPolicyProviderInitialized(); |
| 478 |
| 479 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 480 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 481 |
| 482 EXPECT_CALL(network_config_handler_, |
| 483 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 484 kFakeUsernameHash, |
| 485 IsEqualTo(&fake_network_configs_), |
| 486 IsEqualTo(&fake_global_network_config_))) |
| 487 .Times(0); |
| 488 EXPECT_CALL(*certificate_importer_, |
| 489 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 490 onc::ONC_SOURCE_USER_POLICY, |
| 491 _)); |
| 492 |
| 493 ASSERT_TRUE(certificate_importer_owned_); |
| 494 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass()); |
| 495 } |
| 496 |
| 435 class NetworkConfigurationUpdaterTestWithParam | 497 class NetworkConfigurationUpdaterTestWithParam |
| 436 : public NetworkConfigurationUpdaterTest, | 498 : public NetworkConfigurationUpdaterTest, |
| 437 public testing::WithParamInterface<const char*> { | 499 public testing::WithParamInterface<const char*> { |
| 438 protected: | 500 protected: |
| 439 // Returns the currently tested ONC source. | 501 // Returns the currently tested ONC source. |
| 440 onc::ONCSource CurrentONCSource() { | 502 onc::ONCSource CurrentONCSource() { |
| 441 if (GetParam() == key::kOpenNetworkConfiguration) | 503 if (GetParam() == key::kOpenNetworkConfiguration) |
| 442 return onc::ONC_SOURCE_USER_POLICY; | 504 return onc::ONC_SOURCE_USER_POLICY; |
| 443 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration); | 505 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration); |
| 444 return onc::ONC_SOURCE_DEVICE_POLICY; | 506 return onc::ONC_SOURCE_DEVICE_POLICY; |
| 445 } | 507 } |
| 446 | 508 |
| 447 // Returns the expected username hash to push policies to | 509 // Returns the expected username hash to push policies to |
| 448 // ManagedNetworkConfigurationHandler. | 510 // ManagedNetworkConfigurationHandler. |
| 449 std::string ExpectedUsernameHash() { | 511 std::string ExpectedUsernameHash() { |
| 450 if (GetParam() == key::kOpenNetworkConfiguration) | 512 if (GetParam() == key::kOpenNetworkConfiguration) |
| 451 return kFakeUsernameHash; | 513 return kFakeUsernameHash; |
| 452 return std::string(); | 514 return std::string(); |
| 453 } | 515 } |
| 454 | 516 |
| 517 size_t ExpectedImportCertificatesCallCount() { |
| 518 if (GetParam() == key::kOpenNetworkConfiguration) |
| 519 return 1u; |
| 520 return 0u; |
| 521 } |
| 522 |
| 455 void CreateNetworkConfigurationUpdater() { | 523 void CreateNetworkConfigurationUpdater() { |
| 456 if (GetParam() == key::kOpenNetworkConfiguration) { | 524 if (GetParam() == key::kOpenNetworkConfiguration) { |
| 457 CreateNetworkConfigurationUpdaterForUserPolicy( | 525 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 458 false /* do not allow trusted certs from policy */); | 526 false /* do not allow trusted certs from policy */, |
| 527 true /* set certificate importer */); |
| 459 } else { | 528 } else { |
| 460 CreateNetworkConfigurationUpdaterForDevicePolicy(); | 529 CreateNetworkConfigurationUpdaterForDevicePolicy(); |
| 461 } | 530 } |
| 462 } | 531 } |
| 463 }; | 532 }; |
| 464 | 533 |
| 465 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { | 534 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { |
| 466 PolicyMap policy; | 535 PolicyMap policy; |
| 467 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 536 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 468 new base::StringValue(kFakeONC), NULL); | 537 new base::StringValue(kFakeONC), NULL); |
| 469 UpdateProviderPolicy(policy); | 538 UpdateProviderPolicy(policy); |
| 470 | 539 |
| 471 EXPECT_CALL(network_config_handler_, | 540 EXPECT_CALL(network_config_handler_, |
| 472 SetPolicy(CurrentONCSource(), | 541 SetPolicy(CurrentONCSource(), |
| 473 ExpectedUsernameHash(), | 542 ExpectedUsernameHash(), |
| 474 IsEqualTo(&fake_network_configs_), | 543 IsEqualTo(&fake_network_configs_), |
| 475 IsEqualTo(&fake_global_network_config_))); | 544 IsEqualTo(&fake_global_network_config_))); |
| 476 EXPECT_CALL(*certificate_importer_, | 545 EXPECT_CALL(*certificate_importer_, |
| 477 ImportCertificates( | 546 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 478 IsEqualTo(&fake_certificates_), CurrentONCSource(), _)); | 547 CurrentONCSource(), |
| 548 _)) |
| 549 .Times(ExpectedImportCertificatesCallCount()); |
| 550 |
| 551 CreateNetworkConfigurationUpdater(); |
| 552 MarkPolicyProviderInitialized(); |
| 553 } |
| 554 |
| 555 TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| 556 PolicyNotSetBeforePolicyProviderInitialized) { |
| 557 PolicyMap policy; |
| 558 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 559 new base::StringValue(kFakeONC), NULL); |
| 560 UpdateProviderPolicy(policy); |
| 561 |
| 562 EXPECT_CALL(network_config_handler_, |
| 563 SetPolicy(CurrentONCSource(), |
| 564 ExpectedUsernameHash(), |
| 565 IsEqualTo(&fake_network_configs_), |
| 566 IsEqualTo(&fake_global_network_config_))) |
| 567 .Times(0); |
| 568 EXPECT_CALL(*certificate_importer_, |
| 569 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 570 CurrentONCSource(), |
| 571 _)) |
| 572 .Times(0); |
| 573 |
| 574 CreateNetworkConfigurationUpdater(); |
| 575 |
