media: Refactor PlatformVerificationFlow.

chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "chrome/browser/chromeos/attestation/attestation_signed_data.pb.h"
 #include "chrome/browser/chromeos/attestation/fake_certificate.h"
 #include "chrome/browser/chromeos/attestation/platform_verification_flow.h"
 #include "chrome/browser/chromeos/login/users/mock_user_manager.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_settings_service.h"
 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h"
 #include "chrome/browser/profiles/profile_impl.h"
-#include "chrome/browser/renderer_host/pepper/device_id_fetcher.h"
 #include "chrome/common/pref_names.h"
-#include "chrome/test/base/testing_pref_service_syncable.h"
 #include "chromeos/attestation/mock_attestation_flow.h"
 #include "chromeos/cryptohome/mock_async_method_caller.h"
 #include "chromeos/dbus/fake_cryptohome_client.h"
 #include "chromeos/settings/cros_settings_names.h"
-#include "components/content_settings/core/browser/host_content_settings_map.h"
-#include "components/content_settings/core/common/content_settings_pattern.h"
 #include "content/public/test/test_browser_thread.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using testing::_;
 using testing::DoAll;
 using testing::Invoke;
 using testing::Return;
 using testing::SetArgumentPointee;
 using testing::StrictMock;
 using testing::WithArgs;
 
 namespace chromeos {
 namespace attestation {
 
 namespace {
 
 const char kTestID[] = "test_id";
 const char kTestChallenge[] = "test_challenge";
 const char kTestSignedData[] = "test_challenge_with_salt";
 const char kTestSignature[] = "test_signature";
 const char kTestCertificate[] = "test_certificate";
 const char kTestEmail[] = "test_email@chromium.org";
 const char kTestURL[] = "http://mytestdomain/test";
-const char kTestURLSecure[] = "https://mytestdomain/test";
-const char kTestURLExtension[] = "chrome-extension://mytestextension";
 
 class FakeDelegate : public PlatformVerificationFlow::Delegate {
  public:
-  FakeDelegate() : response_(PlatformVerificationFlow::CONSENT_RESPONSE_ALLOW),
-                   num_consent_calls_(0),
-                   url_(kTestURL),
-                   is_incognito_(false) {
+  FakeDelegate()
+      : url_(kTestURL), is_permitted_by_user_(true), is_incognito_(false) {
     // Configure a user for the mock user manager.
     mock_user_manager_.SetActiveUser(kTestEmail);
   }
   ~FakeDelegate() override {}
 
-  void SetUp() {
-    ProfileImpl::RegisterProfilePrefs(pref_service_.registry());
-    chrome::DeviceIDFetcher::RegisterProfilePrefs(pref_service_.registry());
-    PlatformVerificationFlow::RegisterProfilePrefs(pref_service_.registry());
-    HostContentSettingsMap::RegisterProfilePrefs(pref_service_.registry());
-    content_settings_ = new HostContentSettingsMap(&pref_service_, false);
-  }
-
-  void TearDown() {
-    content_settings_->ShutdownOnUIThread();
-  }
-
-  void ShowConsentPrompt(
-      content::WebContents* web_contents,
-      const GURL& requesting_origin,
-      const PlatformVerificationFlow::Delegate::ConsentCallback& callback)
-      override {
-    num_consent_calls_++;
-    callback.Run(response_);
-  }
-
-  PrefService* GetPrefs(content::WebContents* web_contents) override {
-    return &pref_service_;
-  }
-
   const GURL& GetURL(content::WebContents* web_contents) override {
     return url_;
   }
 
   user_manager::User* GetUser(content::WebContents* web_contents) override {
     return mock_user_manager_.GetActiveUser();
   }
 
-  HostContentSettingsMap* GetContentSettings(
-      content::WebContents* web_contents) override {
-    return content_settings_.get();
+  bool IsPermittedByUser(content::WebContents* web_contents) override {
+    return is_permitted_by_user_;
   }
 
   bool IsGuestOrIncognito(content::WebContents* web_contents) override {
     return is_incognito_;
   }
 
-  void set_response(PlatformVerificationFlow::ConsentResponse response) {
-    response_ = response;
+  void set_url(const GURL& url) {
+    url_ = url;
   }
 
-  int num_consent_calls() {
-    return num_consent_calls_;
-  }
-
-  TestingPrefServiceSyncable& pref_service() {
-    return pref_service_;
-  }
-
-  void set_url(const GURL& url) {
-    url_ = url;
+  void set_is_permitted_by_user(bool is_permitted_by_user) {
+    is_permitted_by_user_ = is_permitted_by_user;
   }
 
   void set_is_incognito(bool is_incognito) {
     is_incognito_ = is_incognito;
   }
 
  private:
-  PlatformVerificationFlow::ConsentResponse response_;
-  int num_consent_calls_;
-  TestingPrefServiceSyncable pref_service_;
   MockUserManager mock_user_manager_;
   GURL url_;
-  scoped_refptr<HostContentSettingsMap> content_settings_;
+  bool is_permitted_by_user_;
   bool is_incognito_;
 
