147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// Copyright 2013 The Chromium Authors. All rights reserved. 247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// Use of this source code is governed by a BSD-style license that can be 347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// found in the LICENSE file. 447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/bind.h" 647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/bind_helpers.h" 747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/callback.h" 847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/files/file_path.h" 947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/memory/scoped_ptr.h" 1047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/run_loop.h" 1147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "base/values.h" 1247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chrome/browser/chromeos/policy/device_network_configuration_updater.h" 1347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" 1447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chrome/browser/chromeos/settings/cros_settings.h" 1547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chrome/browser/chromeos/settings/device_settings_service.h" 1647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" 1747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chrome/test/base/testing_profile.h" 1847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chromeos/network/fake_network_device_handler.h" 1947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chromeos/network/mock_managed_network_configuration_handler.h" 2047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chromeos/network/onc/onc_certificate_importer.h" 2147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chromeos/network/onc/onc_test_utils.h" 2247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "chromeos/network/onc/onc_utils.h" 2347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/onc/onc_constants.h" 2447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/policy/core/common/external_data_fetcher.h" 2547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/policy/core/common/mock_configuration_policy_provider.h" 2647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/policy/core/common/policy_map.h" 2747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/policy/core/common/policy_service_impl.h" 2847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/user_manager/user.h" 2947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "components/user_manager/user_type.h" 3047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "content/public/test/test_browser_thread_bundle.h" 3147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "content/public/test/test_utils.h" 3247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "net/base/test_data_directory.h" 3347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "net/cert/x509_certificate.h" 3447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "net/test/cert_test_util.h" 3547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "policy/policy_constants.h" 3647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "testing/gmock/include/gmock/gmock.h" 3747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org#include "testing/gtest/include/gtest/gtest.h" 3847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 3947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::AnyNumber; 4047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::AtLeast; 4147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::Mock; 4247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::Ne; 4347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::Return; 4447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::StrictMock; 4547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgusing testing::_; 4647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 4747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgnamespace policy { 4847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 4947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgnamespace { 5047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 5147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgconst char kFakeUserEmail[] = "fake email"; 5247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgconst char kFakeUsernameHash[] = "fake hash"; 5347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 5447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FakeUser : public user_manager::User { 5547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public: 5647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FakeUser() : User(kFakeUserEmail) { 5747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org set_display_email(kFakeUserEmail); 5847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org set_username_hash(kFakeUsernameHash); 5947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 6047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual ~FakeUser() {} 6147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 6247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org // User overrides 6347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual user_manager::UserType GetType() const OVERRIDE { 6447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return user_manager::USER_TYPE_REGULAR; 6547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 6647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 6747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private: 6847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org