| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> |
| 10 #include <vector> | 11 #include <vector> |
| 11 | 12 |
| 12 #include "base/bind.h" | 13 #include "base/bind.h" |
| 13 #include "base/files/file_util.h" | 14 #include "base/files/file_util.h" |
| 14 #include "base/files/scoped_temp_dir.h" | 15 #include "base/files/scoped_temp_dir.h" |
| 15 #include "base/location.h" | 16 #include "base/location.h" |
| 16 #include "base/macros.h" | 17 #include "base/macros.h" |
| 17 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 18 #include "base/message_loop/message_loop.h" | 19 #include "base/message_loop/message_loop.h" |
| 19 #include "base/run_loop.h" | 20 #include "base/run_loop.h" |
| 20 #include "base/single_thread_task_runner.h" | 21 #include "base/single_thread_task_runner.h" |
| 21 #include "base/threading/sequenced_worker_pool.h" | 22 #include "base/threading/sequenced_worker_pool.h" |
| 22 #include "base/threading/thread_task_runner_handle.h" | 23 #include "base/threading/thread_task_runner_handle.h" |
| 23 #include "chromeos/dbus/mock_cryptohome_client.h" | 24 #include "chromeos/dbus/mock_cryptohome_client.h" |
| 24 #include "chromeos/dbus/mock_session_manager_client.h" | 25 #include "chromeos/dbus/mock_session_manager_client.h" |
| 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 26 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 26 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" | 27 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" |
| 27 #include "components/policy/core/common/cloud/policy_builder.h" | 28 #include "components/policy/core/common/cloud/policy_builder.h" |
| 28 #include "components/policy/core/common/policy_types.h" | 29 #include "components/policy/core/common/policy_types.h" |
| 29 #include "components/policy/policy_constants.h" | 30 #include "components/policy/policy_constants.h" |
| 30 #include "components/policy/proto/cloud_policy.pb.h" | 31 #include "components/policy/proto/cloud_policy.pb.h" |
| 31 #include "components/policy/proto/device_management_local.pb.h" | 32 #include "components/policy/proto/device_management_local.pb.h" |
| 33 #include "crypto/rsa_private_key.h" |
| 32 #include "testing/gmock/include/gmock/gmock.h" | 34 #include "testing/gmock/include/gmock/gmock.h" |
| 33 #include "testing/gtest/include/gtest/gtest.h" | 35 #include "testing/gtest/include/gtest/gtest.h" |
| 34 | 36 |
| 35 namespace em = enterprise_management; | 37 namespace em = enterprise_management; |
| 36 | 38 |
| 37 using testing::AllOf; | 39 using testing::AllOf; |
| 38 using testing::AnyNumber; | 40 using testing::AnyNumber; |
| 39 using testing::Eq; | 41 using testing::Eq; |
| 40 using testing::Mock; | 42 using testing::Mock; |
| 41 using testing::Property; | 43 using testing::Property; |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 // Stores the current |policy_| and verifies that it is published. | 139 // Stores the current |policy_| and verifies that it is published. |
| 138 // If |new_public_key| is set then it will be persisted after storing but | 140 // If |new_public_key| is set then it will be persisted after storing but |
| 139 // before loading the policy, so that the signature validation can succeed. | 141 // before loading the policy, so that the signature validation can succeed. |
| 140 // If |previous_value| is set then a previously existing policy with that | 142 // If |previous_value| is set then a previously existing policy with that |
| 141 // value will be expected; otherwise no previous policy is expected. | 143 // value will be expected; otherwise no previous policy is expected. |
| 142 // If |new_value| is set then a new policy with that value is expected after | 144 // If |new_value| is set then a new policy with that value is expected after |
| 143 // storing the |policy_| blob. | 145 // storing the |policy_| blob. |
| 144 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, | 146 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, |
| 145 const char* previous_value, | 147 const char* previous_value, |
| 146 const char* new_value) { | 148 const char* new_value) { |
| 149 const CloudPolicyStore::Status initial_status = store_->status(); |
| 150 |
