| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cryptohi.h> | 5 #include <cryptohi.h> |
| 6 | 6 |
| 7 #include <memory> |
| 8 |
| 7 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
| 8 #include "base/macros.h" | 10 #include "base/macros.h" |
| 9 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/ptr_util.h" |
| 10 #include "base/strings/stringprintf.h" | 12 #include "base/strings/stringprintf.h" |
| 11 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
| 12 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" | 14 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" |
| 13 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" | 15 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" |
| 14 #include "chrome/browser/chromeos/policy/user_policy_test_helper.h" | 16 #include "chrome/browser/chromeos/policy/user_policy_test_helper.h" |
| 15 #include "chrome/browser/extensions/extension_apitest.h" | 17 #include "chrome/browser/extensions/extension_apitest.h" |
| 16 #include "chrome/browser/net/nss_context.h" | 18 #include "chrome/browser/net/nss_context.h" |
| 17 #include "chrome/browser/policy/profile_policy_connector.h" | 19 #include "chrome/browser/policy/profile_policy_connector.h" |
| 18 #include "chrome/browser/policy/profile_policy_connector_factory.h" | 20 #include "chrome/browser/policy/profile_policy_connector_factory.h" |
| 19 #include "chrome/browser/profiles/profile.h" | 21 #include "chrome/browser/profiles/profile.h" |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 183 policy_helper_->Init( | 185 policy_helper_->Init( |
| 184 base::DictionaryValue() /* empty mandatory policy */, | 186 base::DictionaryValue() /* empty mandatory policy */, |
| 185 base::DictionaryValue() /* empty recommended policy */); | 187 base::DictionaryValue() /* empty recommended policy */); |
| 186 } | 188 } |
| 187 | 189 |
| 188 void SetupKeyPermissionPolicy() { | 190 void SetupKeyPermissionPolicy() { |
| 189 // Set up the test policy that gives |extension_| the permission to access | 191 // Set up the test policy that gives |extension_| the permission to access |
| 190 // corporate keys. | 192 // corporate keys. |
| 191 base::DictionaryValue key_permissions_policy; | 193 base::DictionaryValue key_permissions_policy; |
| 192 { | 194 { |
| 193 scoped_ptr<base::DictionaryValue> cert1_key_permission( | 195 std::unique_ptr<base::DictionaryValue> cert1_key_permission( |
| 194 new base::DictionaryValue); | 196 new base::DictionaryValue); |
| 195 cert1_key_permission->SetBooleanWithoutPathExpansion( | 197 cert1_key_permission->SetBooleanWithoutPathExpansion( |
| 196 "allowCorporateKeyUsage", true); | 198 "allowCorporateKeyUsage", true); |
| 197 key_permissions_policy.SetWithoutPathExpansion( | 199 key_permissions_policy.SetWithoutPathExpansion( |
| 198 extension_->id(), cert1_key_permission.release()); | 200 extension_->id(), cert1_key_permission.release()); |
| 199 } | 201 } |
| 200 | 202 |
| 201 std::string key_permissions_policy_str; | 203 std::string key_permissions_policy_str; |
| 202 base::JSONWriter::WriteWithOptions(key_permissions_policy, | 204 base::JSONWriter::WriteWithOptions(key_permissions_policy, |
| 203 base::JSONWriter::OPTIONS_PRETTY_PRINT, | 205 base::JSONWriter::OPTIONS_PRETTY_PRINT, |
| 204 &key_permissions_policy_str); | 206 &key_permissions_policy_str); |
| 205 | 207 |
| 206 base::DictionaryValue user_policy; | 208 base::DictionaryValue user_policy; |
| 207 user_policy.SetStringWithoutPathExpansion(policy::key::kKeyPermissions, | 209 user_policy.SetStringWithoutPathExpansion(policy::key::kKeyPermissions, |
| 208 key_permissions_policy_str); | 210 key_permissions_policy_str); |
| 209 | 211 |
| 210 policy_helper_->UpdatePolicy( | 212 policy_helper_->UpdatePolicy( |
| 211 user_policy, base::DictionaryValue() /* empty recommended policy */, | 213 user_policy, base::DictionaryValue() /* empty recommended policy */, |
