| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> |
| 10 #include <vector> | 11 #include <vector> |
| 11 | 12 |
| 12 #include "base/bind.h" | 13 #include "base/bind.h" |
| 13 #include "base/files/file_util.h" | 14 #include "base/files/file_util.h" |
| 14 #include "base/files/scoped_temp_dir.h" | 15 #include "base/files/scoped_temp_dir.h" |
| 15 #include "base/location.h" | 16 #include "base/location.h" |
| 16 #include "base/macros.h" | 17 #include "base/macros.h" |
| 17 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 18 #include "base/message_loop/message_loop.h" | 19 #include "base/message_loop/message_loop.h" |
| 19 #include "base/run_loop.h" | 20 #include "base/run_loop.h" |
| 20 #include "base/single_thread_task_runner.h" | 21 #include "base/single_thread_task_runner.h" |
| 21 #include "base/threading/sequenced_worker_pool.h" | 22 #include "base/threading/sequenced_worker_pool.h" |
| 22 #include "base/threading/thread_task_runner_handle.h" | 23 #include "base/threading/thread_task_runner_handle.h" |
| 23 #include "chromeos/dbus/mock_cryptohome_client.h" | 24 #include "chromeos/dbus/mock_cryptohome_client.h" |
| 24 #include "chromeos/dbus/mock_session_manager_client.h" | 25 #include "chromeos/dbus/mock_session_manager_client.h" |
| 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 26 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 26 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" | 27 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" |
| 27 #include "components/policy/core/common/cloud/policy_builder.h" | 28 #include "components/policy/core/common/cloud/policy_builder.h" |
| 28 #include "components/policy/core/common/policy_types.h" | 29 #include "components/policy/core/common/policy_types.h" |
| 29 #include "components/policy/policy_constants.h" | 30 #include "components/policy/policy_constants.h" |
| 30 #include "components/policy/proto/cloud_policy.pb.h" | 31 #include "components/policy/proto/cloud_policy.pb.h" |
| 31 #include "components/policy/proto/device_management_local.pb.h" | 32 #include "components/policy/proto/device_management_local.pb.h" |
| 33 #include "crypto/rsa_private_key.h" |
| 32 #include "testing/gmock/include/gmock/gmock.h" | 34 #include "testing/gmock/include/gmock/gmock.h" |
| 33 #include "testing/gtest/include/gtest/gtest.h" | 35 #include "testing/gtest/include/gtest/gtest.h" |
| 34 | 36 |
| 35 namespace em = enterprise_management; | 37 namespace em = enterprise_management; |
| 36 | 38 |
| 37 using testing::AllOf; | 39 using testing::AllOf; |
| 38 using testing::AnyNumber; | 40 using testing::AnyNumber; |
| 39 using testing::Eq; | 41 using testing::Eq; |
| 40 using testing::Mock; | 42 using testing::Mock; |
| 41 using testing::Property; | 43 using testing::Property; |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 VerifyPolicyMap(new_value); | 194 VerifyPolicyMap(new_value); |
| 193 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 195 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 194 } | 196 } |
| 195 | 197 |
| 196 void VerifyStoreHasValidationError() { | 198 void VerifyStoreHasValidationError() { |
| 197 EXPECT_FALSE(store_->policy()); | 199 EXPECT_FALSE(store_->policy()); |
| 198 EXPECT_TRUE(store_->policy_map().empty()); | 200 EXPECT_TRUE(store_->policy_map().empty()); |
| 199 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 201 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 200 } | 202 } |
| 201 | 203 |
| 204 static std::string ConvertPublicKeyToString( |
| 205 const std::vector<uint8_t>& public_key) { |
| 206 return std::string(reinterpret_cast<const char*>(public_key.data()), |
| 207 public_key.size()); |
| 208 } |
| 209 |
| 210 std::string GetPolicyPublicKeyAsString() { |
| 211 std::vector<uint8_t> public_key; |
| 212 EXPECT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); |
| 213 return ConvertPublicKeyToString(public_key); |
| 214 } |
| 215 |
| 216 std::string GetPolicyNewPublicKeyAsString() { |
| 217 std::vector<uint8_t> new_public_key; |
| 218 EXPECT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 219 return ConvertPublicKeyToString(new_public_key); |
| 220 } |
| 221 |
| 202 base::FilePath user_policy_dir() { | 222 base::FilePath user_policy_dir() { |
| 203 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); | 223 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); |
| 204 } | 224 } |
| 205 | 225 |
| 206 base::FilePath user_policy_key_file() { | 226 base::FilePath user_policy_key_file() { |
| 207 return user_policy_dir().AppendASCII(kSanitizedUsername) | 227 return user_policy_dir().AppendASCII(kSanitizedUsername) |
| 208 .AppendASCII("policy.pub"); | 228 .AppendASCII("policy.pub"); |
| 209 } | 229 } |
| 210 | 230 |
| 211 base::FilePath token_file() { | 231 base::FilePath token_file() { |
| (...skipping 24 matching lines...) Expand all Loading... |
| 236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { | 256 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
| 237 // Start without any public key to trigger the initial key checks. | 257 // Start without any public key to trigger the initial key checks. |
