| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> |
| 5 #include <vector> | 6 #include <vector> |
| 6 | 7 |
| 7 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/hash.h" |
| 8 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/message_loop/message_loop.h" | 11 #include "base/message_loop/message_loop.h" |
| 10 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 11 #include "chrome/browser/policy/cloud/cloud_policy_constants.h" | 13 #include "chrome/browser/policy/cloud/cloud_policy_constants.h" |
| 12 #include "chrome/browser/policy/cloud/cloud_policy_validator.h" | 14 #include "chrome/browser/policy/cloud/cloud_policy_validator.h" |
| 13 #include "chrome/browser/policy/cloud/policy_builder.h" | 15 #include "chrome/browser/policy/cloud/policy_builder.h" |
| 14 #include "content/public/test/test_browser_thread.h" | 16 #include "content/public/test/test_browser_thread.h" |
| 15 #include "crypto/rsa_private_key.h" | 17 #include "crypto/rsa_private_key.h" |
| 16 #include "testing/gmock/include/gmock/gmock.h" | 18 #include "testing/gmock/include/gmock/gmock.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 31 | 33 |
| 32 class CloudPolicyValidatorTest : public testing::Test { | 34 class CloudPolicyValidatorTest : public testing::Test { |
| 33 public: | 35 public: |
| 34 CloudPolicyValidatorTest() | 36 CloudPolicyValidatorTest() |
| 35 : loop_(base::MessageLoop::TYPE_UI), | 37 : loop_(base::MessageLoop::TYPE_UI), |
| 36 timestamp_(base::Time::UnixEpoch() + | 38 timestamp_(base::Time::UnixEpoch() + |
| 37 base::TimeDelta::FromMilliseconds( | 39 base::TimeDelta::FromMilliseconds( |
| 38 PolicyBuilder::kFakeTimestamp)), | 40 PolicyBuilder::kFakeTimestamp)), |
| 39 ignore_missing_timestamp_(CloudPolicyValidatorBase::TIMESTAMP_REQUIRED), | 41 ignore_missing_timestamp_(CloudPolicyValidatorBase::TIMESTAMP_REQUIRED), |
| 40 ignore_missing_dm_token_(CloudPolicyValidatorBase::DM_TOKEN_REQUIRED), | 42 ignore_missing_dm_token_(CloudPolicyValidatorBase::DM_TOKEN_REQUIRED), |
| 43 allow_invalid_payload_(false), |
| 41 allow_key_rotation_(true), | 44 allow_key_rotation_(true), |
| 42 existing_dm_token_(PolicyBuilder::kFakeToken), | 45 existing_dm_token_(PolicyBuilder::kFakeToken), |
| 43 file_thread_(content::BrowserThread::FILE, &loop_) { | 46 file_thread_(content::BrowserThread::FILE, &loop_) { |
| 44 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); | 47 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
| 45 } | 48 } |
| 46 | 49 |
| 47 void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { | 50 void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { |
| 48 // Create a validator. | 51 // Create a validator. |
| 49 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); | 52 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); |
| 50 | 53 |
| (...skipping 14 matching lines...) Expand all Loading... |
| 65 policy_.Build(); | 68 policy_.Build(); |
| 66 | 69 |
| 67 UserCloudPolicyValidator* validator = | 70 UserCloudPolicyValidator* validator = |
| 68 UserCloudPolicyValidator::Create(policy_.GetCopy()); | 71 UserCloudPolicyValidator::Create(policy_.GetCopy()); |
| 69 validator->ValidateTimestamp(timestamp_, timestamp_, | 72 validator->ValidateTimestamp(timestamp_, timestamp_, |
| 70 ignore_missing_timestamp_); | 73 ignore_missing_timestamp_); |
| 71 validator->ValidateUsername(PolicyBuilder::kFakeUsername); | 74 validator->ValidateUsername(PolicyBuilder::kFakeUsername); |
| 72 validator->ValidateDomain(PolicyBuilder::kFakeDomain); | 75 validator->ValidateDomain(PolicyBuilder::kFakeDomain); |
| 73 validator->ValidateDMToken(existing_dm_token_, ignore_missing_dm_token_); | 76 validator->ValidateDMToken(existing_dm_token_, ignore_missing_dm_token_); |
| 74 validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); | 77 validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); |
| 75 validator->ValidatePayload(); | 78 if (!allow_invalid_payload_) |
| 79 validator->ValidatePayload(); |