| 212 browser()->profile()); | 214 browser()->profile()); |
| 213 } | 215 } |
| 214 | 216 |
| 215 void GotPermissionsForExtension( | 217 void GotPermissionsForExtension( |
| 216 const base::Closure& done_callback, | 218 const base::Closure& done_callback, |
| 217 scoped_ptr<chromeos::KeyPermissions::PermissionsForExtension> | 219 std::unique_ptr<chromeos::KeyPermissions::PermissionsForExtension> |
| 218 permissions_for_ext) { | 220 permissions_for_ext) { |
| 219 std::string client_cert1_spki = | 221 std::string client_cert1_spki = |
| 220 chromeos::platform_keys::GetSubjectPublicKeyInfo(client_cert1_); | 222 chromeos::platform_keys::GetSubjectPublicKeyInfo(client_cert1_); |
| 221 permissions_for_ext->RegisterKeyForCorporateUsage(client_cert1_spki); | 223 permissions_for_ext->RegisterKeyForCorporateUsage(client_cert1_spki); |
| 222 done_callback.Run(); | 224 done_callback.Run(); |
| 223 } | 225 } |
| 224 | 226 |
| 225 void SetupTestCerts(const base::Closure& done_callback, | 227 void SetupTestCerts(const base::Closure& done_callback, |
| 226 net::NSSCertDatabase* cert_db) { | 228 net::NSSCertDatabase* cert_db) { |
| 227 SetupTestClientCerts(cert_db); | 229 SetupTestClientCerts(cert_db); |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 | 266 |
| 265 void TearDownTestSystemSlotOnIO(const base::Closure& done_callback) { | 267 void TearDownTestSystemSlotOnIO(const base::Closure& done_callback) { |
| 266 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 268 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 267 test_system_slot_.reset(); | 269 test_system_slot_.reset(); |
| 268 | 270 |
| 269 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, | 271 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, |
| 270 done_callback); | 272 done_callback); |
| 271 } | 273 } |
| 272 | 274 |
| 273 const bool key_permission_policy_; | 275 const bool key_permission_policy_; |
| 274 scoped_ptr<policy::UserPolicyTestHelper> policy_helper_; | 276 std::unique_ptr<policy::UserPolicyTestHelper> policy_helper_; |
| 275 policy::DevicePolicyCrosTestHelper device_policy_test_helper_; | 277 policy::DevicePolicyCrosTestHelper device_policy_test_helper_; |
| 276 scoped_ptr<crypto::ScopedTestSystemNSSKeySlot> test_system_slot_; | 278 std::unique_ptr<crypto::ScopedTestSystemNSSKeySlot> test_system_slot_; |
| 277 }; | 279 }; |
| 278 | 280 |
| 279 class TestSelectDelegate | 281 class TestSelectDelegate |
| 280 : public chromeos::PlatformKeysService::SelectDelegate { | 282 : public chromeos::PlatformKeysService::SelectDelegate { |
| 281 public: | 283 public: |
| 282 // On each Select call, selects the next entry in |certs_to_select| from back | 284 // On each Select call, selects the next entry in |certs_to_select| from back |
| 283 // to front. Once the first entry is reached, that one will be selected | 285 // to front. Once the first entry is reached, that one will be selected |
| 284 // repeatedly. | 286 // repeatedly. |
| 285 // Entries of |certs_to_select| can be null in which case no certificate will | 287 // Entries of |certs_to_select| can be null in which case no certificate will |
| 286 // be selected. | 288 // be selected. |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 360 // permissions and afterwards runs more basic tests. | 362 // permissions and afterwards runs more basic tests. |
| 361 // After the initial two interactive calls, the simulated user does not select | 363 // After the initial two interactive calls, the simulated user does not select |
| 362 // any cert. | 364 // any cert. |
| 363 IN_PROC_BROWSER_TEST_P(UnmanagedPlatformKeysTest, Basic) { | 365 IN_PROC_BROWSER_TEST_P(UnmanagedPlatformKeysTest, Basic) { |
| 364 net::CertificateList certs; | 366 net::CertificateList certs; |
| 365 certs.push_back(nullptr); | 367 certs.push_back(nullptr); |
| 366 certs.push_back(client_cert2_); | 368 certs.push_back(client_cert2_); |
| 367 certs.push_back(client_cert1_); | 369 certs.push_back(client_cert1_); |
