Chromium Code Reviews Chromium Code Reviews
Issue 10928036:
Implement Chrome OS device enrollment on the new cloud policy stack. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/device_cloud_policy_manager_chromeos.h" | 5 #include "chrome/browser/policy/device_cloud_policy_manager_chromeos.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/compiler_specific.h" | 8 #include "base/compiler_specific.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 11 #include "base/message_loop.h" | 11 #include "base/message_loop.h" |
| 12 #include "base/run_loop.h" | |
| 12 #include "chrome/browser/chromeos/cros/cryptohome_library.h" | 13 #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
| 13 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 14 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 14 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" | 15 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" |
| 15 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h" | 16 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h" |
| 17 #include "chrome/browser/policy/cloud_policy_client.h" | |
| 16 #include "chrome/browser/policy/device_cloud_policy_store_chromeos.h" | 18 #include "chrome/browser/policy/device_cloud_policy_store_chromeos.h" |
| 17 #include "chrome/browser/policy/enterprise_install_attributes.h" | 19 #include "chrome/browser/policy/enterprise_install_attributes.h" |
| 18 #include "chrome/browser/policy/mock_device_management_service.h" | 20 #include "chrome/browser/policy/mock_device_management_service.h" |
| 19 #include "chrome/browser/policy/policy_builder.h" | 21 #include "chrome/browser/policy/policy_builder.h" |
| 20 #include "chrome/browser/policy/proto/chrome_device_policy.pb.h" | 22 #include "chrome/browser/policy/proto/chrome_device_policy.pb.h" |
| 23 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | |
| 21 #include "chrome/browser/prefs/browser_prefs.h" | 24 #include "chrome/browser/prefs/browser_prefs.h" |
| 22 #include "chrome/test/base/testing_pref_service.h" | 25 #include "chrome/test/base/testing_pref_service.h" |
| 23 #include "content/public/test/test_browser_thread.h" | 26 #include "content/public/test/test_browser_thread.h" |
| 24 #include "policy/policy_constants.h" | 27 #include "policy/policy_constants.h" |
| 28 #include "testing/gmock/include/gmock/gmock.h" | |
| 25 #include "testing/gtest/include/gtest/gtest.h" | 29 #include "testing/gtest/include/gtest/gtest.h" |
| 26 | 30 |
| 31 using testing::AtMost; | |
| 32 using testing::Mock; | |
| 33 using testing::_; | |
| 34 | |
| 35 namespace em = enterprise_management; | |
| 36 | |
| 27 namespace policy { | 37 namespace policy { |
| 28 namespace { | 38 namespace { |
| 29 | 39 |
| 30 class DeviceCloudPolicyManagerChromeOSTest : public testing::Test { | 40 class DeviceCloudPolicyManagerChromeOSTest : public testing::Test { |
| 31 protected: | 41 protected: |
| 32 DeviceCloudPolicyManagerChromeOSTest() | 42 DeviceCloudPolicyManagerChromeOSTest() |
| 33 : loop_(MessageLoop::TYPE_UI), | 43 : loop_(MessageLoop::TYPE_UI), |
| 34 ui_thread_(content::BrowserThread::UI, &loop_), | 44 ui_thread_(content::BrowserThread::UI, &loop_), |
| 35 file_thread_(content::BrowserThread::FILE, &loop_), | 45 file_thread_(content::BrowserThread::FILE, &loop_), |
| 36 owner_key_util_(new chromeos::MockOwnerKeyUtil()), | 46 owner_key_util_(new chromeos::MockOwnerKeyUtil()), |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 125 PolicyBundle bundle; | 135 PolicyBundle bundle; |
| 126 EXPECT_TRUE(manager_.policies().Equals(bundle)); | 136 EXPECT_TRUE(manager_.policies().Equals(bundle)); |
| 127 | 137 |
| 128 manager_.Connect(&local_state_, &device_management_service_); | 138 manager_.Connect(&local_state_, &device_management_service_); |
| 129 EXPECT_TRUE(manager_.policies().Equals(bundle)); | 139 EXPECT_TRUE(manager_.policies().Equals(bundle)); |
| 130 | 140 |
| 131 manager_.Shutdown(); | 141 manager_.Shutdown(); |
| 132 EXPECT_TRUE(manager_.policies().Equals(bundle)); | 142 EXPECT_TRUE(manager_.policies().Equals(bundle)); |
| 133 } | 143 } |
| 134 | 144 |
| 145 class DeviceCloudPolicyManagerChromeOSEnrollmentTest | |
| 146 : public DeviceCloudPolicyManagerChromeOSTest { | |
| 147 public: | |
| 148 void Done(EnrollmentStatus status) { | |
| 149 EXPECT_EQ(expected_enrollment_status_, status.status()); | |
