OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/basictypes.h" | 5 #include "base/basictypes.h" |
6 #include "base/bind.h" | 6 #include "base/bind.h" |
7 #include "base/json/json_writer.h" | 7 #include "base/json/json_writer.h" |
8 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "base/synchronization/waitable_event.h" | 10 #include "base/synchronization/waitable_event.h" |
11 #include "components/policy/core/common/fake_async_policy_loader.h" | 11 #include "components/policy/core/common/fake_async_policy_loader.h" |
12 #include "policy/policy_constants.h" | 12 #include "policy/policy_constants.h" |
13 #include "remoting/host/dns_blackhole_checker.h" | 13 #include "remoting/host/dns_blackhole_checker.h" |
14 #include "remoting/host/policy_watcher.h" | 14 #include "remoting/host/policy_watcher.h" |
15 #include "testing/gmock/include/gmock/gmock.h" | 15 #include "testing/gmock/include/gmock/gmock.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
17 | 17 |
18 namespace remoting { | 18 namespace remoting { |
19 | 19 |
| 20 namespace key = ::policy::key; |
| 21 |
20 MATCHER_P(IsPolicies, dict, "") { | 22 MATCHER_P(IsPolicies, dict, "") { |
21 bool equal = arg->Equals(dict); | 23 bool equal = arg->Equals(dict); |
22 if (!equal) { | 24 if (!equal) { |
23 std::string actual_value; | 25 std::string actual_value; |
24 base::JSONWriter::WriteWithOptions( | 26 base::JSONWriter::WriteWithOptions( |
25 arg, base::JSONWriter::OPTIONS_PRETTY_PRINT, &actual_value); | 27 arg, base::JSONWriter::OPTIONS_PRETTY_PRINT, &actual_value); |
26 | 28 |
27 std::string expected_value; | 29 std::string expected_value; |
28 base::JSONWriter::WriteWithOptions( | 30 base::JSONWriter::WriteWithOptions( |
29 dict, base::JSONWriter::OPTIONS_PRETTY_PRINT, &expected_value); | 31 dict, base::JSONWriter::OPTIONS_PRETTY_PRINT, &expected_value); |
(...skipping 19 matching lines...) Expand all Loading... |
49 | 51 |
50 private: | 52 private: |
51 DISALLOW_COPY_AND_ASSIGN(MockPolicyCallback); | 53 DISALLOW_COPY_AND_ASSIGN(MockPolicyCallback); |
52 }; | 54 }; |
53 | 55 |
54 class PolicyWatcherTest : public testing::Test { | 56 class PolicyWatcherTest : public testing::Test { |
55 public: | 57 public: |
56 PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {} | 58 PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {} |
57 | 59 |
58 void SetUp() override { | 60 void SetUp() override { |
| 61 // We expect no callbacks unless explicitly specified by individual tests. |
| 62 EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(testing::_)).Times(0); |
| 63 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0); |
| 64 |
59 message_loop_proxy_ = base::MessageLoopProxy::current(); | 65 message_loop_proxy_ = base::MessageLoopProxy::current(); |
60 | 66 |
61 // Retaining a raw pointer to keep control over policy contents. | 67 // Retaining a raw pointer to keep control over policy contents. |
62 policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_); | 68 policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_); |
63 policy_watcher_ = | 69 policy_watcher_ = |
64 PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_)); | 70 PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_)); |
65 | 71 |
66 nat_true_.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, true); | 72 nat_true_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); |
67 nat_false_.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, | 73 nat_false_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, false); |
68 false); | 74 nat_one_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1); |
69 nat_one_.SetInteger(policy::key::kRemoteAccessHostFirewallTraversal, 1); | 75 nat_one_domain_full_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1); |
70 domain_empty_.SetString(policy::key::kRemoteAccessHostDomain, | 76 nat_one_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
71 std::string()); | 77 domain_empty_.SetString(key::kRemoteAccessHostDomain, std::string()); |
72 domain_full_.SetString(policy::key::kRemoteAccessHostDomain, kHostDomain); | 78 domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
