onc_validator_unittest.cc revision 5c02ac1a9c1b504631c0a3d2b6e737b5d738bae1
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chromeos/network/onc/onc_validator.h" 6 7#include <string> 8#include <utility> 9 10#include "base/logging.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/values.h" 13#include "chromeos/network/onc/onc_signature.h" 14#include "chromeos/network/onc/onc_test_utils.h" 15#include "chromeos/network/onc/onc_utils.h" 16#include "components/onc/onc_constants.h" 17#include "testing/gtest/include/gtest/gtest.h" 18 19namespace chromeos { 20namespace onc { 21 22class ONCValidatorTest : public ::testing::Test { 23 public: 24 // Validate |onc_object| with the given |signature|. The object is considered 25 // to be managed if |managed_onc| is true. A strict validator is used if 26 // |strict| is true. |onc_object| and the resulting repaired object of the 27 // validation is stored, so that expectations can be checked afterwards using 28 // one of the Expect* functions below. 29 void Validate(bool strict, 30 scoped_ptr<base::DictionaryValue> onc_object, 31 const OncValueSignature* signature, 32 bool managed_onc, 33 ::onc::ONCSource onc_source) { 34 scoped_ptr<Validator> validator; 35 if (strict) { 36 // Create a strict validator that complains about every error. 37 validator.reset(new Validator(true, true, true, managed_onc)); 38 } else { 39 // Create a liberal validator that ignores or repairs non-critical errors. 40 validator.reset(new Validator(false, false, false, managed_onc)); 41 } 42 validator->SetOncSource(onc_source); 43 original_object_ = onc_object.Pass(); 44 repaired_object_ = validator->ValidateAndRepairObject(signature, 45 *original_object_, 46 &validation_result_); 47 } 48 49 void ExpectValid() { 50 EXPECT_EQ(Validator::VALID, validation_result_); 51 EXPECT_TRUE(test_utils::Equals(original_object_.get(), 52 repaired_object_.get())); 53 } 54 55 void ExpectRepairWithWarnings( 56 const base::DictionaryValue& expected_repaired) { 57 EXPECT_EQ(Validator::VALID_WITH_WARNINGS, validation_result_); 58 EXPECT_TRUE(test_utils::Equals(&expected_repaired, repaired_object_.get())); 59 } 60 61 void ExpectInvalid() { 62 EXPECT_EQ(Validator::INVALID, validation_result_); 63 EXPECT_EQ(NULL, repaired_object_.get()); 64 } 65 66 private: 67 Validator::Result validation_result_; 68 scoped_ptr<const base::DictionaryValue> original_object_; 69 scoped_ptr<const base::DictionaryValue> repaired_object_; 70}; 71 72namespace { 73 74struct OncParams { 75 // |location_of_object| is a string to identify the object to be tested. It 76 // may be used as a filename or as a dictionary key. 77 OncParams(const std::string& location_of_object, 78 const OncValueSignature* onc_signature, 79 bool is_managed_onc, 80 ::onc::ONCSource onc_source = ::onc::ONC_SOURCE_NONE) 81 : location(location_of_object), 82 signature(onc_signature), 83 is_managed(is_managed_onc), 84 onc_source(onc_source) { 85 } 86 87 std::string location; 88 const OncValueSignature* signature; 89 bool is_managed; 90 ::onc::ONCSource onc_source; 91}; 92 93::std::ostream& operator<<(::std::ostream& os, const OncParams& onc) { 94 return os << "(" << onc.location << ", " << onc.signature << ", " 95 << (onc.is_managed ? "managed" : "unmanaged") << ", " 96 << GetSourceAsString(onc.onc_source) << ")"; 97} 98 99} // namespace 100 101// Ensure that the constant |kEmptyUnencryptedConfiguration| describes a valid 102// ONC toplevel object. 103TEST_F(ONCValidatorTest, EmptyUnencryptedConfiguration) { 104 Validate(true, ReadDictionaryFromJson(kEmptyUnencryptedConfiguration), 105 &kToplevelConfigurationSignature, false, ::onc::ONC_SOURCE_NONE); 106 ExpectValid(); 107} 108 109// This test case is about validating valid ONC objects without any errors. Both 110// the strict and the liberal validator accept the object. 