| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 26 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| 27 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 27 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 28 #include "chrome/browser/chromeos/settings/cros_settings.h" | 28 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 29 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 29 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 30 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" | 30 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" |
| 31 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 31 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 32 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" | 32 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" |
| 33 #include "chrome/browser/prefs/browser_prefs.h" | 33 #include "chrome/browser/prefs/browser_prefs.h" |
| 34 #include "chrome/test/base/testing_browser_process.h" | 34 #include "chrome/test/base/testing_browser_process.h" |
| 35 #include "chrome/test/base/testing_profile.h" | 35 #include "chrome/test/base/testing_profile.h" |
| 36 #include "chromeos/attestation/mock_attestation_flow.h" |
| 37 #include "chromeos/cryptohome/async_method_caller.h" |
| 36 #include "chromeos/cryptohome/system_salt_getter.h" | 38 #include "chromeos/cryptohome/system_salt_getter.h" |
| 37 #include "chromeos/dbus/dbus_client_implementation_type.h" | 39 #include "chromeos/dbus/dbus_client_implementation_type.h" |
| 38 #include "chromeos/dbus/dbus_thread_manager.h" | 40 #include "chromeos/dbus/dbus_thread_manager.h" |
| 39 #include "chromeos/dbus/fake_cryptohome_client.h" | 41 #include "chromeos/dbus/fake_cryptohome_client.h" |
| 40 #include "chromeos/dbus/fake_session_manager_client.h" | 42 #include "chromeos/dbus/fake_session_manager_client.h" |
| 41 #include "chromeos/system/fake_statistics_provider.h" | 43 #include "chromeos/system/fake_statistics_provider.h" |
| 42 #include "chromeos/system/statistics_provider.h" | 44 #include "chromeos/system/statistics_provider.h" |
| 43 #include "components/policy/core/common/cloud/cloud_policy_client.h" | 45 #include "components/policy/core/common/cloud/cloud_policy_client.h" |
| 44 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 46 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 45 #include "components/policy/core/common/cloud/cloud_policy_core.h" | 47 #include "components/policy/core/common/cloud/cloud_policy_core.h" |
| 46 #include "components/policy/core/common/cloud/mock_device_management_service.h" | 48 #include "components/policy/core/common/cloud/mock_device_management_service.h" |
| 47 #include "components/policy/core/common/external_data_fetcher.h" | 49 #include "components/policy/core/common/external_data_fetcher.h" |
| 48 #include "components/policy/core/common/policy_types.h" | 50 #include "components/policy/core/common/policy_types.h" |
| 49 #include "components/policy/core/common/schema_registry.h" | 51 #include "components/policy/core/common/schema_registry.h" |
| 50 #include "components/policy/policy_constants.h" | 52 #include "components/policy/policy_constants.h" |
| 51 #include "components/policy/proto/device_management_backend.pb.h" | 53 #include "components/policy/proto/device_management_backend.pb.h" |
| 52 #include "components/prefs/pref_registry_simple.h" | 54 #include "components/prefs/pref_registry_simple.h" |
| 53 #include "components/prefs/testing_pref_service.h" | 55 #include "components/prefs/testing_pref_service.h" |
| 54 #include "google_apis/gaia/gaia_oauth_client.h" | 56 #include "google_apis/gaia/gaia_oauth_client.h" |
| 55 #include "net/url_request/test_url_fetcher_factory.h" | 57 #include "net/url_request/test_url_fetcher_factory.h" |
| 56 #include "net/url_request/url_request_test_util.h" | 58 #include "net/url_request/url_request_test_util.h" |
