All DCP manager tests that enroll/register are tested with all auths.

chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
 
 #include <stdint.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 28 matching lines @@
 #include "chromeos/dbus/dbus_client_implementation_type.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/fake_cryptohome_client.h"
 #include "chromeos/dbus/fake_session_manager_client.h"
 #include "chromeos/system/fake_statistics_provider.h"
 #include "chromeos/system/statistics_provider.h"
 #include "components/policy/core/common/cloud/cloud_policy_client.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "components/policy/core/common/cloud/cloud_policy_core.h"
 #include "components/policy/core/common/cloud/mock_device_management_service.h"
+#include "components/policy/core/common/cloud/mock_signing_service.h"
 #include "components/policy/core/common/external_data_fetcher.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/core/common/schema_registry.h"
 #include "components/policy/policy_constants.h"
 #include "components/policy/proto/device_management_backend.pb.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/testing_pref_service.h"
 #include "google_apis/gaia/gaia_oauth_client.h"
 #include "net/url_request/test_url_fetcher_factory.h"
 #include "net/url_request/url_request_test_util.h"
@@ skipping 58 matching lines @@
     state_keys.push_back("1");
     state_keys.push_back("2");
     state_keys.push_back("3");
     fake_session_manager_client_.set_server_backed_state_keys(state_keys);
   }
 
   ~DeviceCloudPolicyManagerChromeOSTest() override {
     chromeos::system::StatisticsProvider::SetTestProvider(NULL);
   }
 
-  virtual bool ShouldRegisterWitCert() const { return false; }
+  virtual bool ShouldRegisterWithCert() const { return false; }
 
   void SetUp() override {
     DeviceSettingsTestBase::SetUp();
     dbus_setter_->SetCryptohomeClient(
         std::unique_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
     chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
     cryptohome::AsyncMethodCaller::Initialize();
 
     install_attributes_.reset(
         new EnterpriseInstallAttributes(fake_cryptohome_client_));
@@ skipping 23 matching lines @@
                                    "\"expires_in\":1234,"
                                    "\"refresh_token\":\"refreshToken4Test\"}";
 
     AllowUninterestingRemoteCommandFetches();
   }
 
   StrictMock<chromeos::attestation::MockAttestationFlow>*
   CreateAttestationFlow() {
     StrictMock<chromeos::attestation::MockAttestationFlow>* mock =
         new StrictMock<chromeos::attestation::MockAttestationFlow>();
-    if (ShouldRegisterWitCert()) {
+    if (ShouldRegisterWithCert()) {
       EXPECT_CALL(*mock, GetCertificate(_, _, _, _, _))
           .WillOnce(WithArgs<4>(Invoke(CertCallbackSuccess)));
     }
     return mock;
   }
 
   void TearDown() override {
     cryptohome::AsyncMethodCaller::Shutdown();
 
     manager_->RemoveDeviceCloudPolicyManagerObserver(this);
@@ skipping 22 matching lines @@
   void ConnectManager() {
     std::unique_ptr<chromeos::attestation::AttestationFlow> unique_flow(
         CreateAttestationFlow());
     manager_->Initialize(&local_state_);
     manager_->AddDeviceCloudPolicyManagerObserver(this);
     initializer_.reset(new DeviceCloudPolicyInitializer(
         &local_state_, &device_management_service_,
         base::ThreadTaskRunnerHandle::Get(), install_attributes_.get(),
         &state_keys_broker_, store_, manager_.get(),
         cryptohome::AsyncMethodCaller::GetInstance(), std::move(unique_flow)));
+    initializer_->SetSigningServiceForTesting(
+        base::MakeUnique<FakeSigningService>());
     initializer_->Init();
   }
 
   void VerifyPolicyPopulated() {
     PolicyBundle bundle;
     bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
         .Set(key::kDeviceMetricsReportingEnabled, POLICY_LEVEL_MANDATORY,
              POLICY_SCOPE_MACHINE, POLICY_SOURCE_CLOUD,
              base::MakeUnique<base::FundamentalValue>(false), nullptr);
     EXPECT_TRUE(manager_->policies().Equals(bundle));
@@ skipping 163 matching lines @@
   Mock::VerifyAndClearExpectations(this);
   EXPECT_TRUE(manager_->core()->service());  // Connected.
 
