| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "chrome/browser/chromeos/login/user.h" | 12 #include "chrome/browser/chromeos/login/user.h" |
| 13 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" | 13 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" |
| 14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 15 #include "chrome/browser/chromeos/settings/cros_settings.h" | 15 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 16 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 16 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 17 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" | 17 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" |
| 18 #include "chromeos/network/fake_network_device_handler.h" | 18 #include "chromeos/network/fake_network_device_handler.h" |
| 19 #include "chromeos/network/mock_managed_network_configuration_handler.h" | 19 #include "chromeos/network/mock_managed_network_configuration_handler.h" |
| 20 #include "chromeos/network/onc/mock_certificate_importer.h" | 20 #include "chromeos/network/onc/mock_certificate_importer.h" |
| 21 #include "chromeos/network/onc/onc_test_utils.h" | 21 #include "chromeos/network/onc/onc_test_utils.h" |
| 22 #include "chromeos/network/onc/onc_utils.h" | 22 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/onc/onc_constants.h" | 23 #include "components/onc/onc_constants.h" |
| 24 #include "components/policy/core/common/external_data_fetcher.h" | 24 #include "components/policy/core/common/external_data_fetcher.h" |
| 25 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 25 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 26 #include "components/policy/core/common/policy_map.h" | 26 #include "components/policy/core/common/policy_map.h" |
| 27 #include "components/policy/core/common/policy_service_impl.h" | 27 #include "components/policy/core/common/policy_service_impl.h" |
| 28 #include "content/public/test/test_browser_thread_bundle.h" | 28 #include "content/public/test/test_browser_thread_bundle.h" |
| 29 #include "content/public/test/test_utils.h" | 29 #include "content/public/test/test_utils.h" |
| 30 #include "crypto/scoped_nss_types.h" |
| 30 #include "net/base/test_data_directory.h" | 31 #include "net/base/test_data_directory.h" |
| 32 #include "net/cert/nss_cert_database_chromeos.h" |
| 31 #include "net/cert/x509_certificate.h" | 33 #include "net/cert/x509_certificate.h" |
| 32 #include "net/test/cert_test_util.h" | 34 #include "net/test/cert_test_util.h" |
| 33 #include "policy/policy_constants.h" | 35 #include "policy/policy_constants.h" |
| 34 #include "testing/gmock/include/gmock/gmock.h" | 36 #include "testing/gmock/include/gmock/gmock.h" |
| 35 #include "testing/gtest/include/gtest/gtest.h" | 37 #include "testing/gtest/include/gtest/gtest.h" |
| 36 | 38 |
| 37 using testing::AnyNumber; | 39 using testing::AnyNumber; |
| 38 using testing::AtLeast; | 40 using testing::AtLeast; |
| 39 using testing::Mock; | 41 using testing::Mock; |
| 40 using testing::Ne; | 42 using testing::Ne; |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 std::string(negation ? "isn't" : "is") + " equal to " + | 129 std::string(negation ? "isn't" : "is") + " equal to " + |
| 128 ValueToString(*value)) { | 130 ValueToString(*value)) { |
| 129 return value->Equals(&arg); | 131 return value->Equals(&arg); |
| 130 } | 132 } |
| 131 | 133 |
| 132 MATCHER(IsEmpty, std::string(negation ? "isn't" : "is") + " empty.") { | 134 MATCHER(IsEmpty, std::string(negation ? "isn't" : "is") + " empty.") { |
| 133 return arg.empty(); | 135 return arg.empty(); |
| 134 } | 136 } |
| 135 | 137 |
| 136 ACTION_P(SetCertificateList, list) { | 138 ACTION_P(SetCertificateList, list) { |
| 137 if (arg2) | 139 if (arg3) |
| 138 *arg2 = list; | 140 *arg3 = list; |
| 139 return true; | 141 return true; |
| 140 } | 142 } |
| 141 | 143 |
| 142 } // namespace | 144 } // namespace |
| 143 | 145 |
| 144 class NetworkConfigurationUpdaterTest : public testing::Test { | 146 class NetworkConfigurationUpdaterTest : public testing::Test { |
| 145 protected: | 147 protected: |
| 146 NetworkConfigurationUpdaterTest() { | 148 NetworkConfigurationUpdaterTest() { |
| 147 } | 149 } |
| 148 | 150 |
| 149 virtual void SetUp() OVERRIDE { | 151 virtual void SetUp() OVERRIDE { |
| 150 EXPECT_CALL(provider_, IsInitializationComplete(_)) | 152 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 151 .WillRepeatedly(Return(true)); | 153 .WillRepeatedly(Return(false)); |
| 152 provider_.Init(); | 154 provider_.Init(); |
