| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/signed_settings.h" | |
| 6 | |
| 7 #include "base/logging.h" | |
| 8 #include "base/message_loop.h" | |
| 9 #include "base/values.h" | |
| 10 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 11 #include "chrome/browser/chromeos/cros_settings_names.h" | |
| 12 #include "chrome/browser/chromeos/login/mock_owner_key_utils.h" | |
| 13 #include "chrome/browser/chromeos/login/mock_ownership_service.h" | |
| 14 #include "chrome/browser/chromeos/login/owner_manager_unittest.h" | |
| 15 #include "chrome/browser/policy/proto/chrome_device_policy.pb.h" | |
| 16 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | |
| 17 #include "chromeos/dbus/mock_dbus_thread_manager.h" | |
| 18 #include "chromeos/dbus/mock_session_manager_client.h" | |
| 19 #include "content/public/test/test_browser_thread.h" | |
| 20 #include "testing/gmock/include/gmock/gmock.h" | |
| 21 #include "testing/gtest/include/gtest/gtest.h" | |
| 22 | |
| 23 using ::testing::A; | |
| 24 using ::testing::AnyNumber; | |
| 25 using ::testing::Return; | |
| 26 using ::testing::ReturnRef; | |
| 27 using ::testing::SaveArg; | |
| 28 using ::testing::StrEq; | |
| 29 using ::testing::WithArg; | |
| 30 using ::testing::_; | |
| 31 using content::BrowserThread; | |
| 32 using google::protobuf::RepeatedPtrField; | |
| 33 | |
| 34 namespace em = enterprise_management; | |
| 35 namespace chromeos { | |
| 36 | |
| 37 namespace { | |
| 38 template <class T> | |
| 39 class DummyDelegate : public SignedSettings::Delegate<T> { | |
| 40 public: | |
| 41 explicit DummyDelegate(T to_expect) | |
| 42 : expect_success_(false), | |
| 43 expected_failure_(SignedSettings::SUCCESS), | |
| 44 expected_(to_expect), | |
| 45 run_(false) {} | |
| 46 virtual ~DummyDelegate() { EXPECT_TRUE(run_); } | |
| 47 virtual void OnSettingsOpCompleted(SignedSettings::ReturnCode code, | |
| 48 T value) { | |
| 49 run_ = true; | |
| 50 if (expect_success_) | |
| 51 compare_expected(value); | |
| 52 EXPECT_EQ(expected_failure_, code); | |
| 53 } | |
| 54 virtual void expect_success() { | |
| 55 expect_success_ = true; | |
| 56 expected_failure_ = SignedSettings::SUCCESS; | |
| 57 } | |
| 58 virtual void expect_failure(SignedSettings::ReturnCode code) { | |
| 59 expect_success_ = false; | |
| 60 expected_failure_ = code; | |
| 61 } | |
| 62 | |
| 63 protected: | |
| 64 bool expect_success_; | |
| 65 SignedSettings::ReturnCode expected_failure_; | |
| 66 T expected_; | |
| 67 bool run_; | |
| 68 virtual void compare_expected(T to_compare) = 0; | |
| 69 }; | |
| 70 | |
| 71 template <class T> | |
| 72 class NormalDelegate : public DummyDelegate<T> { | |
| 73 public: | |
| 74 explicit NormalDelegate(T to_expect) : DummyDelegate<T>(to_expect) {} | |
| 75 virtual ~NormalDelegate() {} | |
| 76 protected: | |
| 77 virtual void compare_expected(T to_compare) { | |
| 78 // without this-> this won't build. | |
| 79 EXPECT_EQ(this->expected_, to_compare); | |
| 80 } | |
| 81 }; | |
| 82 | |
| 83 class ProtoDelegate : public DummyDelegate<const em::PolicyFetchResponse&> { | |