DISALLOW_COPY_AND_ASSIGN(FakeUser); 6947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}; 7047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 7147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FakeWebTrustedCertsObserver 7247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver { 7347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public: 7447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FakeWebTrustedCertsObserver() {} 7547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 7647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual void OnTrustAnchorsChanged( 7747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org const net::CertificateList& trust_anchors) OVERRIDE { 7847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org trust_anchors_ = trust_anchors; 7947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 8047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org net::CertificateList trust_anchors_; 8147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 8247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private: 8347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org DISALLOW_COPY_AND_ASSIGN(FakeWebTrustedCertsObserver); 8447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}; 8547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 8647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FakeNetworkDeviceHandler : public chromeos::FakeNetworkDeviceHandler { 8747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public: 8847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FakeNetworkDeviceHandler() : allow_roaming_(false) {} 8947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 9047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual void SetCellularAllowRoaming(bool allow_roaming) OVERRIDE { 9147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org allow_roaming_ = allow_roaming; 9247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 9347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 9447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org bool allow_roaming_; 9547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 9647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private: 9747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org DISALLOW_COPY_AND_ASSIGN(FakeNetworkDeviceHandler); 9847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}; 9947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 10047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgclass FakeCertificateImporter : public chromeos::onc::CertificateImporter { 10147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org public: 10247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org FakeCertificateImporter() 10347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org : expected_onc_source_(::onc::ONC_SOURCE_UNKNOWN), call_count_(0) {} 10447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual ~FakeCertificateImporter() {} 10547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 10647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void SetTrustedCertificatesResult( 10747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org net::CertificateList onc_trusted_certificates) { 10847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org onc_trusted_certificates_ = onc_trusted_certificates; 10947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 11047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 11147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void SetExpectedONCCertificates(const base::ListValue& certificates) { 11247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org expected_onc_certificates_.reset(certificates.DeepCopy()); 11347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 11447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 11547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org void SetExpectedONCSource(::onc::ONCSource source) { 11647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org expected_onc_source_ = source; 11747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 11847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 11947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org unsigned int GetAndResetImportCount() { 12047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org unsigned int count = call_count_; 12147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org call_count_ = 0; 12247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return count; 12347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 12447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 12547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org virtual void ImportCertificates(const base::ListValue& certificates, 12647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org ::onc::ONCSource source, 12747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org const DoneCallback& done_callback) OVERRIDE { 12847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org if (expected_onc_source_ != ::onc::ONC_SOURCE_UNKNOWN) 12947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org EXPECT_EQ(expected_onc_source_, source); 13047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org if (expected_onc_certificates_) { 13147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org EXPECT_TRUE(chromeos::onc::test_utils::Equals( 13247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org expected_onc_certificates_.get(), &certificates)); 13347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 13447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org ++call_count_; 