Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / network_configuration_updater_unittest.cc
blob9b770a02f4dd7c2cb6592810541224bc6cf9d68c
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/bind.h"
6 #include "base/bind_helpers.h"
7 #include "base/callback.h"
8 #include "base/files/file_path.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/run_loop.h"
11 #include "base/values.h"
12 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
13 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
14 #include "chrome/browser/chromeos/settings/cros_settings.h"
15 #include "chrome/browser/chromeos/settings/scoped_cros_settings_test_helper.h"
16 #include "chrome/test/base/testing_profile.h"
17 #include "chromeos/network/fake_network_device_handler.h"
18 #include "chromeos/network/mock_managed_network_configuration_handler.h"
19 #include "chromeos/network/onc/onc_certificate_importer.h"
20 #include "chromeos/network/onc/onc_test_utils.h"
21 #include "chromeos/network/onc/onc_utils.h"
22 #include "components/onc/onc_constants.h"
23 #include "components/policy/core/common/external_data_fetcher.h"
24 #include "components/policy/core/common/mock_configuration_policy_provider.h"
25 #include "components/policy/core/common/policy_map.h"
26 #include "components/policy/core/common/policy_service_impl.h"
27 #include "components/user_manager/user.h"
28 #include "components/user_manager/user_type.h"
29 #include "content/public/test/test_browser_thread_bundle.h"
30 #include "content/public/test/test_utils.h"
31 #include "net/base/test_data_directory.h"
32 #include "net/cert/x509_certificate.h"
33 #include "net/test/cert_test_util.h"
34 #include "policy/policy_constants.h"
35 #include "testing/gmock/include/gmock/gmock.h"
36 #include "testing/gtest/include/gtest/gtest.h"
38 using testing::AnyNumber;
39 using testing::AtLeast;
40 using testing::Mock;
41 using testing::Ne;
42 using testing::Return;
43 using testing::StrictMock;
44 using testing::_;
46 namespace policy {
48 namespace {
50 const char kFakeUserEmail[] = "fake email";
51 const char kFakeUsernameHash[] = "fake hash";
53 class FakeUser : public user_manager::User {
54 public:
55 FakeUser() : User(kFakeUserEmail) {
56 set_display_email(kFakeUserEmail);
57 set_username_hash(kFakeUsernameHash);
59 ~FakeUser() override {}
61 // User overrides
62 user_manager::UserType GetType() const override {
63 return user_manager::USER_TYPE_REGULAR;
66 private:
67 DISALLOW_COPY_AND_ASSIGN(FakeUser);
70 class FakeWebTrustedCertsObserver
71 : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
72 public:
73 FakeWebTrustedCertsObserver() {}
75 void OnTrustAnchorsChanged(
76 const net::CertificateList& trust_anchors) override {
77 trust_anchors_ = trust_anchors;
79 net::CertificateList trust_anchors_;
81 private:
82 DISALLOW_COPY_AND_ASSIGN(FakeWebTrustedCertsObserver);
85 class FakeNetworkDeviceHandler : public chromeos::FakeNetworkDeviceHandler {
86 public:
87 FakeNetworkDeviceHandler() : allow_roaming_(false) {}
89 void SetCellularAllowRoaming(bool allow_roaming) override {
90 allow_roaming_ = allow_roaming;
93 bool allow_roaming_;
95 private:
96 DISALLOW_COPY_AND_ASSIGN(FakeNetworkDeviceHandler);
99 class FakeCertificateImporter : public chromeos::onc::CertificateImporter {
100 public:
101 FakeCertificateImporter()
102 : expected_onc_source_(::onc::ONC_SOURCE_UNKNOWN), call_count_(0) {}
103 ~FakeCertificateImporter() override {}
105 void SetTrustedCertificatesResult(
106 net::CertificateList onc_trusted_certificates) {
107 onc_trusted_certificates_ = onc_trusted_certificates;
110 void SetExpectedONCCertificates(const base::ListValue& certificates) {
111 expected_onc_certificates_.reset(certificates.DeepCopy());
114 void SetExpectedONCSource(::onc::ONCSource source) {
