| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" | 12 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" |
| 13 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 13 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
| 14 #include "chrome/browser/chromeos/settings/cros_settings.h" | 14 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 15 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 15 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 16 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" | 16 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" |
| 17 #include "chrome/test/base/testing_profile.h" | 17 #include "chrome/test/base/testing_profile.h" |
| 18 #include "chromeos/network/fake_network_device_handler.h" | 18 #include "chromeos/network/fake_network_device_handler.h" |
| 19 #include "chromeos/network/mock_managed_network_configuration_handler.h" | 19 #include "chromeos/network/mock_managed_network_configuration_handler.h" |
| 20 #include "chromeos/network/onc/mock_certificate_importer.h" | 20 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 21 #include "chromeos/network/onc/onc_test_utils.h" | 21 #include "chromeos/network/onc/onc_test_utils.h" |
| 22 #include "chromeos/network/onc/onc_utils.h" | 22 #include "chromeos/network/onc/onc_utils.h" |
| 23 #include "components/onc/onc_constants.h" | 23 #include "components/onc/onc_constants.h" |
| 24 #include "components/policy/core/common/external_data_fetcher.h" | 24 #include "components/policy/core/common/external_data_fetcher.h" |
| 25 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 25 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 26 #include "components/policy/core/common/policy_map.h" | 26 #include "components/policy/core/common/policy_map.h" |
| 27 #include "components/policy/core/common/policy_service_impl.h" | 27 #include "components/policy/core/common/policy_service_impl.h" |
| 28 #include "components/user_manager/user.h" | 28 #include "components/user_manager/user.h" |
| 29 #include "components/user_manager/user_type.h" | 29 #include "components/user_manager/user_type.h" |
| 30 #include "content/public/test/test_browser_thread_bundle.h" | 30 #include "content/public/test/test_browser_thread_bundle.h" |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 return user_manager::USER_TYPE_REGULAR; | 64 return user_manager::USER_TYPE_REGULAR; |
| 65 } | 65 } |
| 66 | 66 |
| 67 private: | 67 private: |
| 68 DISALLOW_COPY_AND_ASSIGN(FakeUser); | 68 DISALLOW_COPY_AND_ASSIGN(FakeUser); |
| 69 }; | 69 }; |
| 70 | 70 |
| 71 class FakeWebTrustedCertsObserver | 71 class FakeWebTrustedCertsObserver |
| 72 : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { | 72 : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { |
| 73 public: | 73 public: |
| 74 FakeWebTrustedCertsObserver() {} |
| 75 |
| 74 virtual void OnTrustAnchorsChanged( | 76 virtual void OnTrustAnchorsChanged( |
| 75 const net::CertificateList& trust_anchors) OVERRIDE { | 77 const net::CertificateList& trust_anchors) OVERRIDE { |
| 76 trust_anchors_ = trust_anchors; | 78 trust_anchors_ = trust_anchors; |
| 77 } | 79 } |
| 78 net::CertificateList trust_anchors_; | 80 net::CertificateList trust_anchors_; |
| 81 |
| 82 private: |
| 83 DISALLOW_COPY_AND_ASSIGN(FakeWebTrustedCertsObserver); |
| 79 }; | 84 }; |
| 80 | 85 |
| 81 class FakeNetworkDeviceHandler : public chromeos::FakeNetworkDeviceHandler { | 86 class FakeNetworkDeviceHandler : public chromeos::FakeNetworkDeviceHandler { |
| 82 public: | 87 public: |
| 83 FakeNetworkDeviceHandler() : allow_roaming_(false) {} | 88 FakeNetworkDeviceHandler() : allow_roaming_(false) {} |
| 84 | 89 |
| 85 virtual void SetCellularAllowRoaming(bool allow_roaming) OVERRIDE { | 90 virtual void SetCellularAllowRoaming(bool allow_roaming) OVERRIDE { |
| 86 allow_roaming_ = allow_roaming; | 91 allow_roaming_ = allow_roaming; |
| 87 } | 92 } |
| 88 | 93 |
| 89 bool allow_roaming_; | 94 bool allow_roaming_; |
| 95 |
| 96 private: |
| 97 DISALLOW_COPY_AND_ASSIGN(FakeNetworkDeviceHandler); |
| 98 }; |
| 99 |
| 100 class FakeCertificateImporter : public chromeos::onc::CertificateImporter { |
| 101 public: |
| 102 FakeCertificateImporter() |
