| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/basictypes.h" | 5 #include "base/basictypes.h" |
| 6 #include "base/bind.h" | 6 #include "base/bind.h" |
| 7 #include "base/json/json_writer.h" | 7 #include "base/json/json_writer.h" |
| 8 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "base/synchronization/waitable_event.h" | 10 #include "base/synchronization/waitable_event.h" |
| 11 #include "components/policy/core/common/fake_async_policy_loader.h" | 11 #include "components/policy/core/common/fake_async_policy_loader.h" |
| 12 #include "policy/policy_constants.h" | 12 #include "policy/policy_constants.h" |
| 13 #include "remoting/host/dns_blackhole_checker.h" | 13 #include "remoting/host/dns_blackhole_checker.h" |
| 14 #include "remoting/host/policy_watcher.h" | 14 #include "remoting/host/policy_watcher.h" |
| 15 #include "testing/gmock/include/gmock/gmock.h" | 15 #include "testing/gmock/include/gmock/gmock.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 17 |
| 18 namespace remoting { | 18 namespace remoting { |
| 19 | 19 |
| 20 namespace key = ::policy::key; |
| 21 |
| 20 MATCHER_P(IsPolicies, dict, "") { | 22 MATCHER_P(IsPolicies, dict, "") { |
| 21 bool equal = arg->Equals(dict); | 23 bool equal = arg->Equals(dict); |
| 22 if (!equal) { | 24 if (!equal) { |
| 23 std::string actual_value; | 25 std::string actual_value; |
| 24 base::JSONWriter::WriteWithOptions( | 26 base::JSONWriter::WriteWithOptions( |
| 25 arg, base::JSONWriter::OPTIONS_PRETTY_PRINT, &actual_value); | 27 arg, base::JSONWriter::OPTIONS_PRETTY_PRINT, &actual_value); |
| 26 | 28 |
| 27 std::string expected_value; | 29 std::string expected_value; |
| 28 base::JSONWriter::WriteWithOptions( | 30 base::JSONWriter::WriteWithOptions( |
| 29 dict, base::JSONWriter::OPTIONS_PRETTY_PRINT, &expected_value); | 31 dict, base::JSONWriter::OPTIONS_PRETTY_PRINT, &expected_value); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 49 | 51 |
| 50 private: | 52 private: |
| 51 DISALLOW_COPY_AND_ASSIGN(MockPolicyCallback); | 53 DISALLOW_COPY_AND_ASSIGN(MockPolicyCallback); |
| 52 }; | 54 }; |
| 53 | 55 |
| 54 class PolicyWatcherTest : public testing::Test { | 56 class PolicyWatcherTest : public testing::Test { |
| 55 public: | 57 public: |
| 56 PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {} | 58 PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {} |
| 57 | 59 |
| 58 void SetUp() override { | 60 void SetUp() override { |
| 61 // We expect no callbacks unless explicitly specified by individual tests. |
| 62 EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(testing::_)).Times(0); |
| 63 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0); |
| 64 |
| 59 message_loop_proxy_ = base::MessageLoopProxy::current(); | 65 message_loop_proxy_ = base::MessageLoopProxy::current(); |
| 60 | 66 |
| 61 // Retaining a raw pointer to keep control over policy contents. | 67 // Retaining a raw pointer to keep control over policy contents. |
| 62 policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_); | 68 policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_); |
| 63 policy_watcher_ = | 69 policy_watcher_ = |
| 64 PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_)); | 70 PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_)); |
| 65 | 71 |
| 66 nat_true_.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, true); | 72 nat_true_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); |
| 67 nat_false_.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, | 73 nat_false_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, false); |
| 68 false); | 74 nat_one_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1); |
