Move SystemProxyManager out of policy
System-proxy is a proxy authentication daemon on Chrome OS which
authenticates PlayStore apps and system services to remote web proxies.
This CL separates the general SystemProxyManager logic from the policy
handling code and moves the SystemProxyManager initialization from the
BrowserPolicyConnectorChromeOS class to the BrowserProcessPlatformPart.
The code is largely unchanged, with the following exceptions:
- methods added to create a SystemProxyManages static instance: Get(),
Initialize(), ShutDown().
- method SetPolicySettings() added to set the SystemProxySettings device
policy info.
Bug:b/182889234
Test: Adapted the browser tests:
- SystemProxyManagerBrowserTest.*
- SystemProxyManagerPolicyCredentialsBrowserTest.*
- ProxyResolutionServiceProviderSystemProxyPolicyTest.*
- BrowsingDataRemoverBrowserTest.SystemProxyClearsUserCredentials
Adapted the unit tests:
- SystemProxyManagedTest.*
Added:
- SystemProxyHandlerTest.*
Manual tests:
- enterprise: system services (tlsdate) and the PlayStore apps get
authenticated through system-proxy when enabled by policy;
- consumer: verified that system-proxy is not accidentally started.
Tast tests: network.SystemProxyForArc,
network.SystemProxyForSystemServices, policy.SystemProxySettings
Change-Id: If50ae74949eccde22deecaa708d6f7f773a2ebd2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2764502
Reviewed-by: Andreea-Elena Costinas <[email protected]>
Reviewed-by: David Roger <[email protected]>
Reviewed-by: Kyle Horimoto <[email protected]>
Reviewed-by: Pavol Marko <[email protected]>
Commit-Queue: Andreea-Elena Costinas <[email protected]>
Cr-Commit-Position: refs/heads/master@{#869484}
diff --git a/chrome/browser/ash/settings/device_settings_provider.cc b/chrome/browser/ash/settings/device_settings_provider.cc
index d4f1fbf7..89e9c33 100644
--- a/chrome/browser/ash/settings/device_settings_provider.cc
+++ b/chrome/browser/ash/settings/device_settings_provider.cc
@@ -29,7 +29,7 @@
#include "chrome/browser/ash/settings/stats_reporting_controller.h"
#include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
#include "chrome/browser/chromeos/policy/off_hours/off_hours_proto_parser.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
+#include "chrome/browser/chromeos/policy/system_proxy_handler.h"
#include "chrome/browser/chromeos/tpm_firmware_update.h"
#include "chromeos/dbus/dbus_thread_manager.h"
#include "chromeos/settings/cros_settings_names.h"
diff --git a/chrome/browser/browser_process_platform_part_chromeos.cc b/chrome/browser/browser_process_platform_part_chromeos.cc
index 53e8fbe..a9e2c96 100644
--- a/chrome/browser/browser_process_platform_part_chromeos.cc
+++ b/chrome/browser/browser_process_platform_part_chromeos.cc
@@ -25,8 +25,8 @@
#include "chrome/browser/ash/system/timezone_util.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/net/delay_network_call.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/chromeos/scheduler_configuration_manager.h"
#include "chrome/browser/component_updater/metadata_table_chromeos.h"
#include "chrome/common/chrome_switches.h"
@@ -175,9 +175,11 @@
->Subscribe(base::BindRepeating(
&BrowserProcessPlatformPart::ShutdownPrimaryProfileServices,
base::Unretained(this)));
- browser_policy_connector_chromeos()
- ->GetSystemProxyManager()
- ->StartObservingPrimaryProfilePrefs(primary_profile);
+
+ if (chromeos::SystemProxyManager::Get()) {
+ chromeos::SystemProxyManager::Get()->StartObservingPrimaryProfilePrefs(
+ primary_profile);
+ }
auto* manager = arc::data_snapshotd::ArcDataSnapshotdManager::Get();
if (manager) {
@@ -191,9 +193,8 @@
if (manager)
manager->policy_service()->StopObservingPrimaryProfilePrefs();
- browser_policy_connector_chromeos()
- ->GetSystemProxyManager()
- ->StopObservingPrimaryProfilePrefs();
+ if (chromeos::SystemProxyManager::Get())
+ chromeos::SystemProxyManager::Get()->StopObservingPrimaryProfilePrefs();
in_session_password_change_manager_.reset();
}
diff --git a/chrome/browser/browsing_data/browsing_data_remover_browsertest.cc b/chrome/browser/browsing_data/browsing_data_remover_browsertest.cc
index 12867af..c7a370c 100644
--- a/chrome/browser/browsing_data/browsing_data_remover_browsertest.cc
+++ b/chrome/browser/browsing_data/browsing_data_remover_browsertest.cc
@@ -102,8 +102,8 @@
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_process_platform_part.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chromeos/dbus/system_proxy/system_proxy_client.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
@@ -1433,10 +1433,7 @@
// sends a request to System-proxy to clear the cached user credentials.
IN_PROC_BROWSER_TEST_F(BrowsingDataRemoverBrowserTest,
SystemProxyClearsUserCredentials) {
- g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager()
- ->SetSystemProxyEnabledForTest(true);
+ chromeos::SystemProxyManager::Get()->SetSystemProxyEnabledForTest(true);
EXPECT_EQ(0, chromeos::SystemProxyClient::Get()
->GetTestInterface()
->GetClearUserCredentialsCount());
diff --git a/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc b/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc
index d0bbb12b..48c4de4 100644
--- a/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc
+++ b/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc
@@ -162,8 +162,8 @@
#include "chrome/browser/ash/profiles/profile_helper.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_process_platform_part.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chromeos/cryptohome/cryptohome_parameters.h"
#include "chromeos/dbus/attestation/attestation_client.h"
#include "chromeos/dbus/attestation/interface.pb.h"
@@ -832,11 +832,7 @@
CreateTaskCompletionClosureForMojo(
TracingDataType::kHttpAuthCache));
#if BUILDFLAG(IS_CHROMEOS_ASH)
- policy::SystemProxyManager* system_proxy_manager =
- g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager();
- if (system_proxy_manager) {
+ if (chromeos::SystemProxyManager::Get()) {
// Sends a request to the System-proxy daemon to clear the proxy user
// credentials. System-proxy retrieves proxy username and password from
// the NetworkService, but not the creation time of the credentials. The
@@ -844,7 +840,7 @@
// credentials. If credentials prior to |delete_begin_| are removed from
// System-proxy, the daemon will send a D-Bus request to Chrome to fetch
// them from the NetworkService when needed.
- system_proxy_manager->ClearUserCredentials();
+ chromeos::SystemProxyManager::Get()->ClearUserCredentials();
}
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index b21246c..7362381b 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -430,10 +430,10 @@
#include "chrome/browser/chromeos/fileapi/external_file_url_loader_factory.h"
#include "chrome/browser/chromeos/fileapi/file_system_backend.h"
#include "chrome/browser/chromeos/fileapi/mtp_file_system_backend_delegate.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
#include "chrome/browser/chromeos/policy/system_features_disable_list_policy_handler.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/chromeos/smb_client/fileapi/smbfs_file_system_backend_delegate.h"
#include "chrome/browser/speech/tts_chromeos.h"
#include "chrome/browser/ui/ash/chrome_browser_main_extra_parts_ash.h"
@@ -5219,10 +5219,8 @@
bool first_auth_attempt,
LoginAuthRequiredCallback auth_required_callback) {
#if BUILDFLAG(IS_CHROMEOS_ASH)
- policy::SystemProxyManager* system_proxy_manager =
- g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager();
+ chromeos::SystemProxyManager* system_proxy_manager =
+ chromeos::SystemProxyManager::Get();
// For Managed Guest Session and Kiosk devices, the credentials configured
// via the policy SystemProxySettings may be used for proxy authentication.
