| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { | 51 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { |
| 52 base::MessageLoop::current()->PostTask( | 52 base::MessageLoop::current()->PostTask( |
| 53 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); | 53 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); |
| 54 } | 54 } |
| 55 | 55 |
| 56 class UserCloudPolicyStoreChromeOSTest : public testing::Test { | 56 class UserCloudPolicyStoreChromeOSTest : public testing::Test { |
| 57 protected: | 57 protected: |
| 58 UserCloudPolicyStoreChromeOSTest() {} | 58 UserCloudPolicyStoreChromeOSTest() {} |
| 59 | 59 |
| 60 void SetUp() override { | 60 void SetUp() override { |
| 61 EXPECT_CALL(cryptohome_client_, | 61 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 62 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) | |
| 63 .Times(AnyNumber()) | 62 .Times(AnyNumber()) |
| 64 .WillRepeatedly( | 63 .WillRepeatedly(SendSanitizedUsername( |
| 65 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS, | 64 chromeos::DBUS_METHOD_CALL_SUCCESS, kSanitizedUsername)); |
| 66 kSanitizedUsername)); | |
| 67 | 65 |
| 68 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); | 66 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); |
| 69 store_.reset(new UserCloudPolicyStoreChromeOS( | 67 store_.reset(new UserCloudPolicyStoreChromeOS( |
| 70 &cryptohome_client_, &session_manager_client_, loop_.task_runner(), | 68 &cryptohome_client_, &session_manager_client_, loop_.task_runner(), |
| 71 PolicyBuilder::kFakeUsername, user_policy_dir(), token_file(), | 69 account_id_, user_policy_dir(), token_file(), policy_file())); |
| 72 policy_file())); | |
| 73 store_->AddObserver(&observer_); | 70 store_->AddObserver(&observer_); |
| 74 | 71 |
| 75 // Install the initial public key, so that by default the validation of | 72 // Install the initial public key, so that by default the validation of |
| 76 // the stored/loaded policy blob succeeds. | 73 // the stored/loaded policy blob succeeds. |
| 77 std::vector<uint8_t> public_key; | 74 std::vector<uint8_t> public_key; |
| 78 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); | 75 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); |
| 79 StoreUserPolicyKey(public_key); | 76 StoreUserPolicyKey(public_key); |
| 80 | 77 |
| 81 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); | 78 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); |
| 82 policy_.Build(); | 79 policy_.Build(); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 95 Property(&CloudPolicyStore::status, | 92 Property(&CloudPolicyStore::status, |
| 96 Eq(error))))); | 93 Eq(error))))); |
| 97 } | 94 } |
| 98 | 95 |
| 99 // Triggers a store_->Load() operation, handles the expected call to | 96 // Triggers a store_->Load() operation, handles the expected call to |
| 100 // |session_manager_client_| and sends |response|. | 97 // |session_manager_client_| and sends |response|. |
| 101 void PerformPolicyLoad(const std::string& response) { | 98 void PerformPolicyLoad(const std::string& response) { |
| 102 // Issue a load command. | 99 // Issue a load command. |
| 103 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 100 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
| 104 EXPECT_CALL(session_manager_client_, | 101 EXPECT_CALL(session_manager_client_, |
| 105 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _)) | 102 RetrievePolicyForUser(cryptohome_id_, _)) |
| 106 .WillOnce(SaveArg<1>(&retrieve_callback)); | 103 .WillOnce(SaveArg<1>(&retrieve_callback)); |
| 107 store_->Load(); | 104 store_->Load(); |
| 108 RunUntilIdle(); | 105 RunUntilIdle(); |
| 109 Mock::VerifyAndClearExpectations(&session_manager_client_); | 106 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 110 ASSERT_FALSE(retrieve_callback.is_null()); | 107 ASSERT_FALSE(retrieve_callback.is_null()); |
| 111 | 108 |
| 112 // Run the callback. | 109 // Run the callback. |
| 113 retrieve_callback.Run(response); | 110 retrieve_callback.Run(response); |
| 114 RunUntilIdle(); | 111 RunUntilIdle(); |
| 115 } | 112 } |
| (...skipping 21 matching lines...) Expand all Loading... |
| 137 // before loading the policy, so that the signature validation can succeed. | 134 // before loading the policy, so that the signature validation can succeed. |
| 138 // If |previous_value| is set then a previously existing policy with that | 135 // If |previous_value| is set then a previously existing policy with that |