| 153 PolicyServiceImpl::Providers providers; | 155 PolicyServiceImpl::Providers providers; |
| 154 providers.push_back(&provider_); | 156 providers.push_back(&provider_); |
| 155 policy_service_.reset(new PolicyServiceImpl(providers)); | 157 policy_service_.reset(new PolicyServiceImpl(providers)); |
| 156 | 158 |
| 157 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = | 159 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = |
| 158 chromeos::onc::ReadDictionaryFromJson(kFakeONC); | 160 chromeos::onc::ReadDictionaryFromJson(kFakeONC); |
| 159 | 161 |
| 160 base::ListValue* network_configs = NULL; | 162 base::ListValue* network_configs = NULL; |
| 161 fake_toplevel_onc->GetListWithoutPathExpansion( | 163 fake_toplevel_onc->GetListWithoutPathExpansion( |
| 162 onc::toplevel_config::kNetworkConfigurations, &network_configs); | 164 onc::toplevel_config::kNetworkConfigurations, &network_configs); |
| 163 AppendAll(*network_configs, &fake_network_configs_); | 165 AppendAll(*network_configs, &fake_network_configs_); |
| 164 | 166 |
| 165 base::DictionaryValue* global_config = NULL; | 167 base::DictionaryValue* global_config = NULL; |
| 166 fake_toplevel_onc->GetDictionaryWithoutPathExpansion( | 168 fake_toplevel_onc->GetDictionaryWithoutPathExpansion( |
| 167 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config); | 169 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config); |
| 168 fake_global_network_config_.MergeDictionary(global_config); | 170 fake_global_network_config_.MergeDictionary(global_config); |
| 169 | 171 |
| 170 base::ListValue* certs = NULL; | 172 base::ListValue* certs = NULL; |
| 171 fake_toplevel_onc->GetListWithoutPathExpansion( | 173 fake_toplevel_onc->GetListWithoutPathExpansion( |
| 172 onc::toplevel_config::kCertificates, &certs); | 174 onc::toplevel_config::kCertificates, &certs); |
| 173 AppendAll(*certs, &fake_certificates_); | 175 AppendAll(*certs, &fake_certificates_); |
| 174 | 176 |
| 175 certificate_importer_ = | 177 certificate_importer_ = |
| 176 new StrictMock<chromeos::onc::MockCertificateImporter>(); | 178 new StrictMock<chromeos::onc::MockCertificateImporter>(); |
| 177 certificate_importer_owned_.reset(certificate_importer_); | 179 certificate_importer_owned_.reset(certificate_importer_); |
| 180 |
| 181 // The database will not acutally be used for importing certificates, so |
| 182 // it's OK to have empty slots. |
| 183 test_nssdb_.reset(new net::NSSCertDatabaseChromeOS( |
| 184 crypto::ScopedPK11Slot(), |
| 185 crypto::ScopedPK11Slot())); |
| 178 } | 186 } |
| 179 | 187 |
| 180 virtual void TearDown() OVERRIDE { | 188 virtual void TearDown() OVERRIDE { |
| 181 network_configuration_updater_.reset(); | 189 network_configuration_updater_.reset(); |
| 182 provider_.Shutdown(); | 190 provider_.Shutdown(); |
| 183 base::RunLoop().RunUntilIdle(); | 191 base::RunLoop().RunUntilIdle(); |
| 184 } | 192 } |
| 185 | 193 |
| 194 void MarkPolicyProviderInitialized() { |
| 195 Mock::VerifyAndClearExpectations(&provider_); |
| 196 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 197 .WillRepeatedly(Return(true)); |
| 198 provider_.SetAutoRefresh(); |
| 199 provider_.RefreshPolicies(); |
| 200 base::RunLoop().RunUntilIdle(); |
| 201 } |
| 202 |
| 186 void UpdateProviderPolicy(const PolicyMap& policy) { | 203 void UpdateProviderPolicy(const PolicyMap& policy) { |
| 187 provider_.UpdateChromePolicy(policy); | 204 provider_.UpdateChromePolicy(policy); |
| 188 base::RunLoop().RunUntilIdle(); | 205 base::RunLoop().RunUntilIdle(); |
| 189 } | 206 } |
| 190 | 207 |
| 191 UserNetworkConfigurationUpdater* | 208 UserNetworkConfigurationUpdater* |
| 192 CreateNetworkConfigurationUpdaterForUserPolicy( | 209 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 193 bool allow_trusted_certs_from_policy) { | 210 bool allow_trusted_certs_from_policy, |
| 211 bool set_cert_database) { |
| 194 UserNetworkConfigurationUpdater* updater = | 212 UserNetworkConfigurationUpdater* updater = |
| 195 UserNetworkConfigurationUpdater::CreateForUserPolicy( | 213 UserNetworkConfigurationUpdater::CreateForUserPolicy( |
| 196 allow_trusted_certs_from_policy, | 214 allow_trusted_certs_from_policy, |
| 197 fake_user_, | 215 fake_user_, |
| 198 certificate_importer_owned_.Pass(), | 216 certificate_importer_owned_.Pass(), |
| 199 policy_service_.get(), | 217 policy_service_.get(), |
| 200 &network_config_handler_).release(); | 218 &network_config_handler_).release(); |
| 219 if (set_cert_database) |
| 220 updater->SetCertDatabase(test_nssdb_.get()); |
| 201 network_configuration_updater_.reset(updater); | 221 network_configuration_updater_.reset(updater); |