| 103 : expected_onc_source_(::onc::ONC_SOURCE_UNKNOWN), call_count_(0) {} |
| 104 virtual ~FakeCertificateImporter() {} |
| 105 |
| 106 void SetTrustedCertificatesResult( |
| 107 net::CertificateList onc_trusted_certificates) { |
| 108 onc_trusted_certificates_ = onc_trusted_certificates; |
| 109 } |
| 110 |
| 111 void SetExpectedONCCertificates(const base::ListValue& certificates) { |
| 112 expected_onc_certificates_.reset(certificates.DeepCopy()); |
| 113 } |
| 114 |
| 115 void SetExpectedONCSource(::onc::ONCSource source) { |
| 116 expected_onc_source_ = source; |
| 117 } |
| 118 |
| 119 unsigned int GetAndResetImportCount() { |
| 120 unsigned int count = call_count_; |
| 121 call_count_ = 0; |
| 122 return count; |
| 123 } |
| 124 |
| 125 virtual void ImportCertificates(const base::ListValue& certificates, |
| 126 ::onc::ONCSource source, |
| 127 const DoneCallback& done_callback) OVERRIDE { |
| 128 if (expected_onc_source_ != ::onc::ONC_SOURCE_UNKNOWN) |
| 129 EXPECT_EQ(expected_onc_source_, source); |
| 130 if (expected_onc_certificates_) { |
| 131 EXPECT_TRUE(chromeos::onc::test_utils::Equals( |
| 132 expected_onc_certificates_.get(), &certificates)); |
| 133 } |
| 134 ++call_count_; |
| 135 done_callback.Run(true, onc_trusted_certificates_); |
| 136 } |
| 137 |
| 138 private: |
| 139 ::onc::ONCSource expected_onc_source_; |
| 140 scoped_ptr<base::ListValue> expected_onc_certificates_; |
| 141 net::CertificateList onc_trusted_certificates_; |
| 142 unsigned int call_count_; |
| 143 |
| 144 DISALLOW_COPY_AND_ASSIGN(FakeCertificateImporter); |
| 90 }; | 145 }; |
| 91 | 146 |
| 92 const char kFakeONC[] = | 147 const char kFakeONC[] = |
| 93 "{ \"NetworkConfigurations\": [" | 148 "{ \"NetworkConfigurations\": [" |
| 94 " { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\"," | 149 " { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\"," |
| 95 " \"Type\": \"WiFi\"," | 150 " \"Type\": \"WiFi\"," |
| 96 " \"Name\": \"My WiFi Network\"," | 151 " \"Name\": \"My WiFi Network\"," |
| 97 " \"WiFi\": {" | 152 " \"WiFi\": {" |
| 98 " \"SSID\": \"ssid-none\"," | 153 " \"SSID\": \"ssid-none\"," |
| 99 " \"Security\": \"None\" }" | 154 " \"Security\": \"None\" }" |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 ACTION_P(SetCertificateList, list) { | 193 ACTION_P(SetCertificateList, list) { |
| 139 if (arg2) | 194 if (arg2) |
| 140 *arg2 = list; | 195 *arg2 = list; |
| 141 return true; | 196 return true; |
| 142 } | 197 } |
| 143 | 198 |
| 144 } // namespace | 199 } // namespace |
| 145 | 200 |
| 146 class NetworkConfigurationUpdaterTest : public testing::Test { | 201 class NetworkConfigurationUpdaterTest : public testing::Test { |
| 147 protected: | 202 protected: |
| 148 NetworkConfigurationUpdaterTest() { | 203 NetworkConfigurationUpdaterTest() : certificate_importer_(NULL) {} |
| 149 } | |
| 150 | 204 |
| 151 virtual void SetUp() OVERRIDE { | 205 virtual void SetUp() OVERRIDE { |
| 152 EXPECT_CALL(provider_, IsInitializationComplete(_)) | 206 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 153 .WillRepeatedly(Return(false)); | 207 .WillRepeatedly(Return(false)); |
| 154 provider_.Init(); | 208 provider_.Init(); |
| 155 PolicyServiceImpl::Providers providers; | 209 PolicyServiceImpl::Providers providers; |
| 156 providers.push_back(&provider_); | 210 providers.push_back(&provider_); |
| 157 policy_service_.reset(new PolicyServiceImpl(providers)); | 211 policy_service_.reset(new PolicyServiceImpl(providers)); |
| 158 | 212 |
| 159 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = | 213 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = |
| 160 chromeos::onc::ReadDictionaryFromJson(kFakeONC); | 214 chromeos::onc::ReadDictionaryFromJson(kFakeONC); |
| 161 | 215 |
| 162 base::ListValue* network_configs = NULL; | 216 base::ListValue* network_configs = NULL; |
| 163 fake_toplevel_onc->GetListWithoutPathExpansion( | 217 fake_toplevel_onc->GetListWithoutPathExpansion( |
| 164 onc::toplevel_config::kNetworkConfigurations, &network_configs); | 218 onc::toplevel_config::kNetworkConfigurations, &network_configs); |
| 165 AppendAll(*network_configs, &fake_network_configs_); | 219 AppendAll(*network_configs, &fake_network_configs_); |
| 166 | 220 |