| 139 // value will be expected; otherwise no previous policy is expected. | 136 // value will be expected; otherwise no previous policy is expected. |
| 140 // If |new_value| is set then a new policy with that value is expected after | 137 // If |new_value| is set then a new policy with that value is expected after |
| 141 // storing the |policy_| blob. | 138 // storing the |policy_| blob. |
| 142 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, | 139 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, |
| 143 const char* previous_value, | 140 const char* previous_value, |
| 144 const char* new_value) { | 141 const char* new_value) { |
| 145 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 142 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 146 EXPECT_CALL(session_manager_client_, | 143 EXPECT_CALL(session_manager_client_, |
| 147 StorePolicyForUser(PolicyBuilder::kFakeUsername, | 144 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 148 policy_.GetBlob(), _)) | |
| 149 .WillOnce(SaveArg<2>(&store_callback)); | 145 .WillOnce(SaveArg<2>(&store_callback)); |
| 150 store_->Store(policy_.policy()); | 146 store_->Store(policy_.policy()); |
| 151 RunUntilIdle(); | 147 RunUntilIdle(); |
| 152 Mock::VerifyAndClearExpectations(&session_manager_client_); | 148 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 153 ASSERT_FALSE(store_callback.is_null()); | 149 ASSERT_FALSE(store_callback.is_null()); |
| 154 | 150 |
| 155 // The new policy shouldn't be present yet. | 151 // The new policy shouldn't be present yet. |
| 156 PolicyMap previous_policy; | 152 PolicyMap previous_policy; |
| 157 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); | 153 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); |
| 158 if (previous_value) { | 154 if (previous_value) { |
| 159 previous_policy.Set(key::kHomepageLocation, | 155 previous_policy.Set(key::kHomepageLocation, |
| 160 POLICY_LEVEL_MANDATORY, | 156 POLICY_LEVEL_MANDATORY, |
| 161 POLICY_SCOPE_USER, | 157 POLICY_SCOPE_USER, |
| 162 POLICY_SOURCE_CLOUD, | 158 POLICY_SOURCE_CLOUD, |
| 163 new base::StringValue(previous_value), NULL); | 159 new base::StringValue(previous_value), NULL); |
| 164 } | 160 } |
| 165 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 161 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 166 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 162 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 167 | 163 |
| 168 // Store the new public key so that the validation after the retrieve | 164 // Store the new public key so that the validation after the retrieve |
| 169 // operation completes can verify the signature. | 165 // operation completes can verify the signature. |
| 170 if (new_public_key) | 166 if (new_public_key) |
| 171 StoreUserPolicyKey(*new_public_key); | 167 StoreUserPolicyKey(*new_public_key); |
| 172 | 168 |
| 173 // Let the store operation complete. | 169 // Let the store operation complete. |
| 174 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 170 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
| 175 EXPECT_CALL(session_manager_client_, | 171 EXPECT_CALL(session_manager_client_, |
| 176 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _)) | 172 RetrievePolicyForUser(cryptohome_id_, _)) |
| 177 .WillOnce(SaveArg<1>(&retrieve_callback)); | 173 .WillOnce(SaveArg<1>(&retrieve_callback)); |
| 178 store_callback.Run(true); | 174 store_callback.Run(true); |
| 179 RunUntilIdle(); | 175 RunUntilIdle(); |
| 180 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 176 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 181 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 177 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 182 Mock::VerifyAndClearExpectations(&session_manager_client_); | 178 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 183 ASSERT_FALSE(retrieve_callback.is_null()); | 179 ASSERT_FALSE(retrieve_callback.is_null()); |
| 184 | 180 |
| 185 // Finish the retrieve callback. | 181 // Finish the retrieve callback. |
| 186 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 182 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 220 base::FilePath policy_file() { | 216 base::FilePath policy_file() { |
| 221 return tmp_dir_.path().AppendASCII("policy"); | 217 return tmp_dir_.path().AppendASCII("policy"); |
| 222 } | 218 } |
| 223 | 219 |
| 224 base::MessageLoopForUI loop_; | 220 base::MessageLoopForUI loop_; |
| 225 chromeos::MockCryptohomeClient cryptohome_client_; | 221 chromeos::MockCryptohomeClient cryptohome_client_; |
