OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" |
6 | 6 |
7 #include <vector> | |
8 | |
9 #include "base/basictypes.h" | |
10 #include "base/bind.h" | |
7 #include "base/file_util.h" | 11 #include "base/file_util.h" |
8 #include "base/files/scoped_temp_dir.h" | 12 #include "base/files/scoped_temp_dir.h" |
9 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
10 #include "base/message_loop.h" | 14 #include "base/message_loop.h" |
15 #include "base/threading/sequenced_worker_pool.h" | |
11 #include "chrome/browser/policy/cloud_policy_constants.h" | 16 #include "chrome/browser/policy/cloud_policy_constants.h" |
12 #include "chrome/browser/policy/mock_cloud_policy_store.h" | 17 #include "chrome/browser/policy/mock_cloud_policy_store.h" |
13 #include "chrome/browser/policy/policy_builder.h" | 18 #include "chrome/browser/policy/policy_builder.h" |
14 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | 19 #include "chrome/browser/policy/proto/cloud_policy.pb.h" |
15 #include "chrome/browser/policy/proto/device_management_local.pb.h" | 20 #include "chrome/browser/policy/proto/device_management_local.pb.h" |
21 #include "chromeos/dbus/mock_cryptohome_client.h" | |
16 #include "chromeos/dbus/mock_session_manager_client.h" | 22 #include "chromeos/dbus/mock_session_manager_client.h" |
17 #include "content/public/test/test_browser_thread.h" | 23 #include "content/public/test/test_browser_thread.h" |
18 #include "policy/policy_constants.h" | 24 #include "policy/policy_constants.h" |
19 #include "testing/gmock/include/gmock/gmock.h" | 25 #include "testing/gmock/include/gmock/gmock.h" |
20 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
21 | 27 |
22 namespace em = enterprise_management; | 28 namespace em = enterprise_management; |
23 | 29 |
24 using testing::AllOf; | 30 using testing::AllOf; |
31 using testing::AnyNumber; | |
25 using testing::Eq; | 32 using testing::Eq; |
26 using testing::Mock; | 33 using testing::Mock; |
27 using testing::Property; | 34 using testing::Property; |
28 using testing::SaveArg; | 35 using testing::SaveArg; |
29 using testing::_; | 36 using testing::_; |
30 | 37 |
31 namespace policy { | 38 namespace policy { |
32 | 39 |
33 namespace { | 40 namespace { |
34 | 41 |
35 const char kLegacyDeviceId[] = "legacy-device-id"; | 42 const char kLegacyDeviceId[] = "legacy-device-id"; |
36 const char kLegacyToken[] = "legacy-token"; | 43 const char kLegacyToken[] = "legacy-token"; |
44 const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678"; | |
45 const char kDefaultHomepage[] = "http://chromium.org"; | |
46 | |
47 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { | |
48 MessageLoop::current()->PostTask( | |
49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); | |
50 } | |
37 | 51 |
38 class UserCloudPolicyStoreChromeOSTest : public testing::Test { | 52 class UserCloudPolicyStoreChromeOSTest : public testing::Test { |
39 protected: | 53 protected: |
40 UserCloudPolicyStoreChromeOSTest() | 54 UserCloudPolicyStoreChromeOSTest() |
41 : loop_(MessageLoop::TYPE_UI), | 55 : loop_(MessageLoop::TYPE_UI), |
42 ui_thread_(content::BrowserThread::UI, &loop_), | 56 ui_thread_(content::BrowserThread::UI, &loop_), |
43 file_thread_(content::BrowserThread::FILE, &loop_) {} | 57 file_thread_(content::BrowserThread::FILE, &loop_) {} |
44 | 58 |
45 virtual void SetUp() OVERRIDE { | 59 virtual void SetUp() OVERRIDE { |
60 EXPECT_CALL(cryptohome_client_, | |
61 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) | |
62 .Times(AnyNumber()) | |
63 .WillRepeatedly( | |
64 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS, | |
65 kSanitizedUsername)); | |
66 | |
46 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); | 67 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); |
47 store_.reset(new UserCloudPolicyStoreChromeOS(&session_manager_client_, | 68 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_, |
69 &session_manager_client_, | |
48 PolicyBuilder::kFakeUsername, | 70 PolicyBuilder::kFakeUsername, |
71 user_policy_dir(), | |
49 token_file(), | 72 token_file(), |
50 policy_file())); | 73 policy_file())); |
