Add a header when fetching pages under the DMServer URL.

PolicyHeaderService now generates a json-style header to send up with web requests sent to DMServer containing information about the current policy state. This allows DMServer to return policy information via SAML assertions to authorized service providers.

BUG=326799
TBR=jochen

Review URL: https://codereview.chromium.org/99433004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240019 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 210 insertions, 3 deletions

diff --git a/components/components_tests.gyp b/components/components_tests.gyp
index e3c6d79..49e32a3 100644
--- a/components/components_tests.gyp
+++ b/components/components_tests.gyp
@@ -192,6 +192,7 @@
                 'components.gyp:policy_component_test_support',
               ],
               'sources': [
+                'policy/core/browser/policy_header_io_helper_unittest.cc',
                 'policy/core/common/async_policy_provider_unittest.cc',
                 'policy/core/common/cloud/cloud_policy_client_unittest.cc',
                 'policy/core/common/cloud/cloud_policy_core_unittest.cc',
diff --git a/components/policy.gypi b/components/policy.gypi
index 6172091..fbaf5c1 100644
--- a/components/policy.gypi
+++ b/components/policy.gypi
@@ -41,6 +41,8 @@
             'policy/core/browser/configuration_policy_pref_store.h',
             'policy/core/browser/policy_error_map.cc',
             'policy/core/browser/policy_error_map.h',
+            'policy/core/browser/policy_header_io_helper.cc',
+            'policy/core/browser/policy_header_io_helper.h',
             'policy/core/common/cloud/cloud_external_data_manager.cc',
             'policy/core/common/cloud/cloud_external_data_manager.h',
             'policy/core/common/cloud/cloud_policy_client.cc',
diff --git a/components/policy/core/browser/policy_header_io_helper.cc b/components/policy/core/browser/policy_header_io_helper.cc
new file mode 100644
index 0000000..1eb1898
--- /dev/null
+++ b/components/policy/core/browser/policy_header_io_helper.cc
@@ -0,0 +1,59 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/policy/core/browser/policy_header_io_helper.h"
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/sequenced_task_runner.h"
+#include "net/url_request/url_request.h"
+
+namespace {
+
+// The name of the header containing the policy information.
+const char kChromePolicyHeader[] = "Chrome-Policy-Posture";
+
+}  // namespace
+
+namespace policy {
+
+PolicyHeaderIOHelper::PolicyHeaderIOHelper(
+    const std::string& server_url,
+    const std::string& initial_header_value,
+    const scoped_refptr<base::SequencedTaskRunner>& task_runner)
+    : server_url_(server_url),
+      io_task_runner_(task_runner),
+      policy_header_(initial_header_value) {
+}
+
+PolicyHeaderIOHelper::~PolicyHeaderIOHelper() {
+}
+
+// Sets any necessary policy headers on the passed request.
+void PolicyHeaderIOHelper::AddPolicyHeaders(net::URLRequest* request) const {
+  DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
+  const GURL& url = request->url();
+  if (!policy_header_.empty() &&
+      url.spec().compare(0, server_url_.size(), server_url_) == 0) {
+    request->SetExtraRequestHeaderByName(kChromePolicyHeader,
+                                         policy_header_,
+                                         true /* overwrite */);
+  }
+}
+
+void PolicyHeaderIOHelper::UpdateHeader(const std::string& new_header) {
+  // Post a task to the IO thread to modify this.
+  io_task_runner_->PostTask(
+      FROM_HERE,
+      base::Bind(&PolicyHeaderIOHelper::UpdateHeaderOnIOThread,
+                 base::Unretained(this), new_header));
+}
+
+void PolicyHeaderIOHelper::UpdateHeaderOnIOThread(
+    const std::string& new_header) {
+  DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
+  policy_header_ = new_header;
+}
+
+}  // namespace policy
diff --git a/components/policy/core/browser/policy_header_io_helper.h b/components/policy/core/browser/policy_header_io_helper.h
new file mode 100644
index 0000000..345b9cc
--- /dev/null
+++ b/components/policy/core/browser/policy_header_io_helper.h
@@ -0,0 +1,62 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_POLICY_CORE_BROWSER_POLICY_HEADER_IO_HELPER_H_
+#define COMPONENTS_POLICY_CORE_BROWSER_POLICY_HEADER_IO_HELPER_H_
+
+#include <string>
+
+#include "base/memory/ref_counted.h"
+#include "base/sequenced_task_runner.h"
+#include "components/policy/policy_export.h"
+
+namespace net {
+class URLRequest;
+}
+
+namespace policy {
+
+// Helper class that lives on the I/O thread and adds policy headers to
+// outgoing requests. Instances of this class are created by
+// PolicyHeaderService on the UI thread, and that class is responsible for
+// notifying this class via UpdateHeaderFromUI() when the header changes.
+// Ownership is transferred to ProfileIOData, and this object is run and
