| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 using testing::Mock; | 40 using testing::Mock; |
| 41 using testing::Property; | 41 using testing::Property; |
| 42 using testing::Return; | 42 using testing::Return; |
| 43 using testing::SaveArg; | 43 using testing::SaveArg; |
| 44 using testing::_; | 44 using testing::_; |
| 45 | 45 |
| 46 namespace policy { | 46 namespace policy { |
| 47 | 47 |
| 48 namespace { | 48 namespace { |
| 49 | 49 |
| 50 const char kLegacyDeviceId[] = "legacy-device-id"; | |
| 51 const char kLegacyToken[] = "legacy-token"; | |
| 52 const char kSanitizedUsername[] = | 50 const char kSanitizedUsername[] = |
| 53 "0123456789ABCDEF0123456789ABCDEF012345678@example.com"; | 51 "0123456789ABCDEF0123456789ABCDEF012345678@example.com"; |
| 54 const char kDefaultHomepage[] = "http://chromium.org"; | 52 const char kDefaultHomepage[] = "http://chromium.org"; |
| 55 | 53 |
| 56 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { | 54 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { |
| 57 base::ThreadTaskRunnerHandle::Get()->PostTask( | 55 base::ThreadTaskRunnerHandle::Get()->PostTask( |
| 58 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); | 56 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); |
| 59 } | 57 } |
| 60 | 58 |
| 61 class UserCloudPolicyStoreChromeOSTest : public testing::Test { | 59 class UserCloudPolicyStoreChromeOSTest : public testing::Test { |
| 62 protected: | 60 protected: |
| 63 UserCloudPolicyStoreChromeOSTest() {} | 61 UserCloudPolicyStoreChromeOSTest() {} |
| 64 | 62 |
| 65 void SetUp() override { | 63 void SetUp() override { |
| 66 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) | 64 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 67 .Times(AnyNumber()) | 65 .Times(AnyNumber()) |
| 68 .WillRepeatedly(SendSanitizedUsername( | 66 .WillRepeatedly(SendSanitizedUsername( |
| 69 chromeos::DBUS_METHOD_CALL_SUCCESS, kSanitizedUsername)); | 67 chromeos::DBUS_METHOD_CALL_SUCCESS, kSanitizedUsername)); |
| 70 | 68 |
| 71 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); | 69 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); |
| 72 store_.reset(new UserCloudPolicyStoreChromeOS( | 70 store_.reset(new UserCloudPolicyStoreChromeOS( |
| 73 &cryptohome_client_, &session_manager_client_, loop_.task_runner(), | 71 &cryptohome_client_, &session_manager_client_, loop_.task_runner(), |
| 74 account_id_, user_policy_dir(), token_file(), policy_file())); | 72 account_id_, user_policy_dir())); |
| 75 store_->AddObserver(&observer_); | 73 store_->AddObserver(&observer_); |
| 76 | 74 |
| 77 // Install the initial public key, so that by default the validation of | 75 // Install the initial public key, so that by default the validation of |
| 78 // the stored/loaded policy blob succeeds. | 76 // the stored/loaded policy blob succeeds. |
| 79 std::vector<uint8_t> public_key; | 77 std::vector<uint8_t> public_key; |
| 80 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); | 78 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); |
| 81 StoreUserPolicyKey(public_key); | 79 StoreUserPolicyKey(public_key); |
| 82 | 80 |
| 83 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); | 81 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); |
| 84 policy_.Build(); | 82 policy_.Build(); |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 201 | 199 |
| 202 base::FilePath user_policy_dir() { | 200 base::FilePath user_policy_dir() { |
| 203 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); | 201 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); |
| 204 } | 202 } |
| 205 | 203 |
| 206 base::FilePath user_policy_key_file() { | 204 base::FilePath user_policy_key_file() { |
| 207 return user_policy_dir().AppendASCII(kSanitizedUsername) | 205 return user_policy_dir().AppendASCII(kSanitizedUsername) |
| 208 .AppendASCII("policy.pub"); | 206 .AppendASCII("policy.pub"); |
| 209 } | 207 } |
| 210 | 208 |
| 211 base::FilePath token_file() { | |
| 212 return tmp_dir_.GetPath().AppendASCII("token"); | |
| 213 } | |
| 214 | |
| 215 base::FilePath policy_file() { | |
| 216 return tmp_dir_.GetPath().AppendASCII("policy"); | |
| 217 } | |
| 218 | |
| 219 base::MessageLoopForUI loop_; | 209 base::MessageLoopForUI loop_; |
| 220 chromeos::MockCryptohomeClient cryptohome_client_; | 210 chromeos::MockCryptohomeClient cryptohome_client_; |