| 238 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 258 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 239 // Make the policy blob contain a new public key. | 259 // Make the policy blob contain a new public key. |
| 240 policy_.SetDefaultNewSigningKey(); | 260 policy_.SetDefaultNewSigningKey(); |
| 241 policy_.Build(); | 261 policy_.Build(); |
| 242 std::vector<uint8_t> new_public_key; | 262 std::vector<uint8_t> new_public_key; |
| 243 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 263 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 244 ASSERT_NO_FATAL_FAILURE( | 264 ASSERT_NO_FATAL_FAILURE( |
| 245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 265 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
| 266 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), store_->public_key()); |
| 246 } | 267 } |
| 247 | 268 |
| 248 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { | 269 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { |
| 249 // Start without any public key to trigger the initial key checks. | 270 // Start without any public key to trigger the initial key checks. |
| 250 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 271 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 251 // Make the policy blob contain a new public key. | 272 // Make the policy blob contain a new public key. |
| 252 policy_.SetDefaultSigningKey(); | 273 policy_.SetDefaultSigningKey(); |
| 253 policy_.Build(); | 274 policy_.Build(); |
| 254 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 275 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 255 "garbage"; | 276 "garbage"; |
| 256 | 277 |
| 257 EXPECT_CALL(session_manager_client_, | 278 EXPECT_CALL(session_manager_client_, |
| 258 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 279 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 259 .Times(0); | 280 .Times(0); |
| 260 store_->Store(policy_.policy()); | 281 store_->Store(policy_.policy()); |
| 261 base::RunLoop().RunUntilIdle(); | 282 base::RunLoop().RunUntilIdle(); |
| 262 Mock::VerifyAndClearExpectations(&session_manager_client_); | 283 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 284 EXPECT_EQ(std::string(), store_->public_key()); |
| 263 } | 285 } |
| 264 | 286 |
| 265 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { | 287 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { |
| 266 // Start without any public key to trigger the initial key checks. | 288 // Start without any public key to trigger the initial key checks. |
| 267 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 289 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 268 // Make the policy blob contain a new public key. | 290 // Make the policy blob contain a new public key. |
| 269 policy_.SetDefaultSigningKey(); | 291 policy_.SetDefaultSigningKey(); |
| 270 policy_.Build(); | 292 policy_.Build(); |
| 271 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 293 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 272 | 294 |
| 273 EXPECT_CALL(session_manager_client_, | 295 EXPECT_CALL(session_manager_client_, |
| 274 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 296 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 275 .Times(0); | 297 .Times(0); |
| 276 store_->Store(policy_.policy()); | 298 store_->Store(policy_.policy()); |
| 277 base::RunLoop().RunUntilIdle(); | 299 base::RunLoop().RunUntilIdle(); |
| 278 Mock::VerifyAndClearExpectations(&session_manager_client_); | 300 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 301 EXPECT_EQ(std::string(), store_->public_key()); |
| 279 } | 302 } |
| 280 | 303 |
| 281 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { | 304 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
| 282 ASSERT_NO_FATAL_FAILURE( | 305 ASSERT_NO_FATAL_FAILURE( |
| 283 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); | 306 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); |
| 307 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 284 } | 308 } |
| 285 | 309 |
| 286 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { | 310 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
| 287 // Make the policy blob contain a new public key. | 311 // Make the policy blob contain a new public key. |
| 288 policy_.SetDefaultNewSigningKey(); | 312 policy_.SetDefaultNewSigningKey(); |
| 289 policy_.Build(); | 313 policy_.Build(); |
| 290 std::vector<uint8_t> new_public_key; | 314 std::vector<uint8_t> new_public_key; |
| 291 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 315 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 292 ASSERT_NO_FATAL_FAILURE( | 316 ASSERT_NO_FATAL_FAILURE( |
| 293 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 317 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); |
| 318 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), store_->public_key()); |
| 294 } | 319 } |
| 295 | 320 |
| 296 TEST_F(UserCloudPolicyStoreChromeOSTest, | 321 TEST_F(UserCloudPolicyStoreChromeOSTest, |
| 297 StoreWithRotationMissingSignatureError) { | 322 StoreWithRotationMissingSignatureError) { |
| 298 // Make the policy blob contain a new public key. | 323 // Make the policy blob contain a new public key. |