115 expected_onc_source_ = source;
118 unsigned int GetAndResetImportCount() {
119 unsigned int count = call_count_;
120 call_count_ = 0;
121 return count;
124 void ImportCertificates(const base::ListValue& certificates,
125 ::onc::ONCSource source,
126 const DoneCallback& done_callback) override {
127 if (expected_onc_source_ != ::onc::ONC_SOURCE_UNKNOWN)
128 EXPECT_EQ(expected_onc_source_, source);
129 if (expected_onc_certificates_) {
130 EXPECT_TRUE(chromeos::onc::test_utils::Equals(
131 expected_onc_certificates_.get(), &certificates));
133 ++call_count_;
134 done_callback.Run(true, onc_trusted_certificates_);
137 private:
138 ::onc::ONCSource expected_onc_source_;
139 scoped_ptr<base::ListValue> expected_onc_certificates_;
140 net::CertificateList onc_trusted_certificates_;
141 unsigned int call_count_;
143 DISALLOW_COPY_AND_ASSIGN(FakeCertificateImporter);
146 const char kFakeONC[] =
147 "{ \"NetworkConfigurations\": ["
148 " { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\","
149 " \"Type\": \"WiFi\","
150 " \"Name\": \"My WiFi Network\","
151 " \"WiFi\": {"
152 " \"HexSSID\": \"737369642D6E6F6E65\"," // "ssid-none"
153 " \"Security\": \"None\" }"
154 " }"
155 " ],"
156 " \"GlobalNetworkConfiguration\": {"
157 " \"AllowOnlyPolicyNetworksToAutoconnect\": true,"
158 " },"
159 " \"Certificates\": ["
160 " { \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\","
161 " \"PKCS12\": \"abc\","
162 " \"Type\": \"Client\" }"
163 " ],"
164 " \"Type\": \"UnencryptedConfiguration\""
165 "}";
167 std::string ValueToString(const base::Value& value) {
168 std::stringstream str;
169 str << value;
170 return str.str();
173 void AppendAll(const base::ListValue& from, base::ListValue* to) {
174 for (base::ListValue::const_iterator it = from.begin(); it != from.end();
175 ++it) {
176 to->Append((*it)->DeepCopy());
180 // Matcher to match base::Value.
181 MATCHER_P(IsEqualTo,
182 value,
183 std::string(negation ? "isn't" : "is") + " equal to " +
184 ValueToString(*value)) {
185 return value->Equals(&arg);
188 MATCHER(IsEmpty, std::string(negation ? "isn't" : "is") + " empty.") {
189 return arg.empty();
192 ACTION_P(SetCertificateList, list) {
193 if (arg2)
194 *arg2 = list;
195 return true;
198 } // namespace
200 class NetworkConfigurationUpdaterTest : public testing::Test {
201 protected:
202 NetworkConfigurationUpdaterTest() : certificate_importer_(NULL) {}
204 void SetUp() override {
205 EXPECT_CALL(provider_, IsInitializationComplete(_))
206 .WillRepeatedly(Return(false));
207 provider_.Init();
208 PolicyServiceImpl::Providers providers;
209 providers.push_back(&provider_);
210 policy_service_.reset(new PolicyServiceImpl(providers));
212 scoped_ptr<base::DictionaryValue> fake_toplevel_onc =
213 chromeos::onc::ReadDictionaryFromJson(kFakeONC);
215 base::ListValue* network_configs = NULL;
216 fake_toplevel_onc->GetListWithoutPathExpansion(
217 onc::toplevel_config::kNetworkConfigurations, &network_configs);
218 AppendAll(*network_configs, &fake_network_configs_);
220 base::DictionaryValue* global_config = NULL;
221 fake_toplevel_onc->GetDictionaryWithoutPathExpansion(
222 onc::toplevel_config::kGlobalNetworkConfiguration, &global_config);
223 fake_global_network_config_.MergeDictionary(global_config);
225 base::ListValue* certs = NULL;
226 fake_toplevel_onc->GetListWithoutPathExpansion(
227 onc::toplevel_config::kCertificates, &certs);
228 AppendAll(*certs, &fake_certificates_);
230 certificate_importer_ = new FakeCertificateImporter;
231 certificate_importer_owned_.reset(certificate_importer_);
234 void TearDown() override {
235 network_configuration_updater_.reset();
236 provider_.Shutdown();
237 base::RunLoop().RunUntilIdle();
240 void MarkPolicyProviderInitialized() {
241 Mock::VerifyAndClearExpectations(&provider_);
