src/chromeos/network/onc/onc_validator_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chromeos/network/onc/onc_validator.h"
   6
   7 #include <string>
   8 #include <utility>
   9
  10 #include "base/logging.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/values.h"
  13 #include "chromeos/network/onc/onc_signature.h"
  14 #include "chromeos/network/onc/onc_test_utils.h"
  15 #include "chromeos/network/onc/onc_utils.h"
  16 #include "components/onc/onc_constants.h"
  17 #include "testing/gtest/include/gtest/gtest.h"
  18
  19 namespace chromeos {
  20 namespace onc {
  21
  22 class ONCValidatorTest : public ::testing::Test {
  23  public:
  24   // Validate |onc_object| with the given |signature|. The object is considered
  25   // to be managed if |managed_onc| is true. A strict validator is used if
  26   // |strict| is true. |onc_object| and the resulting repaired object of the
  27   // validation is stored, so that expectations can be checked afterwards using
  28   // one of the Expect* functions below.
  29   void Validate(bool strict,
  30                 scoped_ptr<base::DictionaryValue> onc_object,
  31                 const OncValueSignature* signature,
  32                 bool managed_onc,
  33                 ::onc::ONCSource onc_source) {
  34     scoped_ptr<Validator> validator;
  35     if (strict) {
  36       // Create a strict validator that complains about every error.
  37       validator.reset(new Validator(true, true, true, managed_onc));
  38     } else {
  39       // Create a liberal validator that ignores or repairs non-critical errors.
  40       validator.reset(new Validator(false, false, false, managed_onc));
  41     }
  42     validator->SetOncSource(onc_source);
  43     original_object_ = onc_object.Pass();
  44     repaired_object_ = validator->ValidateAndRepairObject(signature,
  45                                                           *original_object_,
  46                                                           &validation_result_);
  47   }
  48
  49   void ExpectValid() {
  50     EXPECT_EQ(Validator::VALID, validation_result_);
  51     EXPECT_TRUE(test_utils::Equals(original_object_.get(),
  52                                    repaired_object_.get()));
  53   }
  54
  55   void ExpectRepairWithWarnings(
  56       const base::DictionaryValue& expected_repaired) {
  57     EXPECT_EQ(Validator::VALID_WITH_WARNINGS, validation_result_);
  58     EXPECT_TRUE(test_utils::Equals(&expected_repaired, repaired_object_.get()));
  59   }
  60
  61   void ExpectInvalid() {
  62     EXPECT_EQ(Validator::INVALID, validation_result_);
  63     EXPECT_EQ(NULL, repaired_object_.get());
  64   }
  65
  66  private:
  67   Validator::Result validation_result_;
  68   scoped_ptr<const base::DictionaryValue> original_object_;
  69   scoped_ptr<const base::DictionaryValue> repaired_object_;
  70 };
  71
  72 namespace {
  73
  74 struct OncParams {
  75   // |location_of_object| is a string to identify the object to be tested. It
  76   // may be used as a filename or as a dictionary key.
  77   OncParams(const std::string& location_of_object,
  78             const OncValueSignature* onc_signature,
  79             bool is_managed_onc,
  80             ::onc::ONCSource onc_source = ::onc::ONC_SOURCE_NONE)
  81       : location(location_of_object),
  82         signature(onc_signature),
  83         is_managed(is_managed_onc),
  84         onc_source(onc_source) {
  85   }
  86
  87   std::string location;
  88   const OncValueSignature* signature;
  89   bool is_managed;
  90   ::onc::ONCSource onc_source;
  91 };
  92
  93 ::std::ostream& operator<<(::std::ostream& os, const OncParams& onc) {
  94   return os << "(" << onc.location << ", " << onc.signature << ", "
  95             << (onc.is_managed ? "managed" : "unmanaged") << ", "
  96             << GetSourceAsString(onc.onc_source) << ")";
  97 }
  98
  99 }  // namespace
 100
 101 // Ensure that the constant |kEmptyUnencryptedConfiguration| describes a valid
 102 // ONC toplevel object.