| 221 chromeos::MockSessionManagerClient session_manager_client_; | 211 chromeos::MockSessionManagerClient session_manager_client_; |
| 222 UserPolicyBuilder policy_; | 212 UserPolicyBuilder policy_; |
| 223 MockCloudPolicyStoreObserver observer_; | 213 MockCloudPolicyStoreObserver observer_; |
| 224 std::unique_ptr<UserCloudPolicyStoreChromeOS> store_; | 214 std::unique_ptr<UserCloudPolicyStoreChromeOS> store_; |
| 225 const AccountId account_id_ = | 215 const AccountId account_id_ = |
| 226 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); | 216 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); |
| 227 const cryptohome::Identification cryptohome_id_ = | 217 const cryptohome::Identification cryptohome_id_ = |
| 228 cryptohome::Identification(account_id_); | 218 cryptohome::Identification(account_id_); |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 444 } | 434 } |
| 445 | 435 |
| 446 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | 436 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { |
| 447 // Break the signature. | 437 // Break the signature. |
| 448 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 438 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 449 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 439 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 450 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 440 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 451 VerifyStoreHasValidationError(); | 441 VerifyStoreHasValidationError(); |
| 452 } | 442 } |
| 453 | 443 |
| 454 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | |
| 455 std::string data; | |
| 456 | |
| 457 em::DeviceCredentials credentials; | |
| 458 credentials.set_device_token(kLegacyToken); | |
| 459 credentials.set_device_id(kLegacyDeviceId); | |
| 460 ASSERT_TRUE(credentials.SerializeToString(&data)); | |
| 461 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | |
| 462 | |
| 463 em::CachedCloudPolicyResponse cached_policy; | |
| 464 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | |
| 465 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | |
| 466 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | |
| 467 | |
| 468 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
| 469 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | |
| 470 Mock::VerifyAndClearExpectations(&observer_); | |
| 471 | |
| 472 // Verify that legacy user policy and token have been loaded. | |
| 473 em::PolicyData expected_policy_data; | |
| 474 EXPECT_TRUE(expected_policy_data.ParseFromString( | |
| 475 cached_policy.cloud_policy().policy_data())); | |
| 476 expected_policy_data.clear_public_key_version(); | |
| 477 expected_policy_data.set_request_token(kLegacyToken); | |
| 478 expected_policy_data.set_device_id(kLegacyDeviceId); | |
| 479 ASSERT_TRUE(store_->policy()); | |
| 480 EXPECT_EQ(expected_policy_data.SerializeAsString(), | |
| 481 store_->policy()->SerializeAsString()); | |
| 482 VerifyPolicyMap(kDefaultHomepage); | |
| 483 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
| 484 } | |
| 485 | |
| 486 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { | |
| 487 std::string data; | |
| 488 testing::Sequence seq; | |
| 489 | |
| 490 em::CachedCloudPolicyResponse cached_policy; | |
| 491 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | |
| 492 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | |
| 493 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | |
| 494 | |
| 495 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
| 496 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | |
| 497 Mock::VerifyAndClearExpectations(&observer_); | |
| 498 | |
| 499 // Verify the legacy cache has been loaded. | |
| 500 em::PolicyData expected_policy_data; | |
| 501 EXPECT_TRUE(expected_policy_data.ParseFromString( | |
| 502 cached_policy.cloud_policy().policy_data())); | |
| 503 expected_policy_data.clear_public_key_version(); | |
| 504 ASSERT_TRUE(store_->policy()); | |
| 505 EXPECT_EQ(expected_policy_data.SerializeAsString(), | |
| 506 store_->policy()->SerializeAsString()); | |
| 507 VerifyPolicyMap(kDefaultHomepage); | |
| 508 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
| 509 } | |
| 510 | |
| 511 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { | |
| 512 std::string data; | |
| 513 | |
| 514 em::DeviceCredentials credentials; | |
| 515 credentials.set_device_token(kLegacyToken); | |
