OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/policy/user_cloud_policy_store_chromeos.h" |
6 | 6 |
| 7 #include <vector> |
| 8 |
| 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" |
7 #include "base/file_util.h" | 11 #include "base/file_util.h" |
8 #include "base/files/scoped_temp_dir.h" | 12 #include "base/files/scoped_temp_dir.h" |
9 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
10 #include "base/message_loop.h" | 14 #include "base/message_loop.h" |
| 15 #include "base/threading/sequenced_worker_pool.h" |
11 #include "chrome/browser/policy/cloud_policy_constants.h" | 16 #include "chrome/browser/policy/cloud_policy_constants.h" |
12 #include "chrome/browser/policy/mock_cloud_policy_store.h" | 17 #include "chrome/browser/policy/mock_cloud_policy_store.h" |
13 #include "chrome/browser/policy/policy_builder.h" | 18 #include "chrome/browser/policy/policy_builder.h" |
14 #include "chrome/browser/policy/proto/cloud_policy.pb.h" | 19 #include "chrome/browser/policy/proto/cloud_policy.pb.h" |
15 #include "chrome/browser/policy/proto/device_management_local.pb.h" | 20 #include "chrome/browser/policy/proto/device_management_local.pb.h" |
| 21 #include "chromeos/dbus/mock_cryptohome_client.h" |
16 #include "chromeos/dbus/mock_session_manager_client.h" | 22 #include "chromeos/dbus/mock_session_manager_client.h" |
17 #include "content/public/test/test_browser_thread.h" | 23 #include "content/public/test/test_browser_thread.h" |
18 #include "policy/policy_constants.h" | 24 #include "policy/policy_constants.h" |
19 #include "testing/gmock/include/gmock/gmock.h" | 25 #include "testing/gmock/include/gmock/gmock.h" |
20 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
21 | 27 |
22 namespace em = enterprise_management; | 28 namespace em = enterprise_management; |
23 | 29 |
24 using testing::AllOf; | 30 using testing::AllOf; |
| 31 using testing::AnyNumber; |
25 using testing::Eq; | 32 using testing::Eq; |
26 using testing::Mock; | 33 using testing::Mock; |
27 using testing::Property; | 34 using testing::Property; |
28 using testing::SaveArg; | 35 using testing::SaveArg; |
29 using testing::_; | 36 using testing::_; |
30 | 37 |
31 namespace policy { | 38 namespace policy { |
32 | 39 |
33 namespace { | 40 namespace { |
34 | 41 |
35 const char kLegacyDeviceId[] = "legacy-device-id"; | 42 const char kLegacyDeviceId[] = "legacy-device-id"; |
36 const char kLegacyToken[] = "legacy-token"; | 43 const char kLegacyToken[] = "legacy-token"; |
| 44 const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678"; |
| 45 const char kDefaultHomepage[] = "http://chromium.org"; |
| 46 |
| 47 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { |
| 48 MessageLoop::current()->PostTask( |
| 49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); |
| 50 } |
37 | 51 |
38 class UserCloudPolicyStoreChromeOSTest : public testing::Test { | 52 class UserCloudPolicyStoreChromeOSTest : public testing::Test { |
39 protected: | 53 protected: |
40 UserCloudPolicyStoreChromeOSTest() | 54 UserCloudPolicyStoreChromeOSTest() |
41 : loop_(MessageLoop::TYPE_UI), | 55 : loop_(MessageLoop::TYPE_UI), |
42 ui_thread_(content::BrowserThread::UI, &loop_), | 56 ui_thread_(content::BrowserThread::UI, &loop_), |
43 file_thread_(content::BrowserThread::FILE, &loop_) {} | 57 file_thread_(content::BrowserThread::FILE, &loop_) {} |
44 | 58 |
45 virtual void SetUp() OVERRIDE { | 59 virtual void SetUp() OVERRIDE { |
| 60 EXPECT_CALL(cryptohome_client_, |
| 61 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) |
| 62 .Times(AnyNumber()) |
| 63 .WillRepeatedly( |
| 64 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS, |
| 65 kSanitizedUsername)); |
| 66 |
46 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); | 67 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); |
47 store_.reset(new UserCloudPolicyStoreChromeOS(&session_manager_client_, | 68 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_, |
| 69 &session_manager_client_, |
48 PolicyBuilder::kFakeUsername, | 70 PolicyBuilder::kFakeUsername, |
| 71 user_policy_dir(), |
49 token_file(), | 72 token_file(), |
50 policy_file())); | 73 policy_file())); |
51 store_->AddObserver(&observer_); | 74 store_->AddObserver(&observer_); |
52 | 75 |
53 policy_.payload().mutable_showhomebutton()->set_value(true); | 76 // Install the initial public key, so that by default the validation of |