 103 TEST_F(ONCValidatorTest, EmptyUnencryptedConfiguration) {
 104   Validate(true, ReadDictionaryFromJson(kEmptyUnencryptedConfiguration),
 105            &kToplevelConfigurationSignature, false, ::onc::ONC_SOURCE_NONE);
 106   ExpectValid();
 107 }
 108
 109 // This test case is about validating valid ONC objects without any errors. Both
 110 // the strict and the liberal validator accept the object.
 111 class ONCValidatorValidTest : public ONCValidatorTest,
 112                               public ::testing::WithParamInterface<OncParams> {
 113 };
 114
 115 TEST_P(ONCValidatorValidTest, StrictValidationValid) {
 116   OncParams onc = GetParam();
 117   Validate(true, test_utils::ReadTestDictionary(onc.location), onc.signature,
 118            onc.is_managed, onc.onc_source);
 119   ExpectValid();
 120 }
 121
 122 TEST_P(ONCValidatorValidTest, LiberalValidationValid) {
 123   OncParams onc = GetParam();
 124   Validate(false, test_utils::ReadTestDictionary(onc.location), onc.signature,
 125            onc.is_managed, onc.onc_source);
 126   ExpectValid();
 127 }
 128
 129 // The parameters are:
 130 // OncParams(string: Filename of a ONC file that is to be validated,
 131 //           OncValueSignature: signature of that ONC,
 132 //           bool: true if the ONC is managed).
 133 INSTANTIATE_TEST_CASE_P(
 134     ONCValidatorValidTest,
 135     ONCValidatorValidTest,
 136     ::testing::Values(
 137         OncParams("managed_toplevel1.onc",
 138                   &kToplevelConfigurationSignature,
 139                   true),
 140         OncParams("managed_toplevel2.onc",
 141                   &kToplevelConfigurationSignature,
 142                   true),
 143         OncParams("managed_toplevel_with_global_config.onc",
 144                   &kToplevelConfigurationSignature,
 145                   true),
 146         // Check that at least one configuration is accepted for
 147         // device policies.
 148         OncParams("managed_toplevel_wifi_peap.onc",
 149                   &kToplevelConfigurationSignature,
 150                   true,
 151                   ::onc::ONC_SOURCE_DEVICE_POLICY),
 152         OncParams("managed_toplevel_l2tpipsec.onc",
 153                   &kToplevelConfigurationSignature,
 154                   true),
 155         OncParams("toplevel_wifi_wpa_psk.onc",
 156                   &kToplevelConfigurationSignature,
 157                   false),
 158         OncParams("toplevel_wifi_wep_proxy.onc",
 159                   &kToplevelConfigurationSignature,
 160                   false),
 161         OncParams("toplevel_wifi_leap.onc",
 162                   &kToplevelConfigurationSignature,
 163                   false),
 164         OncParams("toplevel_wifi_eap_clientcert_with_cert_pems.onc",
 165                   &kToplevelConfigurationSignature,
 166                   false),
 167         OncParams("toplevel_wifi_remove.onc",
 168                   &kToplevelConfigurationSignature,
 169                   false),
 170         OncParams("toplevel_wifi_open.onc",
 171                   &kToplevelConfigurationSignature,
 172                   false),
 173         OncParams("toplevel_openvpn_clientcert_with_cert_pems.onc",
 174                   &kToplevelConfigurationSignature,
 175                   false),
 176         OncParams("encrypted.onc", &kToplevelConfigurationSignature, true),
 177         OncParams("managed_vpn.onc", &kNetworkConfigurationSignature, true),
 178         OncParams("ethernet.onc", &kNetworkConfigurationSignature, true),
 179         OncParams("ethernet_with_eap.onc",
 180                   &kNetworkConfigurationSignature,
 181                   true),
 182         OncParams("translation_of_shill_wifi_with_state.onc",
 183                   &kNetworkWithStateSignature,
 184                   false),
 185         OncParams("valid_openvpn_with_cert_pems.onc",
 186                   &kNetworkConfigurationSignature,
 187                   false)));
 188
 189 namespace {
 190
 191 struct RepairParams {
 192   // Both arguments are strings to identify the object that is expected as the
 193   // validation result. They may either be used as filenames or as dictionary
 194   // keys.