| 57 #include "testing/gmock/include/gmock/gmock.h" | 59 #include "testing/gmock/include/gmock/gmock.h" |
| 58 #include "testing/gtest/include/gtest/gtest.h" | 60 #include "testing/gtest/include/gtest/gtest.h" |
| 59 | 61 |
| 60 using testing::AnyNumber; | 62 using testing::AnyNumber; |
| 61 using testing::AtMost; | 63 using testing::AtMost; |
| 62 using testing::DoAll; | 64 using testing::DoAll; |
| 65 using testing::Invoke; |
| 63 using testing::Mock; | 66 using testing::Mock; |
| 64 using testing::Return; | 67 using testing::Return; |
| 65 using testing::SaveArg; | 68 using testing::SaveArg; |
| 66 using testing::SetArgumentPointee; | 69 using testing::SetArgumentPointee; |
| 70 using testing::StrictMock; |
| 71 using testing::WithArgs; |
| 67 using testing::_; | 72 using testing::_; |
| 68 | 73 |
| 69 namespace em = enterprise_management; | 74 namespace em = enterprise_management; |
| 70 | 75 |
| 71 namespace policy { | 76 namespace policy { |
| 72 namespace { | 77 namespace { |
| 73 | 78 |
| 74 void CopyLockResult(base::RunLoop* loop, | 79 void CopyLockResult(base::RunLoop* loop, |
| 75 EnterpriseInstallAttributes::LockResult* out, | 80 EnterpriseInstallAttributes::LockResult* out, |
| 76 EnterpriseInstallAttributes::LockResult result) { | 81 EnterpriseInstallAttributes::LockResult result) { |
| 77 *out = result; | 82 *out = result; |
| 78 loop->Quit(); | 83 loop->Quit(); |
| 79 } | 84 } |
| 80 | 85 |
| 86 void CertCallbackSuccess( |
| 87 const chromeos::attestation::AttestationFlow::CertificateCallback& |
| 88 callback) { |
| 89 base::ThreadTaskRunnerHandle::Get()->PostTask( |
| 90 FROM_HERE, base::Bind(callback, true, "fake_cert")); |
| 91 } |
| 92 |
| 81 class TestingDeviceCloudPolicyManagerChromeOS | 93 class TestingDeviceCloudPolicyManagerChromeOS |
| 82 : public DeviceCloudPolicyManagerChromeOS { | 94 : public DeviceCloudPolicyManagerChromeOS { |
| 83 public: | 95 public: |
| 84 TestingDeviceCloudPolicyManagerChromeOS( | 96 TestingDeviceCloudPolicyManagerChromeOS( |
| 85 std::unique_ptr<DeviceCloudPolicyStoreChromeOS> store, | 97 std::unique_ptr<DeviceCloudPolicyStoreChromeOS> store, |
| 86 const scoped_refptr<base::SequencedTaskRunner>& task_runner, | 98 const scoped_refptr<base::SequencedTaskRunner>& task_runner, |
| 87 ServerBackedStateKeysBroker* state_keys_broker) | 99 ServerBackedStateKeysBroker* state_keys_broker) |
| 88 : DeviceCloudPolicyManagerChromeOS(std::move(store), | 100 : DeviceCloudPolicyManagerChromeOS(std::move(store), |
| 89 task_runner, | 101 task_runner, |
| 90 state_keys_broker) {} | 102 state_keys_broker) {} |
| (...skipping 14 matching lines...) Expand all Loading... |
| 105 state_keys.push_back("1"); | 117 state_keys.push_back("1"); |
| 106 state_keys.push_back("2"); | 118 state_keys.push_back("2"); |
| 107 state_keys.push_back("3"); | 119 state_keys.push_back("3"); |
| 108 fake_session_manager_client_.set_server_backed_state_keys(state_keys); | 120 fake_session_manager_client_.set_server_backed_state_keys(state_keys); |
| 109 } | 121 } |
| 110 | 122 |
| 111 ~DeviceCloudPolicyManagerChromeOSTest() override { | 123 ~DeviceCloudPolicyManagerChromeOSTest() override { |
| 112 chromeos::system::StatisticsProvider::SetTestProvider(NULL); | 124 chromeos::system::StatisticsProvider::SetTestProvider(NULL); |
| 113 } | 125 } |
| 114 | 126 |
| 127 virtual bool ShouldRegisterWitCert() const { return false; } |
| 128 |
| 115 void SetUp() override { | 129 void SetUp() override { |
| 116 DeviceSettingsTestBase::SetUp(); | 130 DeviceSettingsTestBase::SetUp(); |
| 117 | |
| 118 dbus_setter_->SetCryptohomeClient( | 131 dbus_setter_->SetCryptohomeClient( |
| 119 std::unique_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_)); | 132 std::unique_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_)); |
| 133 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(); |
| 134 cryptohome::AsyncMethodCaller::Initialize(); |
| 120 | 135 |