| 202 return updater; | 222 return updater; |
| 203 } | 223 } |
| 204 | 224 |
| 205 void CreateNetworkConfigurationUpdaterForDevicePolicy() { | 225 void CreateNetworkConfigurationUpdaterForDevicePolicy() { |
| 206 network_configuration_updater_ = | 226 network_configuration_updater_ = |
| 207 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( | 227 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( |
| 208 certificate_importer_owned_.Pass(), | 228 certificate_importer_owned_.Pass(), |
| 209 policy_service_.get(), | 229 policy_service_.get(), |
| 210 &network_config_handler_, | 230 &network_config_handler_, |
| (...skipping 18 matching lines...) Expand all Loading... |
| 229 // released. | 249 // released. |
| 230 StrictMock<chromeos::onc::MockCertificateImporter>* certificate_importer_; | 250 StrictMock<chromeos::onc::MockCertificateImporter>* certificate_importer_; |
| 231 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; | 251 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; |
| 232 | 252 |
| 233 StrictMock<MockConfigurationPolicyProvider> provider_; | 253 StrictMock<MockConfigurationPolicyProvider> provider_; |
| 234 scoped_ptr<PolicyServiceImpl> policy_service_; | 254 scoped_ptr<PolicyServiceImpl> policy_service_; |
| 235 FakeUser fake_user_; | 255 FakeUser fake_user_; |
| 236 | 256 |
| 237 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; | 257 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; |
| 238 content::TestBrowserThreadBundle thread_bundle_; | 258 content::TestBrowserThreadBundle thread_bundle_; |
| 259 |
| 260 scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_; |
| 239 }; | 261 }; |
| 240 | 262 |
| 241 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { | 263 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { |
| 242 // Ignore networ config updates. | 264 // Ignore networ config updates. |
| 243 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); | 265 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); |
| 244 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | 266 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _, _)) |
| 245 .Times(AtLeast(1)); | 267 .Times(AnyNumber()); |
| 246 | 268 |
| 247 // Setup the DataRoaming device setting. | 269 // Setup the DataRoaming device setting. |
| 248 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); | 270 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); |
| 249 chromeos::CrosSettingsProvider* device_settings_provider = | 271 chromeos::CrosSettingsProvider* device_settings_provider = |
| 250 cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled); | 272 cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled); |
| 251 cros_settings->RemoveSettingsProvider(device_settings_provider); | 273 cros_settings->RemoveSettingsProvider(device_settings_provider); |
| 252 delete device_settings_provider; | 274 delete device_settings_provider; |
| 253 chromeos::StubCrosSettingsProvider* stub_settings_provider = | 275 chromeos::StubCrosSettingsProvider* stub_settings_provider = |
| 254 new chromeos::StubCrosSettingsProvider; | 276 new chromeos::StubCrosSettingsProvider; |
| 255 cros_settings->AddSettingsProvider(stub_settings_provider); | 277 cros_settings->AddSettingsProvider(stub_settings_provider); |
| 256 | 278 |
| 257 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, | 279 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, |
| 258 base::FundamentalValue(false)); | 280 base::FundamentalValue(false)); |
| 259 EXPECT_FALSE(network_device_handler_.allow_roaming_); | 281 EXPECT_FALSE(network_device_handler_.allow_roaming_); |
| 260 | 282 |
| 261 CreateNetworkConfigurationUpdaterForDevicePolicy(); | 283 CreateNetworkConfigurationUpdaterForDevicePolicy(); |
| 284 MarkPolicyProviderInitialized(); |
| 262 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, | 285 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, |
| 263 base::FundamentalValue(true)); | 286 base::FundamentalValue(true)); |
| 264 EXPECT_TRUE(network_device_handler_.allow_roaming_); | 287 EXPECT_TRUE(network_device_handler_.allow_roaming_); |
| 265 | 288 |
| 266 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, | 289 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, |
| 267 base::FundamentalValue(false)); | 290 base::FundamentalValue(false)); |
| 268 EXPECT_FALSE(network_device_handler_.allow_roaming_); | 291 EXPECT_FALSE(network_device_handler_.allow_roaming_); |
| 269 } | 292 } |
| 270 | 293 |