 195   RepairParams(std::string strict_repaired,
 196                std::string liberal_repaired)
 197       : location_of_strict_repaired(strict_repaired),
 198         location_of_liberal_repaired(liberal_repaired) {
 199   }
 200
 201   std::string location_of_strict_repaired;
 202   std::string location_of_liberal_repaired;
 203 };
 204
 205 ::std::ostream& operator<<(::std::ostream& os, const RepairParams& rp) {
 206   return os << "(" << rp.location_of_strict_repaired << ", "
 207             << rp.location_of_liberal_repaired << ")";
 208 }
 209
 210 }  // namespace
 211
 212 // This test case is about validating ONC objects that contain errors which can
 213 // be repaired (then the errors count as warnings). If a location of the
 214 // expected repaired object is given, then it is checked that the validator
 215 // (either strict or liberal) returns this repaired object and the result is
 216 // VALID_WITH_WARNINGS. If the location is the empty string, then it is expected
 217 // that the validator returns NULL and the result INVALID.
 218 class ONCValidatorTestRepairable
 219     : public ONCValidatorTest,
 220       public ::testing::WithParamInterface<std::pair<OncParams,
 221                                                      RepairParams> > {
 222  public:
 223   // Load the common test data and return the dictionary at the field with
 224   // name |name|.
 225   scoped_ptr<base::DictionaryValue> GetDictionaryFromTestFile(
 226       const std::string &name) {
 227     scoped_ptr<const base::DictionaryValue> dict(
 228         test_utils::ReadTestDictionary("invalid_settings_with_repairs.json"));
 229     const base::DictionaryValue* onc_object = NULL;
 230     CHECK(dict->GetDictionary(name, &onc_object));
 231     return make_scoped_ptr(onc_object->DeepCopy());
 232   }
 233 };
 234
 235 TEST_P(ONCValidatorTestRepairable, StrictValidation) {
 236   OncParams onc = GetParam().first;
 237   Validate(true, GetDictionaryFromTestFile(onc.location), onc.signature,
 238            onc.is_managed, onc.onc_source);
 239   std::string location_of_repaired =
 240       GetParam().second.location_of_strict_repaired;
 241   if (location_of_repaired.empty())
 242     ExpectInvalid();
 243   else
 244     ExpectRepairWithWarnings(*GetDictionaryFromTestFile(location_of_repaired));
 245 }
 246
 247 TEST_P(ONCValidatorTestRepairable, LiberalValidation) {
 248   OncParams onc = GetParam().first;
 249   Validate(false, GetDictionaryFromTestFile(onc.location), onc.signature,
 250            onc.is_managed, onc.onc_source);
 251   std::string location_of_repaired =
 252       GetParam().second.location_of_liberal_repaired;
 253   if (location_of_repaired.empty())
 254     ExpectInvalid();
 255   else
 256     ExpectRepairWithWarnings(*GetDictionaryFromTestFile(location_of_repaired));
 257 }
 258
 259 // The parameters for all test case instantations below are:
 260 // OncParams(string: A fieldname in the dictionary from the file
 261 //                   "invalid_settings_with_repairs.json". That nested
 262 //                   dictionary will be tested.
 263 //           OncValueSignature: signature of that ONC,
 264 //           bool: true if the ONC is managed).
 265 // RepairParams(string: A fieldname in the dictionary from the file
 266 //                      "invalid_settings_with_repairs.json". That nested
 267 //                      dictionary is the expected result from strict
 268 //                      validation,
 269 //              string: A fieldname in the dictionary from the file
 270 //                      "invalid_settings_with_repairs.json". That nested
 271 //                      dictionary is the expected result from liberal
 272 //                      validation).
