Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Side by Side Diff: chrome/browser/policy/user_cloud_policy_store_chromeos_unittest.cc

Issue 12183017: Verify the signature on user cloud policy downloads. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebased Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/policy/user_cloud_policy_store_chromeos.cc ('k') | chrome/common/chrome_paths.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" 5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h"
6 6
7 #include <vector>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
7 #include "base/file_util.h" 11 #include "base/file_util.h"
8 #include "base/files/scoped_temp_dir.h" 12 #include "base/files/scoped_temp_dir.h"
9 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/scoped_ptr.h"
10 #include "base/message_loop.h" 14 #include "base/message_loop.h"
15 #include "base/threading/sequenced_worker_pool.h"
11 #include "chrome/browser/policy/cloud_policy_constants.h" 16 #include "chrome/browser/policy/cloud_policy_constants.h"
12 #include "chrome/browser/policy/mock_cloud_policy_store.h" 17 #include "chrome/browser/policy/mock_cloud_policy_store.h"
13 #include "chrome/browser/policy/policy_builder.h" 18 #include "chrome/browser/policy/policy_builder.h"
14 #include "chrome/browser/policy/proto/cloud_policy.pb.h" 19 #include "chrome/browser/policy/proto/cloud_policy.pb.h"
15 #include "chrome/browser/policy/proto/device_management_local.pb.h" 20 #include "chrome/browser/policy/proto/device_management_local.pb.h"
21 #include "chromeos/dbus/mock_cryptohome_client.h"
16 #include "chromeos/dbus/mock_session_manager_client.h" 22 #include "chromeos/dbus/mock_session_manager_client.h"
17 #include "content/public/test/test_browser_thread.h" 23 #include "content/public/test/test_browser_thread.h"
18 #include "policy/policy_constants.h" 24 #include "policy/policy_constants.h"
19 #include "testing/gmock/include/gmock/gmock.h" 25 #include "testing/gmock/include/gmock/gmock.h"
20 #include "testing/gtest/include/gtest/gtest.h" 26 #include "testing/gtest/include/gtest/gtest.h"
21 27
22 namespace em = enterprise_management; 28 namespace em = enterprise_management;
23 29
24 using testing::AllOf; 30 using testing::AllOf;
31 using testing::AnyNumber;
25 using testing::Eq; 32 using testing::Eq;
26 using testing::Mock; 33 using testing::Mock;
27 using testing::Property; 34 using testing::Property;
28 using testing::SaveArg; 35 using testing::SaveArg;
29 using testing::_; 36 using testing::_;
30 37
31 namespace policy { 38 namespace policy {
32 39
33 namespace { 40 namespace {
34 41
35 const char kLegacyDeviceId[] = "legacy-device-id"; 42 const char kLegacyDeviceId[] = "legacy-device-id";
36 const char kLegacyToken[] = "legacy-token"; 43 const char kLegacyToken[] = "legacy-token";
44 const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678";
45 const char kDefaultHomepage[] = "http://chromium.org";
46
47 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) {
48 MessageLoop::current()->PostTask(
49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username));
50 }
37 51
38 class UserCloudPolicyStoreChromeOSTest : public testing::Test { 52 class UserCloudPolicyStoreChromeOSTest : public testing::Test {
39 protected: 53 protected:
40 UserCloudPolicyStoreChromeOSTest() 54 UserCloudPolicyStoreChromeOSTest()
41 : loop_(MessageLoop::TYPE_UI), 55 : loop_(MessageLoop::TYPE_UI),
42 ui_thread_(content::BrowserThread::UI, &loop_), 56 ui_thread_(content::BrowserThread::UI, &loop_),
43 file_thread_(content::BrowserThread::FILE, &loop_) {} 57 file_thread_(content::BrowserThread::FILE, &loop_) {}
44 58
45 virtual void SetUp() OVERRIDE { 59 virtual void SetUp() OVERRIDE {
60 EXPECT_CALL(cryptohome_client_,
61 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
62 .Times(AnyNumber())
63 .WillRepeatedly(
64 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS,
65 kSanitizedUsername));
66
46 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); 67 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir());
47 store_.reset(new UserCloudPolicyStoreChromeOS(&session_manager_client_, 68 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_,
69 &session_manager_client_,
48 PolicyBuilder::kFakeUsername, 70 PolicyBuilder::kFakeUsername,
71 user_policy_dir(),
49 token_file(), 72 token_file(),
50 policy_file())); 73 policy_file()));
51 store_->AddObserver(&observer_); 74 store_->AddObserver(&observer_);
52 75
53 policy_.payload().mutable_showhomebutton()->set_value(true); 76 // Install the initial public key, so that by default the validation of
77 // the stored/loaded policy blob succeeds.
