Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Side by Side Diff: chrome/browser/policy/user_cloud_policy_store_chromeos_unittest.cc

Issue 12183017: Verify the signature on user cloud policy downloads. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Comment Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" 5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h"
6 6
7 #include <vector>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
7 #include "base/file_util.h" 11 #include "base/file_util.h"
8 #include "base/files/scoped_temp_dir.h" 12 #include "base/files/scoped_temp_dir.h"
9 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/scoped_ptr.h"
10 #include "base/message_loop.h" 14 #include "base/message_loop.h"
15 #include "base/threading/sequenced_worker_pool.h"
11 #include "chrome/browser/policy/cloud_policy_constants.h" 16 #include "chrome/browser/policy/cloud_policy_constants.h"
12 #include "chrome/browser/policy/mock_cloud_policy_store.h" 17 #include "chrome/browser/policy/mock_cloud_policy_store.h"
13 #include "chrome/browser/policy/policy_builder.h" 18 #include "chrome/browser/policy/policy_builder.h"
14 #include "chrome/browser/policy/proto/cloud_policy.pb.h" 19 #include "chrome/browser/policy/proto/cloud_policy.pb.h"
15 #include "chrome/browser/policy/proto/device_management_local.pb.h" 20 #include "chrome/browser/policy/proto/device_management_local.pb.h"
21 #include "chromeos/dbus/mock_cryptohome_client.h"
16 #include "chromeos/dbus/mock_session_manager_client.h" 22 #include "chromeos/dbus/mock_session_manager_client.h"
17 #include "content/public/test/test_browser_thread.h" 23 #include "content/public/test/test_browser_thread.h"
18 #include "policy/policy_constants.h" 24 #include "policy/policy_constants.h"
19 #include "testing/gmock/include/gmock/gmock.h" 25 #include "testing/gmock/include/gmock/gmock.h"
20 #include "testing/gtest/include/gtest/gtest.h" 26 #include "testing/gtest/include/gtest/gtest.h"
21 27
22 namespace em = enterprise_management; 28 namespace em = enterprise_management;
23 29
24 using testing::AllOf; 30 using testing::AllOf;
31 using testing::AnyNumber;
25 using testing::Eq; 32 using testing::Eq;
26 using testing::Mock; 33 using testing::Mock;
27 using testing::Property; 34 using testing::Property;
28 using testing::SaveArg; 35 using testing::SaveArg;
29 using testing::_; 36 using testing::_;
30 37
31 namespace policy { 38 namespace policy {
32 39
33 namespace { 40 namespace {
34 41
35 const char kLegacyDeviceId[] = "legacy-device-id"; 42 const char kLegacyDeviceId[] = "legacy-device-id";
36 const char kLegacyToken[] = "legacy-token"; 43 const char kLegacyToken[] = "legacy-token";
44 const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678";
45 const char kDefaultHomepage[] = "http://chromium.org";
46
47 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) {
48 MessageLoop::current()->PostTask(
49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username));
50 }
37 51
38 class UserCloudPolicyStoreChromeOSTest : public testing::Test { 52 class UserCloudPolicyStoreChromeOSTest : public testing::Test {
39 protected: 53 protected:
40 UserCloudPolicyStoreChromeOSTest() 54 UserCloudPolicyStoreChromeOSTest()
41 : loop_(MessageLoop::TYPE_UI), 55 : loop_(MessageLoop::TYPE_UI),
42 ui_thread_(content::BrowserThread::UI, &loop_), 56 ui_thread_(content::BrowserThread::UI, &loop_),
43 file_thread_(content::BrowserThread::FILE, &loop_) {} 57 file_thread_(content::BrowserThread::FILE, &loop_) {}
44 58
45 virtual void SetUp() OVERRIDE { 59 virtual void SetUp() OVERRIDE {
60 EXPECT_CALL(cryptohome_client_,
61 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
62 .Times(AnyNumber())
63 .WillRepeatedly(
64 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS,
65 kSanitizedUsername));
66
46 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); 67 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir());
47 store_.reset(new UserCloudPolicyStoreChromeOS(&session_manager_client_, 68 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_,
69 &session_manager_client_,
48 PolicyBuilder::kFakeUsername, 70 PolicyBuilder::kFakeUsername,
71 user_policy_dir(),
49 token_file(), 72 token_file(),
50 policy_file())); 73 policy_file()));
51 store_->AddObserver(&observer_); 74 store_->AddObserver(&observer_);
52 75
53 policy_.payload().mutable_showhomebutton()->set_value(true); 76 // Install the initial public key, so that by default the validation of
77 // the stored/loaded policy blob succeeds.