| 84 public: | |
| 85 explicit ProtoDelegate(const em::PolicyFetchResponse& e) | |
| 86 : DummyDelegate<const em::PolicyFetchResponse&>(e) { | |
| 87 } | |
| 88 virtual ~ProtoDelegate() {} | |
| 89 protected: | |
| 90 virtual void compare_expected(const em::PolicyFetchResponse& to_compare) { | |
| 91 std::string ex_string, comp_string; | |
| 92 EXPECT_TRUE(expected_.SerializeToString(&ex_string)); | |
| 93 EXPECT_TRUE(to_compare.SerializeToString(&comp_string)); | |
| 94 EXPECT_EQ(ex_string, comp_string); | |
| 95 } | |
| 96 }; | |
| 97 | |
| 98 } // anonymous namespace | |
| 99 | |
| 100 class SignedSettingsTest : public testing::Test { | |
| 101 public: | |
| 102 SignedSettingsTest() | |
| 103 : fake_prop_(kAccountsPrefAllowGuest), | |
| 104 fake_signature_("false"), | |
| 105 fake_value_(false), | |
| 106 fake_value_signature_( | |
| 107 fake_signature_.c_str(), | |
| 108 fake_signature_.c_str() + fake_signature_.length()), | |
| 109 message_loop_(MessageLoop::TYPE_UI), | |
| 110 ui_thread_(BrowserThread::UI, &message_loop_), | |
| 111 file_thread_(BrowserThread::FILE), | |
| 112 mock_(new MockKeyUtils), | |
| 113 injector_(mock_) /* injector_ takes ownership of mock_ */, | |
| 114 mock_dbus_thread_manager_(new MockDBusThreadManager) { | |
| 115 } | |
| 116 | |
| 117 virtual ~SignedSettingsTest() {} | |
| 118 | |
| 119 virtual void SetUp() { | |
| 120 file_thread_.Start(); | |
| 121 DBusThreadManager::InitializeForTesting(mock_dbus_thread_manager_); | |
| 122 } | |
| 123 | |
| 124 virtual void TearDown() { | |
| 125 OwnerKeyUtils::set_factory(NULL); | |
| 126 DBusThreadManager::Shutdown(); | |
| 127 } | |
| 128 | |
| 129 void mock_service(SignedSettings* s, MockOwnershipService* m) { | |
| 130 s->set_service(m); | |
| 131 } | |
| 132 | |
| 133 void FailingStorePolicyOp(const OwnerManager::KeyOpCode return_code) { | |
| 134 NormalDelegate<bool> d(false); | |
| 135 d.expect_failure(SignedSettings::MapKeyOpCode(return_code)); | |
| 136 | |
| 137 em::PolicyFetchResponse fake_policy; | |
| 138 fake_policy.set_policy_data(fake_prop_); | |
| 139 std::string serialized; | |
| 140 ASSERT_TRUE(fake_policy.SerializeToString(&serialized)); | |
| 141 | |
| 142 scoped_refptr<SignedSettings> s( | |
| 143 SignedSettings::CreateStorePolicyOp(&fake_policy, &d)); | |
| 144 | |
| 145 mock_service(s.get(), &m_); | |
| 146 EXPECT_CALL(m_, StartSigningAttempt(StrEq(fake_prop_), _)) | |
| 147 .Times(1); | |
| 148 | |
| 149 s->Execute(); | |
| 150 s->OnKeyOpComplete(return_code, std::vector<uint8>()); | |
| 151 message_loop_.RunAllPending(); | |
| 152 } | |
| 153 | |
| 154 em::PolicyData BuildPolicyData(std::vector<std::string> whitelist) { | |
| 155 em::PolicyData to_return; | |
| 156 em::ChromeDeviceSettingsProto pol; | |
| 157 em::GuestModeEnabledProto* allow = pol.mutable_guest_mode_enabled(); | |
| 158 allow->set_guest_mode_enabled(false); | |
| 159 pol.mutable_device_proxy_settings()->set_proxy_mode("direct"); | |
| 160 | |
| 161 if (!whitelist.empty()) { | |
| 162 em::UserWhitelistProto* whitelist_proto = pol.mutable_user_whitelist(); | |