+// destroyed on the I/O thread.
+class POLICY_EXPORT PolicyHeaderIOHelper {
+ public:
+  PolicyHeaderIOHelper(
+      const std::string& server_url,
+      const std::string& initial_header_value,
+      const scoped_refptr<base::SequencedTaskRunner>& task_runner);
+  ~PolicyHeaderIOHelper();
+
+  // Sets any necessary policy headers on the passed request. Should be invoked
+  // only from the I/O thread.
+  void AddPolicyHeaders(net::URLRequest* request) const;
+
+  // API invoked when the header changes. Can be called from any thread - calls
+  // are marshalled via the TaskRunner to run on the appropriate thread.
+  // If |new_header| is the empty string, no header will be added to
+  // outgoing requests.
+  void UpdateHeader(const std::string& new_header);
+
+ private:
+  // API invoked via the TaskRunner to update the header.
+  void UpdateHeaderOnIOThread(const std::string& new_header);
+
+  // The URL we should add policy headers to.
+  std::string server_url_;
+
+  // The task runner assocated with the I/O thread that runs this object.
+  scoped_refptr<base::SequencedTaskRunner> io_task_runner_;
+
+  // The current policy header value.
+  std::string policy_header_;
+
+  DISALLOW_COPY_AND_ASSIGN(PolicyHeaderIOHelper);
+};
+
+}  // namespace policy
+
+#endif  // COMPONENTS_POLICY_CORE_BROWSER_POLICY_HEADER_IO_HELPER_H_
diff --git a/components/policy/core/browser/policy_header_io_helper_unittest.cc b/components/policy/core/browser/policy_header_io_helper_unittest.cc
new file mode 100644
index 0000000..054168d
--- /dev/null
+++ b/components/policy/core/browser/policy_header_io_helper_unittest.cc
@@ -0,0 +1,83 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/test/test_simple_task_runner.h"
+#include "components/policy/core/browser/policy_header_io_helper.h"
+#include "net/http/http_request_headers.h"
+#include "net/url_request/url_request_test_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace policy {
+
+namespace {
+const char kDMServerURL[] = "http://server_url";
+const char kPolicyHeaderName[] = "Chrome-Policy-Posture";
+const char kInitialPolicyHeader[] = "initial_header";
+}  // namespace
+
+class PolicyHeaderIOHelperTest : public testing::Test {
+ public:
+  PolicyHeaderIOHelperTest() {
+    task_runner_ = make_scoped_refptr(new base::TestSimpleTaskRunner());
+  }
+  virtual ~PolicyHeaderIOHelperTest() {}
+
+  virtual void SetUp() OVERRIDE {
+    helper_ = make_scoped_ptr(new PolicyHeaderIOHelper(kDMServerURL,
+                                                       kInitialPolicyHeader,
+                                                       task_runner_));
+    task_runner_->RunUntilIdle();
+  }
+  virtual void TearDown() OVERRIDE {
+    task_runner_->RunUntilIdle();
+    helper_.reset();
+  }
+
+  void ValidateHeader(const net::HttpRequestHeaders& headers,
+                      const std::string& expected) {
+    std::string header;
+    EXPECT_TRUE(headers.GetHeader(kPolicyHeaderName, &header));
+    EXPECT_EQ(header, expected);
+  }
+
+  base::MessageLoop loop_;
+  scoped_ptr<PolicyHeaderIOHelper> helper_;
+  net::TestURLRequestContext context_;
+  scoped_refptr<base::TestSimpleTaskRunner> task_runner_;
+};
+
+TEST_F(PolicyHeaderIOHelperTest, InitialHeader) {
+  net::TestURLRequest request(
+      GURL(kDMServerURL), net::DEFAULT_PRIORITY, NULL, &context_);
+  helper_->AddPolicyHeaders(&request);
+  ValidateHeader(request.extra_request_headers(), kInitialPolicyHeader);
+}
+
+TEST_F(PolicyHeaderIOHelperTest, NoHeaderOnNonMatchingURL) {
+  net::TestURLRequest request(
+      GURL("http://non-matching.com"), net::DEFAULT_PRIORITY, NULL, &context_);
+  helper_->AddPolicyHeaders(&request);
+  EXPECT_TRUE(request.extra_request_headers().IsEmpty());
+}
+
+TEST_F(PolicyHeaderIOHelperTest, HeaderChange) {
+  std::string new_header = "new_header";
+  helper_->UpdateHeader(new_header);
+  task_runner_->RunUntilIdle();
+  net::TestURLRequest request(
+      GURL(kDMServerURL), net::DEFAULT_PRIORITY, NULL, &context_);
+  helper_->AddPolicyHeaders(&request);
+  ValidateHeader(request.extra_request_headers(), new_header);
+}
+
+TEST_F(PolicyHeaderIOHelperTest, ChangeToNoHeader) {
+  helper_->UpdateHeader("");
+  task_runner_->RunUntilIdle();
+  net::TestURLRequest request(
+      GURL(kDMServerURL), net::DEFAULT_PRIORITY, NULL, &context_);
+  helper_->AddPolicyHeaders(&request);
+  EXPECT_TRUE(request.extra_request_headers().IsEmpty());
+}
+
+}  // namespace policy
diff --git a/components/policy/core/common/cloud/device_management_service.cc b/components/policy/core/common/cloud/device_management_service.cc
index 5c96005..08d15658 100644
--- a/components/policy/core/common/cloud/device_management_service.cc
+++ b/components/policy/core/common/cloud/device_management_service.cc
@@ -452,7 +452,7 @@ DeviceManagementService::DeviceManagementService(
 }
 