| 69 nat_one_.SetInteger(policy::key::kRemoteAccessHostFirewallTraversal, 1); | 75 nat_one_domain_full_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1); |
| 70 domain_empty_.SetString(policy::key::kRemoteAccessHostDomain, | 76 nat_one_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
| 71 std::string()); | 77 domain_empty_.SetString(key::kRemoteAccessHostDomain, std::string()); |
| 72 domain_full_.SetString(policy::key::kRemoteAccessHostDomain, kHostDomain); | 78 domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
| 73 SetDefaults(nat_true_others_default_); | 79 SetDefaults(nat_true_others_default_); |
| 74 nat_true_others_default_.SetBoolean( | 80 nat_true_others_default_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
| 75 policy::key::kRemoteAccessHostFirewallTraversal, true); | 81 true); |
| 76 SetDefaults(nat_false_others_default_); | 82 SetDefaults(nat_false_others_default_); |
| 77 nat_false_others_default_.SetBoolean( | 83 nat_false_others_default_.SetBoolean( |
| 78 policy::key::kRemoteAccessHostFirewallTraversal, false); | 84 key::kRemoteAccessHostFirewallTraversal, false); |
| 79 SetDefaults(domain_empty_others_default_); | 85 SetDefaults(domain_empty_others_default_); |
| 80 domain_empty_others_default_.SetString(policy::key::kRemoteAccessHostDomain, | 86 domain_empty_others_default_.SetString(key::kRemoteAccessHostDomain, |
| 81 std::string()); | 87 std::string()); |
| 82 SetDefaults(domain_full_others_default_); | 88 SetDefaults(domain_full_others_default_); |
| 83 domain_full_others_default_.SetString(policy::key::kRemoteAccessHostDomain, | 89 domain_full_others_default_.SetString(key::kRemoteAccessHostDomain, |
| 84 kHostDomain); | 90 kHostDomain); |
| 85 nat_true_domain_empty_.SetBoolean( | 91 nat_true_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
| 86 policy::key::kRemoteAccessHostFirewallTraversal, true); | 92 true); |
| 87 nat_true_domain_empty_.SetString(policy::key::kRemoteAccessHostDomain, | 93 nat_true_domain_empty_.SetString(key::kRemoteAccessHostDomain, |
| 88 std::string()); | 94 std::string()); |
| 89 nat_true_domain_full_.SetBoolean( | 95 nat_true_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
| 90 policy::key::kRemoteAccessHostFirewallTraversal, true); | 96 true); |
| 91 nat_true_domain_full_.SetString(policy::key::kRemoteAccessHostDomain, | 97 nat_true_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
| 92 kHostDomain); | 98 nat_false_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
| 93 nat_false_domain_empty_.SetBoolean( | 99 false); |
| 94 policy::key::kRemoteAccessHostFirewallTraversal, false); | 100 nat_false_domain_empty_.SetString(key::kRemoteAccessHostDomain, |
| 95 nat_false_domain_empty_.SetString(policy::key::kRemoteAccessHostDomain, | |
| 96 std::string()); | 101 std::string()); |
| 97 nat_false_domain_full_.SetBoolean( | 102 nat_false_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
| 98 policy::key::kRemoteAccessHostFirewallTraversal, false); | 103 false); |
| 99 nat_false_domain_full_.SetString(policy::key::kRemoteAccessHostDomain, | 104 nat_false_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
| 100 kHostDomain); | |
| 101 SetDefaults(nat_true_domain_empty_others_default_); | 105 SetDefaults(nat_true_domain_empty_others_default_); |
| 102 nat_true_domain_empty_others_default_.SetBoolean( | 106 nat_true_domain_empty_others_default_.SetBoolean( |
| 103 policy::key::kRemoteAccessHostFirewallTraversal, true); | 107 key::kRemoteAccessHostFirewallTraversal, true); |
| 104 nat_true_domain_empty_others_default_.SetString( | 108 nat_true_domain_empty_others_default_.SetString( |
| 105 policy::key::kRemoteAccessHostDomain, std::string()); | 109 key::kRemoteAccessHostDomain, std::string()); |