| 121 install_attributes_.reset( | 136 install_attributes_.reset( |
| 122 new EnterpriseInstallAttributes(fake_cryptohome_client_)); | 137 new EnterpriseInstallAttributes(fake_cryptohome_client_)); |
| 123 store_ = new DeviceCloudPolicyStoreChromeOS( | 138 store_ = new DeviceCloudPolicyStoreChromeOS( |
| 124 &device_settings_service_, install_attributes_.get(), | 139 &device_settings_service_, install_attributes_.get(), |
| 125 base::ThreadTaskRunnerHandle::Get()); | 140 base::ThreadTaskRunnerHandle::Get()); |
| 126 manager_.reset(new TestingDeviceCloudPolicyManagerChromeOS( | 141 manager_.reset(new TestingDeviceCloudPolicyManagerChromeOS( |
| 127 base::WrapUnique(store_), base::ThreadTaskRunnerHandle::Get(), | 142 base::WrapUnique(store_), base::ThreadTaskRunnerHandle::Get(), |
| 128 &state_keys_broker_)); | 143 &state_keys_broker_)); |
| 129 | 144 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 142 chromeos::SystemSaltGetter::Initialize(); | 157 chromeos::SystemSaltGetter::Initialize(); |
| 143 chromeos::DeviceOAuth2TokenServiceFactory::Initialize(); | 158 chromeos::DeviceOAuth2TokenServiceFactory::Initialize(); |
| 144 url_fetcher_response_code_ = 200; | 159 url_fetcher_response_code_ = 200; |
| 145 url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\"," | 160 url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\"," |
| 146 "\"expires_in\":1234," | 161 "\"expires_in\":1234," |
| 147 "\"refresh_token\":\"refreshToken4Test\"}"; | 162 "\"refresh_token\":\"refreshToken4Test\"}"; |
| 148 | 163 |
| 149 AllowUninterestingRemoteCommandFetches(); | 164 AllowUninterestingRemoteCommandFetches(); |
| 150 } | 165 } |
| 151 | 166 |
| 167 StrictMock<chromeos::attestation::MockAttestationFlow>* |
| 168 CreateAttestationFlow() { |
| 169 StrictMock<chromeos::attestation::MockAttestationFlow>* mock = |
| 170 new StrictMock<chromeos::attestation::MockAttestationFlow>(); |
| 171 if (ShouldRegisterWitCert()) { |
| 172 EXPECT_CALL(*mock, GetCertificate(_, _, _, _, _)) |
| 173 .WillOnce(WithArgs<4>(Invoke(CertCallbackSuccess))); |
| 174 } |
| 175 return mock; |
| 176 } |
| 177 |
| 152 void TearDown() override { | 178 void TearDown() override { |
| 179 cryptohome::AsyncMethodCaller::Shutdown(); |
| 180 |
| 153 manager_->RemoveDeviceCloudPolicyManagerObserver(this); | 181 manager_->RemoveDeviceCloudPolicyManagerObserver(this); |
| 154 manager_->Shutdown(); | 182 manager_->Shutdown(); |
| 155 if (initializer_) | 183 if (initializer_) |
| 156 initializer_->Shutdown(); | 184 initializer_->Shutdown(); |
| 157 DeviceSettingsTestBase::TearDown(); | 185 DeviceSettingsTestBase::TearDown(); |
| 158 | 186 |
| 159 chromeos::DeviceOAuth2TokenServiceFactory::Shutdown(); | 187 chromeos::DeviceOAuth2TokenServiceFactory::Shutdown(); |
| 160 chromeos::SystemSaltGetter::Shutdown(); | 188 chromeos::SystemSaltGetter::Shutdown(); |
| 161 TestingBrowserProcess::GetGlobal()->SetLocalState(NULL); | 189 TestingBrowserProcess::GetGlobal()->SetLocalState(NULL); |
| 162 } | 190 } |
| 163 | 191 |
| 164 void LockDevice() { | 192 void LockDevice() { |
| 165 base::RunLoop loop; | 193 base::RunLoop loop; |
| 166 EnterpriseInstallAttributes::LockResult result; | 194 EnterpriseInstallAttributes::LockResult result; |
| 167 install_attributes_->LockDevice( | 195 install_attributes_->LockDevice( |
| 168 PolicyBuilder::kFakeUsername, | 196 PolicyBuilder::kFakeUsername, |
| 169 DEVICE_MODE_ENTERPRISE, | 197 DEVICE_MODE_ENTERPRISE, |
| 170 PolicyBuilder::kFakeDeviceId, | 198 PolicyBuilder::kFakeDeviceId, |
| 171 base::Bind(&CopyLockResult, &loop, &result)); | 199 base::Bind(&CopyLockResult, &loop, &result)); |
| 172 loop.Run(); | 200 loop.Run(); |
| 173 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); | 201 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); |
| 174 } | 202 } |
| 175 | 203 |
| 176 void ConnectManager() { | 204 void ConnectManager() { |