   DISALLOW_COPY_AND_ASSIGN(FakeDelegate);
 };
 
 class CustomFakeCryptohomeClient : public FakeCryptohomeClient {
  public:
   CustomFakeCryptohomeClient() : call_status_(DBUS_METHOD_CALL_SUCCESS),
                                  attestation_enrolled_(true),
                                  attestation_prepared_(true) {}
@@ skipping 36 matching lines @@
 class PlatformVerificationFlowTest : public ::testing::Test {
  public:
   PlatformVerificationFlowTest()
       : ui_thread_(content::BrowserThread::UI, &message_loop_),
         certificate_success_(true),
         fake_certificate_index_(0),
         sign_challenge_success_(true),
         result_(PlatformVerificationFlow::INTERNAL_ERROR) {}
 
   void SetUp() {
-    fake_delegate_.SetUp();
-
     // Create a verifier for tests to call.
     verifier_ = new PlatformVerificationFlow(&mock_attestation_flow_,
                                              &mock_async_caller_,
                                              &fake_cryptohome_client_,
                                              &fake_delegate_);
 
     // Create callbacks for tests to use with verifier_.
     callback_ = base::Bind(&PlatformVerificationFlowTest::FakeChallengeCallback,
                            base::Unretained(this));
 
     // Configure the global cros_settings.
     CrosSettings* cros_settings = CrosSettings::Get();
     device_settings_provider_ =
         cros_settings->GetProvider(kAttestationForContentProtectionEnabled);
     cros_settings->RemoveSettingsProvider(device_settings_provider_);
     cros_settings->AddSettingsProvider(&stub_settings_provider_);
     cros_settings->SetBoolean(kAttestationForContentProtectionEnabled, true);
-
-    // Start with the first-time setting set since most tests want this.
-    fake_delegate_.pref_service().SetUserPref(prefs::kRAConsentGranted,
-                                              new base::FundamentalValue(true));
   }
 
   void TearDown() {
     // Restore the real DeviceSettingsProvider.
     CrosSettings* cros_settings = CrosSettings::Get();
     cros_settings->RemoveSettingsProvider(&stub_settings_provider_);
     cros_settings->AddSettingsProvider(device_settings_provider_);
-    fake_delegate_.TearDown();
   }
 
   void ExpectAttestationFlow() {
     // When consent is not given or the feature is disabled, it is important
     // that there are no calls to the attestation service.  Thus, a test must
     // explicitly expect these calls or the mocks will fail the test.
 
     // Configure the mock AttestationFlow to call FakeGetCertificate.
     EXPECT_CALL(mock_attestation_flow_,
                 GetCertificate(PROFILE_CONTENT_PROTECTION_CERTIFICATE,
                                kTestEmail, kTestID, _, _))
         .WillRepeatedly(WithArgs<4>(Invoke(
             this, &PlatformVerificationFlowTest::FakeGetCertificate)));
 
     // Configure the mock AsyncMethodCaller to call FakeSignChallenge.
     std::string expected_key_name = std::string(kContentProtectionKeyPrefix) +
                                     std::string(kTestID);
     EXPECT_CALL(mock_async_caller_,
                 TpmAttestationSignSimpleChallenge(KEY_USER, kTestEmail,
                                                   expected_key_name,
                                                   kTestChallenge, _))
         .WillRepeatedly(WithArgs<4>(Invoke(
             this, &PlatformVerificationFlowTest::FakeSignChallenge)));
   }
 
-  void SetUserConsent(const GURL& url, bool allow) {
-    verifier_->RecordOriginConsent(fake_delegate_.GetContentSettings(NULL), url,
-                                   allow);
-  }
-
   void FakeGetCertificate(
       const AttestationFlow::CertificateCallback& callback) {
     std::string certificate =
         (fake_certificate_index_ < fake_certificate_list_.size()) ?
             fake_certificate_list_[fake_certificate_index_] : kTestCertificate;
     base::MessageLoop::current()->PostTask(FROM_HERE,
                                            base::Bind(callback,
                                                       certificate_success_,
                                                       certificate));
     ++fake_certificate_index_;
@@ skipping 49 matching lines @@
   bool sign_challenge_success_;
 
   // Callback functions and data.
   PlatformVerificationFlow::ChallengeCallback callback_;
   PlatformVerificationFlow::Result result_;
   std::string challenge_salt_;
   std::string challenge_signature_;
   std::string certificate_;
 };
 