78 std::vector<uint8> public_key;
79 policy_.GetPublicKey(&public_key);
80 StoreUserPolicyKey(public_key);
81
82 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage);
54 policy_.Build(); 83 policy_.Build();
55 } 84 }
56 85
57 virtual void TearDown() OVERRIDE { 86 virtual void TearDown() OVERRIDE {
58 store_->RemoveObserver(&observer_); 87 store_->RemoveObserver(&observer_);
59 store_.reset(); 88 store_.reset();
60 loop_.RunUntilIdle(); 89 RunUntilIdle();
61 } 90 }
62 91
63 // Install an expectation on |observer_| for an error code. 92 // Install an expectation on |observer_| for an error code.
64 void ExpectError(CloudPolicyStore::Status error) { 93 void ExpectError(CloudPolicyStore::Status error) {
65 EXPECT_CALL(observer_, 94 EXPECT_CALL(observer_,
66 OnStoreError(AllOf(Eq(store_.get()), 95 OnStoreError(AllOf(Eq(store_.get()),
67 Property(&CloudPolicyStore::status, 96 Property(&CloudPolicyStore::status,
68 Eq(error))))); 97 Eq(error)))));
69 } 98 }
70 99
71 // Triggers a store_->Load() operation, handles the expected call to 100 // Triggers a store_->Load() operation, handles the expected call to
72 // |session_manager_client_| and sends |response|. 101 // |session_manager_client_| and sends |response|.
73 void PerformPolicyLoad(const std::string& response) { 102 void PerformPolicyLoad(const std::string& response) {
74 // Issue a load command. 103 // Issue a load command.
75 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; 104 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
76 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) 105 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_))
77 .WillOnce(SaveArg<0>(&retrieve_callback)); 106 .WillOnce(SaveArg<0>(&retrieve_callback));
78 store_->Load(); 107 store_->Load();
79 loop_.RunUntilIdle(); 108 RunUntilIdle();
80 Mock::VerifyAndClearExpectations(&session_manager_client_); 109 Mock::VerifyAndClearExpectations(&session_manager_client_);
81 ASSERT_FALSE(retrieve_callback.is_null()); 110 ASSERT_FALSE(retrieve_callback.is_null());
82 111
83 // Run the callback. 112 // Run the callback.
84 retrieve_callback.Run(response); 113 retrieve_callback.Run(response);
114 RunUntilIdle();
115 }
116
117 // Verifies that store_->policy_map() has the HomepageLocation entry with
118 // the |expected_value|.
119 void VerifyPolicyMap(const char* expected_value) {
120 EXPECT_EQ(1U, store_->policy_map().size());
121 const PolicyMap::Entry* entry =
122 store_->policy_map().Get(key::kHomepageLocation);
123 ASSERT_TRUE(entry);
124 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value));
125 }
126
127 void StoreUserPolicyKey(const std::vector<uint8>& public_key) {
128 ASSERT_TRUE(file_util::CreateDirectory(user_policy_key_file().DirName()));
129 ASSERT_TRUE(
130 file_util::WriteFile(user_policy_key_file(),
131 reinterpret_cast<const char*>(public_key.data()),
132 public_key.size()));
133 }
134
135 // Stores the current |policy_| and verifies that it is published.