78 std::vector<uint8> public_key;
79 ASSERT_TRUE(policy_.signing_key()->ExportPublicKey(&public_key));
80 StoreUserPolicyKey(public_key);
81
82 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage);
54 policy_.Build(); 83 policy_.Build();
55 } 84 }
56 85
57 virtual void TearDown() OVERRIDE { 86 virtual void TearDown() OVERRIDE {
58 store_->RemoveObserver(&observer_); 87 store_->RemoveObserver(&observer_);
59 store_.reset(); 88 store_.reset();
60 loop_.RunUntilIdle(); 89 RunUntilIdle();
61 } 90 }
62 91
63 // Install an expectation on |observer_| for an error code. 92 // Install an expectation on |observer_| for an error code.
64 void ExpectError(CloudPolicyStore::Status error) { 93 void ExpectError(CloudPolicyStore::Status error) {
65 EXPECT_CALL(observer_, 94 EXPECT_CALL(observer_,
66 OnStoreError(AllOf(Eq(store_.get()), 95 OnStoreError(AllOf(Eq(store_.get()),
67 Property(&CloudPolicyStore::status, 96 Property(&CloudPolicyStore::status,
68 Eq(error))))); 97 Eq(error)))));
69 } 98 }
70 99
71 // Triggers a store_->Load() operation, handles the expected call to 100 // Triggers a store_->Load() operation, handles the expected call to
72 // |session_manager_client_| and sends |response|. 101 // |session_manager_client_| and sends |response|.
73 void PerformPolicyLoad(const std::string& response) { 102 void PerformPolicyLoad(const std::string& response) {
74 // Issue a load command. 103 // Issue a load command.
75 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; 104 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
76 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) 105 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_))
77 .WillOnce(SaveArg<0>(&retrieve_callback)); 106 .WillOnce(SaveArg<0>(&retrieve_callback));
78 store_->Load(); 107 store_->Load();
79 loop_.RunUntilIdle(); 108 RunUntilIdle();
80 Mock::VerifyAndClearExpectations(&session_manager_client_); 109 Mock::VerifyAndClearExpectations(&session_manager_client_);
81 ASSERT_FALSE(retrieve_callback.is_null()); 110 ASSERT_FALSE(retrieve_callback.is_null());
82 111
83 // Run the callback. 112 // Run the callback.
84 retrieve_callback.Run(response); 113 retrieve_callback.Run(response);
114 RunUntilIdle();
115 }
116
117 // Verifies that store_->policy_map() has the HomepageLocation entry with
118 // the |expected_value|.
119 void VerifyPolicyMap(const char* expected_value) {
120 EXPECT_EQ(1U, store_->policy_map().size());
121 const PolicyMap::Entry* entry =
122 store_->policy_map().Get(key::kHomepageLocation);
123 ASSERT_TRUE(entry);
124 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value));
125 }
126
127 void StoreUserPolicyKey(const std::vector<uint8>& public_key) {
128 ASSERT_TRUE(file_util::CreateDirectory(user_policy_key_file().DirName()));
129 ASSERT_TRUE(
130 file_util::WriteFile(user_policy_key_file(),
131 reinterpret_cast<const char*>(public_key.data()),
132 public_key.size()));
133 }
134
135 // Stores the current |policy_| and verifies that it is published.
136 // If |new_public_key| is set then it will be persisted after storing but
137 // before loading the policy, so that the signature validation can succeed.
138 // If |previous_value| is set then a previously existing policy with that
139 // value will be expected; otherwise no previous policy is expected.
140 // If |new_value| is set then a new policy with that value is expected after
141 // storing the |policy_| blob.
142 void PerformStorePolicy(const std::vector<uint8>* new_public_key,
143 const char* previous_value,
144 const char* new_value) {
145 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
146 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
147 .WillOnce(SaveArg<1>(&store_callback));
148 store_->Store(policy_.policy());
149 RunUntilIdle();
150 Mock::VerifyAndClearExpectations(&session_manager_client_);
151 ASSERT_FALSE(store_callback.is_null());
152
153 // The new policy shouldn't be present yet.
