| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h" | 5 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 124 kOwnerPrivateKey + arraysize(kOwnerPrivateKey)); | 124 kOwnerPrivateKey + arraysize(kOwnerPrivateKey)); |
| 125 return crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key, | 125 return crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key, |
| 126 true /* permanent */); | 126 true /* permanent */); |
| 127 } | 127 } |
| 128 | 128 |
| 129 } // namespace | 129 } // namespace |
| 130 | 130 |
| 131 class CryptohomeAuthenticatorTest : public testing::Test { | 131 class CryptohomeAuthenticatorTest : public testing::Test { |
| 132 public: | 132 public: |
| 133 CryptohomeAuthenticatorTest() | 133 CryptohomeAuthenticatorTest() |
| 134 : user_context_("me@nowhere.org"), | 134 : user_context_(AccountId::FromUserEmail("me@nowhere.org")), |
| 135 user_manager_(new user_manager::FakeUserManager()), | 135 user_manager_(new user_manager::FakeUserManager()), |
| 136 user_manager_enabler_(user_manager_), | 136 user_manager_enabler_(user_manager_), |
| 137 mock_caller_(NULL), | 137 mock_caller_(NULL), |
| 138 mock_homedir_methods_(NULL), | 138 mock_homedir_methods_(NULL), |
| 139 owner_key_util_(new ownership::MockOwnerKeyUtil()) { | 139 owner_key_util_(new ownership::MockOwnerKeyUtil()) { |
| 140 OwnerSettingsServiceChromeOSFactory::GetInstance() | 140 OwnerSettingsServiceChromeOSFactory::GetInstance() |
| 141 ->SetOwnerKeyUtilForTesting(owner_key_util_); | 141 ->SetOwnerKeyUtilForTesting(owner_key_util_); |
| 142 user_context_.SetKey(Key("fakepass")); | 142 user_context_.SetKey(Key("fakepass")); |
| 143 user_context_.SetUserIDHash("me_nowhere_com_hash"); | 143 user_context_.SetUserIDHash("me_nowhere_com_hash"); |
| 144 const user_manager::User* user = | 144 const user_manager::User* user = |
| 145 user_manager_->AddUser(user_context_.GetUserID()); | 145 user_manager_->AddUser(user_context_.GetAccountId()); |
| 146 profile_.set_profile_name(user_context_.GetUserID()); | 146 profile_.set_profile_name(user_context_.GetAccountId().GetUserEmail()); |
| 147 | 147 |
| 148 ProfileHelper::Get()->SetUserToProfileMappingForTesting(user, &profile_); | 148 ProfileHelper::Get()->SetUserToProfileMappingForTesting(user, &profile_); |
| 149 | 149 |
| 150 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, | 150 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, |
| 151 SystemSaltGetter::ConvertRawSaltToHexString( | 151 SystemSaltGetter::ConvertRawSaltToHexString( |
| 152 FakeCryptohomeClient::GetStubSystemSalt())); | 152 FakeCryptohomeClient::GetStubSystemSalt())); |
| 153 } | 153 } |
| 154 | 154 |
| 155 ~CryptohomeAuthenticatorTest() override {} | 155 ~CryptohomeAuthenticatorTest() override {} |
| 156 | 156 |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 257 if (key_type) { | 257 if (key_type) { |
| 258 key_definition.provider_data.push_back( | 258 key_definition.provider_data.push_back( |
| 259 cryptohome::KeyDefinition::ProviderData("type")); | 259 cryptohome::KeyDefinition::ProviderData("type")); |
| 260 key_definition.provider_data.back().number = key_type.Pass(); | 260 key_definition.provider_data.back().number = key_type.Pass(); |
| 261 } | 261 } |
| 262 if (salt) { | 262 if (salt) { |
| 263 key_definition.provider_data.push_back( | 263 key_definition.provider_data.push_back( |
| 264 cryptohome::KeyDefinition::ProviderData("salt")); | 264 cryptohome::KeyDefinition::ProviderData("salt")); |
| 265 key_definition.provider_data.back().bytes = salt.Pass(); | 265 key_definition.provider_data.back().bytes = salt.Pass(); |
| 266 } | 266 } |
| 267 EXPECT_CALL(*mock_homedir_methods_, GetKeyDataEx( | 267 EXPECT_CALL(*mock_homedir_methods_, |
| 268 cryptohome::Identification(user_context_.GetUserID()), | 268 GetKeyDataEx(cryptohome::Identification( |
| 269 kCryptohomeGAIAKeyLabel, | 269 user_context_.GetAccountId().GetUserEmail()), |
| 270 _)) | 270 kCryptohomeGAIAKeyLabel, _)) |
| 271 .WillOnce(WithArg<2>(Invoke( | 271 .WillOnce(WithArg<2>(Invoke( |
| 272 this, | 272 this, &CryptohomeAuthenticatorTest::InvokeGetDataExCallback))); |
| 273 &CryptohomeAuthenticatorTest::InvokeGetDataExCallback))); | |