242 EXPECT_CALL(provider_, IsInitializationComplete(_))
243 .WillRepeatedly(Return(true));
244 provider_.SetAutoRefresh();
245 provider_.RefreshPolicies();
246 base::RunLoop().RunUntilIdle();
249 void UpdateProviderPolicy(const PolicyMap& policy) {
250 provider_.UpdateChromePolicy(policy);
251 base::RunLoop().RunUntilIdle();
254 UserNetworkConfigurationUpdater*
255 CreateNetworkConfigurationUpdaterForUserPolicy(
256 bool allow_trusted_certs_from_policy,
257 bool set_cert_importer) {
258 UserNetworkConfigurationUpdater* updater =
259 UserNetworkConfigurationUpdater::CreateForUserPolicy(
260 &profile_,
261 allow_trusted_certs_from_policy,
262 fake_user_,
263 policy_service_.get(),
264 &network_config_handler_).release();
265 if (set_cert_importer) {
266 EXPECT_TRUE(certificate_importer_owned_);
267 updater->SetCertificateImporterForTest(
268 certificate_importer_owned_.Pass());
270 network_configuration_updater_.reset(updater);
271 return updater;
274 void CreateNetworkConfigurationUpdaterForDevicePolicy() {
275 network_configuration_updater_ =
276 DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
277 policy_service_.get(),
278 &network_config_handler_,
279 &network_device_handler_,
280 chromeos::CrosSettings::Get());
283 base::ListValue fake_network_configs_;
284 base::DictionaryValue fake_global_network_config_;
285 base::ListValue fake_certificates_;
286 StrictMock<chromeos::MockManagedNetworkConfigurationHandler>
287 network_config_handler_;
288 FakeNetworkDeviceHandler network_device_handler_;
289 chromeos::ScopedCrosSettingsTestHelper settings_helper_;
291 // Ownership of certificate_importer_owned_ is passed to the
292 // NetworkConfigurationUpdater. When that happens, |certificate_importer_|
293 // continues to point to that instance but |certificate_importer_owned_| is
294 // released.
295 FakeCertificateImporter* certificate_importer_;
296 scoped_ptr<chromeos::onc::CertificateImporter> certificate_importer_owned_;
298 StrictMock<MockConfigurationPolicyProvider> provider_;
299 scoped_ptr<PolicyServiceImpl> policy_service_;
300 FakeUser fake_user_;
302 TestingProfile profile_;
304 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_;
305 content::TestBrowserThreadBundle thread_bundle_;
308 TEST_F(NetworkConfigurationUpdaterTest, CellularAllowRoaming) {
309 // Ignore network config updates.
310 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1));
312 settings_helper_.ReplaceProvider(chromeos::kSignedDataRoamingEnabled);
313 settings_helper_.SetBoolean(chromeos::kSignedDataRoamingEnabled, false);
314 EXPECT_FALSE(network_device_handler_.allow_roaming_);
316 CreateNetworkConfigurationUpdaterForDevicePolicy();
317 MarkPolicyProviderInitialized();
318 settings_helper_.SetBoolean(chromeos::kSignedDataRoamingEnabled, true);
319 EXPECT_TRUE(network_device_handler_.allow_roaming_);
321 settings_helper_.SetBoolean(chromeos::kSignedDataRoamingEnabled, false);
322 EXPECT_FALSE(network_device_handler_.allow_roaming_);
325 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) {
326 scoped_ptr<base::DictionaryValue> onc_repaired =
327 chromeos::onc::test_utils::ReadTestDictionary(
328 "repaired_toplevel_partially_invalid.onc");
330 base::ListValue* network_configs_repaired = NULL;
331 onc_repaired->GetListWithoutPathExpansion(
332 onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired);
333 ASSERT_TRUE(network_configs_repaired);
335 base::DictionaryValue* global_config_repaired = NULL;
336 onc_repaired->GetDictionaryWithoutPathExpansion(
337 onc::toplevel_config::kGlobalNetworkConfiguration,
338 &global_config_repaired);
339 ASSERT_TRUE(global_config_repaired);
341 std::string onc_policy =
342 chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc");
343 PolicyMap policy;
