OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h" | 5 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
124 kOwnerPrivateKey + arraysize(kOwnerPrivateKey)); | 124 kOwnerPrivateKey + arraysize(kOwnerPrivateKey)); |
125 return crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key, | 125 return crypto::ImportNSSKeyFromPrivateKeyInfo(slot, key, |
126 true /* permanent */); | 126 true /* permanent */); |
127 } | 127 } |
128 | 128 |
129 } // namespace | 129 } // namespace |
130 | 130 |
131 class CryptohomeAuthenticatorTest : public testing::Test { | 131 class CryptohomeAuthenticatorTest : public testing::Test { |
132 public: | 132 public: |
133 CryptohomeAuthenticatorTest() | 133 CryptohomeAuthenticatorTest() |
134 : user_context_("me@nowhere.org"), | 134 : user_context_(AccountId::FromUserEmail("me@nowhere.org")), |
135 user_manager_(new user_manager::FakeUserManager()), | 135 user_manager_(new user_manager::FakeUserManager()), |
136 user_manager_enabler_(user_manager_), | 136 user_manager_enabler_(user_manager_), |
137 mock_caller_(NULL), | 137 mock_caller_(NULL), |
138 mock_homedir_methods_(NULL), | 138 mock_homedir_methods_(NULL), |
139 owner_key_util_(new ownership::MockOwnerKeyUtil()) { | 139 owner_key_util_(new ownership::MockOwnerKeyUtil()) { |
140 OwnerSettingsServiceChromeOSFactory::GetInstance() | 140 OwnerSettingsServiceChromeOSFactory::GetInstance() |
141 ->SetOwnerKeyUtilForTesting(owner_key_util_); | 141 ->SetOwnerKeyUtilForTesting(owner_key_util_); |
142 user_context_.SetKey(Key("fakepass")); | 142 user_context_.SetKey(Key("fakepass")); |
143 user_context_.SetUserIDHash("me_nowhere_com_hash"); | 143 user_context_.SetUserIDHash("me_nowhere_com_hash"); |
144 const user_manager::User* user = | 144 const user_manager::User* user = |
145 user_manager_->AddUser(user_context_.GetUserID()); | 145 user_manager_->AddUser(user_context_.GetAccountId()); |
146 profile_.set_profile_name(user_context_.GetUserID()); | 146 profile_.set_profile_name(user_context_.GetAccountId().GetUserEmail()); |
147 | 147 |
148 ProfileHelper::Get()->SetUserToProfileMappingForTesting(user, &profile_); | 148 ProfileHelper::Get()->SetUserToProfileMappingForTesting(user, &profile_); |
149 | 149 |
150 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, | 150 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, |
151 SystemSaltGetter::ConvertRawSaltToHexString( | 151 SystemSaltGetter::ConvertRawSaltToHexString( |
152 FakeCryptohomeClient::GetStubSystemSalt())); | 152 FakeCryptohomeClient::GetStubSystemSalt())); |
153 } | 153 } |
154 | 154 |
155 ~CryptohomeAuthenticatorTest() override {} | 155 ~CryptohomeAuthenticatorTest() override {} |
156 | 156 |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
257 if (key_type) { | 257 if (key_type) { |
258 key_definition.provider_data.push_back( | 258 key_definition.provider_data.push_back( |
259 cryptohome::KeyDefinition::ProviderData("type")); | 259 cryptohome::KeyDefinition::ProviderData("type")); |
260 key_definition.provider_data.back().number = key_type.Pass(); | 260 key_definition.provider_data.back().number = key_type.Pass(); |
261 } | 261 } |
262 if (salt) { | 262 if (salt) { |
263 key_definition.provider_data.push_back( | 263 key_definition.provider_data.push_back( |
264 cryptohome::KeyDefinition::ProviderData("salt")); | 264 cryptohome::KeyDefinition::ProviderData("salt")); |
265 key_definition.provider_data.back().bytes = salt.Pass(); | 265 key_definition.provider_data.back().bytes = salt.Pass(); |
266 } | 266 } |
267 EXPECT_CALL(*mock_homedir_methods_, GetKeyDataEx( | 267 EXPECT_CALL(*mock_homedir_methods_, |
268 cryptohome::Identification(user_context_.GetUserID()), | 268 GetKeyDataEx(cryptohome::Identification( |
269 kCryptohomeGAIAKeyLabel, | 269 user_context_.GetAccountId().GetUserEmail()), |
270 _)) | 270 kCryptohomeGAIAKeyLabel, _)) |
271 .WillOnce(WithArg<2>(Invoke( | 271 .WillOnce(WithArg<2>(Invoke( |
272 this, | 272 this, &CryptohomeAuthenticatorTest::InvokeGetDataExCallback))); |
