projects / platform / framework / web / crosswalk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update To 11.40.268.0
[platform/framework/web/crosswalk.git] / src / chrome / browser / chromeos / policy / network_configuration_updater_unittest.cc
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/bind.h"
6 #include "base/bind_helpers.h"
7 #include "base/callback.h"
8 #include "base/files/file_path.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/run_loop.h"
11 #include "base/values.h"
12 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
13 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
14 #include "chrome/browser/chromeos/settings/cros_settings.h"
15 #include "chrome/browser/chromeos/settings/device_settings_service.h"
16 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h"
17 #include "chrome/test/base/testing_profile.h"
18 #include "chromeos/network/fake_network_device_handler.h"
19 #include "chromeos/network/mock_managed_network_configuration_handler.h"
20 #include "chromeos/network/onc/onc_certificate_importer.h"
21 #include "chromeos/network/onc/onc_test_utils.h"
22 #include "chromeos/network/onc/onc_utils.h"
23 #include "components/onc/onc_constants.h"
24 #include "components/policy/core/common/external_data_fetcher.h"
25 #include "components/policy/core/common/mock_configuration_policy_provider.h"
26 #include "components/policy/core/common/policy_map.h"
27 #include "components/policy/core/common/policy_service_impl.h"
28 #include "components/user_manager/user.h"
29 #include "components/user_manager/user_type.h"
30 #include "content/public/test/test_browser_thread_bundle.h"
31 #include "content/public/test/test_utils.h"
32 #include "net/base/test_data_directory.h"
33 #include "net/cert/x509_certificate.h"
34 #include "net/test/cert_test_util.h"
35 #include "policy/policy_constants.h"
36 #include "testing/gmock/include/gmock/gmock.h"
37 #include "testing/gtest/include/gtest/gtest.h"
38
39 using testing::AnyNumber;
40 using testing::AtLeast;
41 using testing::Mock;
42 using testing::Ne;
43 using testing::Return;
44 using testing::StrictMock;
45 using testing::_;
46
47 namespace policy {
48
49 namespace {
50
51 const char kFakeUserEmail[] = "fake email";
52 const char kFakeUsernameHash[] = "fake hash";
53
54 class FakeUser : public user_manager::User {
55  public:
56   FakeUser() : User(kFakeUserEmail) {
57     set_display_email(kFakeUserEmail);
58     set_username_hash(kFakeUsernameHash);
59   }
60   virtual ~FakeUser() {}
61
62   // User overrides
63   virtual user_manager::UserType GetType() const override {
64     return user_manager::USER_TYPE_REGULAR;
65   }
66
67  private:
68   DISALLOW_COPY_AND_ASSIGN(FakeUser);
69 };
70
71 class FakeWebTrustedCertsObserver
72     : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
73  public:
74   FakeWebTrustedCertsObserver() {}
75
76   virtual void OnTrustAnchorsChanged(
77       const net::CertificateList& trust_anchors) override {
78     trust_anchors_ = trust_anchors;
79   }
80   net::CertificateList trust_anchors_;
81
82  private:
83   DISALLOW_COPY_AND_ASSIGN(FakeWebTrustedCertsObserver);
84 };
85
86 class FakeNetworkDeviceHandler : public chromeos::FakeNetworkDeviceHandler {
87   public:
88    FakeNetworkDeviceHandler() : allow_roaming_(false) {}
89
90    virtual void SetCellularAllowRoaming(bool allow_roaming) override {
91      allow_roaming_ = allow_roaming;
92    }
93
94    bool allow_roaming_;
95
96  private:
97   DISALLOW_COPY_AND_ASSIGN(FakeNetworkDeviceHandler);
98 };
99
100 class FakeCertificateImporter : public chromeos::onc::CertificateImporter {
101  public:
102   FakeCertificateImporter()
103       : expected_onc_source_(::onc::ONC_SOURCE_UNKNOWN), call_count_(0) {}
104   virtual ~FakeCertificateImporter() {}
105
106   void SetTrustedCertificatesResult(