| 516 credentials.set_device_id(kLegacyDeviceId); | |
| 517 ASSERT_TRUE(credentials.SerializeToString(&data)); | |
| 518 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | |
| 519 | |
| 520 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
| 521 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | |
| 522 Mock::VerifyAndClearExpectations(&observer_); | |
| 523 | |
| 524 // Verify that legacy user policy and token have been loaded. | |
| 525 em::PolicyData expected_policy_data; | |
| 526 expected_policy_data.set_request_token(kLegacyToken); | |
| 527 expected_policy_data.set_device_id(kLegacyDeviceId); | |
| 528 ASSERT_TRUE(store_->policy()); | |
| 529 EXPECT_EQ(expected_policy_data.SerializeAsString(), | |
| 530 store_->policy()->SerializeAsString()); | |
| 531 EXPECT_TRUE(store_->policy_map().empty()); | |
| 532 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
| 533 } | |
| 534 | |
| 535 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { | |
| 536 // Start without an existing public key. | |
| 537 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | |
| 538 | |
| 539 std::string data; | |
| 540 em::CachedCloudPolicyResponse cached_policy; | |
| 541 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | |
| 542 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | |
| 543 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | |
| 544 | |
| 545 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | |
| 546 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | |
| 547 Mock::VerifyAndClearExpectations(&observer_); | |
| 548 | |
| 549 // Verify the legacy cache has been loaded. | |
| 550 em::PolicyData expected_policy_data; | |
| 551 EXPECT_TRUE(expected_policy_data.ParseFromString( | |
| 552 cached_policy.cloud_policy().policy_data())); | |
| 553 expected_policy_data.clear_public_key_version(); | |
| 554 ASSERT_TRUE(store_->policy()); | |
| 555 EXPECT_EQ(expected_policy_data.SerializeAsString(), | |
| 556 store_->policy()->SerializeAsString()); | |
| 557 VerifyPolicyMap(kDefaultHomepage); | |
| 558 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | |
| 559 EXPECT_TRUE(base::PathExists(policy_file())); | |
| 560 | |
| 561 // Now store a new policy using the new homepage location. | |
| 562 const char kNewHomepage[] = "http://google.com"; | |
| 563 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage); | |
| 564 policy_.SetDefaultNewSigningKey(); | |
| 565 policy_.Build(); | |
| 566 std::vector<uint8_t> new_public_key; | |
| 567 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | |
| 568 ASSERT_NO_FATAL_FAILURE( | |
| 569 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage)); | |
| 570 VerifyPolicyMap(kNewHomepage); | |
| 571 | |
| 572 // Verify that the legacy cache has been removed. | |
| 573 EXPECT_FALSE(base::PathExists(policy_file())); | |
| 574 } | |
| 575 | |
| 576 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { | 444 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { |
| 577 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 445 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 578 EXPECT_CALL(session_manager_client_, | 446 EXPECT_CALL(session_manager_client_, |
| 579 BlockingRetrievePolicyForUser(cryptohome_id_)) | 447 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 580 .WillOnce(Return(policy_.GetBlob())); | 448 .WillOnce(Return(policy_.GetBlob())); |
| 581 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 449 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 582 .WillOnce(Return(kSanitizedUsername)); | 450 .WillOnce(Return(kSanitizedUsername)); |
| 583 | 451 |
| 584 EXPECT_FALSE(store_->policy()); | 452 EXPECT_FALSE(store_->policy()); |
| 585 store_->LoadImmediately(); | 453 store_->LoadImmediately(); |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 664 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 532 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 665 | 533 |
| 666 EXPECT_FALSE(store_->policy()); | 534 EXPECT_FALSE(store_->policy()); |
| 667 EXPECT_TRUE(store_->policy_map().empty()); | 535 EXPECT_TRUE(store_->policy_map().empty()); |
| 668 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 536 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 669 } | 537 } |
| 670 | 538 |
| 671 } // namespace | 539 } // namespace |
| 672 | 540 |
| 673 } // namespace policy | 541 } // namespace policy |
| OLD | NEW |