344 policy.Set(key::kOpenNetworkConfiguration,
345 POLICY_LEVEL_MANDATORY,
346 POLICY_SCOPE_USER,
347 new base::StringValue(onc_policy),
348 NULL);
349 UpdateProviderPolicy(policy);
351 EXPECT_CALL(network_config_handler_,
352 SetPolicy(onc::ONC_SOURCE_USER_POLICY,
354 IsEqualTo(network_configs_repaired),
355 IsEqualTo(global_config_repaired)));
356 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY);
358 CreateNetworkConfigurationUpdaterForUserPolicy(
359 false /* do not allow trusted certs from policy */,
360 true /* set certificate importer */);
361 MarkPolicyProviderInitialized();
362 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount());
365 TEST_F(NetworkConfigurationUpdaterTest,
366 DoNotAllowTrustedCertificatesFromPolicy) {
367 net::CertificateList cert_list;
368 cert_list =
369 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
370 "ok_cert.pem",
371 net::X509Certificate::FORMAT_AUTO);
372 ASSERT_EQ(1u, cert_list.size());
374 EXPECT_CALL(network_config_handler_,
375 SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _));
376 certificate_importer_->SetTrustedCertificatesResult(cert_list);
378 UserNetworkConfigurationUpdater* updater =
379 CreateNetworkConfigurationUpdaterForUserPolicy(
380 false /* do not allow trusted certs from policy */,
381 true /* set certificate importer */);
382 MarkPolicyProviderInitialized();
384 // Certificates with the "Web" trust flag set should not be forwarded to
385 // observers.
386 FakeWebTrustedCertsObserver observer;
387 updater->AddTrustedCertsObserver(&observer);
389 base::RunLoop().RunUntilIdle();
391 net::CertificateList trust_anchors;
392 updater->GetWebTrustedCertificates(&trust_anchors);
393 EXPECT_TRUE(trust_anchors.empty());
395 EXPECT_TRUE(observer.trust_anchors_.empty());
396 updater->RemoveTrustedCertsObserver(&observer);
399 TEST_F(NetworkConfigurationUpdaterTest,
400 AllowTrustedCertificatesFromPolicyInitially) {
401 // Ignore network configuration changes.
402 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _))
403 .Times(AnyNumber());
405 net::CertificateList cert_list;
406 cert_list =
407 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
408 "ok_cert.pem",
409 net::X509Certificate::FORMAT_AUTO);
410 ASSERT_EQ(1u, cert_list.size());
412 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY);
413 certificate_importer_->SetTrustedCertificatesResult(cert_list);
415 UserNetworkConfigurationUpdater* updater =
416 CreateNetworkConfigurationUpdaterForUserPolicy(
417 true /* allow trusted certs from policy */,
418 true /* set certificate importer */);
419 MarkPolicyProviderInitialized();
421 base::RunLoop().RunUntilIdle();
423 // Certificates with the "Web" trust flag set will be returned.
424 net::CertificateList trust_anchors;
425 updater->GetWebTrustedCertificates(&trust_anchors);
426 EXPECT_EQ(1u, trust_anchors.size());
429 TEST_F(NetworkConfigurationUpdaterTest,
430 AllowTrustedCertificatesFromPolicyOnUpdate) {
431 // Ignore network configuration changes.
432 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _))
433 .Times(AnyNumber());
435 // Start with an empty certificate list.
436 UserNetworkConfigurationUpdater* updater =
437 CreateNetworkConfigurationUpdaterForUserPolicy(
438 true /* allow trusted certs from policy */,
439 true /* set certificate importer */);
440 MarkPolicyProviderInitialized();
442 FakeWebTrustedCertsObserver observer;
443 updater->AddTrustedCertsObserver(&observer);
445 base::RunLoop().RunUntilIdle();
447 // Verify that the returned certificate list is empty.
449 net::CertificateList trust_anchors;
450 updater->GetWebTrustedCertificates(&trust_anchors);
451 EXPECT_TRUE(trust_anchors.empty());
453 EXPECT_TRUE(observer.trust_anchors_.empty());
455 // Now use a non-empty certificate list to test the observer notification.