111class ONCValidatorValidTest : public ONCValidatorTest, 112 public ::testing::WithParamInterface<OncParams> { 113}; 114 115TEST_P(ONCValidatorValidTest, StrictValidationValid) { 116 OncParams onc = GetParam(); 117 Validate(true, test_utils::ReadTestDictionary(onc.location), onc.signature, 118 onc.is_managed, onc.onc_source); 119 ExpectValid(); 120} 121 122TEST_P(ONCValidatorValidTest, LiberalValidationValid) { 123 OncParams onc = GetParam(); 124 Validate(false, test_utils::ReadTestDictionary(onc.location), onc.signature, 125 onc.is_managed, onc.onc_source); 126 ExpectValid(); 127} 128 129// The parameters are: 130// OncParams(string: Filename of a ONC file that is to be validated, 131// OncValueSignature: signature of that ONC, 132// bool: true if the ONC is managed). 133INSTANTIATE_TEST_CASE_P( 134 ONCValidatorValidTest, 135 ONCValidatorValidTest, 136 ::testing::Values( 137 OncParams("managed_toplevel1.onc", 138 &kToplevelConfigurationSignature, 139 true), 140 OncParams("managed_toplevel2.onc", 141 &kToplevelConfigurationSignature, 142 true), 143 OncParams("managed_toplevel_with_global_config.onc", 144 &kToplevelConfigurationSignature, 145 true), 146 // Check that at least one configuration is accepted for 147 // device policies. 148 OncParams("managed_toplevel_wifi_peap.onc", 149 &kToplevelConfigurationSignature, 150 true, 151 ::onc::ONC_SOURCE_DEVICE_POLICY), 152 OncParams("managed_toplevel_l2tpipsec.onc", 153 &kToplevelConfigurationSignature, 154 true), 155 OncParams("toplevel_wifi_wpa_psk.onc", 156 &kToplevelConfigurationSignature, 157 false), 158 OncParams("toplevel_wifi_wep_proxy.onc", 159 &kToplevelConfigurationSignature, 160 false), 161 OncParams("toplevel_wifi_leap.onc", 162 &kToplevelConfigurationSignature, 163 false), 164 OncParams("toplevel_wifi_eap_clientcert_with_cert_pems.onc", 165 &kToplevelConfigurationSignature, 166 false), 167 OncParams("toplevel_wifi_remove.onc", 168 &kToplevelConfigurationSignature, 169 false), 170 OncParams("toplevel_wifi_open.onc", 171 &kToplevelConfigurationSignature, 172 false), 173 OncParams("toplevel_openvpn_clientcert_with_cert_pems.onc", 174 &kToplevelConfigurationSignature, 175 false), 176 OncParams("encrypted.onc", &kToplevelConfigurationSignature, true), 177 OncParams("managed_vpn.onc", &kNetworkConfigurationSignature, true), 178 OncParams("ethernet.onc", &kNetworkConfigurationSignature, true), 179 OncParams("ethernet_with_eap.onc", 180 &kNetworkConfigurationSignature, 181 true), 182 OncParams("translation_of_shill_ethernet_with_ipconfig.onc", 183 &kNetworkConfigurationSignature, 184 true), 185 OncParams("translation_of_shill_wifi_with_state.onc", 186 &kNetworkWithStateSignature, 187 false), 188 OncParams("valid_openvpn_with_cert_pems.onc", 189 &kNetworkConfigurationSignature, 190 false))); 191 192namespace { 193 194struct RepairParams { 195 // Both arguments are strings to identify the object that is expected as the 196 // validation result. They may either be used as filenames or as dictionary 197 // keys. 198 RepairParams(std::string strict_repaired, 199 std::string liberal_repaired) 200 : location_of_strict_repaired(strict_repaired), 201 location_of_liberal_repaired(liberal_repaired) { 202 } 203 204 std::string location_of_strict_repaired; 205 std::string location_of_liberal_repaired; 206}; 207 208::std::ostream& operator<<(::std::ostream& os, const RepairParams& rp) { 209 return os << "(" << rp.location_of_strict_repaired << ", " 210 << rp.location_of_liberal_repaired << ")"; 211} 212 213} // namespace 214 215// This test case is about validating ONC objects that contain errors which can 216// be repaired (then the errors count as warnings). If a location of the 217// expected repaired object is given, then it is checked that the validator 218// (either strict or liberal) returns this repaired object and the result is 219// VALID_WITH_WARNINGS. If the location is the empty string, then it is expected 220// that the validator returns NULL and the result INVALID. 221class ONCValidatorTestRepairable 222 : public ONCValidatorTest, 223 public ::testing::WithParamInterface<std::pair<OncParams, 224 RepairParams> > { 225 public: 226 // Load the common test data and return the dictionary at the field with 227 // name |name|. 