| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/policy/component_cloud_policy_store.h" | |
| 6 | |
| 7 #include <map> | |
| 8 #include <set> | |
| 9 #include <string> | |
| 10 | |
| 11 #include "base/basictypes.h" | |
| 12 #include "base/files/scoped_temp_dir.h" | |
| 13 #include "base/memory/scoped_ptr.h" | |
| 14 #include "base/sha1.h" | |
| 15 #include "chrome/browser/policy/cloud_policy_constants.h" | |
| 16 #include "chrome/browser/policy/policy_builder.h" | |
| 17 #include "chrome/browser/policy/proto/chrome_extension_policy.pb.h" | |
| 18 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | |
| 19 #include "chrome/browser/policy/resource_cache.h" | |
| 20 #include "testing/gmock/include/gmock/gmock.h" | |
| 21 #include "testing/gtest/include/gtest/gtest.h" | |
| 22 | |
| 23 namespace em = enterprise_management; | |
| 24 | |
| 25 using testing::Mock; | |
| 26 | |
| 27 namespace policy { | |
| 28 | |
| 29 namespace { | |
| 30 | |
| 31 const char kTestExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; | |
| 32 const char kTestDownload[] = "http://example.com/getpolicy?id=123"; | |
| 33 const char kTestPolicy[] = | |
| 34 "{" | |
| 35 " \"Name\": {" | |
| 36 " \"Value\": \"disabled\"" | |
| 37 " }," | |
| 38 " \"Second\": {" | |
| 39 " \"Value\": \"maybe\"," | |
| 40 " \"Level\": \"Recommended\"" | |
| 41 " }" | |
| 42 "}"; | |
| 43 | |
| 44 std::string TestPolicyHash() { | |
| 45 return base::SHA1HashString(kTestPolicy); | |
| 46 } | |
| 47 | |
| 48 class MockComponentCloudPolicyStoreDelegate | |
| 49 : public ComponentCloudPolicyStore::Delegate { | |
| 50 public: | |
| 51 virtual ~MockComponentCloudPolicyStoreDelegate() {} | |
| 52 | |
| 53 MOCK_METHOD0(OnComponentCloudPolicyStoreUpdated, void()); | |
| 54 }; | |
| 55 | |
| 56 } // namespace | |
| 57 | |
| 58 class ComponentCloudPolicyStoreTest : public testing::Test { | |
| 59 protected: | |
| 60 virtual void SetUp() OVERRIDE { | |
| 61 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); | |
| 62 cache_.reset(new ResourceCache(temp_dir_.path())); | |
| 63 store_.reset(new ComponentCloudPolicyStore(&store_delegate_, cache_.get())); | |
| 64 store_->SetCredentials(ComponentPolicyBuilder::kFakeUsername, | |
| 65 ComponentPolicyBuilder::kFakeToken); | |
| 66 | |
| 67 builder_.policy_data().set_policy_type( | |
| 68 dm_protocol::kChromeExtensionPolicyType); | |
| 69 builder_.policy_data().set_settings_entity_id(kTestExtension); | |
| 70 builder_.payload().set_download_url(kTestDownload); | |
| 71 builder_.payload().set_secure_hash(TestPolicyHash()); | |
| 72 | |
| 73 PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension); | |
| 74 PolicyMap& policy = expected_bundle_.Get(ns); | |
| 75 policy.Set("Name", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, | |
| 76 base::Value::CreateStringValue("disabled")); | |
| 77 policy.Set("Second", POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER, | |
| 78 base::Value::CreateStringValue("maybe")); | |
| 79 } | |
| 80 | |
| 81 // Returns true if the policy exposed by the |store_| is empty. | |
| 82 bool IsEmpty() { | |
| 83 return store_->policy().begin() == store_->policy().end(); | |
| 84 } | |
| 85 | |
| 86 scoped_ptr<em::PolicyFetchResponse> CreateResponse() { | |
| 87 builder_.Build(); | |
| 88 return make_scoped_ptr(new em::PolicyFetchResponse(builder_.policy())); | |
| 89 } | |
| 90 | |
| 91 std::string CreateSerializedResponse() { | |
| 92 builder_.Build(); | |
| 93 return builder_.GetBlob(); | |
| 94 } | |