| 271 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { | 294 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { |
| 272 scoped_ptr<base::DictionaryValue> onc_repaired = | 295 scoped_ptr<base::DictionaryValue> onc_repaired = |
| 273 chromeos::onc::test_utils::ReadTestDictionary( | 296 chromeos::onc::test_utils::ReadTestDictionary( |
| 274 "repaired_toplevel_partially_invalid.onc"); | 297 "repaired_toplevel_partially_invalid.onc"); |
| 275 | 298 |
| 276 base::ListValue* network_configs_repaired = NULL; | 299 base::ListValue* network_configs_repaired = NULL; |
| 277 onc_repaired->GetListWithoutPathExpansion( | 300 onc_repaired->GetListWithoutPathExpansion( |
| 278 onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired); | 301 onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired); |
| 279 ASSERT_TRUE(network_configs_repaired); | 302 ASSERT_TRUE(network_configs_repaired); |
| 280 | 303 |
| 281 base::DictionaryValue* global_config_repaired = NULL; | 304 base::DictionaryValue* global_config_repaired = NULL; |
| 282 onc_repaired->GetDictionaryWithoutPathExpansion( | 305 onc_repaired->GetDictionaryWithoutPathExpansion( |
| 283 onc::toplevel_config::kGlobalNetworkConfiguration, | 306 onc::toplevel_config::kGlobalNetworkConfiguration, |
| 284 &global_config_repaired); | 307 &global_config_repaired); |
| 285 ASSERT_TRUE(global_config_repaired); | 308 ASSERT_TRUE(global_config_repaired); |
| 286 | 309 |
| 287 std::string onc_policy = | 310 std::string onc_policy = |
| 288 chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc"); | 311 chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc"); |
| 312 |
| 289 PolicyMap policy; | 313 PolicyMap policy; |
| 290 policy.Set(key::kOpenNetworkConfiguration, | 314 policy.Set(key::kOpenNetworkConfiguration, |
| 291 POLICY_LEVEL_MANDATORY, | 315 POLICY_LEVEL_MANDATORY, |
| 292 POLICY_SCOPE_USER, | 316 POLICY_SCOPE_USER, |
| 293 new base::StringValue(onc_policy), | 317 new base::StringValue(onc_policy), |
| 294 NULL); | 318 NULL); |
| 295 UpdateProviderPolicy(policy); | 319 UpdateProviderPolicy(policy); |
| 296 | 320 |
| 297 EXPECT_CALL(network_config_handler_, | 321 EXPECT_CALL(network_config_handler_, |
| 298 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | 322 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 299 _, | 323 _, |
| 300 IsEqualTo(network_configs_repaired), | 324 IsEqualTo(network_configs_repaired), |
| 301 IsEqualTo(global_config_repaired))); | 325 IsEqualTo(global_config_repaired))); |
| 302 EXPECT_CALL(*certificate_importer_, | 326 EXPECT_CALL( |
| 303 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)); | 327 *certificate_importer_, |
| 328 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, test_nssdb_.get(), _)); |
| 304 | 329 |
| 305 CreateNetworkConfigurationUpdaterForUserPolicy( | 330 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 306 false /* do not allow trusted certs from policy */ ); | 331 false /* do not allow trusted certs from policy */, |
| 332 true /* set certificate database */); |
| 333 MarkPolicyProviderInitialized(); |
| 307 } | 334 } |
| 308 | 335 |
| 309 TEST_F(NetworkConfigurationUpdaterTest, | 336 TEST_F(NetworkConfigurationUpdaterTest, |
| 310 DoNotAllowTrustedCertificatesFromPolicy) { | 337 DoNotAllowTrustedCertificatesFromPolicy) { |
| 311 net::CertificateList cert_list; | 338 net::CertificateList cert_list; |
| 312 cert_list = | 339 cert_list = |
| 313 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 340 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 314 "ok_cert.pem", | 341 "ok_cert.pem", |
| 315 net::X509Certificate::FORMAT_AUTO); | 342 net::X509Certificate::FORMAT_AUTO); |
| 316 ASSERT_EQ(1u, cert_list.size()); | 343 ASSERT_EQ(1u, cert_list.size()); |
| 317 | 344 |
| 318 EXPECT_CALL(network_config_handler_, | 345 EXPECT_CALL(network_config_handler_, |
| 319 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); | 346 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); |
| 320 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | 347 EXPECT_CALL(*certificate_importer_, |
| 348 ImportCertificates(_, _, test_nssdb_.get(), _)) |
| 321 .WillRepeatedly(SetCertificateList(cert_list)); | 349 .WillRepeatedly(SetCertificateList(cert_list)); |
| 322 | 350 |
| 323 UserNetworkConfigurationUpdater* updater = | 351 UserNetworkConfigurationUpdater* updater = |
| 324 CreateNetworkConfigurationUpdaterForUserPolicy( | 352 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 325 false /* do not allow trusted certs from policy */); | 353 false /* do not allow trusted certs from policy */, |
| 354 true /* set certificate database */); |