107       net::CertificateList onc_trusted_certificates) {
108     onc_trusted_certificates_ = onc_trusted_certificates;
109   }
110
111   void SetExpectedONCCertificates(const base::ListValue& certificates) {
112     expected_onc_certificates_.reset(certificates.DeepCopy());
113   }
114
115   void SetExpectedONCSource(::onc::ONCSource source) {
116     expected_onc_source_ = source;
117   }
118
119   unsigned int GetAndResetImportCount() {
120     unsigned int count = call_count_;
121     call_count_ = 0;
122     return count;
123   }
124
125   virtual void ImportCertificates(const base::ListValue& certificates,
126                                   ::onc::ONCSource source,
127                                   const DoneCallback& done_callback) override {
128     if (expected_onc_source_ != ::onc::ONC_SOURCE_UNKNOWN)
129       EXPECT_EQ(expected_onc_source_, source);
130     if (expected_onc_certificates_) {
131       EXPECT_TRUE(chromeos::onc::test_utils::Equals(
132           expected_onc_certificates_.get(), &certificates));
133     }
134     ++call_count_;
135     done_callback.Run(true, onc_trusted_certificates_);
136   }
137
138  private:
139   ::onc::ONCSource expected_onc_source_;
140   scoped_ptr<base::ListValue> expected_onc_certificates_;
141   net::CertificateList onc_trusted_certificates_;
142   unsigned int call_count_;
143
144   DISALLOW_COPY_AND_ASSIGN(FakeCertificateImporter);
145 };
146
147 const char kFakeONC[] =
148     "{ \"NetworkConfigurations\": ["
149     "    { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\","
150     "      \"Type\": \"WiFi\","
151     "      \"Name\": \"My WiFi Network\","
152     "      \"WiFi\": {"
153     "        \"SSID\": \"ssid-none\","
154     "        \"Security\": \"None\" }"
155     "    }"
156     "  ],"
157     "  \"GlobalNetworkConfiguration\": {"
158     "    \"AllowOnlyPolicyNetworksToAutoconnect\": true,"
159     "  },"
160     "  \"Certificates\": ["
161     "    { \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\","
162     "      \"PKCS12\": \"abc\","
163     "       \"Type\": \"Client\" }"
164     "  ],"
165     "  \"Type\": \"UnencryptedConfiguration\""
166     "}";
167
168 std::string ValueToString(const base::Value& value) {
169   std::stringstream str;
170   str << value;
171   return str.str();
172 }
173
174 void AppendAll(const base::ListValue& from, base::ListValue* to) {
175   for (base::ListValue::const_iterator it = from.begin(); it != from.end();
176        ++it) {
177     to->Append((*it)->DeepCopy());
178   }
179 }
180
181 // Matcher to match base::Value.
182 MATCHER_P(IsEqualTo,
183           value,
184           std::string(negation ? "isn't" : "is") + " equal to " +
185               ValueToString(*value)) {
186   return value->Equals(&arg);
187 }
188
189 MATCHER(IsEmpty, std::string(negation ? "isn't" : "is") + " empty.") {
190   return arg.empty();
191 }
192
193 ACTION_P(SetCertificateList, list) {
194   if (arg2)
195     *arg2 = list;
196   return true;
197 }
198
199 }  // namespace
200
201 class NetworkConfigurationUpdaterTest : public testing::Test {
202  protected:
203   NetworkConfigurationUpdaterTest() : certificate_importer_(NULL) {}
204
205   virtual void SetUp() override {
206     EXPECT_CALL(provider_, IsInitializationComplete(_))
207         .WillRepeatedly(Return(false));
208     provider_.Init();
209     PolicyServiceImpl::Providers providers;
210     providers.push_back(&provider_);
211     policy_service_.reset(new PolicyServiceImpl(providers));
212
213     scoped_ptr<base::DictionaryValue> fake_toplevel_onc =
214         chromeos::onc::ReadDictionaryFromJson(kFakeONC);
215
216     base::ListValue* network_configs = NULL;
217     fake_toplevel_onc->GetListWithoutPathExpansion(
218         onc::toplevel_config::kNetworkConfigurations, &network_configs);
