Implementation for chrome.certificateProvider.requestPin/stopPinRequest

chrome/browser/extensions/api/certificate_provider/certificate_provider_apitest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
 
 #include <memory>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/run_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
+#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service.h"
+#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service_factory.h"
+#include "chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/policy/core/browser/browser_policy_connector.h"
 #include "components/policy/core/common/mock_configuration_policy_provider.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/policy_constants.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "content/public/test/test_utils.h"
 #include "crypto/rsa_private_key.h"
 #include "extensions/common/extension.h"
+#include "extensions/test/extension_test_message_listener.h"
 #include "extensions/test/result_catcher.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "third_party/boringssl/src/include/openssl/evp.h"
 #include "third_party/boringssl/src/include/openssl/rsa.h"
+#include "ui/views/controls/label.h"
+#include "ui/views/controls/textfield/textfield.h"
+#include "ui/views/widget/widget.h"
+#include "ui/views/widget/widget_observer.h"
 
 using testing::Return;
 using testing::_;
 
 namespace {
 
 void IgnoreResult(const base::Closure& callback, const base::Value* value) {
   callback.Run();
 }
 
@@ skipping 64 matching lines @@
 std::string JsUint8Array(const std::vector<uint8_t>& bytes) {
   std::string res = "new Uint8Array([";
   for (const uint8_t byte : bytes) {
     res += base::UintToString(byte);
     res += ", ";
   }
   res += "])";
   return res;
 }
 
+// Enters the code in the ShowPinDialog window and pushes the OK event.
+void EnterCode(chromeos::CertificateProviderService* service,
+               const base::string16& code) {
+  chromeos::RequestPinView* view =
+      service->pin_dialog_manager()->active_view_for_testing();
+  view->textfield_for_testing()->SetText(code);
+  view->Accept();
+  base::RunLoop().RunUntilIdle();
+}
+
+// Enters the valid code for extensions from local example folders, in the
+// ShowPinDialog window and waits for the window to close. The extension code
+// is expected to send "Success" message after the validation and request to
+// stopPinRequest is done.
+void EnterCorrectPin(chromeos::CertificateProviderService* service) {
+  ExtensionTestMessageListener listener(false);
+  EnterCode(service, base::ASCIIToUTF16("1234"));
+  ASSERT_TRUE(listener.WaitUntilSatisfied());
+  EXPECT_EQ("Success", listener.message());
+}
+
+// Enters an invalid code for extensions from local example folders, in the
+// ShowPinDialog window and waits for the window to update with the error. The
+// extension code is expected to send "Invalid PIN" message after the validation
+// and the new requestPin (with the error) is done.
+void EnterWrongPin(chromeos::CertificateProviderService* service) {
+  ExtensionTestMessageListener listener(false);
+  EnterCode(service, base::ASCIIToUTF16("567"));
+  ASSERT_TRUE(listener.WaitUntilSatisfied());
+  EXPECT_EQ("Invalid PIN", listener.message());
+
+  // Check that we have an error message displayed.
+  chromeos::RequestPinView* view =
+      service->pin_dialog_manager()->active_view_for_testing();
+  EXPECT_EQ(SK_ColorRED, view->error_label_for_testing()->enabled_color());
+}
+
 class CertificateProviderApiTest : public ExtensionApiTest {
  public:
   CertificateProviderApiTest() {}
 
   void SetUpInProcessBrowserTestFixture() override {
     EXPECT_CALL(provider_, IsInitializationComplete(_))
         .WillRepeatedly(Return(true));
     policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);
 
     ExtensionApiTest::SetUpInProcessBrowserTestFixture();
@@ skipping 15 matching lines @@
                nullptr);
     provider_.UpdateChromePolicy(policy);
 
     content::RunAllPendingInMessageLoop();
   }
 
  protected:
   policy::MockConfigurationPolicyProvider provider_;
 };
 
+class CertificateProviderRequestPinTest : public CertificateProviderApiTest {
+ public:
+  // Loads certificate_provider extension from |folder| and |file_name|.
+  // Returns the CertificateProviderService object from browser context.
+  chromeos::CertificateProviderService* LoadRequestPinExtension(
+      const std::string& folder,
+      const std::string& file_name) {
+    const base::FilePath extension_path =
+        test_data_dir_.AppendASCII("certificate_provider/" + folder);
+    const extensions::Extension* const extension =
+        LoadExtension(extension_path);
+    chromeos::CertificateProviderService* service =
+        chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+            profile());
+    service->pin_dialog_manager()->AddSignRequestId(extension->id(), 123);
+    ui_test_utils::NavigateToURL(browser(),
+                                 extension->GetResourceURL(file_name));
+    return service;
+  }
+};
+
 }  // namespace
 
 IN_PROC_BROWSER_TEST_F(CertificateProviderApiTest, Basic) {
   // Start an HTTPS test server that requests a client certificate.
   net::SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.request_client_certificate = true;
   net::SpawnedTestServer https_server(net::SpawnedTestServer::TYPE_HTTPS,
                                       ssl_options, base::FilePath());
   ASSERT_TRUE(https_server.Start());
 