73 SetDefaults(nat_true_others_default_); | 79 SetDefaults(nat_true_others_default_); |
74 nat_true_others_default_.SetBoolean( | 80 nat_true_others_default_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
75 policy::key::kRemoteAccessHostFirewallTraversal, true); | 81 true); |
76 SetDefaults(nat_false_others_default_); | 82 SetDefaults(nat_false_others_default_); |
77 nat_false_others_default_.SetBoolean( | 83 nat_false_others_default_.SetBoolean( |
78 policy::key::kRemoteAccessHostFirewallTraversal, false); | 84 key::kRemoteAccessHostFirewallTraversal, false); |
79 SetDefaults(domain_empty_others_default_); | 85 SetDefaults(domain_empty_others_default_); |
80 domain_empty_others_default_.SetString(policy::key::kRemoteAccessHostDomain, | 86 domain_empty_others_default_.SetString(key::kRemoteAccessHostDomain, |
81 std::string()); | 87 std::string()); |
82 SetDefaults(domain_full_others_default_); | 88 SetDefaults(domain_full_others_default_); |
83 domain_full_others_default_.SetString(policy::key::kRemoteAccessHostDomain, | 89 domain_full_others_default_.SetString(key::kRemoteAccessHostDomain, |
84 kHostDomain); | 90 kHostDomain); |
85 nat_true_domain_empty_.SetBoolean( | 91 nat_true_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
86 policy::key::kRemoteAccessHostFirewallTraversal, true); | 92 true); |
87 nat_true_domain_empty_.SetString(policy::key::kRemoteAccessHostDomain, | 93 nat_true_domain_empty_.SetString(key::kRemoteAccessHostDomain, |
88 std::string()); | 94 std::string()); |
89 nat_true_domain_full_.SetBoolean( | 95 nat_true_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
90 policy::key::kRemoteAccessHostFirewallTraversal, true); | 96 true); |
91 nat_true_domain_full_.SetString(policy::key::kRemoteAccessHostDomain, | 97 nat_true_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
92 kHostDomain); | 98 nat_false_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
93 nat_false_domain_empty_.SetBoolean( | 99 false); |
94 policy::key::kRemoteAccessHostFirewallTraversal, false); | 100 nat_false_domain_empty_.SetString(key::kRemoteAccessHostDomain, |
95 nat_false_domain_empty_.SetString(policy::key::kRemoteAccessHostDomain, | |
96 std::string()); | 101 std::string()); |
97 nat_false_domain_full_.SetBoolean( | 102 nat_false_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
98 policy::key::kRemoteAccessHostFirewallTraversal, false); | 103 false); |
99 nat_false_domain_full_.SetString(policy::key::kRemoteAccessHostDomain, | 104 nat_false_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain); |
100 kHostDomain); | |
101 SetDefaults(nat_true_domain_empty_others_default_); | 105 SetDefaults(nat_true_domain_empty_others_default_); |
102 nat_true_domain_empty_others_default_.SetBoolean( | 106 nat_true_domain_empty_others_default_.SetBoolean( |
103 policy::key::kRemoteAccessHostFirewallTraversal, true); | 107 key::kRemoteAccessHostFirewallTraversal, true); |
104 nat_true_domain_empty_others_default_.SetString( | 108 nat_true_domain_empty_others_default_.SetString( |
105 policy::key::kRemoteAccessHostDomain, std::string()); | 109 key::kRemoteAccessHostDomain, std::string()); |
106 unknown_policies_.SetString("UnknownPolicyOne", std::string()); | 110 unknown_policies_.SetString("UnknownPolicyOne", std::string()); |
107 unknown_policies_.SetString("UnknownPolicyTwo", std::string()); | 111 unknown_policies_.SetString("UnknownPolicyTwo", std::string()); |
108 unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true); | 112 unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true); |
109 | 113 |
110 const char kOverrideNatTraversalToFalse[] = | 114 const char kOverrideNatTraversalToFalse[] = |
111 "{ \"RemoteAccessHostFirewallTraversal\": false }"; | 115 "{ \"RemoteAccessHostFirewallTraversal\": false }"; |
112 nat_true_and_overridden_.SetBoolean( | 116 nat_true_and_overridden_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, |
113 policy::key::kRemoteAccessHostFirewallTraversal, true); | 117 true); |
114 nat_true_and_overridden_.SetString( | 118 nat_true_and_overridden_.SetString( |
115 policy::key::kRemoteAccessHostDebugOverridePolicies, | 119 key::kRemoteAccessHostDebugOverridePolicies, |