| 95 | |
| 96 base::ScopedTempDir temp_dir_; | |
| 97 scoped_ptr<ResourceCache> cache_; | |
| 98 scoped_ptr<ComponentCloudPolicyStore> store_; | |
| 99 MockComponentCloudPolicyStoreDelegate store_delegate_; | |
| 100 ComponentPolicyBuilder builder_; | |
| 101 PolicyBundle expected_bundle_; | |
| 102 }; | |
| 103 | |
| 104 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicy) { | |
| 105 em::ExternalPolicyData payload; | |
| 106 PolicyNamespace ns; | |
| 107 EXPECT_TRUE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 108 EXPECT_EQ(POLICY_DOMAIN_EXTENSIONS, ns.domain); | |
| 109 EXPECT_EQ(kTestExtension, ns.component_id); | |
| 110 EXPECT_EQ(kTestDownload, payload.download_url()); | |
| 111 EXPECT_EQ(TestPolicyHash(), payload.secure_hash()); | |
| 112 } | |
| 113 | |
| 114 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicyWrongUsername) { | |
| 115 builder_.policy_data().set_username("anotheruser@example.com"); | |
| 116 em::ExternalPolicyData payload; | |
| 117 PolicyNamespace ns; | |
| 118 EXPECT_FALSE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 119 } | |
| 120 | |
| 121 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicyWrongDMToken) { | |
| 122 builder_.policy_data().set_request_token("notmytoken"); | |
| 123 em::ExternalPolicyData payload; | |
| 124 PolicyNamespace ns; | |
| 125 EXPECT_FALSE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 126 } | |
| 127 | |
| 128 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicyBadType) { | |
| 129 builder_.policy_data().set_policy_type(dm_protocol::kChromeUserPolicyType); | |
| 130 em::ExternalPolicyData payload; | |
| 131 PolicyNamespace ns; | |
| 132 EXPECT_FALSE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 133 } | |
| 134 | |
| 135 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicyBadDownloadUrl) { | |
| 136 builder_.payload().set_download_url("invalidurl"); | |
| 137 em::ExternalPolicyData payload; | |
| 138 PolicyNamespace ns; | |
| 139 EXPECT_FALSE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 140 } | |
| 141 | |
| 142 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicyEmptyDownloadUrl) { | |
| 143 builder_.payload().clear_download_url(); | |
| 144 builder_.payload().clear_secure_hash(); | |
| 145 em::ExternalPolicyData payload; | |
| 146 PolicyNamespace ns; | |
| 147 // This is valid; it's how "no policy" is signalled to the client. | |
| 148 EXPECT_TRUE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 149 } | |
| 150 | |
| 151 TEST_F(ComponentCloudPolicyStoreTest, ValidatePolicyBadPayload) { | |
| 152 builder_.clear_payload(); | |
| 153 builder_.policy_data().set_policy_value("broken"); | |
| 154 em::ExternalPolicyData payload; | |
| 155 PolicyNamespace ns; | |
| 156 EXPECT_FALSE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 157 } | |
| 158 | |
| 159 TEST_F(ComponentCloudPolicyStoreTest, ValidateNoCredentials) { | |
| 160 store_.reset(new ComponentCloudPolicyStore(&store_delegate_, cache_.get())); | |
| 161 em::ExternalPolicyData payload; | |
| 162 PolicyNamespace ns; | |
| 163 EXPECT_FALSE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 164 } | |
| 165 | |
| 166 TEST_F(ComponentCloudPolicyStoreTest, ValidateWrongCredentials) { | |
| 167 em::ExternalPolicyData payload; | |
| 168 PolicyNamespace ns; | |
| 169 // Verify that the default response validates with the right credentials. | |
| 170 EXPECT_TRUE(store_->ValidatePolicy(CreateResponse(), &ns, &payload)); | |
| 171 // Now store that response. | |