@@ skipping 91 matching lines @@
     base::RunLoop run_loop;
     const std::string code = "replyWithSignatureSecondTime();";
     bool result = false;
     extension_contents->GetMainFrame()->ExecuteJavaScriptForTests(
         base::ASCIIToUTF16(code),
         base::Bind(&StoreBool, &result, run_loop.QuitClosure()));
     run_loop.Run();
     EXPECT_TRUE(result);
   }
 }
+
+// User enters the correct PIN.
+IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest, ShowPinDialogAccept) {
+  chromeos::CertificateProviderService* service =
+      LoadRequestPinExtension("request_pin", "basic.html");
+
+  // Enter the valid PIN.
+  EnterCorrectPin(service);
+
+  // The view should be set to nullptr when the window is closed.
+  EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr);
+}
+
+// User closes the dialog kMaxClosedDialogsPer10Mins times, and the extension
+// should be blocked from showing it again.
+IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest, ShowPinDialogClose) {
+  chromeos::CertificateProviderService* service =
+      LoadRequestPinExtension("request_pin", "basic.html");
+
+  views::Widget* window =
+      service->pin_dialog_manager()->active_window_for_testing();
+  for (int i = 0;
+       i < extensions::api::certificate_provider::kMaxClosedDialogsPer10Mins;
+       i++) {
+    ExtensionTestMessageListener listener(false);
+    window->Close();
+    ASSERT_TRUE(listener.WaitUntilSatisfied());
+    EXPECT_EQ("User closed the dialog", listener.message());

[Devlin, 2016/11/29 21:09:04]

Here and below, you can pass an expected message to the listener.

[igorcov, 2016/11/30 15:32:38]

Done.

+    window = service->pin_dialog_manager()->active_window_for_testing();
+  }
+
+  std::unique_ptr<ExtensionTestMessageListener> listener(
+      new ExtensionTestMessageListener(true));
+  window->Close();
+  ASSERT_TRUE(listener->WaitUntilSatisfied());
+  EXPECT_EQ("User closed the dialog", listener->message());
+  listener->Reply("GetLastError");
+  listener.reset(new ExtensionTestMessageListener(false));

[Devlin, 2016/11/29 21:09:04]

nit: I'd just use two different listeners (stack-allocated) here.  Otherwise
there's technically a race condition if the extension responded before we reset
it to listen to the next message (though it would never trigger since it's
across a process boundary).

[igorcov, 2016/11/30 15:32:38]

Done.

+  ASSERT_TRUE(listener->WaitUntilSatisfied());
+  EXPECT_EQ(
+      "This request exceeds the MAX_PIN_DIALOGS_CLOSED_PER_10_MINUTES quota.",
+      listener->message());
+  EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr);
+}
+
+// User enters a wrong PIN first and a correct PIN on the second try.
+IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest,
+                       ShowPinDialogWrongPin) {
+  chromeos::CertificateProviderService* service =
+      LoadRequestPinExtension("request_pin", "basic.html");
+  EnterWrongPin(service);
+
+  // The window should be active.
+  EXPECT_EQ(
+      service->pin_dialog_manager()->active_window_for_testing()->IsVisible(),
+      true);
+  EXPECT_NE(service->pin_dialog_manager()->active_view_for_testing(), nullptr);
+
+  // Enter the valid PIN.
+  EnterCorrectPin(service);
+
+  // The view should be set to nullptr when the window is closed.
+  EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr);
+}
+
+// User enters wrong PIN three times.
+IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest,
+                       ShowPinDialogWrongPinThreeTimes) {
+  chromeos::CertificateProviderService* service =
+      LoadRequestPinExtension("request_pin", "basic.html");
+  for (int i = 0; i < 3; i++) {
+    EnterWrongPin(service);
+  }
+
+  chromeos::RequestPinView* view =
+      service->pin_dialog_manager()->active_view_for_testing();
+
+  // The textfield has to be disabled, as extension does not allow input now.
+  EXPECT_EQ(view->textfield_for_testing()->enabled(), false);
+
+  // Close the dialog.
+  ExtensionTestMessageListener listener(false);
+  service->pin_dialog_manager()->active_window_for_testing()->Close();
+  ASSERT_TRUE(listener.WaitUntilSatisfied());
+  EXPECT_EQ("No attempt left", listener.message());
+  EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr);
+}
+
+// User closes the dialog while the extension is processing the request.
+IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest,
+                       ShowPinDialogCloseWhileProcessing) {
+  chromeos::CertificateProviderService* service =
+      LoadRequestPinExtension("request_pin", "basic_lock.html");
+
+  EnterCode(service, base::ASCIIToUTF16("123"));
+  service->pin_dialog_manager()->active_window_for_testing()->Close();
+  base::RunLoop().RunUntilIdle();
+
+  // The view should be set to nullptr when the window is closed.
+  EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr);
+}