1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/bind.h" 6#include "base/bind_helpers.h" 7#include "base/callback.h" 8#include "base/files/file_path.h" 9#include "base/memory/scoped_ptr.h" 10#include "base/run_loop.h" 11#include "base/values.h" 12#include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" 13#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" 14#include "chrome/browser/chromeos/settings/cros_settings.h" 15#include "chrome/browser/chromeos/settings/device_settings_service.h" 16#include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" 17#include "chrome/test/base/testing_profile.h" 18#include "chromeos/network/fake_network_device_handler.h" 19#include "chromeos/network/mock_managed_network_configuration_handler.h" 20#include "chromeos/network/onc/onc_certificate_importer.h" 21#include "chromeos/network/onc/onc_test_utils.h" 22#include "chromeos/network/onc/onc_utils.h" 23#include "components/onc/onc_constants.h" 24#include "components/policy/core/common/external_data_fetcher.h" 25#include "components/policy/core/common/mock_configuration_policy_provider.h" 26#include "components/policy/core/common/policy_map.h" 27#include "components/policy/core/common/policy_service_impl.h" 28#include "components/user_manager/user.h" 29#include "components/user_manager/user_type.h" 30#include "content/public/test/test_browser_thread_bundle.h" 31#include "content/public/test/test_utils.h" 32#include "net/base/test_data_directory.h" 33#include "net/cert/x509_certificate.h" 34#include "net/test/cert_test_util.h" 35#include "policy/policy_constants.h" 36#include "testing/gmock/include/gmock/gmock.h" 37#include "testing/gtest/include/gtest/gtest.h" 38 39using testing::AnyNumber; 40using testing::AtLeast; 41using testing::Mock; 42using testing::Ne; 43using testing::Return; 44using testing::StrictMock; 45using testing::_; 46 47namespace policy { 48 49namespace { 50 51const char kFakeUserEmail[] = "fake email"; 52const char kFakeUsernameHash[] = "fake hash"; 53 54class FakeUser : public user_manager::User { 55 public: 56 FakeUser() : User(kFakeUserEmail) { 57 set_display_email(kFakeUserEmail); 58 set_username_hash(kFakeUsernameHash); 59 } 60 virtual ~FakeUser() {} 61 62 // User overrides 63 virtual user_manager::UserType GetType() const OVERRIDE { 64 return user_manager::USER_TYPE_REGULAR; 65 } 66 67 private: 68 DISALLOW_COPY_AND_ASSIGN(FakeUser); 69}; 70 71class FakeWebTrustedCertsObserver 72 : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { 73 public: 74 FakeWebTrustedCertsObserver() {} 75 76 virtual void OnTrustAnchorsChanged( 77 const net::CertificateList& trust_anchors) OVERRIDE { 78 trust_anchors_ = trust_anchors; 79 } 80 net::CertificateList trust_anchors_; 81 82 private: 83 DISALLOW_COPY_AND_ASSIGN(FakeWebTrustedCertsObserver); 84}; 85 86class FakeNetworkDeviceHandler : public chromeos::FakeNetworkDeviceHandler { 87 public: 88 FakeNetworkDeviceHandler() : allow_roaming_(false) {} 89 90 virtual void SetCellularAllowRoaming(bool allow_roaming) OVERRIDE { 91 allow_roaming_ = allow_roaming; 92 } 93 94 bool allow_roaming_; 95 96 private: 97 DISALLOW_COPY_AND_ASSIGN(FakeNetworkDeviceHandler); 98}; 99 100class FakeCertificateImporter : public chromeos::onc::CertificateImporter { 101 public: 102 FakeCertificateImporter() 103 : expected_onc_source_(::onc::ONC_SOURCE_UNKNOWN), call_count_(0) {} 104 virtual ~FakeCertificateImporter() {} 105 106 void SetTrustedCertificatesResult( 107 net::CertificateList onc_trusted_certificates) { 108 onc_trusted_certificates_ = onc_trusted_certificates; 109 } 110 111 void SetExpectedONCCertificates(const base::ListValue& certificates) { 112 expected_onc_certificates_.reset(certificates.DeepCopy()); 113 } 114 115 void SetExpectedONCSource(::onc::ONCSource source) { 116 expected_onc_source_ = source; 117 } 118 119 unsigned int GetAndResetImportCount() { 120 unsigned int count = call_count_; 121 call_count_ = 0; 