Device enterprise registration with a certificate.

components/policy/core/common/cloud/cloud_policy_client_unittest.cc

Index: components/policy/core/common/cloud/cloud_policy_client_unittest.cc
diff --git a/components/policy/core/common/cloud/cloud_policy_client_unittest.cc b/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
index ac995ec1fbcf8f70065babcf19aeb1e216e4cff5..b3dc53a127f0ccc601754afc863181dcde8dd673 100644
--- a/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
@@ -52,6 +52,9 @@ const char kResultPayload[] = "output_payload";
 const char kAssetId[] = "fake-asset-id";
 const char kLocation[] = "fake-location";
 const char kGcmID[] = "fake-gcm-id";
+const char kEnrollmentCertificate[] = "fake-certificate";
+const char kSignedDataNonce[] = "+nonce";
+const char kSignature[] = "fake-signature";
 
 const int64_t kAgeOfCommand = 123123123;
 const int64_t kLastCommandId = 123456789;
@@ -80,6 +83,40 @@ class MockRemoteCommandsObserver {
                     const std::vector<em::RemoteCommand>&));
 };
 
+// A mock SigningService

[achuithb, 2016/08/23 18:40:28]

period at the end of comment

[The one and only Dr. Crash, 2016/08/24 05:53:44]

Done.

+class FakeSigningService : public CloudPolicyClient::SigningService {
+ public:
+  void SignData(const std::string& data, SigningCallback callback) override {
+    em::SignedData signed_data;
+    bool success = !ShouldSignDataFail();

[achuithb, 2016/08/23 18:40:28]

const

[The one and only Dr. Crash, 2016/08/24 05:53:45]

Done.

+    if (success) {

[achuithb, 2016/08/23 18:40:28]

drop {}

[The one and only Dr. Crash, 2016/08/24 05:53:44]

Done.

+      SignData(data, &signed_data);
+    }
+    callback.Run(success, signed_data);
+  }
+  static void SignRegistrationData(

[achuithb, 2016/08/23 18:40:28]

statics first

[The one and only Dr. Crash, 2016/08/24 05:53:45]

Done.

+      em::CertificateBasedDeviceRegistrationData* registration_data,
+      em::SignedData* signed_data) {
+    SignData(registration_data->SerializeAsString(), signed_data);
+  }
+
+ protected:
+  virtual bool ShouldSignDataFail() const {
+    return false;
+  }
+ private:

[achuithb, 2016/08/23 18:40:28]

newline before this line

[The one and only Dr. Crash, 2016/08/24 05:53:45]

Done.

+  static void SignData(const std::string& data, em::SignedData* signed_data) {

[achuithb, 2016/08/23 18:40:28]

Use a different name - we don't allow overloaded function names.

[The one and only Dr. Crash, 2016/08/24 05:53:45]

Done.

+    signed_data->set_data(data + kSignedDataNonce);
+    signed_data->set_signature(kSignature);
+    signed_data->set_extra_data_bytes(sizeof(kSignedDataNonce) - 1);
+  }
+};
+
+class MockSigningService : public FakeSigningService {
+ public:
+  MOCK_CONST_METHOD0(ShouldSignDataFail, bool());
+};
+
 }  // namespace
 
 class CloudPolicyClientTest : public testing::Test {
@@ -94,8 +131,25 @@ class CloudPolicyClientTest : public testing::Test {
     register_request->set_machine_model(kMachineModel);
     register_request->set_flavor(
         em::DeviceRegisterRequest::FLAVOR_USER_REGISTRATION);
-    registration_response_.mutable_register_response()->
-        set_device_management_token(kDMToken);
+
+    em::CertificateBasedDeviceRegistrationData data;
+    data.set_certificate_type(em::CertificateBasedDeviceRegistrationData::
+        ENTERPRISE_ENROLLMENT_CERTIFICATE);
+    data.set_device_certificate(kEnrollmentCertificate);
+
+    em::DeviceRegisterRequest* request = data.mutable_device_register_request();
+    request->set_type(em::DeviceRegisterRequest::DEVICE);
+    request->set_machine_id(kMachineID);
+    request->set_machine_model(kMachineModel);
+    // TODO(drcrash): Use FLAVOR_ATTESTATION after 2186623002 has landed.

[achuithb, 2016/08/23 18:40:28]

reference bug

[The one and only Dr. Crash, 2016/08/24 05:53:45]

Made it link to CL.