116 kOverrideNatTraversalToFalse); | 120 kOverrideNatTraversalToFalse); |
117 pairing_true_.SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, | 121 pairing_true_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true); |
118 true); | 122 pairing_false_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, false); |
119 pairing_false_.SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, | 123 gnubby_auth_true_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true); |
120 false); | 124 gnubby_auth_false_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, false); |
121 gnubby_auth_true_.SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, | 125 relay_true_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true); |
122 true); | 126 relay_false_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, |
123 gnubby_auth_false_.SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, | 127 false); |
124 false); | 128 port_range_full_.SetString(key::kRemoteAccessHostUdpPortRange, kPortRange); |
125 relay_true_.SetBoolean(policy::key::kRemoteAccessHostAllowRelayedConnection, | 129 port_range_empty_.SetString(key::kRemoteAccessHostUdpPortRange, |
126 true); | |
127 relay_false_.SetBoolean( | |
128 policy::key::kRemoteAccessHostAllowRelayedConnection, false); | |
129 port_range_full_.SetString(policy::key::kRemoteAccessHostUdpPortRange, | |
130 kPortRange); | |
131 port_range_empty_.SetString(policy::key::kRemoteAccessHostUdpPortRange, | |
132 std::string()); | 130 std::string()); |
133 curtain_true_.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, | 131 port_range_malformed_.SetString(key::kRemoteAccessHostUdpPortRange, |
134 true); | 132 "malformed"); |
135 curtain_false_.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, | 133 port_range_malformed_domain_full_.MergeDictionary(&port_range_malformed_); |
136 false); | 134 port_range_malformed_domain_full_.SetString(key::kRemoteAccessHostDomain, |
137 username_true_.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, | 135 kHostDomain); |
138 true); | 136 |
139 username_false_.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, | 137 curtain_true_.SetBoolean(key::kRemoteAccessHostRequireCurtain, true); |
140 false); | 138 curtain_false_.SetBoolean(key::kRemoteAccessHostRequireCurtain, false); |
141 talk_gadget_blah_.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, | 139 username_true_.SetBoolean(key::kRemoteAccessHostMatchUsername, true); |
142 "blah"); | 140 username_false_.SetBoolean(key::kRemoteAccessHostMatchUsername, false); |
143 token_url_https_.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, | 141 talk_gadget_blah_.SetString(key::kRemoteAccessHostTalkGadgetPrefix, "blah"); |
144 "https://example.com"); | 142 third_party_auth_partial_.SetString(key::kRemoteAccessHostTokenUrl, |
145 token_validation_url_https_.SetString( | 143 "https://token.com"); |
146 policy::key::kRemoteAccessHostTalkGadgetPrefix, "https://example.com"); | 144 third_party_auth_partial_.SetString( |
147 token_certificate_blah_.SetString( | 145 key::kRemoteAccessHostTokenValidationUrl, "https://validation.com"); |
148 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, "blah"); | 146 third_party_auth_full_.MergeDictionary(&third_party_auth_partial_); |
| 147 third_party_auth_full_.SetString( |
| 148 key::kRemoteAccessHostTokenValidationCertificateIssuer, |
| 149 "certificate subject"); |
| 150 third_party_auth_cert_empty_.MergeDictionary(&third_party_auth_partial_); |
| 151 third_party_auth_cert_empty_.SetString( |
| 152 key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); |
149 | 153 |
150 #if !defined(NDEBUG) | 154 #if !defined(NDEBUG) |
151 SetDefaults(nat_false_overridden_others_default_); | 155 SetDefaults(nat_false_overridden_others_default_); |
152 nat_false_overridden_others_default_.SetBoolean( | 156 nat_false_overridden_others_default_.SetBoolean( |
153 policy::key::kRemoteAccessHostFirewallTraversal, false); | 157 key::kRemoteAccessHostFirewallTraversal, false); |
154 nat_false_overridden_others_default_.SetString( | 158 nat_false_overridden_others_default_.SetString( |