| 106 unknown_policies_.SetString("UnknownPolicyOne", std::string()); | 110 unknown_policies_.SetString("UnknownPolicyOne", std::string()); |
| 107 unknown_policies_.SetString("UnknownPolicyTwo", std::string()); | 111 unknown_policies_.SetString("UnknownPolicyTwo", std::string()); |
| 108 unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true); | 112 unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true); |
| 109 | 113 |
| 110 const char kOverrideNatTraversalToFalse[] = | 114 const char kOverrideNatTraversalToFalse[] = |
| 111 "{ \"RemoteAccessHostFirewallTraversal\": false }"; | 115 "{ \"RemoteAccessHostFirewallTraversal\": false }"; |
| 112 nat_true_and_overridden_.SetBoolean( | 116 nat_true_and_overridden_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
| 113 policy::key::kRemoteAccessHostFirewallTraversal, true); | 117 true); |
| 114 nat_true_and_overridden_.SetString( | 118 nat_true_and_overridden_.SetString( |
| 115 policy::key::kRemoteAccessHostDebugOverridePolicies, | 119 key::kRemoteAccessHostDebugOverridePolicies, |
| 116 kOverrideNatTraversalToFalse); | 120 kOverrideNatTraversalToFalse); |
| 117 pairing_true_.SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, | 121 pairing_true_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true); |
| 118 true); | 122 pairing_false_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, false); |
| 119 pairing_false_.SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, | 123 gnubby_auth_true_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true); |
| 120 false); | 124 gnubby_auth_false_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, false); |
| 121 gnubby_auth_true_.SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, | 125 relay_true_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true); |
| 122 true); | 126 relay_false_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, |
| 123 gnubby_auth_false_.SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, | 127 false); |
| 124 false); | 128 port_range_full_.SetString(key::kRemoteAccessHostUdpPortRange, kPortRange); |
| 125 relay_true_.SetBoolean(policy::key::kRemoteAccessHostAllowRelayedConnection, | 129 port_range_empty_.SetString(key::kRemoteAccessHostUdpPortRange, |
| 126 true); | |
| 127 relay_false_.SetBoolean( | |
| 128 policy::key::kRemoteAccessHostAllowRelayedConnection, false); | |
| 129 port_range_full_.SetString(policy::key::kRemoteAccessHostUdpPortRange, | |
| 130 kPortRange); | |
| 131 port_range_empty_.SetString(policy::key::kRemoteAccessHostUdpPortRange, | |
| 132 std::string()); | 130 std::string()); |
| 133 curtain_true_.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, | 131 port_range_malformed_.SetString(key::kRemoteAccessHostUdpPortRange, |
| 134 true); | 132 "malformed"); |
| 135 curtain_false_.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, | 133 port_range_malformed_domain_full_.MergeDictionary(&port_range_malformed_); |
| 136 false); | 134 port_range_malformed_domain_full_.SetString(key::kRemoteAccessHostDomain, |
| 137 username_true_.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, | 135 kHostDomain); |
| 138 true); | 136 |
| 139 username_false_.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, | 137 curtain_true_.SetBoolean(key::kRemoteAccessHostRequireCurtain, true); |
| 140 false); | 138 curtain_false_.SetBoolean(key::kRemoteAccessHostRequireCurtain, false); |
| 141 talk_gadget_blah_.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, | 139 username_true_.SetBoolean(key::kRemoteAccessHostMatchUsername, true); |
| 142 "blah"); | 140 username_false_.SetBoolean(key::kRemoteAccessHostMatchUsername, false); |
| 143 token_url_https_.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, | 141 talk_gadget_blah_.SetString(key::kRemoteAccessHostTalkGadgetPrefix, "blah"); |
