Resolve certificate references in ONC by PEM.

chrome/browser/chromeos/policy/network_configuration_updater_impl_cros_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/network_configuration_updater_impl_cros.h"
 
 #include "base/files/file_path.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/run_loop.h"
@@ skipping 154 matching lines @@
   ASSERT_TRUE(network_configs_repaired);
 
   PolicyMap policy;
   policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY,
              POLICY_SCOPE_USER, Value::CreateStringValue(onc_policy));
   UpdateProviderPolicy(policy);
 
   EXPECT_CALL(network_library_, AddNetworkProfileObserver(_));
 
   // Ignore the device policy update.
-  EXPECT_CALL(network_library_, LoadOncNetworks(_, _));
+  EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _));
   StrictMock<chromeos::MockCertificateHandler>* certificate_handler =
       new StrictMock<chromeos::MockCertificateHandler>();
-  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _));
+  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _, _));
 
   NetworkConfigurationUpdaterImplCros updater(
       policy_service_.get(),
       &network_library_,
       make_scoped_ptr<chromeos::CertificateHandler>(certificate_handler));
   Mock::VerifyAndClearExpectations(&network_library_);
   Mock::VerifyAndClearExpectations(&certificate_handler);
 
   // After the user policy is initialized, we always push both policies to the
   // NetworkLibrary. Ignore the device policy.
   EXPECT_CALL(network_library_, LoadOncNetworks(
-      _, onc::ONC_SOURCE_DEVICE_POLICY));
+      _, onc::ONC_SOURCE_DEVICE_POLICY, _));
   EXPECT_CALL(network_library_, LoadOncNetworks(
       IsEqualTo(network_configs_repaired),
-      onc::ONC_SOURCE_USER_POLICY));
-  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _)).Times(2);
+      onc::ONC_SOURCE_USER_POLICY,
+      _));
+  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _, _)).Times(2);
 
   EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_));
 
   updater.SetUserPolicyService(false, "hash", policy_service_.get());
   updater.UnsetUserPolicyService();
 }
 
 class NetworkConfigurationUpdaterTestWithParam
     : public NetworkConfigurationUpdaterTest,
       public testing::WithParamInterface<const char*> {
@@ skipping 19 matching lines @@
     user_networks = empty_network_configs_.get();
     user_certs = empty_certificates_.get();
   } else {
     device_networks = empty_network_configs_.get();
     device_certs = empty_certificates_.get();
     user_networks = fake_network_configs_.get();
     user_certs = fake_certificates_.get();
   }
 
   EXPECT_CALL(network_library_, LoadOncNetworks(
-      IsEqualTo(device_networks), onc::ONC_SOURCE_DEVICE_POLICY));
+      IsEqualTo(device_networks), onc::ONC_SOURCE_DEVICE_POLICY, _));
   StrictMock<chromeos::MockCertificateHandler>* certificate_handler =
       new StrictMock<chromeos::MockCertificateHandler>();
   EXPECT_CALL(*certificate_handler, ImportCertificates(
-      IsEqualTo(device_certs), onc::ONC_SOURCE_DEVICE_POLICY, _));
+      IsEqualTo(device_certs), onc::ONC_SOURCE_DEVICE_POLICY, _, _));
 
   NetworkConfigurationUpdaterImplCros updater(
       policy_service_.get(),
       &network_library_,
       make_scoped_ptr<chromeos::CertificateHandler>(certificate_handler));
   Mock::VerifyAndClearExpectations(&network_library_);
   Mock::VerifyAndClearExpectations(&certificate_handler);
 
   // After the user policy is initialized, we always push both policies to the
   // NetworkLibrary.
   EXPECT_CALL(network_library_, LoadOncNetworks(
-      IsEqualTo(device_networks), onc::ONC_SOURCE_DEVICE_POLICY));
+      IsEqualTo(device_networks), onc::ONC_SOURCE_DEVICE_POLICY, _));
   EXPECT_CALL(*certificate_handler, ImportCertificates(
-      IsEqualTo(device_certs), onc::ONC_SOURCE_DEVICE_POLICY, _));
+      IsEqualTo(device_certs), onc::ONC_SOURCE_DEVICE_POLICY, _, _));
 