   // Disconnect the manager.
   EXPECT_CALL(*this, OnDeviceCloudPolicyManagerDisconnected());
   manager_->Disconnect();
   EXPECT_FALSE(manager_->core()->service());  // Not connnected.
 }
 
 class DeviceCloudPolicyManagerChromeOSEnrollmentTest
-    : public DeviceCloudPolicyManagerChromeOSTest {
+    : public DeviceCloudPolicyManagerChromeOSTest,
+      public testing::WithParamInterface<bool> {
  public:
   void Done(EnrollmentStatus status) {
     status_ = status;
     done_ = true;
   }
 
   MOCK_METHOD1(OnUnregistered, void(bool));
 
  protected:
   DeviceCloudPolicyManagerChromeOSEnrollmentTest()
@@ skipping 44 matching lines @@
     EXPECT_EQ(EnrollmentStatus::STATUS_SUCCESS, status_.status());
     ASSERT_TRUE(manager_->core()->client());
     EXPECT_TRUE(manager_->core()->client()->is_registered());
     EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
     EXPECT_TRUE(store_->has_policy());
     EXPECT_TRUE(store_->is_managed());
     VerifyPolicyPopulated();
   }
 
   void RunTest() {
-    const bool with_cert = ShouldRegisterWitCert();
+    const bool with_cert = ShouldRegisterWithCert();
     // Trigger enrollment.
     MockDeviceManagementJob* register_job = NULL;
     EXPECT_CALL(
         device_management_service_,
         CreateJob(with_cert
                       ? DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION
                       : DeviceManagementRequestJob::TYPE_REGISTRATION,
                   _))
         .Times(AtMost(1))
         .WillOnce(device_management_service_.CreateAsyncJob(&register_job));
@@ skipping 118 matching lines @@
     if (done_)
       return;
 
     // Key installation and policy load.
     device_settings_test_helper_.set_policy_blob(loaded_blob_);
     owner_key_util_->SetPublicKeyFromPrivateKey(
         *device_policy_.GetNewSigningKey());
     ReloadDeviceSettings();
   }
 
+  bool ShouldRegisterWithCert() const override { return GetParam(); }
+
+  const em::DeviceRegisterRequest& GetDeviceRegisterRequest() {
+    if (ShouldRegisterWithCert()) {
+      const em::SignedData& signed_request =
+          register_request_.cert_based_register_request().signed_request();
+      em::CertificateBasedDeviceRegistrationData data;
+      EXPECT_TRUE(data.ParseFromString(signed_request.data().substr(
+          0,
+          signed_request.data().size() - signed_request.extra_data_bytes())));
+      EXPECT_EQ(em::CertificateBasedDeviceRegistrationData::
+                    ENTERPRISE_ENROLLMENT_CERTIFICATE,
+                data.certificate_type());
+      return data.device_register_request();
+    } else {
+      return register_request_.register_request();
+    }
+  }
+
   DeviceManagementStatus register_status_;
   em::DeviceManagementResponse register_response_;
 
   DeviceManagementStatus policy_fetch_status_;
   em::DeviceManagementResponse policy_fetch_response_;
 
   DeviceManagementStatus robot_auth_fetch_status_;
   em::DeviceManagementResponse robot_auth_fetch_response_;
 
   bool store_result_;
   std::string loaded_blob_;
 
   em::DeviceManagementRequest register_request_;
   std::string client_id_;
   EnrollmentStatus status_;
 
   bool done_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSEnrollmentTest);
 };
 
