Chromium Code Reviews Chromium Code Reviews
Issue 148183013:
Use per-user nssdb in onc certificate importer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/callback.h" | 5 #include "base/callback.h" |
| 6 #include "base/values.h" | 6 #include "base/values.h" |
| 7 #include "chrome/browser/browser_process.h" | 7 #include "chrome/browser/browser_process.h" |
| 8 #include "chrome/browser/ui/browser.h" | 8 #include "chrome/browser/ui/browser.h" |
| 9 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 9 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 10 #include "chrome/browser/ui/webui/options/options_ui_browsertest.h" | 10 #include "chrome/browser/ui/webui/options/options_ui_browsertest.h" |
| 11 #include "components/policy/core/browser/browser_policy_connector.h" | 11 #include "components/policy/core/browser/browser_policy_connector.h" |
| 12 #include "components/policy/core/common/external_data_fetcher.h" | 12 #include "components/policy/core/common/external_data_fetcher.h" |
| 13 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 13 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 14 #include "components/policy/core/common/policy_map.h" | 14 #include "components/policy/core/common/policy_map.h" |
| 15 #include "components/policy/core/common/policy_types.h" | 15 #include "components/policy/core/common/policy_types.h" |
| 16 #include "content/public/browser/web_contents.h" | 16 #include "content/public/browser/web_contents.h" |
| 17 #include "content/public/test/browser_test_utils.h" | 17 #include "content/public/test/browser_test_utils.h" |
| 18 #include "content/public/test/test_utils.h" | 18 #include "content/public/test/test_utils.h" |
| 19 #include "policy/policy_constants.h" | 19 #include "policy/policy_constants.h" |
| 20 #include "testing/gmock/include/gmock/gmock.h" | 20 #include "testing/gmock/include/gmock/gmock.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
| 22 | 22 |
| 23 #if defined(OS_CHROMEOS) | 23 #if defined(OS_CHROMEOS) |
| 24 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" | 24 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" |
| 25 #include "chrome/browser/chromeos/policy/network_configuration_updater.h" | 25 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 26 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h" | |
| 27 #include "chrome/browser/net/nss_context.h" | |
| 28 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | |
| 26 #include "chromeos/network/onc/onc_test_utils.h" | 29 #include "chromeos/network/onc/onc_test_utils.h" |
| 27 #include "crypto/nss_util.h" | 30 #include "crypto/nss_util.h" |
| 28 #endif | 31 #endif |
| 29 | 32 |
| 30 using testing::Return; | 33 using testing::Return; |
| 31 using testing::_; | 34 using testing::_; |
| 32 | 35 |
| 33 class CertificateManagerBrowserTest : public options::OptionsUIBrowserTest { | 36 class CertificateManagerBrowserTest : public options::OptionsUIBrowserTest { |
| 34 public: | 37 public: |
| 35 CertificateManagerBrowserTest() {} | 38 CertificateManagerBrowserTest() {} |
| 36 virtual ~CertificateManagerBrowserTest() {} | 39 virtual ~CertificateManagerBrowserTest() {} |
| 37 | 40 |
| 38 protected: | 41 protected: |
| 42 virtual void SetUp() OVERRIDE { | |
| 43 policy::UserNetworkConfigurationUpdaterFactory:: | |
| 44 SetSkipCertificateImporterCreationForTest(true); | |