155 policy::key::kRemoteAccessHostDebugOverridePolicies, | 159 key::kRemoteAccessHostDebugOverridePolicies, |
156 kOverrideNatTraversalToFalse); | 160 kOverrideNatTraversalToFalse); |
157 #endif | 161 #endif |
158 } | 162 } |
159 | 163 |
160 void TearDown() override { | 164 void TearDown() override { |
161 policy_watcher_.reset(); | 165 policy_watcher_.reset(); |
162 policy_loader_ = nullptr; | 166 policy_loader_ = nullptr; |
163 base::RunLoop().RunUntilIdle(); | 167 base::RunLoop().RunUntilIdle(); |
164 } | 168 } |
165 | 169 |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
207 // |policy_loader_| is owned by |policy_watcher_|. PolicyWatcherTest retains | 211 // |policy_loader_| is owned by |policy_watcher_|. PolicyWatcherTest retains |
208 // a raw pointer to |policy_loader_| in order to control the simulated / faked | 212 // a raw pointer to |policy_loader_| in order to control the simulated / faked |
209 // policy contents. | 213 // policy contents. |
210 policy::FakeAsyncPolicyLoader* policy_loader_; | 214 policy::FakeAsyncPolicyLoader* policy_loader_; |
211 scoped_ptr<PolicyWatcher> policy_watcher_; | 215 scoped_ptr<PolicyWatcher> policy_watcher_; |
212 | 216 |
213 base::DictionaryValue empty_; | 217 base::DictionaryValue empty_; |
214 base::DictionaryValue nat_true_; | 218 base::DictionaryValue nat_true_; |
215 base::DictionaryValue nat_false_; | 219 base::DictionaryValue nat_false_; |
216 base::DictionaryValue nat_one_; | 220 base::DictionaryValue nat_one_; |
| 221 base::DictionaryValue nat_one_domain_full_; |
217 base::DictionaryValue domain_empty_; | 222 base::DictionaryValue domain_empty_; |
218 base::DictionaryValue domain_full_; | 223 base::DictionaryValue domain_full_; |
219 base::DictionaryValue nat_true_others_default_; | 224 base::DictionaryValue nat_true_others_default_; |
220 base::DictionaryValue nat_false_others_default_; | 225 base::DictionaryValue nat_false_others_default_; |
221 base::DictionaryValue domain_empty_others_default_; | 226 base::DictionaryValue domain_empty_others_default_; |
222 base::DictionaryValue domain_full_others_default_; | 227 base::DictionaryValue domain_full_others_default_; |
223 base::DictionaryValue nat_true_domain_empty_; | 228 base::DictionaryValue nat_true_domain_empty_; |
224 base::DictionaryValue nat_true_domain_full_; | 229 base::DictionaryValue nat_true_domain_full_; |
225 base::DictionaryValue nat_false_domain_empty_; | 230 base::DictionaryValue nat_false_domain_empty_; |
226 base::DictionaryValue nat_false_domain_full_; | 231 base::DictionaryValue nat_false_domain_full_; |
227 base::DictionaryValue nat_true_domain_empty_others_default_; | 232 base::DictionaryValue nat_true_domain_empty_others_default_; |
228 base::DictionaryValue unknown_policies_; | 233 base::DictionaryValue unknown_policies_; |
229 base::DictionaryValue nat_true_and_overridden_; | 234 base::DictionaryValue nat_true_and_overridden_; |
230 base::DictionaryValue nat_false_overridden_others_default_; | 235 base::DictionaryValue nat_false_overridden_others_default_; |
231 base::DictionaryValue pairing_true_; | 236 base::DictionaryValue pairing_true_; |
232 base::DictionaryValue pairing_false_; | 237 base::DictionaryValue pairing_false_; |
233 base::DictionaryValue gnubby_auth_true_; | 238 base::DictionaryValue gnubby_auth_true_; |
234 base::DictionaryValue gnubby_auth_false_; | 239 base::DictionaryValue gnubby_auth_false_; |
235 base::DictionaryValue relay_true_; | 240 base::DictionaryValue relay_true_; |
236 base::DictionaryValue relay_false_; | 241 base::DictionaryValue relay_false_; |
237 base::DictionaryValue port_range_full_; | 242 base::DictionaryValue port_range_full_; |
238 base::DictionaryValue port_range_empty_; | 243 base::DictionaryValue port_range_empty_; |
| 244 base::DictionaryValue port_range_malformed_; |
| 245 base::DictionaryValue port_range_malformed_domain_full_; |
239 base::DictionaryValue curtain_true_; | 246 base::DictionaryValue curtain_true_; |
240 base::DictionaryValue curtain_false_; | 247 base::DictionaryValue curtain_false_; |
241 base::DictionaryValue username_true_; | 248 base::DictionaryValue username_true_; |
242 base::DictionaryValue username_false_; | 249 base::DictionaryValue username_false_; |