 273
 274 // Strict validator returns INVALID. Liberal validator repairs.
 275 INSTANTIATE_TEST_CASE_P(
 276     StrictInvalidLiberalRepair,
 277     ONCValidatorTestRepairable,
 278     ::testing::Values(
 279         std::make_pair(OncParams("network-unknown-fieldname",
 280                                  &kNetworkConfigurationSignature,
 281                                  false),
 282                        RepairParams("", "network-repaired")),
 283         std::make_pair(OncParams("managed-network-unknown-fieldname",
 284                                  &kNetworkConfigurationSignature,
 285                                  true),
 286                        RepairParams("", "managed-network-repaired")),
 287         std::make_pair(OncParams("managed-network-unknown-recommended",
 288                                  &kNetworkConfigurationSignature,
 289                                  true),
 290                        RepairParams("", "managed-network-repaired")),
 291         std::make_pair(OncParams("managed-network-dict-recommended",
 292                                  &kNetworkConfigurationSignature,
 293                                  true),
 294                        RepairParams("", "managed-network-repaired")),
 295         std::make_pair(OncParams("network-missing-required",
 296                                  &kNetworkConfigurationSignature,
 297                                  false),
 298                        RepairParams("", "network-missing-required")),
 299         std::make_pair(OncParams("managed-network-missing-required",
 300                                  &kNetworkConfigurationSignature,
 301                                  true),
 302                        RepairParams("", "managed-network-missing-required")),
 303         // Ensure that state values from Shill aren't accepted as
 304         // configuration.
 305         std::make_pair(OncParams("network-state-field",
 306                                  &kNetworkConfigurationSignature,
 307                                  false),
 308                        RepairParams("", "network-repaired")),
 309         std::make_pair(OncParams("network-nested-state-field",
 310                                  &kNetworkConfigurationSignature,
 311                                  false),
 312                        RepairParams("", "network-nested-state-field-repaired")),
 313         std::make_pair(OncParams("openvpn-missing-verify-x509-name",
 314                                  &kNetworkConfigurationSignature, false),
 315                         RepairParams("", "openvpn-missing-verify-x509-name")),
 316         std::make_pair(OncParams("ipsec-with-client-cert-missing-cacert",
 317                                  &kIPsecSignature,
 318                                  false),
 319                        RepairParams("",
 320                                     "ipsec-with-client-cert-missing-cacert")),
 321         std::make_pair(OncParams("toplevel-with-repairable-networks",
 322                                  &kToplevelConfigurationSignature,
 323                                  false,
 324                                  ::onc::ONC_SOURCE_DEVICE_POLICY),
 325                        RepairParams("", "toplevel-with-repaired-networks"))));
 326
 327 // Strict and liberal validator repair identically.
 328 INSTANTIATE_TEST_CASE_P(
 329     StrictAndLiberalRepairIdentically,
 330     ONCValidatorTestRepairable,
 331     ::testing::Values(
 332          std::make_pair(OncParams("toplevel-invalid-network",
 333                                   &kToplevelConfigurationSignature,
 334                                   false),
 335                         RepairParams("toplevel-repaired",
 336                                      "toplevel-repaired")),
 337          std::make_pair(OncParams("duplicate-network-guid",
 338                                   &kToplevelConfigurationSignature,
 339                                   false),
 340                         RepairParams("repaired-duplicate-network-guid",
 341                                      "repaired-duplicate-network-guid")),
 342          std::make_pair(OncParams("duplicate-cert-guid",
 343                                   &kToplevelConfigurationSignature,
 344                                   false),
 345                         RepairParams("repaired-duplicate-cert-guid",
 346                                      "repaired-duplicate-cert-guid")),
 347          std::make_pair(OncParams("toplevel-invalid-network",
 348                                   &kToplevelConfigurationSignature,
 349                                   true),
 350                         RepairParams("toplevel-repaired",
 351                                      "toplevel-repaired")),
 352          // Ignore recommended arrays in unmanaged ONC.