| 147 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 151 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 148 EXPECT_CALL(session_manager_client_, | 152 EXPECT_CALL(session_manager_client_, |
| 149 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 153 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 150 .WillOnce(SaveArg<2>(&store_callback)); | 154 .WillOnce(SaveArg<2>(&store_callback)); |
| 151 store_->Store(policy_.policy()); | 155 store_->Store(policy_.policy()); |
| 152 base::RunLoop().RunUntilIdle(); | 156 base::RunLoop().RunUntilIdle(); |
| 153 Mock::VerifyAndClearExpectations(&session_manager_client_); | 157 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 154 ASSERT_FALSE(store_callback.is_null()); | 158 ASSERT_FALSE(store_callback.is_null()); |
| 155 | 159 |
| 156 // The new policy shouldn't be present yet. | 160 // The new policy shouldn't be present yet. |
| 157 PolicyMap previous_policy; | 161 PolicyMap previous_policy; |
| 158 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); | 162 EXPECT_EQ(previous_value != nullptr, store_->policy() != nullptr); |
| 159 if (previous_value) { | 163 if (previous_value) { |
| 160 previous_policy.Set(key::kHomepageLocation, POLICY_LEVEL_MANDATORY, | 164 previous_policy.Set(key::kHomepageLocation, POLICY_LEVEL_MANDATORY, |
| 161 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, | 165 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, |
| 162 base::MakeUnique<base::StringValue>(previous_value), | 166 base::MakeUnique<base::StringValue>(previous_value), |
| 163 nullptr); | 167 nullptr); |
| 164 } | 168 } |
| 165 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 169 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 166 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 170 EXPECT_EQ(initial_status, store_->status()); |
| 167 | 171 |
| 168 // Store the new public key so that the validation after the retrieve | 172 // Store the new public key so that the validation after the retrieve |
| 169 // operation completes can verify the signature. | 173 // operation completes can verify the signature. |
| 170 if (new_public_key) | 174 if (new_public_key) |
| 171 StoreUserPolicyKey(*new_public_key); | 175 StoreUserPolicyKey(*new_public_key); |
| 172 | 176 |
| 173 // Let the store operation complete. | 177 // Let the store operation complete. |
| 174 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 178 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
| 175 EXPECT_CALL(session_manager_client_, | 179 EXPECT_CALL(session_manager_client_, |
| 176 RetrievePolicyForUser(cryptohome_id_, _)) | 180 RetrievePolicyForUser(cryptohome_id_, _)) |
| 177 .WillOnce(SaveArg<1>(&retrieve_callback)); | 181 .WillOnce(SaveArg<1>(&retrieve_callback)); |
| 178 store_callback.Run(true); | 182 store_callback.Run(true); |
| 179 base::RunLoop().RunUntilIdle(); | 183 base::RunLoop().RunUntilIdle(); |
| 180 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 184 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 181 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 185 EXPECT_EQ(initial_status, store_->status()); |
| 182 Mock::VerifyAndClearExpectations(&session_manager_client_); | 186 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 183 ASSERT_FALSE(retrieve_callback.is_null()); | 187 ASSERT_FALSE(retrieve_callback.is_null()); |
| 184 | 188 |
| 185 // Finish the retrieve callback. | 189 // Finish the retrieve callback. |
| 186 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 187 retrieve_callback.Run(policy_.GetBlob()); | 191 retrieve_callback.Run(policy_.GetBlob()); |
| 188 base::RunLoop().RunUntilIdle(); | 192 base::RunLoop().RunUntilIdle(); |
| 189 ASSERT_TRUE(store_->policy()); | 193 ASSERT_TRUE(store_->policy()); |
| 190 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 194 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 191 store_->policy()->SerializeAsString()); | 195 store_->policy()->SerializeAsString()); |
| 192 VerifyPolicyMap(new_value); | 196 VerifyPolicyMap(new_value); |
| 193 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 197 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 194 } | 198 } |
| 195 | 199 |
| 196 void VerifyStoreHasValidationError() { | 200 void VerifyStoreHasValidationError() { |
| 197 EXPECT_FALSE(store_->policy()); | 201 EXPECT_FALSE(store_->policy()); |
