OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" |
6 | 6 |
7 #include <vector> | |
8 | |
9 #include "base/basictypes.h" | |
10 #include "base/bind.h" | |
7 #include "base/file_util.h" | 11 #include "base/file_util.h" |
8 #include "base/files/scoped_temp_dir.h" | 12 #include "base/files/scoped_temp_dir.h" |
9 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
10 #include "base/message_loop.h" | 14 #include "base/message_loop.h" |
15 #include "base/threading/sequenced_worker_pool.h" | |
11 #include "chrome/browser/policy/cloud_policy_constants.h" | 16 #include "chrome/browser/policy/cloud_policy_constants.h" |
12 #include "chrome/browser/policy/mock_cloud_policy_store.h" | 17 #include "chrome/browser/policy/mock_cloud_policy_store.h" |
13 #include "chrome/browser/policy/policy_builder.h" | 18 #include "chrome/browser/policy/policy_builder.h" |
14 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | 19 #include "chrome/browser/policy/proto/cloud_policy.pb.h" |
15 #include "chrome/browser/policy/proto/device_management_local.pb.h" | 20 #include "chrome/browser/policy/proto/device_management_local.pb.h" |
21 #include "chromeos/dbus/mock_cryptohome_client.h" | |
16 #include "chromeos/dbus/mock_session_manager_client.h" | 22 #include "chromeos/dbus/mock_session_manager_client.h" |
17 #include "content/public/test/test_browser_thread.h" | 23 #include "content/public/test/test_browser_thread.h" |
18 #include "policy/policy_constants.h" | 24 #include "policy/policy_constants.h" |
19 #include "testing/gmock/include/gmock/gmock.h" | 25 #include "testing/gmock/include/gmock/gmock.h" |
20 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
21 | 27 |
22 namespace em = enterprise_management; | 28 namespace em = enterprise_management; |
23 | 29 |
24 using testing::AllOf; | 30 using testing::AllOf; |
31 using testing::AnyNumber; | |
25 using testing::Eq; | 32 using testing::Eq; |
26 using testing::Mock; | 33 using testing::Mock; |
27 using testing::Property; | 34 using testing::Property; |
28 using testing::SaveArg; | 35 using testing::SaveArg; |
29 using testing::_; | 36 using testing::_; |
30 | 37 |
31 namespace policy { | 38 namespace policy { |
32 | 39 |
33 namespace { | 40 namespace { |
34 | 41 |
35 const char kLegacyDeviceId[] = "legacy-device-id"; | 42 const char kLegacyDeviceId[] = "legacy-device-id"; |
36 const char kLegacyToken[] = "legacy-token"; | 43 const char kLegacyToken[] = "legacy-token"; |
44 const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678"; | |
45 const char kDefaultHomepage[] = "http://chromium.org"; | |
46 | |
47 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { | |
48 MessageLoop::current()->PostTask( | |
49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); | |
50 } | |
37 | 51 |
38 class UserCloudPolicyStoreChromeOSTest : public testing::Test { | 52 class UserCloudPolicyStoreChromeOSTest : public testing::Test { |
39 protected: | 53 protected: |
40 UserCloudPolicyStoreChromeOSTest() | 54 UserCloudPolicyStoreChromeOSTest() |
41 : loop_(MessageLoop::TYPE_UI), | 55 : loop_(MessageLoop::TYPE_UI), |
42 ui_thread_(content::BrowserThread::UI, &loop_), | 56 ui_thread_(content::BrowserThread::UI, &loop_), |
43 file_thread_(content::BrowserThread::FILE, &loop_) {} | 57 file_thread_(content::BrowserThread::FILE, &loop_) {} |
44 | 58 |
45 virtual void SetUp() OVERRIDE { | 59 virtual void SetUp() OVERRIDE { |
60 EXPECT_CALL(cryptohome_client_, | |
61 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) | |
62 .Times(AnyNumber()) | |
63 .WillRepeatedly( | |
64 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS, | |
65 kSanitizedUsername)); | |
66 | |
46 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); | 67 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); |
47 store_.reset(new UserCloudPolicyStoreChromeOS(&session_manager_client_, | 68 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_, |
69 &session_manager_client_, | |
48 PolicyBuilder::kFakeUsername, | 70 PolicyBuilder::kFakeUsername, |
71 user_policy_dir(), | |
49 token_file(), | 72 token_file(), |
50 policy_file())); | 73 policy_file())); |
51 store_->AddObserver(&observer_); | 74 store_->AddObserver(&observer_); |
52 | 75 |
53 policy_.payload().mutable_showhomebutton()->set_value(true); | 76 // Install the initial public key, so that by default the validation of |
77 // the stored/loaded policy blob succeeds. | |