122 return count; 123 } 124 125 virtual void ImportCertificates(const base::ListValue& certificates, 126 ::onc::ONCSource source, 127 const DoneCallback& done_callback) OVERRIDE { 128 if (expected_onc_source_ != ::onc::ONC_SOURCE_UNKNOWN) 129 EXPECT_EQ(expected_onc_source_, source); 130 if (expected_onc_certificates_) { 131 EXPECT_TRUE(chromeos::onc::test_utils::Equals( 132 expected_onc_certificates_.get(), &certificates)); 133 } 134 ++call_count_; 135 done_callback.Run(true, onc_trusted_certificates_); 136 } 137 138 private: 139 ::onc::ONCSource expected_onc_source_; 140 scoped_ptr<base::ListValue> expected_onc_certificates_; 141 net::CertificateList onc_trusted_certificates_; 142 unsigned int call_count_; 143 144 DISALLOW_COPY_AND_ASSIGN(FakeCertificateImporter); 145}; 146 147const char kFakeONC[] = 148 "{ \"NetworkConfigurations\": [" 149 " { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\"," 150 " \"Type\": \"WiFi\"," 151 " \"Name\": \"My WiFi Network\"," 152 " \"WiFi\": {" 153 " \"SSID\": \"ssid-none\"," 154 " \"Security\": \"None\" }" 155 " }" 156 " ]," 157 " \"GlobalNetworkConfiguration\": {" 158 " \"AllowOnlyPolicyNetworksToAutoconnect\": true," 159 " }," 160 " \"Certificates\": [" 161 " { \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\"," 162 " \"PKCS12\": \"abc\"," 163 " \"Type\": \"Client\" }" 164 " ]," 165 " \"Type\": \"UnencryptedConfiguration\"" 166 "}"; 167 168std::string ValueToString(const base::Value& value) { 169 std::stringstream str; 170 str << value; 171 return str.str(); 172} 173 174void AppendAll(const base::ListValue& from, base::ListValue* to) { 175 for (base::ListValue::const_iterator it = from.begin(); it != from.end(); 176 ++it) { 177 to->Append((*it)->DeepCopy()); 178 } 179} 180 181// Matcher to match base::Value. 182MATCHER_P(IsEqualTo, 183 value, 184 std::string(negation ? "isn't" : "is") + " equal to " + 185 ValueToString(*value)) { 186 return value->Equals(&arg); 187} 188 189MATCHER(IsEmpty, std::string(negation ? "isn't" : "is") + " empty.") { 190 return arg.empty(); 191} 192 193ACTION_P(SetCertificateList, list) { 194 if (arg2) 195 *arg2 = list; 196 return true; 197} 198 199} // namespace 200 201class NetworkConfigurationUpdaterTest : public testing::Test { 202 protected: 203 NetworkConfigurationUpdaterTest() : certificate_importer_(NULL) {} 204 205 virtual void SetUp() OVERRIDE { 206 EXPECT_CALL(provider_, IsInitializationComplete(_)) 207 .WillRepeatedly(Return(false)); 208 provider_.Init(); 209 PolicyServiceImpl::Providers providers; 210 providers.push_back(&provider_); 211 policy_service_.reset(new PolicyServiceImpl(providers)); 212 213 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = 214 chromeos::onc::ReadDictionaryFromJson(kFakeONC); 215 216 base::ListValue* network_configs = NULL; 217 fake_toplevel_onc->GetListWithoutPathExpansion( 218 onc::toplevel_config::kNetworkConfigurations, &network_configs); 219 AppendAll(*network_configs, &fake_network_configs_); 220 221 base::DictionaryValue* global_config = NULL; 222 fake_toplevel_onc->GetDictionaryWithoutPathExpansion( 223 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config); 224 fake_global_network_config_.MergeDictionary(global_config); 225 226 base::ListValue* certs = NULL; 227 fake_toplevel_onc->GetListWithoutPathExpansion( 228 onc::toplevel_config::kCertificates, &certs); 229 AppendAll(*certs, &fake_certificates_); 230 231 certificate_importer_ = new FakeCertificateImporter; 232 certificate_importer_owned_.reset(certificate_importer_); 233 } 234 235 virtual void TearDown() OVERRIDE { 236 network_configuration_updater_.reset(); 237 provider_.Shutdown(); 238 base::RunLoop().RunUntilIdle(); 239 } 240 241 void MarkPolicyProviderInitialized() { 242 Mock::VerifyAndClearExpectations(&provider_); 243 EXPECT_CALL(provider_, IsInitializationComplete(_)) 244 .WillRepeatedly(Return(true)); 245 provider_.SetAutoRefresh(); 246 provider_.RefreshPolicies(); 