| 144 "https://example.com"); | 142 third_party_auth_partial_.SetString(key::kRemoteAccessHostTokenUrl, |
| 145 token_validation_url_https_.SetString( | 143 "https://token.com"); |
| 146 policy::key::kRemoteAccessHostTalkGadgetPrefix, "https://example.com"); | 144 third_party_auth_partial_.SetString( |
| 147 token_certificate_blah_.SetString( | 145 key::kRemoteAccessHostTokenValidationUrl, "https://validation.com"); |
| 148 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, "blah"); | 146 third_party_auth_full_.MergeDictionary(&third_party_auth_partial_); |
| 147 third_party_auth_full_.SetString( |
| 148 key::kRemoteAccessHostTokenValidationCertificateIssuer, |
| 149 "certificate subject"); |
| 150 third_party_auth_cert_empty_.MergeDictionary(&third_party_auth_partial_); |
| 151 third_party_auth_cert_empty_.SetString( |
| 152 key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); |
| 149 | 153 |
| 150 #if !defined(NDEBUG) | 154 #if !defined(NDEBUG) |
| 151 SetDefaults(nat_false_overridden_others_default_); | 155 SetDefaults(nat_false_overridden_others_default_); |
| 152 nat_false_overridden_others_default_.SetBoolean( | 156 nat_false_overridden_others_default_.SetBoolean( |
| 153 policy::key::kRemoteAccessHostFirewallTraversal, false); | 157 key::kRemoteAccessHostFirewallTraversal, false); |
| 154 nat_false_overridden_others_default_.SetString( | 158 nat_false_overridden_others_default_.SetString( |
| 155 policy::key::kRemoteAccessHostDebugOverridePolicies, | 159 key::kRemoteAccessHostDebugOverridePolicies, |
| 156 kOverrideNatTraversalToFalse); | 160 kOverrideNatTraversalToFalse); |
| 157 #endif | 161 #endif |
| 158 } | 162 } |
| 159 | 163 |
| 160 void TearDown() override { | 164 void TearDown() override { |
| 161 policy_watcher_.reset(); | 165 policy_watcher_.reset(); |
| 162 policy_loader_ = nullptr; | 166 policy_loader_ = nullptr; |
| 163 base::RunLoop().RunUntilIdle(); | 167 base::RunLoop().RunUntilIdle(); |
| 164 } | 168 } |
| 165 | 169 |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 207 // |policy_loader_| is owned by |policy_watcher_|. PolicyWatcherTest retains | 211 // |policy_loader_| is owned by |policy_watcher_|. PolicyWatcherTest retains |
| 208 // a raw pointer to |policy_loader_| in order to control the simulated / faked | 212 // a raw pointer to |policy_loader_| in order to control the simulated / faked |
| 209 // policy contents. | 213 // policy contents. |
| 210 policy::FakeAsyncPolicyLoader* policy_loader_; | 214 policy::FakeAsyncPolicyLoader* policy_loader_; |
| 211 scoped_ptr<PolicyWatcher> policy_watcher_; | 215 scoped_ptr<PolicyWatcher> policy_watcher_; |
| 212 | 216 |
| 213 base::DictionaryValue empty_; | 217 base::DictionaryValue empty_; |
| 214 base::DictionaryValue nat_true_; | 218 base::DictionaryValue nat_true_; |
| 215 base::DictionaryValue nat_false_; | 219 base::DictionaryValue nat_false_; |
| 216 base::DictionaryValue nat_one_; | 220 base::DictionaryValue nat_one_; |
| 221 base::DictionaryValue nat_one_domain_full_; |
| 217 base::DictionaryValue domain_empty_; | 222 base::DictionaryValue domain_empty_; |
| 218 base::DictionaryValue domain_full_; | 223 base::DictionaryValue domain_full_; |
| 219 base::DictionaryValue nat_true_others_default_; | 224 base::DictionaryValue nat_true_others_default_; |
| 220 base::DictionaryValue nat_false_others_default_; | 225 base::DictionaryValue nat_false_others_default_; |
| 221 base::DictionaryValue domain_empty_others_default_; | 226 base::DictionaryValue domain_empty_others_default_; |
| 222 base::DictionaryValue domain_full_others_default_; | 227 base::DictionaryValue domain_full_others_default_; |