78 std::vector<uint8> public_key; | |
79 policy_.GetPublicKey(&public_key); | |
80 StoreUserPolicyKey(public_key); | |
81 | |
82 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); | |
54 policy_.Build(); | 83 policy_.Build(); |
55 } | 84 } |
56 | 85 |
57 virtual void TearDown() OVERRIDE { | 86 virtual void TearDown() OVERRIDE { |
58 store_->RemoveObserver(&observer_); | 87 store_->RemoveObserver(&observer_); |
59 store_.reset(); | 88 store_.reset(); |
60 loop_.RunUntilIdle(); | 89 RunUntilIdle(); |
61 } | 90 } |
62 | 91 |
63 // Install an expectation on |observer_| for an error code. | 92 // Install an expectation on |observer_| for an error code. |
64 void ExpectError(CloudPolicyStore::Status error) { | 93 void ExpectError(CloudPolicyStore::Status error) { |
65 EXPECT_CALL(observer_, | 94 EXPECT_CALL(observer_, |
66 OnStoreError(AllOf(Eq(store_.get()), | 95 OnStoreError(AllOf(Eq(store_.get()), |
67 Property(&CloudPolicyStore::status, | 96 Property(&CloudPolicyStore::status, |
68 Eq(error))))); | 97 Eq(error))))); |
69 } | 98 } |
70 | 99 |
71 // Triggers a store_->Load() operation, handles the expected call to | 100 // Triggers a store_->Load() operation, handles the expected call to |
72 // |session_manager_client_| and sends |response|. | 101 // |session_manager_client_| and sends |response|. |
73 void PerformPolicyLoad(const std::string& response) { | 102 void PerformPolicyLoad(const std::string& response) { |
74 // Issue a load command. | 103 // Issue a load command. |
75 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 104 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
76 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | 105 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) |
77 .WillOnce(SaveArg<0>(&retrieve_callback)); | 106 .WillOnce(SaveArg<0>(&retrieve_callback)); |
78 store_->Load(); | 107 store_->Load(); |
79 loop_.RunUntilIdle(); | 108 RunUntilIdle(); |
80 Mock::VerifyAndClearExpectations(&session_manager_client_); | 109 Mock::VerifyAndClearExpectations(&session_manager_client_); |
81 ASSERT_FALSE(retrieve_callback.is_null()); | 110 ASSERT_FALSE(retrieve_callback.is_null()); |
82 | 111 |
83 // Run the callback. | 112 // Run the callback. |
84 retrieve_callback.Run(response); | 113 retrieve_callback.Run(response); |
114 RunUntilIdle(); | |
115 } | |
116 | |
117 // Verifies that store_->policy_map() has the HomepageLocation entry with | |
118 // the |expected_value|. | |
119 void VerifyPolicyMap(const char* expected_value) { | |
120 EXPECT_EQ(1U, store_->policy_map().size()); | |
121 const PolicyMap::Entry* entry = | |
122 store_->policy_map().Get(key::kHomepageLocation); | |
123 ASSERT_TRUE(entry); | |
124 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value)); | |
125 } | |
126 | |
127 void StoreUserPolicyKey(const std::vector<uint8>& public_key) { | |
128 ASSERT_TRUE(file_util::CreateDirectory(user_policy_key_file().DirName())); | |
129 ASSERT_TRUE( | |
130 file_util::WriteFile(user_policy_key_file(), | |
131 reinterpret_cast<const char*>(public_key.data()), | |
132 public_key.size())); | |
133 } | |
134 | |
135 // Stores the current |policy_| and verifies that it is published. | |
136 // If |new_public_key| is set then it will be persisted after storing but | |
137 // before loading the policy, so that the signature validation can succeed. | |
138 // If |previous_value| is set then a previously existing policy with that | |
139 // value will be expected; otherwise no previous policy is expected. | |
140 // If |new_value| is set then a new policy with that value is expected after | |
141 // storing the |policy_| blob. | |
142 void PerformStorePolicy(const std::vector<uint8>* new_public_key, | |
143 const char* previous_value, | |
144 const char* new_value) { | |
145 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | |
146 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | |
147 .WillOnce(SaveArg<1>(&store_callback)); | |
148 store_->Store(policy_.policy()); | |
149 RunUntilIdle(); | |
150 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
151 ASSERT_FALSE(store_callback.is_null()); | |
152 | |
153 // The new policy shouldn't be present yet. | |
154 PolicyMap previous_policy; | |
155 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); | |
156 if (previous_value) { | |
157 previous_policy.Set(key::kHomepageLocation, | |