// Note: |system_proxy_manager| may be missing in tests.
diff --git a/chrome/browser/chromeos/BUILD.gn b/chrome/browser/chromeos/BUILD.gn
index b7e032a9..a01881e 100644
--- a/chrome/browser/chromeos/BUILD.gn
+++ b/chrome/browser/chromeos/BUILD.gn
@@ -2389,6 +2389,8 @@
"net/network_throttling_observer.h",
"net/shill_error.cc",
"net/shill_error.h",
+ "net/system_proxy_manager.cc",
+ "net/system_proxy_manager.h",
"network_change_manager_client.cc",
"network_change_manager_client.h",
"night_light/night_light_client.cc",
@@ -2723,8 +2725,8 @@
"policy/system_features_disable_list_policy_handler.h",
"policy/system_log_uploader.cc",
"policy/system_log_uploader.h",
- "policy/system_proxy_manager.cc",
- "policy/system_proxy_manager.h",
+ "policy/system_proxy_handler.cc",
+ "policy/system_proxy_handler.h",
"policy/tpm_auto_update_mode_policy_handler.cc",
"policy/tpm_auto_update_mode_policy_handler.h",
"policy/upload_job.h",
@@ -3983,6 +3985,7 @@
"net/network_portal_detector_impl_unittest.cc",
"net/network_pref_state_observer_unittest.cc",
"net/network_throttling_observer_unittest.cc",
+ "net/system_proxy_manager_unittest.cc",
"network_change_manager_client_unittest.cc",
"night_light/night_light_client_unittest.cc",
"note_taking_helper_unittest.cc",
@@ -4074,7 +4077,7 @@
"policy/status_uploader_unittest.cc",
"policy/system_features_disable_list_policy_handler_unittest.cc",
"policy/system_log_uploader_unittest.cc",
- "policy/system_proxy_manager_unittest.cc",
+ "policy/system_proxy_handler_unittest.cc",
"policy/tpm_auto_update_mode_policy_handler_unittest.cc",
"policy/upload_job_unittest.cc",
"policy/user_cloud_policy_manager_chromeos_unittest.cc",
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
index 04f75fb..0b5aab8 100644
--- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
+++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
@@ -110,6 +110,7 @@
#include "chrome/browser/chromeos/net/network_portal_detector_impl.h"
#include "chrome/browser/chromeos/net/network_pref_state_observer.h"
#include "chrome/browser/chromeos/net/network_throttling_observer.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/network_change_manager_client.h"
#include "chrome/browser/chromeos/note_taking_helper.h"
#include "chrome/browser/chromeos/platform_keys/key_permissions/key_permissions_manager_impl.h"
@@ -661,6 +662,7 @@
chromeos::cfm::InitializeCfmServices();
#endif // BUILDFLAG(PLATFORM_CFM)
+ SystemProxyManager::Initialize(g_browser_process->local_state());
return ChromeBrowserMainPartsLinux::PreMainMessageLoopRun();
}
@@ -1152,6 +1154,7 @@
// shutdown calls and test |pre_profile_init_called_| if necessary. See
// crbug.com/702403 for details.
void ChromeBrowserMainPartsChromeos::PostMainMessageLoopRun() {
+ SystemProxyManager::Shutdown();
crostini_unsupported_action_notifier_.reset();
BootTimesRecorder::Get()->AddLogoutTimeMarker("UIMessageLoopEnded", true);
diff --git a/chrome/browser/chromeos/dbus/proxy_resolution_service_provider.cc b/chrome/browser/chromeos/dbus/proxy_resolution_service_provider.cc
index da286c8..379f6d2 100644
--- a/chrome/browser/chromeos/dbus/proxy_resolution_service_provider.cc
+++ b/chrome/browser/chromeos/dbus/proxy_resolution_service_provider.cc
@@ -13,8 +13,8 @@
#include "base/threading/thread_task_runner_handle.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_process_platform_part.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/profiles/profile_manager.h"
#include "content/public/browser/storage_partition.h"
@@ -94,11 +94,7 @@
// remote proxy server. The availability of this feature is controlled by the
// |SystemProxySettings| policy.
void AppendSystemProxyIfActive(std::string* pac_proxy_list) {
- policy::SystemProxyManager* system_proxy_manager =
- g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager();
-
+ SystemProxyManager* system_proxy_manager = SystemProxyManager::Get();
// |system_proxy_manager| may be missing in tests.
if (!system_proxy_manager ||
system_proxy_manager->SystemServicesProxyPacString().empty()) {
diff --git a/chrome/browser/chromeos/dbus/proxy_resolution_service_provider_browsertest.cc b/chrome/browser/chromeos/dbus/proxy_resolution_service_provider_browsertest.cc
index d7f61fa..77bb3cb0 100644
--- a/chrome/browser/chromeos/dbus/proxy_resolution_service_provider_browsertest.cc
+++ b/chrome/browser/chromeos/dbus/proxy_resolution_service_provider_browsertest.cc
@@ -6,8 +6,8 @@
#include "base/bind.h"
#include "base/callback_helpers.h"
#include "chrome/browser/chromeos/dbus/proxy_resolution_service_provider.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/test/base/in_process_browser_test.h"
#include "chrome/test/base/testing_browser_process.h"
@@ -172,10 +172,8 @@
protected:
void SetLocalProxyAddress(const std::string& local_proxy_url) {
- g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager()
- ->SetSystemServicesProxyUrlForTest(local_proxy_url);
+ SystemProxyManager::Get()->SetSystemServicesProxyUrlForTest(
+ local_proxy_url);
}
};
diff --git a/chrome/browser/chromeos/policy/system_proxy_manager.cc b/chrome/browser/chromeos/net/system_proxy_manager.cc
similarity index 84%
rename from chrome/browser/chromeos/policy/system_proxy_manager.cc
rename to chrome/browser/chromeos/net/system_proxy_manager.cc
index 2dc2563..41330c5a 100644
--- a/chrome/browser/chromeos/policy/system_proxy_manager.cc
+++ b/chrome/browser/chromeos/net/system_proxy_manager.cc
@@ -1,8 +1,8 @@
-// Copyright (c) 2020 The Chromium Authors. All rights reserved.
+// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include <string>
@@ -28,8 +28,6 @@
#include "chromeos/network/network_state_handler.h"
#include "chromeos/network/proxy/proxy_config_service_impl.h"
#include "chromeos/network/proxy/ui_proxy_config_service.h"
-#include "chromeos/settings/cros_settings_names.h"
-#include "chromeos/settings/cros_settings_provider.h"
#include "components/arc/arc_prefs.h"
#include "components/prefs/pref_change_registrar.h"
#include "components/prefs/pref_registry_simple.h"
@@ -49,6 +47,7 @@
#include "ui/views/window/dialog_delegate.h"
namespace {
+
const char kSystemProxyService[] = "system-proxy-service";
// A `content::LoginDelegate` implementation that returns to the caller the
@@ -86,24 +85,18 @@
} // namespace
-namespace policy {
+namespace chromeos {
-SystemProxyManager::SystemProxyManager(ash::CrosSettings* cros_settings,
- PrefService* local_state)
- : cros_settings_(cros_settings),
- system_proxy_subscription_(cros_settings_->AddSettingsObserver(
- chromeos::kSystemProxySettings,
- base::BindRepeating(
- &SystemProxyManager::OnSystemProxySettingsPolicyChanged,
- base::Unretained(this)))) {
+static SystemProxyManager* g_system_proxy_manager_ = nullptr;
+
+SystemProxyManager::SystemProxyManager(PrefService* local_state) {
// Connect to System-proxy signals.
- chromeos::SystemProxyClient::Get()->SetWorkerActiveSignalCallback(
- base::BindRepeating(&SystemProxyManager::OnWorkerActive,
- weak_factory_.GetWeakPtr()));
- chromeos::SystemProxyClient::Get()->SetAuthenticationRequiredSignalCallback(
+ SystemProxyClient::Get()->SetWorkerActiveSignalCallback(base::BindRepeating(
+ &SystemProxyManager::OnWorkerActive, weak_factory_.GetWeakPtr()));
+ SystemProxyClient::Get()->SetAuthenticationRequiredSignalCallback(
base::BindRepeating(&SystemProxyManager::OnAuthenticationRequired,
weak_factory_.GetWeakPtr()));
- chromeos::SystemProxyClient::Get()->ConnectToWorkerSignals();
+ SystemProxyClient::Get()->ConnectToWorkerSignals();
local_state_ = local_state;
// Listen to pref changes.
@@ -113,17 +106,32 @@
prefs::kKerberosEnabled,
base::BindRepeating(&SystemProxyManager::OnKerberosEnabledChanged,
weak_factory_.GetWeakPtr()));
- DCHECK(chromeos::NetworkHandler::IsInitialized());
- chromeos::NetworkHandler::Get()->network_state_handler()->AddObserver(
- this, FROM_HERE);
- // Fire it once so we're sure we get an invocation on startup.