| 198 EXPECT_TRUE(store_->policy_map().empty()); | 202 EXPECT_TRUE(store_->policy_map().empty()); |
| 199 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 203 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 200 } | 204 } |
| 201 | 205 |
| 206 static std::string ConvertPublicKeyToString( |
| 207 const std::vector<uint8_t>& public_key) { |
| 208 return std::string(reinterpret_cast<const char*>(public_key.data()), |
| 209 public_key.size()); |
| 210 } |
| 211 |
| 212 std::string GetPolicyPublicKeyAsString() { |
| 213 std::vector<uint8_t> public_key; |
| 214 EXPECT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); |
| 215 return ConvertPublicKeyToString(public_key); |
| 216 } |
| 217 |
| 218 std::string GetPolicyNewPublicKeyAsString() { |
| 219 std::vector<uint8_t> new_public_key; |
| 220 EXPECT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 221 return ConvertPublicKeyToString(new_public_key); |
| 222 } |
| 223 |
| 202 base::FilePath user_policy_dir() { | 224 base::FilePath user_policy_dir() { |
| 203 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); | 225 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); |
| 204 } | 226 } |
| 205 | 227 |
| 206 base::FilePath user_policy_key_file() { | 228 base::FilePath user_policy_key_file() { |
| 207 return user_policy_dir().AppendASCII(kSanitizedUsername) | 229 return user_policy_dir().AppendASCII(kSanitizedUsername) |
| 208 .AppendASCII("policy.pub"); | 230 .AppendASCII("policy.pub"); |
| 209 } | 231 } |
| 210 | 232 |
| 233 base::FilePath legacy_cache_dir() { |
| 234 return tmp_dir_.GetPath().AppendASCII("legacy_cache"); |
| 235 } |
| 236 |
| 211 base::FilePath token_file() { | 237 base::FilePath token_file() { |
| 212 return tmp_dir_.GetPath().AppendASCII("token"); | 238 return legacy_cache_dir().AppendASCII("token"); |
| 213 } | 239 } |
| 214 | 240 |
| 215 base::FilePath policy_file() { | 241 base::FilePath policy_file() { |
| 216 return tmp_dir_.GetPath().AppendASCII("policy"); | 242 return legacy_cache_dir().AppendASCII("policy"); |
| 217 } | 243 } |
| 218 | 244 |
| 219 base::MessageLoopForUI loop_; | 245 base::MessageLoopForUI loop_; |
| 220 chromeos::MockCryptohomeClient cryptohome_client_; | 246 chromeos::MockCryptohomeClient cryptohome_client_; |
| 221 chromeos::MockSessionManagerClient session_manager_client_; | 247 chromeos::MockSessionManagerClient session_manager_client_; |
| 222 UserPolicyBuilder policy_; | 248 UserPolicyBuilder policy_; |
| 223 MockCloudPolicyStoreObserver observer_; | 249 MockCloudPolicyStoreObserver observer_; |
| 224 std::unique_ptr<UserCloudPolicyStoreChromeOS> store_; | 250 std::unique_ptr<UserCloudPolicyStoreChromeOS> store_; |
| 225 const AccountId account_id_ = | 251 const AccountId account_id_ = |
| 226 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); | 252 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); |
| 227 const cryptohome::Identification cryptohome_id_ = | 253 const cryptohome::Identification cryptohome_id_ = |
| 228 cryptohome::Identification(account_id_); | 254 cryptohome::Identification(account_id_); |
| 229 | 255 |
| 230 private: | 256 private: |
| 231 base::ScopedTempDir tmp_dir_; | 257 base::ScopedTempDir tmp_dir_; |
| 232 | 258 |
| 233 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); | 259 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); |
| 234 }; | 260 }; |
| 235 | 261 |
| 236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { | 262 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
| 237 // Start without any public key to trigger the initial key checks. | 263 // Start without any public key to trigger the initial key checks. |
| 238 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 264 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 239 // Make the policy blob contain a new public key. | 265 // Make the policy blob contain a new public key. |
| 240 policy_.SetDefaultNewSigningKey(); | 266 policy_.SetDefaultNewSigningKey(); |
| 241 policy_.Build(); | 267 policy_.Build(); |
| 242 std::vector<uint8_t> new_public_key; | 268 std::vector<uint8_t> new_public_key; |
| 243 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 269 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 244 ASSERT_NO_FATAL_FAILURE( | 270 ASSERT_NO_FATAL_FAILURE( |
