OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
7 #include "base/callback.h" | 7 #include "base/callback.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
11 #include "base/values.h" | 11 #include "base/values.h" |
12 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" | 12 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" |
13 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 13 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
14 #include "chrome/browser/chromeos/settings/cros_settings.h" | 14 #include "chrome/browser/chromeos/settings/cros_settings.h" |
15 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 15 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
16 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" | 16 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" |
17 #include "chrome/test/base/testing_profile.h" | |
18 #include "chromeos/network/fake_network_device_handler.h" | 17 #include "chromeos/network/fake_network_device_handler.h" |
19 #include "chromeos/network/mock_managed_network_configuration_handler.h" | 18 #include "chromeos/network/mock_managed_network_configuration_handler.h" |
20 #include "chromeos/network/onc/onc_certificate_importer.h" | 19 #include "chromeos/network/onc/onc_certificate_importer.h" |
21 #include "chromeos/network/onc/onc_test_utils.h" | 20 #include "chromeos/network/onc/onc_test_utils.h" |
22 #include "chromeos/network/onc/onc_utils.h" | 21 #include "chromeos/network/onc/onc_utils.h" |
23 #include "components/onc/onc_constants.h" | 22 #include "components/onc/onc_constants.h" |
24 #include "components/policy/core/common/external_data_fetcher.h" | 23 #include "components/policy/core/common/external_data_fetcher.h" |
25 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 24 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
26 #include "components/policy/core/common/policy_map.h" | 25 #include "components/policy/core/common/policy_map.h" |
27 #include "components/policy/core/common/policy_service_impl.h" | 26 #include "components/policy/core/common/policy_service_impl.h" |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
247 base::RunLoop().RunUntilIdle(); | 246 base::RunLoop().RunUntilIdle(); |
248 } | 247 } |
249 | 248 |
250 void UpdateProviderPolicy(const PolicyMap& policy) { | 249 void UpdateProviderPolicy(const PolicyMap& policy) { |
251 provider_.UpdateChromePolicy(policy); | 250 provider_.UpdateChromePolicy(policy); |
252 base::RunLoop().RunUntilIdle(); | 251 base::RunLoop().RunUntilIdle(); |
253 } | 252 } |
254 | 253 |
255 UserNetworkConfigurationUpdater* | 254 UserNetworkConfigurationUpdater* |
256 CreateNetworkConfigurationUpdaterForUserPolicy( | 255 CreateNetworkConfigurationUpdaterForUserPolicy( |
257 bool allow_trusted_certs_from_policy, | 256 bool allow_trusted_certs_from_policy) { |
258 bool set_cert_importer) { | |
259 UserNetworkConfigurationUpdater* updater = | 257 UserNetworkConfigurationUpdater* updater = |
260 UserNetworkConfigurationUpdater::CreateForUserPolicy( | 258 UserNetworkConfigurationUpdater::CreateForUserPolicy( |
261 &profile_, | |
262 allow_trusted_certs_from_policy, | 259 allow_trusted_certs_from_policy, |
263 fake_user_, | 260 fake_user_, |
264 policy_service_.get(), | 261 policy_service_.get(), |
| 262 certificate_importer_owned_.Pass(), |
265 &network_config_handler_).release(); | 263 &network_config_handler_).release(); |
266 if (set_cert_importer) { | |
267 EXPECT_TRUE(certificate_importer_owned_); | |
268 updater->SetCertificateImporterForTest( | |
269 certificate_importer_owned_.Pass()); | |
270 } | |
271 network_configuration_updater_.reset(updater); | 264 network_configuration_updater_.reset(updater); |
272 return updater; | 265 return updater; |
273 } | 266 } |
274 | 267 |
275 void CreateNetworkConfigurationUpdaterForDevicePolicy() { | 268 void CreateNetworkConfigurationUpdaterForDevicePolicy() { |
276 network_configuration_updater_ = | 269 network_configuration_updater_ = |
277 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( | 270 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( |
278 policy_service_.get(), | 271 policy_service_.get(), |
279 &network_config_handler_, | 272 &network_config_handler_, |
280 &network_device_handler_, | 273 &network_device_handler_, |
281 chromeos::CrosSettings::Get()); | 274 chromeos::CrosSettings::Get()); |
282 } | 275 } |
283 | 276 |
284 base::ListValue fake_network_configs_; | 277 base::ListValue fake_network_configs_; |
285 base::DictionaryValue fake_global_network_config_; | 278 base::DictionaryValue fake_global_network_config_; |
286 base::ListValue fake_certificates_; | 279 base::ListValue fake_certificates_; |