| 205 std::unique_ptr<chromeos::attestation::AttestationFlow> unique_flow( |
| 206 CreateAttestationFlow()); |
| 177 manager_->Initialize(&local_state_); | 207 manager_->Initialize(&local_state_); |
| 178 manager_->AddDeviceCloudPolicyManagerObserver(this); | 208 manager_->AddDeviceCloudPolicyManagerObserver(this); |
| 179 initializer_.reset(new DeviceCloudPolicyInitializer( | 209 initializer_.reset(new DeviceCloudPolicyInitializer( |
| 180 &local_state_, &device_management_service_, | 210 &local_state_, &device_management_service_, |
| 181 base::ThreadTaskRunnerHandle::Get(), install_attributes_.get(), | 211 base::ThreadTaskRunnerHandle::Get(), install_attributes_.get(), |
| 182 &state_keys_broker_, store_, manager_.get(), nullptr, nullptr)); | 212 &state_keys_broker_, store_, manager_.get(), |
| 213 cryptohome::AsyncMethodCaller::GetInstance(), std::move(unique_flow))); |
| 183 initializer_->Init(); | 214 initializer_->Init(); |
| 184 } | 215 } |
| 185 | 216 |
| 186 void VerifyPolicyPopulated() { | 217 void VerifyPolicyPopulated() { |
| 187 PolicyBundle bundle; | 218 PolicyBundle bundle; |
| 188 bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) | 219 bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) |
| 189 .Set(key::kDeviceMetricsReportingEnabled, POLICY_LEVEL_MANDATORY, | 220 .Set(key::kDeviceMetricsReportingEnabled, POLICY_LEVEL_MANDATORY, |
| 190 POLICY_SCOPE_MACHINE, POLICY_SOURCE_CLOUD, | 221 POLICY_SCOPE_MACHINE, POLICY_SOURCE_CLOUD, |
| 191 base::MakeUnique<base::FundamentalValue>(false), nullptr); | 222 base::MakeUnique<base::FundamentalValue>(false), nullptr); |
| 192 EXPECT_TRUE(manager_->policies().Equals(bundle)); | 223 EXPECT_TRUE(manager_->policies().Equals(bundle)); |
| (...skipping 28 matching lines...) Expand all Loading... |
| 221 chromeos::ScopedTestCrosSettings test_cros_settings_; | 252 chromeos::ScopedTestCrosSettings test_cros_settings_; |
| 222 chromeos::system::ScopedFakeStatisticsProvider fake_statistics_provider_; | 253 chromeos::system::ScopedFakeStatisticsProvider fake_statistics_provider_; |
| 223 chromeos::FakeSessionManagerClient fake_session_manager_client_; | 254 chromeos::FakeSessionManagerClient fake_session_manager_client_; |
| 224 chromeos::FakeCryptohomeClient* fake_cryptohome_client_; | 255 chromeos::FakeCryptohomeClient* fake_cryptohome_client_; |
| 225 ServerBackedStateKeysBroker state_keys_broker_; | 256 ServerBackedStateKeysBroker state_keys_broker_; |
| 226 | 257 |
| 227 DeviceCloudPolicyStoreChromeOS* store_; | 258 DeviceCloudPolicyStoreChromeOS* store_; |
| 228 SchemaRegistry schema_registry_; | 259 SchemaRegistry schema_registry_; |
| 229 std::unique_ptr<TestingDeviceCloudPolicyManagerChromeOS> manager_; | 260 std::unique_ptr<TestingDeviceCloudPolicyManagerChromeOS> manager_; |
| 230 std::unique_ptr<DeviceCloudPolicyInitializer> initializer_; | 261 std::unique_ptr<DeviceCloudPolicyInitializer> initializer_; |
| 231 | |
| 232 private: | 262 private: |
| 233 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSTest); | 263 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSTest); |
| 234 }; | 264 }; |
| 235 | 265 |
| 236 TEST_F(DeviceCloudPolicyManagerChromeOSTest, FreshDevice) { | 266 TEST_F(DeviceCloudPolicyManagerChromeOSTest, FreshDevice) { |
| 237 owner_key_util_->Clear(); | 267 owner_key_util_->Clear(); |
| 238 FlushDeviceSettings(); | 268 FlushDeviceSettings(); |
| 239 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); | 269 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 240 | 270 |
| 241 manager_->Initialize(&local_state_); | 271 manager_->Initialize(&local_state_); |
| (...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 422 EXPECT_EQ(EnrollmentStatus::STATUS_SUCCESS, status_.status()); | 452 EXPECT_EQ(EnrollmentStatus::STATUS_SUCCESS, status_.status()); |
| 423 ASSERT_TRUE(manager_->core()->client()); | 453 ASSERT_TRUE(manager_->core()->client()); |