| 245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 271 PerformStorePolicy(&new_public_key, nullptr, kDefaultHomepage)); |
| 272 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), store_->public_key()); |
| 246 } | 273 } |
| 247 | 274 |
| 248 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { | 275 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { |
| 249 // Start without any public key to trigger the initial key checks. | 276 // Start without any public key to trigger the initial key checks. |
| 250 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 277 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 251 // Make the policy blob contain a new public key. | 278 // Make the policy blob contain a new public key. |
| 252 policy_.SetDefaultSigningKey(); | 279 policy_.SetDefaultSigningKey(); |
| 253 policy_.Build(); | 280 policy_.Build(); |
| 254 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 281 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 255 "garbage"; | 282 "garbage"; |
| 256 | 283 |
| 257 EXPECT_CALL(session_manager_client_, | 284 EXPECT_CALL(session_manager_client_, |
| 258 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 285 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 259 .Times(0); | 286 .Times(0); |
| 260 store_->Store(policy_.policy()); | 287 store_->Store(policy_.policy()); |
| 261 base::RunLoop().RunUntilIdle(); | 288 base::RunLoop().RunUntilIdle(); |
| 262 Mock::VerifyAndClearExpectations(&session_manager_client_); | 289 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 290 EXPECT_EQ(std::string(), store_->public_key()); |
| 263 } | 291 } |
| 264 | 292 |
| 265 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { | 293 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { |
| 266 // Start without any public key to trigger the initial key checks. | 294 // Start without any public key to trigger the initial key checks. |
| 267 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 295 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 268 // Make the policy blob contain a new public key. | 296 // Make the policy blob contain a new public key. |
| 269 policy_.SetDefaultSigningKey(); | 297 policy_.SetDefaultSigningKey(); |
| 270 policy_.Build(); | 298 policy_.Build(); |
| 271 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 299 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 272 | 300 |
| 273 EXPECT_CALL(session_manager_client_, | 301 EXPECT_CALL(session_manager_client_, |
| 274 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 302 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 275 .Times(0); | 303 .Times(0); |
| 276 store_->Store(policy_.policy()); | 304 store_->Store(policy_.policy()); |
| 277 base::RunLoop().RunUntilIdle(); | 305 base::RunLoop().RunUntilIdle(); |
| 278 Mock::VerifyAndClearExpectations(&session_manager_client_); | 306 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 307 EXPECT_EQ(std::string(), store_->public_key()); |
| 279 } | 308 } |
| 280 | 309 |
| 281 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { | 310 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
| 282 ASSERT_NO_FATAL_FAILURE( | 311 ASSERT_NO_FATAL_FAILURE( |
| 283 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); | 312 PerformStorePolicy(nullptr, nullptr, kDefaultHomepage)); |
| 313 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 284 } | 314 } |
| 285 | 315 |
| 286 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { | 316 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
| 287 // Make the policy blob contain a new public key. | 317 // Make the policy blob contain a new public key. |
| 288 policy_.SetDefaultNewSigningKey(); | 318 policy_.SetDefaultNewSigningKey(); |
| 289 policy_.Build(); | 319 policy_.Build(); |
| 290 std::vector<uint8_t> new_public_key; | 320 std::vector<uint8_t> new_public_key; |
| 291 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 321 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 292 ASSERT_NO_FATAL_FAILURE( | 322 ASSERT_NO_FATAL_FAILURE( |
| 293 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 323 PerformStorePolicy(&new_public_key, nullptr, kDefaultHomepage)); |
| 324 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), store_->public_key()); |
| 294 } | 325 } |
| 295 | 326 |