456 net::CertificateList cert_list;
457 cert_list =
458 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
459 "ok_cert.pem",
460 net::X509Certificate::FORMAT_AUTO);
461 ASSERT_EQ(1u, cert_list.size());
462 certificate_importer_->SetTrustedCertificatesResult(cert_list);
464 // Change to any non-empty policy, so that updates are triggered. The actual
465 // content of the policy is irrelevant.
466 PolicyMap policy;
467 policy.Set(key::kOpenNetworkConfiguration,
468 POLICY_LEVEL_MANDATORY,
469 POLICY_SCOPE_USER,
470 new base::StringValue(kFakeONC),
471 NULL);
472 UpdateProviderPolicy(policy);
473 base::RunLoop().RunUntilIdle();
475 // Certificates with the "Web" trust flag set will be returned and forwarded
476 // to observers.
478 net::CertificateList trust_anchors;
479 updater->GetWebTrustedCertificates(&trust_anchors);
480 EXPECT_EQ(1u, trust_anchors.size());
482 EXPECT_EQ(1u, observer.trust_anchors_.size());
484 updater->RemoveTrustedCertsObserver(&observer);
487 TEST_F(NetworkConfigurationUpdaterTest,
488 DontImportCertificateBeforeCertificateImporterSet) {
489 PolicyMap policy;
490 policy.Set(key::kOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY,
491 POLICY_SCOPE_USER, new base::StringValue(kFakeONC), NULL);
492 UpdateProviderPolicy(policy);
494 EXPECT_CALL(network_config_handler_,
495 SetPolicy(onc::ONC_SOURCE_USER_POLICY,
496 kFakeUsernameHash,
497 IsEqualTo(&fake_network_configs_),
498 IsEqualTo(&fake_global_network_config_)));
500 UserNetworkConfigurationUpdater* updater =
501 CreateNetworkConfigurationUpdaterForUserPolicy(
502 true /* allow trusted certs from policy */,
503 false /* do not set certificate importer */);
504 MarkPolicyProviderInitialized();
506 Mock::VerifyAndClearExpectations(&network_config_handler_);
507 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount());
509 certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
510 certificate_importer_->SetExpectedONCSource(onc::ONC_SOURCE_USER_POLICY);
512 ASSERT_TRUE(certificate_importer_owned_);
513 updater->SetCertificateImporterForTest(certificate_importer_owned_.Pass());
514 EXPECT_EQ(1u, certificate_importer_->GetAndResetImportCount());
517 class NetworkConfigurationUpdaterTestWithParam
518 : public NetworkConfigurationUpdaterTest,
519 public testing::WithParamInterface<const char*> {
520 protected:
521 // Returns the currently tested ONC source.
522 onc::ONCSource CurrentONCSource() {
523 if (GetParam() == key::kOpenNetworkConfiguration)
524 return onc::ONC_SOURCE_USER_POLICY;
525 DCHECK(GetParam() == key::kDeviceOpenNetworkConfiguration);
526 return onc::ONC_SOURCE_DEVICE_POLICY;
529 // Returns the expected username hash to push policies to
530 // ManagedNetworkConfigurationHandler.