219     AppendAll(*network_configs, &fake_network_configs_);
220
221     base::DictionaryValue* global_config = NULL;
222     fake_toplevel_onc->GetDictionaryWithoutPathExpansion(
223         onc::toplevel_config::kGlobalNetworkConfiguration, &global_config);
224     fake_global_network_config_.MergeDictionary(global_config);
225
226     base::ListValue* certs = NULL;
227     fake_toplevel_onc->GetListWithoutPathExpansion(
228         onc::toplevel_config::kCertificates, &certs);
229     AppendAll(*certs, &fake_certificates_);
230
231     certificate_importer_ = new FakeCertificateImporter;
232     certificate_importer_owned_.reset(certificate_importer_);
233   }
234
235   virtual void TearDown() override {
236     network_configuration_updater_.reset();
237     provider_.Shutdown();
238     base::RunLoop().RunUntilIdle();
239   }
240
241   void MarkPolicyProviderInitialized() {
242     Mock::VerifyAndClearExpectations(&provider_);
243     EXPECT_CALL(provider_, IsInitializationComplete(_))
244         .WillRepeatedly(Return(true));
245     provider_.SetAutoRefresh();
246     provider_.RefreshPolicies();
247     base::RunLoop().RunUntilIdle();
248   }
249
250   void UpdateProviderPolicy(const PolicyMap& policy) {
251     provider_.UpdateChromePolicy(policy);
252     base::RunLoop().RunUntilIdle();
253   }
254
255   UserNetworkConfigurationUpdater*
256   CreateNetworkConfigurationUpdaterForUserPolicy(
257       bool allow_trusted_certs_from_policy,
258       bool set_cert_importer) {
259     UserNetworkConfigurationUpdater* updater =
260         UserNetworkConfigurationUpdater::CreateForUserPolicy(
261             &profile_,
262             allow_trusted_certs_from_policy,
263             fake_user_,
264             policy_service_.get(),
265             &network_config_handler_).release();
266     if (set_cert_importer) {
267       EXPECT_TRUE(certificate_importer_owned_);
268       updater->SetCertificateImporterForTest(
269           certificate_importer_owned_.Pass());
270     }
271     network_configuration_updater_.reset(updater);
272     return updater;
273   }
274
275   void CreateNetworkConfigurationUpdaterForDevicePolicy() {
276     network_configuration_updater_ =
277         DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
278             policy_service_.get(),
279             &network_config_handler_,
280             &network_device_handler_,
281             chromeos::CrosSettings::Get());
282   }
283
284   base::ListValue fake_network_configs_;
285   base::DictionaryValue fake_global_network_config_;
286   base::ListValue fake_certificates_;
287   StrictMock<chromeos::MockManagedNetworkConfigurationHandler>
288       network_config_handler_;
289   FakeNetworkDeviceHandler network_device_handler_;
290
291   // Not used directly. Required for CrosSettings.
292   chromeos::ScopedTestDeviceSettingsService scoped_device_settings_service_;
293   chromeos::ScopedTestCrosSettings scoped_cros_settings_;
294
295   // Ownership of certificate_importer_owned_ is passed to the
296   // NetworkConfigurationUpdater. When that happens, |certificate_importer_|
297   // continues to point to that instance but |certificate_importer_owned_| is
298   // released.
299   FakeCertificateImporter* certificate_importer_;
300   scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_;
301
302   StrictMock<MockConfigurationPolicyProvider> provider_;
303   scoped_ptr<PolicyServiceImpl> policy_service_;
304   FakeUser fake_user_;
305
306   TestingProfile profile_;
307
308   scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_;
309   content::TestBrowserThreadBundle thread_bundle_;
310 };
311
312 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) {
313   // Ignore network config updates.
314   EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1));
315
316   // Setup the DataRoaming device setting.