| 167 base::DictionaryValue* global_config = NULL; | 221 base::DictionaryValue* global_config = NULL; |
| 168 fake_toplevel_onc->GetDictionaryWithoutPathExpansion( | 222 fake_toplevel_onc->GetDictionaryWithoutPathExpansion( |
| 169 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config); | 223 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config); |
| 170 fake_global_network_config_.MergeDictionary(global_config); | 224 fake_global_network_config_.MergeDictionary(global_config); |
| 171 | 225 |
| 172 base::ListValue* certs = NULL; | 226 base::ListValue* certs = NULL; |
| 173 fake_toplevel_onc->GetListWithoutPathExpansion( | 227 fake_toplevel_onc->GetListWithoutPathExpansion( |
| 174 onc::toplevel_config::kCertificates, &certs); | 228 onc::toplevel_config::kCertificates, &certs); |
| 175 AppendAll(*certs, &fake_certificates_); | 229 AppendAll(*certs, &fake_certificates_); |
| 176 | 230 |
| 177 certificate_importer_ = | 231 certificate_importer_ = new FakeCertificateImporter; |
| 178 new StrictMock<chromeos::onc::MockCertificateImporter>(); | |
| 179 certificate_importer_owned_.reset(certificate_importer_); | 232 certificate_importer_owned_.reset(certificate_importer_); |
| 180 } | 233 } |
| 181 | 234 |
| 182 virtual void TearDown() OVERRIDE { | 235 virtual void TearDown() OVERRIDE { |
| 183 network_configuration_updater_.reset(); | 236 network_configuration_updater_.reset(); |
| 184 provider_.Shutdown(); | 237 provider_.Shutdown(); |
| 185 base::RunLoop().RunUntilIdle(); | 238 base::RunLoop().RunUntilIdle(); |
| 186 } | 239 } |
| 187 | 240 |
| 188 void MarkPolicyProviderInitialized() { | 241 void MarkPolicyProviderInitialized() { |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 FakeNetworkDeviceHandler network_device_handler_; | 289 FakeNetworkDeviceHandler network_device_handler_; |
| 237 | 290 |
| 238 // Not used directly. Required for CrosSettings. | 291 // Not used directly. Required for CrosSettings. |
| 239 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; | 292 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; |
| 240 chromeos::ScopedTestCrosSettings scoped_cros_settings_; | 293 chromeos::ScopedTestCrosSettings scoped_cros_settings_; |
| 241 | 294 |
| 242 // Ownership of certificate_importer_owned_ is passed to the | 295 // Ownership of certificate_importer_owned_ is passed to the |
| 243 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| | 296 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| |
| 244 // continues to point to that instance but |certificate_importer_owned_| is | 297 // continues to point to that instance but |certificate_importer_owned_| is |
| 245 // released. | 298 // released. |
| 246 StrictMock<chromeos::onc::MockCertificateImporter>* certificate_importer_; | 299 FakeCertificateImporter* certificate_importer_; |
| 247 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; | 300 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; |
| 248 | 301 |
| 249 StrictMock<MockConfigurationPolicyProvider> provider_; | 302 StrictMock<MockConfigurationPolicyProvider> provider_; |
| 250 scoped_ptr<PolicyServiceImpl> policy_service_; | 303 scoped_ptr<PolicyServiceImpl> policy_service_; |
| 251 FakeUser fake_user_; | 304 FakeUser fake_user_; |
| 252 | 305 |
| 253 TestingProfile profile_; | 306 TestingProfile profile_; |
| 254 | 307 |
| 255 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; | 308 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; |
| 256 content::TestBrowserThreadBundle thread_bundle_; | 309 content::TestBrowserThreadBundle thread_bundle_; |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 309 POLICY_SCOPE_USER, | 362 POLICY_SCOPE_USER, |
| 310 new base::StringValue(onc_policy), | 363 new base::StringValue(onc_policy), |
| 311 NULL); | 364 NULL); |
| 312 UpdateProviderPolicy(policy); | 365 UpdateProviderPolicy(policy); |
| 313 | 366 |
| 314 EXPECT_CALL(network_config_handler_, | 367 EXPECT_CALL(network_config_handler_, |
| 315 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | 368 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 316 _, | 369 _, |
| 317 IsEqualTo(network_configs_repaired), | 370 IsEqualTo(network_configs_repaired), |
| 318 IsEqualTo(global_config_repaired))); | 371 IsEqualTo(global_config_repaired))); |