228 scoped_ptr<base::DictionaryValue> GetDictionaryFromTestFile( 229 const std::string &name) { 230 scoped_ptr<const base::DictionaryValue> dict( 231 test_utils::ReadTestDictionary("invalid_settings_with_repairs.json")); 232 const base::DictionaryValue* onc_object = NULL; 233 CHECK(dict->GetDictionary(name, &onc_object)); 234 return make_scoped_ptr(onc_object->DeepCopy()); 235 } 236}; 237 238TEST_P(ONCValidatorTestRepairable, StrictValidation) { 239 OncParams onc = GetParam().first; 240 Validate(true, GetDictionaryFromTestFile(onc.location), onc.signature, 241 onc.is_managed, onc.onc_source); 242 std::string location_of_repaired = 243 GetParam().second.location_of_strict_repaired; 244 if (location_of_repaired.empty()) 245 ExpectInvalid(); 246 else 247 ExpectRepairWithWarnings(*GetDictionaryFromTestFile(location_of_repaired)); 248} 249 250TEST_P(ONCValidatorTestRepairable, LiberalValidation) { 251 OncParams onc = GetParam().first; 252 Validate(false, GetDictionaryFromTestFile(onc.location), onc.signature, 253 onc.is_managed, onc.onc_source); 254 std::string location_of_repaired = 255 GetParam().second.location_of_liberal_repaired; 256 if (location_of_repaired.empty()) 257 ExpectInvalid(); 258 else 259 ExpectRepairWithWarnings(*GetDictionaryFromTestFile(location_of_repaired)); 260} 261 262// The parameters for all test case instantations below are: 263// OncParams(string: A fieldname in the dictionary from the file 264// "invalid_settings_with_repairs.json". That nested 265// dictionary will be tested. 266// OncValueSignature: signature of that ONC, 267// bool: true if the ONC is managed). 268// RepairParams(string: A fieldname in the dictionary from the file 269// "invalid_settings_with_repairs.json". That nested 270// dictionary is the expected result from strict 271// validation, 272// string: A fieldname in the dictionary from the file 273// "invalid_settings_with_repairs.json". That nested 274// dictionary is the expected result from liberal 275// validation). 276 277// Strict validator returns INVALID. Liberal validator repairs. 278INSTANTIATE_TEST_CASE_P( 279 StrictInvalidLiberalRepair, 280 ONCValidatorTestRepairable, 281 ::testing::Values( 282 std::make_pair(OncParams("network-unknown-fieldname", 283 &kNetworkConfigurationSignature, 284 false), 285 RepairParams("", "network-repaired")), 286 std::make_pair(OncParams("managed-network-unknown-fieldname", 287 &kNetworkConfigurationSignature, 288 true), 289 RepairParams("", "managed-network-repaired")), 290 std::make_pair(OncParams("managed-network-unknown-recommended", 291 &kNetworkConfigurationSignature, 292 true), 293 RepairParams("", "managed-network-repaired")), 294 std::make_pair(OncParams("managed-network-dict-recommended", 295 &kNetworkConfigurationSignature, 296 true), 297 RepairParams("", "managed-network-repaired")), 298 std::make_pair(OncParams("network-missing-required", 299 &kNetworkConfigurationSignature, 300 false), 301 RepairParams("", "network-missing-required")), 302 std::make_pair(OncParams("managed-network-missing-required", 303 &kNetworkConfigurationSignature, 304 true), 305 RepairParams("", "managed-network-missing-required")), 306 // Ensure that state values from Shill aren't accepted as 307 // configuration. 308 std::make_pair(OncParams("network-state-field", 309 &kNetworkConfigurationSignature, 310 false), 311 RepairParams("", "network-repaired")), 312 std::make_pair(OncParams("network-nested-state-field", 313 &kNetworkConfigurationSignature, 314 false), 315 RepairParams("", "network-nested-state-field-repaired")), 316 std::make_pair(OncParams("openvpn-missing-verify-x509-name", 317 &kNetworkConfigurationSignature, false), 318 RepairParams("", "openvpn-missing-verify-x509-name")), 319 std::make_pair(OncParams("ipsec-with-client-cert-missing-cacert", 320 &kIPsecSignature, 321 false), 322 RepairParams("", 323 "ipsec-with-client-cert-missing-cacert")), 324 std::make_pair(OncParams("toplevel-with-repairable-networks", 325 &kToplevelConfigurationSignature, 326 false, 327 ::onc::ONC_SOURCE_DEVICE_POLICY), 328 RepairParams("", "toplevel-with-repaired-networks")))); 329 330// Strict and liberal validator repair identically. 