247 base::RunLoop().RunUntilIdle(); 248 } 249 250 void UpdateProviderPolicy(const PolicyMap& policy) { 251 provider_.UpdateChromePolicy(policy); 252 base::RunLoop().RunUntilIdle(); 253 } 254 255 UserNetworkConfigurationUpdater* 256 CreateNetworkConfigurationUpdaterForUserPolicy( 257 bool allow_trusted_certs_from_policy, 258 bool set_cert_importer) { 259 UserNetworkConfigurationUpdater* updater = 260 UserNetworkConfigurationUpdater::CreateForUserPolicy( 261 &profile_, 262 allow_trusted_certs_from_policy, 263 fake_user_, 264 policy_service_.get(), 265 &network_config_handler_).release(); 266 if (set_cert_importer) { 267 EXPECT_TRUE(certificate_importer_owned_); 268 updater->SetCertificateImporterForTest( 269 certificate_importer_owned_.Pass()); 270 } 271 network_configuration_updater_.reset(updater); 272 return updater; 273 } 274 275 void CreateNetworkConfigurationUpdaterForDevicePolicy() { 276 network_configuration_updater_ = 277 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( 278 policy_service_.get(), 279 &network_config_handler_, 280 &network_device_handler_, 281 chromeos::CrosSettings::Get()); 282 } 283 284 base::ListValue fake_network_configs_; 285 base::DictionaryValue fake_global_network_config_; 286 base::ListValue fake_certificates_; 287 StrictMock<chromeos::MockManagedNetworkConfigurationHandler> 288 network_config_handler_; 289 FakeNetworkDeviceHandler network_device_handler_; 290 291 // Not used directly. Required for CrosSettings. 292 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; 293 chromeos::ScopedTestCrosSettings scoped_cros_settings_; 294 295 // Ownership of certificate_importer_owned_ is passed to the 296 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| 297 // continues to point to that instance but |certificate_importer_owned_| is 298 // released. 299 FakeCertificateImporter* certificate_importer_; 300 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; 301 302 StrictMock<MockConfigurationPolicyProvider> provider_; 303 scoped_ptr<PolicyServiceImpl> policy_service_; 304 FakeUser fake_user_; 305 306 TestingProfile profile_; 307 308 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; 309 content::TestBrowserThreadBundle thread_bundle_; 310}; 311 312TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { 313 // Ignore network config updates. 314 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); 315 316 // Setup the DataRoaming device setting. 317 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); 318 chromeos::CrosSettingsProvider* device_settings_provider = 319 cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled); 320 cros_settings->RemoveSettingsProvider(device_settings_provider); 321 delete device_settings_provider; 322 chromeos::StubCrosSettingsProvider* stub_settings_provider = 323 new chromeos::StubCrosSettingsProvider; 324 cros_settings->AddSettingsProvider(stub_settings_provider); 325 326 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, 327 base::FundamentalValue(false)); 328 EXPECT_FALSE(network_device_handler_.allow_roaming_); 329 330 CreateNetworkConfigurationUpdaterForDevicePolicy(); 331 MarkPolicyProviderInitialized(); 332 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, 333 base::FundamentalValue(true)); 334 EXPECT_TRUE(network_device_handler_.allow_roaming_); 335 336 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, 337 base::FundamentalValue(false)); 338 EXPECT_FALSE(network_device_handler_.allow_roaming_); 339} 340 341TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { 342 scoped_ptr<base::DictionaryValue> onc_repaired = 343 chromeos::onc::test_utils::ReadTestDictionary( 344 "repaired_toplevel_partially_invalid.onc"); 345 346 base::ListValue* network_configs_repaired = NULL; 347 onc_repaired->GetListWithoutPathExpansion( 348 onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired); 349 ASSERT_TRUE(network_configs_repaired); 350 351 