273 &CryptohomeAuthenticatorTest::InvokeGetDataExCallback))); | |
274 } | 273 } |
275 | 274 |
276 void ExpectMountExCall(bool expect_create_attempt) { | 275 void ExpectMountExCall(bool expect_create_attempt) { |
277 const cryptohome::KeyDefinition auth_key(transformed_key_.GetSecret(), | 276 const cryptohome::KeyDefinition auth_key(transformed_key_.GetSecret(), |
278 std::string(), | 277 std::string(), |
279 cryptohome::PRIV_DEFAULT); | 278 cryptohome::PRIV_DEFAULT); |
280 cryptohome::MountParameters mount(false /* ephemeral */); | 279 cryptohome::MountParameters mount(false /* ephemeral */); |
281 if (expect_create_attempt) { | 280 if (expect_create_attempt) { |
282 mount.create_keys.push_back(cryptohome::KeyDefinition( | 281 mount.create_keys.push_back(cryptohome::KeyDefinition( |
283 transformed_key_.GetSecret(), | 282 transformed_key_.GetSecret(), |
284 kCryptohomeGAIAKeyLabel, | 283 kCryptohomeGAIAKeyLabel, |
285 cryptohome::PRIV_DEFAULT)); | 284 cryptohome::PRIV_DEFAULT)); |
286 } | 285 } |
287 EXPECT_CALL(*mock_homedir_methods_, | 286 EXPECT_CALL(*mock_homedir_methods_, |
288 MountEx(cryptohome::Identification(user_context_.GetUserID()), | 287 MountEx(cryptohome::Identification( |
289 cryptohome::Authorization(auth_key), | 288 user_context_.GetAccountId().GetUserEmail()), |
290 mount, | 289 cryptohome::Authorization(auth_key), mount, _)) |
291 _)) | |
292 .Times(1) | 290 .Times(1) |
293 .RetiresOnSaturation(); | 291 .RetiresOnSaturation(); |
294 } | 292 } |
295 | 293 |
296 void RunResolve(CryptohomeAuthenticator* auth) { | 294 void RunResolve(CryptohomeAuthenticator* auth) { |
297 auth->Resolve(); | 295 auth->Resolve(); |
298 base::MessageLoop::current()->RunUntilIdle(); | 296 base::MessageLoop::current()->RunUntilIdle(); |
299 } | 297 } |
300 | 298 |
301 void SetAttemptState(CryptohomeAuthenticator* auth, TestAttemptState* state) { | 299 void SetAttemptState(CryptohomeAuthenticator* auth, TestAttemptState* state) { |
(...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
555 TEST_F(CryptohomeAuthenticatorTest, DriveDataResync) { | 553 TEST_F(CryptohomeAuthenticatorTest, DriveDataResync) { |
556 UserContext expected_user_context(user_context_with_transformed_key_); | 554 UserContext expected_user_context(user_context_with_transformed_key_); |
557 expected_user_context.SetUserIDHash( | 555 expected_user_context.SetUserIDHash( |
558 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); | 556 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); |
559 ExpectLoginSuccess(expected_user_context); | 557 ExpectLoginSuccess(expected_user_context); |
560 FailOnLoginFailure(); | 558 FailOnLoginFailure(); |
561 | 559 |
562 // Set up mock async method caller to respond successfully to a cryptohome | 560 // Set up mock async method caller to respond successfully to a cryptohome |
563 // remove attempt. | 561 // remove attempt. |
564 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); | 562 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); |
565 EXPECT_CALL(*mock_caller_, AsyncRemove(user_context_.GetUserID(), _)) | 563 EXPECT_CALL(*mock_caller_, |
| 564 AsyncRemove(user_context_.GetAccountId().GetUserEmail(), _)) |
566 .Times(1) | 565 .Times(1) |
567 .RetiresOnSaturation(); | 566 .RetiresOnSaturation(); |
568 | 567 |
569 // Set up mock homedir methods to respond successfully to a cryptohome create | 568 // Set up mock homedir methods to respond successfully to a cryptohome create |
570 // attempt. | 569 // attempt. |
571 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); | 570 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); |
572 ExpectMountExCall(true /* expect_create_attempt */); | 571 ExpectMountExCall(true /* expect_create_attempt */); |
573 | 572 |
574 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 573 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
575 SetAttemptState(auth_.get(), state_.release()); | 574 SetAttemptState(auth_.get(), state_.release()); |
576 | 575 |
577 auth_->ResyncEncryptedData(); | 576 auth_->ResyncEncryptedData(); |
