OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | |
6 | |
7 #include <memory> | |
8 | |
9 #include "base/bind.h" | |
10 #include "base/bind_helpers.h" | |
11 #include "base/files/file_util.h" | |
12 #include "base/files/scoped_temp_dir.h" | |
13 #include "base/path_service.h" | |
14 #include "base/run_loop.h" | |
15 #include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h" | |
16 #include "chromeos/chromeos_paths.h" | |
17 #include "chromeos/cryptohome/cryptohome_util.h" | |
18 #include "chromeos/dbus/cryptohome_client.h" | |
19 #include "chromeos/dbus/dbus_thread_manager.h" | |
20 #include "google_apis/gaia/gaia_auth_util.h" | |
21 #include "testing/gtest/include/gtest/gtest.h" | |
22 | |
23 namespace policy { | |
24 | |
25 namespace cryptohome_util = chromeos::cryptohome_util; | |
26 | |
27 namespace { | |
28 | |
29 void CopyLockResult(base::RunLoop* loop, | |
30 EnterpriseInstallAttributes::LockResult* out, | |
31 EnterpriseInstallAttributes::LockResult result) { | |
32 *out = result; | |
33 loop->Quit(); | |
34 } | |
35 | |
36 } // namespace | |
37 | |
38 static const char kTestUser[] = "test@example.com"; | |
39 static const char kTestUserCanonicalize[] = "UPPER.CASE@example.com"; | |
40 static const char kTestDomain[] = "example.com"; | |
41 static const char kTestDeviceId[] = "133750519"; | |
42 | |
43 class EnterpriseInstallAttributesTest : public testing::Test { | |
44 protected: | |
45 EnterpriseInstallAttributesTest() {} | |
46 | |
47 void SetUp() override { | |
48 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); | |
49 ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded( | |
50 chromeos::FILE_INSTALL_ATTRIBUTES, GetTempPath(), true, false)); | |
51 chromeos::DBusThreadManager::Initialize(); | |
52 install_attributes_.reset(new EnterpriseInstallAttributes( | |
53 chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); | |
54 } | |
55 | |
56 void TearDown() override { chromeos::DBusThreadManager::Shutdown(); } | |
57 | |
58 base::FilePath GetTempPath() const { | |
59 base::FilePath temp_path = base::MakeAbsoluteFilePath(temp_dir_.GetPath()); | |
60 return temp_path.Append("install_attrs_test"); | |
61 } | |
62 | |
63 void SetAttribute( | |
64 cryptohome::SerializedInstallAttributes* install_attrs_proto, | |
65 const std::string& name, | |
66 const std::string& value) { | |
67 cryptohome::SerializedInstallAttributes::Attribute* attribute; | |
68 attribute = install_attrs_proto->add_attributes(); | |
69 attribute->set_name(name); | |
70 attribute->set_value(value); | |
71 } | |
72 | |
73 base::MessageLoopForUI message_loop_; | |
74 base::ScopedTempDir temp_dir_; | |
75 std::unique_ptr<EnterpriseInstallAttributes> install_attributes_; | |
76 | |
77 EnterpriseInstallAttributes::LockResult LockDeviceAndWaitForResult( | |
78 const std::string& user, | |
79 DeviceMode device_mode, | |
80 const std::string& device_id) { | |
81 base::RunLoop loop; | |
82 EnterpriseInstallAttributes::LockResult result; | |
83 install_attributes_->LockDevice( | |
84 user, | |
85 device_mode, | |
86 device_id, | |
87 base::Bind(&CopyLockResult, &loop, &result)); | |
88 loop.Run(); | |
89 return result; | |
90 } | |
91 }; | |
92 | |
93 TEST_F(EnterpriseInstallAttributesTest, Lock) { | |
94 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
95 LockDeviceAndWaitForResult(kTestUser, DEVICE_MODE_ENTERPRISE, | |
96 kTestDeviceId)); | |
97 | |
98 // Locking an already locked device should succeed if the parameters match. | |
99 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
100 LockDeviceAndWaitForResult(kTestUser, DEVICE_MODE_ENTERPRISE, | |
101 kTestDeviceId)); | |
102 | |
103 // Another user from the same domain should also succeed. | |
104 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
105 LockDeviceAndWaitForResult("test1@example.com", | |
106 DEVICE_MODE_ENTERPRISE, kTestDeviceId)); | |
107 | |
108 // But another domain should fail. | |
109 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_WRONG_DOMAIN, | |