| 424 EXPECT_TRUE(manager_->core()->client()->is_registered()); | 454 EXPECT_TRUE(manager_->core()->client()->is_registered()); |
| 425 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); | 455 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); |
| 426 EXPECT_TRUE(store_->has_policy()); | 456 EXPECT_TRUE(store_->has_policy()); |
| 427 EXPECT_TRUE(store_->is_managed()); | 457 EXPECT_TRUE(store_->is_managed()); |
| 428 VerifyPolicyPopulated(); | 458 VerifyPolicyPopulated(); |
| 429 } | 459 } |
| 430 | 460 |
| 431 void RunTest() { | 461 void RunTest() { |
| 462 const bool with_cert = ShouldRegisterWitCert(); |
| 432 // Trigger enrollment. | 463 // Trigger enrollment. |
| 433 MockDeviceManagementJob* register_job = NULL; | 464 MockDeviceManagementJob* register_job = NULL; |
| 434 EXPECT_CALL(device_management_service_, | 465 EXPECT_CALL( |
| 435 CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION, _)) | 466 device_management_service_, |
| 467 CreateJob(with_cert |
| 468 ? DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION |
| 469 : DeviceManagementRequestJob::TYPE_REGISTRATION, |
| 470 _)) |
| 436 .Times(AtMost(1)) | 471 .Times(AtMost(1)) |
| 437 .WillOnce(device_management_service_.CreateAsyncJob(®ister_job)); | 472 .WillOnce(device_management_service_.CreateAsyncJob(®ister_job)); |
| 438 EXPECT_CALL(device_management_service_, | 473 EXPECT_CALL(device_management_service_, |
| 439 StartJob(dm_protocol::kValueRequestRegister, _, _, _, _, _)) | 474 StartJob(with_cert ? dm_protocol::kValueRequestCertBasedRegister |
| 475 : dm_protocol::kValueRequestRegister, |
| 476 _, _, _, _, _)) |
| 440 .Times(AtMost(1)) | 477 .Times(AtMost(1)) |
| 441 .WillOnce( | 478 .WillOnce( |
| 442 DoAll(SaveArg<4>(&client_id_), SaveArg<5>(®ister_request_))); | 479 DoAll(SaveArg<4>(&client_id_), SaveArg<5>(®ister_request_))); |
| 443 DeviceCloudPolicyInitializer::AllowedDeviceModes modes; | 480 DeviceCloudPolicyInitializer::AllowedDeviceModes modes; |
| 444 modes[DEVICE_MODE_ENTERPRISE] = true; | 481 modes[DEVICE_MODE_ENTERPRISE] = true; |
| 445 | 482 |
| 446 chromeos::OwnerSettingsServiceChromeOS* owner_settings_service = | 483 chromeos::OwnerSettingsServiceChromeOS* owner_settings_service = |
| 447 chromeos::OwnerSettingsServiceChromeOSFactory::GetForBrowserContext( | 484 chromeos::OwnerSettingsServiceChromeOSFactory::GetForBrowserContext( |
| 448 profile_.get()); | 485 profile_.get()); |
| 449 ASSERT_TRUE(owner_settings_service); | 486 ASSERT_TRUE(owner_settings_service); |
| 450 | 487 |
| 451 EnrollmentConfig enrollment_config; | 488 EnrollmentConfig enrollment_config; |
| 452 enrollment_config.mode = EnrollmentConfig::MODE_MANUAL; | 489 enrollment_config.auth_mechanism = |
| 490 EnrollmentConfig::AUTH_MECHANISM_BEST_AVAILABLE; |
| 491 enrollment_config.mode = with_cert ? EnrollmentConfig::MODE_ATTESTATION |
| 492 : EnrollmentConfig::MODE_MANUAL; |
| 493 std::string token = with_cert ? "" : "auth token"; |
| 453 initializer_->StartEnrollment( | 494 initializer_->StartEnrollment( |
| 454 &device_management_service_, enrollment_config, "auth token", modes, | 495 &device_management_service_, enrollment_config, token, modes, |
| 455 base::Bind(&DeviceCloudPolicyManagerChromeOSEnrollmentTest::Done, | 496 base::Bind(&DeviceCloudPolicyManagerChromeOSEnrollmentTest::Done, |
| 456 base::Unretained(this))); | 497 base::Unretained(this))); |
| 457 base::RunLoop().RunUntilIdle(); | 498 base::RunLoop().RunUntilIdle(); |
| 458 Mock::VerifyAndClearExpectations(&device_management_service_); | 499 Mock::VerifyAndClearExpectations(&device_management_service_); |
| 459 AllowUninterestingRemoteCommandFetches(); | 500 AllowUninterestingRemoteCommandFetches(); |
| 460 | 501 |
| 461 if (done_) | 502 if (done_) |
| 462 return; | 503 return; |
| 463 | 504 |
| 464 // Process registration. | 505 // Process registration. |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 em::DeviceManagementRequest register_request_; | 613 em::DeviceManagementRequest register_request_; |