| 319 EXPECT_CALL(*certificate_importer_, | 372 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); |
| 320 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)); | |
| 321 | 373 |
| 322 CreateNetworkConfigurationUpdaterForUserPolicy( | 374 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 323 false /* do not allow trusted certs from policy */, | 375 false /* do not allow trusted certs from policy */, |
| 324 true /* set certificate importer */); | 376 true /* set certificate importer */); |
| 325 MarkPolicyProviderInitialized(); | 377 MarkPolicyProviderInitialized(); |
| 378 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); |
| 326 } | 379 } |
| 327 | 380 |
| 328 TEST_F(NetworkConfigurationUpdaterTest, | 381 TEST_F(NetworkConfigurationUpdaterTest, |
| 329 DoNotAllowTrustedCertificatesFromPolicy) { | 382 DoNotAllowTrustedCertificatesFromPolicy) { |
| 330 net::CertificateList cert_list; | 383 net::CertificateList cert_list; |
| 331 cert_list = | 384 cert_list = |
| 332 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 385 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 333 "ok_cert.pem", | 386 "ok_cert.pem", |
| 334 net::X509Certificate::FORMAT_AUTO); | 387 net::X509Certificate::FORMAT_AUTO); |
| 335 ASSERT_EQ(1u, cert_list.size()); | 388 ASSERT_EQ(1u, cert_list.size()); |
| 336 | 389 |
| 337 EXPECT_CALL(network_config_handler_, | 390 EXPECT_CALL(network_config_handler_, |
| 338 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); | 391 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); |
| 339 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | 392 certificate_importer_->SetTrustedCertificatesResult(cert_list); |
| 340 .WillRepeatedly(SetCertificateList(cert_list)); | |
| 341 | 393 |
| 342 UserNetworkConfigurationUpdater* updater = | 394 UserNetworkConfigurationUpdater* updater = |
| 343 CreateNetworkConfigurationUpdaterForUserPolicy( | 395 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 344 false /* do not allow trusted certs from policy */, | 396 false /* do not allow trusted certs from policy */, |
| 345 true /* set certificate importer */); | 397 true /* set certificate importer */); |
| 346 MarkPolicyProviderInitialized(); | 398 MarkPolicyProviderInitialized(); |
| 347 | 399 |
| 348 // Certificates with the "Web" trust flag set should not be forwarded to | 400 // Certificates with the "Web" trust flag set should not be forwarded to |
| 349 // observers. | 401 // observers. |
| 350 FakeWebTrustedCertsObserver observer; | 402 FakeWebTrustedCertsObserver observer; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 366 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) | 418 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) |
| 367 .Times(AnyNumber()); | 419 .Times(AnyNumber()); |
| 368 | 420 |
| 369 net::CertificateList cert_list; | 421 net::CertificateList cert_list; |
| 370 cert_list = | 422 cert_list = |
| 371 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 423 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 372 "ok_cert.pem", | 424 "ok_cert.pem", |
| 373 net::X509Certificate::FORMAT_AUTO); | 425 net::X509Certificate::FORMAT_AUTO); |
| 374 ASSERT_EQ(1u, cert_list.size()); | 426 ASSERT_EQ(1u, cert_list.size()); |
| 375 | 427 |
| 376 EXPECT_CALL(*certificate_importer_, | 428 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); |
| 377 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | 429 certificate_importer_->SetTrustedCertificatesResult(cert_list); |
| 378 .WillRepeatedly(SetCertificateList(cert_list)); | |
| 379 | 430 |
| 380 UserNetworkConfigurationUpdater* updater = | 431 UserNetworkConfigurationUpdater* updater = |
| 381 CreateNetworkConfigurationUpdaterForUserPolicy( | 432 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 382 true /* allow trusted certs from policy */, | 433 true /* allow trusted certs from policy */, |
| 383 true /* set certificate importer */); | 434 true /* set certificate importer */); |
| 384 MarkPolicyProviderInitialized(); | 435 MarkPolicyProviderInitialized(); |
| 385 | 436 |
| 386 base::RunLoop().RunUntilIdle(); | 437 base::RunLoop().RunUntilIdle(); |
| 387 | 438 |
| 388 // Certificates with the "Web" trust flag set will be returned. | 439 // Certificates with the "Web" trust flag set will be returned. |