13547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org done_callback.Run(true, onc_trusted_certificates_); 13647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 13747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 13847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org private: 13947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org ::onc::ONCSource expected_onc_source_; 14047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org scoped_ptr<base::ListValue> expected_onc_certificates_; 14147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org net::CertificateList onc_trusted_certificates_; 14247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org unsigned int call_count_; 14347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 14447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org DISALLOW_COPY_AND_ASSIGN(FakeCertificateImporter); 14547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org}; 14647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 14747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgconst char kFakeONC[] = 14847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org "{ \"NetworkConfigurations\": [" 14947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\"," 15047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"Type\": \"WiFi\"," 15147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"Name\": \"My WiFi Network\"," 15247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"WiFi\": {" 15347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"SSID\": \"ssid-none\"," 15447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"Security\": \"None\" }" 15547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " }" 15647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " ]," 15747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"GlobalNetworkConfiguration\": {" 15847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"AllowOnlyPolicyNetworksToAutoconnect\": true," 15947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " }," 16047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"Certificates\": [" 16147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " { \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\"," 16247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"PKCS12\": \"abc\"," 16347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"Type\": \"Client\" }" 16447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " ]," 16547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org " \"Type\": \"UnencryptedConfiguration\"" 16647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org "}"; 16747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 16847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgstd::string ValueToString(const base::Value& value) { 16947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org std::stringstream str; 17047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org str << value; 17147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return str.str(); 17247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org} 17347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 17447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgvoid AppendAll(const base::ListValue& from, base::ListValue* to) { 17547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org for (base::ListValue::const_iterator it = from.begin(); it != from.end(); 17647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org ++it) { 17747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org to->Append((*it)->DeepCopy()); 17847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org } 17947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org} 18047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 18147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org// Matcher to match base::Value. 18247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgMATCHER_P(IsEqualTo, 18347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org value, 18447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org std::string(negation ? "isn't" : "is") + " equal to " + 18547be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org ValueToString(*value)) { 18647be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return value->Equals(&arg); 18747be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org} 18847be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 18947be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgMATCHER(IsEmpty, std::string(negation ? "isn't" : "is") + " empty.") { 19047be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org return arg.empty(); 19147be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org} 19247be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org 19347be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.orgACTION_P(SetCertificateList, list) { 19447be73b8629244d6bb63a28198f97f040ce53d21henrike@webrtc.org if (arg2) 195 *arg2 = list; 196 return true; 197} 198 199} // namespace 200 201class NetworkConfigurationUpdaterTest : public testing::Test { 202 protected: 203 NetworkConfigurationUpdaterTest() : certificate_importer_(NULL) {} 204 205 virtual void SetUp() OVERRIDE { 206 EXPECT_CALL(provider_, IsInitializationComplete(_)) 207 .WillRepeatedly(Return(false)); 208 provider_.Init(); 209 PolicyServiceImpl::Providers providers; 210 providers.push_back(&provider_); 211 policy_service_.reset(new PolicyServiceImpl(providers)); 212 213 scoped_ptr<base::DictionaryValue> fake_toplevel_onc = 214 chromeos::onc::ReadDictionaryFromJson(kFakeONC); 215 216 base::ListValue* network_configs = NULL; 217 