1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/basictypes.h"
6 #include "base/bind.h"
7 #include "base/message_loop/message_loop.h"
8 #include "base/run_loop.h"
9 #include "base/synchronization/waitable_event.h"
10 #include "remoting/host/dns_blackhole_checker.h"
11 #include "remoting/host/policy_hack/fake_policy_watcher.h"
12 #include "remoting/host/policy_hack/mock_policy_callback.h"
13 #include "remoting/host/policy_hack/policy_watcher.h"
14 #include "testing/gmock/include/gmock/gmock.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16
17 namespace remoting {
18 namespace policy_hack {
19
20 class PolicyWatcherTest : public testing::Test {
21 public:
PolicyWatcherTest()22 PolicyWatcherTest() {
23 }
24
SetUp()25 virtual void SetUp() OVERRIDE {
26 message_loop_proxy_ = base::MessageLoopProxy::current();
27 policy_callback_ = base::Bind(&MockPolicyCallback::OnPolicyUpdate,
28 base::Unretained(&mock_policy_callback_));
29 policy_watcher_.reset(new FakePolicyWatcher(message_loop_proxy_));
30 nat_true_.SetBoolean(PolicyWatcher::kNatPolicyName, true);
31 nat_false_.SetBoolean(PolicyWatcher::kNatPolicyName, false);
32 nat_one_.SetInteger(PolicyWatcher::kNatPolicyName, 1);
33 domain_empty_.SetString(PolicyWatcher::kHostDomainPolicyName,
34 std::string());
35 domain_full_.SetString(PolicyWatcher::kHostDomainPolicyName, kHostDomain);
36 SetDefaults(nat_true_others_default_);
37 nat_true_others_default_.SetBoolean(PolicyWatcher::kNatPolicyName, true);
38 SetDefaults(nat_false_others_default_);
39 nat_false_others_default_.SetBoolean(PolicyWatcher::kNatPolicyName, false);
40 SetDefaults(domain_empty_others_default_);
41 domain_empty_others_default_.SetString(PolicyWatcher::kHostDomainPolicyName,
42 std::string());
43 SetDefaults(domain_full_others_default_);
44 domain_full_others_default_.SetString(PolicyWatcher::kHostDomainPolicyName,
45 kHostDomain);
46 nat_true_domain_empty_.SetBoolean(PolicyWatcher::kNatPolicyName, true);
47 nat_true_domain_empty_.SetString(PolicyWatcher::kHostDomainPolicyName,
48 std::string());
49 nat_true_domain_full_.SetBoolean(PolicyWatcher::kNatPolicyName, true);
50 nat_true_domain_full_.SetString(PolicyWatcher::kHostDomainPolicyName,
51 kHostDomain);
52 nat_false_domain_empty_.SetBoolean(PolicyWatcher::kNatPolicyName, false);
53 nat_false_domain_empty_.SetString(PolicyWatcher::kHostDomainPolicyName,
54 std::string());
55 nat_false_domain_full_.SetBoolean(PolicyWatcher::kNatPolicyName, false);
56 nat_false_domain_full_.SetString(PolicyWatcher::kHostDomainPolicyName,
57 kHostDomain);
58 SetDefaults(nat_true_domain_empty_others_default_);
59 nat_true_domain_empty_others_default_.SetBoolean(
60 PolicyWatcher::kNatPolicyName, true);
61 nat_true_domain_empty_others_default_.SetString(
62 PolicyWatcher::kHostDomainPolicyName, std::string());
63 unknown_policies_.SetString("UnknownPolicyOne", std::string());
64 unknown_policies_.SetString("UnknownPolicyTwo", std::string());
65
66 const char kOverrideNatTraversalToFalse[] =
67 "{ \"RemoteAccessHostFirewallTraversal\": false }";
68 nat_true_and_overridden_.SetBoolean(PolicyWatcher::kNatPolicyName, true);
69 nat_true_and_overridden_.SetString(
70 PolicyWatcher::kHostDebugOverridePoliciesName,