154 PolicyMap previous_policy;
155 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL);
156 if (previous_value) {
157 previous_policy.Set(key::kHomepageLocation,
158 POLICY_LEVEL_MANDATORY,
159 POLICY_SCOPE_USER,
160 base::Value::CreateStringValue(previous_value));
161 }
162 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
163 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
164
165 // Store the new public key so that the validation after the retrieve
166 // operation completes can verify the signature.
167 if (new_public_key)
168 StoreUserPolicyKey(*new_public_key);
169
170 // Let the store operation complete.
171 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
172 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_))
173 .WillOnce(SaveArg<0>(&retrieve_callback));
174 store_callback.Run(true);
175 RunUntilIdle();
176 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
177 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
178 Mock::VerifyAndClearExpectations(&session_manager_client_);
179 ASSERT_FALSE(retrieve_callback.is_null());
180
181 // Finish the retrieve callback.
182 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
183 retrieve_callback.Run(policy_.GetBlob());
184 RunUntilIdle();
185 ASSERT_TRUE(store_->policy());
186 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
187 store_->policy()->SerializeAsString());
188 VerifyPolicyMap(new_value);
189 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
190 }
191
192 void VerifyStoreHasValidationError() {
193 EXPECT_FALSE(store_->policy());
194 EXPECT_TRUE(store_->policy_map().empty());
195 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
196 }
197
198 void RunUntilIdle() {
199 loop_.RunUntilIdle();
200 content::BrowserThread::GetBlockingPool()->FlushForTesting();
85 loop_.RunUntilIdle(); 201 loop_.RunUntilIdle();
86 } 202 }
87 203
88 // Verifies that store_->policy_map() has the ShowHomeButton entry. 204 base::FilePath user_policy_dir() {
89 void VerifyPolicyMap() { 205 return tmp_dir_.path().AppendASCII("var_run_user_policy");
90 EXPECT_EQ(1U, store_->policy_map().size()); 206 }
91 const PolicyMap::Entry* entry = 207
92 store_->policy_map().Get(key::kShowHomeButton); 208 base::FilePath user_policy_key_file() {
93 ASSERT_TRUE(entry); 209 return user_policy_dir().AppendASCII(kSanitizedUsername)
94 EXPECT_TRUE(base::FundamentalValue(true).Equals(entry->value)); 210 .AppendASCII("policy.pub");
95 } 211 }
96 212
97 base::FilePath token_file() { 213 base::FilePath token_file() {
98 return tmp_dir_.path().AppendASCII("token"); 214 return tmp_dir_.path().AppendASCII("token");
99 } 215 }
100 216
101 base::FilePath policy_file() { 217 base::FilePath policy_file() {
102 return tmp_dir_.path().AppendASCII("policy"); 218 return tmp_dir_.path().AppendASCII("policy");
103 } 219 }
104 220
105 MessageLoop loop_; 221 MessageLoop loop_;
222 chromeos::MockCryptohomeClient cryptohome_client_;
106 chromeos::MockSessionManagerClient session_manager_client_; 223 chromeos::MockSessionManagerClient session_manager_client_;
107 UserPolicyBuilder policy_; 224 UserPolicyBuilder policy_;
108 MockCloudPolicyStoreObserver observer_; 225 MockCloudPolicyStoreObserver observer_;
109 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; 226 scoped_ptr<UserCloudPolicyStoreChromeOS> store_;
110 227
111 private: 228 private:
112 content::TestBrowserThread ui_thread_; 229 content::TestBrowserThread ui_thread_;
113 content::TestBrowserThread file_thread_; 230 content::TestBrowserThread file_thread_;
114 base::ScopedTempDir tmp_dir_; 231 base::ScopedTempDir tmp_dir_;
115 232
116 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); 233 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest);
117 }; 234 };
118 235
119 TEST_F(UserCloudPolicyStoreChromeOSTest, Store) { 236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) {
120 // Store policy. 237 // Start without any public key to trigger the initial key checks.
121 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 238 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false));
122 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) 239 // Make the policy blob contain a new public key.