| 223 base::DictionaryValue nat_true_domain_empty_; | 228 base::DictionaryValue nat_true_domain_empty_; |
| 224 base::DictionaryValue nat_true_domain_full_; | 229 base::DictionaryValue nat_true_domain_full_; |
| 225 base::DictionaryValue nat_false_domain_empty_; | 230 base::DictionaryValue nat_false_domain_empty_; |
| 226 base::DictionaryValue nat_false_domain_full_; | 231 base::DictionaryValue nat_false_domain_full_; |
| 227 base::DictionaryValue nat_true_domain_empty_others_default_; | 232 base::DictionaryValue nat_true_domain_empty_others_default_; |
| 228 base::DictionaryValue unknown_policies_; | 233 base::DictionaryValue unknown_policies_; |
| 229 base::DictionaryValue nat_true_and_overridden_; | 234 base::DictionaryValue nat_true_and_overridden_; |
| 230 base::DictionaryValue nat_false_overridden_others_default_; | 235 base::DictionaryValue nat_false_overridden_others_default_; |
| 231 base::DictionaryValue pairing_true_; | 236 base::DictionaryValue pairing_true_; |
| 232 base::DictionaryValue pairing_false_; | 237 base::DictionaryValue pairing_false_; |
| 233 base::DictionaryValue gnubby_auth_true_; | 238 base::DictionaryValue gnubby_auth_true_; |
| 234 base::DictionaryValue gnubby_auth_false_; | 239 base::DictionaryValue gnubby_auth_false_; |
| 235 base::DictionaryValue relay_true_; | 240 base::DictionaryValue relay_true_; |
| 236 base::DictionaryValue relay_false_; | 241 base::DictionaryValue relay_false_; |
| 237 base::DictionaryValue port_range_full_; | 242 base::DictionaryValue port_range_full_; |
| 238 base::DictionaryValue port_range_empty_; | 243 base::DictionaryValue port_range_empty_; |
| 244 base::DictionaryValue port_range_malformed_; |
| 245 base::DictionaryValue port_range_malformed_domain_full_; |
| 239 base::DictionaryValue curtain_true_; | 246 base::DictionaryValue curtain_true_; |
| 240 base::DictionaryValue curtain_false_; | 247 base::DictionaryValue curtain_false_; |
| 241 base::DictionaryValue username_true_; | 248 base::DictionaryValue username_true_; |
| 242 base::DictionaryValue username_false_; | 249 base::DictionaryValue username_false_; |
| 243 base::DictionaryValue talk_gadget_blah_; | 250 base::DictionaryValue talk_gadget_blah_; |
| 244 base::DictionaryValue token_url_https_; | 251 base::DictionaryValue third_party_auth_full_; |
| 245 base::DictionaryValue token_validation_url_https_; | 252 base::DictionaryValue third_party_auth_partial_; |
| 246 base::DictionaryValue token_certificate_blah_; | 253 base::DictionaryValue third_party_auth_cert_empty_; |
| 247 | 254 |
| 248 private: | 255 private: |
| 249 void SetDefaults(base::DictionaryValue& dict) { | 256 void SetDefaults(base::DictionaryValue& dict) { |
| 250 dict.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, true); | 257 dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); |
| 251 dict.SetBoolean(policy::key::kRemoteAccessHostAllowRelayedConnection, true); | 258 dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true); |
| 252 dict.SetString(policy::key::kRemoteAccessHostUdpPortRange, ""); | 259 dict.SetString(key::kRemoteAccessHostUdpPortRange, ""); |
| 253 dict.SetString(policy::key::kRemoteAccessHostDomain, std::string()); | 260 dict.SetString(key::kRemoteAccessHostDomain, std::string()); |
| 254 dict.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, false); | 261 dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false); |
| 255 dict.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, | 262 dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix, |
| 256 kDefaultHostTalkGadgetPrefix); | 263 kDefaultHostTalkGadgetPrefix); |
| 257 dict.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, false); | 264 dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false); |