| 389 net::CertificateList trust_anchors; | 440 net::CertificateList trust_anchors; |
| 390 updater->GetWebTrustedCertificates(&trust_anchors); | 441 updater->GetWebTrustedCertificates(&trust_anchors); |
| 391 EXPECT_EQ(1u, trust_anchors.size()); | 442 EXPECT_EQ(1u, trust_anchors.size()); |
| 392 } | 443 } |
| 393 | 444 |
| 394 TEST_F(NetworkConfigurationUpdaterTest, | 445 TEST_F(NetworkConfigurationUpdaterTest, |
| 395 AllowTrustedCertificatesFromPolicyOnUpdate) { | 446 AllowTrustedCertificatesFromPolicyOnUpdate) { |
| 396 // Ignore network configuration changes. | 447 // Ignore network configuration changes. |
| 397 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) | 448 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) |
| 398 .Times(AnyNumber()); | 449 .Times(AnyNumber()); |
| 399 | 450 |
| 400 // Start with an empty certificate list. | 451 // Start with an empty certificate list. |
| 401 EXPECT_CALL(*certificate_importer_, | |
| 402 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | |
| 403 .WillRepeatedly(SetCertificateList(net::CertificateList())); | |
| 404 | |
| 405 UserNetworkConfigurationUpdater* updater = | 452 UserNetworkConfigurationUpdater* updater = |
| 406 CreateNetworkConfigurationUpdaterForUserPolicy( | 453 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 407 true /* allow trusted certs from policy */, | 454 true /* allow trusted certs from policy */, |
| 408 true /* set certificate importer */); | 455 true /* set certificate importer */); |
| 409 MarkPolicyProviderInitialized(); | 456 MarkPolicyProviderInitialized(); |
| 410 | 457 |
| 411 FakeWebTrustedCertsObserver observer; | 458 FakeWebTrustedCertsObserver observer; |
| 412 updater->AddTrustedCertsObserver(&observer); | 459 updater->AddTrustedCertsObserver(&observer); |
| 413 | 460 |
| 414 base::RunLoop().RunUntilIdle(); | 461 base::RunLoop().RunUntilIdle(); |
| 415 | 462 |
| 416 // Verify that the returned certificate list is empty. | 463 // Verify that the returned certificate list is empty. |
| 417 Mock::VerifyAndClearExpectations(certificate_importer_); | |
| 418 { | 464 { |
| 419 net::CertificateList trust_anchors; | 465 net::CertificateList trust_anchors; |
| 420 updater->GetWebTrustedCertificates(&trust_anchors); | 466 updater->GetWebTrustedCertificates(&trust_anchors); |
| 421 EXPECT_TRUE(trust_anchors.empty()); | 467 EXPECT_TRUE(trust_anchors.empty()); |
| 422 } | 468 } |
| 423 EXPECT_TRUE(observer.trust_anchors_.empty()); | 469 EXPECT_TRUE(observer.trust_anchors_.empty()); |
| 424 | 470 |
| 425 // Now use a non-empty certificate list to test the observer notification. | 471 // Now use a non-empty certificate list to test the observer notification. |
| 426 net::CertificateList cert_list; | 472 net::CertificateList cert_list; |
| 427 cert_list = | 473 cert_list = |
| 428 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 474 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 429 "ok_cert.pem", | 475 "ok_cert.pem", |
| 430 net::X509Certificate::FORMAT_AUTO); | 476 net::X509Certificate::FORMAT_AUTO); |
| 431 ASSERT_EQ(1u, cert_list.size()); | 477 ASSERT_EQ(1u, cert_list.size()); |
| 432 | 478 certificate_importer_->SetTrustedCertificatesResult(cert_list); |
| 433 EXPECT_CALL(*certificate_importer_, | |
| 434 ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _)) | |
| 435 .WillOnce(SetCertificateList(cert_list)); | |
| 436 | 479 |
| 437 // Change to any non-empty policy, so that updates are triggered. The actual | 480 // Change to any non-empty policy, so that updates are triggered. The actual |
| 438 // content of the policy is irrelevant. | 481 // content of the policy is irrelevant. |
| 439 PolicyMap policy; | 482 PolicyMap policy; |
| 440 policy.Set(key::kOpenNetworkConfiguration, | 483 policy.Set(key::kOpenNetworkConfiguration, |
| 441 POLICY_LEVEL_MANDATORY, | 484 POLICY_LEVEL_MANDATORY, |
| 442 POLICY_SCOPE_USER, | 485 POLICY_SCOPE_USER, |
| 443 new base::StringValue(kFakeONC), | 486 new base::StringValue(kFakeONC), |
| 444 NULL); | 487 NULL); |
| 445 UpdateProviderPolicy(policy); | 488 UpdateProviderPolicy(policy); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 462 PolicyMap policy; | 505 PolicyMap policy; |