fake_toplevel_onc->GetListWithoutPathExpansion( 218 onc::toplevel_config::kNetworkConfigurations, &network_configs); 219 AppendAll(*network_configs, &fake_network_configs_); 220 221 base::DictionaryValue* global_config = NULL; 222 fake_toplevel_onc->GetDictionaryWithoutPathExpansion( 223 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config); 224 fake_global_network_config_.MergeDictionary(global_config); 225 226 base::ListValue* certs = NULL; 227 fake_toplevel_onc->GetListWithoutPathExpansion( 228 onc::toplevel_config::kCertificates, &certs); 229 AppendAll(*certs, &fake_certificates_); 230 231 certificate_importer_ = new FakeCertificateImporter; 232 certificate_importer_owned_.reset(certificate_importer_); 233 } 234 235 virtual void TearDown() OVERRIDE { 236 network_configuration_updater_.reset(); 237 provider_.Shutdown(); 238 base::RunLoop().RunUntilIdle(); 239 } 240 241 void MarkPolicyProviderInitialized() { 242 Mock::VerifyAndClearExpectations(&provider_); 243 EXPECT_CALL(provider_, IsInitializationComplete(_)) 244 .WillRepeatedly(Return(true)); 245 provider_.SetAutoRefresh(); 246 provider_.RefreshPolicies(); 247 base::RunLoop().RunUntilIdle(); 248 } 249 250 void UpdateProviderPolicy(const PolicyMap& policy) { 251 provider_.UpdateChromePolicy(policy); 252 base::RunLoop().RunUntilIdle(); 253 } 254 255 UserNetworkConfigurationUpdater* 256 CreateNetworkConfigurationUpdaterForUserPolicy( 257 bool allow_trusted_certs_from_policy, 258 bool set_cert_importer) { 259 UserNetworkConfigurationUpdater* updater = 260 UserNetworkConfigurationUpdater::CreateForUserPolicy( 261 &profile_, 262 allow_trusted_certs_from_policy, 263 fake_user_, 264 policy_service_.get(), 265 &network_config_handler_).release(); 266 if (set_cert_importer) { 267 EXPECT_TRUE(certificate_importer_owned_); 268 updater->SetCertificateImporterForTest( 269 certificate_importer_owned_.Pass()); 270 } 271 network_configuration_updater_.reset(updater); 272 return updater; 273 } 274 275 void CreateNetworkConfigurationUpdaterForDevicePolicy() { 276 network_configuration_updater_ = 277 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy( 278 policy_service_.get(), 279 &network_config_handler_, 280 &network_device_handler_, 281 chromeos::CrosSettings::Get()); 282 } 283 284 base::ListValue fake_network_configs_; 285 base::DictionaryValue fake_global_network_config_; 286 base::ListValue fake_certificates_; 287 StrictMock<chromeos::MockManagedNetworkConfigurationHandler> 288 network_config_handler_; 289 FakeNetworkDeviceHandler network_device_handler_; 290 291 // Not used directly. Required for CrosSettings. 292 chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_; 293 chromeos::ScopedTestCrosSettings scoped_cros_settings_; 294 295 // Ownership of certificate_importer_owned_ is passed to the 296 // NetworkConfigurationUpdater. When that happens, |certificate_importer_| 297 // continues to point to that instance but |certificate_importer_owned_| is 298 // released. 299 FakeCertificateImporter* certificate_importer_; 300 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_; 301 302 StrictMock<MockConfigurationPolicyProvider> provider_; 303 scoped_ptr<PolicyServiceImpl> policy_service_; 304 FakeUser fake_user_; 305 306 TestingProfile profile_; 307 308 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; 309 content::TestBrowserThreadBundle thread_bundle_; 310}; 311 312TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) { 313 // Ignore network config updates. 314 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); 315 316 // Setup the DataRoaming device setting. 317 chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get(); 318 chromeos::CrosSettingsProvider* device_settings_provider = 319 cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled); 320 cros_settings->RemoveSettingsProvider(device_settings_provider); 321 delete device_settings_provider; 322 chromeos::StubCrosSettingsProvider* stub_settings_provider = 323 new chromeos::StubCrosSettingsProvider; 324 cros_settings->AddSettingsProvider(stub_settings_provider); 325 326 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, 327 base::FundamentalValue(false)); 328 EXPECT_FALSE(network_device_handler_.allow_roaming_); 329 330 CreateNetworkConfigurationUpdaterForDevicePolicy(); 331 MarkPolicyProviderInitialized(); 332 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, 333 base::FundamentalValue(true)); 334 EXPECT_TRUE(network_device_handler_.allow_roaming_); 335 336 chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled, 337 base::FundamentalValue(false)); 338 EXPECT_FALSE(network_device_handler_.allow_roaming_); 339} 340 341TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) { 342 scoped_ptr<base::DictionaryValue> onc_repaired = 343 chromeos::onc::test_utils::ReadTestDictionary( 344 "repaired_toplevel_partially_invalid.onc"); 345 346 base::ListValue* network_configs_repaired = NULL; 347 onc_repaired->GetListWithoutPathExpansion( 348 onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired); 349 ASSERT_TRUE(network_configs_repaired); 350 351 base::DictionaryValue* global_config_repaired = NULL; 352 onc_repaired->GetDictionaryWithoutPathExpansion( 353 onc::toplevel_config::kGlobalNetworkConfiguration, 354 &global_config_repaired); 355 ASSERT_TRUE(global_config_repaired); 356 357 std::string onc_policy = 358 chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc"); 359 PolicyMap policy; 360 policy.Set(key::kOpenNetworkConfiguration, 361 POLICY_LEVEL_MANDATORY, 362 POLICY_SCOPE_USER, 363 new base::StringValue(onc_policy), 364 NULL); 365 UpdateProviderPolicy(policy); 366 367 EXPECT_CALL(network_config_handler_, 