+    request->set_flavor(
+        em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_MANUAL);
+
+    em::CertificateBasedDeviceRegisterRequest* cert_based_register_request =
+        cert_based_registration_request_.mutable_cert_based_register_request();
+    // We are not testing signature.
+    FakeSigningService::SignRegistrationData(&data,
+        cert_based_register_request->mutable_signed_request());
 
     em::PolicyFetchRequest* policy_fetch_request =
         policy_request_.mutable_policy_request()->add_request();
@@ -105,6 +159,9 @@ class CloudPolicyClientTest : public testing::Test {
     policy_response_.mutable_policy_response()->add_response()->set_policy_data(
         CreatePolicyData("fake-policy-data"));
 
+    registration_response_.mutable_register_response()->
+        set_device_management_token(kDMToken);
+
     unregistration_request_.mutable_unregister_request();
     unregistration_response_.mutable_unregister_response();
     upload_certificate_request_.mutable_cert_upload_request()->
@@ -173,7 +230,8 @@ class CloudPolicyClientTest : public testing::Test {
     client_.reset(new CloudPolicyClient(kMachineID, kMachineModel,
                                         kPolicyVerificationKeyHash,
                                         &service_,
-                                        request_context_));
+                                        request_context_,
+                                        &signing_service_));
     client_->AddPolicyTypeToFetch(policy_type_, std::string());
     client_->AddObserver(&observer_);
   }
@@ -190,6 +248,18 @@ class CloudPolicyClientTest : public testing::Test {
         .WillOnce(SaveArg<4>(&client_id_));
   }
 
+  void ExpectCertBasedRegistration() {
+    EXPECT_CALL(service_, CreateJob(
+        DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION,
+        request_context_))
+        .WillOnce(service_.SucceedJob(registration_response_));
+    EXPECT_CALL(service_,
+                StartJob(dm_protocol::kValueRequestCertBasedRegister,
+                         std::string(), _, std::string(), _,
+                         MatchProto(cert_based_registration_request_)))
+        .WillOnce(SaveArg<4>(&client_id_));
+  }
+
   void ExpectPolicyFetch(const std::string& dm_token) {
     EXPECT_CALL(service_,
                 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH,
@@ -296,6 +366,7 @@ class CloudPolicyClientTest : public testing::Test {
 
   // Request protobufs used as expectations for the client requests.
   em::DeviceManagementRequest registration_request_;
+  em::DeviceManagementRequest cert_based_registration_request_;
   em::DeviceManagementRequest policy_request_;
   em::DeviceManagementRequest unregistration_request_;
   em::DeviceManagementRequest upload_certificate_request_;
@@ -322,6 +393,7 @@ class CloudPolicyClientTest : public testing::Test {
   MockDeviceManagementService service_;
   StrictMock<MockCloudPolicyClientObserver> observer_;
   StrictMock<MockStatusCallbackObserver> callback_observer_;
+  MockSigningService signing_service_;
   std::unique_ptr<CloudPolicyClient> client_;
   // Pointer to the client's request context.
   scoped_refptr<net::URLRequestContextGetter> request_context_;
@@ -365,6 +437,37 @@ TEST_F(CloudPolicyClientTest, RegistrationAndPolicyFetch) {
   CheckPolicyResponse();
 }
 
+TEST_F(CloudPolicyClientTest, RegistrationWithCertificateAndPolicyFetch) {
+  ExpectCertBasedRegistration();
+  EXPECT_CALL(signing_service_, ShouldSignDataFail())
+      .WillOnce(Return(false));
+  EXPECT_CALL(observer_, OnRegistrationStateChanged(_));
+  client_->RegisterWithCertificate(em::DeviceRegisterRequest::DEVICE,
+      // TODO(drcrash): Use FLAVOR_ATTESTATION after 2186623002 has landed.
+      em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_MANUAL,
+      kEnrollmentCertificate, std::string(), std::string(), std::string());
+  EXPECT_TRUE(client_->is_registered());
+  EXPECT_FALSE(client_->GetPolicyFor(policy_type_, std::string()));
+  EXPECT_EQ(DM_STATUS_SUCCESS, client_->status());
+
+  ExpectPolicyFetch(kDMToken);
+  EXPECT_CALL(observer_, OnPolicyFetched(_));
+  client_->FetchPolicy();
+  EXPECT_EQ(DM_STATUS_SUCCESS, client_->status());
+  CheckPolicyResponse();
+}
+TEST_F(CloudPolicyClientTest, RegistrationWithCertificateFailToSignRequest) {
+  EXPECT_CALL(signing_service_, ShouldSignDataFail())
+      .WillOnce(Return(true));
+  EXPECT_CALL(observer_, OnClientError(_));
+  client_->RegisterWithCertificate(em::DeviceRegisterRequest::DEVICE,
+      // TODO(drcrash): Use FLAVOR_ATTESTATION after 2186623002 has landed.
+      em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_MANUAL,
+      kEnrollmentCertificate, std::string(), std::string(), std::string());
+  EXPECT_FALSE(client_->is_registered());
+  EXPECT_EQ(DM_STATUS_CANNOT_SIGN_REQUEST, client_->status());
+}
+
 TEST_F(CloudPolicyClientTest, RegistrationParametersPassedThrough) {
   registration_request_.mutable_register_request()->set_reregister(true);
   registration_request_.mutable_register_request()->set_requisition(