123 .WillOnce(SaveArg<1>(&store_callback)); 240 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey());
124 store_->Store(policy_.policy()); 241 policy_.Build();
125 loop_.RunUntilIdle(); 242 std::vector<uint8> new_public_key;
126 Mock::VerifyAndClearExpectations(&session_manager_client_); 243 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key));
127 ASSERT_FALSE(store_callback.is_null()); 244 ASSERT_NO_FATAL_FAILURE(
245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
246 }
128 247
129 // No policy should be present yet. 248 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) {
130 EXPECT_FALSE(store_->policy()); 249 ASSERT_NO_FATAL_FAILURE(
131 EXPECT_TRUE(store_->policy_map().empty()); 250 PerformStorePolicy(NULL, NULL, kDefaultHomepage));
132 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 251 }
133 252
134 // Let the store operation complete. 253 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
135 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; 254 // Make the policy blob contain a new public key.
136 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) 255 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey());
137 .WillOnce(SaveArg<0>(&retrieve_callback)); 256 policy_.Build();
138 store_callback.Run(true); 257 std::vector<uint8> new_public_key;
139 loop_.RunUntilIdle(); 258 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key));
140 EXPECT_TRUE(store_->policy_map().empty()); 259 ASSERT_NO_FATAL_FAILURE(
141 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 260 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
142 Mock::VerifyAndClearExpectations(&session_manager_client_);
143 ASSERT_FALSE(retrieve_callback.is_null());
144
145 // Finish the retrieve callback.
146 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
147 retrieve_callback.Run(policy_.GetBlob());
148 loop_.RunUntilIdle();
149 ASSERT_TRUE(store_->policy());
150 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
151 store_->policy()->SerializeAsString());
152 VerifyPolicyMap();
153 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
154 } 261 }
155 262
156 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { 263 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
157 // Store policy. 264 // Store policy.
158 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 265 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
159 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) 266 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
160 .WillOnce(SaveArg<1>(&store_callback)); 267 .WillOnce(SaveArg<1>(&store_callback));
161 store_->Store(policy_.policy()); 268 store_->Store(policy_.policy());
162 loop_.RunUntilIdle(); 269 RunUntilIdle();
163 Mock::VerifyAndClearExpectations(&session_manager_client_); 270 Mock::VerifyAndClearExpectations(&session_manager_client_);
164 ASSERT_FALSE(store_callback.is_null()); 271 ASSERT_FALSE(store_callback.is_null());
165 272
166 // Let the store operation complete. 273 // Let the store operation complete.
167 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); 274 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR);
168 store_callback.Run(false); 275 store_callback.Run(false);
169 loop_.RunUntilIdle(); 276 RunUntilIdle();
170 EXPECT_FALSE(store_->policy()); 277 EXPECT_FALSE(store_->policy());
171 EXPECT_TRUE(store_->policy_map().empty()); 278 EXPECT_TRUE(store_->policy_map().empty());
172 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); 279 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status());
173 } 280 }
174 281
175 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { 282 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
176 policy_.policy_data().clear_policy_type(); 283 policy_.policy_data().clear_policy_type();
177 policy_.Build(); 284 policy_.Build();
178 285
179 // Store policy. 286 // Store policy.
180 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 287 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
181 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 288 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
182 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) 289 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
183 .Times(0); 290 .Times(0);
184 store_->Store(policy_.policy()); 291 store_->Store(policy_.policy());
185 loop_.RunUntilIdle(); 292 RunUntilIdle();
186 Mock::VerifyAndClearExpectations(&session_manager_client_); 293 Mock::VerifyAndClearExpectations(&session_manager_client_);
187 } 294 }
188 295
296 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
297 // Make the dbus call to cryptohome fail.
298 Mock::VerifyAndClearExpectations(&cryptohome_client_);
299 EXPECT_CALL(cryptohome_client_,
300 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
301 .Times(AnyNumber())
302 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE,
303 std::string()));
304
305 // Store policy.
306 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
307 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
308 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
309 .Times(0);
310 store_->Store(policy_.policy());
311 RunUntilIdle();
312 Mock::VerifyAndClearExpectations(&session_manager_client_);
313 }
314
315 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
316 // Break the signature.
317 policy_.policy().mutable_policy_data_signature()->append("garbage");
318
319 // Store policy.
320 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
321 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
322 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _))
323 .Times(0);
324 store_->Store(policy_.policy());
325 RunUntilIdle();
326 Mock::VerifyAndClearExpectations(&session_manager_client_);
327 }
328
189 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { 329 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 330 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
191 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 331 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
192 Mock::VerifyAndClearExpectations(&observer_); 332 Mock::VerifyAndClearExpectations(&observer_);
193 333
194 // Verify that the policy has been loaded. 334 // Verify that the policy has been loaded.