| 77 // the stored/loaded policy blob succeeds. |
| 78 std::vector<uint8> public_key; |
| 79 ASSERT_TRUE(policy_.signing_key()->ExportPublicKey(&public_key)); |
| 80 StoreUserPolicyKey(public_key); |
| 81 |
| 82 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); |
54 policy_.Build(); | 83 policy_.Build(); |
55 } | 84 } |
56 | 85 |
57 virtual void TearDown() OVERRIDE { | 86 virtual void TearDown() OVERRIDE { |
58 store_->RemoveObserver(&observer_); | 87 store_->RemoveObserver(&observer_); |
59 store_.reset(); | 88 store_.reset(); |
60 loop_.RunUntilIdle(); | 89 RunUntilIdle(); |
61 } | 90 } |
62 | 91 |
63 // Install an expectation on |observer_| for an error code. | 92 // Install an expectation on |observer_| for an error code. |
64 void ExpectError(CloudPolicyStore::Status error) { | 93 void ExpectError(CloudPolicyStore::Status error) { |
65 EXPECT_CALL(observer_, | 94 EXPECT_CALL(observer_, |
66 OnStoreError(AllOf(Eq(store_.get()), | 95 OnStoreError(AllOf(Eq(store_.get()), |
67 Property(&CloudPolicyStore::status, | 96 Property(&CloudPolicyStore::status, |
68 Eq(error))))); | 97 Eq(error))))); |
69 } | 98 } |
70 | 99 |
71 // Triggers a store_->Load() operation, handles the expected call to | 100 // Triggers a store_->Load() operation, handles the expected call to |
72 // |session_manager_client_| and sends |response|. | 101 // |session_manager_client_| and sends |response|. |
73 void PerformPolicyLoad(const std::string& response) { | 102 void PerformPolicyLoad(const std::string& response) { |
74 // Issue a load command. | 103 // Issue a load command. |
75 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 104 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
76 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | 105 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) |
77 .WillOnce(SaveArg<0>(&retrieve_callback)); | 106 .WillOnce(SaveArg<0>(&retrieve_callback)); |
78 store_->Load(); | 107 store_->Load(); |
79 loop_.RunUntilIdle(); | 108 RunUntilIdle(); |
80 Mock::VerifyAndClearExpectations(&session_manager_client_); | 109 Mock::VerifyAndClearExpectations(&session_manager_client_); |
81 ASSERT_FALSE(retrieve_callback.is_null()); | 110 ASSERT_FALSE(retrieve_callback.is_null()); |
82 | 111 |
83 // Run the callback. | 112 // Run the callback. |
84 retrieve_callback.Run(response); | 113 retrieve_callback.Run(response); |
| 114 RunUntilIdle(); |
| 115 } |
| 116 |
| 117 // Verifies that store_->policy_map() has the HomepageLocation entry with |
| 118 // the |expected_value|. |
| 119 void VerifyPolicyMap(const char* expected_value) { |
| 120 EXPECT_EQ(1U, store_->policy_map().size()); |
| 121 const PolicyMap::Entry* entry = |
| 122 store_->policy_map().Get(key::kHomepageLocation); |
| 123 ASSERT_TRUE(entry); |
| 124 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value)); |
| 125 } |
| 126 |
| 127 void StoreUserPolicyKey(const std::vector<uint8>& public_key) { |
| 128 ASSERT_TRUE(file_util::CreateDirectory(user_policy_key_file().DirName())); |
| 129 ASSERT_TRUE( |
| 130 file_util::WriteFile(user_policy_key_file(), |
| 131 reinterpret_cast<const char*>(public_key.data()), |
| 132 public_key.size())); |
| 133 } |
| 134 |
| 135 // Stores the current |policy_| and verifies that it is published. |
| 136 // If |new_public_key| is set then it will be persisted after storing but |
| 137 // before loading the policy, so that the signature validation can succeed. |
| 138 // If |previous_value| is set then a previously existing policy with that |
| 139 // value will be expected; otherwise no previous policy is expected. |
| 140 // If |new_value| is set then a new policy with that value is expected after |
| 141 // storing the |policy_| blob. |
| 142 void PerformStorePolicy(const std::vector<uint8>* new_public_key, |
| 143 const char* previous_value, |
| 144 const char* new_value) { |
| 145 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 146 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
| 147 .WillOnce(SaveArg<1>(&store_callback)); |
| 148 store_->Store(policy_.policy()); |
| 149 RunUntilIdle(); |
| 150 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 151 ASSERT_FALSE(store_callback.is_null()); |
| 152 |
| 153 // The new policy shouldn't be present yet. |
| 154 PolicyMap previous_policy; |
| 155 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); |
| 156 if (previous_value) { |