| 45 options::OptionsUIBrowserTest::SetUp(); | |
| 46 } | |
| 47 | |
| 48 virtual void TearDown() OVERRIDE { | |
| 49 policy::UserNetworkConfigurationUpdaterFactory:: | |
| 50 SetSkipCertificateImporterCreationForTest(false); | |
| 51 options::OptionsUIBrowserTest::TearDown(); | |
| 52 } | |
| 53 | |
| 39 virtual void SetUpInProcessBrowserTestFixture() OVERRIDE { | 54 virtual void SetUpInProcessBrowserTestFixture() OVERRIDE { |
| 40 #if defined(OS_CHROMEOS) | 55 #if defined(OS_CHROMEOS) |
| 41 device_policy_test_helper_.MarkAsEnterpriseOwned(); | 56 device_policy_test_helper_.MarkAsEnterpriseOwned(); |
| 42 #endif | 57 #endif |
| 43 // Setup the policy provider for injecting certs through ONC policy. | 58 // Setup the policy provider for injecting certs through ONC policy. |
| 44 EXPECT_CALL(provider_, IsInitializationComplete(_)) | 59 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 45 .WillRepeatedly(Return(true)); | 60 .WillRepeatedly(Return(true)); |
| 46 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_); | 61 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_); |
| 47 } | 62 } |
| 48 | 63 |
| 49 void SetUpOnIOThread() { | 64 void SetUpOnIOThread() { |
| 50 #if defined(OS_CHROMEOS) | 65 #if defined(OS_CHROMEOS) |
| 51 test_nssdb_.reset(new crypto::ScopedTestNSSDB()); | 66 test_nssdb_.reset(new crypto::ScopedTestNSSDB()); |
| 52 #endif | 67 #endif |
| 53 } | 68 } |
| 54 | 69 |
| 55 void TearDownOnIOThread() { | 70 void TearDownOnIOThread() { |
| 56 #if defined(OS_CHROMEOS) | 71 #if defined(OS_CHROMEOS) |
| 57 test_nssdb_.reset(); | 72 test_nssdb_.reset(); |
| 58 #endif | 73 #endif |
| 59 } | 74 } |
| 60 | 75 |
| 61 virtual void SetUpOnMainThread() OVERRIDE { | 76 virtual void SetUpOnMainThread() OVERRIDE { |
| 62 content::BrowserThread::PostTask( | 77 content::BrowserThread::PostTask( |
| 63 content::BrowserThread::IO, | 78 content::BrowserThread::IO, |
| 64 FROM_HERE, | 79 FROM_HERE, |
| 65 base::Bind(&CertificateManagerBrowserTest::SetUpOnIOThread, this)); | 80 base::Bind(&CertificateManagerBrowserTest::SetUpOnIOThread, this)); |
| 81 | |
| 66 content::RunAllPendingInMessageLoop(content::BrowserThread::IO); | 82 content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| 67 | 83 |
| 68 content::RunAllPendingInMessageLoop(); | 84 content::RunAllPendingInMessageLoop(); |
| 85 #if defined(OS_CHROMEOS) | |
| 86 // UserNetworkConfigurationUpdater's onc::CertificateImporter is usually | |
| 87 // passed the NSSCertDatabase fetched during testing profile | |
| 88 // constrution. Unfortunately, test database gets setup after that, so we | |
| 89 // would end up with |PK11_GetInternalKeySlot|. The cause of this is in | |
| 90 // |crypto::InitializeNSSForChromeOSUser|, which does not open new | |
| 91 // database slot for primary user, but it just uses the singleton one (which | |
| 92 // is not set in tests before |test_nssdb_| is created). To handle this, | |
| 93 // creating certificate importer during the UserNetworkConfiguirationUpdater | |
| 94 // service creation is set to be skipped (see |SetUp|), and cert importer | |
| 95 // is set up here. | |
| 96 // Note that creating |test_nssdb_| sooner (in SetUp) would break thread | |
| 97 // restrictions, which require it to be used on IO thread only. | |