| 463 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, | 506 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, |
| 464 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); | 507 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); |
| 465 UpdateProviderPolicy(policy); | 508 UpdateProviderPolicy(policy); |
| 466 | 509 |
| 467 EXPECT_CALL(network_config_handler_, | 510 EXPECT_CALL(network_config_handler_, |
| 468 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | 511 SetPolicy(onc::ONC_SOURCE_USER_POLICY, |
| 469 kFakeUsernameHash, | 512 kFakeUsernameHash, |
| 470 IsEqualTo(&fake_network_configs_), | 513 IsEqualTo(&fake_network_configs_), |
| 471 IsEqualTo(&fake_global_network_config_))); | 514 IsEqualTo(&fake_global_network_config_))); |
| 472 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _ , _)).Times(0); | |
| 473 | 515 |
| 474 UserNetworkConfigurationUpdater* updater = | 516 UserNetworkConfigurationUpdater* updater = |
| 475 CreateNetworkConfigurationUpdaterForUserPolicy( | 517 CreateNetworkConfigurationUpdaterForUserPolicy( |
| 476 true /* allow trusted certs from policy */, | 518 true /* allow trusted certs from policy */, |
| 477 false /* do not set certificate importer */); | 519 false /* do not set certificate importer */); |
| 478 MarkPolicyProviderInitialized(); | 520 MarkPolicyProviderInitialized(); |
| 479 | 521 |
| 480 Mock::VerifyAndClearExpectations(&network_config_handler_); | 522 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 481 Mock::VerifyAndClearExpectations(certificate_importer_); | 523 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); |
| 482 | 524 |
| 483 EXPECT_CALL(network_config_handler_, | 525 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); |
| 484 SetPolicy(onc::ONC_SOURCE_USER_POLICY, | 526 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); |
| 485 kFakeUsernameHash, | |
| 486 IsEqualTo(&fake_network_configs_), | |
| 487 IsEqualTo(&fake_global_network_config_))) | |
| 488 .Times(0); | |
| 489 EXPECT_CALL(*certificate_importer_, | |
| 490 ImportCertificates(IsEqualTo(&fake_certificates_), | |
| 491 onc::ONC_SOURCE_USER_POLICY, | |
| 492 _)); | |
| 493 | 527 |
| 494 ASSERT_TRUE(certificate_importer_owned_); | 528 ASSERT_TRUE(certificate_importer_owned_); |
| 495 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass()); | 529 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass()); |
| 530 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); |
| 496 } | 531 } |
| 497 | 532 |
| 498 class NetworkConfigurationUpdaterTestWithParam | 533 class NetworkConfigurationUpdaterTestWithParam |
| 499 : public NetworkConfigurationUpdaterTest, | 534 : public NetworkConfigurationUpdaterTest, |
| 500 public testing::WithParamInterface<const char*> { | 535 public testing::WithParamInterface<const char*> { |
| 501 protected: | 536 protected: |
| 502 // Returns the currently tested ONC source. | 537 // Returns the currently tested ONC source. |
| 503 onc::ONCSource CurrentONCSource() { | 538 onc::ONCSource CurrentONCSource() { |
| 504 if (GetParam() == key::kOpenNetworkConfiguration) | 539 if (GetParam() == key::kOpenNetworkConfiguration) |
| 505 return onc::ONC_SOURCE_USER_POLICY; | 540 return onc::ONC_SOURCE_USER_POLICY; |
| (...skipping 30 matching lines...) Expand all Loading... |
| 536 PolicyMap policy; | 571 PolicyMap policy; |
| 537 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 572 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 538 new base::StringValue(kFakeONC), NULL); | 573 new base::StringValue(kFakeONC), NULL); |
| 539 UpdateProviderPolicy(policy); | 574 UpdateProviderPolicy(policy); |
| 540 | 575 |
| 541 EXPECT_CALL(network_config_handler_, | 576 EXPECT_CALL(network_config_handler_, |
| 542 SetPolicy(CurrentONCSource(), | 577 SetPolicy(CurrentONCSource(), |
| 543 ExpectedUsernameHash(), | 578 ExpectedUsernameHash(), |
| 544 IsEqualTo(&fake_network_configs_), | 579 IsEqualTo(&fake_network_configs_), |
| 545 IsEqualTo(&fake_global_network_config_))); | 580 IsEqualTo(&fake_global_network_config_))); |
| 546 EXPECT_CALL(*certificate_importer_, | 581 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); |