| 573 std::string client_id_; | 614 std::string client_id_; |
| 574 EnrollmentStatus status_; | 615 EnrollmentStatus status_; |
| 575 | 616 |
| 576 bool done_; | 617 bool done_; |
| 577 | 618 |
| 578 private: | 619 private: |
| 579 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSEnrollmentTest); | 620 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSEnrollmentTest); |
| 580 }; | 621 }; |
| 581 | 622 |
| 582 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) { | 623 // TODO(drcrash): Handle cert-based tests (http://crbug.com/641447). |
| 583 RunTest(); | |
| 584 ExpectSuccessfulEnrollment(); | |
| 585 } | |
| 586 | |
| 587 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) { | 624 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) { |
| 588 LockDevice(); | 625 LockDevice(); |
| 589 | |
| 590 RunTest(); | 626 RunTest(); |
| 591 ExpectSuccessfulEnrollment(); | 627 ExpectSuccessfulEnrollment(); |
| 592 EXPECT_TRUE(register_request_.register_request().reregister()); | 628 EXPECT_TRUE(register_request_.register_request().reregister()); |
| 593 EXPECT_EQ(PolicyBuilder::kFakeDeviceId, client_id_); | 629 EXPECT_EQ(PolicyBuilder::kFakeDeviceId, client_id_); |
| 594 } | 630 } |
| 595 | 631 |
| 596 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, RegistrationFailed) { | 632 class ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest |
| 633 : public DeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 634 public testing::WithParamInterface<bool> { |
| 635 protected: |
| 636 bool ShouldRegisterWitCert() const override { return GetParam(); } |
| 637 }; |
| 638 |
| 639 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) { |
| 640 RunTest(); |
| 641 ExpectSuccessfulEnrollment(); |
| 642 } |
| 643 |
| 644 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 645 RegistrationFailed) { |
| 597 register_status_ = DM_STATUS_REQUEST_FAILED; | 646 register_status_ = DM_STATUS_REQUEST_FAILED; |
| 598 RunTest(); | 647 RunTest(); |
| 599 ExpectFailedEnrollment(EnrollmentStatus::STATUS_REGISTRATION_FAILED); | 648 ExpectFailedEnrollment(EnrollmentStatus::STATUS_REGISTRATION_FAILED); |
| 600 EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status()); | 649 EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status()); |
| 601 } | 650 } |
| 602 | 651 |
| 603 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, | 652 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 604 RobotAuthCodeFetchFailed) { | 653 RobotAuthCodeFetchFailed) { |
| 605 robot_auth_fetch_status_ = DM_STATUS_REQUEST_FAILED; | 654 robot_auth_fetch_status_ = DM_STATUS_REQUEST_FAILED; |
| 606 RunTest(); | 655 RunTest(); |
| 607 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED); | 656 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED); |
| 608 } | 657 } |
| 609 | 658 |
| 610 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, | 659 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 611 RobotRefreshTokenFetchResponseCodeFailed) { | 660 RobotRefreshTokenFetchResponseCodeFailed) { |
| 612 url_fetcher_response_code_ = 400; | 661 url_fetcher_response_code_ = 400; |
| 613 RunTest(); | 662 RunTest(); |
| 614 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED); | 663 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED); |
| 615 EXPECT_EQ(400, status_.http_status()); | 664 EXPECT_EQ(400, status_.http_status()); |
| 616 } | 665 } |
| 617 | 666 |
| 618 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, | 667 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 619 RobotRefreshTokenFetchResponseStringFailed) { | 668 RobotRefreshTokenFetchResponseStringFailed) { |
| 620 url_fetcher_response_string_ = "invalid response json"; | 669 url_fetcher_response_string_ = "invalid response json"; |
| 621 RunTest(); | 670 RunTest(); |
