1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chromeos/network/onc/onc_validator.h"
10 #include "base/logging.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/values.h"
13 #include "chromeos/network/onc/onc_signature.h"
14 #include "chromeos/network/onc/onc_test_utils.h"
15 #include "chromeos/network/onc/onc_utils.h"
16 #include "components/onc/onc_constants.h"
17 #include "testing/gtest/include/gtest/gtest.h"
22 class ONCValidatorTest : public ::testing::Test {
24 // Validate |onc_object| with the given |signature|. The object is considered
25 // to be managed if |managed_onc| is true. A strict validator is used if
26 // |strict| is true. |onc_object| and the resulting repaired object of the
27 // validation is stored, so that expectations can be checked afterwards using
28 // one of the Expect* functions below.
29 void Validate(bool strict,
30 scoped_ptr<base::DictionaryValue> onc_object,
31 const OncValueSignature* signature,
33 ::onc::ONCSource onc_source) {
34 scoped_ptr<Validator> validator;
36 // Create a strict validator that complains about every error.
37 validator.reset(new Validator(true, true, true, managed_onc));
39 // Create a liberal validator that ignores or repairs non-critical errors.
40 validator.reset(new Validator(false, false, false, managed_onc));
42 validator->SetOncSource(onc_source);
43 original_object_ = onc_object.Pass();
44 repaired_object_ = validator->ValidateAndRepairObject(signature,
50 EXPECT_EQ(Validator::VALID, validation_result_);
51 EXPECT_TRUE(test_utils::Equals(original_object_.get(),
52 repaired_object_.get()));
55 void ExpectRepairWithWarnings(
56 const base::DictionaryValue& expected_repaired) {
57 EXPECT_EQ(Validator::VALID_WITH_WARNINGS, validation_result_);
58 EXPECT_TRUE(test_utils::Equals(&expected_repaired, repaired_object_.get()));
61 void ExpectInvalid() {
62 EXPECT_EQ(Validator::INVALID, validation_result_);
63 EXPECT_EQ(NULL, repaired_object_.get());
67 Validator::Result validation_result_;
68 scoped_ptr<const base::DictionaryValue> original_object_;
69 scoped_ptr<const base::DictionaryValue> repaired_object_;
75 // |location_of_object| is a string to identify the object to be tested. It
76 // may be used as a filename or as a dictionary key.
77 OncParams(const std::string& location_of_object,
78 const OncValueSignature* onc_signature,
80 ::onc::ONCSource onc_source = ::onc::ONC_SOURCE_NONE)
81 : location(location_of_object),
82 signature(onc_signature),
83 is_managed(is_managed_onc),
84 onc_source(onc_source) {
88 const OncValueSignature* signature;
90 ::onc::ONCSource onc_source;
93 ::std::ostream& operator<<(::std::ostream& os, const OncParams& onc) {
94 return os << "(" << onc.location << ", " << onc.signature << ", "
95 << (onc.is_managed ? "managed" : "unmanaged") << ", "
96 << GetSourceAsString(onc.onc_source) << ")";
101 // Ensure that the constant |kEmptyUnencryptedConfiguration| describes a valid
102 // ONC toplevel object.
103 TEST_F(ONCValidatorTest, EmptyUnencryptedConfiguration) {
104 Validate(true, ReadDictionaryFromJson(kEmptyUnencryptedConfiguration),
105 &kToplevelConfigurationSignature, false, ::onc::ONC_SOURCE_NONE);
109 // This test case is about validating valid ONC objects without any errors. Both
110 // the strict and the liberal validator accept the object.
111 class ONCValidatorValidTest : public ONCValidatorTest,
112 public ::testing::WithParamInterface<OncParams> {
115 TEST_P(ONCValidatorValidTest, StrictValidationValid) {
116 OncParams onc = GetParam();
117 Validate(true, test_utils::ReadTestDictionary(onc.location), onc.signature,
118 onc.is_managed, onc.onc_source);
122 TEST_P(ONCValidatorValidTest, LiberalValidationValid) {
123 OncParams onc = GetParam();
124 Validate(false, test_utils::ReadTestDictionary(onc.location), onc.signature,
125 onc.is_managed, onc.onc_source);
129 // The parameters are:
130 // OncParams(string: Filename of a ONC file that is to be validated,
131 // OncValueSignature: signature of that ONC,
132 // bool: true if the ONC is managed).