| 157 previous_policy.Set(key::kHomepageLocation, |
| 158 POLICY_LEVEL_MANDATORY, |
| 159 POLICY_SCOPE_USER, |
| 160 base::Value::CreateStringValue(previous_value)); |
| 161 } |
| 162 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 163 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 164 |
| 165 // Store the new public key so that the validation after the retrieve |
| 166 // operation completes can verify the signature. |
| 167 if (new_public_key) |
| 168 StoreUserPolicyKey(*new_public_key); |
| 169 |
| 170 // Let the store operation complete. |
| 171 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
| 172 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) |
| 173 .WillOnce(SaveArg<0>(&retrieve_callback)); |
| 174 store_callback.Run(true); |
| 175 RunUntilIdle(); |
| 176 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 177 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 178 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 179 ASSERT_FALSE(retrieve_callback.is_null()); |
| 180 |
| 181 // Finish the retrieve callback. |
| 182 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 183 retrieve_callback.Run(policy_.GetBlob()); |
| 184 RunUntilIdle(); |
| 185 ASSERT_TRUE(store_->policy()); |
| 186 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 187 store_->policy()->SerializeAsString()); |
| 188 VerifyPolicyMap(new_value); |
| 189 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 190 } |
| 191 |
| 192 void VerifyStoreHasValidationError() { |
| 193 EXPECT_FALSE(store_->policy()); |
| 194 EXPECT_TRUE(store_->policy_map().empty()); |
| 195 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 196 } |
| 197 |
| 198 void RunUntilIdle() { |
| 199 loop_.RunUntilIdle(); |
| 200 content::BrowserThread::GetBlockingPool()->FlushForTesting(); |
85 loop_.RunUntilIdle(); | 201 loop_.RunUntilIdle(); |
86 } | 202 } |
87 | 203 |
88 // Verifies that store_->policy_map() has the ShowHomeButton entry. | 204 base::FilePath user_policy_dir() { |
89 void VerifyPolicyMap() { | 205 return tmp_dir_.path().AppendASCII("var_run_user_policy"); |
90 EXPECT_EQ(1U, store_->policy_map().size()); | 206 } |
91 const PolicyMap::Entry* entry = | 207 |
92 store_->policy_map().Get(key::kShowHomeButton); | 208 base::FilePath user_policy_key_file() { |
93 ASSERT_TRUE(entry); | 209 return user_policy_dir().AppendASCII(kSanitizedUsername) |
94 EXPECT_TRUE(base::FundamentalValue(true).Equals(entry->value)); | 210 .AppendASCII("policy.pub"); |
95 } | 211 } |
96 | 212 |
97 base::FilePath token_file() { | 213 base::FilePath token_file() { |
98 return tmp_dir_.path().AppendASCII("token"); | 214 return tmp_dir_.path().AppendASCII("token"); |
99 } | 215 } |
100 | 216 |
101 base::FilePath policy_file() { | 217 base::FilePath policy_file() { |
102 return tmp_dir_.path().AppendASCII("policy"); | 218 return tmp_dir_.path().AppendASCII("policy"); |
103 } | 219 } |
104 | 220 |
105 MessageLoop loop_; | 221 MessageLoop loop_; |
| 222 chromeos::MockCryptohomeClient cryptohome_client_; |
106 chromeos::MockSessionManagerClient session_manager_client_; | 223 chromeos::MockSessionManagerClient session_manager_client_; |
107 UserPolicyBuilder policy_; | 224 UserPolicyBuilder policy_; |
108 MockCloudPolicyStoreObserver observer_; | 225 MockCloudPolicyStoreObserver observer_; |
109 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; | 226 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; |
110 | 227 |
111 private: | 228 private: |
112 content::TestBrowserThread ui_thread_; | 229 content::TestBrowserThread ui_thread_; |
113 content::TestBrowserThread file_thread_; | 230 content::TestBrowserThread file_thread_; |
114 base::ScopedTempDir tmp_dir_; | 231 base::ScopedTempDir tmp_dir_; |
115 | 232 |
116 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); | 233 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); |
117 }; | 234 }; |
118 | 235 |
119 TEST_F(UserCloudPolicyStoreChromeOSTest, Store) { | 236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
120 // Store policy. | 237 // Start without any public key to trigger the initial key checks. |
121 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 238 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); |
122 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 239 // Make the policy blob contain a new public key. |