| 622 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED); | 671 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED); |
| 623 } | 672 } |
| 624 | 673 |
| 625 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, | 674 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 626 RobotRefreshEncryptionFailed) { | 675 RobotRefreshEncryptionFailed) { |
| 627 // The encryption lib is a noop for tests, but empty results from encryption | 676 // The encryption lib is a noop for tests, but empty results from encryption |
| 628 // is an error, so we simulate an encryption error by returning an empty | 677 // is an error, so we simulate an encryption error by returning an empty |
| 629 // refresh token. | 678 // refresh token. |
| 630 url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\"," | 679 url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\"," |
| 631 "\"expires_in\":1234," | 680 "\"expires_in\":1234," |
| 632 "\"refresh_token\":\"\"}"; | 681 "\"refresh_token\":\"\"}"; |
| 633 RunTest(); | 682 RunTest(); |
| 634 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED); | 683 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED); |
| 635 } | 684 } |
| 636 | 685 |
| 637 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, PolicyFetchFailed) { | 686 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 687 PolicyFetchFailed) { |
| 638 policy_fetch_status_ = DM_STATUS_REQUEST_FAILED; | 688 policy_fetch_status_ = DM_STATUS_REQUEST_FAILED; |
| 639 RunTest(); | 689 RunTest(); |
| 640 ExpectFailedEnrollment(EnrollmentStatus::STATUS_POLICY_FETCH_FAILED); | 690 ExpectFailedEnrollment(EnrollmentStatus::STATUS_POLICY_FETCH_FAILED); |
| 641 EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status()); | 691 EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status()); |
| 642 } | 692 } |
| 643 | 693 |
| 644 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, ValidationFailed) { | 694 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 695 ValidationFailed) { |
| 645 device_policy_.policy().set_policy_data_signature("bad"); | 696 device_policy_.policy().set_policy_data_signature("bad"); |
| 646 policy_fetch_response_.clear_policy_response(); | 697 policy_fetch_response_.clear_policy_response(); |
| 647 policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom( | 698 policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom( |
| 648 device_policy_.policy()); | 699 device_policy_.policy()); |
| 649 RunTest(); | 700 RunTest(); |
| 650 ExpectFailedEnrollment(EnrollmentStatus::STATUS_VALIDATION_FAILED); | 701 ExpectFailedEnrollment(EnrollmentStatus::STATUS_VALIDATION_FAILED); |
| 651 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, | 702 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, |
| 652 status_.validation_status()); | 703 status_.validation_status()); |
| 653 } | 704 } |
| 654 | 705 |
| 655 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, StoreError) { | 706 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 707 StoreError) { |
| 656 store_result_ = false; | 708 store_result_ = false; |
| 657 RunTest(); | 709 RunTest(); |
| 658 ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR); | 710 ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR); |
| 659 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, | 711 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, |
| 660 status_.store_status()); | 712 status_.store_status()); |
| 661 } | 713 } |
| 662 | 714 |
| 663 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) { | 715 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) { |
| 664 loaded_blob_.clear(); | 716 loaded_blob_.clear(); |
| 665 RunTest(); | 717 RunTest(); |
| 666 ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR); | 718 ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR); |
| 667 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, | 719 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, |