133 INSTANTIATE_TEST_CASE_P(
134 ONCValidatorValidTest,
135 ONCValidatorValidTest,
137 OncParams("managed_toplevel1.onc",
138 &kToplevelConfigurationSignature,
140 OncParams("managed_toplevel2.onc",
141 &kToplevelConfigurationSignature,
143 OncParams("managed_toplevel_with_global_config.onc",
144 &kToplevelConfigurationSignature,
146 // Check that at least one configuration is accepted for
148 OncParams("managed_toplevel_wifi_peap.onc",
149 &kToplevelConfigurationSignature,
151 ::onc::ONC_SOURCE_DEVICE_POLICY),
152 OncParams("managed_toplevel_l2tpipsec.onc",
153 &kToplevelConfigurationSignature,
155 OncParams("toplevel_wifi_wpa_psk.onc",
156 &kToplevelConfigurationSignature,
158 OncParams("toplevel_wifi_wep_proxy.onc",
159 &kToplevelConfigurationSignature,
161 OncParams("toplevel_wifi_leap.onc",
162 &kToplevelConfigurationSignature,
164 OncParams("toplevel_wifi_eap_clientcert_with_cert_pems.onc",
165 &kToplevelConfigurationSignature,
167 OncParams("toplevel_wifi_remove.onc",
168 &kToplevelConfigurationSignature,
170 OncParams("toplevel_wifi_open.onc",
171 &kToplevelConfigurationSignature,
173 OncParams("toplevel_openvpn_clientcert_with_cert_pems.onc",
174 &kToplevelConfigurationSignature,
176 OncParams("encrypted.onc", &kToplevelConfigurationSignature, true),
177 OncParams("managed_vpn.onc", &kNetworkConfigurationSignature, true),
178 OncParams("ethernet.onc", &kNetworkConfigurationSignature, true),
179 OncParams("ethernet_with_eap.onc",
180 &kNetworkConfigurationSignature,
182 OncParams("translation_of_shill_wifi_with_state.onc",
183 &kNetworkWithStateSignature,
185 OncParams("valid_openvpn_with_cert_pems.onc",
186 &kNetworkConfigurationSignature,
191 struct RepairParams {
192 // Both arguments are strings to identify the object that is expected as the
193 // validation result. They may either be used as filenames or as dictionary
195 RepairParams(std::string strict_repaired,
196 std::string liberal_repaired)
197 : location_of_strict_repaired(strict_repaired),
198 location_of_liberal_repaired(liberal_repaired) {
201 std::string location_of_strict_repaired;
202 std::string location_of_liberal_repaired;
205 ::std::ostream& operator<<(::std::ostream& os, const RepairParams& rp) {
206 return os << "(" << rp.location_of_strict_repaired << ", "
207 << rp.location_of_liberal_repaired << ")";
212 // This test case is about validating ONC objects that contain errors which can
213 // be repaired (then the errors count as warnings). If a location of the
214 // expected repaired object is given, then it is checked that the validator
215 // (either strict or liberal) returns this repaired object and the result is
216 // VALID_WITH_WARNINGS. If the location is the empty string, then it is expected
217 // that the validator returns NULL and the result INVALID.