158 POLICY_LEVEL_MANDATORY, | |
159 POLICY_SCOPE_USER, | |
160 base::Value::CreateStringValue(previous_value)); | |
161 } | |
162 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | |
163 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
164 | |
165 // Store the new public key so that the validation after the retrieve | |
166 // operation completes can verify the signature. | |
167 if (new_public_key) | |
168 StoreUserPolicyKey(*new_public_key); | |
169 | |
170 // Let the store operation complete. | |
171 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | |
172 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | |
173 .WillOnce(SaveArg<0>(&retrieve_callback)); | |
174 store_callback.Run(true); | |
175 RunUntilIdle(); | |
176 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | |
177 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
178 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
179 ASSERT_FALSE(retrieve_callback.is_null()); | |
180 | |
181 // Finish the retrieve callback. | |
182 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
183 retrieve_callback.Run(policy_.GetBlob()); | |
184 RunUntilIdle(); | |
185 ASSERT_TRUE(store_->policy()); | |
186 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | |
187 store_->policy()->SerializeAsString()); | |
188 VerifyPolicyMap(new_value); | |
189 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
190 } | |
191 | |
192 void VerifyStoreHasValidationError() { | |
193 EXPECT_FALSE(store_->policy()); | |
194 EXPECT_TRUE(store_->policy_map().empty()); | |
195 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | |
196 } | |
197 | |
198 void RunUntilIdle() { | |
199 loop_.RunUntilIdle(); | |
200 content::BrowserThread::GetBlockingPool()->FlushForTesting(); | |
85 loop_.RunUntilIdle(); | 201 loop_.RunUntilIdle(); |
86 } | 202 } |
87 | 203 |
88 // Verifies that store_->policy_map() has the ShowHomeButton entry. | 204 FilePath user_policy_dir() { |
89 void VerifyPolicyMap() { | 205 return tmp_dir_.path().AppendASCII("var_run_user_policy"); |
90 EXPECT_EQ(1U, store_->policy_map().size()); | 206 } |
91 const PolicyMap::Entry* entry = | 207 |
92 store_->policy_map().Get(key::kShowHomeButton); | 208 FilePath user_policy_key_file() { |
93 ASSERT_TRUE(entry); | 209 return user_policy_dir().AppendASCII(kSanitizedUsername) |
94 EXPECT_TRUE(base::FundamentalValue(true).Equals(entry->value)); | 210 .AppendASCII("policy.pub"); |
95 } | 211 } |
96 | 212 |
97 FilePath token_file() { | 213 FilePath token_file() { |
98 return tmp_dir_.path().AppendASCII("token"); | 214 return tmp_dir_.path().AppendASCII("token"); |
99 } | 215 } |
100 | 216 |
101 FilePath policy_file() { | 217 FilePath policy_file() { |
102 return tmp_dir_.path().AppendASCII("policy"); | 218 return tmp_dir_.path().AppendASCII("policy"); |
103 } | 219 } |
104 | 220 |
105 MessageLoop loop_; | 221 MessageLoop loop_; |
222 chromeos::MockCryptohomeClient cryptohome_client_; | |
106 chromeos::MockSessionManagerClient session_manager_client_; | 223 chromeos::MockSessionManagerClient session_manager_client_; |
107 UserPolicyBuilder policy_; | 224 UserPolicyBuilder policy_; |
108 MockCloudPolicyStoreObserver observer_; | 225 MockCloudPolicyStoreObserver observer_; |
109 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; | 226 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; |
110 | 227 |
111 private: | 228 private: |
112 content::TestBrowserThread ui_thread_; | 229 content::TestBrowserThread ui_thread_; |
113 content::TestBrowserThread file_thread_; | 230 content::TestBrowserThread file_thread_; |
114 base::ScopedTempDir tmp_dir_; | 231 base::ScopedTempDir tmp_dir_; |
115 | 232 |
116 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); | 233 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); |
117 }; | 234 }; |
118 | 235 |
119 TEST_F(UserCloudPolicyStoreChromeOSTest, Store) { | 236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
120 // Store policy. | 237 // Start without any public key to trigger the initial key checks. |
121 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 238 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); |
122 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 239 // Make the policy blob contain a new public key. |
123 .WillOnce(SaveArg<1>(&store_callback)); | 240 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