| 296 TEST_F(UserCloudPolicyStoreChromeOSTest, | 327 TEST_F(UserCloudPolicyStoreChromeOSTest, |
| 297 StoreWithRotationMissingSignatureError) { | 328 StoreWithRotationMissingSignatureError) { |
| 298 // Make the policy blob contain a new public key. | 329 // Make the policy blob contain a new public key. |
| 299 policy_.SetDefaultNewSigningKey(); | 330 policy_.SetDefaultNewSigningKey(); |
| 300 policy_.Build(); | 331 policy_.Build(); |
| 301 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 332 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 302 | 333 |
| 303 EXPECT_CALL(session_manager_client_, | 334 EXPECT_CALL(session_manager_client_, |
| 304 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 335 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 305 .Times(0); | 336 .Times(0); |
| 306 store_->Store(policy_.policy()); | 337 store_->Store(policy_.policy()); |
| 307 base::RunLoop().RunUntilIdle(); | 338 base::RunLoop().RunUntilIdle(); |
| 308 Mock::VerifyAndClearExpectations(&session_manager_client_); | 339 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 340 EXPECT_EQ(std::string(), store_->public_key()); |
| 309 } | 341 } |
| 310 | 342 |
| 311 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { | 343 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { |
| 312 // Make the policy blob contain a new public key. | 344 // Make the policy blob contain a new public key. |
| 313 policy_.SetDefaultNewSigningKey(); | 345 policy_.SetDefaultNewSigningKey(); |
| 314 policy_.Build(); | 346 policy_.Build(); |
| 315 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 347 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 316 "garbage"; | 348 "garbage"; |
| 317 | 349 |
| 318 EXPECT_CALL(session_manager_client_, | 350 EXPECT_CALL(session_manager_client_, |
| 319 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 351 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 320 .Times(0); | 352 .Times(0); |
| 321 store_->Store(policy_.policy()); | 353 store_->Store(policy_.policy()); |
| 322 base::RunLoop().RunUntilIdle(); | 354 base::RunLoop().RunUntilIdle(); |
| 323 Mock::VerifyAndClearExpectations(&session_manager_client_); | 355 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 356 EXPECT_EQ(std::string(), store_->public_key()); |
| 324 } | 357 } |
| 325 | 358 |
| 326 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 359 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
| 327 // Store policy. | 360 // Store policy. |
| 328 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 361 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 329 EXPECT_CALL(session_manager_client_, | 362 EXPECT_CALL(session_manager_client_, |
| 330 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 363 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 331 .WillOnce(SaveArg<2>(&store_callback)); | 364 .WillOnce(SaveArg<2>(&store_callback)); |
| 332 store_->Store(policy_.policy()); | 365 store_->Store(policy_.policy()); |
| 333 base::RunLoop().RunUntilIdle(); | 366 base::RunLoop().RunUntilIdle(); |
| 334 Mock::VerifyAndClearExpectations(&session_manager_client_); | 367 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 335 ASSERT_FALSE(store_callback.is_null()); | 368 ASSERT_FALSE(store_callback.is_null()); |
| 336 | 369 |
| 337 // Let the store operation complete. | 370 // Let the store operation complete. |
| 338 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 371 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
| 339 store_callback.Run(false); | 372 store_callback.Run(false); |
| 340 base::RunLoop().RunUntilIdle(); | 373 base::RunLoop().RunUntilIdle(); |
| 341 EXPECT_FALSE(store_->policy()); | 374 EXPECT_FALSE(store_->policy()); |
| 342 EXPECT_TRUE(store_->policy_map().empty()); | 375 EXPECT_TRUE(store_->policy_map().empty()); |
| 343 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 376 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
| 377 EXPECT_EQ(std::string(), store_->public_key()); |
| 344 } | 378 } |
| 345 | 379 |
| 346 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 380 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
| 347 policy_.policy_data().clear_policy_type(); | 381 policy_.policy_data().clear_policy_type(); |
| 348 policy_.Build(); | 382 policy_.Build(); |
| 349 | 383 |
| 350 // Store policy. | 384 // Store policy. |