   EXPECT_CALL(network_library_, LoadOncNetworks(
-      IsEqualTo(user_networks), onc::ONC_SOURCE_USER_POLICY));
+      IsEqualTo(user_networks), onc::ONC_SOURCE_USER_POLICY, _));
   EXPECT_CALL(*certificate_handler, ImportCertificates(
-      IsEqualTo(user_certs), onc::ONC_SOURCE_USER_POLICY, _));
+      IsEqualTo(user_certs), onc::ONC_SOURCE_USER_POLICY, _, _));
 
   EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_));
 
   // We just need an initialized PolicyService, so we can reuse
   // |policy_service_|.
   updater.SetUserPolicyService(false, "hash", policy_service_.get());
   updater.UnsetUserPolicyService();
 }
 
 TEST_P(NetworkConfigurationUpdaterTestWithParam,
        AllowTrustedCertificatesFromPolicy) {
   EXPECT_CALL(network_library_, AddNetworkProfileObserver(_));
 
   const net::CertificateList empty_cert_list;
 
   const net::CertificateList cert_list =
       net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
                                          "ok_cert.pem",
                                          net::X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1u, cert_list.size());
 
-  EXPECT_CALL(network_library_, LoadOncNetworks(_, _)).Times(AnyNumber());
+  EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _)).Times(AnyNumber());
   StrictMock<chromeos::MockCertificateHandler>* certificate_handler =
       new StrictMock<chromeos::MockCertificateHandler>();
-  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _))
+  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _, _))
       .WillRepeatedly(SetCertificateList(empty_cert_list));
   NetworkConfigurationUpdaterImplCros updater(
       policy_service_.get(),
       &network_library_,
       make_scoped_ptr<chromeos::CertificateHandler>(certificate_handler));
   net::CertTrustAnchorProvider* trust_provider =
       updater.GetCertTrustAnchorProvider();
   ASSERT_TRUE(trust_provider);
   // The initial list of trust anchors is empty.
   content::RunAllPendingInMessageLoop(content::BrowserThread::IO);
   EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty());
 
   // Initially, certificates imported from policy don't have trust flags.
   updater.SetUserPolicyService(false, "hash", policy_service_.get());
   content::RunAllPendingInMessageLoop(content::BrowserThread::IO);
   Mock::VerifyAndClearExpectations(&network_library_);
   Mock::VerifyAndClearExpectations(&certificate_handler);
   EXPECT_TRUE(trust_provider->GetAdditionalTrustAnchors().empty());
 
   // Certificates with the "Web" trust flag set should be forwarded to the
   // trust provider.
-  EXPECT_CALL(network_library_, LoadOncNetworks(_, _));
-  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _))
+  EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _));
+  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _, _))
       .WillRepeatedly(SetCertificateList(empty_cert_list));
   onc::ONCSource current_source = NameToONCSource(GetParam());
-  EXPECT_CALL(network_library_, LoadOncNetworks(_, current_source));
-  EXPECT_CALL(*certificate_handler, ImportCertificates(_, current_source, _))
+  EXPECT_CALL(network_library_, LoadOncNetworks(_, current_source, _));
+  EXPECT_CALL(*certificate_handler, ImportCertificates(_, current_source, _, _))
       .WillRepeatedly(SetCertificateList(cert_list));
   // Trigger a new policy load, and spin the IO message loop to pass the
   // certificates to the |trust_provider| on the IO thread.
   updater.SetUserPolicyService(true, "hash", policy_service_.get());
   base::RunLoop loop;
   loop.RunUntilIdle();
   Mock::VerifyAndClearExpectations(&network_library_);
   Mock::VerifyAndClearExpectations(&certificate_handler);
 
   // Certificates are only provided as trust anchors if they come from user
   // policy.
   size_t expected_certs = 0u;
   if (GetParam() == key::kOpenNetworkConfiguration)
     expected_certs = 1u;
   EXPECT_EQ(expected_certs,
             trust_provider->GetAdditionalTrustAnchors().size());
 
   EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_));
   updater.UnsetUserPolicyService();
 }
 
 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) {
   EXPECT_CALL(network_library_, AddNetworkProfileObserver(_));
 
   // Ignore the initial updates.
-  EXPECT_CALL(network_library_, LoadOncNetworks(_, _))
+  EXPECT_CALL(network_library_, LoadOncNetworks(_, _, _))
       .Times(AnyNumber());
   StrictMock<chromeos::MockCertificateHandler>* certificate_handler =
       new StrictMock<chromeos::MockCertificateHandler>();
-  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _))
+  EXPECT_CALL(*certificate_handler, ImportCertificates(_, _, _, _))
       .Times(AnyNumber());
   NetworkConfigurationUpdaterImplCros updater(
       policy_service_.get(),
       &network_library_,
       make_scoped_ptr<chromeos::CertificateHandler>(certificate_handler));
   updater.SetUserPolicyService(false, "hash", policy_service_.get());
   Mock::VerifyAndClearExpectations(&network_library_);
   Mock::VerifyAndClearExpectations(&certificate_handler);
 
   // We should update if policy changes.
   EXPECT_CALL(network_library_, LoadOncNetworks(
-      IsEqualTo(fake_network_configs_.get()), NameToONCSource(GetParam())));
+      IsEqualTo(fake_network_configs_.get()), NameToONCSource(GetParam()), _));
   EXPECT_CALL(*certificate_handler, ImportCertificates(
-      IsEqualTo(fake_certificates_.get()), NameToONCSource(GetParam()), _));
+      IsEqualTo(fake_certificates_.get()), NameToONCSource(GetParam()), _, _));
 
   // In the current implementation, we always apply both policies.
   EXPECT_CALL(network_library_, LoadOncNetworks(
       IsEqualTo(empty_network_configs_.get()),
-      Ne(NameToONCSource(GetParam()))));
+      Ne(NameToONCSource(GetParam())),
+      _));
   EXPECT_CALL(*certificate_handler, ImportCertificates(
       IsEqualTo(empty_certificates_.get()),
       Ne(NameToONCSource(GetParam())),
-      _));
+      _, _));
 
   PolicyMap policy;
   policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
              Value::CreateStringValue(kFakeONC));
   UpdateProviderPolicy(policy);
   Mock::VerifyAndClearExpectations(&network_library_);
   Mock::VerifyAndClearExpectations(&certificate_handler);
 
   // Another update is expected if the policy goes away. In the current
   // implementation, we always apply both policies.
   EXPECT_CALL(network_library_, LoadOncNetworks(
       IsEqualTo(empty_network_configs_.get()),
-      onc::ONC_SOURCE_DEVICE_POLICY));
+      onc::ONC_SOURCE_DEVICE_POLICY,
+      _));
   EXPECT_CALL(*certificate_handler, ImportCertificates(
       IsEqualTo(empty_certificates_.get()),
       onc::ONC_SOURCE_DEVICE_POLICY,
-      _));
+      _, _));
 
   EXPECT_CALL(network_library_, LoadOncNetworks(
       IsEqualTo(empty_network_configs_.get()),
-      onc::ONC_SOURCE_USER_POLICY));
+      onc::ONC_SOURCE_USER_POLICY,
+      _));
   EXPECT_CALL(*certificate_handler, ImportCertificates(
       IsEqualTo(empty_certificates_.get()),
       onc::ONC_SOURCE_USER_POLICY,
-      _));
+      _, _));
 
   EXPECT_CALL(network_library_, RemoveNetworkProfileObserver(_));
 
   policy.Erase(GetParam());
   UpdateProviderPolicy(policy);
   updater.UnsetUserPolicyService();
 }
 
 INSTANTIATE_TEST_CASE_P(
     NetworkConfigurationUpdaterTestWithParamInstance,
     NetworkConfigurationUpdaterTestWithParam,
     testing::Values(key::kDeviceOpenNetworkConfiguration,
                     key::kOpenNetworkConfiguration));
 
 }  // namespace policy