-TEST_F(PlatformVerificationFlowTest, SuccessNoConsent) {
-  SetUserConsent(GURL(kTestURL), true);
-  // Make sure the call will fail if consent is requested.
-  fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
+TEST_F(PlatformVerificationFlowTest, Success) {
   ExpectAttestationFlow();
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
-  EXPECT_EQ(kTestSignedData, challenge_salt_);
-  EXPECT_EQ(kTestSignature, challenge_signature_);
-  EXPECT_EQ(kTestCertificate, certificate_);
-  EXPECT_EQ(0, fake_delegate_.num_consent_calls());
-}
-
-TEST_F(PlatformVerificationFlowTest, SuccessWithConsent) {
-  SetUserConsent(GURL(kTestURL), true);
-  fake_delegate_.pref_service().SetUserPref(prefs::kRAConsentGranted,
-                                            new base::FundamentalValue(false));
-  ExpectAttestationFlow();
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
   EXPECT_EQ(kTestSignedData, challenge_salt_);
   EXPECT_EQ(kTestSignature, challenge_signature_);
   EXPECT_EQ(kTestCertificate, certificate_);
-  EXPECT_EQ(1, fake_delegate_.num_consent_calls());
 }
 
-TEST_F(PlatformVerificationFlowTest, ConsentRejected) {
-  fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
+TEST_F(PlatformVerificationFlowTest, NotPermittedByUser) {
+  fake_delegate_.set_is_permitted_by_user(false);
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
-  EXPECT_EQ(1, fake_delegate_.num_consent_calls());
 }
 
-TEST_F(PlatformVerificationFlowTest, FeatureDisabled) {
+TEST_F(PlatformVerificationFlowTest, FeatureDisabledByPolicy) {
   CrosSettings::Get()->SetBoolean(kAttestationForContentProtectionEnabled,
                                   false);
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
-  EXPECT_EQ(0, fake_delegate_.num_consent_calls());
-}
-
-TEST_F(PlatformVerificationFlowTest, FeatureDisabledByUser) {
-  fake_delegate_.pref_service().SetUserPref(prefs::kEnableDRM,
-                                            new base::FundamentalValue(false));
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
-  EXPECT_EQ(0, fake_delegate_.num_consent_calls());
-}
-
-TEST_F(PlatformVerificationFlowTest, FeatureDisabledByUserForDomain) {
-  SetUserConsent(GURL(kTestURL), false);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
-  EXPECT_EQ(0, fake_delegate_.num_consent_calls());
 }
 
 TEST_F(PlatformVerificationFlowTest, NotVerified) {
   certificate_success_ = false;
   ExpectAttestationFlow();
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }
 
 TEST_F(PlatformVerificationFlowTest, ChallengeSigningError) {
   sign_challenge_success_ = false;
   ExpectAttestationFlow();
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::INTERNAL_ERROR, result_);
 }
 
 TEST_F(PlatformVerificationFlowTest, DBusFailure) {
   fake_cryptohome_client_.set_call_status(DBUS_METHOD_CALL_FAILURE);
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::INTERNAL_ERROR, result_);
 }
 
-TEST_F(PlatformVerificationFlowTest, ConsentNoResponse) {
-  fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_NONE);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
-}
-
-TEST_F(PlatformVerificationFlowTest, ConsentPerScheme) {
-  fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
-  // Call again and expect denial based on previous response.
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
-  // Call with a different scheme and expect another consent prompt.
-  fake_delegate_.set_url(GURL(kTestURLSecure));
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
-  EXPECT_EQ(2, fake_delegate_.num_consent_calls());
-}
-
-TEST_F(PlatformVerificationFlowTest, ConsentForExtension) {
-  fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
-  fake_delegate_.set_url(GURL(kTestURLExtension));
-  verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
-  base::RunLoop().RunUntilIdle();
-  EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
-  EXPECT_EQ(1, fake_delegate_.num_consent_calls());
-}

[Darren Krahn, 2015/03/12 22:12:17]

Are the tests removed from here popping up elsewhere?

[xhwang, 2015/03/13 00:54:42]

No. The related logic are moved to ProtectedMediaIdentifierPermissionContext and
should be tested there. Unfortunately, there are not testing infrastructure for
ProtectedMediaIdentifierPermissionContext yet :(

-
 TEST_F(PlatformVerificationFlowTest, Timeout) {
   verifier_->set_timeout_delay(base::TimeDelta::FromSeconds(0));
   ExpectAttestationFlow();
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::TIMEOUT, result_);
 }
 
 TEST_F(PlatformVerificationFlowTest, ExpiredCert) {
   ExpectAttestationFlow();
   fake_certificate_list_.resize(2);
   ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(-1),
                                  &fake_certificate_list_[0]));
   ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(1),
                                  &fake_certificate_list_[1]));
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
   EXPECT_EQ(certificate_, fake_certificate_list_[1]);
 }
 
 TEST_F(PlatformVerificationFlowTest, IncognitoMode) {
   fake_delegate_.set_is_incognito(true);
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }
 
 TEST_F(PlatformVerificationFlowTest, AttestationNotPrepared) {
-  fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
   fake_cryptohome_client_.set_attestation_enrolled(false);
   fake_cryptohome_client_.set_attestation_prepared(false);
   verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_);
 }
 
 }  // namespace attestation
 }  // namespace chromeos