123 .WillOnce(SaveArg<1>(&store_callback)); | 240 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
124 store_->Store(policy_.policy()); | 241 policy_.Build(); |
125 loop_.RunUntilIdle(); | 242 std::vector<uint8> new_public_key; |
126 Mock::VerifyAndClearExpectations(&session_manager_client_); | 243 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key)); |
127 ASSERT_FALSE(store_callback.is_null()); | 244 ASSERT_NO_FATAL_FAILURE( |
| 245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
| 246 } |
128 | 247 |
129 // No policy should be present yet. | 248 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
130 EXPECT_FALSE(store_->policy()); | 249 ASSERT_NO_FATAL_FAILURE( |
131 EXPECT_TRUE(store_->policy_map().empty()); | 250 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); |
132 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 251 } |
133 | 252 |
134 // Let the store operation complete. | 253 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
135 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 254 // Make the policy blob contain a new public key. |
136 EXPECT_CALL(session_manager_client_, RetrieveUserPolicy(_)) | 255 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
137 .WillOnce(SaveArg<0>(&retrieve_callback)); | 256 policy_.Build(); |
138 store_callback.Run(true); | 257 std::vector<uint8> new_public_key; |
139 loop_.RunUntilIdle(); | 258 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key)); |
140 EXPECT_TRUE(store_->policy_map().empty()); | 259 ASSERT_NO_FATAL_FAILURE( |
141 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 260 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
142 Mock::VerifyAndClearExpectations(&session_manager_client_); | |
143 ASSERT_FALSE(retrieve_callback.is_null()); | |
144 | |
145 // Finish the retrieve callback. | |
146 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
147 retrieve_callback.Run(policy_.GetBlob()); | |
148 loop_.RunUntilIdle(); | |
149 ASSERT_TRUE(store_->policy()); | |
150 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | |
151 store_->policy()->SerializeAsString()); | |
152 VerifyPolicyMap(); | |
153 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
154 } | 261 } |
155 | 262 |
156 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 263 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
157 // Store policy. | 264 // Store policy. |
158 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 265 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
159 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 266 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
160 .WillOnce(SaveArg<1>(&store_callback)); | 267 .WillOnce(SaveArg<1>(&store_callback)); |
161 store_->Store(policy_.policy()); | 268 store_->Store(policy_.policy()); |
162 loop_.RunUntilIdle(); | 269 RunUntilIdle(); |
163 Mock::VerifyAndClearExpectations(&session_manager_client_); | 270 Mock::VerifyAndClearExpectations(&session_manager_client_); |
164 ASSERT_FALSE(store_callback.is_null()); | 271 ASSERT_FALSE(store_callback.is_null()); |
165 | 272 |
166 // Let the store operation complete. | 273 // Let the store operation complete. |
167 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 274 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
168 store_callback.Run(false); | 275 store_callback.Run(false); |
169 loop_.RunUntilIdle(); | 276 RunUntilIdle(); |
170 EXPECT_FALSE(store_->policy()); | 277 EXPECT_FALSE(store_->policy()); |
171 EXPECT_TRUE(store_->policy_map().empty()); | 278 EXPECT_TRUE(store_->policy_map().empty()); |
172 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 279 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
173 } | 280 } |
174 | 281 |
175 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 282 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
176 policy_.policy_data().clear_policy_type(); | 283 policy_.policy_data().clear_policy_type(); |
177 policy_.Build(); | 284 policy_.Build(); |
178 | 285 |
179 // Store policy. | 286 // Store policy. |
180 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 287 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
181 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 288 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
182 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) | 289 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
183 .Times(0); | 290 .Times(0); |