| 299 policy_.SetDefaultNewSigningKey(); | 324 policy_.SetDefaultNewSigningKey(); |
| 300 policy_.Build(); | 325 policy_.Build(); |
| 301 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 326 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 302 | 327 |
| 303 EXPECT_CALL(session_manager_client_, | 328 EXPECT_CALL(session_manager_client_, |
| 304 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 329 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 305 .Times(0); | 330 .Times(0); |
| 306 store_->Store(policy_.policy()); | 331 store_->Store(policy_.policy()); |
| 307 base::RunLoop().RunUntilIdle(); | 332 base::RunLoop().RunUntilIdle(); |
| 308 Mock::VerifyAndClearExpectations(&session_manager_client_); | 333 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 334 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 309 } | 335 } |
| 310 | 336 |
| 311 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { | 337 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { |
| 312 // Make the policy blob contain a new public key. | 338 // Make the policy blob contain a new public key. |
| 313 policy_.SetDefaultNewSigningKey(); | 339 policy_.SetDefaultNewSigningKey(); |
| 314 policy_.Build(); | 340 policy_.Build(); |
| 315 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 341 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 316 "garbage"; | 342 "garbage"; |
| 317 | 343 |
| 318 EXPECT_CALL(session_manager_client_, | 344 EXPECT_CALL(session_manager_client_, |
| 319 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 345 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 320 .Times(0); | 346 .Times(0); |
| 321 store_->Store(policy_.policy()); | 347 store_->Store(policy_.policy()); |
| 322 base::RunLoop().RunUntilIdle(); | 348 base::RunLoop().RunUntilIdle(); |
| 323 Mock::VerifyAndClearExpectations(&session_manager_client_); | 349 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 350 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 324 } | 351 } |
| 325 | 352 |
| 326 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 353 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
| 327 // Store policy. | 354 // Store policy. |
| 328 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 355 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 329 EXPECT_CALL(session_manager_client_, | 356 EXPECT_CALL(session_manager_client_, |
| 330 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 357 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 331 .WillOnce(SaveArg<2>(&store_callback)); | 358 .WillOnce(SaveArg<2>(&store_callback)); |
| 332 store_->Store(policy_.policy()); | 359 store_->Store(policy_.policy()); |
| 333 base::RunLoop().RunUntilIdle(); | 360 base::RunLoop().RunUntilIdle(); |
| 334 Mock::VerifyAndClearExpectations(&session_manager_client_); | 361 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 335 ASSERT_FALSE(store_callback.is_null()); | 362 ASSERT_FALSE(store_callback.is_null()); |
| 336 | 363 |
| 337 // Let the store operation complete. | 364 // Let the store operation complete. |
| 338 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 365 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
| 339 store_callback.Run(false); | 366 store_callback.Run(false); |
| 340 base::RunLoop().RunUntilIdle(); | 367 base::RunLoop().RunUntilIdle(); |
| 341 EXPECT_FALSE(store_->policy()); | 368 EXPECT_FALSE(store_->policy()); |
| 342 EXPECT_TRUE(store_->policy_map().empty()); | 369 EXPECT_TRUE(store_->policy_map().empty()); |
| 343 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 370 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
| 371 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 344 } | 372 } |
| 345 | 373 |
| 346 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 374 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
| 347 policy_.policy_data().clear_policy_type(); | 375 policy_.policy_data().clear_policy_type(); |
| 348 policy_.Build(); | 376 policy_.Build(); |
| 349 | 377 |
| 350 // Store policy. | 378 // Store policy. |
| 351 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 379 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 352 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 380 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 353 EXPECT_CALL(session_manager_client_, | 381 EXPECT_CALL(session_manager_client_, |
| 354 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 382 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 355 .Times(0); | 383 .Times(0); |
| 356 store_->Store(policy_.policy()); | 384 store_->Store(policy_.policy()); |
| 357 base::RunLoop().RunUntilIdle(); | 385 base::RunLoop().RunUntilIdle(); |
| 358 Mock::VerifyAndClearExpectations(&session_manager_client_); | 386 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 387 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 359 } | 388 } |
| 360 | 389 |
| 361 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | 390 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { |
| 362 // Make the dbus call to cryptohome fail. | 391 // Make the dbus call to cryptohome fail. |