287 StrictMock<chromeos::MockManagedNetworkConfigurationHandler> | 280 StrictMock<chromeos::MockManagedNetworkConfigurationHandler> |
288 network_config_handler_; | 281 network_config_handler_; |
289 FakeNetworkDeviceHandler network_device_handler_; | 282 FakeNetworkDeviceHandler network_device_handler_; |
290 | 283 |
291 // Not used directly. Required for CrosSettings. | 284 // Not used directly. Required for CrosSettings. |
292 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; | 285 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; |
293 chromeos::ScopedTestCrosSettings scoped_cros_settings_; | 286 chromeos::ScopedTestCrosSettings scoped_cros_settings_; |
294 | 287 |
295 // Ownership of certificate_importer_owned_ is passed to the | |
296 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| | |
297 // continues to point to that instance but |certificate_importer_owned_| is | |
298 // released. | |
299 FakeCertificateImporter* certificate_importer_; | 288 FakeCertificateImporter* certificate_importer_; |
300 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; | 289 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; |
301 | 290 |
302 StrictMock<MockConfigurationPolicyProvider> provider_; | 291 StrictMock<MockConfigurationPolicyProvider> provider_; |
303 scoped_ptr<PolicyServiceImpl> policy_service_; | 292 scoped_ptr<PolicyServiceImpl> policy_service_; |
304 FakeUser fake_user_; | 293 FakeUser fake_user_; |
305 | 294 |
306 TestingProfile profile_; | |
307 | |
308 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; | 295 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; |
309 content::TestBrowserThreadBundle thread_bundle_; | 296 content::TestBrowserThreadBundle thread_bundle_; |
310 }; | 297 }; |
311 | 298 |
312 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { | 299 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { |
313 // Ignore network config updates. | 300 // Ignore network config updates. |
314 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); | 301 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); |
315 | 302 |
316 // Setup the DataRoaming device setting. | 303 // Setup the DataRoaming device setting. |
317 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); | 304 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 UpdateProviderPolicy(policy); | 352 UpdateProviderPolicy(policy); |
366 | 353 |
367 EXPECT_CALL(network_config_handler_, | 354 EXPECT_CALL(network_config_handler_, |
368 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | 355 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
369 _, | 356 _, |
370 IsEqualTo(network_configs_repaired), | 357 IsEqualTo(network_configs_repaired), |
371 IsEqualTo(global_config_repaired))); | 358 IsEqualTo(global_config_repaired))); |
372 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); | 359 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); |
373 | 360 |
374 CreateNetworkConfigurationUpdaterForUserPolicy( | 361 CreateNetworkConfigurationUpdaterForUserPolicy( |
375 false /* do not allow trusted certs from policy */, | 362 false /* do not allow trusted certs from policy */); |
376 true /* set certificate importer */); | |
377 MarkPolicyProviderInitialized(); | 363 MarkPolicyProviderInitialized(); |
378 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); | 364 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); |
379 } | 365 } |
380 | 366 |
381 TEST_F(NetworkConfigurationUpdaterTest, | 367 TEST_F(NetworkConfigurationUpdaterTest, |
382 DoNotAllowTrustedCertificatesFromPolicy) { | 368 DoNotAllowTrustedCertificatesFromPolicy) { |
383 net::CertificateList cert_list; | 369 net::CertificateList cert_list; |
384 cert_list = | 370 cert_list = |
385 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 371 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
386 "ok_cert.pem", | 372 "ok_cert.pem", |
387 net::X509Certificate::FORMAT_AUTO); | 373 net::X509Certificate::FORMAT_AUTO); |
388 ASSERT_EQ(1u, cert_list.size()); | 374 ASSERT_EQ(1u, cert_list.size()); |
389 | 375 |
390 EXPECT_CALL(network_config_handler_, | 376 EXPECT_CALL(network_config_handler_, |
391 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); | 377 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); |
392 certificate_importer_->SetTrustedCertificatesResult(cert_list); | 378 certificate_importer_->SetTrustedCertificatesResult(cert_list); |
393 | 379 |
394 UserNetworkConfigurationUpdater* updater = | 380 UserNetworkConfigurationUpdater* updater = |
395 CreateNetworkConfigurationUpdaterForUserPolicy( | 381 CreateNetworkConfigurationUpdaterForUserPolicy( |
396 false /* do not allow trusted certs from policy */, | 382 false /* do not allow trusted certs from policy */); |
397 true /* set certificate importer */); | |