| 226 chromeos::MockSessionManagerClient session_manager_client_; | 222 chromeos::MockSessionManagerClient session_manager_client_; |
| 227 UserPolicyBuilder policy_; | 223 UserPolicyBuilder policy_; |
| 228 MockCloudPolicyStoreObserver observer_; | 224 MockCloudPolicyStoreObserver observer_; |
| 229 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; | 225 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; |
| 226 const AccountId account_id_ = |
| 227 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); |
| 228 const cryptohome::Identification cryptohome_id_ = |
| 229 cryptohome::Identification(account_id_); |
| 230 | 230 |
| 231 private: | 231 private: |
| 232 base::ScopedTempDir tmp_dir_; | 232 base::ScopedTempDir tmp_dir_; |
| 233 | 233 |
| 234 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); | 234 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); |
| 235 }; | 235 }; |
| 236 | 236 |
| 237 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { | 237 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
| 238 // Start without any public key to trigger the initial key checks. | 238 // Start without any public key to trigger the initial key checks. |
| 239 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 239 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 240 // Make the policy blob contain a new public key. | 240 // Make the policy blob contain a new public key. |
| 241 policy_.SetDefaultNewSigningKey(); | 241 policy_.SetDefaultNewSigningKey(); |
| 242 policy_.Build(); | 242 policy_.Build(); |
| 243 std::vector<uint8_t> new_public_key; | 243 std::vector<uint8_t> new_public_key; |
| 244 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 244 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 245 ASSERT_NO_FATAL_FAILURE( | 245 ASSERT_NO_FATAL_FAILURE( |
| 246 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 246 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
| 247 } | 247 } |
| 248 | 248 |
| 249 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { | 249 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { |
| 250 // Start without any public key to trigger the initial key checks. | 250 // Start without any public key to trigger the initial key checks. |
| 251 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 251 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 252 // Make the policy blob contain a new public key. | 252 // Make the policy blob contain a new public key. |
| 253 policy_.SetDefaultSigningKey(); | 253 policy_.SetDefaultSigningKey(); |
| 254 policy_.Build(); | 254 policy_.Build(); |
| 255 *policy_.policy().mutable_new_public_key_verification_signature() = "garbage"; | 255 *policy_.policy().mutable_new_public_key_verification_signature() = "garbage"; |
| 256 | 256 |
| 257 EXPECT_CALL(session_manager_client_, | 257 EXPECT_CALL(session_manager_client_, |
| 258 StorePolicyForUser( | 258 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 259 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); | 259 .Times(0); |
| 260 store_->Store(policy_.policy()); | 260 store_->Store(policy_.policy()); |
| 261 RunUntilIdle(); | 261 RunUntilIdle(); |
| 262 Mock::VerifyAndClearExpectations(&session_manager_client_); | 262 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 263 } | 263 } |
| 264 | 264 |
| 265 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { | 265 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { |
| 266 // Start without any public key to trigger the initial key checks. | 266 // Start without any public key to trigger the initial key checks. |
| 267 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 267 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 268 // Make the policy blob contain a new public key. | 268 // Make the policy blob contain a new public key. |
| 269 policy_.SetDefaultSigningKey(); | 269 policy_.SetDefaultSigningKey(); |
| 270 policy_.Build(); | 270 policy_.Build(); |
| 271 policy_.policy().clear_new_public_key_verification_signature(); | 271 policy_.policy().clear_new_public_key_verification_signature(); |
| 272 | 272 |
| 273 EXPECT_CALL(session_manager_client_, | 273 EXPECT_CALL(session_manager_client_, |
| 274 StorePolicyForUser( | 274 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 275 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); | 275 .Times(0); |
| 276 store_->Store(policy_.policy()); | 276 store_->Store(policy_.policy()); |
| 277 RunUntilIdle(); | 277 RunUntilIdle(); |
| 278 Mock::VerifyAndClearExpectations(&session_manager_client_); | 278 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 279 } | 279 } |
