Send a message to the client if bad It2Me policies are read.

remoting/host/it2me/it2me_native_messaging_host_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/it2me/it2me_native_messaging_host.h"
 
 #include <cstdint>
 #include <memory>
 #include <string>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/compiler_specific.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
 #include "base/strings/stringize_macros.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "components/policy/core/common/fake_async_policy_loader.h"
 #include "components/policy/core/common/mock_policy_service.h"
+#include "components/policy/policy_constants.h"
 #include "net/base/file_stream.h"
 #include "remoting/base/auto_thread_task_runner.h"
 #include "remoting/host/chromoting_host_context.h"
 #include "remoting/host/native_messaging/log_message_handler.h"
 #include "remoting/host/native_messaging/native_messaging_pipe.h"
 #include "remoting/host/native_messaging/pipe_messaging_channel.h"
 #include "remoting/host/policy_watcher.h"
 #include "remoting/host/setup/test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ skipping 151 matching lines @@
 
 class It2MeNativeMessagingHostTest : public testing::Test {
  public:
   It2MeNativeMessagingHostTest() {}
   ~It2MeNativeMessagingHostTest() override {}
 
   void SetUp() override;
   void TearDown() override;
 
  protected:
+  void SetPolicies(const base::DictionaryValue& dict);
   std::unique_ptr<base::DictionaryValue> ReadMessageFromOutputPipe();
   void WriteMessageToInputPipe(const base::Value& message);
 
   void VerifyHelloResponse(int request_id);
   void VerifyErrorResponse();
   void VerifyConnectResponses(int request_id);
   void VerifyDisconnectResponses(int request_id);
+  void VerifyPolicyErrorResponse();
 
   // The Host process should shut down when it receives a malformed request.
   // This is tested by sending a known-good request, followed by |message|,
   // followed by the known-good request again. The response file should only
   // contain a single response from the first good request.
   void TestBadRequest(const base::Value& message, bool expect_error_response);
   void TestConnect();
 
+  void SendConnectMessage(int id);
+  void SendDisconnectMessage(int id);
+
  private:
   void StartHost();
   void ExitTest();
+  void ExitPolicyRunLoop();
 
   // Each test creates two unidirectional pipes: "input" and "output".
   // It2MeNativeMessagingHost reads from input_read_file and writes to
   // output_write_file. The unittest supplies data to input_write_handle, and
   // verifies output from output_read_handle.
   //
   // unittest -> [input] -> It2MeNativeMessagingHost -> [output] -> unittest
   base::File input_write_file_;
   base::File output_read_file_;
 
   // Message loop of the test thread.
   std::unique_ptr<base::MessageLoop> test_message_loop_;
   std::unique_ptr<base::RunLoop> test_run_loop_;
 
   std::unique_ptr<base::Thread> host_thread_;
   std::unique_ptr<base::RunLoop> host_run_loop_;
 
+  std::unique_ptr<base::RunLoop> policy_run_loop_;
+
+  // Retain a raw pointer to |policy_loader_| in order to control the policy
+  // contents.
+  policy::FakeAsyncPolicyLoader* policy_loader_ = nullptr;
+
   // Task runner of the host thread.
   scoped_refptr<AutoThreadTaskRunner> host_task_runner_;
   std::unique_ptr<remoting::NativeMessagingPipe> pipe_;
 
   DISALLOW_COPY_AND_ASSIGN(It2MeNativeMessagingHostTest);
 };
 
 void It2MeNativeMessagingHostTest::SetUp() {
   test_message_loop_.reset(new base::MessageLoop());
   test_run_loop_.reset(new base::RunLoop());
@@ skipping 31 matching lines @@
 
   // Verify there are no more message in the output pipe.
   std::unique_ptr<base::DictionaryValue> response = ReadMessageFromOutputPipe();
   EXPECT_FALSE(response);
 
   // The It2MeNativeMessagingHost dtor closes the handles that are passed to it.
   // So the only handle left to close is |output_read_file_|.
   output_read_file_.Close();
 }
 
