Malformed PortRange or ThirdPartyAuthConfig trigger OnPolicyError.

remoting/host/third_party_auth_config_unittest.cc

Index: remoting/host/third_party_auth_config_unittest.cc
diff --git a/remoting/host/third_party_auth_config_unittest.cc b/remoting/host/third_party_auth_config_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..002fd81b2950cd329f58d11b7937428209b7b734
--- /dev/null
+++ b/remoting/host/third_party_auth_config_unittest.cc
@@ -0,0 +1,194 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/host/third_party_auth_config.h"
+
+#include <sstream>
+
+#include "base/values.h"
+#include "policy/policy_constants.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace remoting {
+
+namespace key = ::policy::key;
+
+TEST(ThirdPartyAuthConfig, ParseEmpty) {
+  ThirdPartyAuthConfig third_party_auth_config;
+
+  EXPECT_TRUE(
+      ThirdPartyAuthConfig::ParseStrings("", "", "", &third_party_auth_config));
+  EXPECT_TRUE(third_party_auth_config.is_null());
+}
+
+TEST(ThirdPartyAuthConfig, ParseValidAll) {
+  ThirdPartyAuthConfig third_party_auth_config;
+
+  EXPECT_TRUE(ThirdPartyAuthConfig::ParseStrings(
+      "https://token.com/", "https://validation.com/", "certificate subject",
+      &third_party_auth_config));
+  EXPECT_FALSE(third_party_auth_config.is_null());
+  EXPECT_EQ("https://token.com/", third_party_auth_config.token_url.spec());
+  EXPECT_EQ("https://validation.com/",
+            third_party_auth_config.token_validation_url.spec());
+  EXPECT_EQ("certificate subject",
+            third_party_auth_config.token_validation_cert_issuer);
+}
+
+TEST(ThirdPartyAuthConfig, ParseValidNoCert) {
+  ThirdPartyAuthConfig third_party_auth_config;
+
+  EXPECT_TRUE(ThirdPartyAuthConfig::ParseStrings("https://token.com/",
+                                                 "https://validation.com/", "",
+                                                 &third_party_auth_config));
+  EXPECT_FALSE(third_party_auth_config.is_null());
+  EXPECT_EQ("https://token.com/", third_party_auth_config.token_url.spec());
+  EXPECT_EQ("https://validation.com/",
+            third_party_auth_config.token_validation_url.spec());
+  EXPECT_EQ("", third_party_auth_config.token_validation_cert_issuer);
+}
+
+// We validate https-vs-http only on Release builds to help with manual testing.
+#if !defined(NDEBUG)
+TEST(ThirdPartyAuthConfig, ParseHttp) {
+  ThirdPartyAuthConfig third_party_auth_config;
+
+  EXPECT_TRUE(ThirdPartyAuthConfig::ParseStrings("http://token.com/",
+                                                 "http://validation.com/", "",
+                                                 &third_party_auth_config));
+  EXPECT_FALSE(third_party_auth_config.is_null());
+  EXPECT_EQ("http://token.com/", third_party_auth_config.token_url.spec());
+  EXPECT_EQ("http://validation.com/",
+            third_party_auth_config.token_validation_url.spec());
+}
+#endif
+
+namespace {
+
+const std::string valid_url("https://valid.com");
+const std::string valid_cert("certificate subject");
+
+}  // namespace
+
+class InvalidUrlTest : public ::testing::TestWithParam<const char*> {};
+
+TEST_P(InvalidUrlTest, ParseInvalidUrl) {
+  const std::string& invalid_url(GetParam());
+
+  // Populate |config| with some known data - we will use this for validating
+  // that |config| doesn't get modified by ParseStrings during subsequent
+  // parsing
+  // failure tests.
+  ThirdPartyAuthConfig config;
+  EXPECT_TRUE(ThirdPartyAuthConfig::ParseStrings(
+      "https://token.com/", "https://validation.com/", "certificate subject",
+      &config));
+
+  // Test for parsing failure.
+  EXPECT_FALSE(ThirdPartyAuthConfig::ParseStrings(invalid_url, valid_url,
+                                                  valid_cert, &config));
+  EXPECT_FALSE(ThirdPartyAuthConfig::ParseStrings(valid_url, invalid_url,
+                                                  valid_cert, &config));
+  EXPECT_FALSE(
+      ThirdPartyAuthConfig::ParseStrings(invalid_url, "", "", &config));
+  EXPECT_FALSE(
+      ThirdPartyAuthConfig::ParseStrings("", invalid_url, "", &config));
+
+  // Validate that ParseStrings doesn't modify its output upon parsing failure.