| 258 dict.SetString(policy::key::kRemoteAccessHostTokenUrl, std::string()); | 265 dict.SetString(key::kRemoteAccessHostTokenUrl, ""); |
| 259 dict.SetString(policy::key::kRemoteAccessHostTokenValidationUrl, | 266 dict.SetString(key::kRemoteAccessHostTokenValidationUrl, ""); |
| 260 std::string()); | 267 dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); |
| 261 dict.SetString( | 268 dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true); |
| 262 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, | 269 dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true); |
| 263 std::string()); | |
| 264 dict.SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, true); | |
| 265 dict.SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, true); | |
| 266 #if !defined(NDEBUG) | 270 #if !defined(NDEBUG) |
| 267 dict.SetString(policy::key::kRemoteAccessHostDebugOverridePolicies, ""); | 271 dict.SetString(key::kRemoteAccessHostDebugOverridePolicies, ""); |
| 268 #endif | 272 #endif |
| 269 | 273 |
| 270 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues())) | 274 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues())) |
| 271 << "Sanity check that defaults expected by the test code " | 275 << "Sanity check that defaults expected by the test code " |
| 272 << "match what is stored in PolicyWatcher::default_values_"; | 276 << "match what is stored in PolicyWatcher::default_values_"; |
| 273 } | 277 } |
| 274 }; | 278 }; |
| 275 | 279 |
| 276 const char* PolicyWatcherTest::kHostDomain = "google.com"; | 280 const char* PolicyWatcherTest::kHostDomain = "google.com"; |
| 277 const char* PolicyWatcherTest::kPortRange = "12400-12409"; | 281 const char* PolicyWatcherTest::kPortRange = "12400-12409"; |
| (...skipping 22 matching lines...) Expand all Loading... |
| 300 StartWatching(); | 304 StartWatching(); |
| 301 } | 305 } |
| 302 | 306 |
| 303 TEST_F(PolicyWatcherTest, NatWrongType) { | 307 TEST_F(PolicyWatcherTest, NatWrongType) { |
| 304 EXPECT_CALL(mock_policy_callback_, OnPolicyError()); | 308 EXPECT_CALL(mock_policy_callback_, OnPolicyError()); |
| 305 | 309 |
| 306 SetPolicies(nat_one_); | 310 SetPolicies(nat_one_); |
| 307 StartWatching(); | 311 StartWatching(); |
| 308 } | 312 } |
| 309 | 313 |
| 314 // This test verifies that a mistyped policy value is still detected |
| 315 // even though it doesn't change during the second SetPolicies call. |
| 316 TEST_F(PolicyWatcherTest, NatWrongTypeThenIrrelevantChange) { |
| 317 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2); |
| 318 |
| 319 SetPolicies(nat_one_); |
| 320 StartWatching(); |
| 321 SetPolicies(nat_one_domain_full_); |
| 322 } |
| 323 |
| 324 // This test verifies that a malformed policy value is still detected |
| 325 // even though it doesn't change during the second SetPolicies call. |
| 326 TEST_F(PolicyWatcherTest, PortRangeMalformedThenIrrelevantChange) { |
| 327 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2); |
| 328 |
| 329 SetPolicies(port_range_malformed_); |
| 330 StartWatching(); |
| 331 SetPolicies(port_range_malformed_domain_full_); |
| 332 } |
| 333 |
| 310 TEST_F(PolicyWatcherTest, DomainEmpty) { | 334 TEST_F(PolicyWatcherTest, DomainEmpty) { |
| 311 EXPECT_CALL(mock_policy_callback_, | 335 EXPECT_CALL(mock_policy_callback_, |
| 312 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_))); | 336 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_))); |
| 313 | 337 |
| 314 SetPolicies(domain_empty_); | 338 SetPolicies(domain_empty_); |
| 315 StartWatching(); | 339 StartWatching(); |
| 316 } | 340 } |
| 317 | 341 |
| 318 TEST_F(PolicyWatcherTest, DomainFull) { | 342 TEST_F(PolicyWatcherTest, DomainFull) { |