| 351 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 385 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 352 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 386 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 353 EXPECT_CALL(session_manager_client_, | 387 EXPECT_CALL(session_manager_client_, |
| 354 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 388 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 355 .Times(0); | 389 .Times(0); |
| 356 store_->Store(policy_.policy()); | 390 store_->Store(policy_.policy()); |
| 357 base::RunLoop().RunUntilIdle(); | 391 base::RunLoop().RunUntilIdle(); |
| 358 Mock::VerifyAndClearExpectations(&session_manager_client_); | 392 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 393 EXPECT_EQ(std::string(), store_->public_key()); |
| 359 } | 394 } |
| 360 | 395 |
| 361 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | 396 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { |
| 362 // Make the dbus call to cryptohome fail. | 397 // Make the dbus call to cryptohome fail. |
| 363 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 398 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 364 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) | 399 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 365 .Times(AnyNumber()) | 400 .Times(AnyNumber()) |
| 366 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | 401 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, |
| 367 std::string())); | 402 std::string())); |
| 368 | 403 |
| 369 // Store policy. | 404 // Store policy. |
| 370 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 405 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 371 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 406 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 372 EXPECT_CALL(session_manager_client_, | 407 EXPECT_CALL(session_manager_client_, |
| 373 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 408 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 374 .Times(0); | 409 .Times(0); |
| 375 store_->Store(policy_.policy()); | 410 store_->Store(policy_.policy()); |
| 376 base::RunLoop().RunUntilIdle(); | 411 base::RunLoop().RunUntilIdle(); |
| 377 Mock::VerifyAndClearExpectations(&session_manager_client_); | 412 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 413 EXPECT_EQ(std::string(), store_->public_key()); |
| 378 } | 414 } |
| 379 | 415 |
| 380 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | 416 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { |
| 381 // Break the signature. | 417 // Break the signature. |
| 382 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 418 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 383 | 419 |
| 384 // Store policy. | 420 // Store policy. |
| 385 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 421 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 386 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 422 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 387 EXPECT_CALL(session_manager_client_, | 423 EXPECT_CALL(session_manager_client_, |
| 388 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 424 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 389 .Times(0); | 425 .Times(0); |
| 390 store_->Store(policy_.policy()); | 426 store_->Store(policy_.policy()); |
| 391 base::RunLoop().RunUntilIdle(); | 427 base::RunLoop().RunUntilIdle(); |
| 392 Mock::VerifyAndClearExpectations(&session_manager_client_); | 428 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 429 EXPECT_EQ(std::string(), store_->public_key()); |
| 430 } |
| 431 |
| 432 TEST_F(UserCloudPolicyStoreChromeOSTest, MultipleStoresWithRotation) { |
| 433 // Store initial policy signed with the initial public key. |
| 434 ASSERT_NO_FATAL_FAILURE( |
| 435 PerformStorePolicy(nullptr, nullptr, kDefaultHomepage)); |
| 436 const std::string initial_public_key = GetPolicyPublicKeyAsString(); |
| 437 EXPECT_EQ(initial_public_key, store_->public_key()); |
| 438 |
| 439 // Try storing an invalid policy signed with the new public key. |
| 440 policy_.SetDefaultNewSigningKey(); |
| 441 policy_.policy_data().clear_policy_type(); |
| 442 policy_.Build(); |
| 443 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 444 store_->Store(policy_.policy()); |