base::DictionaryValue* global_config_repaired = NULL; 352 onc_repaired->GetDictionaryWithoutPathExpansion( 353 onc::toplevel_config::kGlobalNetworkConfiguration, 354 &global_config_repaired); 355 ASSERT_TRUE(global_config_repaired); 356 357 std::string onc_policy = 358 chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc"); 359 PolicyMap policy; 360 policy.Set(key::kOpenNetworkConfiguration, 361 POLICY_LEVEL_MANDATORY, 362 POLICY_SCOPE_USER, 363 new base::StringValue(onc_policy), 364 NULL); 365 UpdateProviderPolicy(policy); 366 367 EXPECT_CALL(network_config_handler_, 368 SetPolicy(onc::ONC_SOURCE_USER_POLICY, 369 _, 370 IsEqualTo(network_configs_repaired), 371 IsEqualTo(global_config_repaired))); 372 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); 373 374 CreateNetworkConfigurationUpdaterForUserPolicy( 375 false /* do not allow trusted certs from policy */, 376 true /* set certificate importer */); 377 MarkPolicyProviderInitialized(); 378 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); 379} 380 381TEST_F(NetworkConfigurationUpdaterTest, 382 DoNotAllowTrustedCertificatesFromPolicy) { 383 net::CertificateList cert_list; 384 cert_list = 385 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 386 "ok_cert.pem", 387 net::X509Certificate::FORMAT_AUTO); 388 ASSERT_EQ(1u, cert_list.size()); 389 390 EXPECT_CALL(network_config_handler_, 391 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); 392 certificate_importer_->SetTrustedCertificatesResult(cert_list); 393 394 UserNetworkConfigurationUpdater* updater = 395 CreateNetworkConfigurationUpdaterForUserPolicy( 396 false /* do not allow trusted certs from policy */, 397 true /* set certificate importer */); 398 MarkPolicyProviderInitialized(); 399 400 // Certificates with the "Web" trust flag set should not be forwarded to 401 // observers. 402 FakeWebTrustedCertsObserver observer; 403 updater->AddTrustedCertsObserver(&observer); 404 405 base::RunLoop().RunUntilIdle(); 406 407 net::CertificateList trust_anchors; 408 updater->GetWebTrustedCertificates(&trust_anchors); 409 EXPECT_TRUE(trust_anchors.empty()); 410 411 EXPECT_TRUE(observer.trust_anchors_.empty()); 412 updater->RemoveTrustedCertsObserver(&observer); 413} 414 415TEST_F(NetworkConfigurationUpdaterTest, 416 AllowTrustedCertificatesFromPolicyInitially) { 417 // Ignore network configuration changes. 418 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) 419 .Times(AnyNumber()); 420 421 net::CertificateList cert_list; 422 cert_list = 423 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 424 "ok_cert.pem", 425 net::X509Certificate::FORMAT_AUTO); 426 ASSERT_EQ(1u, cert_list.size()); 427 428 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); 429 certificate_importer_->SetTrustedCertificatesResult(cert_list); 430 431 UserNetworkConfigurationUpdater* updater = 432 CreateNetworkConfigurationUpdaterForUserPolicy( 433 true /* allow trusted certs from policy */, 434 true /* set certificate importer */); 435 MarkPolicyProviderInitialized(); 436 437 base::RunLoop().RunUntilIdle(); 438 439 // Certificates with the "Web" trust flag set will be returned. 440 net::CertificateList trust_anchors; 441 updater->GetWebTrustedCertificates(&trust_anchors); 442 EXPECT_EQ(1u, trust_anchors.size()); 443} 444 445TEST_F(NetworkConfigurationUpdaterTest, 446 AllowTrustedCertificatesFromPolicyOnUpdate) { 447 // Ignore network configuration changes. 448 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) 449 .Times(AnyNumber()); 450 451 // Start with an empty certificate list. 452 UserNetworkConfigurationUpdater* updater = 453 CreateNetworkConfigurationUpdaterForUserPolicy( 454 true /* allow trusted certs from policy */, 455 true /* set certificate importer */); 456 MarkPolicyProviderInitialized(); 457 458 FakeWebTrustedCertsObserver observer; 459 updater->AddTrustedCertsObserver(&observer); 460 461 base::RunLoop().RunUntilIdle(); 462 463 // Verify that the returned certificate list is empty. 