+void It2MeNativeMessagingHostTest::SetPolicies(
+    const base::DictionaryValue& dict) {
+  DCHECK(test_message_loop_->task_runner()->RunsTasksOnCurrentThread());
+  // Copy |dict| into |policy_bundle|.
+  policy::PolicyNamespace policy_namespace =
+      policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string());
+  policy::PolicyBundle policy_bundle;
+  policy::PolicyMap& policy_map = policy_bundle.Get(policy_namespace);
+  policy_map.LoadFrom(&dict, policy::POLICY_LEVEL_MANDATORY,
+                      policy::POLICY_SCOPE_MACHINE,
+                      policy::POLICY_SOURCE_CLOUD);
+
+  // Simulate a policy update and wait for it to complete.
+  policy_run_loop_.reset(new base::RunLoop);
+  policy_loader_->SetPolicies(policy_bundle);
+  policy_loader_->PostReloadOnBackgroundThread(true /* force reload asap */);
+  policy_run_loop_->Run();
+  policy_run_loop_.reset(nullptr);
+}
+
 std::unique_ptr<base::DictionaryValue>
 It2MeNativeMessagingHostTest::ReadMessageFromOutputPipe() {
   while (true) {
     uint32_t length;
     int read_result = output_read_file_.ReadAtCurrentPos(
         reinterpret_cast<char*>(&length), sizeof(length));
     if (read_result != sizeof(length)) {
       // The output pipe has been closed, return an empty message.
       return nullptr;
     }
@@ skipping 140 matching lines @@
         disconnected_received = true;
       } else {
         ADD_FAILURE() << "Unexpected host state: " << state;
       }
     } else {
       ADD_FAILURE() << "Unexpected message type: " << type;
     }
   }
 }
 
+void It2MeNativeMessagingHostTest::VerifyPolicyErrorResponse() {
+  std::unique_ptr<base::DictionaryValue> response = ReadMessageFromOutputPipe();
+  ASSERT_TRUE(response);
+  std::string type;
+  ASSERT_TRUE(response->GetString("type", &type));
+  ASSERT_EQ("policyError", type);
+}
+
 void It2MeNativeMessagingHostTest::TestBadRequest(const base::Value& message,
                                                   bool expect_error_response) {
   base::DictionaryValue good_message;
   good_message.SetString("type", "hello");
   good_message.SetInteger("id", 1);
 
   WriteMessageToInputPipe(good_message);
   WriteMessageToInputPipe(message);
   WriteMessageToInputPipe(good_message);
 
@@ skipping 15 matching lines @@
 
   ASSERT_TRUE(MakePipe(&input_read_file, &input_write_file_));
   ASSERT_TRUE(MakePipe(&output_read_file_, &output_write_file));
 
   pipe_.reset(new NativeMessagingPipe());
 
   std::unique_ptr<extensions::NativeMessagingChannel> channel(
       new PipeMessagingChannel(std::move(input_read_file),
                                std::move(output_write_file)));
 
-  // Creating a native messaging host with a mock It2MeHostFactory.
+  // Creating a native messaging host with a mock It2MeHostFactory and policy
+  // loader.
   std::unique_ptr<ChromotingHostContext> context =
       ChromotingHostContext::Create(host_task_runner_);
+  auto policy_loader =
+      base::MakeUnique<policy::FakeAsyncPolicyLoader>(host_task_runner_);
+  policy_loader_ = policy_loader.get();
   std::unique_ptr<PolicyWatcher> policy_watcher =
-      PolicyWatcher::CreateFromPolicyLoaderForTesting(
-          base::MakeUnique<policy::FakeAsyncPolicyLoader>(
-              base::ThreadTaskRunnerHandle::Get()));
-  std::unique_ptr<extensions::NativeMessageHost> it2me_host(
+      PolicyWatcher::CreateFromPolicyLoaderForTesting(std::move(policy_loader));
+  std::unique_ptr<It2MeNativeMessagingHost> it2me_host(
       new It2MeNativeMessagingHost(
           /*needs_elevation=*/false, std::move(policy_watcher),
           std::move(context), base::WrapUnique(new MockIt2MeHostFactory())));
+  it2me_host->SetPolicyErrorClosureForTesting(
+      base::Bind(base::IgnoreResult(&base::TaskRunner::PostTask),
+                 test_message_loop_->task_runner(), FROM_HERE,
+                 base::Bind(&It2MeNativeMessagingHostTest::ExitPolicyRunLoop,
+                            base::Unretained(this))));
   it2me_host->Start(pipe_.get());
 
   pipe_->Start(std::move(it2me_host), std::move(channel));
 