| 280 | 280 |
| 281 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { | 281 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
| 282 ASSERT_NO_FATAL_FAILURE( | 282 ASSERT_NO_FATAL_FAILURE( |
| 283 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); | 283 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); |
| 284 } | 284 } |
| 285 | 285 |
| 286 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { | 286 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
| 287 // Make the policy blob contain a new public key. | 287 // Make the policy blob contain a new public key. |
| 288 policy_.SetDefaultNewSigningKey(); | 288 policy_.SetDefaultNewSigningKey(); |
| 289 policy_.Build(); | 289 policy_.Build(); |
| 290 std::vector<uint8_t> new_public_key; | 290 std::vector<uint8_t> new_public_key; |
| 291 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 291 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 292 ASSERT_NO_FATAL_FAILURE( | 292 ASSERT_NO_FATAL_FAILURE( |
| 293 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 293 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
| 294 } | 294 } |
| 295 | 295 |
| 296 TEST_F(UserCloudPolicyStoreChromeOSTest, | 296 TEST_F(UserCloudPolicyStoreChromeOSTest, |
| 297 StoreWithRotationMissingSignatureError) { | 297 StoreWithRotationMissingSignatureError) { |
| 298 // Make the policy blob contain a new public key. | 298 // Make the policy blob contain a new public key. |
| 299 policy_.SetDefaultNewSigningKey(); | 299 policy_.SetDefaultNewSigningKey(); |
| 300 policy_.Build(); | 300 policy_.Build(); |
| 301 policy_.policy().clear_new_public_key_verification_signature(); | 301 policy_.policy().clear_new_public_key_verification_signature(); |
| 302 | 302 |
| 303 EXPECT_CALL(session_manager_client_, | 303 EXPECT_CALL(session_manager_client_, |
| 304 StorePolicyForUser( | 304 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 305 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); | 305 .Times(0); |
| 306 store_->Store(policy_.policy()); | 306 store_->Store(policy_.policy()); |
| 307 RunUntilIdle(); | 307 RunUntilIdle(); |
| 308 Mock::VerifyAndClearExpectations(&session_manager_client_); | 308 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 309 } | 309 } |
| 310 | 310 |
| 311 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { | 311 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { |
| 312 // Make the policy blob contain a new public key. | 312 // Make the policy blob contain a new public key. |
| 313 policy_.SetDefaultNewSigningKey(); | 313 policy_.SetDefaultNewSigningKey(); |
| 314 policy_.Build(); | 314 policy_.Build(); |
| 315 *policy_.policy().mutable_new_public_key_verification_signature() = "garbage"; | 315 *policy_.policy().mutable_new_public_key_verification_signature() = "garbage"; |
| 316 | 316 |
| 317 EXPECT_CALL(session_manager_client_, | 317 EXPECT_CALL(session_manager_client_, |
| 318 StorePolicyForUser( | 318 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 319 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); | 319 .Times(0); |
| 320 store_->Store(policy_.policy()); | 320 store_->Store(policy_.policy()); |
| 321 RunUntilIdle(); | 321 RunUntilIdle(); |
| 322 Mock::VerifyAndClearExpectations(&session_manager_client_); | 322 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 323 } | 323 } |
| 324 | 324 |
| 325 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 325 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
| 326 // Store policy. | 326 // Store policy. |
| 327 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 327 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 328 EXPECT_CALL(session_manager_client_, | 328 EXPECT_CALL(session_manager_client_, |
| 329 StorePolicyForUser(PolicyBuilder::kFakeUsername, | 329 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 330 policy_.GetBlob(), _)) | |
| 331 .WillOnce(SaveArg<2>(&store_callback)); | 330 .WillOnce(SaveArg<2>(&store_callback)); |
| 332 store_->Store(policy_.policy()); | 331 store_->Store(policy_.policy()); |
| 333 RunUntilIdle(); | 332 RunUntilIdle(); |
| 334 Mock::VerifyAndClearExpectations(&session_manager_client_); | 333 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 335 ASSERT_FALSE(store_callback.is_null()); | 334 ASSERT_FALSE(store_callback.is_null()); |
| 336 | 335 |
| 337 // Let the store operation complete. | 336 // Let the store operation complete. |
| 338 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 337 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