578 base::MessageLoop::current()->Run(); | 577 base::MessageLoop::current()->Run(); |
579 } | 578 } |
580 | 579 |
581 TEST_F(CryptohomeAuthenticatorTest, DriveResyncFail) { | 580 TEST_F(CryptohomeAuthenticatorTest, DriveResyncFail) { |
582 FailOnLoginSuccess(); | 581 FailOnLoginSuccess(); |
583 ExpectLoginFailure(AuthFailure(AuthFailure::DATA_REMOVAL_FAILED)); | 582 ExpectLoginFailure(AuthFailure(AuthFailure::DATA_REMOVAL_FAILED)); |
584 | 583 |
585 // Set up mock async method caller to fail a cryptohome remove attempt. | 584 // Set up mock async method caller to fail a cryptohome remove attempt. |
586 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_NONE); | 585 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_NONE); |
587 EXPECT_CALL(*mock_caller_, AsyncRemove(user_context_.GetUserID(), _)) | 586 EXPECT_CALL(*mock_caller_, |
| 587 AsyncRemove(user_context_.GetAccountId().GetUserEmail(), _)) |
588 .Times(1) | 588 .Times(1) |
589 .RetiresOnSaturation(); | 589 .RetiresOnSaturation(); |
590 | 590 |
591 SetAttemptState(auth_.get(), state_.release()); | 591 SetAttemptState(auth_.get(), state_.release()); |
592 | 592 |
593 auth_->ResyncEncryptedData(); | 593 auth_->ResyncEncryptedData(); |
594 base::MessageLoop::current()->Run(); | 594 base::MessageLoop::current()->Run(); |
595 } | 595 } |
596 | 596 |
597 TEST_F(CryptohomeAuthenticatorTest, DriveRequestOldPassword) { | 597 TEST_F(CryptohomeAuthenticatorTest, DriveRequestOldPassword) { |
598 FailOnLoginSuccess(); | 598 FailOnLoginSuccess(); |
599 ExpectPasswordChange(); | 599 ExpectPasswordChange(); |
600 | 600 |
601 state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); | 601 state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); |
602 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 602 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
603 SetAttemptState(auth_.get(), state_.release()); | 603 SetAttemptState(auth_.get(), state_.release()); |
604 | 604 |
605 RunResolve(auth_.get()); | 605 RunResolve(auth_.get()); |
606 } | 606 } |
607 | 607 |
608 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecover) { | 608 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecover) { |
609 UserContext expected_user_context(user_context_with_transformed_key_); | 609 UserContext expected_user_context(user_context_with_transformed_key_); |
610 expected_user_context.SetUserIDHash( | 610 expected_user_context.SetUserIDHash( |
611 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); | 611 cryptohome::MockAsyncMethodCaller::kFakeSanitizedUsername); |
612 ExpectLoginSuccess(expected_user_context); | 612 ExpectLoginSuccess(expected_user_context); |
613 FailOnLoginFailure(); | 613 FailOnLoginFailure(); |
614 | 614 |
615 // Set up mock async method caller to respond successfully to a key migration. | 615 // Set up mock async method caller to respond successfully to a key migration. |
616 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); | 616 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); |
617 EXPECT_CALL( | 617 EXPECT_CALL(*mock_caller_, |
618 *mock_caller_, | 618 AsyncMigrateKey(user_context_.GetAccountId().GetUserEmail(), _, |
619 AsyncMigrateKey( | 619 transformed_key_.GetSecret(), _)) |
620 user_context_.GetUserID(), _, transformed_key_.GetSecret(), _)) | |
621 .Times(1) | 620 .Times(1) |
622 .RetiresOnSaturation(); | 621 .RetiresOnSaturation(); |
623 | 622 |
624 // Set up mock homedir methods to respond successfully to a cryptohome mount | 623 // Set up mock homedir methods to respond successfully to a cryptohome mount |
625 // attempt. | 624 // attempt. |
626 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); | 625 ExpectGetKeyDataExCall(scoped_ptr<int64>(), scoped_ptr<std::string>()); |
627 ExpectMountExCall(false /* expect_create_attempt */); | 626 ExpectMountExCall(false /* expect_create_attempt */); |
628 | 627 |
629 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); | 628 state_->PresetOnlineLoginStatus(AuthFailure::AuthFailureNone()); |
