Fix cyclic dependency between ProfilePolicyConnector and PrefService.

chrome/browser/chromeos/policy/network_configuration_updater_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-
+#include "base/bind.h"
+#include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/files/file_path.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/run_loop.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/login/user.h"
-#include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
 #include "chrome/browser/policy/external_data_fetcher.h"
 #include "chrome/browser/policy/mock_configuration_policy_provider.h"
 #include "chrome/browser/policy/policy_map.h"
 #include "chrome/browser/policy/policy_service_impl.h"
 #include "chromeos/network/mock_managed_network_configuration_handler.h"
 #include "chromeos/network/onc/mock_certificate_importer.h"
 #include "chromeos/network/onc/onc_test_utils.h"
 #include "chromeos/network/onc/onc_utils.h"
 #include "components/onc/onc_constants.h"
@@ skipping 31 matching lines @@
 
   // User overrides
   virtual UserType GetType() const OVERRIDE {
     return USER_TYPE_REGULAR;
   }
 
  private:
   DISALLOW_COPY_AND_ASSIGN(FakeUser);
 };
 
+class FakeWebTrustedCertsObserver
+    : public UserNetworkConfigurationUpdater::WebTrustedCertsObserver {
+ public:
+  virtual void OnTrustAnchorsChanged(
+      const net::CertificateList& trust_anchors) OVERRIDE {
+    trust_anchors_ = trust_anchors;
+  }
+  net::CertificateList trust_anchors_;
+};
+
 const char kFakeONC[] =
     "{ \"NetworkConfigurations\": ["
     "    { \"GUID\": \"{485d6076-dd44-6b6d-69787465725f5040}\","
     "      \"Type\": \"WiFi\","
     "      \"Name\": \"My WiFi Network\","
     "      \"WiFi\": {"
     "        \"SSID\": \"ssid-none\","
     "        \"Security\": \"None\" }"
     "    }"
     "  ],"
@@ skipping 125 matching lines @@
 
   StrictMock<MockConfigurationPolicyProvider> provider_;
   scoped_ptr<PolicyServiceImpl> policy_service_;
   FakeUser fake_user_;
 
   scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_;
   content::TestBrowserThreadBundle thread_bundle_;
 };
 
 TEST_F(NetworkConfigurationUpdaterTest, PolicyIsValidatedAndRepaired) {
-  std::string onc_policy =
-      chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc");
-
   scoped_ptr<base::DictionaryValue> onc_repaired =
       chromeos::onc::test_utils::ReadTestDictionary(
           "repaired_toplevel_partially_invalid.onc");
 
   base::ListValue* network_configs_repaired = NULL;
   onc_repaired->GetListWithoutPathExpansion(
       onc::toplevel_config::kNetworkConfigurations, &network_configs_repaired);
   ASSERT_TRUE(network_configs_repaired);
 
   base::DictionaryValue* global_config_repaired = NULL;
   onc_repaired->GetDictionaryWithoutPathExpansion(
       onc::toplevel_config::kGlobalNetworkConfiguration,
       &global_config_repaired);
   ASSERT_TRUE(global_config_repaired);
 
+  std::string onc_policy =
+      chromeos::onc::test_utils::ReadTestData("toplevel_partially_invalid.onc");
   PolicyMap policy;
   policy.Set(key::kOpenNetworkConfiguration,
              POLICY_LEVEL_MANDATORY,
              POLICY_SCOPE_USER,
              new base::StringValue(onc_policy),
              NULL);
   UpdateProviderPolicy(policy);
 
   EXPECT_CALL(network_config_handler_,
               SetPolicy(onc::ONC_SOURCE_USER_POLICY,
@@ skipping 18 matching lines @@
 
   EXPECT_CALL(network_config_handler_,
               SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _));
   EXPECT_CALL(*certificate_importer_, ImportCertificates(_, _, _))
       .WillRepeatedly(SetCertificateList(cert_list));
 
   UserNetworkConfigurationUpdater* updater =
       CreateNetworkConfigurationUpdaterForUserPolicy(
           false /* do not allow trusted certs from policy */);
 
-  // Certificates with the "Web" trust flag set should not be forwarded to the
-  // trust provider.
-  policy::PolicyCertVerifier cert_verifier((
-      base::Closure() /* no policy cert trusted callback */));
-  updater->SetPolicyCertVerifier(&cert_verifier);
+  // Certificates with the "Web" trust flag set should not be forwarded to
+  // observers.
+  FakeWebTrustedCertsObserver observer;
+  updater->AddTrustedCertsObserver(&observer);
+
   base::RunLoop().RunUntilIdle();
-  EXPECT_TRUE(cert_verifier.GetAdditionalTrustAnchors().empty());
 
-  // |cert_verifier| must outlive the updater.
-  network_configuration_updater_.reset();
+  net::CertificateList trust_anchors;
+  updater->GetWebTrustedCertificates(&trust_anchors);
+  EXPECT_TRUE(trust_anchors.empty());
+
+  EXPECT_TRUE(observer.trust_anchors_.empty());
+  updater->RemoveTrustedCertsObserver(&observer);
 }
 