398 MarkPolicyProviderInitialized(); | 383 MarkPolicyProviderInitialized(); |
399 | 384 |
400 // Certificates with the "Web" trust flag set should not be forwarded to | 385 // Certificates with the "Web" trust flag set should not be forwarded to |
401 // observers. | 386 // observers. |
402 FakeWebTrustedCertsObserver observer; | 387 FakeWebTrustedCertsObserver observer; |
403 updater->AddTrustedCertsObserver(&observer); | 388 updater->AddTrustedCertsObserver(&observer); |
404 | 389 |
405 base::RunLoop().RunUntilIdle(); | 390 base::RunLoop().RunUntilIdle(); |
406 | 391 |
407 net::CertificateList trust_anchors; | 392 net::CertificateList trust_anchors; |
(...skipping 15 matching lines...) Expand all Loading... |
423 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 408 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
424 "ok_cert.pem", | 409 "ok_cert.pem", |
425 net::X509Certificate::FORMAT_AUTO); | 410 net::X509Certificate::FORMAT_AUTO); |
426 ASSERT_EQ(1u, cert_list.size()); | 411 ASSERT_EQ(1u, cert_list.size()); |
427 | 412 |
428 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); | 413 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); |
429 certificate_importer_->SetTrustedCertificatesResult(cert_list); | 414 certificate_importer_->SetTrustedCertificatesResult(cert_list); |
430 | 415 |
431 UserNetworkConfigurationUpdater* updater = | 416 UserNetworkConfigurationUpdater* updater = |
432 CreateNetworkConfigurationUpdaterForUserPolicy( | 417 CreateNetworkConfigurationUpdaterForUserPolicy( |
433 true /* allow trusted certs from policy */, | 418 true /* allow trusted certs from policy */); |
434 true /* set certificate importer */); | |
435 MarkPolicyProviderInitialized(); | 419 MarkPolicyProviderInitialized(); |
436 | 420 |
437 base::RunLoop().RunUntilIdle(); | 421 base::RunLoop().RunUntilIdle(); |
438 | 422 |
439 // Certificates with the "Web" trust flag set will be returned. | 423 // Certificates with the "Web" trust flag set will be returned. |
440 net::CertificateList trust_anchors; | 424 net::CertificateList trust_anchors; |
441 updater->GetWebTrustedCertificates(&trust_anchors); | 425 updater->GetWebTrustedCertificates(&trust_anchors); |
442 EXPECT_EQ(1u, trust_anchors.size()); | 426 EXPECT_EQ(1u, trust_anchors.size()); |
443 } | 427 } |
444 | 428 |
445 TEST_F(NetworkConfigurationUpdaterTest, | 429 TEST_F(NetworkConfigurationUpdaterTest, |
446 AllowTrustedCertificatesFromPolicyOnUpdate) { | 430 AllowTrustedCertificatesFromPolicyOnUpdate) { |
447 // Ignore network configuration changes. | 431 // Ignore network configuration changes. |
448 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) | 432 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) |
449 .Times(AnyNumber()); | 433 .Times(AnyNumber()); |
450 | 434 |
451 // Start with an empty certificate list. | 435 // Start with an empty certificate list. |
452 UserNetworkConfigurationUpdater* updater = | 436 UserNetworkConfigurationUpdater* updater = |
453 CreateNetworkConfigurationUpdaterForUserPolicy( | 437 CreateNetworkConfigurationUpdaterForUserPolicy( |
454 true /* allow trusted certs from policy */, | 438 true /* allow trusted certs from policy */); |
455 true /* set certificate importer */); | |
456 MarkPolicyProviderInitialized(); | 439 MarkPolicyProviderInitialized(); |
457 | 440 |
458 FakeWebTrustedCertsObserver observer; | 441 FakeWebTrustedCertsObserver observer; |
459 updater->AddTrustedCertsObserver(&observer); | 442 updater->AddTrustedCertsObserver(&observer); |
460 | 443 |
461 base::RunLoop().RunUntilIdle(); | 444 base::RunLoop().RunUntilIdle(); |
462 | 445 |
463 // Verify that the returned certificate list is empty. | 446 // Verify that the returned certificate list is empty. |
464 { | 447 { |
465 net::CertificateList trust_anchors; | 448 net::CertificateList trust_anchors; |
(...skipping 27 matching lines...) Expand all Loading... |
493 { | 476 { |
494 net::CertificateList trust_anchors; | 477 net::CertificateList trust_anchors; |
495 updater->GetWebTrustedCertificates(&trust_anchors); | 478 updater->GetWebTrustedCertificates(&trust_anchors); |
496 EXPECT_EQ(1u, trust_anchors.size()); | 479 EXPECT_EQ(1u, trust_anchors.size()); |
497 } | 480 } |
498 EXPECT_EQ(1u, observer.trust_anchors_.size()); | 481 EXPECT_EQ(1u, observer.trust_anchors_.size()); |
499 | 482 |
500 updater->RemoveTrustedCertsObserver(&observer); | 483 updater->RemoveTrustedCertsObserver(&observer); |
501 } | 484 } |
502 | 485 |
503 TEST_F(NetworkConfigurationUpdaterTest, | |
504 DontImportCertificateBeforeCertificateImporterSet) { | |
505 PolicyMap policy; | |
506 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, | |
507 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); | |