| 368 | 370 |
| 369 GetPlatformKeysService()->SetSelectDelegate( | 371 GetPlatformKeysService()->SetSelectDelegate( |
| 370 make_scoped_ptr(new TestSelectDelegate(certs))); | 372 base::WrapUnique(new TestSelectDelegate(certs))); |
| 371 | 373 |
| 372 ASSERT_TRUE(RunExtensionTest("basicTests")) << message_; | 374 ASSERT_TRUE(RunExtensionTest("basicTests")) << message_; |
| 373 } | 375 } |
| 374 | 376 |
| 375 // On interactive calls, the simulated user always selects |client_cert1_| if | 377 // On interactive calls, the simulated user always selects |client_cert1_| if |
| 376 // matching. | 378 // matching. |
| 377 IN_PROC_BROWSER_TEST_P(UnmanagedPlatformKeysTest, Permissions) { | 379 IN_PROC_BROWSER_TEST_P(UnmanagedPlatformKeysTest, Permissions) { |
| 378 net::CertificateList certs; | 380 net::CertificateList certs; |
| 379 certs.push_back(client_cert1_); | 381 certs.push_back(client_cert1_); |
| 380 | 382 |
| 381 GetPlatformKeysService()->SetSelectDelegate( | 383 GetPlatformKeysService()->SetSelectDelegate( |
| 382 make_scoped_ptr(new TestSelectDelegate(certs))); | 384 base::WrapUnique(new TestSelectDelegate(certs))); |
| 383 | 385 |
| 384 ASSERT_TRUE(RunExtensionTest("permissionTests")) << message_; | 386 ASSERT_TRUE(RunExtensionTest("permissionTests")) << message_; |
| 385 } | 387 } |
| 386 | 388 |
| 387 INSTANTIATE_TEST_CASE_P(Unmanaged, | 389 INSTANTIATE_TEST_CASE_P(Unmanaged, |
| 388 UnmanagedPlatformKeysTest, | 390 UnmanagedPlatformKeysTest, |
| 389 ::testing::Values(DEVICE_STATUS_ENROLLED, | 391 ::testing::Values(DEVICE_STATUS_ENROLLED, |
| 390 DEVICE_STATUS_NOT_ENROLLED)); | 392 DEVICE_STATUS_NOT_ENROLLED)); |
| 391 | 393 |
| 392 IN_PROC_BROWSER_TEST_P(ManagedWithoutPermissionPlatformKeysTest, | 394 IN_PROC_BROWSER_TEST_P(ManagedWithoutPermissionPlatformKeysTest, |
| 393 UserPermissionsBlocked) { | 395 UserPermissionsBlocked) { |
| 394 // To verify that the user is not prompted for any certificate selection, | 396 // To verify that the user is not prompted for any certificate selection, |
| 395 // set up a delegate that fails on any invocation. | 397 // set up a delegate that fails on any invocation. |
| 396 GetPlatformKeysService()->SetSelectDelegate( | 398 GetPlatformKeysService()->SetSelectDelegate( |
| 397 make_scoped_ptr(new TestSelectDelegate(net::CertificateList()))); | 399 base::WrapUnique(new TestSelectDelegate(net::CertificateList()))); |
| 398 | 400 |
| 399 ASSERT_TRUE(RunExtensionTest("managedProfile")) << message_; | 401 ASSERT_TRUE(RunExtensionTest("managedProfile")) << message_; |
| 400 } | 402 } |
| 401 | 403 |
| 402 // A corporate key must not be useable if there is no policy permitting it. | 404 // A corporate key must not be useable if there is no policy permitting it. |
| 403 IN_PROC_BROWSER_TEST_P(ManagedWithoutPermissionPlatformKeysTest, | 405 IN_PROC_BROWSER_TEST_P(ManagedWithoutPermissionPlatformKeysTest, |
| 404 CorporateKeyAccessBlocked) { | 406 CorporateKeyAccessBlocked) { |
| 405 RegisterClient1AsCorporateKey(); | 407 RegisterClient1AsCorporateKey(); |
| 406 | 408 |
| 407 // To verify that the user is not prompted for any certificate selection, | 409 // To verify that the user is not prompted for any certificate selection, |
| 408 // set up a delegate that fails on any invocation. | 410 // set up a delegate that fails on any invocation. |
| 409 GetPlatformKeysService()->SetSelectDelegate( | 411 GetPlatformKeysService()->SetSelectDelegate( |
| 410 make_scoped_ptr(new TestSelectDelegate(net::CertificateList()))); | 412 base::WrapUnique(new TestSelectDelegate(net::CertificateList()))); |
| 411 | 413 |
| 412 ASSERT_TRUE(RunExtensionTest("corporateKeyWithoutPermissionTests")) | 414 ASSERT_TRUE(RunExtensionTest("corporateKeyWithoutPermissionTests")) |
| 413 << message_; | 415 << message_; |
| 414 } | 416 } |
| 415 | 417 |
| 416 INSTANTIATE_TEST_CASE_P( | 418 INSTANTIATE_TEST_CASE_P( |