+  EXPECT_EQ("https://token.com/", config.token_url.spec());
+  EXPECT_EQ("https://validation.com/", config.token_validation_url.spec());
+  EXPECT_EQ("certificate subject", config.token_validation_cert_issuer);
+}
+
+// We validate https-vs-http only on Release builds to help with manual testing.
+#if defined(NDEBUG)
+INSTANTIATE_TEST_CASE_P(ThirdPartyAuthConfig,
+                        InvalidUrlTest,
+                        ::testing::Values("http://insecure.com",
+                                          "I am not a URL"));
+#else
+INSTANTIATE_TEST_CASE_P(ThirdPartyAuthConfig,
+                        InvalidUrlTest,
+                        ::testing::Values("I am not a URL"));
+#endif
+
+TEST(ThirdPartyAuthConfig, ParseInvalidCombination) {
+  // Populate |config| with some known data - we will use this for validating
+  // that |config| doesn't get modified by ParseStrings during subsequent
+  // parsing
+  // failure tests.
+  ThirdPartyAuthConfig config;
+  EXPECT_TRUE(ThirdPartyAuthConfig::ParseStrings(
+      "https://token.com/", "https://validation.com/", "certificate subject",
+      &config));
+
+  // Only one of TokenUrl and TokenValidationUrl
+  EXPECT_FALSE(
+      ThirdPartyAuthConfig::ParseStrings("", valid_url, valid_cert, &config));
+  EXPECT_FALSE(
+      ThirdPartyAuthConfig::ParseStrings(valid_url, "", valid_cert, &config));
+
+  // CertSubject when no TokenUrl and TokenValidationUrl
+  EXPECT_FALSE(ThirdPartyAuthConfig::ParseStrings("", "", valid_cert, &config));
+
+  // Validate that ParseStrings doesn't modify its output upon parsing failure.
+  EXPECT_EQ("https://token.com/", config.token_url.spec());
+  EXPECT_EQ("https://validation.com/", config.token_validation_url.spec());
+  EXPECT_EQ("certificate subject", config.token_validation_cert_issuer);
+}
+
+TEST(ThirdPartyAuthConfig, ExtractEmpty) {
+  base::DictionaryValue dict;
+  std::string url1, url2, cert;
+  EXPECT_FALSE(ThirdPartyAuthConfig::ExtractStrings(dict, &url1, &url2, &cert));
+}
+
+TEST(ThirdPartyAuthConfig, ExtractUnknown) {
+  base::DictionaryValue dict;
+  dict.SetString("unknownName", "someValue");
+
+  std::string url1, url2, cert;
+  EXPECT_FALSE(ThirdPartyAuthConfig::ExtractStrings(dict, &url1, &url2, &cert));
+}
+
+TEST(ThirdPartyAuthConfig, ExtractAll) {
+  base::DictionaryValue dict;
+  dict.SetString(key::kRemoteAccessHostTokenUrl, "test1");
+  dict.SetString(key::kRemoteAccessHostTokenValidationUrl, "test2");
+  dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, "t3");
+
+  std::string url1, url2, cert;
+  EXPECT_TRUE(ThirdPartyAuthConfig::ExtractStrings(dict, &url1, &url2, &cert));
+  EXPECT_EQ("test1", url1);
+  EXPECT_EQ("test2", url2);
+  EXPECT_EQ("t3", cert);
+}
+
+TEST(ThirdPartyAuthConfig, ExtractPartial) {
+  base::DictionaryValue dict;
+  dict.SetString(key::kRemoteAccessHostTokenValidationUrl, "test2");
+
+  std::string url1, url2, cert;
+  EXPECT_TRUE(ThirdPartyAuthConfig::ExtractStrings(dict, &url1, &url2, &cert));
+  EXPECT_EQ("", url1);
+  EXPECT_EQ("test2", url2);
+  EXPECT_EQ("", cert);
+}
+
+TEST(ThirdPartyAuthConfig, Output) {
+  ThirdPartyAuthConfig third_party_auth_config;
+  third_party_auth_config.token_url = GURL("https://token.com");
+  third_party_auth_config.token_validation_url = GURL("https://validation.com");
+  third_party_auth_config.token_validation_cert_issuer = "certificate subject";
+
+  std::ostringstream str;
+  str << third_party_auth_config;
+
+  EXPECT_THAT(str.str(), testing::HasSubstr("token"));
+  EXPECT_THAT(str.str(), testing::HasSubstr("validation"));
+  EXPECT_THAT(str.str(), testing::HasSubstr("certificate subject"));
+}
+
+}  // namespace remoting