51 store_->AddObserver(&observer_); | 74 store_->AddObserver(&observer_); |
52 | 75 |
53 policy_.payload().mutable_showhomebutton()->set_value(true); | 76 // Install the initial public key, so that by default the validation of |
77 // the stored/loaded policy blob succeeds. | |
78 std::vector<uint8> public_key; | |
79 policy_.GetPublicKey(&public_key); | |
80 StoreUserPolicyKey(public_key); | |
81 | |
82 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); | |
54 policy_.Build(); | 83 policy_.Build(); |
55 } | 84 } |
56 | 85 |
57 virtual void TearDown() OVERRIDE { | 86 virtual void TearDown() OVERRIDE { |
58 store_->RemoveObserver(&observer_); | 87 store_->RemoveObserver(&observer_); |
59 store_.reset(); | 88 store_.reset(); |
60 loop_.RunUntilIdle(); | 89 RunUntilIdle(); |
61 } | 90 } |
62 | 91 |
63 // Install an expectation on |observer_| for an error code. | 92 // Install an expectation on |observer_| for an error code. |
64 void ExpectError(CloudPolicyStore::Status error) { | 93 void ExpectError(CloudPolicyStore::Status error) { |
65 EXPECT_CALL(observer_, | 94 EXPECT_CALL(observer_, |
66 OnStoreError(AllOf(Eq(store_.get()), | 95 OnStoreError(AllOf(Eq(store_.get()), |
67 Property(&CloudPolicyStore::status, | 96 Property(&CloudPolicyStore::status, |
68 Eq(error))))); | 97 Eq(error))))); |
69 } | 98 } |
70 | 99 |
71 // Triggers a store_->Load() operation, handles the expected call to | 100 // Triggers a store_->Load() operation, handles the expected call to |
72 // |session_manager_client_| and sends |response|. | 101 // |session_manager_client_| and sends |response|. |
73 void PerformPolicyLoad(const std::string& response) { | 102 void PerformPolicyLoad(const std::string& response) { |
74 // Issue a load command. | 103 // Issue a load command. |
75 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 104 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
76 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | 105 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) |
77 .WillOnce(SaveArg<0>(&retrieve_callback)); | 106 .WillOnce(SaveArg<0>(&retrieve_callback)); |
78 store_->Load(); | 107 store_->Load(); |
79 loop_.RunUntilIdle(); | 108 RunUntilIdle(); |
80 Mock::VerifyAndClearExpectations(&session_manager_client_); | 109 Mock::VerifyAndClearExpectations(&session_manager_client_); |
81 ASSERT_FALSE(retrieve_callback.is_null()); | 110 ASSERT_FALSE(retrieve_callback.is_null()); |
82 | 111 |
83 // Run the callback. | 112 // Run the callback. |
84 retrieve_callback.Run(response); | 113 retrieve_callback.Run(response); |
114 RunUntilIdle(); | |
115 } | |
116 | |
117 // Verifies that store_->policy_map() has the HomepageLocation entry with | |
118 // the |expected_value|. | |
119 void VerifyPolicyMap(const char* expected_value) { | |
120 EXPECT_EQ(1U, store_->policy_map().size()); | |
121 const PolicyMap::Entry* entry = | |
122 store_->policy_map().Get(key::kHomepageLocation); | |
123 ASSERT_TRUE(entry); | |
124 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value)); | |
125 } | |
126 | |
127 void StoreUserPolicyKey(const std::vector<uint8>& public_key) { | |
128 ASSERT_TRUE(file_util::CreateDirectory(user_policy_key_file().DirName())); | |
129 ASSERT_TRUE( | |
130 file_util::WriteFile(user_policy_key_file(), | |
131 reinterpret_cast<const char*>(public_key.data()), | |
132 public_key.size())); | |
133 } | |
134 | |
135 // Stores the current |policy_| and verifies that it is published. | |
136 // If |new_public_key| is set then it will be persisted after storing but | |
137 // before loading the policy, so that the signature validation can succeed. | |
138 // If |previous_value| is set then a previously existing policy with that | |
139 // value will be expected; otherwise no previous policy is expected. | |
140 // If |new_value| is set then a new policy with that value is expected after | |
141 // storing the |policy_| blob. | |
142 void StorePolicy(const std::vector<uint8>* new_public_key, | |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
Should be named PerformPolicyStore for consistency
Joao da Silva
2013/02/07 16:32:00
Done.