| 163 for (std::vector<std::string>::const_iterator it = whitelist.begin(); | |
| 164 it != whitelist.end(); | |
| 165 ++it) { | |
| 166 whitelist_proto->add_user_whitelist(*it); | |
| 167 } | |
| 168 } | |
| 169 | |
| 170 to_return.set_policy_type(chromeos::kDevicePolicyType); | |
| 171 to_return.set_policy_value(pol.SerializeAsString()); | |
| 172 return to_return; | |
| 173 } | |
| 174 | |
| 175 em::PolicyFetchResponse BuildProto(const std::string& data, | |
| 176 const std::string& sig, | |
| 177 std::string* out_serialized) { | |
| 178 em::PolicyFetchResponse fake_policy; | |
| 179 if (!data.empty()) | |
| 180 fake_policy.set_policy_data(data); | |
| 181 if (!sig.empty()) | |
| 182 fake_policy.set_policy_data_signature(sig); | |
| 183 EXPECT_TRUE(fake_policy.SerializeToString(out_serialized)); | |
| 184 return fake_policy; | |
| 185 } | |
| 186 | |
| 187 const std::string fake_prop_; | |
| 188 const std::string fake_signature_; | |
| 189 const base::FundamentalValue fake_value_; | |
| 190 const std::vector<uint8> fake_value_signature_; | |
| 191 MockOwnershipService m_; | |
| 192 | |
| 193 MessageLoop message_loop_; | |
| 194 content::TestBrowserThread ui_thread_; | |
| 195 content::TestBrowserThread file_thread_; | |
| 196 | |
| 197 MockKeyUtils* mock_; | |
| 198 MockInjector injector_; | |
| 199 MockDBusThreadManager* mock_dbus_thread_manager_; | |
| 200 | |
| 201 ScopedStubCrosEnabler stub_cros_enabler_; | |
| 202 }; | |
| 203 | |
| 204 ACTION_P(Retrieve, policy_blob) { arg0.Run(policy_blob); } | |
| 205 ACTION_P(Store, success) { arg1.Run(success); } | |
| 206 | |
| 207 TEST_F(SignedSettingsTest, SignAndStorePolicy) { | |
| 208 NormalDelegate<bool> d(true); | |
| 209 d.expect_success(); | |
| 210 | |
| 211 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>()); | |
| 212 std::string data_serialized = in_pol.SerializeAsString(); | |
| 213 std::string serialized; | |
| 214 em::PolicyFetchResponse fake_policy = BuildProto(data_serialized, | |
| 215 std::string(), | |
| 216 &serialized); | |
| 217 scoped_refptr<SignedSettings> s( | |
| 218 SignedSettings::CreateStorePolicyOp(&fake_policy, &d)); | |
| 219 | |
| 220 mock_service(s.get(), &m_); | |
| 221 EXPECT_CALL(m_, StartSigningAttempt(StrEq(data_serialized), _)) | |
| 222 .Times(1); | |
| 223 em::PolicyData out_pol; | |
| 224 | |
| 225 // Ask for signature over unsigned policy. | |
| 226 s->Execute(); | |
| 227 message_loop_.RunAllPending(); | |
| 228 | |
| 229 // Fake out a successful signing. | |
| 230 std::string signed_serialized; | |
| 231 em::PolicyFetchResponse signed_policy = BuildProto(data_serialized, | |
| 232 fake_signature_, | |
| 233 &signed_serialized); | |
| 234 MockSessionManagerClient* client = | |
| 235 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 236 EXPECT_CALL(*client, StoreDevicePolicy(signed_serialized, _)) | |
| 237 .WillOnce(Store(true)) | |
| 238 .RetiresOnSaturation(); | |
| 239 s->OnKeyOpComplete(OwnerManager::SUCCESS, fake_value_signature_); | |
| 240 message_loop_.RunAllPending(); | |
| 241 } | |
| 242 | |