184 store_->Store(policy_.policy()); | 291 store_->Store(policy_.policy()); |
185 loop_.RunUntilIdle(); | 292 RunUntilIdle(); |
186 Mock::VerifyAndClearExpectations(&session_manager_client_); | 293 Mock::VerifyAndClearExpectations(&session_manager_client_); |
187 } | 294 } |
188 | 295 |
| 296 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { |
| 297 // Make the dbus call to cryptohome fail. |
| 298 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 299 EXPECT_CALL(cryptohome_client_, |
| 300 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) |
| 301 .Times(AnyNumber()) |
| 302 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, |
| 303 std::string())); |
| 304 |
| 305 // Store policy. |
| 306 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 307 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 308 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
| 309 .Times(0); |
| 310 store_->Store(policy_.policy()); |
| 311 RunUntilIdle(); |
| 312 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 313 } |
| 314 |
| 315 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { |
| 316 // Break the signature. |
| 317 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 318 |
| 319 // Store policy. |
| 320 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 321 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 322 EXPECT_CALL(session_manager_client_, StoreUserPolicy(policy_.GetBlob(), _)) |
| 323 .Times(0); |
| 324 store_->Store(policy_.policy()); |
| 325 RunUntilIdle(); |
| 326 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 327 } |
| 328 |
189 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 329 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 330 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
191 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 331 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
192 Mock::VerifyAndClearExpectations(&observer_); | 332 Mock::VerifyAndClearExpectations(&observer_); |
193 | 333 |
194 // Verify that the policy has been loaded. | 334 // Verify that the policy has been loaded. |
195 ASSERT_TRUE(store_->policy()); | 335 ASSERT_TRUE(store_->policy()); |
196 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 336 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
197 store_->policy()->SerializeAsString()); | 337 store_->policy()->SerializeAsString()); |
198 VerifyPolicyMap(); | 338 VerifyPolicyMap(kDefaultHomepage); |
199 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 339 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
200 } | 340 } |
201 | 341 |
202 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 342 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
203 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 343 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
204 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 344 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
205 Mock::VerifyAndClearExpectations(&observer_); | 345 Mock::VerifyAndClearExpectations(&observer_); |
206 | 346 |
207 // Verify no policy has been installed. | 347 // Verify no policy has been installed. |
208 EXPECT_FALSE(store_->policy()); | 348 EXPECT_FALSE(store_->policy()); |
(...skipping 10 matching lines...) Expand all Loading... |
219 EXPECT_TRUE(store_->policy_map().empty()); | 359 EXPECT_TRUE(store_->policy_map().empty()); |
220 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 360 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
221 } | 361 } |
222 | 362 |
223 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { | 363 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { |
224 policy_.policy_data().clear_policy_type(); | 364 policy_.policy_data().clear_policy_type(); |
225 policy_.Build(); | 365 policy_.Build(); |
226 | 366 |
227 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 367 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
228 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 368 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 369 VerifyStoreHasValidationError(); |
| 370 } |
229 | 371 |
230 // Verify no policy has been installed. | 372 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { |
231 EXPECT_FALSE(store_->policy()); | 373 // The loaded policy can't be verified without the public key. |
232 EXPECT_TRUE(store_->policy_map().empty()); | 374 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); |