| 355 MarkPolicyProviderInitialized(); |
| 326 | 356 |
| 327 // Certificates with the "Web" trust flag set should not be forwarded to | 357 // Certificates with the "Web" trust flag set should not be forwarded to |
| 328 // observers. | 358 // observers. |
| 329 FakeWebTrustedCertsObserver observer; | 359 FakeWebTrustedCertsObserver observer; |
| 330 updater->AddTrustedCertsObserver(&observer); | 360 updater->AddTrustedCertsObserver(&observer); |
| 331 | 361 |
| 332 base::RunLoop().RunUntilIdle(); | 362 base::RunLoop().RunUntilIdle(); |
| 333 | 363 |
| 334 net::CertificateList trust_anchors; | 364 net::CertificateList trust_anchors; |
| 335 updater->GetWebTrustedCertificates(&trust_anchors); | 365 updater->GetWebTrustedCertificates(&trust_anchors); |
| 336 EXPECT_TRUE(trust_anchors.empty()); | 366 EXPECT_TRUE(trust_anchors.empty()); |
| 337 | 367 |
| 338 EXPECT_TRUE(observer.trust_anchors_.empty()); | 368 EXPECT_TRUE(observer.trust_anchors_.empty()); |
| 339 updater->RemoveTrustedCertsObserver(&observer); | 369 updater->RemoveTrustedCertsObserver(&observer); |
| 340 } | 370 } |
| 341 | 371 |
| 342 TEST_F(NetworkConfigurationUpdaterTest, | 372 TEST_F(NetworkConfigurationUpdaterTest, |
| 343 AllowTrustedCertificatesFromPolicyInitially) { | 373 AllowTrustedCertificatesFromPolicyInitially) { |
| 344 // Ignore network configuration changes. | 374 // Ignore network configuration changes. |
| 345 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) | 375 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) |
| 346 .Times(AnyNumber()); | 376 .Times(AnyNumber()); |
| 347 | 377 |
| 348 net::CertificateList cert_list; | 378 net::CertificateList cert_list; |
| 349 cert_list = | 379 cert_list = |
| 350 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 380 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 351 "ok_cert.pem", | 381 "ok_cert.pem", |
| 352 net::X509Certificate::FORMAT_AUTO); | 382 net::X509Certificate::FORMAT_AUTO); |
| 353 ASSERT_EQ(1u, cert_list.size()); | 383 ASSERT_EQ(1u, cert_list.size()); |
| 354 | 384 |
| 355 EXPECT_CALL(*certificate_importer_, | 385 EXPECT_CALL( |
| 356 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | 386 *certificate_importer_, |
| 357 .WillRepeatedly(SetCertificateList(cert_list)); | 387 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, test_nssdb_.get(), _)) |
| 388 .WillRepeatedly(SetCertificateList(cert_list)); |
| 358 | 389 |
| 359 UserNetworkConfigurationUpdater* updater = | 390 UserNetworkConfigurationUpdater* updater = |
| 360 CreateNetworkConfigurationUpdaterForUserPolicy( | 391 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 361 true /* allow trusted certs from policy */); | 392 true /* allow trusted certs from policy */, |
| 393 true /* set certificate database */); |
| 394 MarkPolicyProviderInitialized(); |
| 362 | 395 |
| 363 base::RunLoop().RunUntilIdle(); | 396 base::RunLoop().RunUntilIdle(); |
| 364 | 397 |
| 365 // Certificates with the "Web" trust flag set will be returned. | 398 // Certificates with the "Web" trust flag set will be returned. |
| 366 net::CertificateList trust_anchors; | 399 net::CertificateList trust_anchors; |
| 367 updater->GetWebTrustedCertificates(&trust_anchors); | 400 updater->GetWebTrustedCertificates(&trust_anchors); |
| 368 EXPECT_EQ(1u, trust_anchors.size()); | 401 EXPECT_EQ(1u, trust_anchors.size()); |
| 369 } | 402 } |
| 370 | 403 |
| 404 TEST_F(NetworkConfigurationUpdaterTest, ReapplyUserPolicyWhenCertDBSet) { |
| 405 PolicyMap policy; |
| 406 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, |
| 407 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); |
| 408 UpdateProviderPolicy(policy); |
| 409 |
| 410 EXPECT_CALL(network_config_handler_, |
| 411 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 412 kFakeUsernameHash, |
| 413 IsEqualTo(&fake_network_configs_), |
| 414 IsEqualTo(&fake_global_network_config_))); |
| 415 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _ ,_ , _)).Times(0); |
| 416 |
| 417 UserNetworkConfigurationUpdater* updater = |
| 418 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 419 true /* allow trusted certs from policy */, |
| 420 false /* do not set certificate database */); |
| 421 MarkPolicyProviderInitialized(); |
| 422 |
| 423 // If cert loader does not have its database set, Certificate import should |
| 424 // be skipped. |
| 425 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 426 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 427 |
| 428 EXPECT_CALL(network_config_handler_, |