243 base::DictionaryValue talk_gadget_blah_; | 250 base::DictionaryValue talk_gadget_blah_; |
244 base::DictionaryValue token_url_https_; | 251 base::DictionaryValue third_party_auth_full_; |
245 base::DictionaryValue token_validation_url_https_; | 252 base::DictionaryValue third_party_auth_partial_; |
246 base::DictionaryValue token_certificate_blah_; | 253 base::DictionaryValue third_party_auth_cert_empty_; |
247 | 254 |
248 private: | 255 private: |
249 void SetDefaults(base::DictionaryValue& dict) { | 256 void SetDefaults(base::DictionaryValue& dict) { |
250 dict.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, true); | 257 dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); |
251 dict.SetBoolean(policy::key::kRemoteAccessHostAllowRelayedConnection, true); | 258 dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true); |
252 dict.SetString(policy::key::kRemoteAccessHostUdpPortRange, ""); | 259 dict.SetString(key::kRemoteAccessHostUdpPortRange, ""); |
253 dict.SetString(policy::key::kRemoteAccessHostDomain, std::string()); | 260 dict.SetString(key::kRemoteAccessHostDomain, std::string()); |
254 dict.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, false); | 261 dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false); |
255 dict.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix, | 262 dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix, |
256 kDefaultHostTalkGadgetPrefix); | 263 kDefaultHostTalkGadgetPrefix); |
257 dict.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, false); | 264 dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false); |
258 dict.SetString(policy::key::kRemoteAccessHostTokenUrl, std::string()); | 265 dict.SetString(key::kRemoteAccessHostTokenUrl, ""); |
259 dict.SetString(policy::key::kRemoteAccessHostTokenValidationUrl, | 266 dict.SetString(key::kRemoteAccessHostTokenValidationUrl, ""); |
260 std::string()); | 267 dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, ""); |
261 dict.SetString( | 268 dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true); |
262 policy::key::kRemoteAccessHostTokenValidationCertificateIssuer, | 269 dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true); |
263 std::string()); | |
264 dict.SetBoolean(policy::key::kRemoteAccessHostAllowClientPairing, true); | |
265 dict.SetBoolean(policy::key::kRemoteAccessHostAllowGnubbyAuth, true); | |
266 #if !defined(NDEBUG) | 270 #if !defined(NDEBUG) |
267 dict.SetString(policy::key::kRemoteAccessHostDebugOverridePolicies, ""); | 271 dict.SetString(key::kRemoteAccessHostDebugOverridePolicies, ""); |
268 #endif | 272 #endif |
269 | 273 |
270 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues())) | 274 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues())) |
271 << "Sanity check that defaults expected by the test code " | 275 << "Sanity check that defaults expected by the test code " |
272 << "match what is stored in PolicyWatcher::default_values_"; | 276 << "match what is stored in PolicyWatcher::default_values_"; |
273 } | 277 } |
274 }; | 278 }; |
275 | 279 |
276 const char* PolicyWatcherTest::kHostDomain = "google.com"; | 280 const char* PolicyWatcherTest::kHostDomain = "google.com"; |
277 const char* PolicyWatcherTest::kPortRange = "12400-12409"; | 281 const char* PolicyWatcherTest::kPortRange = "12400-12409"; |
(...skipping 22 matching lines...) Expand all Loading... |
300 StartWatching(); | 304 StartWatching(); |
301 } | 305 } |
302 | 306 |
303 TEST_F(PolicyWatcherTest, NatWrongType) { | 307 TEST_F(PolicyWatcherTest, NatWrongType) { |
304 EXPECT_CALL(mock_policy_callback_, OnPolicyError()); | 308 EXPECT_CALL(mock_policy_callback_, OnPolicyError()); |
305 | 309 |
306 SetPolicies(nat_one_); | 310 SetPolicies(nat_one_); |
307 StartWatching(); | 311 StartWatching(); |
308 } | 312 } |
309 | 313 |
| 314 // This test verifies that a mistyped policy value is still detected |
| 315 // even though it doesn't change during the second SetPolicies call. |
| 316 TEST_F(PolicyWatcherTest, NatWrongTypeThenIrrelevantChange) { |
| 317 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2); |
| 318 |
| 319 SetPolicies(nat_one_); |