| 363 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 392 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 364 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) | 393 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 365 .Times(AnyNumber()) | 394 .Times(AnyNumber()) |
| 366 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | 395 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, |
| 367 std::string())); | 396 std::string())); |
| 368 | 397 |
| 369 // Store policy. | 398 // Store policy. |
| 370 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 399 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 371 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 400 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 372 EXPECT_CALL(session_manager_client_, | 401 EXPECT_CALL(session_manager_client_, |
| 373 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 402 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 374 .Times(0); | 403 .Times(0); |
| 375 store_->Store(policy_.policy()); | 404 store_->Store(policy_.policy()); |
| 376 base::RunLoop().RunUntilIdle(); | 405 base::RunLoop().RunUntilIdle(); |
| 377 Mock::VerifyAndClearExpectations(&session_manager_client_); | 406 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 407 EXPECT_EQ(std::string(), store_->public_key()); |
| 378 } | 408 } |
| 379 | 409 |
| 380 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | 410 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { |
| 381 // Break the signature. | 411 // Break the signature. |
| 382 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 412 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 383 | 413 |
| 384 // Store policy. | 414 // Store policy. |
| 385 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 415 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 386 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 416 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 387 EXPECT_CALL(session_manager_client_, | 417 EXPECT_CALL(session_manager_client_, |
| 388 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 418 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 389 .Times(0); | 419 .Times(0); |
| 390 store_->Store(policy_.policy()); | 420 store_->Store(policy_.policy()); |
| 391 base::RunLoop().RunUntilIdle(); | 421 base::RunLoop().RunUntilIdle(); |
| 392 Mock::VerifyAndClearExpectations(&session_manager_client_); | 422 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 423 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 393 } | 424 } |
| 394 | 425 |
| 395 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 426 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
| 396 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 427 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 397 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 428 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 398 Mock::VerifyAndClearExpectations(&observer_); | 429 Mock::VerifyAndClearExpectations(&observer_); |
| 399 | 430 |
| 400 // Verify that the policy has been loaded. | 431 // Verify that the policy has been loaded. |
| 401 ASSERT_TRUE(store_->policy()); | 432 ASSERT_TRUE(store_->policy()); |
| 402 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 433 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 403 store_->policy()->SerializeAsString()); | 434 store_->policy()->SerializeAsString()); |
| 404 VerifyPolicyMap(kDefaultHomepage); | 435 VerifyPolicyMap(kDefaultHomepage); |
| 405 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 436 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 437 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 406 } | 438 } |
| 407 | 439 |
| 408 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 440 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
| 409 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 441 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 410 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 442 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 411 Mock::VerifyAndClearExpectations(&observer_); | 443 Mock::VerifyAndClearExpectations(&observer_); |
| 412 | 444 |
| 413 // Verify no policy has been installed. | 445 // Verify no policy has been installed. |
| 414 EXPECT_FALSE(store_->policy()); | 446 EXPECT_FALSE(store_->policy()); |
| 415 EXPECT_TRUE(store_->policy_map().empty()); | 447 EXPECT_TRUE(store_->policy_map().empty()); |
| 416 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 448 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 449 EXPECT_EQ(std::string(), store_->public_key()); |
| 417 } | 450 } |
| 418 | 451 |
| 419 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { | 452 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { |
| 420 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); | 453 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); |
| 421 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); | 454 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); |
| 422 | 455 |
| 423 // Verify no policy has been installed. | 456 // Verify no policy has been installed. |