| |
143 const char* previous_value, | |
144 const char* new_value) { | |
145 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | |
146 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | |
147 .WillOnce(SaveArg<1>(&store_callback)); | |
148 store_->Store(policy_.policy()); | |
149 RunUntilIdle(); | |
150 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
151 ASSERT_FALSE(store_callback.is_null()); | |
152 | |
153 // The new policy shouldn't be present yet. | |
154 PolicyMap previous_policy; | |
155 if (!previous_value) { | |
156 EXPECT_FALSE(store_->policy()); | |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
Shouldn't this be EXPECT_EQ(previous_value != NULL
Joao da Silva
2013/02/07 16:32:00
Done.
| |
157 } else { | |
158 previous_policy.Set(key::kHomepageLocation, | |
159 POLICY_LEVEL_MANDATORY, | |
160 POLICY_SCOPE_USER, | |
161 base::Value::CreateStringValue(previous_value)); | |
162 } | |
163 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | |
164 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
165 | |
166 // Store the new public key so that the validation after the retrieve | |
167 // operation completes can verify the signature. | |
168 if (new_public_key) | |
169 StoreUserPolicyKey(*new_public_key); | |
170 | |
171 // Let the store operation complete. | |
172 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | |
173 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | |
174 .WillOnce(SaveArg<0>(&retrieve_callback)); | |
175 store_callback.Run(true); | |
176 RunUntilIdle(); | |
177 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | |
178 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
179 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
180 ASSERT_FALSE(retrieve_callback.is_null()); | |
181 | |
182 // Finish the retrieve callback. | |
183 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
184 retrieve_callback.Run(policy_.GetBlob()); | |
185 RunUntilIdle(); | |
186 ASSERT_TRUE(store_->policy()); | |
187 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | |
188 store_->policy()->SerializeAsString()); | |
189 VerifyPolicyMap(new_value); | |
190 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
191 } | |
192 | |
193 void RunUntilIdle() { | |
194 loop_.RunUntilIdle(); | |
195 content::BrowserThread::GetBlockingPool()->FlushForTesting(); | |
85 loop_.RunUntilIdle(); | 196 loop_.RunUntilIdle(); |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
Ah, I hate these snippets. Blocking pool sucks in
| |
86 } | 197 } |
87 | 198 |
88 // Verifies that store_->policy_map() has the ShowHomeButton entry. | 199 FilePath user_policy_dir() { |
89 void VerifyPolicyMap() { | 200 return tmp_dir_.path().AppendASCII("var_run_user_policy"); |
90 EXPECT_EQ(1U, store_->policy_map().size()); | 201 } |
91 const PolicyMap::Entry* entry = | 202 |
92 store_->policy_map().Get(key::kShowHomeButton); | 203 FilePath user_policy_key_file() { |
93 ASSERT_TRUE(entry); | 204 return user_policy_dir().AppendASCII(kSanitizedUsername) |
94 EXPECT_TRUE(base::FundamentalValue(true).Equals(entry->value)); | 205 .AppendASCII("policy.pub"); |
95 } | 206 } |
96 | 207 |
97 FilePath token_file() { | 208 FilePath token_file() { |
98 return tmp_dir_.path().AppendASCII("token"); | 209 return tmp_dir_.path().AppendASCII("token"); |
99 } | 210 } |
100 | 211 |
101 FilePath policy_file() { | 212 FilePath policy_file() { |
102 return tmp_dir_.path().AppendASCII("policy"); | 213 return tmp_dir_.path().AppendASCII("policy"); |
103 } | 214 } |
104 | 215 |
105 MessageLoop loop_; | 216 MessageLoop loop_; |
217 chromeos::MockCryptohomeClient cryptohome_client_; | |
106 chromeos::MockSessionManagerClient session_manager_client_; | 218 chromeos::MockSessionManagerClient session_manager_client_; |
107 UserPolicyBuilder policy_; | 219 UserPolicyBuilder policy_; |
108 MockCloudPolicyStoreObserver observer_; | 220 MockCloudPolicyStoreObserver observer_; |
109 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; | 221 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; |
110 | 222 |
111 private: | 223 private: |
112 content::TestBrowserThread ui_thread_; | 224 content::TestBrowserThread ui_thread_; |
113 content::TestBrowserThread file_thread_; | 225 content::TestBrowserThread file_thread_; |
114 base::ScopedTempDir tmp_dir_; | 226 base::ScopedTempDir tmp_dir_; |
115 | 227 |
116 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); | 228 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); |
117 }; | 229 }; |
118 | 230 |
119 TEST_F(UserCloudPolicyStoreChromeOSTest, Store) { | 231 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
120 // Store policy. | 232 // Start without any public key to trigger the initial key checks. |
121 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 233 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); |