218 class ONCValidatorTestRepairable
219 : public ONCValidatorTest,
220 public ::testing::WithParamInterface<std::pair<OncParams,
223 // Load the common test data and return the dictionary at the field with
225 scoped_ptr<base::DictionaryValue> GetDictionaryFromTestFile(
226 const std::string &name) {
227 scoped_ptr<const base::DictionaryValue> dict(
228 test_utils::ReadTestDictionary("invalid_settings_with_repairs.json"));
229 const base::DictionaryValue* onc_object = NULL;
230 CHECK(dict->GetDictionary(name, &onc_object));
231 return make_scoped_ptr(onc_object->DeepCopy());
235 TEST_P(ONCValidatorTestRepairable, StrictValidation) {
236 OncParams onc = GetParam().first;
237 Validate(true, GetDictionaryFromTestFile(onc.location), onc.signature,
238 onc.is_managed, onc.onc_source);
239 std::string location_of_repaired =
240 GetParam().second.location_of_strict_repaired;
241 if (location_of_repaired.empty())
244 ExpectRepairWithWarnings(*GetDictionaryFromTestFile(location_of_repaired));
247 TEST_P(ONCValidatorTestRepairable, LiberalValidation) {
248 OncParams onc = GetParam().first;
249 Validate(false, GetDictionaryFromTestFile(onc.location), onc.signature,
250 onc.is_managed, onc.onc_source);
251 std::string location_of_repaired =
252 GetParam().second.location_of_liberal_repaired;
253 if (location_of_repaired.empty())
256 ExpectRepairWithWarnings(*GetDictionaryFromTestFile(location_of_repaired));
259 // The parameters for all test case instantations below are:
260 // OncParams(string: A fieldname in the dictionary from the file
261 // "invalid_settings_with_repairs.json". That nested
262 // dictionary will be tested.
263 // OncValueSignature: signature of that ONC,
264 // bool: true if the ONC is managed).
265 // RepairParams(string: A fieldname in the dictionary from the file
266 // "invalid_settings_with_repairs.json". That nested
267 // dictionary is the expected result from strict
269 // string: A fieldname in the dictionary from the file
270 // "invalid_settings_with_repairs.json". That nested
271 // dictionary is the expected result from liberal
274 // Strict validator returns INVALID. Liberal validator repairs.
275 INSTANTIATE_TEST_CASE_P(
276 StrictInvalidLiberalRepair,
277 ONCValidatorTestRepairable,
279 std::make_pair(OncParams("network-unknown-fieldname",
280 &kNetworkConfigurationSignature,
282 RepairParams("", "network-repaired")),
283 std::make_pair(OncParams("managed-network-unknown-fieldname",
284 &kNetworkConfigurationSignature,
286 RepairParams("", "managed-network-repaired")),
287 std::make_pair(OncParams("managed-network-unknown-recommended",
288 &kNetworkConfigurationSignature,
290 RepairParams("", "managed-network-repaired")),
291 std::make_pair(OncParams("managed-network-dict-recommended",
292 &kNetworkConfigurationSignature,
294 RepairParams("", "managed-network-repaired")),
295 std::make_pair(OncParams("network-missing-required",
296 &kNetworkConfigurationSignature,
298 RepairParams("", "network-missing-required")),
299 std::make_pair(OncParams("managed-network-missing-required",
300 &kNetworkConfigurationSignature,
302 RepairParams("", "managed-network-missing-required")),
303 // Ensure that state values from Shill aren't accepted as
305 std::make_pair(OncParams("network-state-field",
306 &kNetworkConfigurationSignature,
308 RepairParams("", "network-repaired")),
309 std::make_pair(OncParams("network-nested-state-field",
310 &kNetworkConfigurationSignature,
312 RepairParams("", "network-nested-state-field-repaired")),
313 std::make_pair(OncParams("openvpn-missing-verify-x509-name",
314 &kNetworkConfigurationSignature, false),
315 RepairParams("", "openvpn-missing-verify-x509-name")),
316 std::make_pair(OncParams("ipsec-with-client-cert-missing-cacert",
320 "ipsec-with-client-cert-missing-cacert")),
321 std::make_pair(OncParams("toplevel-with-repairable-networks",
322 &kToplevelConfigurationSignature,
324 ::onc::ONC_SOURCE_DEVICE_POLICY),
325 RepairParams("", "toplevel-with-repaired-networks"))));
327 // Strict and liberal validator repair identically.