| 172 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); | |
| 173 EXPECT_TRUE(store_->Store( | |
| 174 ns, CreateSerializedResponse(), TestPolicyHash(), kTestPolicy)); | |
| 175 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 176 EXPECT_TRUE(store_->policy().Equals(expected_bundle_)); | |
| 177 // And verify that the response data in the cache. | |
| 178 std::map<std::string, std::string> contents; | |
| 179 cache_->LoadAllSubkeys("extension-policy", &contents); | |
| 180 EXPECT_FALSE(contents.empty()); | |
| 181 | |
| 182 // Try loading the cached response data with wrong credentials. | |
| 183 ComponentCloudPolicyStore another_store(&store_delegate_, cache_.get()); | |
| 184 another_store.SetCredentials("wrongdude@example.com", "wrongtoken"); | |
| 185 another_store.Load(); | |
| 186 const PolicyBundle empty_bundle; | |
| 187 EXPECT_TRUE(another_store.policy().Equals(empty_bundle)); | |
| 188 | |
| 189 // The failure to read wiped the cache. | |
| 190 cache_->LoadAllSubkeys("extension-policy", &contents); | |
| 191 EXPECT_TRUE(contents.empty()); | |
| 192 } | |
| 193 | |
| 194 TEST_F(ComponentCloudPolicyStoreTest, StoreAndLoad) { | |
| 195 // Initially empty. | |
| 196 EXPECT_TRUE(IsEmpty()); | |
| 197 store_->Load(); | |
| 198 EXPECT_TRUE(IsEmpty()); | |
| 199 | |
| 200 // Store policy for an unsupported domain. | |
| 201 PolicyNamespace ns(POLICY_DOMAIN_CHROME, kTestExtension); | |
| 202 builder_.policy_data().set_policy_type(dm_protocol::kChromeUserPolicyType); | |
| 203 EXPECT_FALSE(store_->Store( | |
| 204 ns, CreateSerializedResponse(), TestPolicyHash(), kTestPolicy)); | |
| 205 | |
| 206 // Store policy with the wrong hash. | |
| 207 builder_.policy_data().set_policy_type( | |
| 208 dm_protocol::kChromeExtensionPolicyType); | |
| 209 ns.domain = POLICY_DOMAIN_EXTENSIONS; | |
| 210 builder_.payload().set_secure_hash("badash"); | |
| 211 EXPECT_FALSE(store_->Store( | |
| 212 ns, CreateSerializedResponse(), "badash", kTestPolicy)); | |
| 213 | |
| 214 // Store policy without a hash. | |
| 215 builder_.payload().clear_secure_hash(); | |
| 216 EXPECT_FALSE(store_->Store( | |
| 217 ns, CreateSerializedResponse(), std::string(), kTestPolicy)); | |
| 218 | |
| 219 // Store policy with invalid JSON data. | |
| 220 static const char kInvalidData[] = "{ not json }"; | |
| 221 const std::string invalid_data_hash = base::SHA1HashString(kInvalidData); | |
| 222 builder_.payload().set_secure_hash(invalid_data_hash); | |
| 223 EXPECT_FALSE(store_->Store( | |
| 224 ns, CreateSerializedResponse(), invalid_data_hash, kInvalidData)); | |
| 225 | |
| 226 // All of those failed. | |
| 227 EXPECT_TRUE(IsEmpty()); | |
| 228 EXPECT_EQ(std::string(), store_->GetCachedHash(ns)); | |
| 229 | |
| 230 // Now store a valid policy. | |
| 231 builder_.payload().set_secure_hash(TestPolicyHash()); | |
| 232 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); | |
| 233 EXPECT_TRUE(store_->Store( | |
| 234 ns, CreateSerializedResponse(), TestPolicyHash(), kTestPolicy)); | |
| 235 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 236 EXPECT_FALSE(IsEmpty()); | |
| 237 EXPECT_TRUE(store_->policy().Equals(expected_bundle_)); | |
| 238 EXPECT_EQ(TestPolicyHash(), store_->GetCachedHash(ns)); | |
| 239 | |
| 240 // Loading from the cache validates the policy data again. | |
| 241 ComponentCloudPolicyStore another_store(&store_delegate_, cache_.get()); | |
| 242 another_store.SetCredentials(ComponentPolicyBuilder::kFakeUsername, | |
| 243 ComponentPolicyBuilder::kFakeToken); | |
