Chromium Code Reviews Chromium Code Reviews
Issue 143183007:
Update policy signature verification to include policy domain. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: components/policy/core/common/cloud/cloud_policy_validator_unittest.cc |
| diff --git a/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc b/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc |
| index bde96f0ab002cf725bde96df8098d98d2474454f..518977658de15bf8307ccc85c5c623f7fce712c0 100644 |
| --- a/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc |
| +++ b/components/policy/core/common/cloud/cloud_policy_validator_unittest.cc |
| @@ -16,6 +16,7 @@ |
| #include "components/policy/core/common/cloud/policy_builder.h" |
| #include "components/policy/core/common/policy_switches.h" |
| #include "crypto/rsa_private_key.h" |
| +#include "policy/proto/device_management_backend.pb.h" |
| #include "testing/gmock/include/gmock/gmock.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| @@ -51,8 +52,16 @@ class CloudPolicyValidatorTest : public testing::Test { |
| } |
| void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { |
| + policy_.Build(); |
| + ValidatePolicy(check_action, policy_.GetCopy()); |
| + } |
| + |
| + void ValidatePolicy( |
| + testing::Action<void(UserCloudPolicyValidator*)> check_action, |
| + scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response) { |
| // Create a validator. |
| - scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); |
| + scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
| + policy_response.Pass()); |
| // Run validation and check the result. |
| EXPECT_CALL(*this, ValidationCompletion(validator.get())).WillOnce( |
| @@ -64,12 +73,12 @@ class CloudPolicyValidatorTest : public testing::Test { |
| Mock::VerifyAndClearExpectations(this); |
| } |
| - scoped_ptr<UserCloudPolicyValidator> CreateValidator() { |
| + scoped_ptr<UserCloudPolicyValidator> CreateValidator( |
| + scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response) { |
| std::vector<uint8> public_key_bytes; |
| EXPECT_TRUE( |
| PolicyBuilder::CreateTestSigningKey()->ExportPublicKey( |
| &public_key_bytes)); |
| - policy_.Build(); |
| // Convert from bytes to string format (which is what ValidateSignature() |
| // takes). |
| @@ -78,7 +87,7 @@ class CloudPolicyValidatorTest : public testing::Test { |
| public_key_bytes.size()); |
| UserCloudPolicyValidator* validator = UserCloudPolicyValidator::Create( |
| - policy_.GetCopy(), base::MessageLoopProxy::current()); |
| + policy_response.Pass(), base::MessageLoopProxy::current()); |
| validator->ValidateTimestamp(timestamp_, timestamp_, |
| timestamp_option_); |
| validator->ValidateUsername(PolicyBuilder::kFakeUsername); |
| @@ -86,12 +95,17 @@ class CloudPolicyValidatorTest : public testing::Test { |
| validator->ValidateDMToken(existing_dm_token_, ignore_missing_dm_token_); |
| validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); |
| validator->ValidatePayload(); |
| + validator->ValidateCachedKey(public_key, |
| + PolicyBuilder::GetTestSigningKeySignature(), |
| + GetPolicyVerificationKey(), |
| + PolicyBuilder::kFakeDomain); |
| validator->ValidateSignature(public_key, |
| GetPolicyVerificationKey(), |
| - PolicyBuilder::GetTestSigningKeySignature(), |
| + PolicyBuilder::kFakeDomain, |
| allow_key_rotation_); |
| if (allow_key_rotation_) |
| - validator->ValidateInitialKey(GetPolicyVerificationKey()); |
| + validator->ValidateInitialKey(GetPolicyVerificationKey(), |
| + PolicyBuilder::kFakeDomain); |
| return make_scoped_ptr(validator); |
| } |
| @@ -127,7 +141,9 @@ TEST_F(CloudPolicyValidatorTest, SuccessfulValidation) { |
| } |
| TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidation) { |
| - scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); |
| + policy_.Build(); |
| + scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
| + policy_.GetCopy()); |
| // Run validation immediately (no background tasks). |
| validator->RunValidation(); |
| CheckSuccessfulValidation(validator.get()); |
| @@ -240,7 +256,7 @@ TEST_F(CloudPolicyValidatorTest, ErrorNoUsername) { |
| } |
| TEST_F(CloudPolicyValidatorTest, ErrorInvalidUsername) { |
| - policy_.policy_data().set_username("invalid"); |
| + policy_.policy_data().set_username("invalid@example.com"); |
| Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_USERNAME)); |
| } |
| @@ -302,9 +318,11 @@ TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeySignature) { |
| // Validation key is not currently checked on Chrome OS |
| // (http://crbug.com/328038). |
| TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeyVerificationSignature) { |
| + policy_.Build(); |
| policy_.policy().set_new_public_key_verification_signature("invalid"); |
| - Validate(CheckStatus( |
| - CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE)); |
| + ValidatePolicy(CheckStatus( |
| + CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE), |
| + policy_.GetCopy()); |
| } |
|
Mattias Nissler (ping if slow)
2014/02/13 10:52:53
Might want to add test cases for the cases you add
Andrew T Wilson (Slow)
2014/02/13 12:15:36
Done.
|
| #endif |