328 INSTANTIATE_TEST_CASE_P(
329 StrictAndLiberalRepairIdentically,
330 ONCValidatorTestRepairable,
332 std::make_pair(OncParams("toplevel-invalid-network",
333 &kToplevelConfigurationSignature,
335 RepairParams("toplevel-repaired",
336 "toplevel-repaired")),
337 std::make_pair(OncParams("duplicate-network-guid",
338 &kToplevelConfigurationSignature,
340 RepairParams("repaired-duplicate-network-guid",
341 "repaired-duplicate-network-guid")),
342 std::make_pair(OncParams("duplicate-cert-guid",
343 &kToplevelConfigurationSignature,
345 RepairParams("repaired-duplicate-cert-guid",
346 "repaired-duplicate-cert-guid")),
347 std::make_pair(OncParams("toplevel-invalid-network",
348 &kToplevelConfigurationSignature,
350 RepairParams("toplevel-repaired",
351 "toplevel-repaired")),
352 // Ignore recommended arrays in unmanaged ONC.
353 std::make_pair(OncParams("network-with-illegal-recommended",
354 &kNetworkConfigurationSignature,
356 RepairParams("network-repaired", "network-repaired")),
357 std::make_pair(OncParams("toplevel-with-vpn",
358 &kToplevelConfigurationSignature,
360 ::onc::ONC_SOURCE_DEVICE_POLICY),
361 RepairParams("toplevel-empty", "toplevel-empty")),
362 std::make_pair(OncParams("toplevel-with-server-and-ca-cert",
363 &kToplevelConfigurationSignature,
365 ::onc::ONC_SOURCE_DEVICE_POLICY),
366 RepairParams("toplevel-server-and-ca-cert-dropped",
367 "toplevel-server-and-ca-cert-dropped"))));
369 // Strict and liberal validator both repair, but with different results.
370 INSTANTIATE_TEST_CASE_P(
371 StrictAndLiberalRepairDifferently,
372 ONCValidatorTestRepairable,
374 std::make_pair(OncParams("toplevel-with-nested-warning",
375 &kToplevelConfigurationSignature,
377 RepairParams("toplevel-empty", "toplevel-repaired"))));
379 // Strict and liberal validator return both INVALID.
380 INSTANTIATE_TEST_CASE_P(
381 StrictAndLiberalInvalid,
382 ONCValidatorTestRepairable,
384 std::make_pair(OncParams("network-unknown-value",
385 &kNetworkConfigurationSignature, false),
386 RepairParams("", "")),
387 std::make_pair(OncParams("managed-network-unknown-value",
388 &kNetworkConfigurationSignature, true),
389 RepairParams("", "")),
390 std::make_pair(OncParams("network-value-out-of-range",
391 &kNetworkConfigurationSignature, false),
392 RepairParams("", "")),
393 std::make_pair(OncParams("ipsec-with-psk-and-cacert",
394 &kIPsecSignature, false),
395 RepairParams("", "")),
396 std::make_pair(OncParams("ipsec-with-empty-cacertrefs",
397 &kIPsecSignature, false),
398 RepairParams("", "")),
399 std::make_pair(OncParams("ipsec-with-servercaref-and-servercarefs",
400 &kIPsecSignature, false),
401 RepairParams("", "")),
402 std::make_pair(OncParams("openvpn-with-servercaref-and-servercarefs",
403 &kOpenVPNSignature, false),
404 RepairParams("", "")),
405 std::make_pair(OncParams("eap-with-servercaref-and-servercarefs",
406 &kEAPSignature, false),
407 RepairParams("", "")),
408 std::make_pair(OncParams("managed-network-value-out-of-range",
409 &kNetworkConfigurationSignature, true),
410 RepairParams("", "")),
411 std::make_pair(OncParams("network-wrong-type",
412 &kNetworkConfigurationSignature, false),
413 RepairParams("", "")),
414 std::make_pair(OncParams("managed-network-wrong-type",
415 &kNetworkConfigurationSignature, true),
416 RepairParams("", "")),
417 std::make_pair(OncParams("network-with-client-cert-pattern",
418 &kNetworkConfigurationSignature, true,
419 ::onc::ONC_SOURCE_DEVICE_POLICY),
420 RepairParams("", "")),
421 std::make_pair(OncParams("openvpn-invalid-verify-x509-type",
422 &kNetworkConfigurationSignature, false),
423 RepairParams("", ""))
427 } // namespace chromeos