| 320 StartWatching(); |
| 321 SetPolicies(nat_one_domain_full_); |
| 322 } |
| 323 |
| 324 // This test verifies that a malformed policy value is still detected |
| 325 // even though it doesn't change during the second SetPolicies call. |
| 326 TEST_F(PolicyWatcherTest, PortRangeMalformedThenIrrelevantChange) { |
| 327 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2); |
| 328 |
| 329 SetPolicies(port_range_malformed_); |
| 330 StartWatching(); |
| 331 SetPolicies(port_range_malformed_domain_full_); |
| 332 } |
| 333 |
310 TEST_F(PolicyWatcherTest, DomainEmpty) { | 334 TEST_F(PolicyWatcherTest, DomainEmpty) { |
311 EXPECT_CALL(mock_policy_callback_, | 335 EXPECT_CALL(mock_policy_callback_, |
312 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_))); | 336 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_))); |
313 | 337 |
314 SetPolicies(domain_empty_); | 338 SetPolicies(domain_empty_); |
315 StartWatching(); | 339 StartWatching(); |
316 } | 340 } |
317 | 341 |
318 TEST_F(PolicyWatcherTest, DomainFull) { | 342 TEST_F(PolicyWatcherTest, DomainFull) { |
319 EXPECT_CALL(mock_policy_callback_, | 343 EXPECT_CALL(mock_policy_callback_, |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
514 EXPECT_CALL(mock_policy_callback_, | 538 EXPECT_CALL(mock_policy_callback_, |
515 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 539 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
516 EXPECT_CALL(mock_policy_callback_, | 540 EXPECT_CALL(mock_policy_callback_, |
517 OnPolicyUpdatePtr(IsPolicies(&talk_gadget_blah_))); | 541 OnPolicyUpdatePtr(IsPolicies(&talk_gadget_blah_))); |
518 | 542 |
519 SetPolicies(empty_); | 543 SetPolicies(empty_); |
520 StartWatching(); | 544 StartWatching(); |
521 SetPolicies(talk_gadget_blah_); | 545 SetPolicies(talk_gadget_blah_); |
522 } | 546 } |
523 | 547 |
524 TEST_F(PolicyWatcherTest, TokenUrl) { | 548 TEST_F(PolicyWatcherTest, ThirdPartyAuthFull) { |
525 testing::InSequence sequence; | 549 testing::InSequence sequence; |
526 EXPECT_CALL(mock_policy_callback_, | 550 EXPECT_CALL(mock_policy_callback_, |
527 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 551 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
528 EXPECT_CALL(mock_policy_callback_, | 552 EXPECT_CALL(mock_policy_callback_, |
529 OnPolicyUpdatePtr(IsPolicies(&token_url_https_))); | 553 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_))); |
530 | 554 |
531 SetPolicies(empty_); | 555 SetPolicies(empty_); |
532 StartWatching(); | 556 StartWatching(); |
533 SetPolicies(token_url_https_); | 557 SetPolicies(third_party_auth_full_); |
534 } | 558 } |
535 | 559 |
536 TEST_F(PolicyWatcherTest, TokenValidationUrl) { | 560 // This test verifies what happens when only 1 out of 3 third-party auth |
| 561 // policies changes. Without the other 2 policy values such policy values |
| 562 // combination is invalid (i.e. cannot have TokenUrl without |
| 563 // TokenValidationUrl) and can trigger OnPolicyError unless PolicyWatcher |
| 564 // implementation is careful around this scenario. |
| 565 TEST_F(PolicyWatcherTest, ThirdPartyAuthPartialToFull) { |
537 testing::InSequence sequence; | 566 testing::InSequence sequence; |
538 EXPECT_CALL(mock_policy_callback_, | 567 EXPECT_CALL(mock_policy_callback_, |
539 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 568 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
540 EXPECT_CALL(mock_policy_callback_, | 569 EXPECT_CALL(mock_policy_callback_, |
541 OnPolicyUpdatePtr(IsPolicies(&token_validation_url_https_))); | 570 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_cert_empty_))); |
| 571 EXPECT_CALL(mock_policy_callback_, |
| 572 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_))); |
542 | 573 |
543 SetPolicies(empty_); | 574 SetPolicies(empty_); |
544 StartWatching(); | 575 StartWatching(); |
545 SetPolicies(token_validation_url_https_); | 576 SetPolicies(third_party_auth_partial_); |
546 } | 577 SetPolicies(third_party_auth_full_); |
547 | |
548 TEST_F(PolicyWatcherTest, TokenValidationCertificateIssuer) { | |
549 testing::InSequence sequence; | |
550 EXPECT_CALL(mock_policy_callback_, | |