136 // If |new_public_key| is set then it will be persisted after storing but
137 // before loading the policy, so that the signature validation can succeed.
138 // If |previous_value| is set then a previously existing policy with that
139 // value will be expected; otherwise no previous policy is expected.
140 // If |new_value| is set then a new policy with that value is expected after
141 // storing the |policy_| blob.
142 void StorePolicy(const std::vector<uint8>* new_public_key,
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 Should be named PerformPolicyStore for consistency
Joao da Silva 2013/02/07 16:32:00 Done.
143 const char* previous_value,
144 const char* new_value) {
145 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
146 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
147 .WillOnce(SaveArg<1>(&store_callback));
148 store_->Store(policy_.policy());
149 RunUntilIdle();
150 Mock::VerifyAndClearExpectations(&session_manager_client_);
151 ASSERT_FALSE(store_callback.is_null());
152
153 // The new policy shouldn't be present yet.
154 PolicyMap previous_policy;
155 if (!previous_value) {
156 EXPECT_FALSE(store_->policy());
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 Shouldn't this be EXPECT_EQ(previous_value != NULL
Joao da Silva 2013/02/07 16:32:00 Done.
157 } else {
158 previous_policy.Set(key::kHomepageLocation,
159 POLICY_LEVEL_MANDATORY,
160 POLICY_SCOPE_USER,
161 base::Value::CreateStringValue(previous_value));
162 }
163 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
164 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
165
166 // Store the new public key so that the validation after the retrieve
167 // operation completes can verify the signature.
168 if (new_public_key)
169 StoreUserPolicyKey(*new_public_key);
170
171 // Let the store operation complete.
172 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
173 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_))
174 .WillOnce(SaveArg<0>(&retrieve_callback));
175 store_callback.Run(true);
176 RunUntilIdle();
177 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
178 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
179 Mock::VerifyAndClearExpectations(&session_manager_client_);
180 ASSERT_FALSE(retrieve_callback.is_null());
181
182 // Finish the retrieve callback.
183 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
184 retrieve_callback.Run(policy_.GetBlob());
185 RunUntilIdle();
186 ASSERT_TRUE(store_->policy());
187 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
188 store_->policy()->SerializeAsString());
189 VerifyPolicyMap(new_value);
190 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
191 }
192
193 void RunUntilIdle() {
194 loop_.RunUntilIdle();
195 content::BrowserThread::GetBlockingPool()->FlushForTesting();
85 loop_.RunUntilIdle(); 196 loop_.RunUntilIdle();
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 Ah, I hate these snippets. Blocking pool sucks in
86 } 197 }
87 198
88 // Verifies that store_->policy_map() has the ShowHomeButton entry. 199 FilePath user_policy_dir() {
89 void VerifyPolicyMap() { 200 return tmp_dir_.path().AppendASCII("var_run_user_policy");
90 EXPECT_EQ(1U, store_->policy_map().size()); 201 }
91 const PolicyMap::Entry* entry = 202
92 store_->policy_map().Get(key::kShowHomeButton); 203 FilePath user_policy_key_file() {
93 ASSERT_TRUE(entry); 204 return user_policy_dir().AppendASCII(kSanitizedUsername)
94 EXPECT_TRUE(base::FundamentalValue(true).Equals(entry->value)); 205 .AppendASCII("policy.pub");
95 } 206 }
96 207
97 FilePath token_file() { 208 FilePath token_file() {
98 return tmp_dir_.path().AppendASCII("token"); 209 return tmp_dir_.path().AppendASCII("token");
99 } 210 }
100 211
101 FilePath policy_file() { 212 FilePath policy_file() {
102 return tmp_dir_.path().AppendASCII("policy"); 213 return tmp_dir_.path().AppendASCII("policy");
103 } 214 }
104 215
105 MessageLoop loop_; 216 MessageLoop loop_;
217 chromeos::MockCryptohomeClient cryptohome_client_;
106 chromeos::MockSessionManagerClient session_manager_client_; 218 chromeos::MockSessionManagerClient session_manager_client_;
107 UserPolicyBuilder policy_; 219 UserPolicyBuilder policy_;
108 MockCloudPolicyStoreObserver observer_; 220 MockCloudPolicyStoreObserver observer_;
109 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; 221 scoped_ptr<UserCloudPolicyStoreChromeOS> store_;
110 222
111 private: 223 private:
112 content::TestBrowserThread ui_thread_; 224 content::TestBrowserThread ui_thread_;
113 content::TestBrowserThread file_thread_; 225 content::TestBrowserThread file_thread_;
114 base::ScopedTempDir tmp_dir_; 226 base::ScopedTempDir tmp_dir_;
115 227
116 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); 228 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest);
117 }; 229 };
118 230
119 TEST_F(UserCloudPolicyStoreChromeOSTest, Store) { 231 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) {
120 // Store policy. 232 // Start without any public key to trigger the initial key checks.