331INSTANTIATE_TEST_CASE_P( 332 StrictAndLiberalRepairIdentically, 333 ONCValidatorTestRepairable, 334 ::testing::Values( 335 std::make_pair(OncParams("toplevel-invalid-network", 336 &kToplevelConfigurationSignature, 337 false), 338 RepairParams("toplevel-repaired", 339 "toplevel-repaired")), 340 std::make_pair(OncParams("duplicate-network-guid", 341 &kToplevelConfigurationSignature, 342 false), 343 RepairParams("repaired-duplicate-network-guid", 344 "repaired-duplicate-network-guid")), 345 std::make_pair(OncParams("duplicate-cert-guid", 346 &kToplevelConfigurationSignature, 347 false), 348 RepairParams("repaired-duplicate-cert-guid", 349 "repaired-duplicate-cert-guid")), 350 std::make_pair(OncParams("toplevel-invalid-network", 351 &kToplevelConfigurationSignature, 352 true), 353 RepairParams("toplevel-repaired", 354 "toplevel-repaired")), 355 // Ignore recommended arrays in unmanaged ONC. 356 std::make_pair(OncParams("network-with-illegal-recommended", 357 &kNetworkConfigurationSignature, 358 false), 359 RepairParams("network-repaired", "network-repaired")), 360 std::make_pair(OncParams("toplevel-with-vpn", 361 &kToplevelConfigurationSignature, 362 false, 363 ::onc::ONC_SOURCE_DEVICE_POLICY), 364 RepairParams("toplevel-empty", "toplevel-empty")), 365 std::make_pair(OncParams("toplevel-with-server-and-ca-cert", 366 &kToplevelConfigurationSignature, 367 true, 368 ::onc::ONC_SOURCE_DEVICE_POLICY), 369 RepairParams("toplevel-server-and-ca-cert-dropped", 370 "toplevel-server-and-ca-cert-dropped")))); 371 372// Strict and liberal validator both repair, but with different results. 373INSTANTIATE_TEST_CASE_P( 374 StrictAndLiberalRepairDifferently, 375 ONCValidatorTestRepairable, 376 ::testing::Values( 377 std::make_pair(OncParams("toplevel-with-nested-warning", 378 &kToplevelConfigurationSignature, 379 false), 380 RepairParams("toplevel-empty", "toplevel-repaired")))); 381 382// Strict and liberal validator return both INVALID. 383INSTANTIATE_TEST_CASE_P( 384 StrictAndLiberalInvalid, 385 ONCValidatorTestRepairable, 386 ::testing::Values( 387 std::make_pair(OncParams("network-unknown-value", 388 &kNetworkConfigurationSignature, false), 389 RepairParams("", "")), 390 std::make_pair(OncParams("managed-network-unknown-value", 391 &kNetworkConfigurationSignature, true), 392 RepairParams("", "")), 393 std::make_pair(OncParams("network-value-out-of-range", 394 &kNetworkConfigurationSignature, false), 395 RepairParams("", "")), 396 std::make_pair(OncParams("ipsec-with-psk-and-cacert", 397 &kIPsecSignature, false), 398 RepairParams("", "")), 399 std::make_pair(OncParams("ipsec-with-empty-cacertrefs", 400 &kIPsecSignature, false), 401 RepairParams("", "")), 402 std::make_pair(OncParams("ipsec-with-servercaref-and-servercarefs", 403 &kIPsecSignature, false), 404 RepairParams("", "")), 405 std::make_pair(OncParams("openvpn-with-servercaref-and-servercarefs", 406 &kOpenVPNSignature, false), 407 RepairParams("", "")), 408 std::make_pair(OncParams("eap-with-servercaref-and-servercarefs", 409 &kEAPSignature, false), 410 RepairParams("", "")), 411 std::make_pair(OncParams("managed-network-value-out-of-range", 412 &kNetworkConfigurationSignature, true), 413 RepairParams("", "")), 414 std::make_pair(OncParams("network-wrong-type", 415 &kNetworkConfigurationSignature, false), 416 RepairParams("", "")), 417 std::make_pair(OncParams("managed-network-wrong-type", 418 &kNetworkConfigurationSignature, true), 419 RepairParams("", "")), 420 std::make_pair(OncParams("network-with-client-cert-pattern", 421 &kNetworkConfigurationSignature, true, 422 ::onc::ONC_SOURCE_DEVICE_POLICY), 423 RepairParams("", "")), 424 std::make_pair(OncParams("openvpn-invalid-verify-x509-type", 425 &kNetworkConfigurationSignature, false), 426 RepairParams("", "")) 427 )); 428 429} // namespace onc 430} // namespace chromeos 431