| 98 // TODO(tbarzic): Update InitializeNSSForChromeOSUser not to special case | |
| 99 // the primary user. | |
| 100 GetNSSCertDatabaseForProfile( | |
| 101 browser()->profile(), | |
| 102 base::Bind( | |
| 103 &CertificateManagerBrowserTest::UpdateNetworkConfigurationUpdater, | |
| 104 base::Unretained(this))); | |
| 105 #endif | |
| 106 | |
| 107 content::RunAllPendingInMessageLoop(content::BrowserThread::IO); | |
| 108 | |
| 109 content::RunAllPendingInMessageLoop(); | |
|
xiyuan
2014/02/06 01:28:08
Should this and line 107 be inside #if defined(OS_
tbarzic
2014/02/06 01:36:12
yep
| |
| 69 } | 110 } |
| 70 | 111 |
| 71 virtual void CleanUpOnMainThread() OVERRIDE { | 112 virtual void CleanUpOnMainThread() OVERRIDE { |
| 72 content::BrowserThread::PostTask( | 113 content::BrowserThread::PostTask( |
| 73 content::BrowserThread::IO, | 114 content::BrowserThread::IO, |
| 74 FROM_HERE, | 115 FROM_HERE, |
| 75 base::Bind(&CertificateManagerBrowserTest::TearDownOnIOThread, this)); | 116 base::Bind(&CertificateManagerBrowserTest::TearDownOnIOThread, this)); |
| 76 content::RunAllPendingInMessageLoop(content::BrowserThread::IO); | 117 content::RunAllPendingInMessageLoop(content::BrowserThread::IO); |
| 77 } | 118 } |
| 78 | 119 |
| 79 #if defined(OS_CHROMEOS) | 120 #if defined(OS_CHROMEOS) |
| 121 void UpdateNetworkConfigurationUpdater(net::NSSCertDatabase* database) { | |
| 122 policy::UserNetworkConfigurationUpdaterFactory::GetForProfile( | |
| 123 browser()->profile())->SetCertificateImporter( | |
| 124 scoped_ptr<chromeos::onc::CertificateImporter>( | |
| 125 new chromeos::onc::CertificateImporterImpl(database))); | |
| 126 } | |
| 127 | |
| 80 void LoadONCPolicy(const std::string& filename) { | 128 void LoadONCPolicy(const std::string& filename) { |
| 81 const std::string& user_policy_blob = | 129 const std::string& user_policy_blob = |
| 82 chromeos::onc::test_utils::ReadTestData(filename); | 130 chromeos::onc::test_utils::ReadTestData(filename); |
| 83 policy::PolicyMap policy; | 131 policy::PolicyMap policy; |
| 84 policy.Set(policy::key::kOpenNetworkConfiguration, | 132 policy.Set(policy::key::kOpenNetworkConfiguration, |
| 85 policy::POLICY_LEVEL_MANDATORY, | 133 policy::POLICY_LEVEL_MANDATORY, |
| 86 policy::POLICY_SCOPE_USER, | 134 policy::POLICY_SCOPE_USER, |
| 87 base::Value::CreateStringValue(user_policy_blob), | 135 base::Value::CreateStringValue(user_policy_blob), |
| 88 NULL); | 136 NULL); |
| 89 provider_.UpdateChromePolicy(policy); | 137 provider_.UpdateChromePolicy(policy); |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 153 #endif | 201 #endif |
| 154 IN_PROC_BROWSER_TEST_F(CertificateManagerBrowserTest, | 202 IN_PROC_BROWSER_TEST_F(CertificateManagerBrowserTest, |
| 155 MAYBE_PolicyCertificateWithWebTrustHasIndicator) { | 203 MAYBE_PolicyCertificateWithWebTrustHasIndicator) { |
| 156 LoadONCPolicy("certificate-web-authority.onc"); | 204 LoadONCPolicy("certificate-web-authority.onc"); |
| 157 NavigateToSettings(); | 205 NavigateToSettings(); |
| 158 ClickElement("#certificatesManageButton"); | 206 ClickElement("#certificatesManageButton"); |
| 159 ClickElement("#ca-certs-nav-tab"); | 207 ClickElement("#ca-certs-nav-tab"); |
| 160 EXPECT_TRUE(HasElement(".cert-policy")); | 208 EXPECT_TRUE(HasElement(".cert-policy")); |
| 161 } | 209 } |
| 162 #endif | 210 #endif |
| OLD | NEW |