531 std::string ExpectedUsernameHash() {
532 if (GetParam() == key::kOpenNetworkConfiguration)
533 return kFakeUsernameHash;
534 return std::string();
537 size_t ExpectedImportCertificatesCallCount() {
538 if (GetParam() == key::kOpenNetworkConfiguration)
539 return 1u;
540 return 0u;
543 void CreateNetworkConfigurationUpdater() {
544 if (GetParam() == key::kOpenNetworkConfiguration) {
545 CreateNetworkConfigurationUpdaterForUserPolicy(
546 false /* do not allow trusted certs from policy */,
547 true /* set certificate importer */);
548 } else {
549 CreateNetworkConfigurationUpdaterForDevicePolicy();
554 TEST_P(NetworkConfigurationUpdaterTestWithParam, InitialUpdates) {
555 PolicyMap policy;
556 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
557 new base::StringValue(kFakeONC), NULL);
558 UpdateProviderPolicy(policy);
560 EXPECT_CALL(network_config_handler_,
561 SetPolicy(CurrentONCSource(),
562 ExpectedUsernameHash(),
563 IsEqualTo(&fake_network_configs_),
564 IsEqualTo(&fake_global_network_config_)));
565 certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
566 certificate_importer_->SetExpectedONCSource(CurrentONCSource());
568 CreateNetworkConfigurationUpdater();
569 MarkPolicyProviderInitialized();
570 EXPECT_EQ(ExpectedImportCertificatesCallCount(),
571 certificate_importer_->GetAndResetImportCount());
574 TEST_P(NetworkConfigurationUpdaterTestWithParam,
575 PolicyNotSetBeforePolicyProviderInitialized) {
576 PolicyMap policy;
577 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
578 new base::StringValue(kFakeONC), NULL);
579 UpdateProviderPolicy(policy);
581 CreateNetworkConfigurationUpdater();
583 Mock::VerifyAndClearExpectations(&network_config_handler_);
584 EXPECT_EQ(0u, certificate_importer_->GetAndResetImportCount());
586 EXPECT_CALL(network_config_handler_,
587 SetPolicy(CurrentONCSource(),
588 ExpectedUsernameHash(),
589 IsEqualTo(&fake_network_configs_),
590 IsEqualTo(&fake_global_network_config_)));
591 certificate_importer_->SetExpectedONCSource(CurrentONCSource());
592 certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
594 MarkPolicyProviderInitialized();
595 EXPECT_EQ(ExpectedImportCertificatesCallCount(),
596 certificate_importer_->GetAndResetImportCount());
599 TEST_P(NetworkConfigurationUpdaterTestWithParam,
600 PolicyAppliedImmediatelyIfProvidersInitialized) {
601 MarkPolicyProviderInitialized();
603 PolicyMap policy;
604 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
605 new base::StringValue(kFakeONC), NULL);
606 UpdateProviderPolicy(policy);
608 EXPECT_CALL(network_config_handler_,
609 SetPolicy(CurrentONCSource(),
610 ExpectedUsernameHash(),
611 IsEqualTo(&fake_network_configs_),
612 IsEqualTo(&fake_global_network_config_)));
613 certificate_importer_->SetExpectedONCSource(CurrentONCSource());
614 certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
616 CreateNetworkConfigurationUpdater();
618 EXPECT_EQ(ExpectedImportCertificatesCallCount(),
619 certificate_importer_->GetAndResetImportCount());
622 TEST_P(NetworkConfigurationUpdaterTestWithParam, PolicyChange) {
623 // Ignore the initial updates.
624 EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _)).Times(AtLeast(1));
626 CreateNetworkConfigurationUpdater();
627 MarkPolicyProviderInitialized();
629 Mock::VerifyAndClearExpectations(&network_config_handler_);
630 EXPECT_LE(ExpectedImportCertificatesCallCount(),
631 certificate_importer_->GetAndResetImportCount());
633 // The Updater should update if policy changes.
634 EXPECT_CALL(network_config_handler_,
635 SetPolicy(CurrentONCSource(),
637 IsEqualTo(&fake_network_configs_),
638 IsEqualTo(&fake_global_network_config_)));
639 certificate_importer_->SetExpectedONCSource(CurrentONCSource());
640 certificate_importer_->SetExpectedONCCertificates(fake_certificates_);
642 PolicyMap policy;
643 policy.Set(GetParam(), POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
644 new base::StringValue(kFakeONC), NULL);
645 UpdateProviderPolicy(policy);
646 Mock::VerifyAndClearExpectations(&network_config_handler_);
647 EXPECT_EQ(ExpectedImportCertificatesCallCount(),
648 certificate_importer_->GetAndResetImportCount());
650 // Another update is expected if the policy goes away.
651 EXPECT_CALL(network_config_handler_,
652 SetPolicy(CurrentONCSource(), _, IsEmpty(), IsEmpty()));
653 certificate_importer_->SetExpectedONCCertificates(base::ListValue());
655 policy.Erase(GetParam());
656 UpdateProviderPolicy(policy);
657 EXPECT_EQ(ExpectedImportCertificatesCallCount(),
658 certificate_importer_->GetAndResetImportCount());
661 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance,
662 NetworkConfigurationUpdaterTestWithParam,
663 testing::Values(key::kDeviceOpenNetworkConfiguration,
664 key::kOpenNetworkConfiguration));
666 } // namespace policy