| 429 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 430 kFakeUsernameHash, |
| 431 IsEqualTo(&fake_network_configs_), |
| 432 IsEqualTo(&fake_global_network_config_))); |
| 433 EXPECT_CALL(*certificate_importer_, |
| 434 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 435 onc::ONC_SOURCE_USER_POLICY, |
| 436 test_nssdb_.get(), |
| 437 _)); |
| 438 |
| 439 updater->SetCertDatabase(test_nssdb_.get()); |
| 440 } |
| 441 |
| 371 TEST_F(NetworkConfigurationUpdaterTest, | 442 TEST_F(NetworkConfigurationUpdaterTest, |
| 372 AllowTrustedCertificatesFromPolicyOnUpdate) { | 443 AllowTrustedCertificatesFromPolicyOnUpdate) { |
| 373 // Ignore network configuration changes. | 444 // Ignore network configuration changes. |
| 374 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) | 445 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) |
| 375 .Times(AnyNumber()); | 446 .Times(AnyNumber()); |
| 376 | 447 |
| 377 // Start with an empty certificate list. | 448 // Start with an empty certificate list. |
| 378 EXPECT_CALL(*certificate_importer_, | 449 EXPECT_CALL( |
| 379 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | 450 *certificate_importer_, |
| 380 .WillRepeatedly(SetCertificateList(net::CertificateList())); | 451 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, test_nssdb_.get(), _)) |
| 452 .WillRepeatedly(SetCertificateList(net::CertificateList())); |
| 381 | 453 |
| 382 UserNetworkConfigurationUpdater* updater = | 454 UserNetworkConfigurationUpdater* updater = |
| 383 CreateNetworkConfigurationUpdaterForUserPolicy( | 455 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 384 true /* allow trusted certs from policy */); | 456 true /* allow trusted certs from policy */, |
| 457 true /* set certificate database */); |
| 458 MarkPolicyProviderInitialized(); |
| 385 | 459 |
| 386 FakeWebTrustedCertsObserver observer; | 460 FakeWebTrustedCertsObserver observer; |
| 387 updater->AddTrustedCertsObserver(&observer); | 461 updater->AddTrustedCertsObserver(&observer); |
| 388 | 462 |
| 389 base::RunLoop().RunUntilIdle(); | 463 base::RunLoop().RunUntilIdle(); |
| 390 | 464 |
| 391 // Verify that the returned certificate list is empty. | 465 // Verify that the returned certificate list is empty. |
| 392 Mock::VerifyAndClearExpectations(certificate_importer_); | 466 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 393 { | 467 { |
| 394 net::CertificateList trust_anchors; | 468 net::CertificateList trust_anchors; |
| 395 updater->GetWebTrustedCertificates(&trust_anchors); | 469 updater->GetWebTrustedCertificates(&trust_anchors); |
| 396 EXPECT_TRUE(trust_anchors.empty()); | 470 EXPECT_TRUE(trust_anchors.empty()); |
| 397 } | 471 } |
| 398 EXPECT_TRUE(observer.trust_anchors_.empty()); | 472 EXPECT_TRUE(observer.trust_anchors_.empty()); |
| 399 | 473 |
| 400 // Now use a non-empty certificate list to test the observer notification. | 474 // Now use a non-empty certificate list to test the observer notification. |
| 401 net::CertificateList cert_list; | 475 net::CertificateList cert_list; |
| 402 cert_list = | 476 cert_list = |
| 403 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 477 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 404 "ok_cert.pem", | 478 "ok_cert.pem", |
| 405 net::X509Certificate::FORMAT_AUTO); | 479 net::X509Certificate::FORMAT_AUTO); |
| 406 ASSERT_EQ(1u, cert_list.size()); | 480 ASSERT_EQ(1u, cert_list.size()); |
| 407 | 481 |
| 408 EXPECT_CALL(*certificate_importer_, | 482 EXPECT_CALL( |
| 409 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | 483 *certificate_importer_, |
| 410 .WillOnce(SetCertificateList(cert_list)); | 484 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, test_nssdb_.get(), _)) |
| 485 .WillOnce(SetCertificateList(cert_list)); |
| 411 | 486 |
| 412 // Change to any non-empty policy, so that updates are triggered. The actual | 487 // Change to any non-empty policy, so that updates are triggered. The actual |
| 413 // content of the policy is irrelevant. | 488 // content of the policy is irrelevant. |
| 414 PolicyMap policy; | 489 PolicyMap policy; |
| 415 policy.Set(key::kOpenNetworkConfiguration, | 490 policy.Set(key::kOpenNetworkConfiguration, |
| 416 POLICY_LEVEL_MANDATORY, | 491 POLICY_LEVEL_MANDATORY, |
| 417 POLICY_SCOPE_USER, | 492 POLICY_SCOPE_USER, |
| 418 new base::StringValue(kFakeONC), | 493 new base::StringValue(kFakeONC), |
| 419 NULL); | 494 NULL); |
| 420 UpdateProviderPolicy(policy); | 495 UpdateProviderPolicy(policy); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 445 } | 520 } |
| 446 | 521 |