195 ASSERT_TRUE(store_->policy()); 335 ASSERT_TRUE(store_->policy());
196 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 336 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
197 store_->policy()->SerializeAsString()); 337 store_->policy()->SerializeAsString());
198 VerifyPolicyMap(); 338 VerifyPolicyMap(kDefaultHomepage);
199 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 339 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
200 } 340 }
201 341
202 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 342 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
203 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 343 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
204 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 344 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
205 Mock::VerifyAndClearExpectations(&observer_); 345 Mock::VerifyAndClearExpectations(&observer_);
206 346
207 // Verify no policy has been installed. 347 // Verify no policy has been installed.
208 EXPECT_FALSE(store_->policy()); 348 EXPECT_FALSE(store_->policy());
(...skipping 10 matching lines...) Expand all
219 EXPECT_TRUE(store_->policy_map().empty()); 359 EXPECT_TRUE(store_->policy_map().empty());
220 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); 360 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
221 } 361 }
222 362
223 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { 363 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) {
224 policy_.policy_data().clear_policy_type(); 364 policy_.policy_data().clear_policy_type();
225 policy_.Build(); 365 policy_.Build();
226 366
227 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 367 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
228 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 368 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
369 VerifyStoreHasValidationError();
370 }
229 371
230 // Verify no policy has been installed. 372 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
231 EXPECT_FALSE(store_->policy()); 373 // The loaded policy can't be verified without the public key.
232 EXPECT_TRUE(store_->policy_map().empty()); 374 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false));
233 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 375 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
376 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
377 VerifyStoreHasValidationError();
378 }
379
380 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
381 // Break the signature.
382 policy_.policy().mutable_policy_data_signature()->append("garbage");
383 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
384 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
385 VerifyStoreHasValidationError();
234 } 386 }
235 387
236 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { 388 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) {
237 std::string data; 389 std::string data;
238 390
239 em::DeviceCredentials credentials; 391 em::DeviceCredentials credentials;
240 credentials.set_device_token(kLegacyToken); 392 credentials.set_device_token(kLegacyToken);
241 credentials.set_device_id(kLegacyDeviceId); 393 credentials.set_device_id(kLegacyDeviceId);
242 ASSERT_TRUE(credentials.SerializeToString(&data)); 394 ASSERT_TRUE(credentials.SerializeToString(&data));
243 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); 395 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size()));
(...skipping 10 matching lines...) Expand all
254 // Verify that legacy user policy and token have been loaded. 406 // Verify that legacy user policy and token have been loaded.
255 em::PolicyData expected_policy_data; 407 em::PolicyData expected_policy_data;
256 EXPECT_TRUE(expected_policy_data.ParseFromString( 408 EXPECT_TRUE(expected_policy_data.ParseFromString(
257 cached_policy.cloud_policy().policy_data())); 409 cached_policy.cloud_policy().policy_data()));
258 expected_policy_data.clear_public_key_version(); 410 expected_policy_data.clear_public_key_version();
259 expected_policy_data.set_request_token(kLegacyToken); 411 expected_policy_data.set_request_token(kLegacyToken);
260 expected_policy_data.set_device_id(kLegacyDeviceId); 412 expected_policy_data.set_device_id(kLegacyDeviceId);
261 ASSERT_TRUE(store_->policy()); 413 ASSERT_TRUE(store_->policy());
262 EXPECT_EQ(expected_policy_data.SerializeAsString(), 414 EXPECT_EQ(expected_policy_data.SerializeAsString(),
263 store_->policy()->SerializeAsString()); 415 store_->policy()->SerializeAsString());
264 VerifyPolicyMap(); 416 VerifyPolicyMap(kDefaultHomepage);
265 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 417 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
266 }; 418 }
267 419
268 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { 420 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) {
269 std::string data; 421 std::string data;
270 testing::Sequence seq; 422 testing::Sequence seq;
271 423
272 em::CachedCloudPolicyResponse cached_policy; 424 em::CachedCloudPolicyResponse cached_policy;
273 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); 425 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
274 ASSERT_TRUE(cached_policy.SerializeToString(&data)); 426 ASSERT_TRUE(cached_policy.SerializeToString(&data));
275 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); 427 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
276 428
277 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 429 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
278 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 430 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
279 Mock::VerifyAndClearExpectations(&observer_); 431 Mock::VerifyAndClearExpectations(&observer_);
280 432
281 // Verify the legacy cache has been loaded. 433 // Verify the legacy cache has been loaded.