630 SetAttemptState(auth_.get(), state_.release()); | 629 SetAttemptState(auth_.get(), state_.release()); |
631 | 630 |
632 auth_->RecoverEncryptedData(std::string()); | 631 auth_->RecoverEncryptedData(std::string()); |
633 base::MessageLoop::current()->Run(); | 632 base::MessageLoop::current()->Run(); |
634 } | 633 } |
635 | 634 |
636 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecoverButFail) { | 635 TEST_F(CryptohomeAuthenticatorTest, DriveDataRecoverButFail) { |
637 FailOnLoginSuccess(); | 636 FailOnLoginSuccess(); |
638 ExpectPasswordChange(); | 637 ExpectPasswordChange(); |
639 | 638 |
640 // Set up mock async method caller to fail a key migration attempt, | 639 // Set up mock async method caller to fail a key migration attempt, |
641 // asserting that the wrong password was used. | 640 // asserting that the wrong password was used. |
642 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); | 641 mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); |
643 EXPECT_CALL( | 642 EXPECT_CALL(*mock_caller_, |
644 *mock_caller_, | 643 AsyncMigrateKey(user_context_.GetAccountId().GetUserEmail(), _, |
645 AsyncMigrateKey( | 644 transformed_key_.GetSecret(), _)) |
646 user_context_.GetUserID(), _, transformed_key_.GetSecret(), _)) | |
647 .Times(1) | 645 .Times(1) |
648 .RetiresOnSaturation(); | 646 .RetiresOnSaturation(); |
649 | 647 |
650 SetAttemptState(auth_.get(), state_.release()); | 648 SetAttemptState(auth_.get(), state_.release()); |
651 | 649 |
652 auth_->RecoverEncryptedData(std::string()); | 650 auth_->RecoverEncryptedData(std::string()); |
653 base::MessageLoop::current()->Run(); | 651 base::MessageLoop::current()->Run(); |
654 } | 652 } |
655 | 653 |
656 TEST_F(CryptohomeAuthenticatorTest, ResolveNoMountToFailedMount) { | 654 TEST_F(CryptohomeAuthenticatorTest, ResolveNoMountToFailedMount) { |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
725 RunResolve(auth_.get()); | 723 RunResolve(auth_.get()); |
726 } | 724 } |
727 | 725 |
728 TEST_F(CryptohomeAuthenticatorTest, DriveUnlock) { | 726 TEST_F(CryptohomeAuthenticatorTest, DriveUnlock) { |
729 ExpectLoginSuccess(user_context_); | 727 ExpectLoginSuccess(user_context_); |
730 FailOnLoginFailure(); | 728 FailOnLoginFailure(); |
731 | 729 |
732 // Set up mock async method caller to respond successfully to a cryptohome | 730 // Set up mock async method caller to respond successfully to a cryptohome |
733 // key-check attempt. | 731 // key-check attempt. |
734 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); | 732 mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); |
735 EXPECT_CALL(*mock_caller_, AsyncCheckKey(user_context_.GetUserID(), _, _)) | 733 EXPECT_CALL(*mock_caller_, |
| 734 AsyncCheckKey(user_context_.GetAccountId().GetUserEmail(), _, _)) |
736 .Times(1) | 735 .Times(1) |
737 .RetiresOnSaturation(); | 736 .RetiresOnSaturation(); |
738 | 737 |
739 auth_->AuthenticateToUnlock(user_context_); | 738 auth_->AuthenticateToUnlock(user_context_); |
740 base::MessageLoop::current()->Run(); | 739 base::MessageLoop::current()->Run(); |
741 } | 740 } |
742 | 741 |
743 TEST_F(CryptohomeAuthenticatorTest, DriveLoginWithPreHashedPassword) { | 742 TEST_F(CryptohomeAuthenticatorTest, DriveLoginWithPreHashedPassword) { |
744 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256, kSalt); | 743 CreateTransformedKey(Key::KEY_TYPE_SALTED_SHA256, kSalt); |
745 | 744 |
(...skipping 27 matching lines...) Expand all Loading... |
773 // salt. | 772 // salt. |
774 ExpectGetKeyDataExCall( | 773 ExpectGetKeyDataExCall( |
775 make_scoped_ptr(new int64(Key::KEY_TYPE_SALTED_SHA256)), | 774 make_scoped_ptr(new int64(Key::KEY_TYPE_SALTED_SHA256)), |
776 scoped_ptr<std::string>()); | 775 scoped_ptr<std::string>()); |
777 | 776 |
778 auth_->AuthenticateToLogin(NULL, user_context_); | 777 auth_->AuthenticateToLogin(NULL, user_context_); |
779 base::RunLoop().Run(); | 778 base::RunLoop().Run(); |
780 } | 779 } |
781 | 780 |
782 } // namespace chromeos | 781 } // namespace chromeos |
OLD | NEW |