110 LockDeviceAndWaitForResult("test@bluebears.com", | |
111 DEVICE_MODE_ENTERPRISE, kTestDeviceId)); | |
112 | |
113 // A non-matching mode should fail as well. | |
114 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_WRONG_MODE, | |
115 LockDeviceAndWaitForResult(kTestUser, DEVICE_MODE_CONSUMER, | |
116 kTestDeviceId)); | |
117 } | |
118 | |
119 TEST_F(EnterpriseInstallAttributesTest, LockCanonicalize) { | |
120 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
121 LockDeviceAndWaitForResult( | |
122 kTestUserCanonicalize, | |
123 DEVICE_MODE_ENTERPRISE, | |
124 kTestDeviceId)); | |
125 EXPECT_EQ(gaia::CanonicalizeEmail(kTestUserCanonicalize), | |
126 install_attributes_->GetRegistrationUser()); | |
127 } | |
128 | |
129 TEST_F(EnterpriseInstallAttributesTest, IsEnterpriseDevice) { | |
130 install_attributes_->Init(GetTempPath()); | |
131 EXPECT_FALSE(install_attributes_->IsEnterpriseDevice()); | |
132 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
133 LockDeviceAndWaitForResult( | |
134 kTestUser, | |
135 DEVICE_MODE_ENTERPRISE, | |
136 kTestDeviceId)); | |
137 EXPECT_TRUE(install_attributes_->IsEnterpriseDevice()); | |
138 } | |
139 | |
140 TEST_F(EnterpriseInstallAttributesTest, GetDomain) { | |
141 install_attributes_->Init(GetTempPath()); | |
142 EXPECT_EQ(std::string(), install_attributes_->GetDomain()); | |
143 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
144 LockDeviceAndWaitForResult( | |
145 kTestUser, | |
146 DEVICE_MODE_ENTERPRISE, | |
147 kTestDeviceId)); | |
148 EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); | |
149 } | |
150 | |
151 TEST_F(EnterpriseInstallAttributesTest, GetRegistrationUser) { | |
152 install_attributes_->Init(GetTempPath()); | |
153 EXPECT_EQ(std::string(), install_attributes_->GetRegistrationUser()); | |
154 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
155 LockDeviceAndWaitForResult( | |
156 kTestUser, | |
157 DEVICE_MODE_ENTERPRISE, | |
158 kTestDeviceId)); | |
159 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); | |
160 } | |
161 | |
162 TEST_F(EnterpriseInstallAttributesTest, GetDeviceId) { | |
163 install_attributes_->Init(GetTempPath()); | |
164 EXPECT_EQ(std::string(), install_attributes_->GetDeviceId()); | |
165 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
166 LockDeviceAndWaitForResult( | |
167 kTestUser, | |
168 DEVICE_MODE_ENTERPRISE, | |
169 kTestDeviceId)); | |
170 EXPECT_EQ(kTestDeviceId, install_attributes_->GetDeviceId()); | |
171 } | |
172 | |
173 TEST_F(EnterpriseInstallAttributesTest, GetMode) { | |
174 install_attributes_->Init(GetTempPath()); | |
175 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); | |
176 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
177 LockDeviceAndWaitForResult(kTestUser, DEVICE_MODE_ENTERPRISE, | |
178 kTestDeviceId)); | |
179 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); | |
180 } | |
181 | |
182 TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) { | |
183 install_attributes_->Init(GetTempPath()); | |
184 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); | |
185 // Lock the attributes empty. | |
186 ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); | |
187 base::RunLoop loop; | |
188 install_attributes_->ReadImmutableAttributes(loop.QuitClosure()); | |
189 loop.Run(); | |
190 | |
191 ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); | |
192 EXPECT_EQ(DEVICE_MODE_CONSUMER, install_attributes_->GetMode()); | |
193 } | |
194 | |
195 TEST_F(EnterpriseInstallAttributesTest, ConsumerKioskDevice) { | |
196 install_attributes_->Init(GetTempPath()); | |
197 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); | |
198 // Lock the attributes for consumer kiosk. | |
199 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, | |
200 LockDeviceAndWaitForResult( | |
201 std::string(), | |
202 DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, | |
203 std::string())); | |
204 | |
205 ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); | |