464 { 465 net::CertificateList trust_anchors; 466 updater->GetWebTrustedCertificates(&trust_anchors); 467 EXPECT_TRUE(trust_anchors.empty()); 468 } 469 EXPECT_TRUE(observer.trust_anchors_.empty()); 470 471 // Now use a non-empty certificate list to test the observer notification. 472 net::CertificateList cert_list; 473 cert_list = 474 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 475 "ok_cert.pem", 476 net::X509Certificate::FORMAT_AUTO); 477 ASSERT_EQ(1u, cert_list.size()); 478 certificate_importer_->SetTrustedCertificatesResult(cert_list); 479 480 // Change to any non-empty policy, so that updates are triggered. The actual 481 // content of the policy is irrelevant. 482 PolicyMap policy; 483 policy.Set(key::kOpenNetworkConfiguration, 484 POLICY_LEVEL_MANDATORY, 485 POLICY_SCOPE_USER, 486 new base::StringValue(kFakeONC), 487 NULL); 488 UpdateProviderPolicy(policy); 489 base::RunLoop().RunUntilIdle(); 490 491 // Certificates with the "Web" trust flag set will be returned and forwarded 492 // to observers. 493 { 494 net::CertificateList trust_anchors; 495 updater->GetWebTrustedCertificates(&trust_anchors); 496 EXPECT_EQ(1u, trust_anchors.size()); 497 } 498 EXPECT_EQ(1u, observer.trust_anchors_.size()); 499 500 updater->RemoveTrustedCertsObserver(&observer); 501} 502 503TEST_F(NetworkConfigurationUpdaterTest, 504 DontImportCertificateBeforeCertificateImporterSet) { 505 PolicyMap policy; 506 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, 507 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); 508 UpdateProviderPolicy(policy); 509 510 EXPECT_CALL(network_config_handler_, 511 SetPolicy(onc::ONC_SOURCE_USER_POLICY, 512 kFakeUsernameHash, 513 IsEqualTo(&fake_network_configs_), 514 IsEqualTo(&fake_global_network_config_))); 515 516 UserNetworkConfigurationUpdater* updater = 517 CreateNetworkConfigurationUpdaterForUserPolicy( 518 true /* allow trusted certs from policy */, 519 false /* do not set certificate importer */); 520 MarkPolicyProviderInitialized(); 521 522 Mock::VerifyAndClearExpectations(&network_config_handler_); 523 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); 524 525 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 526 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); 527 528 ASSERT_TRUE(certificate_importer_owned_); 529 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass()); 530 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); 531} 532 533class NetworkConfigurationUpdaterTestWithParam 534 : public NetworkConfigurationUpdaterTest, 535 public testing::WithParamInterface<const char*> { 536 protected: 537 // Returns the currently tested ONC source. 538 onc::ONCSource CurrentONCSource() { 539 if (GetParam() == key::kOpenNetworkConfiguration) 540 return onc::ONC_SOURCE_USER_POLICY; 541 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration); 542 return onc::ONC_SOURCE_DEVICE_POLICY; 543 } 544 545 // Returns the expected username hash to push policies to 546 // ManagedNetworkConfigurationHandler. 547 std::string ExpectedUsernameHash() { 548 if (GetParam() == key::kOpenNetworkConfiguration) 549 return kFakeUsernameHash; 550 return std::string(); 551 } 552 553 size_t ExpectedImportCertificatesCallCount() { 554 if (GetParam() == key::kOpenNetworkConfiguration) 555 return 1u; 556 return 0u; 557 } 558 559 void CreateNetworkConfigurationUpdater() { 560 if (GetParam() == key::kOpenNetworkConfiguration) { 561 CreateNetworkConfigurationUpdaterForUserPolicy( 562 false /* do not allow trusted certs from policy */, 563 true /* set certificate importer */); 564 } else { 565 CreateNetworkConfigurationUpdaterForDevicePolicy(); 566 } 567 } 568}; 569 570TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { 571 PolicyMap policy; 572 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 573 new base::StringValue(kFakeONC), NULL); 574 UpdateProviderPolicy(policy); 575 576 