121 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 233 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false));
122 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) 234 // Make the policy blob contain a new public key.
123 .WillOnce(SaveArg<1>(&store_callback)); 235 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey());
124 store_->Store(policy_.policy()); 236 policy_.Build();
125 loop_.RunUntilIdle(); 237 std::vector<uint8> new_public_key;
126 Mock::VerifyAndClearExpectations(&session_manager_client_); 238 policy_.GetNewPublicKey(&new_public_key);
127 ASSERT_FALSE(store_callback.is_null()); 239 StorePolicy(&new_public_key, NULL, kDefaultHomepage);
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 Wrap in ASSERT_NO_FATAL_FAILURE? (here and below)
Joao da Silva 2013/02/07 16:32:00 Done.
240 }
128 241
129 // No policy should be present yet. 242 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) {
130 EXPECT_FALSE(store_->policy()); 243 StorePolicy(NULL, NULL, kDefaultHomepage);
131 EXPECT_TRUE(store_->policy_map().empty()); 244 }
132 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
133 245
134 // Let the store operation complete. 246 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
135 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; 247 // Make the policy blob contain a new public key.
136 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) 248 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey());
137 .WillOnce(SaveArg<0>(&retrieve_callback)); 249 policy_.Build();
138 store_callback.Run(true); 250 std::vector<uint8> new_public_key;
139 loop_.RunUntilIdle(); 251 policy_.GetNewPublicKey(&new_public_key);
140 EXPECT_TRUE(store_->policy_map().empty()); 252 StorePolicy(&new_public_key, NULL, kDefaultHomepage);
141 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
142 Mock::VerifyAndClearExpectations(&session_manager_client_);
143 ASSERT_FALSE(retrieve_callback.is_null());
144
145 // Finish the retrieve callback.
146 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
147 retrieve_callback.Run(policy_.GetBlob());
148 loop_.RunUntilIdle();
149 ASSERT_TRUE(store_->policy());
150 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
151 store_->policy()->SerializeAsString());
152 VerifyPolicyMap();
153 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
154 } 253 }
155 254
156 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { 255 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
157 // Store policy. 256 // Store policy.
158 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 257 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
159 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) 258 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
160 .WillOnce(SaveArg<1>(&store_callback)); 259 .WillOnce(SaveArg<1>(&store_callback));
161 store_->Store(policy_.policy()); 260 store_->Store(policy_.policy());
162 loop_.RunUntilIdle(); 261 RunUntilIdle();
163 Mock::VerifyAndClearExpectations(&session_manager_client_); 262 Mock::VerifyAndClearExpectations(&session_manager_client_);
164 ASSERT_FALSE(store_callback.is_null()); 263 ASSERT_FALSE(store_callback.is_null());
165 264
166 // Let the store operation complete. 265 // Let the store operation complete.