| 243 TEST_F(SignedSettingsTest, StoreSignedPolicy) { | |
| 244 NormalDelegate<bool> d(true); | |
| 245 d.expect_success(); | |
| 246 | |
| 247 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>()); | |
| 248 std::string serialized = in_pol.SerializeAsString(); | |
| 249 std::string signed_serialized; | |
| 250 em::PolicyFetchResponse signed_policy = BuildProto(serialized, | |
| 251 fake_signature_, | |
| 252 &signed_serialized); | |
| 253 scoped_refptr<SignedSettings> s( | |
| 254 SignedSettings::CreateStorePolicyOp(&signed_policy, &d)); | |
| 255 MockSessionManagerClient* client = | |
| 256 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 257 EXPECT_CALL(*client, StoreDevicePolicy(signed_serialized, _)) | |
| 258 .WillOnce(Store(true)) | |
| 259 .RetiresOnSaturation(); | |
| 260 | |
| 261 mock_service(s.get(), &m_); | |
| 262 em::PolicyData out_pol; | |
| 263 | |
| 264 s->Execute(); | |
| 265 message_loop_.RunAllPending(); | |
| 266 } | |
| 267 | |
| 268 TEST_F(SignedSettingsTest, StorePolicyNoKey) { | |
| 269 FailingStorePolicyOp(OwnerManager::KEY_UNAVAILABLE); | |
| 270 } | |
| 271 | |
| 272 TEST_F(SignedSettingsTest, StorePolicyFailed) { | |
| 273 FailingStorePolicyOp(OwnerManager::OPERATION_FAILED); | |
| 274 } | |
| 275 | |
| 276 TEST_F(SignedSettingsTest, StorePolicyNoPolicyData) { | |
| 277 NormalDelegate<bool> d(false); | |
| 278 d.expect_failure(SignedSettings::OPERATION_FAILED); | |
| 279 | |
| 280 std::string serialized; | |
| 281 em::PolicyFetchResponse fake_policy = BuildProto(std::string(), | |
| 282 std::string(), | |
| 283 &serialized); | |
| 284 scoped_refptr<SignedSettings> s( | |
| 285 SignedSettings::CreateStorePolicyOp(&fake_policy, &d)); | |
| 286 | |
| 287 s->Execute(); | |
| 288 message_loop_.RunAllPending(); | |
| 289 } | |
| 290 | |
| 291 TEST_F(SignedSettingsTest, RetrievePolicy) { | |
| 292 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>()); | |
| 293 std::string serialized = in_pol.SerializeAsString(); | |
| 294 std::string signed_serialized; | |
| 295 em::PolicyFetchResponse signed_policy = BuildProto(serialized, | |
| 296 fake_signature_, | |
| 297 &signed_serialized); | |
| 298 ProtoDelegate d(signed_policy); | |
| 299 d.expect_success(); | |
| 300 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d)); | |
| 301 | |
| 302 MockSessionManagerClient* client = | |
| 303 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 304 EXPECT_CALL(*client, RetrieveDevicePolicy(_)) | |
| 305 .WillOnce(Retrieve(signed_serialized)) | |
| 306 .RetiresOnSaturation(); | |
| 307 | |
| 308 mock_service(s.get(), &m_); | |
| 309 EXPECT_CALL(m_, StartVerifyAttempt(serialized, fake_value_signature_, _)) | |
| 310 .Times(1); | |
| 311 em::PolicyData out_pol; | |
| 312 | |
| 313 s->Execute(); | |
| 314 message_loop_.RunAllPending(); | |
| 315 | |
| 316 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>()); | |
| 317 message_loop_.RunAllPending(); | |
| 318 } | |
| 319 | |
| 320 TEST_F(SignedSettingsTest, RetrieveNullPolicy) { | |
| 321 em::PolicyFetchResponse policy; | |
| 322 ProtoDelegate d(policy); | |