| 150 EXPECT_EQ(expected_dm_status_, status.client_status()); | |
| 151 EXPECT_EQ(expected_validation_status_, status.validation_status()); | |
| 152 EXPECT_EQ(expected_store_status_, status.store_status()); | |
| 153 done_ = true; | |
| 154 } | |
| 155 | |
| 156 protected: | |
| 157 DeviceCloudPolicyManagerChromeOSEnrollmentTest() | |
| 158 : register_status_(DM_STATUS_SUCCESS), | |
| 159 fetch_status_(DM_STATUS_SUCCESS), | |
| 160 store_result_(true), | |
| 161 expected_enrollment_status_(EnrollmentStatus::STATUS_SUCCESS), | |
| 162 expected_dm_status_(DM_STATUS_SUCCESS), | |
| 163 expected_validation_status_(CloudPolicyValidatorBase::VALIDATION_OK), | |
| 164 expected_store_status_(CloudPolicyStore::STATUS_OK), | |
| 165 done_(false) {} | |
| 166 | |
| 167 virtual void SetUp() OVERRIDE { | |
| 168 DeviceCloudPolicyManagerChromeOSTest::SetUp(); | |
| 169 | |
| 170 // Set up test data. | |
| 171 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); | |
| 172 policy_.policy_data().set_timestamp( | |
| 173 (base::Time::NowFromSystemTime() - | |
| 174 base::Time::UnixEpoch()).InMilliseconds()); | |
| 175 policy_.Build(); | |
| 176 | |
| 177 register_response_.mutable_register_response()->set_device_management_token( | |
| 178 PolicyBuilder::kFakeToken); | |
| 179 fetch_response_.mutable_policy_response()->add_response()->CopyFrom( | |
| 180 policy_.policy()); | |
| 181 loaded_blob_ = policy_.GetBlob(); | |
| 182 | |
| 183 // Initialize the manager. | |
| 184 device_settings_test_helper_.Flush(); | |
| 185 EXPECT_EQ(CloudPolicyStore::STATUS_BAD_STATE, store_->status()); | |
| 186 EXPECT_TRUE(manager_.IsInitializationComplete()); | |
| 187 | |
| 188 PolicyBundle bundle; | |
| 189 EXPECT_TRUE(manager_.policies().Equals(bundle)); | |
| 190 | |
| 191 manager_.Connect(&local_state_, &device_management_service_); | |
| 192 } | |
| 193 | |
| 194 virtual void TearDown() OVERRIDE { | |
| 195 RunTest(); | |
| 196 | |
| 197 // Enrollment should have completed. | |
| 198 EXPECT_TRUE(done_); | |
| 199 PolicyBundle bundle; | |
| 200 if (expected_enrollment_status_ != EnrollmentStatus::STATUS_SUCCESS) { | |
| 201 EXPECT_FALSE(store_->has_policy()); | |
| 202 EXPECT_FALSE(store_->is_managed()); | |
| 203 EXPECT_TRUE(manager_.policies().Equals(bundle)); | |
| 204 } else { | |
| 205 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_.GetMode()); | |
| 206 EXPECT_TRUE(store_->has_policy()); | |
| 207 EXPECT_TRUE(store_->is_managed()); | |
| 208 ASSERT_TRUE(manager_.cloud_policy_client()); | |
| 209 EXPECT_TRUE(manager_.cloud_policy_client()->is_registered()); | |
| 210 | |
| 211 bundle.Get(POLICY_DOMAIN_CHROME, std::string()).Set( | |
| 212 key::kDeviceMetricsReportingEnabled, POLICY_LEVEL_MANDATORY, | |
| 213 POLICY_SCOPE_MACHINE, Value::CreateBooleanValue(true)); | |
| 214 EXPECT_TRUE(manager_.policies().Equals(bundle)); | |
| 215 } | |
| 216 | |
| 217 DeviceCloudPolicyManagerChromeOSTest::TearDown(); | |
| 218 } | |
| 219 | |
| 220 void RunTest() { | |
| 221 // Trigger enrollment. | |
| 222 MockDeviceManagementJob* register_job = NULL; | |
| 223 EXPECT_CALL(device_management_service_, | |
| 224 CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION)) | |
| 225 .Times(AtMost(1)) | |
| 226 .WillOnce(device_management_service_.CreateAsyncJob(®ister_job)); | |
| 227 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _, _)) | |
| 228 .Times(AtMost(1)); | |
| 229 DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes modes; | |
| 230 modes[DEVICE_MODE_ENTERPRISE] = true; | |
| 231 manager_.StartEnrollment( | |
| 232 "auth token", modes, | |
| 233 base::Bind(&DeviceCloudPolicyManagerChromeOSEnrollmentTest::Done, | |
| 234 base::Unretained(this))); | |
| 235 Mock::VerifyAndClearExpectations(&device_management_service_); | |
| 236 | |
| 237 if (done_) | |
| 238 return; | |
| 239 | |
| 240 // Process registration. | |
| 241 ASSERT_TRUE(register_job); | |
| 242 MockDeviceManagementJob* fetch_job = NULL; | |
| 243 EXPECT_CALL(device_management_service_, | |
| 244 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH)) | |
| 245 .Times(AtMost(1)) | |
| 246 .WillOnce(device_management_service_.CreateAsyncJob(&fetch_job)); | |
| 247 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _, _)) | |
| 248 .Times(AtMost(1)); | |
| 249 register_job->SendResponse(register_status_, register_response_); | |