368 SetPolicy(onc::ONC_SOURCE_USER_POLICY, 369 _, 370 IsEqualTo(network_configs_repaired), 371 IsEqualTo(global_config_repaired))); 372 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); 373 374 CreateNetworkConfigurationUpdaterForUserPolicy( 375 false /* do not allow trusted certs from policy */, 376 true /* set certificate importer */); 377 MarkPolicyProviderInitialized(); 378 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); 379} 380 381TEST_F(NetworkConfigurationUpdaterTest, 382 DoNotAllowTrustedCertificatesFromPolicy) { 383 net::CertificateList cert_list; 384 cert_list = 385 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 386 "ok_cert.pem", 387 net::X509Certificate::FORMAT_AUTO); 388 ASSERT_EQ(1u, cert_list.size()); 389 390 EXPECT_CALL(network_config_handler_, 391 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _)); 392 certificate_importer_->SetTrustedCertificatesResult(cert_list); 393 394 UserNetworkConfigurationUpdater* updater = 395 CreateNetworkConfigurationUpdaterForUserPolicy( 396 false /* do not allow trusted certs from policy */, 397 true /* set certificate importer */); 398 MarkPolicyProviderInitialized(); 399 400 // Certificates with the "Web" trust flag set should not be forwarded to 401 // observers. 402 FakeWebTrustedCertsObserver observer; 403 updater->AddTrustedCertsObserver(&observer); 404 405 base::RunLoop().RunUntilIdle(); 406 407 net::CertificateList trust_anchors; 408 updater->GetWebTrustedCertificates(&trust_anchors); 409 EXPECT_TRUE(trust_anchors.empty()); 410 411 EXPECT_TRUE(observer.trust_anchors_.empty()); 412 updater->RemoveTrustedCertsObserver(&observer); 413} 414 415TEST_F(NetworkConfigurationUpdaterTest, 416 AllowTrustedCertificatesFromPolicyInitially) { 417 // Ignore network configuration changes. 418 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) 419 .Times(AnyNumber()); 420 421 net::CertificateList cert_list; 422 cert_list = 423 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 424 "ok_cert.pem", 425 net::X509Certificate::FORMAT_AUTO); 426 ASSERT_EQ(1u, cert_list.size()); 427 428 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); 429 certificate_importer_->SetTrustedCertificatesResult(cert_list); 430 431 UserNetworkConfigurationUpdater* updater = 432 CreateNetworkConfigurationUpdaterForUserPolicy( 433 true /* allow trusted certs from policy */, 434 true /* set certificate importer */); 435 MarkPolicyProviderInitialized(); 436 437 base::RunLoop().RunUntilIdle(); 438 439 // Certificates with the "Web" trust flag set will be returned. 440 net::CertificateList trust_anchors; 441 updater->GetWebTrustedCertificates(&trust_anchors); 442 EXPECT_EQ(1u, trust_anchors.size()); 443} 444 445TEST_F(NetworkConfigurationUpdaterTest, 446 AllowTrustedCertificatesFromPolicyOnUpdate) { 447 // Ignore network configuration changes. 448 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)) 449 .Times(AnyNumber()); 450 451 // Start with an empty certificate list. 452 UserNetworkConfigurationUpdater* updater = 453 CreateNetworkConfigurationUpdaterForUserPolicy( 454 true /* allow trusted certs from policy */, 455 true /* set certificate importer */); 456 MarkPolicyProviderInitialized(); 457 458 FakeWebTrustedCertsObserver observer; 459 updater->AddTrustedCertsObserver(&observer); 460 461 base::RunLoop().RunUntilIdle(); 462 463 // Verify that the returned certificate list is empty. 464 { 465 net::CertificateList trust_anchors; 466 updater->GetWebTrustedCertificates(&trust_anchors); 467 EXPECT_TRUE(trust_anchors.empty()); 468 } 469 EXPECT_TRUE(observer.trust_anchors_.empty()); 470 471 // Now use a non-empty certificate list to test the observer notification. 472 net::CertificateList cert_list; 473 cert_list = 474 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 475 "ok_cert.pem", 476 net::X509Certificate::FORMAT_AUTO); 477 ASSERT_EQ(1u, cert_list.size()); 478 certificate_importer_->SetTrustedCertificatesResult(cert_list); 479 480 // Change to any non-empty policy, so that updates are triggered. The actual 481 // content of the policy is irrelevant. 482 PolicyMap policy; 483 policy.Set(key::kOpenNetworkConfiguration, 484 POLICY_LEVEL_MANDATORY, 485 POLICY_SCOPE_USER, 486 new base::StringValue(kFakeONC), 487 NULL); 488 UpdateProviderPolicy(policy); 489 base::RunLoop().RunUntilIdle(); 490 491 // Certificates with the "Web" trust flag set will be returned and forwarded 492 // to observers. 493 { 494 net::CertificateList trust_anchors; 495 updater->GetWebTrustedCertificates(&trust_anchors); 496 EXPECT_EQ(1u, trust_anchors.size()); 497 } 498 EXPECT_EQ(1u, observer.trust_anchors_.size()); 499 500 updater->RemoveTrustedCertsObserver(&observer); 501} 502 503TEST_F(NetworkConfigurationUpdaterTest, 504 DontImportCertificateBeforeCertificateImporterSet) { 505 PolicyMap policy; 506 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, 507 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL); 508 UpdateProviderPolicy(policy); 509 510 EXPECT_CALL(network_config_handler_, 511 SetPolicy(onc::ONC_SOURCE_USER_POLICY, 512 kFakeUsernameHash, 513 IsEqualTo(&fake_network_configs_), 514 IsEqualTo(&fake_global_network_config_))); 515 516 UserNetworkConfigurationUpdater* updater = 517 CreateNetworkConfigurationUpdaterForUserPolicy( 518 true /* allow trusted certs from policy */, 519 false /* do not set certificate importer */); 520 MarkPolicyProviderInitialized(); 521 522 Mock::VerifyAndClearExpectations(&network_config_handler_); 523 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); 524 525 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 526 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY); 527 528 ASSERT_TRUE(certificate_importer_owned_); 529 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass()); 530 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount()); 531} 532 533class NetworkConfigurationUpdaterTestWithParam 534 : public NetworkConfigurationUpdaterTest, 535 public testing::WithParamInterface<const char*> { 536 protected: 537 // Returns the currently tested ONC source. 