-// TODO(drcrash): Handle cert-based tests (http://crbug.com/641447).
-TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) {
-  LockDevice();
-  RunTest();
-  ExpectSuccessfulEnrollment();
-  EXPECT_TRUE(register_request_.register_request().reregister());
-  EXPECT_EQ(PolicyBuilder::kFakeDeviceId, client_id_);
-}
-
-class ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest
-    : public DeviceCloudPolicyManagerChromeOSEnrollmentTest,
-      public testing::WithParamInterface<bool> {
- protected:
-  bool ShouldRegisterWitCert() const override { return GetParam(); }
-};
-
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) {
   RunTest();
   ExpectSuccessfulEnrollment();
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
-       RegistrationFailed) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) {
+  LockDevice();
+  RunTest();
+  ExpectSuccessfulEnrollment();
+  EXPECT_TRUE(GetDeviceRegisterRequest().reregister());
+  EXPECT_EQ(PolicyBuilder::kFakeDeviceId, client_id_);
+}
+
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, RegistrationFailed) {
   register_status_ = DM_STATUS_REQUEST_FAILED;
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_REGISTRATION_FAILED);
   EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status());
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
        RobotAuthCodeFetchFailed) {
   robot_auth_fetch_status_ = DM_STATUS_REQUEST_FAILED;
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED);
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
        RobotRefreshTokenFetchResponseCodeFailed) {
   url_fetcher_response_code_ = 400;
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED);
   EXPECT_EQ(400, status_.http_status());
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
        RobotRefreshTokenFetchResponseStringFailed) {
   url_fetcher_response_string_ = "invalid response json";
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED);
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
        RobotRefreshEncryptionFailed) {
   // The encryption lib is a noop for tests, but empty results from encryption
   // is an error, so we simulate an encryption error by returning an empty
   // refresh token.
   url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\","
                                  "\"expires_in\":1234,"
                                  "\"refresh_token\":\"\"}";
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED);
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
-       PolicyFetchFailed) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, PolicyFetchFailed) {
   policy_fetch_status_ = DM_STATUS_REQUEST_FAILED;
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_POLICY_FETCH_FAILED);
   EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status());
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
-       ValidationFailed) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, ValidationFailed) {
   device_policy_.policy().set_policy_data_signature("bad");
   policy_fetch_response_.clear_policy_response();
   policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom(
       device_policy_.policy());
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_VALIDATION_FAILED);
   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
             status_.validation_status());
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
-       StoreError) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, StoreError) {
   store_result_ = false;
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR);
   EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR,
             status_.store_status());
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) {
   loaded_blob_.clear();
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR);
   EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
             status_.store_status());
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
-       UnregisterSucceeds) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, UnregisterSucceeds) {
   // Enroll first.
   RunTest();
   ExpectSuccessfulEnrollment();
 
   // Set up mock objects for the upcoming unregistration job.
   em::DeviceManagementResponse response;
   response.mutable_unregister_response();
   EXPECT_CALL(device_management_service_,
               CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _))
       .WillOnce(device_management_service_.SucceedJob(response));
   EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _));
   EXPECT_CALL(*this, OnUnregistered(true));
 
   // Start unregistering.
   manager_->Unregister(base::Bind(
       &DeviceCloudPolicyManagerChromeOSEnrollmentTest::OnUnregistered,
       base::Unretained(this)));
 }
 
-TEST_P(ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
-       UnregisterFails) {
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentTest, UnregisterFails) {
   // Enroll first.
   RunTest();
   ExpectSuccessfulEnrollment();
 
   // Set up mock objects for the upcoming unregistration job.
   EXPECT_CALL(device_management_service_,
               CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _))
       .WillOnce(device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED));
   EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _));
   EXPECT_CALL(*this, OnUnregistered(false));
 
   // Start unregistering.
   manager_->Unregister(base::Bind(
       &DeviceCloudPolicyManagerChromeOSEnrollmentTest::OnUnregistered,
       base::Unretained(this)));
 }
 
 // A subclass that runs with a blank system salt.
 class DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest
     : public DeviceCloudPolicyManagerChromeOSEnrollmentTest {
  protected:
   DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest() {
     // Set up a FakeCryptohomeClient with a blank system salt.
     fake_cryptohome_client_->set_system_salt(std::vector<uint8_t>());
   }
 };
 
-TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest,
+TEST_P(DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest,
        RobotRefreshSaveFailed) {
   // Without the system salt, the robot token can't be stored.
   RunTest();
   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED);
 }
 
+INSTANTIATE_TEST_CASE_P(Cert,
+                        DeviceCloudPolicyManagerChromeOSEnrollmentTest,
+                        ::testing::Values(false, true));
+
 INSTANTIATE_TEST_CASE_P(
     Cert,
-    ParameterizedDeviceCloudPolicyManagerChromeOSEnrollmentTest,
+    DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest,
     ::testing::Values(false, true));
 
 }  // namespace
 }  // namespace policy