71 kOverrideNatTraversalToFalse);
72 pairing_true_.SetBoolean(PolicyWatcher::kHostAllowClientPairing, true);
73 pairing_false_.SetBoolean(PolicyWatcher::kHostAllowClientPairing, false);
74 gnubby_auth_true_.SetBoolean(PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
75 true);
76 gnubby_auth_false_.SetBoolean(PolicyWatcher::kHostAllowGnubbyAuthPolicyName,
77 false);
78 relay_true_.SetBoolean(PolicyWatcher::kRelayPolicyName, true);
79 relay_false_.SetBoolean(PolicyWatcher::kRelayPolicyName, false);
80 port_range_full_.SetString(PolicyWatcher::kUdpPortRangePolicyName,
81 kPortRange);
82 port_range_empty_.SetString(PolicyWatcher::kUdpPortRangePolicyName,
83 std::string());
84
85 #if !defined(NDEBUG)
86 SetDefaults(nat_false_overridden_others_default_);
87 nat_false_overridden_others_default_.SetBoolean(
88 PolicyWatcher::kNatPolicyName, false);
89 nat_false_overridden_others_default_.SetString(
90 PolicyWatcher::kHostDebugOverridePoliciesName,
91 kOverrideNatTraversalToFalse);
92 #endif
93 }
94
95 protected:
StartWatching()96 void StartWatching() {
97 policy_watcher_->StartWatching(policy_callback_);
98 base::RunLoop().RunUntilIdle();
99 }
100
StopWatching()101 void StopWatching() {
102 base::WaitableEvent stop_event(false, false);
103 policy_watcher_->StopWatching(&stop_event);
104 base::RunLoop().RunUntilIdle();
105 EXPECT_EQ(true, stop_event.IsSignaled());
106 }
107
108 static const char* kHostDomain;
109 static const char* kPortRange;
110 base::MessageLoop message_loop_;
111 scoped_refptr<base::MessageLoopProxy> message_loop_proxy_;
112 MockPolicyCallback mock_policy_callback_;
113 PolicyWatcher::PolicyCallback policy_callback_;
114 scoped_ptr<FakePolicyWatcher> policy_watcher_;
115 base::DictionaryValue empty_;
116 base::DictionaryValue nat_true_;
117 base::DictionaryValue nat_false_;
118 base::DictionaryValue nat_one_;
119 base::DictionaryValue domain_empty_;
120 base::DictionaryValue domain_full_;
121 base::DictionaryValue nat_true_others_default_;
122 base::DictionaryValue nat_false_others_default_;
123 base::DictionaryValue domain_empty_others_default_;
124 base::DictionaryValue domain_full_others_default_;
125 base::DictionaryValue nat_true_domain_empty_;
126 base::DictionaryValue nat_true_domain_full_;
127 base::DictionaryValue nat_false_domain_empty_;
128 base::DictionaryValue nat_false_domain_full_;
129 base::DictionaryValue nat_true_domain_empty_others_default_;
130 base::DictionaryValue unknown_policies_;
131 base::DictionaryValue nat_true_and_overridden_;
132 base::DictionaryValue nat_false_overridden_others_default_;
133 base::DictionaryValue pairing_true_;
134 base::DictionaryValue pairing_false_;
135 base::DictionaryValue gnubby_auth_true_;
136 base::DictionaryValue gnubby_auth_false_;
137 base::DictionaryValue relay_true_;
138 base::DictionaryValue relay_false_;
139 base::DictionaryValue port_range_full_;
140 base::DictionaryValue port_range_empty_;
141
142 private:
SetDefaults(base::DictionaryValue & dict)143 void SetDefaults(base::DictionaryValue& dict) {
144 dict.SetBoolean(PolicyWatcher::kNatPolicyName, true);
145 dict.SetBoolean(PolicyWatcher::kRelayPolicyName, true);
146 dict.SetString(PolicyWatcher::kUdpPortRangePolicyName, "");