167 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); 266 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR);
168 store_callback.Run(false); 267 store_callback.Run(false);
169 loop_.RunUntilIdle(); 268 RunUntilIdle();
170 EXPECT_FALSE(store_->policy()); 269 EXPECT_FALSE(store_->policy());
171 EXPECT_TRUE(store_->policy_map().empty()); 270 EXPECT_TRUE(store_->policy_map().empty());
172 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); 271 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status());
173 } 272 }
174 273
175 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { 274 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
176 policy_.policy_data().clear_policy_type(); 275 policy_.policy_data().clear_policy_type();
177 policy_.Build(); 276 policy_.Build();
178 277
179 // Store policy. 278 // Store policy.
180 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 279 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
181 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 280 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
182 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) 281 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
183 .Times(0); 282 .Times(0);
184 store_->Store(policy_.policy()); 283 store_->Store(policy_.policy());
185 loop_.RunUntilIdle(); 284 RunUntilIdle();
186 Mock::VerifyAndClearExpectations(&session_manager_client_); 285 Mock::VerifyAndClearExpectations(&session_manager_client_);
187 } 286 }
188 287
288 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
289 // Make the dbus call to cryptohome fail.
290 Mock::VerifyAndClearExpectations(&cryptohome_client_);
291 EXPECT_CALL(cryptohome_client_,
292 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
293 .Times(AnyNumber())
294 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE,
295 std::string()));
296
297 // Store policy.
298 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
299 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
300 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
301 .Times(0);
302 store_->Store(policy_.policy());
303 RunUntilIdle();
304 Mock::VerifyAndClearExpectations(&session_manager_client_);
305 }
306
307 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
308 // Break the signature.
309 policy_.policy().mutable_policy_data_signature()->append("garbage");
310
311 // Store policy.
312 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
313 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
314 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
315 .Times(0);
316 store_->Store(policy_.policy());
317 RunUntilIdle();
318 Mock::VerifyAndClearExpectations(&session_manager_client_);
319 }
320
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 remove redundant newline
Joao da Silva 2013/02/07 16:32:00 Done.
321
189 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { 322 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 323 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
191 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 324 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
192 Mock::VerifyAndClearExpectations(&observer_); 325 Mock::VerifyAndClearExpectations(&observer_);
193 326
194 // Verify that the policy has been loaded. 327 // Verify that the policy has been loaded.
195 ASSERT_TRUE(store_->policy()); 328 ASSERT_TRUE(store_->policy());
196 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 329 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
197 store_->policy()->SerializeAsString()); 330 store_->policy()->SerializeAsString());
198 VerifyPolicyMap(); 331 VerifyPolicyMap(kDefaultHomepage);
199 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 332 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
200 } 333 }
201 334
202 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 335 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
203 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 336 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
204 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 337 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
205 Mock::VerifyAndClearExpectations(&observer_); 338 Mock::VerifyAndClearExpectations(&observer_);
206 339
207 // Verify no policy has been installed. 340 // Verify no policy has been installed.
208 EXPECT_FALSE(store_->policy()); 341 EXPECT_FALSE(store_->policy());
(...skipping 17 matching lines...) Expand all
226 359
227 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 360 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
228 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 361 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
229 362
230 // Verify no policy has been installed. 363 // Verify no policy has been installed.
231 EXPECT_FALSE(store_->policy()); 364 EXPECT_FALSE(store_->policy());
232 EXPECT_TRUE(store_->policy_map().empty()); 365 EXPECT_TRUE(store_->policy_map().empty());
233 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 366 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
234 } 367 }
235 368
369 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
370 // The loaded policy can't be verified without the public key.
371 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false));
372 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
373 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
374 // Verify no policy has been installed.
375 EXPECT_FALSE(store_->policy());
376 EXPECT_TRUE(store_->policy_map().empty());
377 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
378 }
379
380 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
381 // Break the signature.
382 policy_.policy().mutable_policy_data_signature()->append("garbage");
383 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
384 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
385 // Verify no policy has been installed.