| 417 ManagedWithoutPermission, | 419 ManagedWithoutPermission, |
| 418 ManagedWithoutPermissionPlatformKeysTest, | 420 ManagedWithoutPermissionPlatformKeysTest, |
| 419 ::testing::Values( | 421 ::testing::Values( |
| 420 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_AFFILIATED_DOMAIN), | 422 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_AFFILIATED_DOMAIN), |
| 421 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN), | 423 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN), |
| 422 Params(DEVICE_STATUS_NOT_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN))); | 424 Params(DEVICE_STATUS_NOT_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN))); |
| 423 | 425 |
| 424 IN_PROC_BROWSER_TEST_P(ManagedWithPermissionPlatformKeysTest, | 426 IN_PROC_BROWSER_TEST_P(ManagedWithPermissionPlatformKeysTest, |
| 425 PolicyGrantsAccessToCorporateKey) { | 427 PolicyGrantsAccessToCorporateKey) { |
| 426 RegisterClient1AsCorporateKey(); | 428 RegisterClient1AsCorporateKey(); |
| 427 | 429 |
| 428 // Set up the test SelectDelegate to select |client_cert1_| if available for | 430 // Set up the test SelectDelegate to select |client_cert1_| if available for |
| 429 // selection. | 431 // selection. |
| 430 net::CertificateList certs; | 432 net::CertificateList certs; |
| 431 certs.push_back(client_cert1_); | 433 certs.push_back(client_cert1_); |
| 432 | 434 |
| 433 GetPlatformKeysService()->SetSelectDelegate( | 435 GetPlatformKeysService()->SetSelectDelegate( |
| 434 make_scoped_ptr(new TestSelectDelegate(certs))); | 436 base::WrapUnique(new TestSelectDelegate(certs))); |
| 435 | 437 |
| 436 ASSERT_TRUE(RunExtensionTest("corporateKeyWithPermissionTests")) << message_; | 438 ASSERT_TRUE(RunExtensionTest("corporateKeyWithPermissionTests")) << message_; |
| 437 } | 439 } |
| 438 | 440 |
| 439 IN_PROC_BROWSER_TEST_P(ManagedWithPermissionPlatformKeysTest, | 441 IN_PROC_BROWSER_TEST_P(ManagedWithPermissionPlatformKeysTest, |
| 440 PolicyDoesGrantAccessToNonCorporateKey) { | 442 PolicyDoesGrantAccessToNonCorporateKey) { |
| 441 // The policy grants access to corporate keys but none are available. | 443 // The policy grants access to corporate keys but none are available. |
| 442 // As the profile is managed, the user must not be able to grant any | 444 // As the profile is managed, the user must not be able to grant any |
| 443 // certificate permission. Set up a delegate that fails on any invocation. | 445 // certificate permission. Set up a delegate that fails on any invocation. |
| 444 GetPlatformKeysService()->SetSelectDelegate( | 446 GetPlatformKeysService()->SetSelectDelegate( |
| 445 make_scoped_ptr(new TestSelectDelegate(net::CertificateList()))); | 447 base::WrapUnique(new TestSelectDelegate(net::CertificateList()))); |
| 446 | 448 |
| 447 ASSERT_TRUE(RunExtensionTest("policyDoesGrantAccessToNonCorporateKey")) | 449 ASSERT_TRUE(RunExtensionTest("policyDoesGrantAccessToNonCorporateKey")) |
| 448 << message_; | 450 << message_; |
| 449 } | 451 } |
| 450 | 452 |
| 451 INSTANTIATE_TEST_CASE_P( | 453 INSTANTIATE_TEST_CASE_P( |
| 452 ManagedWithPermission, | 454 ManagedWithPermission, |
| 453 ManagedWithPermissionPlatformKeysTest, | 455 ManagedWithPermissionPlatformKeysTest, |
| 454 ::testing::Values( | 456 ::testing::Values( |
| 455 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_AFFILIATED_DOMAIN), | 457 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_AFFILIATED_DOMAIN), |
| 456 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN), | 458 Params(DEVICE_STATUS_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN), |
| 457 Params(DEVICE_STATUS_NOT_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN))); | 459 Params(DEVICE_STATUS_NOT_ENROLLED, USER_STATUS_MANAGED_OTHER_DOMAIN))); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1871713002:
Convert //chrome/browser/extensions from scoped_ptr to std::unique_ptr (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master