| 447 // Returns the expected username hash to push policies to | 522 // Returns the expected username hash to push policies to |
| 448 // ManagedNetworkConfigurationHandler. | 523 // ManagedNetworkConfigurationHandler. |
| 449 std::string ExpectedUsernameHash() { | 524 std::string ExpectedUsernameHash() { |
| 450 if (GetParam() == key::kOpenNetworkConfiguration) | 525 if (GetParam() == key::kOpenNetworkConfiguration) |
| 451 return kFakeUsernameHash; | 526 return kFakeUsernameHash; |
| 452 return std::string(); | 527 return std::string(); |
| 453 } | 528 } |
| 454 | 529 |
| 530 size_t ExpectedImportCertificatesCallCount() { |
| 531 if (GetParam() == key::kOpenNetworkConfiguration) |
| 532 return 1u; |
| 533 return 0u; |
| 534 } |
| 535 |
| 455 void CreateNetworkConfigurationUpdater() { | 536 void CreateNetworkConfigurationUpdater() { |
| 456 if (GetParam() == key::kOpenNetworkConfiguration) { | 537 if (GetParam() == key::kOpenNetworkConfiguration) { |
| 457 CreateNetworkConfigurationUpdaterForUserPolicy( | 538 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 458 false /* do not allow trusted certs from policy */); | 539 false /* do not allow trusted certs from policy */, |
| 540 true /* do not set certificate database */); |
| 459 } else { | 541 } else { |
| 460 CreateNetworkConfigurationUpdaterForDevicePolicy(); | 542 CreateNetworkConfigurationUpdaterForDevicePolicy(); |
| 461 } | 543 } |
| 462 } | 544 } |
| 463 }; | 545 }; |
| 464 | 546 |
| 465 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { | 547 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { |
| 466 PolicyMap policy; | 548 PolicyMap policy; |
| 467 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 549 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 468 new base::StringValue(kFakeONC), NULL); | 550 new base::StringValue(kFakeONC), NULL); |
| 469 UpdateProviderPolicy(policy); | 551 UpdateProviderPolicy(policy); |
| 470 | 552 |
| 471 EXPECT_CALL(network_config_handler_, | 553 EXPECT_CALL(network_config_handler_, |
| 472 SetPolicy(CurrentONCSource(), | 554 SetPolicy(CurrentONCSource(), |
| 473 ExpectedUsernameHash(), | 555 ExpectedUsernameHash(), |
| 474 IsEqualTo(&fake_network_configs_), | 556 IsEqualTo(&fake_network_configs_), |
| 475 IsEqualTo(&fake_global_network_config_))); | 557 IsEqualTo(&fake_global_network_config_))); |
| 476 EXPECT_CALL(*certificate_importer_, | 558 EXPECT_CALL(*certificate_importer_, |
| 477 ImportCertificates( | 559 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 478 IsEqualTo(&fake_certificates_), CurrentONCSource(), _)); | 560 CurrentONCSource(), |
| 561 test_nssdb_.get(), |
| 562 _)) |
| 563 .Times(ExpectedImportCertificatesCallCount()); |
| 564 |
| 565 CreateNetworkConfigurationUpdater(); |
| 566 MarkPolicyProviderInitialized(); |
| 567 } |
| 568 |
| 569 TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| 570 PolicyNotSetBeforePolicyProviderInitialized) { |
| 571 PolicyMap policy; |
| 572 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 573 new base::StringValue(kFakeONC), NULL); |
| 574 UpdateProviderPolicy(policy); |
| 575 |
| 576 EXPECT_CALL(network_config_handler_, |
| 577 SetPolicy(CurrentONCSource(), |
| 578 ExpectedUsernameHash(), |
| 579 IsEqualTo(&fake_network_configs_), |
| 580 IsEqualTo(&fake_global_network_config_))) |
| 581 .Times(0); |
| 582 EXPECT_CALL(*certificate_importer_, |
| 583 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 584 CurrentONCSource(), |
| 585 test_nssdb_.get(), |
| 586 _)) |
| 587 .Times(0); |
| 588 |
| 589 CreateNetworkConfigurationUpdater(); |
| 590 |
| 591 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 592 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 593 |
| 594 EXPECT_CALL(network_config_handler_, |
| 595 SetPolicy(CurrentONCSource(), |
| 596 ExpectedUsernameHash(), |
| 597 IsEqualTo(&fake_network_configs_), |
| 598 IsEqualTo(&fake_global_network_config_))); |
| 599 EXPECT_CALL(*certificate_importer_, |
| 600 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 601 CurrentONCSource(), |
| 602 test_nssdb_.get(), |
| 603 _)) |
| 604 .Times(ExpectedImportCertificatesCallCount()); |
| 605 |
| 606 MarkPolicyProviderInitialized(); |
| 607 } |
| 608 |
| 609 TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| 610 PolicyProviderInitializedBeforeUpdater) { |
| 611 MarkPolicyProviderInitialized(); |
| 612 PolicyMap policy; |
| 613 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 614 new base::StringValue(kFakeONC), NULL); |
| 615 UpdateProviderPolicy(policy); |
| 616 |
| 617 // Should be called when network configuration updater is created and |