-TEST_F(NetworkConfigurationUpdaterTest, AllowTrustedCertificatesFromPolicy) {
+TEST_F(NetworkConfigurationUpdaterTest,
+       AllowTrustedCertificatesFromPolicyInitially) {
+  // Ignore network configuration changes.
+  EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _))
+      .Times(AnyNumber());
+
   net::CertificateList cert_list;
   cert_list =
       net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
                                          "ok_cert.pem",
                                          net::X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1u, cert_list.size());
 
-  EXPECT_CALL(network_config_handler_,
-              SetPolicy(onc::ONC_SOURCE_USER_POLICY, _, _, _));
   EXPECT_CALL(*certificate_importer_,
               ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _))
       .WillRepeatedly(SetCertificateList(cert_list));
 
   UserNetworkConfigurationUpdater* updater =
       CreateNetworkConfigurationUpdaterForUserPolicy(
           true /* allow trusted certs from policy */);
 
-  // Certificates with the "Web" trust flag set should be forwarded to the
-  // trust provider.
-  policy::PolicyCertVerifier cert_verifier((
-      base::Closure() /* no policy cert trusted callback */));
-  updater->SetPolicyCertVerifier(&cert_verifier);
   base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(1u, cert_verifier.GetAdditionalTrustAnchors().size());
 
-  // |cert_verifier| must outlive the updater.
-  network_configuration_updater_.reset();
+  // Certificates with the "Web" trust flag set will be returned.
+  net::CertificateList trust_anchors;
+  updater->GetWebTrustedCertificates(&trust_anchors);
+  EXPECT_EQ(1u, trust_anchors.size());
+}
+
+TEST_F(NetworkConfigurationUpdaterTest,
+       AllowTrustedCertificatesFromPolicyOnUpdate) {
+  // Ignore network configuration changes.
+  EXPECT_CALL(network_config_handler_, SetPolicy(_, _, _, _))
+      .Times(AnyNumber());
+
+  // Start with an empty certificate list.
+  EXPECT_CALL(*certificate_importer_,
+              ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _))
+      .WillRepeatedly(SetCertificateList(net::CertificateList()));
+
+  UserNetworkConfigurationUpdater* updater =
+      CreateNetworkConfigurationUpdaterForUserPolicy(
+          true /* allow trusted certs from policy */);
+
+  FakeWebTrustedCertsObserver observer;
+  updater->AddTrustedCertsObserver(&observer);
+
+  base::RunLoop().RunUntilIdle();
+
+  // Verify that the returned certificate list is empty.
+  Mock::VerifyAndClearExpectations(certificate_importer_);
+  {
+    net::CertificateList trust_anchors;
+    updater->GetWebTrustedCertificates(&trust_anchors);
+    EXPECT_TRUE(trust_anchors.empty());
+  }
+  EXPECT_TRUE(observer.trust_anchors_.empty());
+
+  // Now use a non-empty certificate list to test the observer notification.
+  net::CertificateList cert_list;
+  cert_list =
+      net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
+                                         "ok_cert.pem",
+                                         net::X509Certificate::FORMAT_AUTO);
+  ASSERT_EQ(1u, cert_list.size());
+
+  EXPECT_CALL(*certificate_importer_,
+              ImportCertificates(_, onc::ONC_SOURCE_USER_POLICY, _))
+      .WillOnce(SetCertificateList(cert_list));
+
+  // Change to any non-empty policy, so that updates are triggered. The actual
+  // content of the policy is irrelevant.
+  PolicyMap policy;
+  policy.Set(key::kOpenNetworkConfiguration,
+             POLICY_LEVEL_MANDATORY,
+             POLICY_SCOPE_USER,
+             new base::StringValue(kFakeONC),
+             NULL);
+  UpdateProviderPolicy(policy);
+  base::RunLoop().RunUntilIdle();
+
+  // Certificates with the "Web" trust flag set will be returned and forwarded
+  // to observers.
+  {
+    net::CertificateList trust_anchors;
+    updater->GetWebTrustedCertificates(&trust_anchors);
+    EXPECT_EQ(1u, trust_anchors.size());
+  }
+  EXPECT_EQ(1u, observer.trust_anchors_.size());
+
+  updater->RemoveTrustedCertsObserver(&observer);
 }
 
 class NetworkConfigurationUpdaterTestWithParam
     : public NetworkConfigurationUpdaterTest,
       public testing::WithParamInterface<const char*> {
  protected:
   // Returns the currently tested ONC source.
   onc::ONCSource CurrentONCSource() {
     if (GetParam() == key::kOpenNetworkConfiguration)
       return onc::ONC_SOURCE_USER_POLICY;
@@ skipping 73 matching lines @@
   policy.Erase(GetParam());
   UpdateProviderPolicy(policy);
 }
 
 INSTANTIATE_TEST_CASE_P(NetworkConfigurationUpdaterTestWithParamInstance,
                         NetworkConfigurationUpdaterTestWithParam,
                         testing::Values(key::kDeviceOpenNetworkConfiguration,
                                         key::kOpenNetworkConfiguration));
 
 }  // namespace policy