Properly set dmtoken value in NAC header.

BUG=326799
R=dconnelly@chromium.org

Review URL: https://codereview.chromium.org/109553004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@241003 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 60 insertions, 40 deletions

diff --git a/components/policy/core/common/cloud/policy_header_service.cc b/components/policy/core/common/cloud/policy_header_service.cc
index af261f8..7953f56 100644
--- a/components/policy/core/common/cloud/policy_header_service.cc
+++ b/components/policy/core/common/cloud/policy_header_service.cc
@@ -4,9 +4,16 @@
 
 #include "components/policy/core/common/cloud/policy_header_service.h"
 
+#include "base/base64.h"
+#include "base/json/json_writer.h"
+#include "base/values.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/cloud/policy_header_io_helper.h"
 
+namespace {
+const char kUserDMTokenKey[] = "user_dmtoken";
+}
+
 namespace policy {
 
 PolicyHeaderService::PolicyHeaderService(const std::string& server_url,
@@ -37,8 +44,30 @@ PolicyHeaderService::CreatePolicyHeaderIOHelper(
 }
 
 std::string PolicyHeaderService::CreateHeaderValue() {
-  // TODO(atwilson): Extract policy information and generate correct header.
-  return "";
+  // If we have no user policy or no token, return an empty header.
+  if (!user_policy_store_->has_policy() ||
+      !user_policy_store_->policy()->has_request_token()) {
+    return "";
+  }
+
+  // Generate a Base64-encoded header of the form:
+  // {
+  //   user_dmtoken: <dm_token>
+  //   user_policy_token: <policy_token>
+  // }
+  std::string user_dm_token = user_policy_store_->policy()->request_token();
+  base::DictionaryValue value;
+  value.SetString(kUserDMTokenKey, user_dm_token);
+  // TODO(atwilson): add user_policy_token once the server starts sending it
+  // down (http://crbug.com/326799).
+  std::string json;
+  base::JSONWriter::Write(&value, &json);
+  DCHECK(!json.empty());
+
+  // Base64-encode the result so we can include it in a header.
+  std::string encoded;
+  base::Base64Encode(json, &encoded);
+  return encoded;
 }
 
 void PolicyHeaderService::OnStoreLoaded(CloudPolicyStore* store) {
diff --git a/components/policy/core/common/cloud/policy_header_service.h b/components/policy/core/common/cloud/policy_header_service.h
index 1d4346b..b797c2a 100644
--- a/components/policy/core/common/cloud/policy_header_service.h
+++ b/components/policy/core/common/cloud/policy_header_service.h
@@ -46,12 +46,10 @@ class POLICY_EXPORT PolicyHeaderService : public CloudPolicyStore::Observer {
   virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
   virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
 
- protected:
+ private:
   // Generate a policy header based on the currently loaded policy.
-  // Virtual to allow mocking in tests.
-  virtual std::string CreateHeaderValue();
+  std::string CreateHeaderValue();
 
- private:
   // Weak pointer to created PolicyHeaderIOHelper objects.
   std::vector<PolicyHeaderIOHelper*> helpers_;
 
diff --git a/components/policy/core/common/cloud/policy_header_service_unittest.cc b/components/policy/core/common/cloud/policy_header_service_unittest.cc
index d15725b..94363b5 100644
--- a/components/policy/core/common/cloud/policy_header_service_unittest.cc
+++ b/components/policy/core/common/cloud/policy_header_service_unittest.cc
@@ -2,7 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/base64.h"
+#include "base/json/json_reader.h"
 #include "base/test/test_simple_task_runner.h"
+#include "base/values.h"
 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h"
 #include "components/policy/core/common/cloud/policy_header_io_helper.h"
 #include "components/policy/core/common/cloud/policy_header_service.h"
@@ -16,29 +19,6 @@ using enterprise_management::PolicyData;
 namespace {
 const char kDMServerURL[] = "http://server_url";
 const char kPolicyHeaderName[] = "Chrome-Policy-Posture";
-const char kExpectedPolicyHeader[] = "expected_header";
-
-// Test version of the PolicyHeaderService that allows the tests to inject
-// their own header values.
-// TODO(atwilson): Remove this once PolicyHeaderService extracts the header
-// directly from policy.
-class TestPolicyHeaderService : public PolicyHeaderService {
- public:
-  TestPolicyHeaderService(CloudPolicyStore* user_store,
-                          CloudPolicyStore* device_store)
-    : PolicyHeaderService(kDMServerURL, user_store, device_store) {
-  }
-
-  virtual ~TestPolicyHeaderService() {}
-
-  void set_header(const std::string& header) { header_ = header; }
-
- protected:
-  virtual std::string CreateHeaderValue() OVERRIDE { return header_; }
-
- private:
-  std::string header_;
-};
 