147 dict.SetBoolean(PolicyWatcher::kHostRequireTwoFactorPolicyName, false);
148 dict.SetString(PolicyWatcher::kHostDomainPolicyName, std::string());
149 dict.SetBoolean(PolicyWatcher::kHostMatchUsernamePolicyName, false);
150 dict.SetString(PolicyWatcher::kHostTalkGadgetPrefixPolicyName,
151 kDefaultHostTalkGadgetPrefix);
152 dict.SetBoolean(PolicyWatcher::kHostRequireCurtainPolicyName, false);
153 dict.SetString(PolicyWatcher::kHostTokenUrlPolicyName, std::string());
154 dict.SetString(PolicyWatcher::kHostTokenValidationUrlPolicyName,
155 std::string());
156 dict.SetString(PolicyWatcher::kHostTokenValidationCertIssuerPolicyName,
157 std::string());
158 dict.SetBoolean(PolicyWatcher::kHostAllowClientPairing, true);
159 dict.SetBoolean(PolicyWatcher::kHostAllowGnubbyAuthPolicyName, true);
160 #if !defined(NDEBUG)
161 dict.SetString(PolicyWatcher::kHostDebugOverridePoliciesName, "");
162 #endif
163 }
164 };
165
166 const char* PolicyWatcherTest::kHostDomain = "google.com";
167 const char* PolicyWatcherTest::kPortRange = "12400-12409";
168
169 MATCHER_P(IsPolicies, dict, "") {
170 return arg->Equals(dict);
171 }
172
TEST_F(PolicyWatcherTest,None)173 TEST_F(PolicyWatcherTest, None) {
174 EXPECT_CALL(mock_policy_callback_,
175 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
176
177 StartWatching();
178 policy_watcher_->SetPolicies(&empty_);
179 StopWatching();
180 }
181
TEST_F(PolicyWatcherTest,NatTrue)182 TEST_F(PolicyWatcherTest, NatTrue) {
183 EXPECT_CALL(mock_policy_callback_,
184 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
185
186 StartWatching();
187 policy_watcher_->SetPolicies(&nat_true_);
188 StopWatching();
189 }
190
TEST_F(PolicyWatcherTest,NatFalse)191 TEST_F(PolicyWatcherTest, NatFalse) {
192 EXPECT_CALL(mock_policy_callback_,
193 OnPolicyUpdatePtr(IsPolicies(&nat_false_others_default_)));
194
195 StartWatching();
196 policy_watcher_->SetPolicies(&nat_false_);
197 StopWatching();
198 }
199
TEST_F(PolicyWatcherTest,NatOne)200 TEST_F(PolicyWatcherTest, NatOne) {
201 EXPECT_CALL(mock_policy_callback_,
202 OnPolicyUpdatePtr(IsPolicies(&nat_false_others_default_)));
203
204 StartWatching();
205 policy_watcher_->SetPolicies(&nat_one_);
206 StopWatching();
207 }
208
TEST_F(PolicyWatcherTest,DomainEmpty)209 TEST_F(PolicyWatcherTest, DomainEmpty) {
210 EXPECT_CALL(mock_policy_callback_,
211 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_)));
212
213 StartWatching();
214 policy_watcher_->SetPolicies(&domain_empty_);
215 StopWatching();
216 }
217
TEST_F(PolicyWatcherTest,DomainFull)218 TEST_F(PolicyWatcherTest, DomainFull) {
219 EXPECT_CALL(mock_policy_callback_,
220 OnPolicyUpdatePtr(IsPolicies(&domain_full_others_default_)));
221
222 StartWatching();
223 policy_watcher_->SetPolicies(&domain_full_);
224 StopWatching();
225 }
226
TEST_F(PolicyWatcherTest,NatNoneThenTrue)227 TEST_F(PolicyWatcherTest, NatNoneThenTrue) {
228 EXPECT_CALL(mock_policy_callback_,
229 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
230
231 StartWatching();
232 policy_watcher_->SetPolicies(&empty_);
233 policy_watcher_->SetPolicies(&nat_true_);
234 StopWatching();
235 }
236