122 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 234 // Make the policy blob contain a new public key. |
123 .WillOnce(SaveArg<1>(&store_callback)); | 235 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
124 store_->Store(policy_.policy()); | 236 policy_.Build(); |
125 loop_.RunUntilIdle(); | 237 std::vector<uint8> new_public_key; |
126 Mock::VerifyAndClearExpectations(&session_manager_client_); | 238 policy_.GetNewPublicKey(&new_public_key); |
127 ASSERT_FALSE(store_callback.is_null()); | 239 StorePolicy(&new_public_key, NULL, kDefaultHomepage); |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
Wrap in ASSERT_NO_FATAL_FAILURE? (here and below)
Joao da Silva
2013/02/07 16:32:00
Done.
| |
240 } | |
128 | 241 |
129 // No policy should be present yet. | 242 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
130 EXPECT_FALSE(store_->policy()); | 243 StorePolicy(NULL, NULL, kDefaultHomepage); |
131 EXPECT_TRUE(store_->policy_map().empty()); | 244 } |
132 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
133 | 245 |
134 // Let the store operation complete. | 246 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
135 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 247 // Make the policy blob contain a new public key. |
136 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | 248 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
137 .WillOnce(SaveArg<0>(&retrieve_callback)); | 249 policy_.Build(); |
138 store_callback.Run(true); | 250 std::vector<uint8> new_public_key; |
139 loop_.RunUntilIdle(); | 251 policy_.GetNewPublicKey(&new_public_key); |
140 EXPECT_TRUE(store_->policy_map().empty()); | 252 StorePolicy(&new_public_key, NULL, kDefaultHomepage); |
141 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
142 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
143 ASSERT_FALSE(retrieve_callback.is_null()); | |
144 | |
145 // Finish the retrieve callback. | |
146 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
147 retrieve_callback.Run(policy_.GetBlob()); | |
148 loop_.RunUntilIdle(); | |
149 ASSERT_TRUE(store_->policy()); | |
150 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | |
151 store_->policy()->SerializeAsString()); | |
152 VerifyPolicyMap(); | |
153 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
154 } | 253 } |
155 | 254 |
156 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 255 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
157 // Store policy. | 256 // Store policy. |
158 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 257 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
159 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 258 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
160 .WillOnce(SaveArg<1>(&store_callback)); | 259 .WillOnce(SaveArg<1>(&store_callback)); |
161 store_->Store(policy_.policy()); | 260 store_->Store(policy_.policy()); |
162 loop_.RunUntilIdle(); | 261 RunUntilIdle(); |
163 Mock::VerifyAndClearExpectations(&session_manager_client_); | 262 Mock::VerifyAndClearExpectations(&session_manager_client_); |
164 ASSERT_FALSE(store_callback.is_null()); | 263 ASSERT_FALSE(store_callback.is_null()); |
165 | 264 |
166 // Let the store operation complete. | 265 // Let the store operation complete. |
167 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 266 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
168 store_callback.Run(false); | 267 store_callback.Run(false); |
169 loop_.RunUntilIdle(); | 268 RunUntilIdle(); |
170 EXPECT_FALSE(store_->policy()); | 269 EXPECT_FALSE(store_->policy()); |
171 EXPECT_TRUE(store_->policy_map().empty()); | 270 EXPECT_TRUE(store_->policy_map().empty()); |
172 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 271 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
173 } | 272 } |
174 | 273 |
175 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 274 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
176 policy_.policy_data().clear_policy_type(); | 275 policy_.policy_data().clear_policy_type(); |
177 policy_.Build(); | 276 policy_.Build(); |
178 | 277 |
179 // Store policy. | 278 // Store policy. |
180 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 279 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
181 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 280 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
182 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 281 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
183 .Times(0); | 282 .Times(0); |
184 store_->Store(policy_.policy()); | 283 store_->Store(policy_.policy()); |
185 loop_.RunUntilIdle(); | 284 RunUntilIdle(); |
186 Mock::VerifyAndClearExpectations(&session_manager_client_); | 285 Mock::VerifyAndClearExpectations(&session_manager_client_); |
187 } | 286 } |
188 | 287 |
288 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | |
289 // Make the dbus call to cryptohome fail. | |
290 Mock::VerifyAndClearExpectations(&cryptohome_client_); | |
291 EXPECT_CALL(cryptohome_client_, | |
292 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) | |
293 .Times(AnyNumber()) | |
294 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | |
295 std::string())); | |
296 | |
297 // Store policy. | |
298 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | |
299 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
300 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | |
301 .Times(0); | |
302 store_->Store(policy_.policy()); | |
303 RunUntilIdle(); | |
304 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
305 } | |
306 | |
307 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | |
308 // Break the signature. | |
309 policy_.policy().mutable_policy_data_signature()->append("garbage"); | |
310 | |
311 // Store policy. | |
312 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | |
313 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
314 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | |
315 .Times(0); | |
316 store_->Store(policy_.policy()); | |
317 RunUntilIdle(); | |
318 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
319 } | |
320 | |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
remove redundant newline
Joao da Silva
2013/02/07 16:32:00
Done.
| |
321 | |
189 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 322 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 323 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
191 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 324 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
192 Mock::VerifyAndClearExpectations(&observer_); | 325 Mock::VerifyAndClearExpectations(&observer_); |
193 | 326 |
194 // Verify that the policy has been loaded. | 327 // Verify that the policy has been loaded. |
195 ASSERT_TRUE(store_->policy()); | 328 ASSERT_TRUE(store_->policy()); |
196 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 329 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
197 store_->policy()->SerializeAsString()); | 330 store_->policy()->SerializeAsString()); |
198 VerifyPolicyMap(); | 331 VerifyPolicyMap(kDefaultHomepage); |
199 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 332 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
200 } | 333 } |
201 | 334 |
202 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 335 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
203 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 336 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
204 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 337 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
205 Mock::VerifyAndClearExpectations(&observer_); | 338 Mock::VerifyAndClearExpectations(&observer_); |
206 | 339 |
207 // Verify no policy has been installed. | 340 // Verify no policy has been installed. |
208 EXPECT_FALSE(store_->policy()); | 341 EXPECT_FALSE(store_->policy()); |
(...skipping 17 matching lines...) Expand all Loading... | |
226 | 359 |
227 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 360 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
228 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 361 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
229 | 362 |
230 // Verify no policy has been installed. | 363 // Verify no policy has been installed. |
231 EXPECT_FALSE(store_->policy()); | 364 EXPECT_FALSE(store_->policy()); |
232 EXPECT_TRUE(store_->policy_map().empty()); | 365 EXPECT_TRUE(store_->policy_map().empty()); |
233 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 366 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
234 } | 367 } |
235 | 368 |
369 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { | |
370 // The loaded policy can't be verified without the public key. | |
371 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); | |
372 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
373 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | |
374 // Verify no policy has been installed. | |
375 EXPECT_FALSE(store_->policy()); | |
376 EXPECT_TRUE(store_->policy_map().empty()); | |
377 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | |
378 } | |
379 | |
380 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | |
381 // Break the signature. | |
382 policy_.policy().mutable_policy_data_signature()->append("garbage"); | |
383 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
384 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | |
385 // Verify no policy has been installed. | |
386 EXPECT_FALSE(store_->policy()); | |
387 EXPECT_TRUE(store_->policy_map().empty()); | |
388 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
seems like the last 4 lines are now frequent enoug
Joao da Silva
2013/02/07 16:32:00
Done.