551 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | |
552 EXPECT_CALL(mock_policy_callback_, | |
553 OnPolicyUpdatePtr(IsPolicies(&token_certificate_blah_))); | |
554 | |
555 SetPolicies(empty_); | |
556 StartWatching(); | |
557 SetPolicies(token_certificate_blah_); | |
558 } | 578 } |
559 | 579 |
560 TEST_F(PolicyWatcherTest, UdpPortRange) { | 580 TEST_F(PolicyWatcherTest, UdpPortRange) { |
561 testing::InSequence sequence; | 581 testing::InSequence sequence; |
562 EXPECT_CALL(mock_policy_callback_, | 582 EXPECT_CALL(mock_policy_callback_, |
563 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); | 583 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_))); |
564 EXPECT_CALL(mock_policy_callback_, | 584 EXPECT_CALL(mock_policy_callback_, |
565 OnPolicyUpdatePtr(IsPolicies(&port_range_full_))); | 585 OnPolicyUpdatePtr(IsPolicies(&port_range_full_))); |
566 EXPECT_CALL(mock_policy_callback_, | 586 EXPECT_CALL(mock_policy_callback_, |
567 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_))); | 587 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_))); |
(...skipping 12 matching lines...) Expand all Loading... |
580 // are kept in-sync. | 600 // are kept in-sync. |
581 | 601 |
582 std::map<std::string, base::Value::Type> expected_schema; | 602 std::map<std::string, base::Value::Type> expected_schema; |
583 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd(); | 603 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd(); |
584 i.Advance()) { | 604 i.Advance()) { |
585 expected_schema[i.key()] = i.value().GetType(); | 605 expected_schema[i.key()] = i.value().GetType(); |
586 } | 606 } |
587 #if defined(OS_WIN) | 607 #if defined(OS_WIN) |
588 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not | 608 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not |
589 // supported on Windows and therefore is (by design) excluded from the schema. | 609 // supported on Windows and therefore is (by design) excluded from the schema. |
590 expected_schema.erase(policy::key::kRemoteAccessHostMatchUsername); | 610 expected_schema.erase(key::kRemoteAccessHostMatchUsername); |
591 #endif | 611 #endif |
592 #if defined(NDEBUG) | 612 #if defined(NDEBUG) |
593 // Policy schema / policy_templates.json cannot differ between debug and | 613 // Policy schema / policy_templates.json cannot differ between debug and |
594 // release builds so we compensate below to account for the fact that | 614 // release builds so we compensate below to account for the fact that |
595 // PolicyWatcher::default_values_ does differ between debug and release. | 615 // PolicyWatcher::default_values_ does differ between debug and release. |
596 expected_schema[policy::key::kRemoteAccessHostDebugOverridePolicies] = | 616 expected_schema[key::kRemoteAccessHostDebugOverridePolicies] = |
597 base::Value::TYPE_STRING; | 617 base::Value::TYPE_STRING; |
598 #endif | 618 #endif |
599 | 619 |
600 std::map<std::string, base::Value::Type> actual_schema; | 620 std::map<std::string, base::Value::Type> actual_schema; |
601 const policy::Schema* schema = GetPolicySchema(); | 621 const policy::Schema* schema = GetPolicySchema(); |
602 ASSERT_TRUE(schema->valid()); | 622 ASSERT_TRUE(schema->valid()); |
603 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) { | 623 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) { |
604 std::string key = it.key(); | 624 std::string key = it.key(); |
605 if (key.find("RemoteAccessHost") == std::string::npos) { | 625 if (key.find("RemoteAccessHost") == std::string::npos) { |
606 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting | 626 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
685 } | 705 } |
686 | 706 |
687 // Today, the only verification offered by this test is: | 707 // Today, the only verification offered by this test is: |
688 // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy | 708 // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy |
689 // - Automated verification that nothing crashed | 709 // - Automated verification that nothing crashed |
690 } | 710 } |
691 | 711 |
692 #endif | 712 #endif |
693 | 713 |
694 } // namespace remoting | 714 } // namespace remoting |
OLD | NEW |