| 319 EXPECT_CALL(mock_policy_callback_, | 343 EXPECT_CALL(mock_policy_callback_, |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 514 EXPECT_CALL(mock_policy_callback_, | 538 EXPECT_CALL(mock_policy_callback_, |
| 515 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 539 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
| 516 EXPECT_CALL(mock_policy_callback_, | 540 EXPECT_CALL(mock_policy_callback_, |
| 517 OnPolicyUpdatePtr(IsPolicies(&talk_gadget_blah_))); | 541 OnPolicyUpdatePtr(IsPolicies(&talk_gadget_blah_))); |
| 518 | 542 |
| 519 SetPolicies(empty_); | 543 SetPolicies(empty_); |
| 520 StartWatching(); | 544 StartWatching(); |
| 521 SetPolicies(talk_gadget_blah_); | 545 SetPolicies(talk_gadget_blah_); |
| 522 } | 546 } |
| 523 | 547 |
| 524 TEST_F(PolicyWatcherTest, TokenUrl) { | 548 TEST_F(PolicyWatcherTest, ThirdPartyAuthFull) { |
| 525 testing::InSequence sequence; | 549 testing::InSequence sequence; |
| 526 EXPECT_CALL(mock_policy_callback_, | 550 EXPECT_CALL(mock_policy_callback_, |
| 527 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 551 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
| 528 EXPECT_CALL(mock_policy_callback_, | 552 EXPECT_CALL(mock_policy_callback_, |
| 529 OnPolicyUpdatePtr(IsPolicies(&token_url_https_))); | 553 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_))); |
| 530 | 554 |
| 531 SetPolicies(empty_); | 555 SetPolicies(empty_); |
| 532 StartWatching(); | 556 StartWatching(); |
| 533 SetPolicies(token_url_https_); | 557 SetPolicies(third_party_auth_full_); |
| 534 } | 558 } |
| 535 | 559 |
| 536 TEST_F(PolicyWatcherTest, TokenValidationUrl) { | 560 // This test verifies what happens when only 1 out of 3 third-party auth |
| 561 // policies changes. Without the other 2 policy values such policy values |
| 562 // combination is invalid (i.e. cannot have TokenUrl without |
| 563 // TokenValidationUrl) and can trigger OnPolicyError unless PolicyWatcher |
| 564 // implementation is careful around this scenario. |
| 565 TEST_F(PolicyWatcherTest, ThirdPartyAuthPartialToFull) { |
| 537 testing::InSequence sequence; | 566 testing::InSequence sequence; |
| 538 EXPECT_CALL(mock_policy_callback_, | 567 EXPECT_CALL(mock_policy_callback_, |
| 539 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 568 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
| 540 EXPECT_CALL(mock_policy_callback_, | 569 EXPECT_CALL(mock_policy_callback_, |
| 541 OnPolicyUpdatePtr(IsPolicies(&token_validation_url_https_))); | 570 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_cert_empty_))); |
| 571 EXPECT_CALL(mock_policy_callback_, |
| 572 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_))); |
| 542 | 573 |
| 543 SetPolicies(empty_); | 574 SetPolicies(empty_); |
| 544 StartWatching(); | 575 StartWatching(); |
| 545 SetPolicies(token_validation_url_https_); | 576 SetPolicies(third_party_auth_partial_); |
| 546 } | 577 SetPolicies(third_party_auth_full_); |
| 547 | |
| 548 TEST_F(PolicyWatcherTest, TokenValidationCertificateIssuer) { | |
| 549 testing::InSequence sequence; | |
| 550 EXPECT_CALL(mock_policy_callback_, | |
| 551 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | |
| 552 EXPECT_CALL(mock_policy_callback_, | |
| 553 OnPolicyUpdatePtr(IsPolicies(&token_certificate_blah_))); | |
| 554 | |
| 555 SetPolicies(empty_); | |
| 556 StartWatching(); | |
| 557 SetPolicies(token_certificate_blah_); | |
| 558 } | 578 } |
| 559 | 579 |
| 560 TEST_F(PolicyWatcherTest, UdpPortRange) { | 580 TEST_F(PolicyWatcherTest, UdpPortRange) { |
| 561 testing::InSequence sequence; | 581 testing::InSequence sequence; |
| 562 EXPECT_CALL(mock_policy_callback_, | 582 EXPECT_CALL(mock_policy_callback_, |
| 563 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 583 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