124 store_->Store(policy_.policy()); | 241 policy_.Build(); |
125 loop_.RunUntilIdle(); | 242 std::vector<uint8> new_public_key; |
126 Mock::VerifyAndClearExpectations(&session_manager_client_); | 243 policy_.GetNewPublicKey(&new_public_key); |
127 ASSERT_FALSE(store_callback.is_null()); | 244 ASSERT_NO_FATAL_FAILURE( |
245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | |
246 } | |
128 | 247 |
129 // No policy should be present yet. | 248 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
130 EXPECT_FALSE(store_->policy()); | 249 ASSERT_NO_FATAL_FAILURE( |
131 EXPECT_TRUE(store_->policy_map().empty()); | 250 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); |
132 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 251 } |
133 | 252 |
134 // Let the store operation complete. | 253 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
135 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 254 // Make the policy blob contain a new public key. |
136 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | 255 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
137 .WillOnce(SaveArg<0>(&retrieve_callback)); | 256 policy_.Build(); |
138 store_callback.Run(true); | 257 std::vector<uint8> new_public_key; |
139 loop_.RunUntilIdle(); | 258 policy_.GetNewPublicKey(&new_public_key); |
140 EXPECT_TRUE(store_->policy_map().empty()); | 259 ASSERT_NO_FATAL_FAILURE( |
141 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 260 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
142 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
143 ASSERT_FALSE(retrieve_callback.is_null()); | |
144 | |
145 // Finish the retrieve callback. | |
146 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
147 retrieve_callback.Run(policy_.GetBlob()); | |
148 loop_.RunUntilIdle(); | |
149 ASSERT_TRUE(store_->policy()); | |
150 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | |
151 store_->policy()->SerializeAsString()); | |
152 VerifyPolicyMap(); | |
153 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
154 } | 261 } |
155 | 262 |
156 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 263 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
157 // Store policy. | 264 // Store policy. |
158 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 265 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
159 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 266 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
160 .WillOnce(SaveArg<1>(&store_callback)); | 267 .WillOnce(SaveArg<1>(&store_callback)); |
161 store_->Store(policy_.policy()); | 268 store_->Store(policy_.policy()); |
162 loop_.RunUntilIdle(); | 269 RunUntilIdle(); |
163 Mock::VerifyAndClearExpectations(&session_manager_client_); | 270 Mock::VerifyAndClearExpectations(&session_manager_client_); |
164 ASSERT_FALSE(store_callback.is_null()); | 271 ASSERT_FALSE(store_callback.is_null()); |
165 | 272 |
166 // Let the store operation complete. | 273 // Let the store operation complete. |
167 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 274 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
168 store_callback.Run(false); | 275 store_callback.Run(false); |
169 loop_.RunUntilIdle(); | 276 RunUntilIdle(); |
170 EXPECT_FALSE(store_->policy()); | 277 EXPECT_FALSE(store_->policy()); |
171 EXPECT_TRUE(store_->policy_map().empty()); | 278 EXPECT_TRUE(store_->policy_map().empty()); |
172 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 279 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
173 } | 280 } |
174 | 281 |
175 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 282 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
176 policy_.policy_data().clear_policy_type(); | 283 policy_.policy_data().clear_policy_type(); |
177 policy_.Build(); | 284 policy_.Build(); |
178 | 285 |
179 // Store policy. | 286 // Store policy. |
180 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 287 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
181 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 288 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
182 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 289 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
183 .Times(0); | 290 .Times(0); |
184 store_->Store(policy_.policy()); | 291 store_->Store(policy_.policy()); |
185 loop_.RunUntilIdle(); | 292 RunUntilIdle(); |