| |
389 } | |
390 | |
236 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | 391 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { |
237 std::string data; | 392 std::string data; |
238 | 393 |
239 em::DeviceCredentials credentials; | 394 em::DeviceCredentials credentials; |
240 credentials.set_device_token(kLegacyToken); | 395 credentials.set_device_token(kLegacyToken); |
241 credentials.set_device_id(kLegacyDeviceId); | 396 credentials.set_device_id(kLegacyDeviceId); |
242 ASSERT_TRUE(credentials.SerializeToString(&data)); | 397 ASSERT_TRUE(credentials.SerializeToString(&data)); |
243 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); | 398 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); |
244 | 399 |
245 em::CachedCloudPolicyResponse cached_policy; | 400 em::CachedCloudPolicyResponse cached_policy; |
246 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 401 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
247 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 402 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
248 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); | 403 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); |
249 | 404 |
250 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 405 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
251 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 406 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
252 Mock::VerifyAndClearExpectations(&observer_); | 407 Mock::VerifyAndClearExpectations(&observer_); |
253 | 408 |
254 // Verify that legacy user policy and token have been loaded. | 409 // Verify that legacy user policy and token have been loaded. |
255 em::PolicyData expected_policy_data; | 410 em::PolicyData expected_policy_data; |
256 EXPECT_TRUE(expected_policy_data.ParseFromString( | 411 EXPECT_TRUE(expected_policy_data.ParseFromString( |
257 cached_policy.cloud_policy().policy_data())); | 412 cached_policy.cloud_policy().policy_data())); |
258 expected_policy_data.clear_public_key_version(); | 413 expected_policy_data.clear_public_key_version(); |
259 expected_policy_data.set_request_token(kLegacyToken); | 414 expected_policy_data.set_request_token(kLegacyToken); |
260 expected_policy_data.set_device_id(kLegacyDeviceId); | 415 expected_policy_data.set_device_id(kLegacyDeviceId); |
261 ASSERT_TRUE(store_->policy()); | 416 ASSERT_TRUE(store_->policy()); |
262 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 417 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
263 store_->policy()->SerializeAsString()); | 418 store_->policy()->SerializeAsString()); |
264 VerifyPolicyMap(); | 419 VerifyPolicyMap(kDefaultHomepage); |
265 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 420 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
266 }; | 421 } |
267 | 422 |
268 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { | 423 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { |
269 std::string data; | 424 std::string data; |
270 testing::Sequence seq; | 425 testing::Sequence seq; |
271 | 426 |
272 em::CachedCloudPolicyResponse cached_policy; | 427 em::CachedCloudPolicyResponse cached_policy; |
273 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 428 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
274 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 429 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
275 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); | 430 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); |
276 | 431 |
277 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 432 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
278 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 433 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
279 Mock::VerifyAndClearExpectations(&observer_); | 434 Mock::VerifyAndClearExpectations(&observer_); |
280 | 435 |
281 // Verify the legacy cache has been loaded. | 436 // Verify the legacy cache has been loaded. |
282 em::PolicyData expected_policy_data; | 437 em::PolicyData expected_policy_data; |
283 EXPECT_TRUE(expected_policy_data.ParseFromString( | 438 EXPECT_TRUE(expected_policy_data.ParseFromString( |
284 cached_policy.cloud_policy().policy_data())); | 439 cached_policy.cloud_policy().policy_data())); |
285 expected_policy_data.clear_public_key_version(); | 440 expected_policy_data.clear_public_key_version(); |
286 ASSERT_TRUE(store_->policy()); | 441 ASSERT_TRUE(store_->policy()); |
287 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 442 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