 353          std::make_pair(OncParams("network-with-illegal-recommended",
 354                                   &kNetworkConfigurationSignature,
 355                                   false),
 356                         RepairParams("network-repaired", "network-repaired")),
 357          std::make_pair(OncParams("toplevel-with-vpn",
 358                                   &kToplevelConfigurationSignature,
 359                                   false,
 360                                   ::onc::ONC_SOURCE_DEVICE_POLICY),
 361                         RepairParams("toplevel-empty", "toplevel-empty")),
 362          std::make_pair(OncParams("toplevel-with-server-and-ca-cert",
 363                                   &kToplevelConfigurationSignature,
 364                                   true,
 365                                   ::onc::ONC_SOURCE_DEVICE_POLICY),
 366                         RepairParams("toplevel-server-and-ca-cert-dropped",
 367                                      "toplevel-server-and-ca-cert-dropped"))));
 368
 369 // Strict and liberal validator both repair, but with different results.
 370 INSTANTIATE_TEST_CASE_P(
 371     StrictAndLiberalRepairDifferently,
 372     ONCValidatorTestRepairable,
 373     ::testing::Values(
 374          std::make_pair(OncParams("toplevel-with-nested-warning",
 375                                   &kToplevelConfigurationSignature,
 376                                   false),
 377                         RepairParams("toplevel-empty", "toplevel-repaired"))));
 378
 379 // Strict and liberal validator return both INVALID.
 380 INSTANTIATE_TEST_CASE_P(
 381     StrictAndLiberalInvalid,
 382     ONCValidatorTestRepairable,
 383     ::testing::Values(
 384          std::make_pair(OncParams("network-unknown-value",
 385                                   &kNetworkConfigurationSignature, false),
 386                         RepairParams("", "")),
 387          std::make_pair(OncParams("managed-network-unknown-value",
 388                                   &kNetworkConfigurationSignature, true),
 389                         RepairParams("", "")),
 390          std::make_pair(OncParams("network-value-out-of-range",
 391                                   &kNetworkConfigurationSignature, false),
 392                         RepairParams("", "")),
 393          std::make_pair(OncParams("ipsec-with-psk-and-cacert",
 394                                   &kIPsecSignature, false),
 395                         RepairParams("", "")),
 396          std::make_pair(OncParams("ipsec-with-empty-cacertrefs",
 397                                   &kIPsecSignature, false),
 398                         RepairParams("", "")),
 399          std::make_pair(OncParams("ipsec-with-servercaref-and-servercarefs",
 400                                   &kIPsecSignature, false),
 401                         RepairParams("", "")),
 402          std::make_pair(OncParams("openvpn-with-servercaref-and-servercarefs",
 403                                   &kOpenVPNSignature, false),
 404                         RepairParams("", "")),
 405          std::make_pair(OncParams("eap-with-servercaref-and-servercarefs",
 406                                   &kEAPSignature, false),
 407                         RepairParams("", "")),
 408          std::make_pair(OncParams("managed-network-value-out-of-range",
 409                                   &kNetworkConfigurationSignature, true),
 410                         RepairParams("", "")),
 411          std::make_pair(OncParams("network-wrong-type",
 412                                   &kNetworkConfigurationSignature, false),
 413                         RepairParams("", "")),
 414          std::make_pair(OncParams("managed-network-wrong-type",
 415                                   &kNetworkConfigurationSignature, true),
 416                         RepairParams("", "")),
 417          std::make_pair(OncParams("network-with-client-cert-pattern",
 418                                   &kNetworkConfigurationSignature, true,
 419                                   ::onc::ONC_SOURCE_DEVICE_POLICY),
 420                         RepairParams("", "")),
 421          std::make_pair(OncParams("openvpn-invalid-verify-x509-type",
 422                                   &kNetworkConfigurationSignature, false),
 423                         RepairParams("", ""))
 424          ));
 425
 426 }  // namespace onc
 427 }  // namespace chromeos