 class TestCloudPolicyStore : public MockCloudPolicyStore {
  public:
@@ -57,8 +37,8 @@ class PolicyHeaderServiceTest : public testing::Test {
   virtual ~PolicyHeaderServiceTest() {}
 
   virtual void SetUp() OVERRIDE {
-    service_.reset(new TestPolicyHeaderService(&user_store_, &device_store_));
-    service_->set_header(kExpectedPolicyHeader);
+    service_.reset(new PolicyHeaderService(
+        kDMServerURL, &user_store_, &device_store_));
     helper_ = service_->CreatePolicyHeaderIOHelper(task_runner_).Pass();
   }
 
@@ -70,18 +50,30 @@ class PolicyHeaderServiceTest : public testing::Test {
   }
 
   void ValidateHeader(const net::HttpRequestHeaders& headers,
-                      bool should_exist) {
-    if (should_exist) {
+                      const std::string& expected_dmtoken) {
+    if (expected_dmtoken.empty()) {
+      EXPECT_TRUE(headers.IsEmpty());
+    } else {
+      // Read header.
       std::string header;
       EXPECT_TRUE(headers.GetHeader(kPolicyHeaderName, &header));
-      EXPECT_EQ(header, kExpectedPolicyHeader);
-    } else {
-      EXPECT_TRUE(headers.IsEmpty());
+      // Decode the base64 value into JSON.
+      std::string decoded;
+      base::Base64Decode(header, &decoded);
+      // Parse the JSON.
+      scoped_ptr<Value> value(base::JSONReader::Read(decoded));
+      ASSERT_TRUE(value);
+      DictionaryValue* dict;
+      EXPECT_TRUE(value->GetAsDictionary(&dict));
+      // Read the values and verify them vs the expected values.
+      std::string dm_token;
+      dict->GetString("user_dmtoken", &dm_token);
+      EXPECT_EQ(dm_token, expected_dmtoken);
     }
   }
 
   base::MessageLoop loop_;
-  scoped_ptr<TestPolicyHeaderService> service_;
+  scoped_ptr<PolicyHeaderService> service_;
   TestCloudPolicyStore user_store_;
   TestCloudPolicyStore device_store_;
   scoped_ptr<PolicyHeaderIOHelper> helper_;
@@ -99,6 +91,8 @@ TEST_F(PolicyHeaderServiceTest, TestCreationAndShutdown) {
 TEST_F(PolicyHeaderServiceTest, TestWithAndWithoutPolicyHeader) {
   // Set policy - this should push a header to the PolicyHeaderIOHelper.
   scoped_ptr<PolicyData> policy(new PolicyData());
+  std::string expected_token = "expected_token";
+  policy->set_request_token(expected_token);
   user_store_.SetPolicy(policy.Pass());
   task_runner_->RunUntilIdle();
 
@@ -106,17 +100,16 @@ TEST_F(PolicyHeaderServiceTest, TestWithAndWithoutPolicyHeader) {
   net::TestURLRequest request(
       GURL(kDMServerURL), net::DEFAULT_PRIORITY, NULL, &context);
   helper_->AddPolicyHeaders(&request);
-  ValidateHeader(request.extra_request_headers(), true);
+  ValidateHeader(request.extra_request_headers(), expected_token);
 
   // Now blow away the policy data.
-  service_->set_header("");
   user_store_.SetPolicy(scoped_ptr<PolicyData>());
   task_runner_->RunUntilIdle();
 
   net::TestURLRequest request2(
       GURL(kDMServerURL), net::DEFAULT_PRIORITY, NULL, &context);
   helper_->AddPolicyHeaders(&request2);
-  ValidateHeader(request2.extra_request_headers(), false);
+  ValidateHeader(request2.extra_request_headers(), "");
 }
 
 }  // namespace policy