186 Mock::VerifyAndClearExpectations(&session_manager_client_); | 293 Mock::VerifyAndClearExpectations(&session_manager_client_); |
187 } | 294 } |
188 | 295 |
296 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | |
297 // Make the dbus call to cryptohome fail. | |
298 Mock::VerifyAndClearExpectations(&cryptohome_client_); | |
299 EXPECT_CALL(cryptohome_client_, | |
300 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) | |
301 .Times(AnyNumber()) | |
302 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | |
303 std::string())); | |
304 | |
305 // Store policy. | |
306 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | |
307 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
308 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | |
309 .Times(0); | |
310 store_->Store(policy_.policy()); | |
311 RunUntilIdle(); | |
312 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
313 } | |
314 | |
315 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | |
316 // Break the signature. | |
317 policy_.policy().mutable_policy_data_signature()->append("garbage"); | |
318 | |
319 // Store policy. | |
320 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | |
321 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
322 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | |
323 .Times(0); | |
324 store_->Store(policy_.policy()); | |
325 RunUntilIdle(); | |
326 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
327 } | |
328 | |
189 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 329 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 330 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
191 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 331 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
192 Mock::VerifyAndClearExpectations(&observer_); | 332 Mock::VerifyAndClearExpectations(&observer_); |
193 | 333 |
194 // Verify that the policy has been loaded. | 334 // Verify that the policy has been loaded. |
195 ASSERT_TRUE(store_->policy()); | 335 ASSERT_TRUE(store_->policy()); |
196 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 336 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
197 store_->policy()->SerializeAsString()); | 337 store_->policy()->SerializeAsString()); |
198 VerifyPolicyMap(); | 338 VerifyPolicyMap(kDefaultHomepage); |
199 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 339 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
200 } | 340 } |
201 | 341 |
202 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 342 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
203 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 343 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
204 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 344 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
205 Mock::VerifyAndClearExpectations(&observer_); | 345 Mock::VerifyAndClearExpectations(&observer_); |
206 | 346 |
207 // Verify no policy has been installed. | 347 // Verify no policy has been installed. |
208 EXPECT_FALSE(store_->policy()); | 348 EXPECT_FALSE(store_->policy()); |
(...skipping 10 matching lines...) Expand all Loading... | |
219 EXPECT_TRUE(store_->policy_map().empty()); | 359 EXPECT_TRUE(store_->policy_map().empty()); |
220 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 360 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
221 } | 361 } |
222 | 362 |
223 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { | 363 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { |
224 policy_.policy_data().clear_policy_type(); | 364 policy_.policy_data().clear_policy_type(); |
225 policy_.Build(); | 365 policy_.Build(); |
226 | 366 |
227 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 367 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
228 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 368 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
369 VerifyStoreHasValidationError(); | |
370 } | |
229 | 371 |
230 // Verify no policy has been installed. | 372 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { |
231 EXPECT_FALSE(store_->policy()); | 373 // The loaded policy can't be verified without the public key. |
232 EXPECT_TRUE(store_->policy_map().empty()); | 374 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); |
233 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 375 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