| 668 status_.store_status()); | 720 status_.store_status()); |
| 669 } | 721 } |
| 670 | 722 |
| 671 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, UnregisterSucceeds) { | 723 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 724 UnregisterSucceeds) { |
| 672 // Enroll first. | 725 // Enroll first. |
| 673 RunTest(); | 726 RunTest(); |
| 674 ExpectSuccessfulEnrollment(); | 727 ExpectSuccessfulEnrollment(); |
| 675 | 728 |
| 676 // Set up mock objects for the upcoming unregistration job. | 729 // Set up mock objects for the upcoming unregistration job. |
| 677 em::DeviceManagementResponse response; | 730 em::DeviceManagementResponse response; |
| 678 response.mutable_unregister_response(); | 731 response.mutable_unregister_response(); |
| 679 EXPECT_CALL(device_management_service_, | 732 EXPECT_CALL(device_management_service_, |
| 680 CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _)) | 733 CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _)) |
| 681 .WillOnce(device_management_service_.SucceedJob(response)); | 734 .WillOnce(device_management_service_.SucceedJob(response)); |
| 682 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _)); | 735 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _)); |
| 683 EXPECT_CALL(*this, OnUnregistered(true)); | 736 EXPECT_CALL(*this, OnUnregistered(true)); |
| 684 | 737 |
| 685 // Start unregistering. | 738 // Start unregistering. |
| 686 manager_->Unregister(base::Bind( | 739 manager_->Unregister(base::Bind( |
| 687 &DeviceCloudPolicyManagerChromeOSEnrollmentTest::OnUnregistered, | 740 &DeviceCloudPolicyManagerChromeOSEnrollmentTest::OnUnregistered, |
| 688 base::Unretained(this))); | 741 base::Unretained(this))); |
| 689 } | 742 } |
| 690 | 743 |
| 691 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, UnregisterFails) { | 744 TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 745 UnregisterFails) { |
| 692 // Enroll first. | 746 // Enroll first. |
| 693 RunTest(); | 747 RunTest(); |
| 694 ExpectSuccessfulEnrollment(); | 748 ExpectSuccessfulEnrollment(); |
| 695 | 749 |
| 696 // Set up mock objects for the upcoming unregistration job. | 750 // Set up mock objects for the upcoming unregistration job. |
| 697 EXPECT_CALL(device_management_service_, | 751 EXPECT_CALL(device_management_service_, |
| 698 CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _)) | 752 CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _)) |
| 699 .WillOnce(device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); | 753 .WillOnce(device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); |
| 700 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _)); | 754 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _)); |
| 701 EXPECT_CALL(*this, OnUnregistered(false)); | 755 EXPECT_CALL(*this, OnUnregistered(false)); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 716 } | 770 } |
| 717 }; | 771 }; |
| 718 | 772 |
| 719 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest, | 773 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest, |
| 720 RobotRefreshSaveFailed) { | 774 RobotRefreshSaveFailed) { |
| 721 // Without the system salt, the robot token can't be stored. | 775 // Without the system salt, the robot token can't be stored. |
| 722 RunTest(); | 776 RunTest(); |
| 723 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED); | 777 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED); |
| 724 } | 778 } |
| 725 | 779 |
| 780 INSTANTIATE_TEST_CASE_P( |
| 781 Cert, |
| 782 ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, |
| 783 ::testing::Values(false, true)); |
| 784 |
| 726 } // namespace | 785 } // namespace |
| 727 } // namespace policy | 786 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2276593004:
Device registration using an enrollment certificate from the PCA. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master