| 339 store_callback.Run(false); | 338 store_callback.Run(false); |
| 340 RunUntilIdle(); | 339 RunUntilIdle(); |
| 341 EXPECT_FALSE(store_->policy()); | 340 EXPECT_FALSE(store_->policy()); |
| 342 EXPECT_TRUE(store_->policy_map().empty()); | 341 EXPECT_TRUE(store_->policy_map().empty()); |
| 343 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 342 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
| 344 } | 343 } |
| 345 | 344 |
| 346 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 345 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
| 347 policy_.policy_data().clear_policy_type(); | 346 policy_.policy_data().clear_policy_type(); |
| 348 policy_.Build(); | 347 policy_.Build(); |
| 349 | 348 |
| 350 // Store policy. | 349 // Store policy. |
| 351 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 350 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 352 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 351 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 353 EXPECT_CALL(session_manager_client_, | 352 EXPECT_CALL(session_manager_client_, |
| 354 StorePolicyForUser(PolicyBuilder::kFakeUsername, | 353 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 355 policy_.GetBlob(), _)) | |
| 356 .Times(0); | 354 .Times(0); |
| 357 store_->Store(policy_.policy()); | 355 store_->Store(policy_.policy()); |
| 358 RunUntilIdle(); | 356 RunUntilIdle(); |
| 359 Mock::VerifyAndClearExpectations(&session_manager_client_); | 357 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 360 } | 358 } |
| 361 | 359 |
| 362 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | 360 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { |
| 363 // Make the dbus call to cryptohome fail. | 361 // Make the dbus call to cryptohome fail. |
| 364 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 362 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 365 EXPECT_CALL(cryptohome_client_, | 363 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 366 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) | |
| 367 .Times(AnyNumber()) | 364 .Times(AnyNumber()) |
| 368 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | 365 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, |
| 369 std::string())); | 366 std::string())); |
| 370 | 367 |
| 371 // Store policy. | 368 // Store policy. |
| 372 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 369 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 373 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 370 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 374 EXPECT_CALL(session_manager_client_, | 371 EXPECT_CALL(session_manager_client_, |
| 375 StorePolicyForUser(PolicyBuilder::kFakeUsername, | 372 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 376 policy_.GetBlob(), _)) | |
| 377 .Times(0); | 373 .Times(0); |
| 378 store_->Store(policy_.policy()); | 374 store_->Store(policy_.policy()); |
| 379 RunUntilIdle(); | 375 RunUntilIdle(); |
| 380 Mock::VerifyAndClearExpectations(&session_manager_client_); | 376 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 381 } | 377 } |
| 382 | 378 |
| 383 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | 379 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { |
| 384 // Break the signature. | 380 // Break the signature. |
| 385 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 381 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 386 | 382 |
| 387 // Store policy. | 383 // Store policy. |
| 388 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 384 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 389 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 385 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 390 EXPECT_CALL(session_manager_client_, | 386 EXPECT_CALL(session_manager_client_, |
| 391 StorePolicyForUser(PolicyBuilder::kFakeUsername, | 387 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 392 policy_.GetBlob(), _)) | |
| 393 .Times(0); | 388 .Times(0); |
| 394 store_->Store(policy_.policy()); | 389 store_->Store(policy_.policy()); |
| 395 RunUntilIdle(); | 390 RunUntilIdle(); |
| 396 Mock::VerifyAndClearExpectations(&session_manager_client_); | 391 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 397 } | 392 } |
| 398 | 393 |
| 399 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 394 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