   // Notify the test that the host has finished starting up.
   test_message_loop_->task_runner()->PostTask(
       FROM_HERE, test_run_loop_->QuitClosure());
 }
 
 void It2MeNativeMessagingHostTest::ExitTest() {
   if (!test_message_loop_->task_runner()->RunsTasksOnCurrentThread()) {
     test_message_loop_->task_runner()->PostTask(
         FROM_HERE,
         base::Bind(&It2MeNativeMessagingHostTest::ExitTest,
                    base::Unretained(this)));
     return;
   }
   test_run_loop_->Quit();
 }
 
-void It2MeNativeMessagingHostTest::TestConnect() {
+void It2MeNativeMessagingHostTest::ExitPolicyRunLoop() {
+  DCHECK(test_message_loop_->task_runner()->RunsTasksOnCurrentThread());
+  if (policy_run_loop_) {
+    policy_run_loop_->Quit();
+  }
+}
+
+void It2MeNativeMessagingHostTest::SendConnectMessage(int id) {
   base::DictionaryValue connect_message;
-  int next_id = 0;
-
-  // Send the "connect" request.
-  connect_message.SetInteger("id", ++next_id);
+  connect_message.SetInteger("id", id);
   connect_message.SetString("type", "connect");
   connect_message.SetString("xmppServerAddress", "talk.google.com:5222");
   connect_message.SetBoolean("xmppServerUseTls", true);
   connect_message.SetString("directoryBotJid", "remoting@bot.talk.google.com");
   connect_message.SetString("userName", "chromo.pyauto@gmail.com");
   connect_message.SetString("authServiceWithToken", "oauth2:sometoken");
   WriteMessageToInputPipe(connect_message);
+}
 
-  VerifyConnectResponses(next_id);
-
+void It2MeNativeMessagingHostTest::SendDisconnectMessage(int id) {
   base::DictionaryValue disconnect_message;
-  disconnect_message.SetInteger("id", ++next_id);
+  disconnect_message.SetInteger("id", id);
   disconnect_message.SetString("type", "disconnect");
   WriteMessageToInputPipe(disconnect_message);
+}
 
+void It2MeNativeMessagingHostTest::TestConnect() {
+  int next_id = 1;
+  SendConnectMessage(next_id);
+  VerifyConnectResponses(next_id);
+  ++next_id;
+  SendDisconnectMessage(next_id);
   VerifyDisconnectResponses(next_id);
 }
 
 // Test hello request.
 TEST_F(It2MeNativeMessagingHostTest, Hello) {
   int next_id = 0;
   base::DictionaryValue message;
   message.SetInteger("id", ++next_id);
   message.SetString("type", "hello");
   WriteMessageToInputPipe(message);
@@ skipping 42 matching lines @@
   TestBadRequest(message, true);
 }
 
 // Verify rejection if type is unrecognized.
 TEST_F(It2MeNativeMessagingHostTest, InvalidType) {
   base::DictionaryValue message;
   message.SetString("type", "xxx");
   TestBadRequest(message, true);
 }
 
+// Verify rejection if type is unrecognized.
+TEST_F(It2MeNativeMessagingHostTest, BadPoliciesBeforeConnect) {
+  base::DictionaryValue bad_policy;
+  bad_policy.SetInteger(policy::key::kRemoteAccessHostFirewallTraversal, 1);
+  SetPolicies(bad_policy);
+  SendConnectMessage(1);
+  VerifyPolicyErrorResponse();
+}
+
+// Verify rejection if type is unrecognized.
+TEST_F(It2MeNativeMessagingHostTest, BadPoliciesAfterConnect) {
+  base::DictionaryValue bad_policy;
+  bad_policy.SetInteger(policy::key::kRemoteAccessHostFirewallTraversal, 1);
+  SendConnectMessage(1);
+  VerifyConnectResponses(1);
+  SetPolicies(bad_policy);
+  VerifyPolicyErrorResponse();
+}
+
 }  // namespace remoting