| 547 ImportCertificates(IsEqualTo(&fake_certificates_), | 582 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); |
| 548 CurrentONCSource(), | |
| 549 _)) | |
| 550 .Times(ExpectedImportCertificatesCallCount()); | |
| 551 | 583 |
| 552 CreateNetworkConfigurationUpdater(); | 584 CreateNetworkConfigurationUpdater(); |
| 553 MarkPolicyProviderInitialized(); | 585 MarkPolicyProviderInitialized(); |
| 586 EXPECT_EQ(ExpectedImportCertificatesCallCount(), |
| 587 certificate_importer_->GetAndResetImportCount()); |
| 554 } | 588 } |
| 555 | 589 |
| 556 TEST_P(NetworkConfigurationUpdaterTestWithParam, | 590 TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| 557 PolicyNotSetBeforePolicyProviderInitialized) { | 591 PolicyNotSetBeforePolicyProviderInitialized) { |
| 558 PolicyMap policy; | 592 PolicyMap policy; |
| 559 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 593 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 560 new base::StringValue(kFakeONC), NULL); | 594 new base::StringValue(kFakeONC), NULL); |
| 561 UpdateProviderPolicy(policy); | 595 UpdateProviderPolicy(policy); |
| 562 | 596 |
| 563 EXPECT_CALL(network_config_handler_, | |
| 564 SetPolicy(CurrentONCSource(), | |
| 565 ExpectedUsernameHash(), | |
| 566 IsEqualTo(&fake_network_configs_), | |
| 567 IsEqualTo(&fake_global_network_config_))) | |
| 568 .Times(0); | |
| 569 EXPECT_CALL(*certificate_importer_, | |
| 570 ImportCertificates(IsEqualTo(&fake_certificates_), | |
| 571 CurrentONCSource(), | |
| 572 _)) | |
| 573 .Times(0); | |
| 574 | |
| 575 CreateNetworkConfigurationUpdater(); | 597 CreateNetworkConfigurationUpdater(); |
| 576 | 598 |
| 577 Mock::VerifyAndClearExpectations(&network_config_handler_); | 599 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 578 Mock::VerifyAndClearExpectations(certificate_importer_); | 600 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); |
| 579 | 601 |
| 580 EXPECT_CALL(network_config_handler_, | 602 EXPECT_CALL(network_config_handler_, |
| 581 SetPolicy(CurrentONCSource(), | 603 SetPolicy(CurrentONCSource(), |
| 582 ExpectedUsernameHash(), | 604 ExpectedUsernameHash(), |
| 583 IsEqualTo(&fake_network_configs_), | 605 IsEqualTo(&fake_network_configs_), |
| 584 IsEqualTo(&fake_global_network_config_))); | 606 IsEqualTo(&fake_global_network_config_))); |
| 585 EXPECT_CALL(*certificate_importer_, | 607 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); |
| 586 ImportCertificates(IsEqualTo(&fake_certificates_), | 608 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); |
| 587 CurrentONCSource(), | |
| 588 _)) | |
| 589 .Times(ExpectedImportCertificatesCallCount()); | |
| 590 | 609 |
| 591 MarkPolicyProviderInitialized(); | 610 MarkPolicyProviderInitialized(); |
| 611 EXPECT_EQ(ExpectedImportCertificatesCallCount(), |
| 612 certificate_importer_->GetAndResetImportCount()); |
| 592 } | 613 } |
| 593 | 614 |
| 594 TEST_P(NetworkConfigurationUpdaterTestWithParam, | 615 TEST_P(NetworkConfigurationUpdaterTestWithParam, |
| 595 PolicyAppliedImmediatelyIfProvidersInitialized) { | 616 PolicyAppliedImmediatelyIfProvidersInitialized) { |
| 596 MarkPolicyProviderInitialized(); | 617 MarkPolicyProviderInitialized(); |
| 597 | 618 |
| 598 PolicyMap policy; | 619 PolicyMap policy; |
| 599 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 620 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 600 new base::StringValue(kFakeONC), NULL); | 621 new base::StringValue(kFakeONC), NULL); |
| 601 UpdateProviderPolicy(policy); | 622 UpdateProviderPolicy(policy); |
| 602 | 623 |
| 603 EXPECT_CALL(network_config_handler_, | 624 EXPECT_CALL(network_config_handler_, |
| 604 SetPolicy(CurrentONCSource(), | 625 SetPolicy(CurrentONCSource(), |
| 605 ExpectedUsernameHash(), | 626 ExpectedUsernameHash(), |
| 606 IsEqualTo(&fake_network_configs_), | 627 IsEqualTo(&fake_network_configs_), |
| 607 IsEqualTo(&fake_global_network_config_))); | 628 IsEqualTo(&fake_global_network_config_))); |
| 608 EXPECT_CALL(*certificate_importer_, | 629 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); |
| 609 ImportCertificates(IsEqualTo(&fake_certificates_), | 630 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); |
| 610 CurrentONCSource(), | |
| 611 _)) | |
| 612 .Times(ExpectedImportCertificatesCallCount()); | |