| 274 } | 273 } |
| 275 | 274 |
| 276 void ExpectMountExCall(bool expect_create_attempt) { | 275 void ExpectMountExCall(bool expect_create_attempt) { |
| 277 const cryptohome::KeyDefinition auth_key(transformed_key_.GetSecret(), | 276 const cryptohome::KeyDefinition auth_key(transformed_key_.GetSecret(), |
| 278 std::string(), | 277 std::string(), |
| 279 cryptohome::PRIV_DEFAULT); | 278 cryptohome::PRIV_DEFAULT); |
| 280 cryptohome::MountParameters mount(false /* ephemeral */); | 279 cryptohome::MountParameters mount(false /* ephemeral */); |
| 281 if (expect_create_attempt) { | 280 if (expect_create_attempt) { |
| 282 mount.create_keys.push_back(cryptohome::KeyDefinition( | 281 mount.create_keys.push_back(cryptohome::KeyDefinition( |
| 283 transformed_key_.GetSecret(), | 282 transformed_key_.GetSecret(), |
| 284 kCryptohomeGAIAKeyLabel, | 283 kCryptohomeGAIAKeyLabel, |
| 285 cryptohome::PRIV_DEFAULT)); | 284 cryptohome::PRIV_DEFAULT)); |
| 286 } | 285 } |
| 287 EXPECT_CALL(*mock_homedir_methods_, | 286 EXPECT_CALL(*mock_homedir_methods_, |
| 288 MountEx(cryptohome::Identification(user_context_.GetUserID()), | 287 MountEx(cryptohome::Identification( |
| 289 cryptohome::Authorization(auth_key), | 288 user_context_.GetAccountId().GetUserEmail()), |
| 290 mount, | 289 cryptohome::Authorization(auth_key), mount, _)) |
| 291 _)) | |
| 292 .Times(1) | 290 .Times(1) |
| 293 .RetiresOnSaturation(); | 291 .RetiresOnSaturation(); |
| 294 } | 292 } |
| 295 | 293 |
| 296 void RunResolve(CryptohomeAuthenticator* auth) { | 294 void RunResolve(CryptohomeAuthenticator* auth) { |
| 297 auth->Resolve(); | 295 auth->Resolve(); |
| 298 base::MessageLoop::current()->RunUntilIdle(); | 296 base::MessageLoop::current()->RunUntilIdle(); |
| 299 } | 297 } |
| 300 | 298 |
| 301 void SetAttemptState(CryptohomeAuthenticator* auth, TestAttemptState* state) { | 299 void SetAttemptState(CryptohomeAuthenticator* auth, TestAttemptState* state) { |
| (...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 555 TEST_F(CryptohomeAuthenticatorTest, DriveDataResync) { | 553 TEST_F(CryptohomeAuthenticatorTest, DriveDataResync) { |
| 556 UserContext expected_user_context(user_context_with_transformed_key_); | 554 UserContext expected_user_context(user_context_with_transformed_key_); |
| 557 expected_user_context.SetUserIDHash( | 555 expected_user_context.SetUserIDHash( |
| 558 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); | 556 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); |
| 559 ExpectLoginSuccess(expected_user_context); | 557 ExpectLoginSuccess(expected_user_context); |
| 560 FailOnLoginFailure(); | 558 FailOnLoginFailure(); |
| 561 | 559 |
| 562 // Set up mock async method caller to respond successfully to a cryptohome | 560 // Set up mock async method caller to respond successfully to a cryptohome |
| 563 // remove attempt. | 561 // remove attempt. |
| 564 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); | 562 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); |
| 565 EXPECT_CALL(*mock_caller_, AsyncRemove(user_context_.GetUserID(), _)) | 563 EXPECT_CALL(*mock_caller_, |
| 564 AsyncRemove(user_context_.GetAccountId().GetUserEmail(), _)) |
| 566 .Times(1) | 565 .Times(1) |
| 567 .RetiresOnSaturation(); | 566 .RetiresOnSaturation(); |
| 568 | 567 |
| 569 // Set up mock homedir methods to respond successfully to a cryptohome create | 568 // Set up mock homedir methods to respond successfully to a cryptohome create |
| 570 // attempt. | 569 // attempt. |
| 571 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); | 570 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); |
| 572 ExpectMountExCall(true /* expect_create_attempt */); | 571 ExpectMountExCall(true /* expect_create_attempt */); |
| 573 | 572 |
| 574 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 573 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
| 575 SetAttemptState(auth_.get(), state_.release()); | 574 SetAttemptState(auth_.get(), state_.release()); |
| 576 | 575 |
| 577 auth_->ResyncEncryptedData(); | 576 auth_->ResyncEncryptedData(); |
| 578 base::MessageLoop::current()->Run(); | 577 base::MessageLoop::current()->Run(); |
| 579 } | 578 } |