- OnSystemProxySettingsPolicyChanged();
+ DCHECK(NetworkHandler::IsInitialized());
+ NetworkHandler::Get()->network_state_handler()->AddObserver(this, FROM_HERE);
}
SystemProxyManager::~SystemProxyManager() {
- DCHECK(chromeos::NetworkHandler::IsInitialized());
- chromeos::NetworkHandler::Get()->network_state_handler()->RemoveObserver(
- this, FROM_HERE);
+ DCHECK(NetworkHandler::IsInitialized());
+ NetworkHandler::Get()->network_state_handler()->RemoveObserver(this,
+ FROM_HERE);
+}
+
+// static
+void SystemProxyManager::Initialize(PrefService* local_state) {
+ g_system_proxy_manager_ = new SystemProxyManager(local_state);
+}
+
+// static
+SystemProxyManager* SystemProxyManager::Get() {
+ return g_system_proxy_manager_;
+}
+
+// static
+void SystemProxyManager::Shutdown() {
+ if (g_system_proxy_manager_) {
+ delete g_system_proxy_manager_;
+ g_system_proxy_manager_ = nullptr;
+ }
}
std::string SystemProxyManager::SystemServicesProxyPacString() const {
@@ -170,29 +178,21 @@
}
system_proxy::ClearUserCredentialsRequest request;
- chromeos::SystemProxyClient::Get()->ClearUserCredentials(
+ SystemProxyClient::Get()->ClearUserCredentials(
request, base::BindOnce(&SystemProxyManager::OnClearUserCredentials,
weak_factory_.GetWeakPtr()));
}
-void SystemProxyManager::OnSystemProxySettingsPolicyChanged() {
- chromeos::CrosSettingsProvider::TrustedStatus status =
- cros_settings_->PrepareTrustedValues(base::BindOnce(
- &SystemProxyManager::OnSystemProxySettingsPolicyChanged,
- base::Unretained(this)));
- if (status != chromeos::CrosSettingsProvider::TRUSTED)
- return;
+void SystemProxyManager::SetPolicySettings(
+ bool system_proxy_enabled,
+ const std::string& system_services_username,
+ const std::string& system_services_password,
+ const std::vector<std::string>& auth_schemes) {
+ system_proxy_enabled_ = system_proxy_enabled;
+ system_services_username_ = system_services_username;
+ system_services_password_ = system_services_password;
+ policy_credentials_auth_schemes_ = auth_schemes;
- const base::Value* proxy_settings =
- cros_settings_->GetPref(chromeos::kSystemProxySettings);
-
- if (!proxy_settings)
- return;
-
- system_proxy_enabled_ =
- proxy_settings->FindBoolKey(chromeos::kSystemProxySettingsKeyEnabled)
- .value_or(false);
- // System-proxy is inactive by default.
if (!system_proxy_enabled_) {
// Send a shut-down command to the daemon. Since System-proxy is started via
// dbus activation, if the daemon is inactive, this command will start the
@@ -201,7 +201,7 @@
// System-proxy is inactive.
system_proxy::ShutDownRequest request;
request.set_traffic_type(system_proxy::TrafficOrigin::ALL);
- chromeos::SystemProxyClient::Get()->ShutDownProcess(
+ SystemProxyClient::Get()->ShutDownProcess(
request, base::BindOnce(&SystemProxyManager::OnShutDownProcess,
weak_factory_.GetWeakPtr()));
system_services_address_.clear();
@@ -209,28 +209,7 @@
CloseAuthenticationUI();
return;
}
- const std::string* username = proxy_settings->FindStringKey(
- chromeos::kSystemProxySettingsKeySystemServicesUsername);
- const std::string* password = proxy_settings->FindStringKey(
- chromeos::kSystemProxySettingsKeySystemServicesPassword);
-
- const base::Value* auth_schemes =
- proxy_settings->FindListKey(chromeos::kSystemProxySettingsKeyAuthSchemes);
-
- policy_credentials_auth_schemes_.clear();
- if (auth_schemes) {
- for (const auto& auth_scheme : auth_schemes->GetList())
- policy_credentials_auth_schemes_.push_back(auth_scheme.GetString());
- }
-
- if (!username || username->empty() || !password || password->empty()) {
- NET_LOG(DEBUG) << "Proxy credentials for system traffic not set: "
- << kSystemProxyService;
- } else {
- system_services_username_ = *username;
- system_services_password_ = *password;
- }
if (IsManagedProxyConfigured()) {
// Force send the configuration in case the credentials hand't changed, but
// `policy_credentials_auth_schemes_` has.
@@ -276,7 +255,7 @@
if (!IsArcEnabled()) {
system_proxy::ShutDownRequest request;
request.set_traffic_type(system_proxy::TrafficOrigin::USER);
- chromeos::SystemProxyClient::Get()->ShutDownProcess(
+ SystemProxyClient::Get()->ShutDownProcess(
request, base::BindOnce(&SystemProxyManager::OnShutDownProcess,
weak_factory_.GetWeakPtr()));
return;
@@ -289,7 +268,7 @@
system_proxy::SetAuthenticationDetailsRequest request;
request.set_traffic_type(system_proxy::TrafficOrigin::USER);
- chromeos::SystemProxyClient::Get()->SetAuthenticationDetails(
+ SystemProxyClient::Get()->SetAuthenticationDetails(
request, base::BindOnce(&SystemProxyManager::OnSetAuthenticationDetails,
weak_factory_.GetWeakPtr()));
}
@@ -321,7 +300,7 @@
*request.mutable_credentials() = user_credentials;
*request.mutable_protection_space() = protection_space;
- chromeos::SystemProxyClient::Get()->SetAuthenticationDetails(
+ SystemProxyClient::Get()->SetAuthenticationDetails(
request, base::BindOnce(&SystemProxyManager::OnSetAuthenticationDetails,
weak_factory_.GetWeakPtr()));
}
@@ -353,7 +332,7 @@
request.set_traffic_type(system_proxy::TrafficOrigin::SYSTEM);
- chromeos::SystemProxyClient::Get()->SetAuthenticationDetails(
+ SystemProxyClient::Get()->SetAuthenticationDetails(
request, base::BindOnce(&SystemProxyManager::OnSetAuthenticationDetails,
weak_factory_.GetWeakPtr()));
}
@@ -375,7 +354,7 @@
->Get(prefs::kKerberosActivePrincipalName)
->GetString());
}
- chromeos::SystemProxyClient::Get()->SetAuthenticationDetails(
+ SystemProxyClient::Get()->SetAuthenticationDetails(
request, base::BindOnce(&SystemProxyManager::OnSetAuthenticationDetails,
weak_factory_.GetWeakPtr()));
}
@@ -421,12 +400,12 @@
bool SystemProxyManager::CanUsePolicyCredentials(
const net::AuthChallengeInfo& auth_info,
bool first_auth_attempt) {
- if (!auth_info.is_proxy || !first_auth_attempt)
+ if (!auth_info.is_proxy || !first_auth_attempt) {
return false;
-
- if (!chromeos::LoginState::IsInitialized() ||
- (!chromeos::LoginState::Get()->IsPublicSessionUser() &&
- !chromeos::LoginState::Get()->IsKioskApp())) {
+ }
+ if (!LoginState::IsInitialized() ||
+ (!LoginState::Get()->IsPublicSessionUser() &&
+ !LoginState::Get()->IsKioskApp())) {
VLOG(1) << "Only kiosk app and MGS can reuse the policy provided proxy "
"credentials for authentication";
return false;
@@ -437,16 +416,15 @@
return false;
}
- if (!IsManagedProxyConfigured()) {
+ if (!IsManagedProxyConfigured())
return false;
- }
+
if (!policy_credentials_auth_schemes_.empty()) {
if (!base::Contains(policy_credentials_auth_schemes_, auth_info.scheme)) {
VLOG(1) << "Auth scheme not allowed by policy";
return false;
}
}
-
return true;
}
@@ -472,8 +450,7 @@
// This function is called when the default network changes or when any of its
// properties change.
-void SystemProxyManager::DefaultNetworkChanged(
- const chromeos::NetworkState* network) {
+void SystemProxyManager::DefaultNetworkChanged(const NetworkState* network) {
if (!network)
return;
OnProxyConfigChanged();
@@ -491,27 +468,25 @@
}
bool SystemProxyManager::IsManagedProxyConfigured() {
- DCHECK(chromeos::NetworkHandler::IsInitialized());
- chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
+ DCHECK(NetworkHandler::IsInitialized());
+ NetworkHandler* network_handler = NetworkHandler::Get();
base::Value proxy_settings(base::Value::Type::DICTIONARY);
// |ui_proxy_config_service| may be missing in tests. If the device is offline
// (no network connected) the |DefaultNetwork| is null.