EXPECT_CALL(network_config_handler_, 577 SetPolicy(CurrentONCSource(), 578 ExpectedUsernameHash(), 579 IsEqualTo(&fake_network_configs_), 580 IsEqualTo(&fake_global_network_config_))); 581 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 582 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 583 584 CreateNetworkConfigurationUpdater(); 585 MarkPolicyProviderInitialized(); 586 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 587 certificate_importer_->GetAndResetImportCount()); 588} 589 590TEST_P(NetworkConfigurationUpdaterTestWithParam, 591 PolicyNotSetBeforePolicyProviderInitialized) { 592 PolicyMap policy; 593 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 594 new base::StringValue(kFakeONC), NULL); 595 UpdateProviderPolicy(policy); 596 597 CreateNetworkConfigurationUpdater(); 598 599 Mock::VerifyAndClearExpectations(&network_config_handler_); 600 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); 601 602 EXPECT_CALL(network_config_handler_, 603 SetPolicy(CurrentONCSource(), 604 ExpectedUsernameHash(), 605 IsEqualTo(&fake_network_configs_), 606 IsEqualTo(&fake_global_network_config_))); 607 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 608 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 609 610 MarkPolicyProviderInitialized(); 611 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 612 certificate_importer_->GetAndResetImportCount()); 613} 614 615TEST_P(NetworkConfigurationUpdaterTestWithParam, 616 PolicyAppliedImmediatelyIfProvidersInitialized) { 617 MarkPolicyProviderInitialized(); 618 619 PolicyMap policy; 620 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 621 new base::StringValue(kFakeONC), NULL); 622 UpdateProviderPolicy(policy); 623 624 EXPECT_CALL(network_config_handler_, 625 SetPolicy(CurrentONCSource(), 626 ExpectedUsernameHash(), 627 IsEqualTo(&fake_network_configs_), 628 IsEqualTo(&fake_global_network_config_))); 629 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 630 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 631 632 CreateNetworkConfigurationUpdater(); 633 634 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 635 certificate_importer_->GetAndResetImportCount()); 636} 637 638TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { 639 // Ignore the initial updates. 640 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); 641 642 CreateNetworkConfigurationUpdater(); 643 MarkPolicyProviderInitialized(); 644 645 Mock::VerifyAndClearExpectations(&network_config_handler_); 646 EXPECT_LE(ExpectedImportCertificatesCallCount(), 647 certificate_importer_->GetAndResetImportCount()); 648 649 // The Updater should update if policy changes. 650 EXPECT_CALL(network_config_handler_, 651 SetPolicy(CurrentONCSource(), 652 _, 653 IsEqualTo(&fake_network_configs_), 654 IsEqualTo(&fake_global_network_config_))); 655 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 656 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 657 658 PolicyMap policy; 659 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 660 new base::StringValue(kFakeONC), NULL); 661 UpdateProviderPolicy(policy); 662 Mock::VerifyAndClearExpectations(&network_config_handler_); 663 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 664 certificate_importer_->GetAndResetImportCount()); 665 666 // Another update is expected if the policy goes away. 667 EXPECT_CALL(network_config_handler_, 668 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); 669 certificate_importer_->SetExpectedONCCertificates(base::ListValue()); 670 671 policy.Erase(GetParam()); 672 UpdateProviderPolicy(policy); 673 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 674 certificate_importer_->GetAndResetImportCount()); 675} 676 677INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, 678 NetworkConfigurationUpdaterTestWithParam, 679 testing::Values(key::kDeviceOpenNetworkConfiguration, 680 key::kOpenNetworkConfiguration)); 681 682} // namespace policy 683