Add support for multiple allowed domains

remoting/host/policy_watcher_unittest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/policy_watcher.h"
 
 #include "base/bind.h"
 #include "base/json/json_writer.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
@@ skipping 56 matching lines @@
     // We expect no callbacks unless explicitly specified by individual tests.
     EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(testing::_)).Times(0);
     EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0);
 
     // Retaining a raw pointer to keep control over policy contents.
     policy_loader_ =
         new policy::FakeAsyncPolicyLoader(base::ThreadTaskRunnerHandle::Get());
     policy_watcher_ = PolicyWatcher::CreateFromPolicyLoaderForTesting(
         base::WrapUnique(policy_loader_));
 
+    base::ListValue host_domain;
+    host_domain.AppendString(kHostDomain);
+
     nat_true_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true);
     nat_false_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, false);
     nat_one_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1);
     nat_one_domain_full_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1);
-    nat_one_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
-    domain_empty_.SetString(key::kRemoteAccessHostDomain, std::string());
-    domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
+    nat_one_domain_full_.Set(key::kRemoteAccessHostDomainList,
+                             host_domain.CreateDeepCopy());
+    domain_empty_.Set(key::kRemoteAccessHostDomainList,
+                      base::MakeUnique<base::ListValue>());
+    domain_full_.Set(key::kRemoteAccessHostDomainList,
+                     host_domain.CreateDeepCopy());
     SetDefaults(nat_true_others_default_);
     nat_true_others_default_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
                                         true);
     SetDefaults(nat_false_others_default_);
     nat_false_others_default_.SetBoolean(
         key::kRemoteAccessHostFirewallTraversal, false);
     SetDefaults(domain_empty_others_default_);
-    domain_empty_others_default_.SetString(key::kRemoteAccessHostDomain,
-                                           std::string());
+    domain_empty_others_default_.Set(key::kRemoteAccessHostDomainList,
+                                     base::MakeUnique<base::ListValue>());
     SetDefaults(domain_full_others_default_);
-    domain_full_others_default_.SetString(key::kRemoteAccessHostDomain,
-                                          kHostDomain);
+    domain_full_others_default_.Set(key::kRemoteAccessHostDomainList,
+                                    host_domain.CreateDeepCopy());
     nat_true_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
                                       true);
-    nat_true_domain_empty_.SetString(key::kRemoteAccessHostDomain,
-                                     std::string());
+    nat_true_domain_empty_.Set(key::kRemoteAccessHostDomainList,
+                               base::MakeUnique<base::ListValue>());
     nat_true_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
                                      true);
-    nat_true_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
+    nat_true_domain_full_.Set(key::kRemoteAccessHostDomainList,
+                              host_domain.CreateDeepCopy());
     nat_false_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
                                        false);
-    nat_false_domain_empty_.SetString(key::kRemoteAccessHostDomain,
-                                      std::string());
+    nat_false_domain_empty_.Set(key::kRemoteAccessHostDomainList,
+                                base::MakeUnique<base::ListValue>());
     nat_false_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
                                       false);
-    nat_false_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
+    nat_false_domain_full_.Set(key::kRemoteAccessHostDomainList,
+                               host_domain.CreateDeepCopy());
     SetDefaults(nat_true_domain_empty_others_default_);
     nat_true_domain_empty_others_default_.SetBoolean(
         key::kRemoteAccessHostFirewallTraversal, true);
-    nat_true_domain_empty_others_default_.SetString(
-        key::kRemoteAccessHostDomain, std::string());
+    nat_true_domain_empty_others_default_.Set(
+        key::kRemoteAccessHostDomainList, base::MakeUnique<base::ListValue>());
     unknown_policies_.SetString("UnknownPolicyOne", std::string());
     unknown_policies_.SetString("UnknownPolicyTwo", std::string());
     unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true);
 