317   chromeos::CrosSettings* cros_settings = chromeos::CrosSettings::Get();
318   chromeos::CrosSettingsProvider* device_settings_provider =
319       cros_settings->GetProvider(chromeos::kSignedDataRoamingEnabled);
320   cros_settings->RemoveSettingsProvider(device_settings_provider);
321   delete device_settings_provider;
322   chromeos::StubCrosSettingsProvider* stub_settings_provider =
323       new chromeos::StubCrosSettingsProvider;
324   cros_settings->AddSettingsProvider(stub_settings_provider);
325
326   chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled,
327                                      base::FundamentalValue(false));
328   EXPECT_FALSE(network_device_handler_.allow_roaming_);
329
330   CreateNetworkConfigurationUpdaterForDevicePolicy();
331   MarkPolicyProviderInitialized();
332   chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled,
333                                      base::FundamentalValue(true));
334   EXPECT_TRUE(network_device_handler_.allow_roaming_);
335
336   chromeos::CrosSettings::Get()->Set(chromeos::kSignedDataRoamingEnabled,
337                                      base::FundamentalValue(false));
338   EXPECT_FALSE(network_device_handler_.allow_roaming_);
339 }
340
341 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) {
342   scoped_ptr<base::DictionaryValue> onc_repaired =
343       chromeos::onc::test_utils::ReadTestDictionary(
344           "repaired_toplevel_partially_invalid.onc");
345
346   base::ListValue* network_configs_repaired = NULL;
347   onc_repaired->GetListWithoutPathExpansion(
348       onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired);
349   ASSERT_TRUE(network_configs_repaired);
350
351   base::DictionaryValue* global_config_repaired = NULL;
352   onc_repaired->GetDictionaryWithoutPathExpansion(
353       onc::toplevel_config::kGlobalNetworkConfiguration,
354       &global_config_repaired);
355   ASSERT_TRUE(global_config_repaired);
356
357   std::string onc_policy =
358       chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc");
359   PolicyMap policy;
360   policy.Set(key::kOpenNetworkConfiguration,
361              POLICY_LEVEL_MANDATORY,
362              POLICY_SCOPE_USER,
363              new base::StringValue(onc_policy),
364              NULL);
365   UpdateProviderPolicy(policy);
366
367   EXPECT_CALL(network_config_handler_,
368               SetPolicy(onc::ONC_SOURCE_USER_POLICY,
369                         _,
370                         IsEqualTo(network_configs_repaired),
371                         IsEqualTo(global_config_repaired)));
372   certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY);
373
374   CreateNetworkConfigurationUpdaterForUserPolicy(
375       false /* do not allow trusted certs from policy */,
376       true /* set certificate importer */);
377   MarkPolicyProviderInitialized();
378   EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount());
379 }
380
381 TEST_F(NetworkConfigurationUpdaterTest,
382        DoNotAllowTrustedCertificatesFromPolicy) {
383   net::CertificateList cert_list;
384   cert_list =
385       net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
386                                          "ok_cert.pem",
387                                          net::X509Certificate::FORMAT_AUTO);
388   ASSERT_EQ(1u, cert_list.size());
389
390   EXPECT_CALL(network_config_handler_,
391               SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _));
392   certificate_importer_->SetTrustedCertificatesResult(cert_list);
393
394   UserNetworkConfigurationUpdater* updater =
395       CreateNetworkConfigurationUpdaterForUserPolicy(
396           false /* do not allow trusted certs from policy */,
397           true /* set certificate importer */);
398   MarkPolicyProviderInitialized();
399
400   // Certificates with the "Web" trust flag set should not be forwarded to
401   // observers.
402   FakeWebTrustedCertsObserver observer;
403   updater->AddTrustedCertsObserver(&observer);
404
405   base::RunLoop().RunUntilIdle();
406
407   net::CertificateList trust_anchors;
408   updater->GetWebTrustedCertificates(&trust_anchors);
409   EXPECT_TRUE(trust_anchors.empty());
410
411   EXPECT_TRUE(observer.trust_anchors_.empty());
412   updater->RemoveTrustedCertsObserver(&observer);
413 }
414
415 TEST_F(NetworkConfigurationUpdaterTest,
416        AllowTrustedCertificatesFromPolicyInitially) {
417   // Ignore network configuration changes.
418   EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _))
419       .Times(AnyNumber());
420
421   net::CertificateList cert_list;
422   cert_list =
423       net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
424                                          "ok_cert.pem",
425                                          net::X509Certificate::FORMAT_AUTO);
426   ASSERT_EQ(1u, cert_list.size());
427
428   certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY);
429   certificate_importer_->SetTrustedCertificatesResult(cert_list);
430
431   UserNetworkConfigurationUpdater* updater =
432       CreateNetworkConfigurationUpdaterForUserPolicy(
433           true /* allow trusted certs from policy */,
434           true /* set certificate importer */);
435   MarkPolicyProviderInitialized();
436
437   base::RunLoop().RunUntilIdle();
438
439   // Certificates with the "Web" trust flag set will be returned.
440   net::CertificateList trust_anchors;
441   updater->GetWebTrustedCertificates(&trust_anchors);
442   EXPECT_EQ(1u, trust_anchors.size());
443 }
444
445 TEST_F(NetworkConfigurationUpdaterTest,
446        AllowTrustedCertificatesFromPolicyOnUpdate) {
447   // Ignore network configuration changes.
448   EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _))
449       .Times(AnyNumber());
450
451   // Start with an empty certificate list.