233 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 375 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 376 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 377 VerifyStoreHasValidationError(); |
| 378 } |
| 379 |
| 380 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { |
| 381 // Break the signature. |
| 382 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 383 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 384 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 385 VerifyStoreHasValidationError(); |
234 } | 386 } |
235 | 387 |
236 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | 388 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { |
237 std::string data; | 389 std::string data; |
238 | 390 |
239 em::DeviceCredentials credentials; | 391 em::DeviceCredentials credentials; |
240 credentials.set_device_token(kLegacyToken); | 392 credentials.set_device_token(kLegacyToken); |
241 credentials.set_device_id(kLegacyDeviceId); | 393 credentials.set_device_id(kLegacyDeviceId); |
242 ASSERT_TRUE(credentials.SerializeToString(&data)); | 394 ASSERT_TRUE(credentials.SerializeToString(&data)); |
243 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); | 395 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); |
(...skipping 10 matching lines...) Expand all Loading... |
254 // Verify that legacy user policy and token have been loaded. | 406 // Verify that legacy user policy and token have been loaded. |
255 em::PolicyData expected_policy_data; | 407 em::PolicyData expected_policy_data; |
256 EXPECT_TRUE(expected_policy_data.ParseFromString( | 408 EXPECT_TRUE(expected_policy_data.ParseFromString( |
257 cached_policy.cloud_policy().policy_data())); | 409 cached_policy.cloud_policy().policy_data())); |
258 expected_policy_data.clear_public_key_version(); | 410 expected_policy_data.clear_public_key_version(); |
259 expected_policy_data.set_request_token(kLegacyToken); | 411 expected_policy_data.set_request_token(kLegacyToken); |
260 expected_policy_data.set_device_id(kLegacyDeviceId); | 412 expected_policy_data.set_device_id(kLegacyDeviceId); |
261 ASSERT_TRUE(store_->policy()); | 413 ASSERT_TRUE(store_->policy()); |
262 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 414 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
263 store_->policy()->SerializeAsString()); | 415 store_->policy()->SerializeAsString()); |
264 VerifyPolicyMap(); | 416 VerifyPolicyMap(kDefaultHomepage); |
265 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 417 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
266 }; | 418 } |
267 | 419 |
268 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { | 420 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { |
269 std::string data; | 421 std::string data; |
270 testing::Sequence seq; | 422 testing::Sequence seq; |
271 | 423 |
272 em::CachedCloudPolicyResponse cached_policy; | 424 em::CachedCloudPolicyResponse cached_policy; |
273 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 425 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
274 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 426 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
275 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); | 427 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); |
276 | 428 |
277 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 429 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
278 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 430 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
279 Mock::VerifyAndClearExpectations(&observer_); | 431 Mock::VerifyAndClearExpectations(&observer_); |
280 | 432 |
281 // Verify the legacy cache has been loaded. | 433 // Verify the legacy cache has been loaded. |
282 em::PolicyData expected_policy_data; | 434 em::PolicyData expected_policy_data; |
283 EXPECT_TRUE(expected_policy_data.ParseFromString( | 435 EXPECT_TRUE(expected_policy_data.ParseFromString( |
284 cached_policy.cloud_policy().policy_data())); | 436 cached_policy.cloud_policy().policy_data())); |
285 expected_policy_data.clear_public_key_version(); | 437 expected_policy_data.clear_public_key_version(); |
286 ASSERT_TRUE(store_->policy()); | 438 ASSERT_TRUE(store_->policy()); |
287 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 439 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