- if (chromeos::NetworkHandler::HasUiProxyConfigService() &&
+ if (NetworkHandler::HasUiProxyConfigService() &&
network_handler->network_state_handler()->DefaultNetwork()) {
// Check if proxy is enforced by user policy, force installed extension or
// ONC policies. This will only read managed settings.
- chromeos::NetworkHandler::GetUiProxyConfigService()
- ->MergeEnforcedProxyConfig(
- network_handler->network_state_handler()->DefaultNetwork()->guid(),
- &proxy_settings);
+ NetworkHandler::GetUiProxyConfigService()->MergeEnforcedProxyConfig(
+ network_handler->network_state_handler()->DefaultNetwork()->guid(),
+ &proxy_settings);
}
if (proxy_settings.DictEmpty())
return false; // no managed proxy set
if (IsProxyConfiguredByUserViaExtension())
return false;
-
// Proxy was configured by the admin
return true;
}
@@ -695,4 +670,4 @@
auth_widget_->CloseWithReason(views::Widget::ClosedReason::kUnspecified);
}
-} // namespace policy
+} // namespace chromeos
diff --git a/chrome/browser/chromeos/policy/system_proxy_manager.h b/chrome/browser/chromeos/net/system_proxy_manager.h
similarity index 77%
rename from chrome/browser/chromeos/policy/system_proxy_manager.h
rename to chrome/browser/chromeos/net/system_proxy_manager.h
index 4b3e40d..59a6c8e2 100644
--- a/chrome/browser/chromeos/policy/system_proxy_manager.h
+++ b/chrome/browser/chromeos/net/system_proxy_manager.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2020 The Chromium Authors. All rights reserved.
+// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_
-#define CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_
+#ifndef CHROME_BROWSER_CHROMEOS_NET_SYSTEM_PROXY_MANAGER_H_
+#define CHROME_BROWSER_CHROMEOS_NET_SYSTEM_PROXY_MANAGER_H_
#include <memory>
#include <string>
@@ -13,7 +13,6 @@
#include "base/gtest_prod_util.h"
#include "base/memory/weak_ptr.h"
#include "base/optional.h"
-#include "chrome/browser/ash/settings/cros_settings.h"
#include "chrome/browser/extensions/api/settings_private/prefs_util.h"
#include "chromeos/dbus/system_proxy/system_proxy_service.pb.h"
#include "chromeos/network/network_state_handler_observer.h"
@@ -48,28 +47,47 @@
class PrefChangeRegistrar;
class Profile;
-namespace policy {
+namespace chromeos {
-// This class observes the device setting |SystemProxySettings|, and controls
-// the availability of System-proxy service and the configuration of the web
-// proxy credentials for system services connecting through System-proxy. It
-// also listens for the |WorkerActive| dbus signal sent by the System-proxy
+// Starts and stops the system-proxy service and handles the authentication
+// requests coming from system-proxy. Authentication requests are resolved by
+// requesting proxy credentials from the NetworkService or, if the
+// NetworkService doesn't have credentials for the specified proxy, it will
+// prompt a dialog asking the user for credentials.
+// It also listens for the `WorkerActive` dbus signal sent by the System-proxy
// daemon and stores connection information regarding the active worker
// processes.
// TODO(acostinas, https://crbug.com/1145174): Move the logic that tracks
// managed network changes to another class.
-class SystemProxyManager : public chromeos::NetworkStateHandlerObserver {
+class SystemProxyManager : public NetworkStateHandlerObserver {
public:
- SystemProxyManager(ash::CrosSettings* cros_settings,
- PrefService* local_state);
+ SystemProxyManager(PrefService* local_state);
SystemProxyManager(const SystemProxyManager&) = delete;
SystemProxyManager& operator=(const SystemProxyManager&) = delete;
~SystemProxyManager() override;
- // If System-proxy is enabled by policy, it returns the URL of the local proxy
- // instance that authenticates system services, in PAC format, e.g.
+ // Called by ChromeBrowserMainPartsChromeOS in order to bootstrap the
+ // SystemProxyManager instance after the required global data is
+ // available (local state, and CrosSettings).
+ static void Initialize(PrefService* local_state);
+
+ // Returns the instance of the SystemProxyManager singleton. May return
+ // nullptr during browser startup and shutdown. When calling Get(), either
+ // make sure that your code executes after browser startup and before shutdown
+ // or be careful to call Get() every time (instead of holding a pointer) and
+ // check for nullptr to handle cases where you might access
+ // SystemProxyManager during startup or shutdown.
+ static SystemProxyManager* Get();
+
+ // Called by ChromeBrowserMainPartsChromeOS in order to shutdown the
+ // SystemProxyManager instance before the required global data is destroyed
+ // (local state and CrosSettings).
+ static void Shutdown();
+
+ // If System-proxy is enabled, it returns the URL of the local proxy instance
+ // that authenticates system services, in PAC format, e.g.
// PROXY localhost:3128
// otherwise it returns an empty string.
std::string SystemServicesProxyPacString() const;
@@ -81,6 +99,16 @@
// |AuthenticationRequired| D-Bus signal.
void ClearUserCredentials();
+ // Enables/disables system-proxy and sets credentials to be used by ChromeOS
+ // system services when connecting to a remote web proxy via system-proxy. The
+ // credentials are only forwarded to system-proxy if the network proxy
+ // configuration is managed via policy. `auth_schemes` allows restricting the
+ // credentials to certain HTTP auth schemes.
+ void SetPolicySettings(bool system_proxy_enabled,
+ const std::string& system_services_username,
+ const std::string& system_services_password,
+ const std::vector<std::string>& auth_schemes);
+
void SetSystemProxyEnabledForTest(bool enabled);
void SetSystemServicesProxyUrlForTest(const std::string& local_proxy_url);
void SetSendAuthDetailsClosureForTest(base::RepeatingClosure closure);
@@ -109,7 +137,7 @@
private:
// NetworkStateHandlerObserver implementation
- void DefaultNetworkChanged(const chromeos::NetworkState* network) override;
+ void DefaultNetworkChanged(const NetworkState* network) override;
// Called when the proxy configurations may have changed either by updates to
// the kProxy policy or updates to the default network.
void OnProxyConfigChanged();
@@ -158,11 +186,6 @@
void SendEmptyCredentials(
const system_proxy::ProtectionSpace& protection_space);
- // Once a trusted set of policies is established, this function calls
- // the System-proxy dbus client to start/shutdown the daemon and, if
- // necessary, to configure the web proxy credentials for system services.
- void OnSystemProxySettingsPolicyChanged();
-
// This function is called when the |WorkerActive| dbus signal is received.
void OnWorkerActive(const system_proxy::WorkerActiveSignalDetails& details);
@@ -197,9 +220,6 @@
// Closes the authentication notification or dialog if shown.
void CloseAuthenticationUI();
- ash::CrosSettings* cros_settings_;
- base::CallbackListSubscription system_proxy_subscription_;
-
bool system_proxy_enabled_ = false;
// The authority URI in the format host:port of the local proxy worker for
// system services.
@@ -243,6 +263,6 @@
base::WeakPtrFactory<SystemProxyManager> weak_factory_{this};
};
-} // namespace policy
+} // namespace chromeos
-#endif // CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_MANAGER_H_
+#endif // CHROME_BROWSER_CHROMEOS_NET_SYSTEM_PROXY_MANAGER_H_
diff --git a/chrome/browser/chromeos/policy/system_proxy_manager_browsertest.cc b/chrome/browser/chromeos/net/system_proxy_manager_browsertest.cc
similarity index 90%
rename from chrome/browser/chromeos/policy/system_proxy_manager_browsertest.cc
rename to chrome/browser/chromeos/net/system_proxy_manager_browsertest.cc
index f2e5889..40f96af 100644
--- a/chrome/browser/chromeos/policy/system_proxy_manager_browsertest.cc
+++ b/chrome/browser/chromeos/net/system_proxy_manager_browsertest.cc
@@ -1,4 +1,4 @@
-// Copyright 2020 The Chromium Authors. All rights reserved.
+// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -12,10 +12,10 @@
#include "base/test/bind.h"
#include "chrome/browser/ash/login/test/device_state_mixin.h"
#include "chrome/browser/ash/notifications/request_system_proxy_credentials_view.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/policy/affiliation_test_helper.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/notifications/notification_display_service_tester.h"
#include "chrome/browser/prefetch/prefetch_proxy/prefetch_proxy_test_utils.h"
#include "chrome/browser/ui/browser.h"
@@ -67,7 +67,7 @@
using testing::_;
using testing::Return;
-namespace policy {
+namespace chromeos {
namespace {
constexpr char kRealm[] = "My proxy";
@@ -182,17 +182,15 @@
protected:
SystemProxyManager* GetSystemProxyManager() {
- return g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager();
+ return SystemProxyManager::Get();
}
ash::RequestSystemProxyCredentialsView* dialog() {
return GetSystemProxyManager()->GetActiveAuthDialogForTest();
}
- chromeos::SystemProxyClient::TestInterface* client_test_interface() {
- return chromeos::SystemProxyClient::Get()->GetTestInterface();
+ SystemProxyClient::TestInterface* client_test_interface() {
+ return SystemProxyClient::Get()->GetTestInterface();
}
void SendAuthenticationRequest(bool bad_cached_credentials) {
@@ -341,7 +339,7 @@
public:
SystemProxyManagerPolicyCredentialsBrowserTest() {
device_state_.SetState(
- chromeos::DeviceStateMixin::State::OOBE_COMPLETED_CLOUD_ENROLLED);
+ DeviceStateMixin::State::OOBE_COMPLETED_CLOUD_ENROLLED);
device_state_.set_skip_initial_policy_setup(true);
}
SystemProxyManagerPolicyCredentialsBrowserTest(
@@ -351,15 +349,15 @@
~SystemProxyManagerPolicyCredentialsBrowserTest() override = default;
void SetUpInProcessBrowserTestFixture() override {
- chromeos::SessionManagerClient::InitializeFakeInMemory();
+ SessionManagerClient::InitializeFakeInMemory();
MixinBasedInProcessBrowserTest::SetUpInProcessBrowserTestFixture();
const std::string kAffiliationID = "id";
// Initialize device policy.
std::set<std::string> device_affiliation_ids;
device_affiliation_ids.insert(kAffiliationID);
- auto affiliation_helper = AffiliationTestHelper::CreateForCloud(
- chromeos::FakeSessionManagerClient::Get());
+ auto affiliation_helper = policy::AffiliationTestHelper::CreateForCloud(
+ FakeSessionManagerClient::Get());
ASSERT_NO_FATAL_FAILURE((affiliation_helper.SetDeviceAffiliationIDs(
&policy_helper_, device_affiliation_ids)));
@@ -387,11 +385,11 @@
proto.mutable_system_proxy_settings()->set_system_proxy_settings(
policy_value);
policy_helper_.RefreshPolicyAndWaitUntilDeviceSettingsUpdated(
- {chromeos::kSystemProxySettings});
+ {kSystemProxySettings});
RunUntilIdle();
}
- void SetOncPolicy(const std::string& policy_json, PolicyScope scope) {
+ void SetOncPolicy(const std::string& policy_json, policy::PolicyScope scope) {
policy::PolicyMap policy;
policy.Set(policy::key::kOpenNetworkConfiguration,
policy::POLICY_LEVEL_MANDATORY, scope,
@@ -401,10 +399,8 @@
}
void DisconnectNetworkService(const std::string& service_path) {
- chromeos::ShillServiceClient::TestInterface* service_test =
- chromeos::DBusThreadManager::Get()
- ->GetShillServiceClient()
- ->GetTestInterface();
+ ShillServiceClient::TestInterface* service_test =
+ DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface();
base::Value value(shill::kStateIdle);
service_test->SetServiceProperty(service_path, shill::kStateProperty,
value);
@@ -414,10 +410,8 @@
void ConnectWifiNetworkService(const std::string& service_path,
const std::string& guid,
const std::string& ssid) {
- chromeos::ShillServiceClient::TestInterface* service_test =
- chromeos::DBusThreadManager::Get()
- ->GetShillServiceClient()
- ->GetTestInterface();
+ ShillServiceClient::TestInterface* service_test =
+ DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface();
service_test->AddService(service_path, guid, ssid, shill::kTypeWifi,
shill::kStateOnline, true /* add_to_visible */);
@@ -430,13 +424,12 @@
void SetProxyConfigForNetworkService(const std::string& service_path,
base::Value proxy_config) {
ProxyConfigDictionary proxy_config_dict(std::move(proxy_config));
- DCHECK(chromeos::NetworkHandler::IsInitialized());
- const chromeos::NetworkState* network = chromeos::NetworkHandler::Get()
- ->network_state_handler()
- ->GetNetworkState(service_path);
+ DCHECK(NetworkHandler::IsInitialized());
+ const NetworkState* network =
+ NetworkHandler::Get()->network_state_handler()->GetNetworkState(
+ service_path);
ASSERT_TRUE(network);
- chromeos::proxy_config::SetProxyConfigForNetwork(proxy_config_dict,
- *network);
+ proxy_config::SetProxyConfigForNetwork(proxy_config_dict, *network);
}
void ExpectSystemCredentialsSent(
@@ -458,20 +451,16 @@
EXPECT_EQ(system_proxy::TrafficOrigin::SYSTEM, request.traffic_type());
}
- chromeos::SystemProxyClient::TestInterface* client_test_interface() {
- return chromeos::SystemProxyClient::Get()->GetTestInterface();
+ SystemProxyClient::TestInterface* client_test_interface() {
+ return SystemProxyClient::Get()->GetTestInterface();
}
private:
void SetupNetworkEnvironment() {
- chromeos::ShillProfileClient::TestInterface* profile_test =
- chromeos::DBusThreadManager::Get()
- ->GetShillProfileClient()
- ->GetTestInterface();
- chromeos::ShillServiceClient::TestInterface* service_test =
- chromeos::DBusThreadManager::Get()
- ->GetShillServiceClient()
- ->GetTestInterface();
+ ShillProfileClient::TestInterface* profile_test =
+ DBusThreadManager::Get()->GetShillProfileClient()->GetTestInterface();
+ ShillServiceClient::TestInterface* service_test =
+ DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface();
profile_test->AddProfile(kUserProfilePath, "user");
@@ -479,12 +468,12 @@
ConnectWifiNetworkService(kDefaultServicePath, kDefaultServiceSsid,
kDefaultServiceGuid);
}
- chromeos::DeviceStateMixin device_state_{
- &mixin_host_, chromeos::DeviceStateMixin::State::OOBE_COMPLETED_UNOWNED};
+ DeviceStateMixin device_state_{
+ &mixin_host_, DeviceStateMixin::State::OOBE_COMPLETED_UNOWNED};
- chromeos::ScopedStubInstallAttributes test_install_attributes_;
- testing::NiceMock<MockConfigurationPolicyProvider> provider_;
- DevicePolicyCrosTestHelper policy_helper_;
+ ScopedStubInstallAttributes test_install_attributes_;
+ testing::NiceMock<policy::MockConfigurationPolicyProvider> provider_;
+ policy::DevicePolicyCrosTestHelper policy_helper_;
};
// Tests that the SystemProxyManager syncs credentials correctly for managed
@@ -582,7 +571,7 @@
base::Value proxy_config(base::Value::Type::DICTIONARY);
proxy_config.SetKey("mode", base::Value(ProxyPrefs::kPacScriptProxyModeName));
proxy_config.SetKey("pac_url", base::Value("http://proxy"));
- browser()->profile()->GetPrefs()->Set(proxy_config::prefs::kProxy,
+ browser()->profile()->GetPrefs()->Set(::proxy_config::prefs::kProxy,
proxy_config);
RunUntilIdle();
EXPECT_EQ(++set_auth_details_call_count,
@@ -678,7 +667,7 @@
base::Value(ProxyPrefs::kFixedServersProxyModeName));
proxy_config.SetKey(
"server", base::Value(proxy_server_->host_port_pair().ToString()));
- browser()->profile()->GetPrefs()->Set(proxy_config::prefs::kProxy,
+ browser()->profile()->GetPrefs()->Set(::proxy_config::prefs::kProxy,
proxy_config);
RunUntilIdle();
}
@@ -737,9 +726,7 @@
}
SystemProxyManager* GetSystemProxyManager() {
- return g_browser_process->platform_part()
- ->browser_policy_connector_chromeos()
- ->GetSystemProxyManager();
+ return SystemProxyManager::Get();
}
std::unique_ptr<net::EmbeddedTestServer> https_server_;
@@ -760,9 +747,9 @@
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest,
PolicyCredentialsUsed) {
SetManagedProxy();
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
SetPolicyCredentials(kProxyUsername, kProxyPassword);
ui_test_utils::NavigateToURL(browser(), GetServerUrl("/simple.html"));
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
@@ -773,9 +760,9 @@
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest,
BadPolicyCredentials) {
SetManagedProxy();
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
SetPolicyCredentials(kBadUsername, kBadPassword);
LoginWithDialog(kProxyUsername, kProxyPassword);
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
@@ -786,12 +773,12 @@
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest,
RestrictedPolicyCredentials) {
SetManagedProxy();
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
SetPolicyCredentials(kProxyUsername, kProxyPassword, R"("ntlm","digest")");
LoginWithDialog(kProxyUsername, kProxyPassword);
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
}
-} // namespace policy
+} // namespace chromeos
diff --git a/chrome/browser/chromeos/policy/system_proxy_manager_unittest.cc b/chrome/browser/chromeos/net/system_proxy_manager_unittest.cc
similarity index 83%
rename from chrome/browser/chromeos/policy/system_proxy_manager_unittest.cc
rename to chrome/browser/chromeos/net/system_proxy_manager_unittest.cc
index 71e0ee1..ba52931 100644
--- a/chrome/browser/chromeos/policy/system_proxy_manager_unittest.cc
+++ b/chrome/browser/chromeos/net/system_proxy_manager_unittest.cc
@@ -1,8 +1,8 @@
-// Copyright (c) 2020 The Chromium Authors. All rights reserved.
+// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "base/strings/utf_string_conversions.h"
#include "base/test/task_environment.h"
@@ -84,6 +84,7 @@
base::Value(ProxyPrefs::kFixedServersProxyModeName));
proxy_config.SetKey("server", base::Value(kProxyAuthUrl));
profile->GetPrefs()->Set(proxy_config::prefs::kProxy, proxy_config);
+ base::RunLoop().RunUntilIdle();
}
net::AuthChallengeInfo GetAuthInfo() {
@@ -95,7 +96,7 @@
} // namespace
-namespace policy {
+namespace chromeos {
// TODO(acostinas, https://crbug.com/1102351) Replace RunUntilIdle() in tests
// with RunLoop::Run() with explicit RunLoop::QuitClosure().
class SystemProxyManagerTest : public testing::Test {
@@ -106,68 +107,48 @@
// testing::Test
void SetUp() override {
testing::Test::SetUp();
- chromeos::shill_clients::InitializeFakes();
- chromeos::NetworkHandler::Initialize();
- chromeos::LoginState::Initialize();
+ shill_clients::InitializeFakes();
+ NetworkHandler::Initialize();
+ LoginState::Initialize();
profile_ = std::make_unique<TestingProfile>();
- chromeos::SystemProxyClient::InitializeFake();
- system_proxy_manager_ = std::make_unique<SystemProxyManager>(
- ash::CrosSettings::Get(), local_state_.Get());
+ SystemProxyClient::InitializeFake();
+ system_proxy_manager_ =
+ std::make_unique<SystemProxyManager>(local_state_.Get());
// Listen for pref changes for the primary profile.
system_proxy_manager_->StartObservingPrimaryProfilePrefs(profile_.get());
- chromeos::NetworkHandler::Get()->InitializePrefServices(
- profile_->GetPrefs(), local_state_.Get());
+ NetworkHandler::Get()->InitializePrefServices(profile_->GetPrefs(),
+ local_state_.Get());
}
void TearDown() override {
system_proxy_manager_->StopObservingPrimaryProfilePrefs();
system_proxy_manager_.reset();
- chromeos::LoginState::Shutdown();
- chromeos::SystemProxyClient::Shutdown();
- chromeos::NetworkHandler::Shutdown();
- chromeos::shill_clients::Shutdown();
+ LoginState::Shutdown();
+ SystemProxyClient::Shutdown();
+ NetworkHandler::Shutdown();
+ shill_clients::Shutdown();
}
protected:
void SetPolicy(bool system_proxy_enabled,
const std::string& system_services_username,
const std::string& system_services_password) {
- base::DictionaryValue dict;
- dict.SetKey("system_proxy_enabled", base::Value(system_proxy_enabled));
- dict.SetKey("system_services_username",
- base::Value(system_services_username));
- dict.SetKey("system_services_password",
- base::Value(system_services_password));
- scoped_testing_cros_settings_.device_settings()->Set(
- chromeos::kSystemProxySettings, dict);
- task_environment_.RunUntilIdle();
+ system_proxy_manager_->SetPolicySettings(
+ system_proxy_enabled, system_services_username,
+ system_services_password, /*auth_schemes=*/{});
}
- chromeos::SystemProxyClient::TestInterface* client_test_interface() {
- return chromeos::SystemProxyClient::Get()->GetTestInterface();
+ SystemProxyClient::TestInterface* client_test_interface() {
+ return SystemProxyClient::Get()->GetTestInterface();
}
content::BrowserTaskEnvironment task_environment_;
ScopedTestingLocalState local_state_;
- ash::ScopedTestingCrosSettings scoped_testing_cros_settings_;
std::unique_ptr<SystemProxyManager> system_proxy_manager_;
std::unique_ptr<TestingProfile> profile_;
- ash::ScopedDeviceSettingsTestHelper device_settings_test_helper_;
- chromeos::ScopedStubInstallAttributes test_install_attributes_;
};
-// Verifies requests to shut down are sent to System-proxy according to the
-// |kSystemProxySettings| policy.
-TEST_F(SystemProxyManagerTest, ShutDownDaemon) {
- EXPECT_EQ(0, client_test_interface()->GetShutDownCallCount());
-
- SetPolicy(false /* system_proxy_enabled */, "" /* system_services_username */,
- "" /* system_services_password */);
- // Don't send empty credentials.
- EXPECT_EQ(1, client_test_interface()->GetShutDownCallCount());
-}
-
// Tests that |SystemProxyManager| sends the correct Kerberos details and
// updates to System-proxy.
TEST_F(SystemProxyManagerTest, KerberosConfig) {
@@ -365,23 +346,21 @@
/*system_services_password=*/kPolicyPassword);
SetManagedProxy(profile_.get());
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_TRUE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_KIOSK_APP);
+ LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_KIOSK_APP);
EXPECT_TRUE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_REGULAR);
+ LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_REGULAR);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
@@ -396,9 +375,9 @@
net::AuthChallengeInfo auth_info = GetAuthInfo();
auth_info.is_proxy = false;
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
auth_info, /*first_auth_attempt=*/true));
@@ -411,9 +390,9 @@
/*system_services_username=*/kPolicyUsername,
/*system_services_password=*/kPolicyPassword);
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
@@ -427,9 +406,9 @@
/*system_services_password=*/"");
SetManagedProxy(profile_.get());
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
@@ -443,13 +422,13 @@
/*system_services_password=*/kPolicyPassword);
SetManagedProxy(profile_.get());
- chromeos::LoginState::Get()->SetLoggedInState(
- chromeos::LoginState::LOGGED_IN_ACTIVE,
- chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
+ LoginState::Get()->SetLoggedInState(
+ LoginState::LOGGED_IN_ACTIVE,
+ LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_TRUE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/false));
}
-} // namespace policy
+} // namespace chromeos
diff --git a/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc b/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc
index 233bad25..d45f44fd 100644
--- a/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc
+++ b/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc
@@ -57,7 +57,7 @@
#include "chrome/browser/chromeos/policy/remote_commands/affiliated_remote_commands_invalidator.h"
#include "chrome/browser/chromeos/policy/scheduled_update_checker/device_scheduled_update_checker.h"
#include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
+#include "chrome/browser/chromeos/policy/system_proxy_handler.h"
#include "chrome/browser/chromeos/policy/tpm_auto_update_mode_policy_handler.h"
#include "chrome/browser/chromeos/printing/bulk_printers_calculator_factory.h"
#include "chrome/browser/policy/device_management_service_configuration.h"
@@ -301,8 +301,8 @@
policy::DeviceWilcoDtcConfigurationExternalDataHandler>(
GetPolicyService()));
}
- system_proxy_manager_ = std::make_unique<SystemProxyManager>(
- ash::CrosSettings::Get(), local_state);
+ system_proxy_handler_ =
+ std::make_unique<SystemProxyHandler>(chromeos::CrosSettings::Get());
adb_sideloading_allowance_mode_policy_handler_ =
std::make_unique<AdbSideloadingAllowanceModePolicyHandler>(
@@ -322,7 +322,7 @@
void BrowserPolicyConnectorChromeOS::Shutdown() {
device_cert_provisioning_scheduler_.reset();
- system_proxy_manager_.reset();
+ system_proxy_handler_.reset();
// NetworkCertLoader may be not initialized in tests.