| 580 | 579 |
| 581 TEST_F(CryptohomeAuthenticatorTest, DriveResyncFail) { | 580 TEST_F(CryptohomeAuthenticatorTest, DriveResyncFail) { |
| 582 FailOnLoginSuccess(); | 581 FailOnLoginSuccess(); |
| 583 ExpectLoginFailure(AuthFailure(AuthFailure::DATA_REMOVAL_FAILED)); | 582 ExpectLoginFailure(AuthFailure(AuthFailure::DATA_REMOVAL_FAILED)); |
| 584 | 583 |
| 585 // Set up mock async method caller to fail a cryptohome remove attempt. | 584 // Set up mock async method caller to fail a cryptohome remove attempt. |
| 586 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_NONE); | 585 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_NONE); |
| 587 EXPECT_CALL(*mock_caller_, AsyncRemove(user_context_.GetUserID(), _)) | 586 EXPECT_CALL(*mock_caller_, |
| 587 AsyncRemove(user_context_.GetAccountId().GetUserEmail(), _)) |
| 588 .Times(1) | 588 .Times(1) |
| 589 .RetiresOnSaturation(); | 589 .RetiresOnSaturation(); |
| 590 | 590 |
| 591 SetAttemptState(auth_.get(), state_.release()); | 591 SetAttemptState(auth_.get(), state_.release()); |
| 592 | 592 |
| 593 auth_->ResyncEncryptedData(); | 593 auth_->ResyncEncryptedData(); |
| 594 base::MessageLoop::current()->Run(); | 594 base::MessageLoop::current()->Run(); |
| 595 } | 595 } |
| 596 | 596 |
| 597 TEST_F(CryptohomeAuthenticatorTest, DriveRequestOldPassword) { | 597 TEST_F(CryptohomeAuthenticatorTest, DriveRequestOldPassword) { |
| 598 FailOnLoginSuccess(); | 598 FailOnLoginSuccess(); |
| 599 ExpectPasswordChange(); | 599 ExpectPasswordChange(); |
| 600 | 600 |
| 601 state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); | 601 state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); |
| 602 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 602 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
| 603 SetAttemptState(auth_.get(), state_.release()); | 603 SetAttemptState(auth_.get(), state_.release()); |
| 604 | 604 |
| 605 RunResolve(auth_.get()); | 605 RunResolve(auth_.get()); |
| 606 } | 606 } |
| 607 | 607 |
| 608 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecover) { | 608 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecover) { |
| 609 UserContext expected_user_context(user_context_with_transformed_key_); | 609 UserContext expected_user_context(user_context_with_transformed_key_); |
| 610 expected_user_context.SetUserIDHash( | 610 expected_user_context.SetUserIDHash( |
| 611 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); | 611 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); |
| 612 ExpectLoginSuccess(expected_user_context); | 612 ExpectLoginSuccess(expected_user_context); |
| 613 FailOnLoginFailure(); | 613 FailOnLoginFailure(); |
| 614 | 614 |
| 615 // Set up mock async method caller to respond successfully to a key migration. | 615 // Set up mock async method caller to respond successfully to a key migration. |
| 616 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); | 616 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); |
| 617 EXPECT_CALL( | 617 EXPECT_CALL(*mock_caller_, |
| 618 *mock_caller_, | 618 AsyncMigrateKey(user_context_.GetAccountId().GetUserEmail(), _, |
| 619 AsyncMigrateKey( | 619 transformed_key_.GetSecret(), _)) |
| 620 user_context_.GetUserID(), _, transformed_key_.GetSecret(), _)) | |
| 621 .Times(1) | 620 .Times(1) |
| 622 .RetiresOnSaturation(); | 621 .RetiresOnSaturation(); |
| 623 | 622 |
| 624 // Set up mock homedir methods to respond successfully to a cryptohome mount | 623 // Set up mock homedir methods to respond successfully to a cryptohome mount |
| 625 // attempt. | 624 // attempt. |
| 626 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); | 625 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); |
| 627 ExpectMountExCall(false /* expect_create_attempt */); | 626 ExpectMountExCall(false /* expect_create_attempt */); |
| 628 | 627 |
| 629 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 628 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
| 630 SetAttemptState(auth_.get(), state_.release()); | 629 SetAttemptState(auth_.get(), state_.release()); |
| 631 | 630 |
| 632 auth_->RecoverEncryptedData(std::string()); | 631 auth_->RecoverEncryptedData(std::string()); |