386 EXPECT_FALSE(store_->policy());
387 EXPECT_TRUE(store_->policy_map().empty());
388 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 seems like the last 4 lines are now frequent enoug
Joao da Silva 2013/02/07 16:32:00 Done.
389 }
390
236 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { 391 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) {
237 std::string data; 392 std::string data;
238 393
239 em::DeviceCredentials credentials; 394 em::DeviceCredentials credentials;
240 credentials.set_device_token(kLegacyToken); 395 credentials.set_device_token(kLegacyToken);
241 credentials.set_device_id(kLegacyDeviceId); 396 credentials.set_device_id(kLegacyDeviceId);
242 ASSERT_TRUE(credentials.SerializeToString(&data)); 397 ASSERT_TRUE(credentials.SerializeToString(&data));
243 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); 398 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size()));
244 399
245 em::CachedCloudPolicyResponse cached_policy; 400 em::CachedCloudPolicyResponse cached_policy;
246 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); 401 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
247 ASSERT_TRUE(cached_policy.SerializeToString(&data)); 402 ASSERT_TRUE(cached_policy.SerializeToString(&data));
248 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); 403 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
249 404
250 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 405 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
251 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 406 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
252 Mock::VerifyAndClearExpectations(&observer_); 407 Mock::VerifyAndClearExpectations(&observer_);
253 408
254 // Verify that legacy user policy and token have been loaded. 409 // Verify that legacy user policy and token have been loaded.
255 em::PolicyData expected_policy_data; 410 em::PolicyData expected_policy_data;
256 EXPECT_TRUE(expected_policy_data.ParseFromString( 411 EXPECT_TRUE(expected_policy_data.ParseFromString(
257 cached_policy.cloud_policy().policy_data())); 412 cached_policy.cloud_policy().policy_data()));
258 expected_policy_data.clear_public_key_version(); 413 expected_policy_data.clear_public_key_version();
259 expected_policy_data.set_request_token(kLegacyToken); 414 expected_policy_data.set_request_token(kLegacyToken);
260 expected_policy_data.set_device_id(kLegacyDeviceId); 415 expected_policy_data.set_device_id(kLegacyDeviceId);
261 ASSERT_TRUE(store_->policy()); 416 ASSERT_TRUE(store_->policy());
262 EXPECT_EQ(expected_policy_data.SerializeAsString(), 417 EXPECT_EQ(expected_policy_data.SerializeAsString(),
263 store_->policy()->SerializeAsString()); 418 store_->policy()->SerializeAsString());
264 VerifyPolicyMap(); 419 VerifyPolicyMap(kDefaultHomepage);
265 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 420 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
266 }; 421 }
267 422
268 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { 423 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) {
269 std::string data; 424 std::string data;
270 testing::Sequence seq; 425 testing::Sequence seq;
271 426
272 em::CachedCloudPolicyResponse cached_policy; 427 em::CachedCloudPolicyResponse cached_policy;
273 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); 428 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
274 ASSERT_TRUE(cached_policy.SerializeToString(&data)); 429 ASSERT_TRUE(cached_policy.SerializeToString(&data));
275 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); 430 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
276 431
277 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 432 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
278 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 433 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
279 Mock::VerifyAndClearExpectations(&observer_); 434 Mock::VerifyAndClearExpectations(&observer_);
280 435
281 // Verify the legacy cache has been loaded. 436 // Verify the legacy cache has been loaded.
