| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/device_policy_cache.h" | 5 #include "chrome/browser/policy/device_policy_cache.h" |
| 6 | 6 |
| 7 #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
| 7 #include "chrome/browser/policy/device_policy_identity_strategy.h" | 8 #include "chrome/browser/policy/device_policy_identity_strategy.h" |
| 9 #include "chrome/browser/policy/enterprise_install_attributes.h" |
| 8 #include "policy/configuration_policy_type.h" | 10 #include "policy/configuration_policy_type.h" |
| 9 #include "testing/gmock/include/gmock/gmock.h" | 11 #include "testing/gmock/include/gmock/gmock.h" |
| 10 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
| 11 | 13 |
| 12 namespace policy { | 14 namespace policy { |
| 13 | 15 |
| 14 namespace { | 16 namespace { |
| 15 | 17 |
| 18 // Test registration user name. |
| 19 const char kTestUser[] = "test@example.com"; |
| 20 |
| 16 using ::chromeos::SignedSettings; | 21 using ::chromeos::SignedSettings; |
| 17 using ::chromeos::SignedSettingsHelper; | 22 using ::chromeos::SignedSettingsHelper; |
| 18 using ::testing::_; | 23 using ::testing::_; |
| 19 using ::testing::InSequence; | 24 using ::testing::InSequence; |
| 20 | 25 |
| 21 class MockSignedSettingsHelper : public SignedSettingsHelper { | 26 class MockSignedSettingsHelper : public SignedSettingsHelper { |
| 22 public: | 27 public: |
| 23 MockSignedSettingsHelper() {} | 28 MockSignedSettingsHelper() {} |
| 24 virtual ~MockSignedSettingsHelper() {} | 29 virtual ~MockSignedSettingsHelper() {} |
| 25 | 30 |
| (...skipping 19 matching lines...) Expand all Loading... |
| 45 }; | 50 }; |
| 46 | 51 |
| 47 ACTION_P(MockSignedSettingsHelperStorePolicy, status_code) { | 52 ACTION_P(MockSignedSettingsHelperStorePolicy, status_code) { |
| 48 arg1->OnStorePolicyCompleted(status_code); | 53 arg1->OnStorePolicyCompleted(status_code); |
| 49 } | 54 } |
| 50 | 55 |
| 51 ACTION_P2(MockSignedSettingsHelperRetrievePolicy, status_code, policy) { | 56 ACTION_P2(MockSignedSettingsHelperRetrievePolicy, status_code, policy) { |
| 52 arg0->OnRetrievePolicyCompleted(status_code, policy); | 57 arg0->OnRetrievePolicyCompleted(status_code, policy); |
| 53 } | 58 } |
| 54 | 59 |
| 55 em::PolicyFetchResponse* CreateProxyPolicy(const std::string& proxy) { | 60 void CreatePolicy(em::PolicyFetchResponse* policy, |
| 61 const std::string& user, |
| 62 int refresh_rate) { |
| 56 // This method omits a few fields which currently aren't needed by tests: | 63 // This method omits a few fields which currently aren't needed by tests: |
| 57 // timestamp, machine_name, request_token, policy_type, public key info. | 64 // timestamp, machine_name, policy_type, public key info. |
| 58 em::PolicyData signed_response; | 65 em::PolicyData signed_response; |
| 59 em::ChromeDeviceSettingsProto settings; | 66 em::ChromeDeviceSettingsProto settings; |
| 60 em::DeviceProxySettingsProto* proxy_proto = | 67 settings.mutable_policy_refresh_rate()->set_policy_refresh_rate(refresh_rate); |
| 61 settings.mutable_device_proxy_settings(); | 68 signed_response.set_username(user); |
| 62 proxy_proto->set_proxy_server(proxy); | 69 signed_response.set_request_token("dmtoken"); |
| 63 proxy_proto->set_proxy_mode("fixed_servers"); | 70 signed_response.set_device_id("deviceid"); |
| 64 EXPECT_TRUE( | 71 EXPECT_TRUE( |
| 65 settings.SerializeToString(signed_response.mutable_policy_value())); | 72 settings.SerializeToString(signed_response.mutable_policy_value())); |
| 66 std::string serialized_signed_response; | 73 std::string serialized_signed_response; |
| 67 EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response)); | 74 EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response)); |
| 68 em::PolicyFetchResponse* response = new em::PolicyFetchResponse; | 75 policy->set_policy_data(serialized_signed_response); |
| 69 response->set_policy_data(serialized_signed_response); | |
| 70 return response; | |
| 71 } | 76 } |
| 72 | 77 |
| 73 } // namespace | 78 } // namespace |
| 74 | 79 |