206 EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, | |
207 install_attributes_->GetMode()); | |
208 ASSERT_TRUE(install_attributes_->IsConsumerKioskDeviceWithAutoLaunch()); | |
209 } | |
210 | |
211 TEST_F(EnterpriseInstallAttributesTest, DeviceLockedFromOlderVersion) { | |
212 install_attributes_->Init(GetTempPath()); | |
213 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); | |
214 // Lock the attributes as if it was done from older Chrome version. | |
215 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( | |
216 EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true")); | |
217 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( | |
218 EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser)); | |
219 ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); | |
220 base::RunLoop loop; | |
221 install_attributes_->ReadImmutableAttributes(loop.QuitClosure()); | |
222 loop.Run(); | |
223 | |
224 ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); | |
225 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); | |
226 EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); | |
227 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); | |
228 EXPECT_EQ("", install_attributes_->GetDeviceId()); | |
229 } | |
230 | |
231 TEST_F(EnterpriseInstallAttributesTest, Init) { | |
232 cryptohome::SerializedInstallAttributes install_attrs_proto; | |
233 SetAttribute(&install_attrs_proto, | |
234 EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"); | |
235 SetAttribute(&install_attrs_proto, | |
236 EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser); | |
237 const std::string blob(install_attrs_proto.SerializeAsString()); | |
238 ASSERT_EQ(static_cast<int>(blob.size()), | |
239 base::WriteFile(GetTempPath(), blob.c_str(), blob.size())); | |
240 install_attributes_->Init(GetTempPath()); | |
241 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); | |
242 EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); | |
243 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); | |
244 EXPECT_EQ("", install_attributes_->GetDeviceId()); | |
245 } | |
246 | |
247 TEST_F(EnterpriseInstallAttributesTest, InitForConsumerKiosk) { | |
248 cryptohome::SerializedInstallAttributes install_attrs_proto; | |
249 SetAttribute(&install_attrs_proto, | |
250 EnterpriseInstallAttributes::kAttrConsumerKioskEnabled, "true"); | |
251 const std::string blob(install_attrs_proto.SerializeAsString()); | |
252 ASSERT_EQ(static_cast<int>(blob.size()), | |
253 base::WriteFile(GetTempPath(), blob.c_str(), blob.size())); | |
254 install_attributes_->Init(GetTempPath()); | |
255 EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, | |
256 install_attributes_->GetMode()); | |
257 EXPECT_EQ("", install_attributes_->GetDomain()); | |
258 EXPECT_EQ("", install_attributes_->GetRegistrationUser()); | |
259 EXPECT_EQ("", install_attributes_->GetDeviceId()); | |
260 } | |
261 | |
262 TEST_F(EnterpriseInstallAttributesTest, VerifyFakeInstallAttributesCache) { | |
263 // This test verifies that FakeCryptohomeClient::InstallAttributesFinalize | |
264 // writes a cache that EnterpriseInstallAttributes::Init accepts. | |
265 | |
266 // Verify that no attributes are initially set. | |
267 install_attributes_->Init(GetTempPath()); | |
268 EXPECT_EQ("", install_attributes_->GetRegistrationUser()); | |
269 | |
270 // Write test values. | |
271 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( | |
272 EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true")); | |
273 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( | |
274 EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser)); | |
275 ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); | |
276 | |
277 // Verify that EnterpriseInstallAttributes correctly decodes the stub | |
278 // cache file. | |
279 install_attributes_->Init(GetTempPath()); | |
280 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); | |
281 } | |
282 | |
283 } // namespace policy | |
OLD | NEW |