| 618 // initialized and when the updater database gets set (if it gets set). |
| 619 EXPECT_CALL(network_config_handler_, |
| 620 SetPolicy(CurrentONCSource(), |
| 621 ExpectedUsernameHash(), |
| 622 IsEqualTo(&fake_network_configs_), |
| 623 IsEqualTo(&fake_global_network_config_))) |
| 624 .Times(ExpectedImportCertificatesCallCount() + 1); |
| 625 EXPECT_CALL(*certificate_importer_, |
| 626 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 627 CurrentONCSource(), |
| 628 test_nssdb_.get(), |
| 629 _)) |
| 630 .Times(ExpectedImportCertificatesCallCount()); |
| 479 | 631 |
| 480 CreateNetworkConfigurationUpdater(); | 632 CreateNetworkConfigurationUpdater(); |
| 481 } | 633 } |
| 482 | 634 |
| 483 | |
| 484 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { | 635 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { |
| 485 // Ignore the initial updates. | 636 // Ignore the initial updates. |
| 486 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); | 637 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); |
| 487 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | 638 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _, _)) |
| 488 .Times(AtLeast(1)); | 639 .Times(AtLeast(ExpectedImportCertificatesCallCount())); |
| 489 CreateNetworkConfigurationUpdater(); | 640 CreateNetworkConfigurationUpdater(); |
| 641 MarkPolicyProviderInitialized(); |
| 490 Mock::VerifyAndClearExpectations(&network_config_handler_); | 642 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 491 Mock::VerifyAndClearExpectations(certificate_importer_); | 643 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 492 | 644 |
| 493 // The Updater should update if policy changes. | 645 // The Updater should update if policy changes. |
| 494 EXPECT_CALL(network_config_handler_, | 646 EXPECT_CALL(network_config_handler_, |
| 495 SetPolicy(CurrentONCSource(), | 647 SetPolicy(CurrentONCSource(), |
| 496 _, | 648 _, |
| 497 IsEqualTo(&fake_network_configs_), | 649 IsEqualTo(&fake_network_configs_), |
| 498 IsEqualTo(&fake_global_network_config_))); | 650 IsEqualTo(&fake_global_network_config_))); |
| 499 EXPECT_CALL(*certificate_importer_, | 651 EXPECT_CALL(*certificate_importer_, |
| 500 ImportCertificates( | 652 ImportCertificates(IsEqualTo(&fake_certificates_), |
| 501 IsEqualTo(&fake_certificates_), CurrentONCSource(), _)); | 653 CurrentONCSource(), |
| 654 test_nssdb_.get(), |
| 655 _)) |
| 656 .Times(ExpectedImportCertificatesCallCount()); |
| 502 | 657 |
| 503 PolicyMap policy; | 658 PolicyMap policy; |
| 504 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 659 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 505 new base::StringValue(kFakeONC), NULL); | 660 new base::StringValue(kFakeONC), NULL); |
| 506 UpdateProviderPolicy(policy); | 661 UpdateProviderPolicy(policy); |
| 507 Mock::VerifyAndClearExpectations(&network_config_handler_); | 662 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 508 Mock::VerifyAndClearExpectations(certificate_importer_); | 663 Mock::VerifyAndClearExpectations(certificate_importer_); |
| 509 | 664 |
| 510 // Another update is expected if the policy goes away. | 665 // Another update is expected if the policy goes away. |
| 511 EXPECT_CALL(network_config_handler_, | 666 EXPECT_CALL(network_config_handler_, |
| 512 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); | 667 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); |
| 513 EXPECT_CALL(*certificate_importer_, | 668 EXPECT_CALL( |
| 514 ImportCertificates(IsEmpty(), CurrentONCSource(), _)); | 669 *certificate_importer_, |
| 670 ImportCertificates(IsEmpty(), CurrentONCSource(), test_nssdb_.get(), _)) |
| 671 .Times(ExpectedImportCertificatesCallCount()); |
| 515 | 672 |
| 516 policy.Erase(GetParam()); | 673 policy.Erase(GetParam()); |
| 517 UpdateProviderPolicy(policy); | 674 UpdateProviderPolicy(policy); |
| 518 } | 675 } |
| 519 | 676 |
| 520 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, | 677 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, |
| 521 NetworkConfigurationUpdaterTestWithParam, | 678 NetworkConfigurationUpdaterTestWithParam, |
| 522 testing::Values(key::kDeviceOpenNetworkConfiguration, | 679 testing::Values(key::kDeviceOpenNetworkConfiguration, |
| 523 key::kOpenNetworkConfiguration)); | 680 key::kOpenNetworkConfiguration)); |
| 524 | 681 |
| 525 } // namespace policy | 682 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 148183013:
Use per-user nssdb in onc certificate importer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src