| 250 Mock::VerifyAndClearExpectations(&device_management_service_); | |
| 251 | |
| 252 if (done_) | |
| 253 return; | |
| 254 | |
| 255 // Process policy fetch. | |
| 256 ASSERT_TRUE(fetch_job); | |
| 257 fetch_job->SendResponse(fetch_status_, fetch_response_); | |
| 258 | |
| 259 if (done_) | |
| 260 return; | |
| 261 | |
| 262 // Process verification. | |
| 263 base::RunLoop().RunUntilIdle(); | |
| 264 | |
| 265 if (done_) | |
| 266 return; | |
| 267 | |
| 268 // Process policy store. | |
| 269 device_settings_test_helper_.set_store_result(store_result_); | |
| 270 device_settings_test_helper_.FlushStore(); | |
| 271 EXPECT_EQ(policy_.GetBlob(), device_settings_test_helper_.policy_blob()); | |
| 272 | |
| 273 if (done_) | |
| 274 return; | |
| 275 | |
| 276 // Key installation and policy load. | |
| 277 device_settings_test_helper_.set_policy_blob(loaded_blob_); | |
| 278 owner_key_util_->SetPublicKeyFromPrivateKey(policy_.new_signing_key()); | |
| 279 device_settings_service_.OwnerKeySet(true); | |
| 280 device_settings_test_helper_.Flush(); | |
| 281 } | |
| 282 | |
| 283 DeviceManagementStatus register_status_; | |
| 284 em::DeviceManagementResponse register_response_; | |
| 285 | |
| 286 DeviceManagementStatus fetch_status_; | |
| 287 em::DeviceManagementResponse fetch_response_; | |
| 288 | |
| 289 bool store_result_; | |
| 290 std::string loaded_blob_; | |
| 291 | |
| 292 EnrollmentStatus::Status expected_enrollment_status_; | |
| 293 DeviceManagementStatus expected_dm_status_; | |
| 294 CloudPolicyValidatorBase::Status expected_validation_status_; | |
| 295 CloudPolicyStore::Status expected_store_status_; | |
| 296 bool done_; | |
| 297 | |
| 298 private: | |
| 299 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSEnrollmentTest); | |
| 300 }; | |
| 301 | |
| 302 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) { | |
| 303 // The defaults should result in successful enrollment. | |
| 304 } | |
| 305 | |
| 306 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) { | |
| 307 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
| 308 install_attributes_.LockDevice(PolicyBuilder::kFakeUsername, | |
| 309 DEVICE_MODE_ENTERPRISE, | |
| 310 PolicyBuilder::kFakeDeviceId)); | |
| 311 } | |
| 312 | |
| 313 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, RegistrationFailed) { | |
| 314 register_status_ = DM_STATUS_REQUEST_FAILED; | |
| 315 expected_enrollment_status_ = EnrollmentStatus::STATUS_REGISTRATION_FAILED; | |
| 316 expected_dm_status_ = DM_STATUS_REQUEST_FAILED; | |
| 317 } | |
| 318 | |
| 319 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, PolicyFetchFailed) { | |
| 320 fetch_status_ = DM_STATUS_REQUEST_FAILED; | |
| 321 expected_enrollment_status_ = EnrollmentStatus::STATUS_POLICY_FETCH_FAILED; | |
| 322 expected_dm_status_ = DM_STATUS_REQUEST_FAILED; | |
| 323 } | |
| 324 | |
| 325 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, ValidationFailed) { | |
| 326 policy_.policy().set_policy_data_signature("bad"); | |
| 327 fetch_response_.clear_policy_response(); | |
| 328 fetch_response_.mutable_policy_response()->add_response()->CopyFrom( | |
| 329 policy_.policy()); | |
|
Joao da Silva
2012/10/24 10:57:01
Still broken? (maybe there are tabs in this line?)
Mattias Nissler (ping if slow)
2012/10/24 11:01:32
What's broken? I see exactly 4 spaces of indentati
Joao da Silva
2012/10/24 11:37:06
Weird. The diff to the original is good, but the d
| |
| 330 expected_enrollment_status_ = EnrollmentStatus::STATUS_VALIDATION_FAILED; | |
| 331 expected_validation_status_ = | |
| 332 CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE; | |
| 333 } | |
| 334 | |
| 335 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, StoreError) { | |
| 336 store_result_ = false; | |
| 337 expected_enrollment_status_ = EnrollmentStatus::STATUS_STORE_ERROR; | |
| 338 expected_store_status_ = CloudPolicyStore::STATUS_STORE_ERROR; | |
| 339 } | |
| 340 | |
| 341 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) { | |
| 342 loaded_blob_.clear(); | |
| 343 expected_enrollment_status_ = EnrollmentStatus::STATUS_STORE_ERROR; | |
| 344 expected_store_status_ = CloudPolicyStore::STATUS_LOAD_ERROR; | |
| 345 } | |
| 346 | |
| 135 } // namespace | 347 } // namespace |
| 136 } // namespace policy | 348 } // namespace policy |
| OLD | NEW |