| 76 validator->ValidateSignature(public_key, allow_key_rotation_); | 80 validator->ValidateSignature(public_key, allow_key_rotation_); |
| 77 if (allow_key_rotation_) | 81 if (allow_key_rotation_) |
| 78 validator->ValidateInitialKey(); | 82 validator->ValidateInitialKey(); |
| 79 return make_scoped_ptr(validator); | 83 return make_scoped_ptr(validator); |
| 80 } | 84 } |
| 81 | 85 |
| 82 | 86 |
| 83 void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { | 87 void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { |
| 84 EXPECT_TRUE(validator->success()); | 88 EXPECT_TRUE(validator->success()); |
| 85 EXPECT_EQ(policy_.policy().SerializeAsString(), | 89 EXPECT_EQ(policy_.policy().SerializeAsString(), |
| 86 validator->policy()->SerializeAsString()); | 90 validator->policy()->SerializeAsString()); |
| 87 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 91 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 88 validator->policy_data()->SerializeAsString()); | 92 validator->policy_data()->SerializeAsString()); |
| 89 EXPECT_EQ(policy_.payload().SerializeAsString(), | 93 EXPECT_EQ(policy_.payload().SerializeAsString(), |
| 90 validator->payload()->SerializeAsString()); | 94 validator->payload()->SerializeAsString()); |
| 91 } | 95 } |
| 92 | 96 |
| 93 base::MessageLoop loop_; | 97 base::MessageLoop loop_; |
| 94 base::Time timestamp_; | 98 base::Time timestamp_; |
| 95 CloudPolicyValidatorBase::ValidateTimestampOption ignore_missing_timestamp_; | 99 CloudPolicyValidatorBase::ValidateTimestampOption ignore_missing_timestamp_; |
| 96 CloudPolicyValidatorBase::ValidateDMTokenOption ignore_missing_dm_token_; | 100 CloudPolicyValidatorBase::ValidateDMTokenOption ignore_missing_dm_token_; |
| 97 std::string signing_key_; | 101 std::string signing_key_; |
| 102 bool allow_invalid_payload_; |
| 98 bool allow_key_rotation_; | 103 bool allow_key_rotation_; |
| 99 std::string existing_dm_token_; | 104 std::string existing_dm_token_; |
| 100 | 105 |
| 101 UserPolicyBuilder policy_; | 106 UserPolicyBuilder policy_; |
| 102 | 107 |
| 103 private: | 108 private: |
| 104 MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); | 109 MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); |
| 105 | 110 |
| 106 content::TestBrowserThread file_thread_; | 111 content::TestBrowserThread file_thread_; |
| 107 | 112 |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 279 allow_key_rotation_ = false; | 284 allow_key_rotation_ = false; |
| 280 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); | 285 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); |
| 281 } | 286 } |
| 282 | 287 |
| 283 TEST_F(CloudPolicyValidatorTest, NoRotation) { | 288 TEST_F(CloudPolicyValidatorTest, NoRotation) { |
| 284 allow_key_rotation_ = false; | 289 allow_key_rotation_ = false; |
| 285 policy_.set_new_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); | 290 policy_.set_new_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); |
| 286 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); | 291 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); |
| 287 } | 292 } |
| 288 | 293 |
| 294 TEST_F(CloudPolicyValidatorTest, HashValue) { |
| 295 allow_invalid_payload_ = true; |
| 296 std::string policy_value = "test"; |
| 297 uint32 expected_value = base::Hash(policy_value); |
| 298 policy_.clear_payload(); |
| 299 policy_.policy_data().set_policy_value(policy_value); |
| 300 |
| 301 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); |
| 302 EXPECT_EQ(0U, validator->hash_value()); |
| 303 validator->ValidateHashValue(); |
| 304 validator->RunValidation(); |
| 305 CheckSuccessfulValidation(validator.get()); |
| 306 EXPECT_EQ(expected_value, validator->hash_value()); |
| 307 } |
| 308 |
| 289 } // namespace | 309 } // namespace |
| 290 | 310 |
| 291 } // namespace policy | 311 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19733003:
Implement cloud policy invalidations using the invalidation service framework. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master