452   UserNetworkConfigurationUpdater* updater =
453       CreateNetworkConfigurationUpdaterForUserPolicy(
454           true /* allow trusted certs from policy */,
455           true /* set certificate importer */);
456   MarkPolicyProviderInitialized();
457
458   FakeWebTrustedCertsObserver observer;
459   updater->AddTrustedCertsObserver(&observer);
460
461   base::RunLoop().RunUntilIdle();
462
463   // Verify that the returned certificate list is empty.
464   {
465     net::CertificateList trust_anchors;
466     updater->GetWebTrustedCertificates(&trust_anchors);
467     EXPECT_TRUE(trust_anchors.empty());
468   }
469   EXPECT_TRUE(observer.trust_anchors_.empty());
470
471   // Now use a non-empty certificate list to test the observer notification.
472   net::CertificateList cert_list;
473   cert_list =
474       net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
475                                          "ok_cert.pem",
476                                          net::X509Certificate::FORMAT_AUTO);
477   ASSERT_EQ(1u, cert_list.size());
478   certificate_importer_->SetTrustedCertificatesResult(cert_list);
479
480   // Change to any non-empty policy, so that updates are triggered. The actual
481   // content of the policy is irrelevant.
482   PolicyMap policy;
483   policy.Set(key::kOpenNetworkConfiguration,
484              POLICY_LEVEL_MANDATORY,
485              POLICY_SCOPE_USER,
486              new base::StringValue(kFakeONC),
487              NULL);
488   UpdateProviderPolicy(policy);
489   base::RunLoop().RunUntilIdle();
490
491   // Certificates with the "Web" trust flag set will be returned and forwarded
492   // to observers.
493   {
494     net::CertificateList trust_anchors;
495     updater->GetWebTrustedCertificates(&trust_anchors);
496     EXPECT_EQ(1u, trust_anchors.size());
497   }
498   EXPECT_EQ(1u, observer.trust_anchors_.size());
499
500   updater->RemoveTrustedCertsObserver(&observer);
501 }
502
503 TEST_F(NetworkConfigurationUpdaterTest,
504        DontImportCertificateBeforeCertificateImporterSet) {
505   PolicyMap policy;
506   policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY,
507              POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL);
508   UpdateProviderPolicy(policy);
509
510   EXPECT_CALL(network_config_handler_,
511               SetPolicy(onc::ONC_SOURCE_USER_POLICY,
512                         kFakeUsernameHash,
513                         IsEqualTo(&fake_network_configs_),
514                         IsEqualTo(&fake_global_network_config_)));
515
516   UserNetworkConfigurationUpdater* updater =
517       CreateNetworkConfigurationUpdaterForUserPolicy(
518           true /* allow trusted certs from policy */,
519           false /* do not set certificate importer */);
520   MarkPolicyProviderInitialized();
521
522   Mock::VerifyAndClearExpectations(&network_config_handler_);
523   EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount());
524
525   certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
526   certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY);
527
528   ASSERT_TRUE(certificate_importer_owned_);
529   updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass());
530   EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount());
531 }
532
533 class NetworkConfigurationUpdaterTestWithParam
534     : public NetworkConfigurationUpdaterTest,
535       public testing::WithParamInterface<const char*> {
536  protected:
537   // Returns the currently tested ONC source.
538   onc::ONCSource CurrentONCSource() {
539     if (GetParam() == key::kOpenNetworkConfiguration)
540       return onc::ONC_SOURCE_USER_POLICY;
541     DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration);
542     return onc::ONC_SOURCE_DEVICE_POLICY;
543   }
544
545   // Returns the expected username hash to push policies to
546   // ManagedNetworkConfigurationHandler.