     pairing_true_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true);
     pairing_false_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, false);
     gnubby_auth_true_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true);
     gnubby_auth_false_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, false);
     relay_true_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true);
     relay_false_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection,
                             false);
     port_range_full_.SetString(key::kRemoteAccessHostUdpPortRange, kPortRange);
     port_range_empty_.SetString(key::kRemoteAccessHostUdpPortRange,
                                 std::string());
     port_range_malformed_.SetString(key::kRemoteAccessHostUdpPortRange,
                                     "malformed");
     port_range_malformed_domain_full_.MergeDictionary(&port_range_malformed_);
-    port_range_malformed_domain_full_.SetString(key::kRemoteAccessHostDomain,
-                                                kHostDomain);
+    port_range_malformed_domain_full_.Set(key::kRemoteAccessHostDomainList,
+                                          host_domain.CreateDeepCopy());
 
     curtain_true_.SetBoolean(key::kRemoteAccessHostRequireCurtain, true);
     curtain_false_.SetBoolean(key::kRemoteAccessHostRequireCurtain, false);
     username_true_.SetBoolean(key::kRemoteAccessHostMatchUsername, true);
     username_false_.SetBoolean(key::kRemoteAccessHostMatchUsername, false);
     talk_gadget_blah_.SetString(key::kRemoteAccessHostTalkGadgetPrefix, "blah");
     third_party_auth_partial_.SetString(key::kRemoteAccessHostTokenUrl,
                                         "https://token.com");
     third_party_auth_partial_.SetString(
         key::kRemoteAccessHostTokenValidationUrl, "https://validation.com");
@@ skipping 99 matching lines @@
   base::DictionaryValue third_party_auth_partial_;
   base::DictionaryValue third_party_auth_cert_empty_;
   base::DictionaryValue remote_assistance_uiaccess_true_;
   base::DictionaryValue remote_assistance_uiaccess_false_;
 
  private:
   void SetDefaults(base::DictionaryValue& dict) {
     dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true);
     dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true);
     dict.SetString(key::kRemoteAccessHostUdpPortRange, "");
-    dict.SetString(key::kRemoteAccessHostClientDomain, std::string());
-    dict.SetString(key::kRemoteAccessHostDomain, std::string());
+    dict.Set(key::kRemoteAccessHostClientDomainList,
+             base::MakeUnique<base::ListValue>());
+    dict.Set(key::kRemoteAccessHostDomainList,
+             base::MakeUnique<base::ListValue>());
     dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false);
     dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix,
                    kDefaultHostTalkGadgetPrefix);
     dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false);
     dict.SetString(key::kRemoteAccessHostTokenUrl, "");
     dict.SetString(key::kRemoteAccessHostTokenValidationUrl, "");
     dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, "");
     dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true);
     dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true);
     dict.SetBoolean(key::kRemoteAccessHostAllowUiAccessForRemoteAssistance,
@@ skipping 387 matching lines @@
   std::map<std::string, base::Value::Type> actual_schema;
   const policy::Schema* schema = GetPolicySchema();
   ASSERT_TRUE(schema->valid());
   for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) {
     std::string key = it.key();
     if (key.find("RemoteAccessHost") == std::string::npos) {
       // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting
       // policies, so we have to skip them here.
       continue;
     }
+    if (key == policy::key::kRemoteAccessHostDomain ||
+        key == policy::key::kRemoteAccessHostClientDomain) {
+      // These policies are deprecated and get removed during normalization
+      continue;
+    }
     actual_schema[key] = it.schema().type();
   }
 
   EXPECT_THAT(actual_schema, testing::ContainerEq(expected_schema));
 }
 
 TEST_F(PolicyWatcherTest, SchemaTypeCheck) {
   const policy::Schema* schema = GetPolicySchema();
   ASSERT_TRUE(schema->valid());
 
   // Check one, random "string" policy to see if the type propagated correctly
   // from policy_templates.json file.
   const policy::Schema string_schema =
       schema->GetKnownProperty("RemoteAccessHostDomain");
   EXPECT_TRUE(string_schema.valid());
   EXPECT_EQ(string_schema.type(), base::Value::Type::STRING);
 
   // And check one, random "boolean" policy to see if the type propagated
   // correctly from policy_templates.json file.
   const policy::Schema boolean_schema =
       schema->GetKnownProperty("RemoteAccessHostRequireCurtain");
   EXPECT_TRUE(boolean_schema.valid());
   EXPECT_EQ(boolean_schema.type(), base::Value::Type::BOOLEAN);
 }
 
 }  // namespace remoting