288 store_->policy()->SerializeAsString()); | 440 store_->policy()->SerializeAsString()); |
289 VerifyPolicyMap(); | 441 VerifyPolicyMap(kDefaultHomepage); |
290 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 442 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
291 }; | 443 } |
292 | 444 |
293 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { | 445 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { |
294 std::string data; | 446 std::string data; |
295 | 447 |
296 em::DeviceCredentials credentials; | 448 em::DeviceCredentials credentials; |
297 credentials.set_device_token(kLegacyToken); | 449 credentials.set_device_token(kLegacyToken); |
298 credentials.set_device_id(kLegacyDeviceId); | 450 credentials.set_device_id(kLegacyDeviceId); |
299 ASSERT_TRUE(credentials.SerializeToString(&data)); | 451 ASSERT_TRUE(credentials.SerializeToString(&data)); |
300 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); | 452 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); |
301 | 453 |
302 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 454 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
303 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 455 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
304 Mock::VerifyAndClearExpectations(&observer_); | 456 Mock::VerifyAndClearExpectations(&observer_); |
305 | 457 |
306 // Verify that legacy user policy and token have been loaded. | 458 // Verify that legacy user policy and token have been loaded. |
307 em::PolicyData expected_policy_data; | 459 em::PolicyData expected_policy_data; |
308 expected_policy_data.set_request_token(kLegacyToken); | 460 expected_policy_data.set_request_token(kLegacyToken); |
309 expected_policy_data.set_device_id(kLegacyDeviceId); | 461 expected_policy_data.set_device_id(kLegacyDeviceId); |
310 ASSERT_TRUE(store_->policy()); | 462 ASSERT_TRUE(store_->policy()); |
311 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 463 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
312 store_->policy()->SerializeAsString()); | 464 store_->policy()->SerializeAsString()); |
313 EXPECT_TRUE(store_->policy_map().empty()); | 465 EXPECT_TRUE(store_->policy_map().empty()); |
314 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 466 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
315 }; | 467 } |
| 468 |
| 469 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { |
| 470 // Start without an existing public key. |
| 471 ASSERT_TRUE(file_util::Delete(user_policy_key_file(), false)); |
| 472 |
| 473 std::string data; |
| 474 em::CachedCloudPolicyResponse cached_policy; |
| 475 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 476 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 477 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); |
| 478 |
| 479 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 480 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 481 Mock::VerifyAndClearExpectations(&observer_); |
| 482 |
| 483 // Verify the legacy cache has been loaded. |
| 484 em::PolicyData expected_policy_data; |
| 485 EXPECT_TRUE(expected_policy_data.ParseFromString( |
| 486 cached_policy.cloud_policy().policy_data())); |
| 487 expected_policy_data.clear_public_key_version(); |
| 488 ASSERT_TRUE(store_->policy()); |
| 489 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 490 store_->policy()->SerializeAsString()); |
| 491 VerifyPolicyMap(kDefaultHomepage); |
| 492 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 493 EXPECT_TRUE(file_util::PathExists(policy_file())); |
| 494 |
| 495 // Now store a new policy using the new homepage location. |
| 496 const char kNewHomepage[] = "http://google.com"; |
| 497 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage); |
| 498 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
| 499 policy_.Build(); |
| 500 std::vector<uint8> new_public_key; |
| 501 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key)); |
| 502 ASSERT_NO_FATAL_FAILURE( |
| 503 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage)); |
| 504 VerifyPolicyMap(kNewHomepage); |
| 505 |
| 506 // Verify that the legacy cache has been removed. |
| 507 EXPECT_FALSE(file_util::PathExists(policy_file())); |
| 508 } |
316 | 509 |
317 } // namespace | 510 } // namespace |
318 | 511 |
319 } // namespace policy | 512 } // namespace policy |
OLD | NEW |