| 75 class DevicePolicyCacheTest : public testing::Test { | 80 class DevicePolicyCacheTest : public testing::Test { |
| 76 protected: | 81 protected: |
| 77 DevicePolicyCacheTest() { | 82 DevicePolicyCacheTest() |
| 78 } | 83 : install_attributes_(chromeos::CryptohomeLibrary::GetImpl(true)) {} |
| 79 | 84 |
| 80 virtual void SetUp() { | 85 virtual void SetUp() { |
| 81 cache_.reset(new DevicePolicyCache(&identity_strategy_, | 86 cache_.reset(new DevicePolicyCache(&identity_strategy_, |
| 87 &install_attributes_, |
| 82 &signed_settings_helper_)); | 88 &signed_settings_helper_)); |
| 83 } | 89 } |
| 84 | 90 |
| 85 virtual void TearDown() { | 91 virtual void TearDown() { |
| 86 EXPECT_CALL(signed_settings_helper_, CancelCallback(_)); | 92 EXPECT_CALL(signed_settings_helper_, CancelCallback(_)); |
| 87 cache_.reset(); | 93 cache_.reset(); |
| 88 } | 94 } |
| 89 | 95 |
| 90 const PolicyMap& mandatory_policy(const DevicePolicyCache& cache) { | 96 void MakeEnterpriseDevice(const char* registration_user) { |
| 91 return cache.mandatory_policy_; | 97 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, |
| 98 install_attributes_.LockDevice(registration_user)); |
| 99 } |
| 100 |
| 101 const Value* GetMandatoryPolicy(ConfigurationPolicyType policy) { |
| 102 return cache_->mandatory_policy_.Get(policy); |
| 92 } | 103 } |
| 93 | 104 |
| 94 scoped_ptr<DevicePolicyCache> cache_; | 105 scoped_ptr<DevicePolicyCache> cache_; |
| 106 EnterpriseInstallAttributes install_attributes_; |
| 95 DevicePolicyIdentityStrategy identity_strategy_; | 107 DevicePolicyIdentityStrategy identity_strategy_; |
| 96 MockSignedSettingsHelper signed_settings_helper_; | 108 MockSignedSettingsHelper signed_settings_helper_; |
| 97 | 109 |
| 98 private: | 110 private: |
| 99 DISALLOW_COPY_AND_ASSIGN(DevicePolicyCacheTest); | 111 DISALLOW_COPY_AND_ASSIGN(DevicePolicyCacheTest); |
| 100 }; | 112 }; |
| 101 | 113 |
| 102 TEST_F(DevicePolicyCacheTest, Startup) { | 114 TEST_F(DevicePolicyCacheTest, Startup) { |
| 103 scoped_ptr<em::PolicyFetchResponse> policy_response( | 115 em::PolicyFetchResponse policy; |
| 104 CreateProxyPolicy("proxy.server")); | 116 CreatePolicy(&policy, kTestUser, 120); |
| 105 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( | 117 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( |
| 106 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, | 118 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, |
| 107 *policy_response)); | 119 policy)); |
| 108 cache_->Load(); | 120 cache_->Load(); |
| 109 // TODO(jkummerow): This will be EXPECT_GT once policy decoding is | 121 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 110 // implemented in DevicePolicyCache::DecodeDevicePolicy(...). | 122 FundamentalValue expected(120); |
| 111 EXPECT_EQ(mandatory_policy(*cache_).size(), 0U); | 123 EXPECT_TRUE(Value::Equals(&expected, |
| 124 GetMandatoryPolicy(kPolicyPolicyRefreshRate))); |
| 112 } | 125 } |
| 113 | 126 |
| 114 TEST_F(DevicePolicyCacheTest, SetPolicy) { | 127 TEST_F(DevicePolicyCacheTest, SetPolicy) { |
| 115 InSequence s; | 128 InSequence s; |
| 129 |
| 130 MakeEnterpriseDevice(kTestUser); |
| 131 |
| 116 // Startup. | 132 // Startup. |
| 117 scoped_ptr<em::PolicyFetchResponse> policy_response( | 133 em::PolicyFetchResponse policy; |
| 118 CreateProxyPolicy("proxy.server.old")); | 134 CreatePolicy(&policy, kTestUser, 120); |
| 119 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( | 135 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( |
| 120 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, | 136 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, |
| 121 *policy_response)); | 137 policy)); |
| 122 cache_->Load(); | 138 cache_->Load(); |
| 123 scoped_ptr<Value> expected(Value::CreateStringValue("proxy.server.old")); | |
| 124 // TODO(jkummerow): This will be EXPECT_TRUE once policy decoding is | |
| 125 // implemented in DevicePolicyCache::DecodeDevicePolicy(...). | |
| 126 EXPECT_FALSE(Value::Equals( | |