| 400 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 395 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 401 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 396 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 402 Mock::VerifyAndClearExpectations(&observer_); | 397 Mock::VerifyAndClearExpectations(&observer_); |
| (...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 573 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage)); | 568 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage)); |
| 574 VerifyPolicyMap(kNewHomepage); | 569 VerifyPolicyMap(kNewHomepage); |
| 575 | 570 |
| 576 // Verify that the legacy cache has been removed. | 571 // Verify that the legacy cache has been removed. |
| 577 EXPECT_FALSE(base::PathExists(policy_file())); | 572 EXPECT_FALSE(base::PathExists(policy_file())); |
| 578 } | 573 } |
| 579 | 574 |
| 580 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { | 575 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { |
| 581 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 576 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 582 EXPECT_CALL(session_manager_client_, | 577 EXPECT_CALL(session_manager_client_, |
| 583 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) | 578 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 584 .WillOnce(Return(policy_.GetBlob())); | 579 .WillOnce(Return(policy_.GetBlob())); |
| 585 EXPECT_CALL(cryptohome_client_, | 580 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 586 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername)) | |
| 587 .WillOnce(Return(kSanitizedUsername)); | 581 .WillOnce(Return(kSanitizedUsername)); |
| 588 | 582 |
| 589 EXPECT_FALSE(store_->policy()); | 583 EXPECT_FALSE(store_->policy()); |
| 590 store_->LoadImmediately(); | 584 store_->LoadImmediately(); |
| 591 // Note: verify that the |observer_| got notified synchronously, without | 585 // Note: verify that the |observer_| got notified synchronously, without |
| 592 // having to spin the current loop. TearDown() will flush the loop so this | 586 // having to spin the current loop. TearDown() will flush the loop so this |
| 593 // must be done within the test. | 587 // must be done within the test. |
| 594 Mock::VerifyAndClearExpectations(&observer_); | 588 Mock::VerifyAndClearExpectations(&observer_); |
| 595 Mock::VerifyAndClearExpectations(&session_manager_client_); | 589 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 596 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 590 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 597 | 591 |
| 598 // The policy should become available without having to spin any loops. | 592 // The policy should become available without having to spin any loops. |
| 599 ASSERT_TRUE(store_->policy()); | 593 ASSERT_TRUE(store_->policy()); |
| 600 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 594 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 601 store_->policy()->SerializeAsString()); | 595 store_->policy()->SerializeAsString()); |
| 602 VerifyPolicyMap(kDefaultHomepage); | 596 VerifyPolicyMap(kDefaultHomepage); |
| 603 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 597 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 604 } | 598 } |
| 605 | 599 |
| 606 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { | 600 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { |
| 607 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 601 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 608 EXPECT_CALL(session_manager_client_, | 602 EXPECT_CALL(session_manager_client_, |
| 609 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) | 603 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 610 .WillOnce(Return("")); | 604 .WillOnce(Return("")); |
| 611 | 605 |
| 612 EXPECT_FALSE(store_->policy()); | 606 EXPECT_FALSE(store_->policy()); |
| 613 store_->LoadImmediately(); | 607 store_->LoadImmediately(); |
| 614 Mock::VerifyAndClearExpectations(&observer_); | 608 Mock::VerifyAndClearExpectations(&observer_); |
| 615 Mock::VerifyAndClearExpectations(&session_manager_client_); | 609 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 616 | 610 |
| 617 EXPECT_FALSE(store_->policy()); | 611 EXPECT_FALSE(store_->policy()); |
| 618 EXPECT_TRUE(store_->policy_map().empty()); | 612 EXPECT_TRUE(store_->policy_map().empty()); |
| 619 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 613 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 620 } | 614 } |
| 621 | 615 |
| 622 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { | 616 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { |
| 623 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 617 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 624 EXPECT_CALL(session_manager_client_, | 618 EXPECT_CALL(session_manager_client_, |
| 625 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) | 619 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 626 .WillOnce(Return("le blob")); | 620 .WillOnce(Return("le blob")); |
| 627 | 621 |
| 628 EXPECT_FALSE(store_->policy()); | 622 EXPECT_FALSE(store_->policy()); |
| 629 store_->LoadImmediately(); | 623 store_->LoadImmediately(); |
| 630 Mock::VerifyAndClearExpectations(&observer_); | 624 Mock::VerifyAndClearExpectations(&observer_); |
| 631 Mock::VerifyAndClearExpectations(&session_manager_client_); | 625 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 632 | 626 |
| 633 EXPECT_FALSE(store_->policy()); | 627 EXPECT_FALSE(store_->policy()); |
| 634 EXPECT_TRUE(store_->policy_map().empty()); | 628 EXPECT_TRUE(store_->policy_map().empty()); |
| 635 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 629 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 636 } | 630 } |
| 637 | 631 |
| 638 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { | 632 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { |
| 639 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 633 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 640 EXPECT_CALL(session_manager_client_, | 634 EXPECT_CALL(session_manager_client_, |
| 641 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) | 635 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 642 .WillOnce(Return(policy_.GetBlob())); | 636 .WillOnce(Return(policy_.GetBlob())); |
| 643 EXPECT_CALL(cryptohome_client_, | 637 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 644 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername)) | |
| 645 .WillOnce(Return("")); | 638 .WillOnce(Return("")); |
| 646 | 639 |
| 647 EXPECT_FALSE(store_->policy()); | 640 EXPECT_FALSE(store_->policy()); |
| 648 store_->LoadImmediately(); | 641 store_->LoadImmediately(); |
| 649 Mock::VerifyAndClearExpectations(&observer_); | 642 Mock::VerifyAndClearExpectations(&observer_); |
| 650 Mock::VerifyAndClearExpectations(&session_manager_client_); | 643 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 651 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 644 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 652 | 645 |
| 653 EXPECT_FALSE(store_->policy()); | 646 EXPECT_FALSE(store_->policy()); |
| 654 EXPECT_TRUE(store_->policy_map().empty()); | 647 EXPECT_TRUE(store_->policy_map().empty()); |
| 655 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); | 648 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); |
| 656 } | 649 } |
| 657 | 650 |
| 658 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { | 651 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { |
| 659 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 652 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 660 EXPECT_CALL(session_manager_client_, | 653 EXPECT_CALL(session_manager_client_, |
| 661 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) | 654 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 662 .WillOnce(Return(policy_.GetBlob())); | 655 .WillOnce(Return(policy_.GetBlob())); |
| 663 EXPECT_CALL(cryptohome_client_, | 656 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 664 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername)) | |
| 665 .WillOnce(Return("wrong@example.com")); | 657 .WillOnce(Return("wrong@example.com")); |
| 666 | 658 |
| 667 EXPECT_FALSE(store_->policy()); | 659 EXPECT_FALSE(store_->policy()); |
| 668 store_->LoadImmediately(); | 660 store_->LoadImmediately(); |
| 669 Mock::VerifyAndClearExpectations(&observer_); | 661 Mock::VerifyAndClearExpectations(&observer_); |
| 670 Mock::VerifyAndClearExpectations(&session_manager_client_); | 662 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 671 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 663 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 672 | 664 |
| 673 EXPECT_FALSE(store_->policy()); | 665 EXPECT_FALSE(store_->policy()); |
| 674 EXPECT_TRUE(store_->policy_map().empty()); | 666 EXPECT_TRUE(store_->policy_map().empty()); |
| 675 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 667 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 676 } | 668 } |
| 677 | 669 |
| 678 } // namespace | 670 } // namespace |
| 679 | 671 |
| 680 } // namespace policy | 672 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master