| 613 | 631 |
| 614 CreateNetworkConfigurationUpdater(); | 632 CreateNetworkConfigurationUpdater(); |
| 633 |
| 634 EXPECT_EQ(ExpectedImportCertificatesCallCount(), |
| 635 certificate_importer_->GetAndResetImportCount()); |
| 615 } | 636 } |
| 616 | 637 |
| 617 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { | 638 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { |
| 618 // Ignore the initial updates. | 639 // Ignore the initial updates. |
| 619 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); | 640 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); |
| 620 EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _)) | |
| 621 .Times(AtLeast(ExpectedImportCertificatesCallCount())); | |
| 622 | 641 |
| 623 CreateNetworkConfigurationUpdater(); | 642 CreateNetworkConfigurationUpdater(); |
| 624 MarkPolicyProviderInitialized(); | 643 MarkPolicyProviderInitialized(); |
| 625 | 644 |
| 626 Mock::VerifyAndClearExpectations(&network_config_handler_); | 645 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 627 Mock::VerifyAndClearExpectations(certificate_importer_); | 646 EXPECT_LE(ExpectedImportCertificatesCallCount(), |
| 647 certificate_importer_->GetAndResetImportCount()); |
| 628 | 648 |
| 629 // The Updater should update if policy changes. | 649 // The Updater should update if policy changes. |
| 630 EXPECT_CALL(network_config_handler_, | 650 EXPECT_CALL(network_config_handler_, |
| 631 SetPolicy(CurrentONCSource(), | 651 SetPolicy(CurrentONCSource(), |
| 632 _, | 652 _, |
| 633 IsEqualTo(&fake_network_configs_), | 653 IsEqualTo(&fake_network_configs_), |
| 634 IsEqualTo(&fake_global_network_config_))); | 654 IsEqualTo(&fake_global_network_config_))); |
| 635 EXPECT_CALL(*certificate_importer_, | 655 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); |
| 636 ImportCertificates(IsEqualTo(&fake_certificates_), | 656 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); |
| 637 CurrentONCSource(), | |
| 638 _)) | |
| 639 .Times(ExpectedImportCertificatesCallCount()); | |
| 640 | 657 |
| 641 PolicyMap policy; | 658 PolicyMap policy; |
| 642 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | 659 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| 643 new base::StringValue(kFakeONC), NULL); | 660 new base::StringValue(kFakeONC), NULL); |
| 644 UpdateProviderPolicy(policy); | 661 UpdateProviderPolicy(policy); |
| 645 Mock::VerifyAndClearExpectations(&network_config_handler_); | 662 Mock::VerifyAndClearExpectations(&network_config_handler_); |
| 646 Mock::VerifyAndClearExpectations(certificate_importer_); | 663 EXPECT_EQ(ExpectedImportCertificatesCallCount(), |
| 664 certificate_importer_->GetAndResetImportCount()); |
| 647 | 665 |
| 648 // Another update is expected if the policy goes away. | 666 // Another update is expected if the policy goes away. |
| 649 EXPECT_CALL(network_config_handler_, | 667 EXPECT_CALL(network_config_handler_, |
| 650 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); | 668 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); |
| 651 EXPECT_CALL(*certificate_importer_, | 669 certificate_importer_->SetExpectedONCCertificates(base::ListValue()); |
| 652 ImportCertificates(IsEmpty(), CurrentONCSource(), _)) | |
| 653 .Times(ExpectedImportCertificatesCallCount()); | |
| 654 | 670 |
| 655 policy.Erase(GetParam()); | 671 policy.Erase(GetParam()); |
| 656 UpdateProviderPolicy(policy); | 672 UpdateProviderPolicy(policy); |
| 673 EXPECT_EQ(ExpectedImportCertificatesCallCount(), |
| 674 certificate_importer_->GetAndResetImportCount()); |
| 657 } | 675 } |
| 658 | 676 |
| 659 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, | 677 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, |
| 660 NetworkConfigurationUpdaterTestWithParam, | 678 NetworkConfigurationUpdaterTestWithParam, |
| 661 testing::Values(key::kDeviceOpenNetworkConfiguration, | 679 testing::Values(key::kDeviceOpenNetworkConfiguration, |
| 662 key::kOpenNetworkConfiguration)); | 680 key::kOpenNetworkConfiguration)); |
| 663 | 681 |
| 664 } // namespace policy | 682 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 582413002:
Make ONCCertificateImporter async. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master