| 323 d.expect_failure(SignedSettings::NOT_FOUND); | |
| 324 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d)); | |
| 325 | |
| 326 MockSessionManagerClient* client = | |
| 327 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 328 EXPECT_CALL(*client, RetrieveDevicePolicy(_)) | |
| 329 .WillOnce(Retrieve("")) | |
| 330 .RetiresOnSaturation(); | |
| 331 | |
| 332 s->Execute(); | |
| 333 message_loop_.RunAllPending(); | |
| 334 } | |
| 335 | |
| 336 TEST_F(SignedSettingsTest, RetrieveEmptyPolicy) { | |
| 337 std::string serialized; | |
| 338 em::PolicyFetchResponse policy = BuildProto("", "", &serialized); | |
| 339 ProtoDelegate d(policy); | |
| 340 d.expect_failure(SignedSettings::NOT_FOUND); | |
| 341 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d)); | |
| 342 | |
| 343 MockSessionManagerClient* client = | |
| 344 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 345 EXPECT_CALL(*client, RetrieveDevicePolicy(_)) | |
| 346 .WillOnce(Retrieve("")) | |
| 347 .RetiresOnSaturation(); | |
| 348 | |
| 349 s->Execute(); | |
| 350 message_loop_.RunAllPending(); | |
| 351 } | |
| 352 | |
| 353 TEST_F(SignedSettingsTest, RetrieveUnsignedPolicy) { | |
| 354 std::string serialized; | |
| 355 em::PolicyFetchResponse policy = BuildProto(fake_prop_, | |
| 356 std::string(), | |
| 357 &serialized); | |
| 358 ProtoDelegate d(policy); | |
| 359 d.expect_failure(SignedSettings::BAD_SIGNATURE); | |
| 360 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d)); | |
| 361 | |
| 362 MockSessionManagerClient* client = | |
| 363 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 364 EXPECT_CALL(*client, RetrieveDevicePolicy(_)) | |
| 365 .WillOnce(Retrieve(serialized)) | |
| 366 .RetiresOnSaturation(); | |
| 367 | |
| 368 s->Execute(); | |
| 369 message_loop_.RunAllPending(); | |
| 370 } | |
| 371 | |
| 372 TEST_F(SignedSettingsTest, RetrieveMalsignedPolicy) { | |
| 373 std::string signed_serialized; | |
| 374 em::PolicyFetchResponse signed_policy = BuildProto(fake_prop_, | |
| 375 fake_signature_, | |
| 376 &signed_serialized); | |
| 377 ProtoDelegate d(signed_policy); | |
| 378 d.expect_failure(SignedSettings::BAD_SIGNATURE); | |
| 379 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d)); | |
| 380 | |
| 381 MockSessionManagerClient* client = | |
| 382 mock_dbus_thread_manager_->mock_session_manager_client(); | |
| 383 EXPECT_CALL(*client, RetrieveDevicePolicy(_)) | |
| 384 .WillOnce(Retrieve(signed_serialized)) | |
| 385 .RetiresOnSaturation(); | |
| 386 | |
| 387 mock_service(s.get(), &m_); | |
| 388 EXPECT_CALL(m_, StartVerifyAttempt(fake_prop_, fake_value_signature_, _)) | |
| 389 .Times(1); | |
| 390 | |
| 391 s->Execute(); | |
| 392 message_loop_.RunAllPending(); | |
| 393 | |
| 394 s->OnKeyOpComplete(OwnerManager::OPERATION_FAILED, std::vector<uint8>()); | |
| 395 message_loop_.RunAllPending(); | |
| 396 } | |
| 397 | |
| 398 } // namespace chromeos | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10824112:
Move Chrome OS device settings stuff to chrome/browser/chromeos/settings. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src