if (chromeos::NetworkCertLoader::IsInitialized()) {
diff --git a/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h b/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h
index d39abe7f..fe98f49 100644
--- a/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h
+++ b/chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h
@@ -59,7 +59,7 @@
class TPMAutoUpdateModePolicyHandler;
class DeviceScheduledUpdateChecker;
class DeviceCloudExternalDataPolicyHandler;
-class SystemProxyManager;
+class SystemProxyHandler;
// Extends ChromeBrowserPolicyConnector with the setup specific to Chrome OS.
class BrowserPolicyConnectorChromeOS
@@ -184,8 +184,8 @@
return tpm_auto_update_mode_policy_handler_.get();
}
- SystemProxyManager* GetSystemProxyManager() const {
- return system_proxy_manager_.get();
+ SystemProxyHandler* GetSystemProxyHandler() const {
+ return system_proxy_handler_.get();
}
HostnameHandler* GetHostnameHandler() const {
@@ -299,7 +299,7 @@
device_scheduled_update_checker_;
std::vector<std::unique_ptr<policy::DeviceCloudExternalDataPolicyHandler>>
device_cloud_external_data_policy_handlers_;
- std::unique_ptr<SystemProxyManager> system_proxy_manager_;
+ std::unique_ptr<SystemProxyHandler> system_proxy_handler_;
std::unique_ptr<AdbSideloadingAllowanceModePolicyHandler>
adb_sideloading_allowance_mode_policy_handler_;
diff --git a/chrome/browser/chromeos/policy/system_proxy_handler.cc b/chrome/browser/chromeos/policy/system_proxy_handler.cc
new file mode 100644
index 0000000..d42de1d
--- /dev/null
+++ b/chrome/browser/chromeos/policy/system_proxy_handler.cc
@@ -0,0 +1,100 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/system_proxy_handler.h"
+
+#include <string>
+
+#include "base/bind.h"
+#include "base/values.h"
+#include "chrome/browser/ash/settings/cros_settings.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
+#include "chromeos/network/network_event_log.h"
+#include "chromeos/settings/cros_settings_names.h"
+#include "chromeos/settings/cros_settings_provider.h"
+
+namespace {
+const char kSystemProxyService[] = "system-proxy-service";
+}
+
+namespace policy {
+
+SystemProxyHandler::SystemProxyHandler(chromeos::CrosSettings* cros_settings)
+ : cros_settings_(cros_settings),
+ system_proxy_subscription_(cros_settings_->AddSettingsObserver(
+ chromeos::kSystemProxySettings,
+ base::BindRepeating(
+ &SystemProxyHandler::OnSystemProxySettingsPolicyChanged,
+ base::Unretained(this)))) {
+ // Fire it once so we're sure we get an invocation on startup.
+ OnSystemProxySettingsPolicyChanged();
+}
+
+SystemProxyHandler::~SystemProxyHandler() = default;
+
+void SystemProxyHandler::OnSystemProxySettingsPolicyChanged() {
+ chromeos::CrosSettingsProvider::TrustedStatus status =
+ cros_settings_->PrepareTrustedValues(base::BindOnce(
+ &SystemProxyHandler::OnSystemProxySettingsPolicyChanged,
+ base::Unretained(this)));
+ if (status != chromeos::CrosSettingsProvider::TRUSTED)
+ return;
+
+ const base::Value* proxy_settings =
+ cros_settings_->GetPref(chromeos::kSystemProxySettings);
+
+ if (!proxy_settings)
+ return;
+
+ bool system_proxy_enabled =
+ proxy_settings->FindBoolKey(chromeos::kSystemProxySettingsKeyEnabled)
+ .value_or(false);
+ const std::string* username = proxy_settings->FindStringKey(
+ chromeos::kSystemProxySettingsKeySystemServicesUsername);
+
+ const std::string* password = proxy_settings->FindStringKey(
+ chromeos::kSystemProxySettingsKeySystemServicesPassword);
+
+ const base::Value* auth_schemes =
+ proxy_settings->FindListKey(chromeos::kSystemProxySettingsKeyAuthSchemes);
+
+ std::vector<std::string> system_services_auth_schemes;
+ if (auth_schemes) {
+ for (const auto& auth_scheme : auth_schemes->GetList())
+ system_services_auth_schemes.push_back(auth_scheme.GetString());
+ }
+
+ std::string system_services_username;
+ std::string system_services_password;
+ if (!username || username->empty() || !password || password->empty()) {
+ NET_LOG(DEBUG) << "Proxy credentials for system traffic not set: "
+ << kSystemProxyService;
+ } else {
+ system_services_username = *username;
+ system_services_password = *password;
+ }
+
+ auto* system_proxy_manager = GetSystemProxyManager();
+ if (system_proxy_manager) {
+ system_proxy_manager->SetPolicySettings(
+ system_proxy_enabled, system_services_username,
+ system_services_password, system_services_auth_schemes);
+ } else {
+ LOG(ERROR) << "SystemProxyManager was not initialized";
+ }
+}
+
+void SystemProxyHandler::SetSystemProxyManagerForTesting(
+ chromeos::SystemProxyManager* system_proxy_manager) {
+ system_proxy_manager_for_testing_ = system_proxy_manager;
+}
+
+chromeos::SystemProxyManager* SystemProxyHandler::GetSystemProxyManager() {
+ if (system_proxy_manager_for_testing_) {
+ return system_proxy_manager_for_testing_;
+ }
+ return chromeos::SystemProxyManager::Get();
+}
+
+} // namespace policy
diff --git a/chrome/browser/chromeos/policy/system_proxy_handler.h b/chrome/browser/chromeos/policy/system_proxy_handler.h
new file mode 100644
index 0000000..a23af3ef
--- /dev/null
+++ b/chrome/browser/chromeos/policy/system_proxy_handler.h
@@ -0,0 +1,49 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_HANDLER_H_
+#define CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_HANDLER_H_
+
+#include <memory>
+
+#include "base/memory/weak_ptr.h"
+#include "chrome/browser/ash/settings/cros_settings.h"
+
+namespace chromeos {
+class SystemProxyManager;
+}
+
+namespace policy {
+
+// This class observes the device setting |SystemProxySettings|, and controls
+// the availability of the System-proxy service and the configuration of the web
+// proxy credentials for system services connecting through System-proxy.
+class SystemProxyHandler {
+ public:
+ SystemProxyHandler(chromeos::CrosSettings* cros_settings);
+
+ SystemProxyHandler(const SystemProxyHandler&) = delete;
+ SystemProxyHandler& operator=(const SystemProxyHandler&) = delete;
+
+ ~SystemProxyHandler();
+
+ void SetSystemProxyManagerForTesting(
+ chromeos::SystemProxyManager* system_proxy_manager);
+
+ private:
+ void OnSystemProxySettingsPolicyChanged();
+
+ chromeos::SystemProxyManager* GetSystemProxyManager();
+
+ // Owned by the test fixture.
+ chromeos::SystemProxyManager* system_proxy_manager_for_testing_ = nullptr;
+ chromeos::CrosSettings* cros_settings_;
+ base::CallbackListSubscription system_proxy_subscription_;
+
+ base::WeakPtrFactory<SystemProxyHandler> weak_factory_{this};
+};
+
+} // namespace policy
+
+#endif // CHROME_BROWSER_CHROMEOS_POLICY_SYSTEM_PROXY_HANDLER_H_
diff --git a/chrome/browser/chromeos/policy/system_proxy_handler_unittest.cc b/chrome/browser/chromeos/policy/system_proxy_handler_unittest.cc
new file mode 100644
index 0000000..d432ca31
--- /dev/null
+++ b/chrome/browser/chromeos/policy/system_proxy_handler_unittest.cc
@@ -0,0 +1,154 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/system_proxy_handler.h"
+
+#include <memory>
+#include <string>
+#include <utility>
+
+#include "base/callback_list.h"
+#include "base/task/current_thread.h"
+#include "base/test/task_environment.h"
+#include "base/values.h"
+#include "chrome/browser/ash/settings/device_settings_test_helper.h"
+#include "chrome/browser/ash/settings/scoped_testing_cros_settings.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
+#include "chrome/test/base/scoped_testing_local_state.h"
+#include "chrome/test/base/testing_browser_process.h"
+#include "chrome/test/base/testing_profile.h"
+#include "chromeos/dbus/shill/shill_clients.h"
+#include "chromeos/dbus/system_proxy/system_proxy_client.h"
+#include "chromeos/dbus/system_proxy/system_proxy_service.pb.h"
+#include "chromeos/network/network_handler.h"
+#include "components/proxy_config/proxy_config_pref_names.h"
+#include "components/proxy_config/proxy_prefs.h"
+
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using testing::_;
+using testing::Invoke;
+using testing::WithArg;
+
+namespace {
+constexpr char kPolicyUsername[] = "policy_username";
+constexpr char kPolicyPassword[] = "policy_password";
+constexpr char kProxyAuthUrl[] = "http://example.com:3128";
+} // namespace
+
+namespace policy {
+// TODO(acostinas, https://crbug.com/1102351) Replace RunUntilIdle() in tests
+// with RunLoop::Run() with explicit RunLoop::QuitClosure().