538 onc::ONCSource CurrentONCSource() { 539 if (GetParam() == key::kOpenNetworkConfiguration) 540 return onc::ONC_SOURCE_USER_POLICY; 541 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration); 542 return onc::ONC_SOURCE_DEVICE_POLICY; 543 } 544 545 // Returns the expected username hash to push policies to 546 // ManagedNetworkConfigurationHandler. 547 std::string ExpectedUsernameHash() { 548 if (GetParam() == key::kOpenNetworkConfiguration) 549 return kFakeUsernameHash; 550 return std::string(); 551 } 552 553 size_t ExpectedImportCertificatesCallCount() { 554 if (GetParam() == key::kOpenNetworkConfiguration) 555 return 1u; 556 return 0u; 557 } 558 559 void CreateNetworkConfigurationUpdater() { 560 if (GetParam() == key::kOpenNetworkConfiguration) { 561 CreateNetworkConfigurationUpdaterForUserPolicy( 562 false /* do not allow trusted certs from policy */, 563 true /* set certificate importer */); 564 } else { 565 CreateNetworkConfigurationUpdaterForDevicePolicy(); 566 } 567 } 568}; 569 570TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) { 571 PolicyMap policy; 572 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 573 new base::StringValue(kFakeONC), NULL); 574 UpdateProviderPolicy(policy); 575 576 EXPECT_CALL(network_config_handler_, 577 SetPolicy(CurrentONCSource(), 578 ExpectedUsernameHash(), 579 IsEqualTo(&fake_network_configs_), 580 IsEqualTo(&fake_global_network_config_))); 581 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 582 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 583 584 CreateNetworkConfigurationUpdater(); 585 MarkPolicyProviderInitialized(); 586 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 587 certificate_importer_->GetAndResetImportCount()); 588} 589 590TEST_P(NetworkConfigurationUpdaterTestWithParam, 591 PolicyNotSetBeforePolicyProviderInitialized) { 592 PolicyMap policy; 593 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 594 new base::StringValue(kFakeONC), NULL); 595 UpdateProviderPolicy(policy); 596 597 CreateNetworkConfigurationUpdater(); 598 599 Mock::VerifyAndClearExpectations(&network_config_handler_); 600 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount()); 601 602 EXPECT_CALL(network_config_handler_, 603 SetPolicy(CurrentONCSource(), 604 ExpectedUsernameHash(), 605 IsEqualTo(&fake_network_configs_), 606 IsEqualTo(&fake_global_network_config_))); 607 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 608 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 609 610 MarkPolicyProviderInitialized(); 611 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 612 certificate_importer_->GetAndResetImportCount()); 613} 614 615TEST_P(NetworkConfigurationUpdaterTestWithParam, 616 PolicyAppliedImmediatelyIfProvidersInitialized) { 617 MarkPolicyProviderInitialized(); 618 619 PolicyMap policy; 620 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 621 new base::StringValue(kFakeONC), NULL); 622 UpdateProviderPolicy(policy); 623 624 EXPECT_CALL(network_config_handler_, 625 SetPolicy(CurrentONCSource(), 626 ExpectedUsernameHash(), 627 IsEqualTo(&fake_network_configs_), 628 IsEqualTo(&fake_global_network_config_))); 629 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 630 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 631 632 CreateNetworkConfigurationUpdater(); 633 634 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 635 certificate_importer_->GetAndResetImportCount()); 636} 637 638TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) { 639 // Ignore the initial updates. 640 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1)); 641 642 CreateNetworkConfigurationUpdater(); 643 MarkPolicyProviderInitialized(); 644 645 Mock::VerifyAndClearExpectations(&network_config_handler_); 646 EXPECT_LE(ExpectedImportCertificatesCallCount(), 647 certificate_importer_->GetAndResetImportCount()); 648 649 // The Updater should update if policy changes. 650 EXPECT_CALL(network_config_handler_, 651 SetPolicy(CurrentONCSource(), 652 _, 653 IsEqualTo(&fake_network_configs_), 654 IsEqualTo(&fake_global_network_config_))); 655 certificate_importer_->SetExpectedONCSource(CurrentONCSource()); 656 certificate_importer_->SetExpectedONCCertificates(fake_certificates_); 657 658 PolicyMap policy; 659 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, 660 new base::StringValue(kFakeONC), NULL); 661 UpdateProviderPolicy(policy); 662 Mock::VerifyAndClearExpectations(&network_config_handler_); 663 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 664 certificate_importer_->GetAndResetImportCount()); 665 666 // Another update is expected if the policy goes away. 667 EXPECT_CALL(network_config_handler_, 668 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty())); 669 certificate_importer_->SetExpectedONCCertificates(base::ListValue()); 670 671 policy.Erase(GetParam()); 672 UpdateProviderPolicy(policy); 673 EXPECT_EQ(ExpectedImportCertificatesCallCount(), 674 certificate_importer_->GetAndResetImportCount()); 675} 676 677INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance, 678 NetworkConfigurationUpdaterTestWithParam, 679 testing::Values(key::kDeviceOpenNetworkConfiguration, 680 key::kOpenNetworkConfiguration)); 681 682} // namespace policy 683