| 127 mandatory_policy(*cache_).Get(kPolicyProxyServer), expected.get())); | |
| 128 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); | 139 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 140 FundamentalValue expected(120); |
| 141 EXPECT_TRUE(Value::Equals(&expected, |
| 142 GetMandatoryPolicy(kPolicyPolicyRefreshRate))); |
| 143 |
| 129 // Set new policy information. | 144 // Set new policy information. |
| 130 scoped_ptr<em::PolicyFetchResponse> new_policy_response( | 145 em::PolicyFetchResponse new_policy; |
| 131 CreateProxyPolicy("proxy.server.new")); | 146 CreatePolicy(&new_policy, kTestUser, 300); |
| 132 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).WillOnce( | 147 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).WillOnce( |
| 133 MockSignedSettingsHelperStorePolicy(chromeos::SignedSettings::SUCCESS)); | 148 MockSignedSettingsHelperStorePolicy(chromeos::SignedSettings::SUCCESS)); |
| 134 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( | 149 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( |
| 135 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, | 150 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, |
| 136 *new_policy_response)); | 151 new_policy)); |
| 137 cache_->SetPolicy(*new_policy_response); | 152 cache_->SetPolicy(new_policy); |
| 138 expected.reset(Value::CreateStringValue("proxy.server.new")); | 153 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 139 // TODO(jkummerow): This will be EXPECT_TRUE once policy decoding is | 154 FundamentalValue updated_expected(300); |
| 140 // implemented in DevicePolicyCache::DecodeDevicePolicy(...). | 155 EXPECT_TRUE(Value::Equals(&updated_expected, |
| 141 EXPECT_FALSE(Value::Equals( | 156 GetMandatoryPolicy(kPolicyPolicyRefreshRate))); |
| 142 mandatory_policy(*cache_).Get(kPolicyProxyServer), expected.get())); | 157 } |
| 158 |
| 159 TEST_F(DevicePolicyCacheTest, SetPolicyWrongUser) { |
| 160 InSequence s; |
| 161 |
| 162 MakeEnterpriseDevice(kTestUser); |
| 163 |
| 164 // Startup. |
| 165 em::PolicyFetchResponse policy; |
| 166 CreatePolicy(&policy, kTestUser, 120); |
| 167 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( |
| 168 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, |
| 169 policy)); |
| 170 cache_->Load(); |
| 171 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 172 |
| 173 // Set new policy information. This should fail due to invalid user. |
| 174 em::PolicyFetchResponse new_policy; |
| 175 CreatePolicy(&new_policy, "foreign_user@example.com", 300); |
| 176 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0); |
| 177 cache_->SetPolicy(new_policy); |
| 178 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 179 |
| 180 FundamentalValue expected(120); |
| 181 EXPECT_TRUE(Value::Equals(&expected, |
| 182 GetMandatoryPolicy(kPolicyPolicyRefreshRate))); |
| 183 } |
| 184 |
| 185 TEST_F(DevicePolicyCacheTest, SetPolicyNonEnterpriseDevice) { |
| 186 InSequence s; |
| 187 |
| 188 // Startup. |
| 189 em::PolicyFetchResponse policy; |
| 190 CreatePolicy(&policy, kTestUser, 120); |
| 191 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce( |
| 192 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS, |
| 193 policy)); |
| 194 cache_->Load(); |
| 195 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 196 |
| 197 // Set new policy information. This should fail due to invalid user. |
| 198 em::PolicyFetchResponse new_policy; |
| 199 CreatePolicy(&new_policy, kTestUser, 120); |
| 200 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0); |
| 201 cache_->SetPolicy(new_policy); |
| 202 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_); |
| 203 |
| 204 FundamentalValue expected(120); |
| 205 EXPECT_TRUE(Value::Equals(&expected, |
| 206 GetMandatoryPolicy(kPolicyPolicyRefreshRate))); |
| 143 } | 207 } |
| 144 | 208 |
| 145 } // namespace policy | 209 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6869042:
Add immutable settings checks when handling policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src