+class SystemProxyHandlerTest : public testing::Test {
+ public:
+ SystemProxyHandlerTest() : local_state_(TestingBrowserProcess::GetGlobal()) {}
+ ~SystemProxyHandlerTest() override = default;
+
+ // testing::Test
+ void SetUp() override {
+ testing::Test::SetUp();
+ chromeos::shill_clients::InitializeFakes();
+ chromeos::NetworkHandler::Initialize();
+ chromeos::SystemProxyClient::InitializeFake();
+
+ system_proxy_handler_ =
+ std::make_unique<SystemProxyHandler>(ash::CrosSettings::Get());
+ system_proxy_manager_ =
+ std::make_unique<chromeos::SystemProxyManager>(local_state_.Get());
+ profile_ = std::make_unique<TestingProfile>();
+ system_proxy_manager_->StartObservingPrimaryProfilePrefs(profile_.get());
+
+ system_proxy_handler_->SetSystemProxyManagerForTesting(
+ system_proxy_manager_.get());
+ chromeos::NetworkHandler::Get()->InitializePrefServices(
+ profile_->GetPrefs(), local_state_.Get());
+ }
+
+ void TearDown() override {
+ system_proxy_manager_->StopObservingPrimaryProfilePrefs();
+ system_proxy_manager_.reset();
+ chromeos::SystemProxyClient::Shutdown();
+ chromeos::NetworkHandler::Shutdown();
+ chromeos::shill_clients::Shutdown();
+ }
+
+ protected:
+ void SetPolicy(bool system_proxy_enabled,
+ const std::string& system_services_username,
+ const std::string& system_services_password) {
+ base::DictionaryValue dict;
+ dict.SetKey("system_proxy_enabled", base::Value(system_proxy_enabled));
+ dict.SetKey("system_services_username",
+ base::Value(system_services_username));
+ dict.SetKey("system_services_password",
+ base::Value(system_services_password));
+ scoped_testing_cros_settings_.device_settings()->Set(
+ chromeos::kSystemProxySettings, dict);
+ task_environment_.RunUntilIdle();
+ }
+
+ void SetManagedProxy(Profile* profile) {
+ // Configure a proxy via user policy.
+ base::Value proxy_config(base::Value::Type::DICTIONARY);
+ proxy_config.SetKey("mode",
+ base::Value(ProxyPrefs::kFixedServersProxyModeName));
+ proxy_config.SetKey("server", base::Value(kProxyAuthUrl));
+ profile->GetPrefs()->Set(proxy_config::prefs::kProxy, proxy_config);
+ task_environment_.RunUntilIdle();
+ }
+
+ chromeos::SystemProxyClient::TestInterface* client_test_interface() {
+ return chromeos::SystemProxyClient::Get()->GetTestInterface();
+ }
+
+ content::BrowserTaskEnvironment task_environment_;
+ ScopedTestingLocalState local_state_;
+ std::unique_ptr<TestingProfile> profile_;
+ chromeos::ScopedTestingCrosSettings scoped_testing_cros_settings_;
+ ash::ScopedDeviceSettingsTestHelper device_settings_test_helper_;
+ chromeos::ScopedStubInstallAttributes test_install_attributes_;
+ std::unique_ptr<SystemProxyHandler> system_proxy_handler_;
+ std::unique_ptr<chromeos::SystemProxyManager> system_proxy_manager_;
+};
+
+// Verifies that authentication details are forwarded to system-proxy according
+// to the |kSystemProxySettings| policy.
+TEST_F(SystemProxyHandlerTest, SetAuthenticationDetails) {
+ EXPECT_EQ(0, client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
+ SetPolicy(true /* system_proxy_enabled */, "" /* system_services_username */,
+ "" /* system_services_password */);
+ EXPECT_EQ(1, client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
+ SetPolicy(true /* system_proxy_enabled */, kPolicyUsername, kPolicyPassword);
+ EXPECT_EQ(2, client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
+ system_proxy::SetAuthenticationDetailsRequest request =
+ client_test_interface()->GetLastAuthenticationDetailsRequest();
+
+ ASSERT_TRUE(request.has_credentials());
+ EXPECT_EQ("", request.credentials().username());
+ EXPECT_EQ("", request.credentials().password());
+
+ SetManagedProxy(profile_.get());
+ EXPECT_EQ(3, client_test_interface()->GetSetAuthenticationDetailsCallCount());
+
+ request = client_test_interface()->GetLastAuthenticationDetailsRequest();
+ ASSERT_TRUE(request.has_credentials());
+ EXPECT_EQ(kPolicyUsername, request.credentials().username());
+ EXPECT_EQ(kPolicyPassword, request.credentials().password());
+}
+
+// Verifies requests to shut down are sent to System-proxy according to the
+// |kSystemProxySettings| policy.
+TEST_F(SystemProxyHandlerTest, ShutDownDaemon) {
+ EXPECT_EQ(0, client_test_interface()->GetShutDownCallCount());
+
+ SetPolicy(false /* system_proxy_enabled */, "" /* system_services_username */,
+ "" /* system_services_password */);
+ EXPECT_EQ(1, client_test_interface()->GetShutDownCallCount());
+}
+
+} // namespace policy
diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index 1d36f71c..c3b3d0e 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -181,9 +181,9 @@
#include "chrome/browser/chromeos/device_name_store.h"
#include "chrome/browser/chromeos/extensions/extensions_permissions_tracker.h"
#include "chrome/browser/chromeos/kerberos/kerberos_credentials_manager.h"
+#include "chrome/browser/chromeos/net/system_proxy_manager.h"
#include "chrome/browser/chromeos/platform_keys/key_permissions/key_permissions_manager_impl.h"
#include "chrome/browser/chromeos/policy/system_features_disable_list_policy_handler.h"
-#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/component_updater/metadata_table_chromeos.h"
#include "chrome/browser/ui/webui/signin/inline_login_handler_chromeos.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
@@ -1128,7 +1128,7 @@
policy::ExtensionInstallEventLogManagerWrapper::RegisterProfilePrefs(
registry);
policy::StatusCollector::RegisterProfilePrefs(registry);
- policy::SystemProxyManager::RegisterProfilePrefs(registry);
+ chromeos::SystemProxyManager::RegisterProfilePrefs(registry);
RegisterChromeLauncherUserPrefs(registry);
::onc::RegisterProfilePrefs(registry);
ash::cert_provisioning::RegisterProfilePrefs(registry);
diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
index ca754c9..affd496 100644
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -2724,6 +2724,7 @@
"../browser/chromeos/logging_browsertest.cc",
"../browser/chromeos/net/device_event_log_error_browsertest.cc",
"../browser/chromeos/net/network_portal_detector_impl_browsertest.cc",
+ "../browser/chromeos/net/system_proxy_manager_browsertest.cc",
"../browser/chromeos/network_change_manager_client_browsertest.cc",
"../browser/chromeos/platform_keys/key_permissions/key_permissions_manager_browsertest.cc",
"../browser/chromeos/platform_keys/platform_keys_service_browsertest.cc",
@@ -2775,7 +2776,6 @@
"../browser/chromeos/policy/site_isolation_flag_handling_browsertest.cc",
"../browser/chromeos/policy/status_collector/child_status_collector_browsertest.cc",
"../browser/chromeos/policy/status_collector/device_status_collector_browsertest.cc",
- "../browser/chromeos/policy/system_proxy_manager_browsertest.cc",
"../browser/chromeos/policy/unaffiliated_arc_allowed_browsertest.cc",
"../browser/chromeos/policy/user_affiliation_browsertest.cc",
"../browser/chromeos/policy/user_cloud_external_data_manager_browsertest.cc",