| 576 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 577 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 578 |
| 579 EXPECT_CALL(network_config_handler_, |
| 580 SetPolicy(CurrentONCSource(), |
| 581 ExpectedUsernameHash(), |
| 582 IsEqualTo(&fake_network_configs_), |
| 583 IsEqualTo(&fake_global_network_config_))); |
| 584 EXPECT_CALL(*certificate_importer_, |
| 585 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 586 CurrentONCSource(), |
| 587 _)) |
| 588 .Times(ExpectedImportCertificatesCallCount()); |
| 589 |
| 590 MarkPolicyProviderInitialized(); |
| 591 } |
| 592 |
| 593 TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| 594 PolicyAppliedImmediatelyIfProvidersInitialized) { |
| 595 MarkPolicyProviderInitialized(); |
| 596 |
| 597 PolicyMap policy; |
| 598 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 599 new base::StringValue(kFakeONC), NULL); |
| 600 UpdateProviderPolicy(policy); |
| 601 |
| 602 EXPECT_CALL(network_config_handler_, |
| 603 SetPolicy(CurrentONCSource(), |
| 604 ExpectedUsernameHash(), |
| 605 IsEqualTo(&fake_network_configs_), |
| 606 IsEqualTo(&fake_global_network_config_))); |
| 607 EXPECT_CALL(*certificate_importer_, |
| 608 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 609 CurrentONCSource(), |
| 610 _)) |
| 611 .Times(ExpectedImportCertificatesCallCount()); |
| 479 | 612 |
| 480 CreateNetworkConfigurationUpdater(); | 613 CreateNetworkConfigurationUpdater(); |
| 481 } | 614 } |
| 482 | 615 |
| 483 | |
| 484 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { | 616 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { |
| 485 // Ignore the initial updates. | 617 // Ignore the initial updates. |
| 486 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); | 618 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); |
| 487 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | 619 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) |
| 488 .Times(AtLeast(1)); | 620 .Times(AtLeast(ExpectedImportCertificatesCallCount())); |
| 621 |
| 489 CreateNetworkConfigurationUpdater(); | 622 CreateNetworkConfigurationUpdater(); |
| 623 MarkPolicyProviderInitialized(); |
| 624 |
| 490 Mock::VerifyAndClearExpectations(&network_config_handler_); | 625 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 491 Mock::VerifyAndClearExpectations(certificate_importer_); | 626 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 492 | 627 |
| 493 // The Updater should update if policy changes. | 628 // The Updater should update if policy changes. |
| 494 EXPECT_CALL(network_config_handler_, | 629 EXPECT_CALL(network_config_handler_, |
| 495 SetPolicy(CurrentONCSource(), | 630 SetPolicy(CurrentONCSource(), |
| 496 _, | 631 _, |
| 497 IsEqualTo(&fake_network_configs_), | 632 IsEqualTo(&fake_network_configs_), |
| 498 IsEqualTo(&fake_global_network_config_))); | 633 IsEqualTo(&fake_global_network_config_))); |
| 499 EXPECT_CALL(*certificate_importer_, | 634 EXPECT_CALL(*certificate_importer_, |
| 500 ImportCertificates( | 635 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 501 IsEqualTo(&fake_certificates_), CurrentONCSource(), _)); | 636 CurrentONCSource(), |
| 637 _)) |
| 638 .Times(ExpectedImportCertificatesCallCount()); |
| 502 | 639 |
| 503 PolicyMap policy; | 640 PolicyMap policy; |
| 504 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 641 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 505 new base::StringValue(kFakeONC), NULL); | 642 new base::StringValue(kFakeONC), NULL); |
| 506 UpdateProviderPolicy(policy); | 643 UpdateProviderPolicy(policy); |
| 507 Mock::VerifyAndClearExpectations(&network_config_handler_); | 644 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 508 Mock::VerifyAndClearExpectations(certificate_importer_); | 645 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 509 | 646 |
| 510 // Another update is expected if the policy goes away. | 647 // Another update is expected if the policy goes away. |
| 511 EXPECT_CALL(network_config_handler_, | 648 EXPECT_CALL(network_config_handler_, |
| 512 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); | 649 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); |
| 513 EXPECT_CALL(*certificate_importer_, | 650 EXPECT_CALL(*certificate_importer_, |
| 514 ImportCertificates(IsEmpty(), CurrentONCSource(), _)); | 651 ImportCertificates(IsEmpty(), CurrentONCSource(), _)) |
| 652 .Times(ExpectedImportCertificatesCallCount()); |
| 515 | 653 |
| 516 policy.Erase(GetParam()); | 654 policy.Erase(GetParam()); |
| 517 UpdateProviderPolicy(policy); | 655 UpdateProviderPolicy(policy); |
| 518 } | 656 } |
| 519 | 657 |
| 520 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, | 658 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, |
| 521 NetworkConfigurationUpdaterTestWithParam, | 659 NetworkConfigurationUpdaterTestWithParam, |
| 522 testing::Values(key::kDeviceOpenNetworkConfiguration, | 660 testing::Values(key::kDeviceOpenNetworkConfiguration, |
| 523 key::kOpenNetworkConfiguration)); | 661 key::kOpenNetworkConfiguration)); |
| 524 | 662 |
| 525 } // namespace policy | 663 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 148183013:
Use per-user nssdb in onc certificate importer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src