TEST_F(PolicyWatcherTest,NatNoneThenTrueThenTrue)237 TEST_F(PolicyWatcherTest, NatNoneThenTrueThenTrue) {
238 EXPECT_CALL(mock_policy_callback_,
239 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
240
241 StartWatching();
242 policy_watcher_->SetPolicies(&empty_);
243 policy_watcher_->SetPolicies(&nat_true_);
244 policy_watcher_->SetPolicies(&nat_true_);
245 StopWatching();
246 }
247
TEST_F(PolicyWatcherTest,NatNoneThenTrueThenTrueThenFalse)248 TEST_F(PolicyWatcherTest, NatNoneThenTrueThenTrueThenFalse) {
249 testing::InSequence sequence;
250 EXPECT_CALL(mock_policy_callback_,
251 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
252 EXPECT_CALL(mock_policy_callback_,
253 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
254
255 StartWatching();
256 policy_watcher_->SetPolicies(&empty_);
257 policy_watcher_->SetPolicies(&nat_true_);
258 policy_watcher_->SetPolicies(&nat_true_);
259 policy_watcher_->SetPolicies(&nat_false_);
260 StopWatching();
261 }
262
TEST_F(PolicyWatcherTest,NatNoneThenFalse)263 TEST_F(PolicyWatcherTest, NatNoneThenFalse) {
264 testing::InSequence sequence;
265 EXPECT_CALL(mock_policy_callback_,
266 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
267 EXPECT_CALL(mock_policy_callback_,
268 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
269
270 StartWatching();
271 policy_watcher_->SetPolicies(&empty_);
272 policy_watcher_->SetPolicies(&nat_false_);
273 StopWatching();
274 }
275
TEST_F(PolicyWatcherTest,NatNoneThenFalseThenTrue)276 TEST_F(PolicyWatcherTest, NatNoneThenFalseThenTrue) {
277 testing::InSequence sequence;
278 EXPECT_CALL(mock_policy_callback_,
279 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
280 EXPECT_CALL(mock_policy_callback_,
281 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
282 EXPECT_CALL(mock_policy_callback_,
283 OnPolicyUpdatePtr(IsPolicies(&nat_true_)));
284
285 StartWatching();
286 policy_watcher_->SetPolicies(&empty_);
287 policy_watcher_->SetPolicies(&nat_false_);
288 policy_watcher_->SetPolicies(&nat_true_);
289 StopWatching();
290 }
291
TEST_F(PolicyWatcherTest,ChangeOneRepeatedlyThenTwo)292 TEST_F(PolicyWatcherTest, ChangeOneRepeatedlyThenTwo) {
293 testing::InSequence sequence;
294 EXPECT_CALL(mock_policy_callback_,
295 OnPolicyUpdatePtr(IsPolicies(
296 &nat_true_domain_empty_others_default_)));
297 EXPECT_CALL(mock_policy_callback_,
298 OnPolicyUpdatePtr(IsPolicies(&domain_full_)));
299 EXPECT_CALL(mock_policy_callback_,
300 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
301 EXPECT_CALL(mock_policy_callback_,
302 OnPolicyUpdatePtr(IsPolicies(&domain_empty_)));
303 EXPECT_CALL(mock_policy_callback_,
304 OnPolicyUpdatePtr(IsPolicies(&nat_true_domain_full_)));
305
306 StartWatching();
307 policy_watcher_->SetPolicies(&nat_true_domain_empty_);
308 policy_watcher_->SetPolicies(&nat_true_domain_full_);
309 policy_watcher_->SetPolicies(&nat_false_domain_full_);
310 policy_watcher_->SetPolicies(&nat_false_domain_empty_);
311 policy_watcher_->SetPolicies(&nat_true_domain_full_);
312 StopWatching();
313 }
314
TEST_F(PolicyWatcherTest,FilterUnknownPolicies)315 TEST_F(PolicyWatcherTest, FilterUnknownPolicies) {
316 testing::InSequence sequence;
317 EXPECT_CALL(mock_policy_callback_,