376 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | |
377 VerifyStoreHasValidationError(); | |
378 } | |
379 | |
380 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | |
381 // Break the signature. | |
382 policy_.policy().mutable_policy_data_signature()->append("garbage"); | |
383 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | |
384 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | |
385 VerifyStoreHasValidationError(); | |
234 } | 386 } |
235 | 387 |
236 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | 388 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { |
237 std::string data; | 389 std::string data; |
238 | 390 |
239 em::DeviceCredentials credentials; | 391 em::DeviceCredentials credentials; |
240 credentials.set_device_token(kLegacyToken); | 392 credentials.set_device_token(kLegacyToken); |
241 credentials.set_device_id(kLegacyDeviceId); | 393 credentials.set_device_id(kLegacyDeviceId); |
242 ASSERT_TRUE(credentials.SerializeToString(&data)); | 394 ASSERT_TRUE(credentials.SerializeToString(&data)); |
243 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); | 395 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); |
(...skipping 10 matching lines...) Expand all Loading... | |
254 // Verify that legacy user policy and token have been loaded. | 406 // Verify that legacy user policy and token have been loaded. |
255 em::PolicyData expected_policy_data; | 407 em::PolicyData expected_policy_data; |
256 EXPECT_TRUE(expected_policy_data.ParseFromString( | 408 EXPECT_TRUE(expected_policy_data.ParseFromString( |
257 cached_policy.cloud_policy().policy_data())); | 409 cached_policy.cloud_policy().policy_data())); |
258 expected_policy_data.clear_public_key_version(); | 410 expected_policy_data.clear_public_key_version(); |
259 expected_policy_data.set_request_token(kLegacyToken); | 411 expected_policy_data.set_request_token(kLegacyToken); |
260 expected_policy_data.set_device_id(kLegacyDeviceId); | 412 expected_policy_data.set_device_id(kLegacyDeviceId); |
261 ASSERT_TRUE(store_->policy()); | 413 ASSERT_TRUE(store_->policy()); |
262 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 414 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
263 store_->policy()->SerializeAsString()); | 415 store_->policy()->SerializeAsString()); |
264 VerifyPolicyMap(); | 416 VerifyPolicyMap(kDefaultHomepage); |
265 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 417 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
266 }; | 418 } |
267 | 419 |
268 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { | 420 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { |
269 std::string data; | 421 std::string data; |
270 testing::Sequence seq; | 422 testing::Sequence seq; |
271 | 423 |
272 em::CachedCloudPolicyResponse cached_policy; | 424 em::CachedCloudPolicyResponse cached_policy; |
273 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 425 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
274 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 426 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
275 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); | 427 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); |
276 | 428 |
277 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 429 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
278 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 430 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
279 Mock::VerifyAndClearExpectations(&observer_); | 431 Mock::VerifyAndClearExpectations(&observer_); |
280 | 432 |
281 // Verify the legacy cache has been loaded. | 433 // Verify the legacy cache has been loaded. |
282 em::PolicyData expected_policy_data; | 434 em::PolicyData expected_policy_data; |
283 EXPECT_TRUE(expected_policy_data.ParseFromString( | 435 EXPECT_TRUE(expected_policy_data.ParseFromString( |
284 cached_policy.cloud_policy().policy_data())); | 436 cached_policy.cloud_policy().policy_data())); |
285 expected_policy_data.clear_public_key_version(); | 437 expected_policy_data.clear_public_key_version(); |
286 ASSERT_TRUE(store_->policy()); | 438 ASSERT_TRUE(store_->policy()); |
287 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 439 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
288 store_->policy()->SerializeAsString()); | 440 store_->policy()->SerializeAsString()); |