| 633 base::MessageLoop::current()->Run(); | 632 base::MessageLoop::current()->Run(); |
| 634 } | 633 } |
| 635 | 634 |
| 636 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecoverButFail) { | 635 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecoverButFail) { |
| 637 FailOnLoginSuccess(); | 636 FailOnLoginSuccess(); |
| 638 ExpectPasswordChange(); | 637 ExpectPasswordChange(); |
| 639 | 638 |
| 640 // Set up mock async method caller to fail a key migration attempt, | 639 // Set up mock async method caller to fail a key migration attempt, |
| 641 // asserting that the wrong password was used. | 640 // asserting that the wrong password was used. |
| 642 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); | 641 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); |
| 643 EXPECT_CALL( | 642 EXPECT_CALL(*mock_caller_, |
| 644 *mock_caller_, | 643 AsyncMigrateKey(user_context_.GetAccountId().GetUserEmail(), _, |
| 645 AsyncMigrateKey( | 644 transformed_key_.GetSecret(), _)) |
| 646 user_context_.GetUserID(), _, transformed_key_.GetSecret(), _)) | |
| 647 .Times(1) | 645 .Times(1) |
| 648 .RetiresOnSaturation(); | 646 .RetiresOnSaturation(); |
| 649 | 647 |
| 650 SetAttemptState(auth_.get(), state_.release()); | 648 SetAttemptState(auth_.get(), state_.release()); |
| 651 | 649 |
| 652 auth_->RecoverEncryptedData(std::string()); | 650 auth_->RecoverEncryptedData(std::string()); |
| 653 base::MessageLoop::current()->Run(); | 651 base::MessageLoop::current()->Run(); |
| 654 } | 652 } |
| 655 | 653 |
| 656 TEST_F(CryptohomeAuthenticatorTest, ResolveNoMountToFailedMount) { | 654 TEST_F(CryptohomeAuthenticatorTest, ResolveNoMountToFailedMount) { |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 725 RunResolve(auth_.get()); | 723 RunResolve(auth_.get()); |
| 726 } | 724 } |
| 727 | 725 |
| 728 TEST_F(CryptohomeAuthenticatorTest, DriveUnlock) { | 726 TEST_F(CryptohomeAuthenticatorTest, DriveUnlock) { |
| 729 ExpectLoginSuccess(user_context_); | 727 ExpectLoginSuccess(user_context_); |
| 730 FailOnLoginFailure(); | 728 FailOnLoginFailure(); |
| 731 | 729 |
| 732 // Set up mock async method caller to respond successfully to a cryptohome | 730 // Set up mock async method caller to respond successfully to a cryptohome |
| 733 // key-check attempt. | 731 // key-check attempt. |
| 734 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); | 732 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); |
| 735 EXPECT_CALL(*mock_caller_, AsyncCheckKey(user_context_.GetUserID(), _, _)) | 733 EXPECT_CALL(*mock_caller_, |
| 734 AsyncCheckKey(user_context_.GetAccountId().GetUserEmail(), _, _)) |
| 736 .Times(1) | 735 .Times(1) |
| 737 .RetiresOnSaturation(); | 736 .RetiresOnSaturation(); |
| 738 | 737 |
| 739 auth_->AuthenticateToUnlock(user_context_); | 738 auth_->AuthenticateToUnlock(user_context_); |
| 740 base::MessageLoop::current()->Run(); | 739 base::MessageLoop::current()->Run(); |
| 741 } | 740 } |
| 742 | 741 |
| 743 TEST_F(CryptohomeAuthenticatorTest, DriveLoginWithPreHashedPassword) { | 742 TEST_F(CryptohomeAuthenticatorTest, DriveLoginWithPreHashedPassword) { |
| 744 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256, kSalt); | 743 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256, kSalt); |
| 745 | 744 |
| (...skipping 27 matching lines...) Expand all Loading... |
| 773 // salt. | 772 // salt. |
| 774 ExpectGetKeyDataExCall( | 773 ExpectGetKeyDataExCall( |
| 775 make_scoped_ptr(new int64(Key::KEY_TYPE_SALTED_SHA256)), | 774 make_scoped_ptr(new int64(Key::KEY_TYPE_SALTED_SHA256)), |
| 776 scoped_ptr<std::string>()); | 775 scoped_ptr<std::string>()); |
| 777 | 776 |
| 778 auth_->AuthenticateToLogin(NULL, user_context_); | 777 auth_->AuthenticateToLogin(NULL, user_context_); |
| 779 base::RunLoop().Run(); | 778 base::RunLoop().Run(); |
| 780 } | 779 } |
| 781 | 780 |
| 782 } // namespace chromeos | 781 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1412813003:
This CL replaces user_manager::UserID with AccountId. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@468875--Chrome-OS-handles-deletion-of-Gmail-account-poorly--Create-AccountID-structure-part2--user_names