| 244 another_store.Load(); | |
| 245 EXPECT_TRUE(another_store.policy().Equals(expected_bundle_)); | |
| 246 EXPECT_EQ(TestPolicyHash(), another_store.GetCachedHash(ns)); | |
| 247 } | |
| 248 | |
| 249 TEST_F(ComponentCloudPolicyStoreTest, Updates) { | |
| 250 // Store some policies. | |
| 251 PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension); | |
| 252 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); | |
| 253 EXPECT_TRUE(store_->Store( | |
| 254 ns, CreateSerializedResponse(), TestPolicyHash(), kTestPolicy)); | |
| 255 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 256 EXPECT_FALSE(IsEmpty()); | |
| 257 EXPECT_TRUE(store_->policy().Equals(expected_bundle_)); | |
| 258 | |
| 259 // Deleting a non-existant namespace doesn't trigger updates. | |
| 260 PolicyNamespace ns_fake(POLICY_DOMAIN_EXTENSIONS, "nosuchid"); | |
| 261 store_->Delete(ns_fake); | |
| 262 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 263 | |
| 264 // Deleting a namespace that has policies triggers an update. | |
| 265 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); | |
| 266 store_->Delete(ns); | |
| 267 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 268 } | |
| 269 | |
| 270 TEST_F(ComponentCloudPolicyStoreTest, Purge) { | |
| 271 // Store a valid policy. | |
| 272 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); | |
| 273 PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension); | |
| 274 EXPECT_TRUE(store_->Store( | |
| 275 ns, CreateSerializedResponse(), TestPolicyHash(), kTestPolicy)); | |
| 276 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 277 EXPECT_FALSE(IsEmpty()); | |
| 278 EXPECT_TRUE(store_->policy().Equals(expected_bundle_)); | |
| 279 | |
| 280 // Purge other namespaces. | |
| 281 std::set<std::string> keep; | |
| 282 keep.insert(kTestExtension); | |
| 283 store_->Purge(POLICY_DOMAIN_EXTENSIONS, keep); | |
| 284 | |
| 285 // The policy for |ns| is still served. | |
| 286 EXPECT_TRUE(store_->policy().Equals(expected_bundle_)); | |
| 287 | |
| 288 // Loading the store again will still see |ns|. | |
| 289 ComponentCloudPolicyStore another_store(&store_delegate_, cache_.get()); | |
| 290 const PolicyBundle empty_bundle; | |
| 291 EXPECT_TRUE(another_store.policy().Equals(empty_bundle)); | |
| 292 another_store.SetCredentials(ComponentPolicyBuilder::kFakeUsername, | |
| 293 ComponentPolicyBuilder::kFakeToken); | |
| 294 another_store.Load(); | |
| 295 EXPECT_TRUE(another_store.policy().Equals(expected_bundle_)); | |
| 296 | |
| 297 // Now purge everything. | |
| 298 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); | |
| 299 keep.clear(); | |
| 300 store_->Purge(POLICY_DOMAIN_EXTENSIONS, keep); | |
| 301 Mock::VerifyAndClearExpectations(&store_delegate_); | |
| 302 | |
| 303 // No policies are served anymore. | |
| 304 EXPECT_TRUE(store_->policy().Equals(empty_bundle)); | |
| 305 | |
| 306 // And they aren't loaded anymore either. | |
| 307 ComponentCloudPolicyStore yet_another_store(&store_delegate_, cache_.get()); | |
| 308 yet_another_store.SetCredentials(ComponentPolicyBuilder::kFakeUsername, | |
| 309 ComponentPolicyBuilder::kFakeToken); | |
| 310 yet_another_store.Load(); | |
| 311 EXPECT_TRUE(yet_another_store.policy().Equals(empty_bundle)); | |
| 312 } | |
| 313 | |
| 314 } // namespace policy | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12189011:
Split up chrome/browser/policy subdirectory (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src