289 VerifyPolicyMap(); | 441 VerifyPolicyMap(kDefaultHomepage); |
290 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 442 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
291 }; | 443 } |
292 | 444 |
293 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { | 445 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { |
294 std::string data; | 446 std::string data; |
295 | 447 |
296 em::DeviceCredentials credentials; | 448 em::DeviceCredentials credentials; |
297 credentials.set_device_token(kLegacyToken); | 449 credentials.set_device_token(kLegacyToken); |
298 credentials.set_device_id(kLegacyDeviceId); | 450 credentials.set_device_id(kLegacyDeviceId); |
299 ASSERT_TRUE(credentials.SerializeToString(&data)); | 451 ASSERT_TRUE(credentials.SerializeToString(&data)); |
300 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); | 452 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); |
301 | 453 |
302 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 454 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
303 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 455 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
304 Mock::VerifyAndClearExpectations(&observer_); | 456 Mock::VerifyAndClearExpectations(&observer_); |
305 | 457 |
306 // Verify that legacy user policy and token have been loaded. | 458 // Verify that legacy user policy and token have been loaded. |
307 em::PolicyData expected_policy_data; | 459 em::PolicyData expected_policy_data; |
308 expected_policy_data.set_request_token(kLegacyToken); | 460 expected_policy_data.set_request_token(kLegacyToken); |
309 expected_policy_data.set_device_id(kLegacyDeviceId); | 461 expected_policy_data.set_device_id(kLegacyDeviceId); |
310 ASSERT_TRUE(store_->policy()); | 462 ASSERT_TRUE(store_->policy()); |
311 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 463 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
312 store_->policy()->SerializeAsString()); | 464 store_->policy()->SerializeAsString()); |
313 EXPECT_TRUE(store_->policy_map().empty()); | 465 EXPECT_TRUE(store_->policy_map().empty()); |
314 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 466 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
315 }; | 467 } |
468 | |
469 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { | |
470 // Start without an existing public key. | |
471 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); | |
472 | |
473 std::string data; | |
474 testing::Sequence seq; | |
Mattias Nissler (ping if slow)
2013/02/08 13:36:42
Not used.
Joao da Silva
2013/02/08 16:47:04
Done.
| |
475 | |
476 em::CachedCloudPolicyResponse cached_policy; | |
477 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | |
478 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | |
479 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); | |
480 | |
481 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
482 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | |
483 Mock::VerifyAndClearExpectations(&observer_); | |
484 | |
485 // Verify the legacy cache has been loaded. | |
486 em::PolicyData expected_policy_data; | |
487 EXPECT_TRUE(expected_policy_data.ParseFromString( | |
488 cached_policy.cloud_policy().policy_data())); | |
489 expected_policy_data.clear_public_key_version(); | |
490 ASSERT_TRUE(store_->policy()); | |
491 EXPECT_EQ(expected_policy_data.SerializeAsString(), | |
492 store_->policy()->SerializeAsString()); | |
493 VerifyPolicyMap(kDefaultHomepage); | |
494 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
495 EXPECT_TRUE(file_util::PathExists(policy_file())); | |
496 | |
497 // Now store a new policy using the new homepage location. | |
498 const char kNewHomepage[] = "http://google.com"; | |
499 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage); | |
500 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); | |
501 policy_.Build(); | |
502 std::vector<uint8> new_public_key; | |
503 policy_.GetNewPublicKey(&new_public_key); | |
504 ASSERT_NO_FATAL_FAILURE( | |
505 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage)); | |
506 VerifyPolicyMap(kNewHomepage); | |
507 | |
508 // Verify that the legacy cache has been removed. | |
509 EXPECT_FALSE(file_util::PathExists(policy_file())); | |
510 } | |
316 | 511 |
317 } // namespace | 512 } // namespace |
318 | 513 |
319 } // namespace policy | 514 } // namespace policy |
OLD | NEW |