282 em::PolicyData expected_policy_data; 437 em::PolicyData expected_policy_data;
283 EXPECT_TRUE(expected_policy_data.ParseFromString( 438 EXPECT_TRUE(expected_policy_data.ParseFromString(
284 cached_policy.cloud_policy().policy_data())); 439 cached_policy.cloud_policy().policy_data()));
285 expected_policy_data.clear_public_key_version(); 440 expected_policy_data.clear_public_key_version();
286 ASSERT_TRUE(store_->policy()); 441 ASSERT_TRUE(store_->policy());
287 EXPECT_EQ(expected_policy_data.SerializeAsString(), 442 EXPECT_EQ(expected_policy_data.SerializeAsString(),
288 store_->policy()->SerializeAsString()); 443 store_->policy()->SerializeAsString());
289 VerifyPolicyMap(); 444 VerifyPolicyMap(kDefaultHomepage);
290 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 445 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
291 }; 446 }
292 447
293 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { 448 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) {
294 std::string data; 449 std::string data;
295 450
296 em::DeviceCredentials credentials; 451 em::DeviceCredentials credentials;
297 credentials.set_device_token(kLegacyToken); 452 credentials.set_device_token(kLegacyToken);
298 credentials.set_device_id(kLegacyDeviceId); 453 credentials.set_device_id(kLegacyDeviceId);
299 ASSERT_TRUE(credentials.SerializeToString(&data)); 454 ASSERT_TRUE(credentials.SerializeToString(&data));
300 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); 455 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size()));
301 456
302 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 457 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
303 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 458 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
304 Mock::VerifyAndClearExpectations(&observer_); 459 Mock::VerifyAndClearExpectations(&observer_);
305 460
306 // Verify that legacy user policy and token have been loaded. 461 // Verify that legacy user policy and token have been loaded.
307 em::PolicyData expected_policy_data; 462 em::PolicyData expected_policy_data;
308 expected_policy_data.set_request_token(kLegacyToken); 463 expected_policy_data.set_request_token(kLegacyToken);
309 expected_policy_data.set_device_id(kLegacyDeviceId); 464 expected_policy_data.set_device_id(kLegacyDeviceId);
310 ASSERT_TRUE(store_->policy()); 465 ASSERT_TRUE(store_->policy());
311 EXPECT_EQ(expected_policy_data.SerializeAsString(), 466 EXPECT_EQ(expected_policy_data.SerializeAsString(),
312 store_->policy()->SerializeAsString()); 467 store_->policy()->SerializeAsString());
313 EXPECT_TRUE(store_->policy_map().empty()); 468 EXPECT_TRUE(store_->policy_map().empty());
314 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 469 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
315 }; 470 }
471
472 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) {
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 This one is good, thanks for adding!
473 // Start without an existing public key.
474 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false));
475
476 std::string data;
477 testing::Sequence seq;
478
479 em::CachedCloudPolicyResponse cached_policy;
480 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
481 ASSERT_TRUE(cached_policy.SerializeToString(&data));
482 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
483
484 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
485 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
486 Mock::VerifyAndClearExpectations(&observer_);
487
488 // Verify the legacy cache has been loaded.
489 em::PolicyData expected_policy_data;
490 EXPECT_TRUE(expected_policy_data.ParseFromString(
491 cached_policy.cloud_policy().policy_data()));
492 expected_policy_data.clear_public_key_version();
493 ASSERT_TRUE(store_->policy());
494 EXPECT_EQ(expected_policy_data.SerializeAsString(),
495 store_->policy()->SerializeAsString());
496 VerifyPolicyMap(kDefaultHomepage);
497 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
498 EXPECT_TRUE(file_util::PathExists(policy_file()));
499
500 // Now store a new policy using the new location.
Mattias Nissler (ping if slow) 2013/02/07 14:12:07 *homepage location
Joao da Silva 2013/02/07 16:32:00 Done.
501 const char kNewHomepage[] = "http://google.com";
502 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage);
503 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey());
504 policy_.Build();
505 std::vector<uint8> new_public_key;
506 policy_.GetNewPublicKey(&new_public_key);
507 StorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage);
508 VerifyPolicyMap(kNewHomepage);
509
510 // Verify that the legacy cache has been removed.
511 EXPECT_FALSE(file_util::PathExists(policy_file()));
512 }
316 513
317 } // namespace 514 } // namespace
318 515
319 } // namespace policy 516 } // namespace policy
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698