288 store_->policy()->SerializeAsString()); | 443 store_->policy()->SerializeAsString()); |
289 VerifyPolicyMap(); | 444 VerifyPolicyMap(kDefaultHomepage); |
290 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 445 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
291 }; | 446 } |
292 | 447 |
293 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { | 448 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { |
294 std::string data; | 449 std::string data; |
295 | 450 |
296 em::DeviceCredentials credentials; | 451 em::DeviceCredentials credentials; |
297 credentials.set_device_token(kLegacyToken); | 452 credentials.set_device_token(kLegacyToken); |
298 credentials.set_device_id(kLegacyDeviceId); | 453 credentials.set_device_id(kLegacyDeviceId); |
299 ASSERT_TRUE(credentials.SerializeToString(&data)); | 454 ASSERT_TRUE(credentials.SerializeToString(&data)); |
300 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); | 455 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); |
301 | 456 |
302 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 457 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
303 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 458 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
304 Mock::VerifyAndClearExpectations(&observer_); | 459 Mock::VerifyAndClearExpectations(&observer_); |
305 | 460 |
306 // Verify that legacy user policy and token have been loaded. | 461 // Verify that legacy user policy and token have been loaded. |
307 em::PolicyData expected_policy_data; | 462 em::PolicyData expected_policy_data; |
308 expected_policy_data.set_request_token(kLegacyToken); | 463 expected_policy_data.set_request_token(kLegacyToken); |
309 expected_policy_data.set_device_id(kLegacyDeviceId); | 464 expected_policy_data.set_device_id(kLegacyDeviceId); |
310 ASSERT_TRUE(store_->policy()); | 465 ASSERT_TRUE(store_->policy()); |
311 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 466 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
312 store_->policy()->SerializeAsString()); | 467 store_->policy()->SerializeAsString()); |
313 EXPECT_TRUE(store_->policy_map().empty()); | 468 EXPECT_TRUE(store_->policy_map().empty()); |
314 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 469 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
315 }; | 470 } |
471 | |
472 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { | |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
This one is good, thanks for adding!
| |
473 // Start without an existing public key. | |
474 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); | |
475 | |
476 std::string data; | |
477 testing::Sequence seq; | |
478 | |
479 em::CachedCloudPolicyResponse cached_policy; | |
480 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | |
481 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | |
482 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); | |
483 | |
484 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
485 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | |
486 Mock::VerifyAndClearExpectations(&observer_); | |
487 | |
488 // Verify the legacy cache has been loaded. | |
489 em::PolicyData expected_policy_data; | |
490 EXPECT_TRUE(expected_policy_data.ParseFromString( | |
491 cached_policy.cloud_policy().policy_data())); | |
492 expected_policy_data.clear_public_key_version(); | |
493 ASSERT_TRUE(store_->policy()); | |
494 EXPECT_EQ(expected_policy_data.SerializeAsString(), | |
495 store_->policy()->SerializeAsString()); | |
496 VerifyPolicyMap(kDefaultHomepage); | |
497 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
498 EXPECT_TRUE(file_util::PathExists(policy_file())); | |
499 | |
500 // Now store a new policy using the new location. | |
Mattias Nissler (ping if slow)
2013/02/07 14:12:07
*homepage location
Joao da Silva
2013/02/07 16:32:00
Done.
| |
501 const char kNewHomepage[] = "http://google.com"; | |
502 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage); | |
503 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); | |
504 policy_.Build(); | |
505 std::vector<uint8> new_public_key; | |
506 policy_.GetNewPublicKey(&new_public_key); | |
507 StorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage); | |
508 VerifyPolicyMap(kNewHomepage); | |
509 | |
510 // Verify that the legacy cache has been removed. | |
511 EXPECT_FALSE(file_util::PathExists(policy_file())); | |
512 } | |
316 | 513 |
317 } // namespace | 514 } // namespace |
318 | 515 |
319 } // namespace policy | 516 } // namespace policy |
OLD | NEW |