| 564 EXPECT_CALL(mock_policy_callback_, | 584 EXPECT_CALL(mock_policy_callback_, |
| 565 OnPolicyUpdatePtr(IsPolicies(&port_range_full_))); | 585 OnPolicyUpdatePtr(IsPolicies(&port_range_full_))); |
| 566 EXPECT_CALL(mock_policy_callback_, | 586 EXPECT_CALL(mock_policy_callback_, |
| 567 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_))); | 587 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_))); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 580 // are kept in-sync. | 600 // are kept in-sync. |
| 581 | 601 |
| 582 std::map<std::string, base::Value::Type> expected_schema; | 602 std::map<std::string, base::Value::Type> expected_schema; |
| 583 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd(); | 603 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd(); |
| 584 i.Advance()) { | 604 i.Advance()) { |
| 585 expected_schema[i.key()] = i.value().GetType(); | 605 expected_schema[i.key()] = i.value().GetType(); |
| 586 } | 606 } |
| 587 #if defined(OS_WIN) | 607 #if defined(OS_WIN) |
| 588 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not | 608 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not |
| 589 // supported on Windows and therefore is (by design) excluded from the schema. | 609 // supported on Windows and therefore is (by design) excluded from the schema. |
| 590 expected_schema.erase(policy::key::kRemoteAccessHostMatchUsername); | 610 expected_schema.erase(key::kRemoteAccessHostMatchUsername); |
| 591 #endif | 611 #endif |
| 592 #if defined(NDEBUG) | 612 #if defined(NDEBUG) |
| 593 // Policy schema / policy_templates.json cannot differ between debug and | 613 // Policy schema / policy_templates.json cannot differ between debug and |
| 594 // release builds so we compensate below to account for the fact that | 614 // release builds so we compensate below to account for the fact that |
| 595 // PolicyWatcher::default_values_ does differ between debug and release. | 615 // PolicyWatcher::default_values_ does differ between debug and release. |
| 596 expected_schema[policy::key::kRemoteAccessHostDebugOverridePolicies] = | 616 expected_schema[key::kRemoteAccessHostDebugOverridePolicies] = |
| 597 base::Value::TYPE_STRING; | 617 base::Value::TYPE_STRING; |
| 598 #endif | 618 #endif |
| 599 | 619 |
| 600 std::map<std::string, base::Value::Type> actual_schema; | 620 std::map<std::string, base::Value::Type> actual_schema; |
| 601 const policy::Schema* schema = GetPolicySchema(); | 621 const policy::Schema* schema = GetPolicySchema(); |
| 602 ASSERT_TRUE(schema->valid()); | 622 ASSERT_TRUE(schema->valid()); |
| 603 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) { | 623 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) { |
| 604 std::string key = it.key(); | 624 std::string key = it.key(); |
| 605 if (key.find("RemoteAccessHost") == std::string::npos) { | 625 if (key.find("RemoteAccessHost") == std::string::npos) { |
| 606 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting | 626 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 685 } | 705 } |
| 686 | 706 |
| 687 // Today, the only verification offered by this test is: | 707 // Today, the only verification offered by this test is: |
| 688 // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy | 708 // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy |
| 689 // - Automated verification that nothing crashed | 709 // - Automated verification that nothing crashed |
| 690 } | 710 } |
| 691 | 711 |
| 692 #endif | 712 #endif |
| 693 | 713 |
| 694 } // namespace remoting | 714 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 966433002:
Malformed PortRange or ThirdPartyAuthConfig trigger OnPolicyError. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master