282 em::PolicyData expected_policy_data; 434 em::PolicyData expected_policy_data;
283 EXPECT_TRUE(expected_policy_data.ParseFromString( 435 EXPECT_TRUE(expected_policy_data.ParseFromString(
284 cached_policy.cloud_policy().policy_data())); 436 cached_policy.cloud_policy().policy_data()));
285 expected_policy_data.clear_public_key_version(); 437 expected_policy_data.clear_public_key_version();
286 ASSERT_TRUE(store_->policy()); 438 ASSERT_TRUE(store_->policy());
287 EXPECT_EQ(expected_policy_data.SerializeAsString(), 439 EXPECT_EQ(expected_policy_data.SerializeAsString(),
288 store_->policy()->SerializeAsString()); 440 store_->policy()->SerializeAsString());
289 VerifyPolicyMap(); 441 VerifyPolicyMap(kDefaultHomepage);
290 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 442 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
291 }; 443 }
292 444
293 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { 445 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) {
294 std::string data; 446 std::string data;
295 447
296 em::DeviceCredentials credentials; 448 em::DeviceCredentials credentials;
297 credentials.set_device_token(kLegacyToken); 449 credentials.set_device_token(kLegacyToken);
298 credentials.set_device_id(kLegacyDeviceId); 450 credentials.set_device_id(kLegacyDeviceId);
299 ASSERT_TRUE(credentials.SerializeToString(&data)); 451 ASSERT_TRUE(credentials.SerializeToString(&data));
300 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); 452 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size()));
301 453
302 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 454 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
303 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 455 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
304 Mock::VerifyAndClearExpectations(&observer_); 456 Mock::VerifyAndClearExpectations(&observer_);
305 457
306 // Verify that legacy user policy and token have been loaded. 458 // Verify that legacy user policy and token have been loaded.
307 em::PolicyData expected_policy_data; 459 em::PolicyData expected_policy_data;
308 expected_policy_data.set_request_token(kLegacyToken); 460 expected_policy_data.set_request_token(kLegacyToken);
309 expected_policy_data.set_device_id(kLegacyDeviceId); 461 expected_policy_data.set_device_id(kLegacyDeviceId);
310 ASSERT_TRUE(store_->policy()); 462 ASSERT_TRUE(store_->policy());
311 EXPECT_EQ(expected_policy_data.SerializeAsString(), 463 EXPECT_EQ(expected_policy_data.SerializeAsString(),
312 store_->policy()->SerializeAsString()); 464 store_->policy()->SerializeAsString());
313 EXPECT_TRUE(store_->policy_map().empty()); 465 EXPECT_TRUE(store_->policy_map().empty());
314 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 466 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
315 }; 467 }
468
469 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) {
470 // Start without an existing public key.
471 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false));
472
473 std::string data;
474 em::CachedCloudPolicyResponse cached_policy;
475 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
476 ASSERT_TRUE(cached_policy.SerializeToString(&data));
477 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
478
479 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
480 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
481 Mock::VerifyAndClearExpectations(&observer_);
482
483 // Verify the legacy cache has been loaded.
484 em::PolicyData expected_policy_data;
485 EXPECT_TRUE(expected_policy_data.ParseFromString(
486 cached_policy.cloud_policy().policy_data()));
487 expected_policy_data.clear_public_key_version();
488 ASSERT_TRUE(store_->policy());
489 EXPECT_EQ(expected_policy_data.SerializeAsString(),
490 store_->policy()->SerializeAsString());
491 VerifyPolicyMap(kDefaultHomepage);
492 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
493 EXPECT_TRUE(file_util::PathExists(policy_file()));
494
495 // Now store a new policy using the new homepage location.
496 const char kNewHomepage[] = "http://google.com";
497 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage);
498 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey());
499 policy_.Build();
500 std::vector<uint8> new_public_key;
501 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key));
502 ASSERT_NO_FATAL_FAILURE(
503 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage));
504 VerifyPolicyMap(kNewHomepage);
505
506 // Verify that the legacy cache has been removed.
507 EXPECT_FALSE(file_util::PathExists(policy_file()));
508 }
316 509
317 } // namespace 510 } // namespace
318 511
319 } // namespace policy 512 } // namespace policy
OLDNEW
« no previous file with comments | « chrome/browser/policy/user_cloud_policy_store_chromeos.cc ('k') | chrome/common/chrome_paths.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698