508 UpdateProviderPolicy(policy); | |
509 | |
510 EXPECT_CALL(network_config_handler_, | |
511 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | |
512 kFakeUsernameHash, | |
513 IsEqualTo(&fake_network_configs_), | |
514 IsEqualTo(&fake_global_network_config_))); | |
515 | |
516 UserNetworkConfigurationUpdater* updater = | |
517 CreateNetworkConfigurationUpdaterForUserPolicy( | |
518 true /* allow trusted certs from policy */, | |
519 false /* do not set certificate importer */); | |
520 MarkPolicyProviderInitialized(); | |
521 | |
522 Mock::VerifyAndClearExpectations(&network_config_handler_); | |
523 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); | |
524 | |
525 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); | |
526 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); | |
527 | |
528 ASSERT_TRUE(certificate_importer_owned_); | |
529 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass()); | |
530 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); | |
531 } | |
532 | |
533 class NetworkConfigurationUpdaterTestWithParam | 486 class NetworkConfigurationUpdaterTestWithParam |
534 : public NetworkConfigurationUpdaterTest, | 487 : public NetworkConfigurationUpdaterTest, |
535 public testing::WithParamInterface<const char*> { | 488 public testing::WithParamInterface<const char*> { |
536 protected: | 489 protected: |
537 // Returns the currently tested ONC source. | 490 // Returns the currently tested ONC source. |
538 onc::ONCSource CurrentONCSource() { | 491 onc::ONCSource CurrentONCSource() { |
539 if (GetParam() == key::kOpenNetworkConfiguration) | 492 if (GetParam() == key::kOpenNetworkConfiguration) |
540 return onc::ONC_SOURCE_USER_POLICY; | 493 return onc::ONC_SOURCE_USER_POLICY; |
541 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration); | 494 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration); |
542 return onc::ONC_SOURCE_DEVICE_POLICY; | 495 return onc::ONC_SOURCE_DEVICE_POLICY; |
543 } | 496 } |
544 | 497 |
545 // Returns the expected username hash to push policies to | 498 // Returns the expected username hash to push policies to |
546 // ManagedNetworkConfigurationHandler. | 499 // ManagedNetworkConfigurationHandler. |
547 std::string ExpectedUsernameHash() { | 500 std::string ExpectedUsernameHash() { |
548 if (GetParam() == key::kOpenNetworkConfiguration) | 501 if (GetParam() == key::kOpenNetworkConfiguration) |
549 return kFakeUsernameHash; | 502 return kFakeUsernameHash; |
550 return std::string(); | 503 return std::string(); |
551 } | 504 } |
552 | 505 |
553 size_t ExpectedImportCertificatesCallCount() { | 506 size_t ExpectedImportCertificatesCallCount() { |
554 if (GetParam() == key::kOpenNetworkConfiguration) | 507 if (GetParam() == key::kOpenNetworkConfiguration) |
555 return 1u; | 508 return 1u; |
556 return 0u; | 509 return 0u; |
557 } | 510 } |
558 | 511 |
559 void CreateNetworkConfigurationUpdater() { | 512 void CreateNetworkConfigurationUpdater() { |
560 if (GetParam() == key::kOpenNetworkConfiguration) { | 513 if (GetParam() == key::kOpenNetworkConfiguration) { |
561 CreateNetworkConfigurationUpdaterForUserPolicy( | 514 CreateNetworkConfigurationUpdaterForUserPolicy( |
562 false /* do not allow trusted certs from policy */, | 515 false /* do not allow trusted certs from policy */); |
563 true /* set certificate importer */); | |
564 } else { | 516 } else { |
565 CreateNetworkConfigurationUpdaterForDevicePolicy(); | 517 CreateNetworkConfigurationUpdaterForDevicePolicy(); |
566 } | 518 } |
567 } | 519 } |
568 }; | 520 }; |
569 | 521 |
570 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { | 522 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { |
571 PolicyMap policy; | 523 PolicyMap policy; |
572 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 524 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
573 new base::StringValue(kFakeONC), NULL); | 525 new base::StringValue(kFakeONC), NULL); |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
673 EXPECT_EQ(ExpectedImportCertificatesCallCount(), | 625 EXPECT_EQ(ExpectedImportCertificatesCallCount(), |
674 certificate_importer_->GetAndResetImportCount()); | 626 certificate_importer_->GetAndResetImportCount()); |
675 } | 627 } |
676 | 628 |
677 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, | 629 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, |
678 NetworkConfigurationUpdaterTestWithParam, | 630 NetworkConfigurationUpdaterTestWithParam, |
679 testing::Values(key::kDeviceOpenNetworkConfiguration, | 631 testing::Values(key::kDeviceOpenNetworkConfiguration, |
680 key::kOpenNetworkConfiguration)); | 632 key::kOpenNetworkConfiguration)); |
681 | 633 |
682 } // namespace policy | 634 } // namespace policy |
OLD | NEW |