318 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
319
320 StartWatching();
321 policy_watcher_->SetPolicies(&empty_);
322 policy_watcher_->SetPolicies(&unknown_policies_);
323 policy_watcher_->SetPolicies(&empty_);
324 StopWatching();
325 }
326
TEST_F(PolicyWatcherTest,DebugOverrideNatPolicy)327 TEST_F(PolicyWatcherTest, DebugOverrideNatPolicy) {
328 #if !defined(NDEBUG)
329 EXPECT_CALL(mock_policy_callback_,
330 OnPolicyUpdatePtr(IsPolicies(&nat_false_overridden_others_default_)));
331 #else
332 EXPECT_CALL(mock_policy_callback_,
333 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
334 #endif
335
336 StartWatching();
337 policy_watcher_->SetPolicies(&nat_true_and_overridden_);
338 StopWatching();
339 }
340
TEST_F(PolicyWatcherTest,PairingFalseThenTrue)341 TEST_F(PolicyWatcherTest, PairingFalseThenTrue) {
342 testing::InSequence sequence;
343 EXPECT_CALL(mock_policy_callback_,
344 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
345 EXPECT_CALL(mock_policy_callback_,
346 OnPolicyUpdatePtr(IsPolicies(&pairing_false_)));
347 EXPECT_CALL(mock_policy_callback_,
348 OnPolicyUpdatePtr(IsPolicies(&pairing_true_)));
349
350 StartWatching();
351 policy_watcher_->SetPolicies(&empty_);
352 policy_watcher_->SetPolicies(&pairing_false_);
353 policy_watcher_->SetPolicies(&pairing_true_);
354 StopWatching();
355 }
356
TEST_F(PolicyWatcherTest,GnubbyAuth)357 TEST_F(PolicyWatcherTest, GnubbyAuth) {
358 testing::InSequence sequence;
359 EXPECT_CALL(mock_policy_callback_,
360 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
361 EXPECT_CALL(mock_policy_callback_,
362 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_false_)));
363 EXPECT_CALL(mock_policy_callback_,
364 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_true_)));
365
366 StartWatching();
367 policy_watcher_->SetPolicies(&empty_);
368 policy_watcher_->SetPolicies(&gnubby_auth_false_);
369 policy_watcher_->SetPolicies(&gnubby_auth_true_);
370 StopWatching();
371 }
372
TEST_F(PolicyWatcherTest,Relay)373 TEST_F(PolicyWatcherTest, Relay) {
374 testing::InSequence sequence;
375 EXPECT_CALL(mock_policy_callback_,
376 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
377 EXPECT_CALL(mock_policy_callback_,
378 OnPolicyUpdatePtr(IsPolicies(&relay_false_)));
379 EXPECT_CALL(mock_policy_callback_,
380 OnPolicyUpdatePtr(IsPolicies(&relay_true_)));
381
382 StartWatching();
383 policy_watcher_->SetPolicies(&empty_);
384 policy_watcher_->SetPolicies(&relay_false_);
385 policy_watcher_->SetPolicies(&relay_true_);
386 StopWatching();
387 }
388
TEST_F(PolicyWatcherTest,UdpPortRange)389 TEST_F(PolicyWatcherTest, UdpPortRange) {
390 testing::InSequence sequence;
391 EXPECT_CALL(mock_policy_callback_,
392 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
393 EXPECT_CALL(mock_policy_callback_,
394 OnPolicyUpdatePtr(IsPolicies(&port_range_full_)));
395 EXPECT_CALL(mock_policy_callback_,
396 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_)));
397
398 StartWatching();
399 policy_watcher_->SetPolicies(&empty_);
400 policy_watcher_->SetPolicies(&port_range_full_);
401 policy_watcher_->SetPolicies(&port_range_empty_);
402 StopWatching();
403 }
404
405 } // namespace policy_hack
406 } // namespace remoting
407