 void DeviceManagementService::StartJob(DeviceManagementRequestJobImpl* job) {
-  std::string server_url = GetServerURL();
+  std::string server_url = GetServerUrl();
   net::URLFetcher* fetcher = net::URLFetcher::Create(
       kURLFetcherID, job->GetURL(server_url), net::URLFetcher::POST, this);
   job->ConfigureRequest(fetcher);
@@ -460,7 +460,7 @@ void DeviceManagementService::StartJob(DeviceManagementRequestJobImpl* job) {
   fetcher->Start();
 }
 
-std::string DeviceManagementService::GetServerURL() {
+std::string DeviceManagementService::GetServerUrl() {
   return configuration_->GetServerUrl();
 }
 
diff --git a/components/policy/core/common/cloud/device_management_service.h b/components/policy/core/common/cloud/device_management_service.h
index d76405e..e502903 100644
--- a/components/policy/core/common/cloud/device_management_service.h
+++ b/components/policy/core/common/cloud/device_management_service.h
@@ -140,7 +140,7 @@ class POLICY_EXPORT DeviceManagementService : public net::URLFetcherDelegate {
   void Shutdown();
 
   // Gets the URL that the DMServer requests are sent to.
-  std::string GetServerURL();
+  std::string GetServerUrl();
 
  private:
   typedef std::map<const net::URLFetcher*,