| 424 EXPECT_FALSE(store_->policy()); | 457 EXPECT_FALSE(store_->policy()); |
| 425 EXPECT_TRUE(store_->policy_map().empty()); | 458 EXPECT_TRUE(store_->policy_map().empty()); |
| 426 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 459 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 460 EXPECT_EQ(std::string(), store_->public_key()); |
| 427 } | 461 } |
| 428 | 462 |
| 429 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { | 463 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { |
| 430 policy_.policy_data().clear_policy_type(); | 464 policy_.policy_data().clear_policy_type(); |
| 431 policy_.Build(); | 465 policy_.Build(); |
| 432 | 466 |
| 433 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 467 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 434 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 468 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 435 VerifyStoreHasValidationError(); | 469 VerifyStoreHasValidationError(); |
| 470 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 436 } | 471 } |
| 437 | 472 |
| 438 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { | 473 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { |
| 439 // The loaded policy can't be verified without the public key. | 474 // The loaded policy can't be verified without the public key. |
| 440 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 475 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 441 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 476 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 442 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 477 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 443 VerifyStoreHasValidationError(); | 478 VerifyStoreHasValidationError(); |
| 479 EXPECT_EQ(std::string(), store_->public_key()); |
| 444 } | 480 } |
| 445 | 481 |
| 446 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | 482 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { |
| 447 // Break the signature. | 483 // Break the signature. |
| 448 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 484 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 449 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 485 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 450 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 486 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 451 VerifyStoreHasValidationError(); | 487 VerifyStoreHasValidationError(); |
| 488 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 452 } | 489 } |
| 453 | 490 |
| 454 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | 491 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { |
| 455 std::string data; | 492 std::string data; |
| 456 | 493 |
| 457 em::DeviceCredentials credentials; | 494 em::DeviceCredentials credentials; |
| 458 credentials.set_device_token(kLegacyToken); | 495 credentials.set_device_token(kLegacyToken); |
| 459 credentials.set_device_id(kLegacyDeviceId); | 496 credentials.set_device_id(kLegacyDeviceId); |
| 460 ASSERT_TRUE(credentials.SerializeToString(&data)); | 497 ASSERT_TRUE(credentials.SerializeToString(&data)); |
| 461 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | 498 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 589 Mock::VerifyAndClearExpectations(&observer_); | 626 Mock::VerifyAndClearExpectations(&observer_); |
| 590 Mock::VerifyAndClearExpectations(&session_manager_client_); | 627 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 591 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 628 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 592 | 629 |
| 593 // The policy should become available without having to spin any loops. | 630 // The policy should become available without having to spin any loops. |
| 594 ASSERT_TRUE(store_->policy()); | 631 ASSERT_TRUE(store_->policy()); |
| 595 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 632 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 596 store_->policy()->SerializeAsString()); | 633 store_->policy()->SerializeAsString()); |
| 597 VerifyPolicyMap(kDefaultHomepage); | 634 VerifyPolicyMap(kDefaultHomepage); |
| 598 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 635 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 636 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 599 } | 637 } |
| 600 | 638 |
| 601 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { | 639 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { |
| 602 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 640 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 603 EXPECT_CALL(session_manager_client_, | 641 EXPECT_CALL(session_manager_client_, |
| 604 BlockingRetrievePolicyForUser(cryptohome_id_)) | 642 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 605 .WillOnce(Return("")); | 643 .WillOnce(Return("")); |
| 606 | 644 |
| 607 EXPECT_FALSE(store_->policy()); | 645 EXPECT_FALSE(store_->policy()); |
| 608 store_->LoadImmediately(); | 646 store_->LoadImmediately(); |
| 609 Mock::VerifyAndClearExpectations(&observer_); | 647 Mock::VerifyAndClearExpectations(&observer_); |