547   std::string ExpectedUsernameHash() {
548     if (GetParam() == key::kOpenNetworkConfiguration)
549       return kFakeUsernameHash;
550     return std::string();
551   }
552
553   size_t ExpectedImportCertificatesCallCount() {
554     if (GetParam() == key::kOpenNetworkConfiguration)
555       return 1u;
556     return 0u;
557   }
558
559   void CreateNetworkConfigurationUpdater() {
560     if (GetParam() == key::kOpenNetworkConfiguration) {
561       CreateNetworkConfigurationUpdaterForUserPolicy(
562           false /* do not allow trusted certs from policy */,
563           true /* set certificate importer */);
564     } else {
565       CreateNetworkConfigurationUpdaterForDevicePolicy();
566     }
567   }
568 };
569
570 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) {
571   PolicyMap policy;
572   policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
573              new base::StringValue(kFakeONC), NULL);
574   UpdateProviderPolicy(policy);
575
576   EXPECT_CALL(network_config_handler_,
577               SetPolicy(CurrentONCSource(),
578                         ExpectedUsernameHash(),
579                         IsEqualTo(&fake_network_configs_),
580                         IsEqualTo(&fake_global_network_config_)));
581   certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
582   certificate_importer_->SetExpectedONCSource(CurrentONCSource());
583
584   CreateNetworkConfigurationUpdater();
585   MarkPolicyProviderInitialized();
586   EXPECT_EQ(ExpectedImportCertificatesCallCount(),
587             certificate_importer_->GetAndResetImportCount());
588 }
589
590 TEST_P(NetworkConfigurationUpdaterTestWithParam,
591        PolicyNotSetBeforePolicyProviderInitialized) {
592   PolicyMap policy;
593   policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
594              new base::StringValue(kFakeONC), NULL);
595   UpdateProviderPolicy(policy);
596
597   CreateNetworkConfigurationUpdater();
598
599   Mock::VerifyAndClearExpectations(&network_config_handler_);
600   EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount());
601
602   EXPECT_CALL(network_config_handler_,
603               SetPolicy(CurrentONCSource(),
604                         ExpectedUsernameHash(),
605                         IsEqualTo(&fake_network_configs_),
606                         IsEqualTo(&fake_global_network_config_)));
607   certificate_importer_->SetExpectedONCSource(CurrentONCSource());
608   certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
609
610   MarkPolicyProviderInitialized();
611   EXPECT_EQ(ExpectedImportCertificatesCallCount(),
612             certificate_importer_->GetAndResetImportCount());
613 }
614
615 TEST_P(NetworkConfigurationUpdaterTestWithParam,
616        PolicyAppliedImmediatelyIfProvidersInitialized) {
617   MarkPolicyProviderInitialized();
618
619   PolicyMap policy;
620   policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
621              new base::StringValue(kFakeONC), NULL);
622   UpdateProviderPolicy(policy);
623
624   EXPECT_CALL(network_config_handler_,
625               SetPolicy(CurrentONCSource(),
626                         ExpectedUsernameHash(),
627                         IsEqualTo(&fake_network_configs_),
628                         IsEqualTo(&fake_global_network_config_)));
629   certificate_importer_->SetExpectedONCSource(CurrentONCSource());
630   certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
631
632   CreateNetworkConfigurationUpdater();
633
634   EXPECT_EQ(ExpectedImportCertificatesCallCount(),
635             certificate_importer_->GetAndResetImportCount());
636 }
637
638 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) {
639   // Ignore the initial updates.
640   EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1));
641
642   CreateNetworkConfigurationUpdater();
643   MarkPolicyProviderInitialized();
644
645   Mock::VerifyAndClearExpectations(&network_config_handler_);
646   EXPECT_LE(ExpectedImportCertificatesCallCount(),
647             certificate_importer_->GetAndResetImportCount());
648
649   // The Updater should update if policy changes.
650   EXPECT_CALL(network_config_handler_,
651               SetPolicy(CurrentONCSource(),
652                         _,
653                         IsEqualTo(&fake_network_configs_),
654                         IsEqualTo(&fake_global_network_config_)));
655   certificate_importer_->SetExpectedONCSource(CurrentONCSource());
656   certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
657
658   PolicyMap policy;
659   policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
660              new base::StringValue(kFakeONC), NULL);
661   UpdateProviderPolicy(policy);
662   Mock::VerifyAndClearExpectations(&network_config_handler_);
663   EXPECT_EQ(ExpectedImportCertificatesCallCount(),
664             certificate_importer_->GetAndResetImportCount());
665
666   // Another update is expected if the policy goes away.
667   EXPECT_CALL(network_config_handler_,
668               SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty()));
669   certificate_importer_->SetExpectedONCCertificates(base::ListValue());
670
671   policy.Erase(GetParam());
672   UpdateProviderPolicy(policy);
673   EXPECT_EQ(ExpectedImportCertificatesCallCount(),
674             certificate_importer_->GetAndResetImportCount());
675 }
676
677 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance,
678                         NetworkConfigurationUpdaterTestWithParam,
679                         testing::Values(key::kDeviceOpenNetworkConfiguration,
680                                         key::kOpenNetworkConfiguration));
681
682 }  // namespace policy
Domain: Web Framework / Uncategorized;