| 610 Mock::VerifyAndClearExpectations(&session_manager_client_); | 648 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 611 | 649 |
| 612 EXPECT_FALSE(store_->policy()); | 650 EXPECT_FALSE(store_->policy()); |
| 613 EXPECT_TRUE(store_->policy_map().empty()); | 651 EXPECT_TRUE(store_->policy_map().empty()); |
| 614 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 652 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 653 EXPECT_EQ(std::string(), store_->public_key()); |
| 615 } | 654 } |
| 616 | 655 |
| 617 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { | 656 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { |
| 618 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 657 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 619 EXPECT_CALL(session_manager_client_, | 658 EXPECT_CALL(session_manager_client_, |
| 620 BlockingRetrievePolicyForUser(cryptohome_id_)) | 659 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 621 .WillOnce(Return("le blob")); | 660 .WillOnce(Return("le blob")); |
| 622 | 661 |
| 623 EXPECT_FALSE(store_->policy()); | 662 EXPECT_FALSE(store_->policy()); |
| 624 store_->LoadImmediately(); | 663 store_->LoadImmediately(); |
| 625 Mock::VerifyAndClearExpectations(&observer_); | 664 Mock::VerifyAndClearExpectations(&observer_); |
| 626 Mock::VerifyAndClearExpectations(&session_manager_client_); | 665 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 627 | 666 |
| 628 EXPECT_FALSE(store_->policy()); | 667 EXPECT_FALSE(store_->policy()); |
| 629 EXPECT_TRUE(store_->policy_map().empty()); | 668 EXPECT_TRUE(store_->policy_map().empty()); |
| 630 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 669 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 670 EXPECT_EQ(std::string(), store_->public_key()); |
| 631 } | 671 } |
| 632 | 672 |
| 633 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { | 673 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { |
| 634 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 674 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 635 EXPECT_CALL(session_manager_client_, | 675 EXPECT_CALL(session_manager_client_, |
| 636 BlockingRetrievePolicyForUser(cryptohome_id_)) | 676 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 637 .WillOnce(Return(policy_.GetBlob())); | 677 .WillOnce(Return(policy_.GetBlob())); |
| 638 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 678 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 639 .WillOnce(Return("")); | 679 .WillOnce(Return("")); |
| 640 | 680 |
| 641 EXPECT_FALSE(store_->policy()); | 681 EXPECT_FALSE(store_->policy()); |
| 642 store_->LoadImmediately(); | 682 store_->LoadImmediately(); |
| 643 Mock::VerifyAndClearExpectations(&observer_); | 683 Mock::VerifyAndClearExpectations(&observer_); |
| 644 Mock::VerifyAndClearExpectations(&session_manager_client_); | 684 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 645 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 685 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 646 | 686 |
| 647 EXPECT_FALSE(store_->policy()); | 687 EXPECT_FALSE(store_->policy()); |
| 648 EXPECT_TRUE(store_->policy_map().empty()); | 688 EXPECT_TRUE(store_->policy_map().empty()); |
| 649 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); | 689 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); |
| 690 EXPECT_EQ(std::string(), store_->public_key()); |
| 650 } | 691 } |
| 651 | 692 |
| 652 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { | 693 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { |
| 653 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 694 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 654 EXPECT_CALL(session_manager_client_, | 695 EXPECT_CALL(session_manager_client_, |
| 655 BlockingRetrievePolicyForUser(cryptohome_id_)) | 696 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 656 .WillOnce(Return(policy_.GetBlob())); | 697 .WillOnce(Return(policy_.GetBlob())); |
| 657 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 698 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 658 .WillOnce(Return("wrong@example.com")); | 699 .WillOnce(Return("wrong@example.com")); |
| 659 | 700 |
| 660 EXPECT_FALSE(store_->policy()); | 701 EXPECT_FALSE(store_->policy()); |
| 661 store_->LoadImmediately(); | 702 store_->LoadImmediately(); |
| 662 Mock::VerifyAndClearExpectations(&observer_); | 703 Mock::VerifyAndClearExpectations(&observer_); |
| 663 Mock::VerifyAndClearExpectations(&session_manager_client_); | 704 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 664 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 705 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 665 | 706 |
| 666 EXPECT_FALSE(store_->policy()); | 707 EXPECT_FALSE(store_->policy()); |
| 667 EXPECT_TRUE(store_->policy_map().empty()); | 708 EXPECT_TRUE(store_->policy_map().empty()); |
| 668 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 709 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 710 EXPECT_EQ(std::string(), store_->public_key()); |
| 669 } | 711 } |
| 670 | 712 |
| 671 } // namespace | 713 } // namespace |
| 672 | 714 |
| 673 } // namespace policy | 715 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