| 445 base::RunLoop().RunUntilIdle(); |
| 446 // Still the initial public key is exposed. |
| 447 EXPECT_EQ(initial_public_key, store_->public_key()); |
| 448 |
| 449 // Store the correct policy signed with the new public key. |
| 450 policy_.policy_data().set_policy_type(dm_protocol::kChromeUserPolicyType); |
| 451 policy_.Build(); |
| 452 std::vector<uint8_t> new_public_key; |
| 453 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 454 ASSERT_NO_FATAL_FAILURE( |
| 455 PerformStorePolicy(&new_public_key, kDefaultHomepage, kDefaultHomepage)); |
| 456 EXPECT_EQ(GetPolicyNewPublicKeyAsString(), store_->public_key()); |
| 393 } | 457 } |
| 394 | 458 |
| 395 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 459 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
| 396 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 460 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 397 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 461 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 398 Mock::VerifyAndClearExpectations(&observer_); | 462 Mock::VerifyAndClearExpectations(&observer_); |
| 399 | 463 |
| 400 // Verify that the policy has been loaded. | 464 // Verify that the policy has been loaded. |
| 401 ASSERT_TRUE(store_->policy()); | 465 ASSERT_TRUE(store_->policy()); |
| 402 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 466 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 403 store_->policy()->SerializeAsString()); | 467 store_->policy()->SerializeAsString()); |
| 404 VerifyPolicyMap(kDefaultHomepage); | 468 VerifyPolicyMap(kDefaultHomepage); |
| 405 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 469 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 470 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 406 } | 471 } |
| 407 | 472 |
| 408 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 473 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
| 409 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 474 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 410 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 475 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 411 Mock::VerifyAndClearExpectations(&observer_); | 476 Mock::VerifyAndClearExpectations(&observer_); |
| 412 | 477 |
| 413 // Verify no policy has been installed. | 478 // Verify no policy has been installed. |
| 414 EXPECT_FALSE(store_->policy()); | 479 EXPECT_FALSE(store_->policy()); |
| 415 EXPECT_TRUE(store_->policy_map().empty()); | 480 EXPECT_TRUE(store_->policy_map().empty()); |
| 416 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 481 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 482 EXPECT_EQ(std::string(), store_->public_key()); |
| 417 } | 483 } |
| 418 | 484 |
| 419 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { | 485 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { |
| 420 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); | 486 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); |
| 421 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); | 487 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); |
| 422 | 488 |
| 423 // Verify no policy has been installed. | 489 // Verify no policy has been installed. |
| 424 EXPECT_FALSE(store_->policy()); | 490 EXPECT_FALSE(store_->policy()); |
| 425 EXPECT_TRUE(store_->policy_map().empty()); | 491 EXPECT_TRUE(store_->policy_map().empty()); |
| 426 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 492 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 493 EXPECT_EQ(std::string(), store_->public_key()); |
| 427 } | 494 } |
| 428 | 495 |
| 429 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { | 496 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { |
| 430 policy_.policy_data().clear_policy_type(); | 497 policy_.policy_data().clear_policy_type(); |
| 431 policy_.Build(); | 498 policy_.Build(); |
| 432 | 499 |
| 433 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 500 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 434 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 501 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 435 VerifyStoreHasValidationError(); | 502 VerifyStoreHasValidationError(); |
| 503 EXPECT_EQ(std::string(), store_->public_key()); |
| 436 } | 504 } |
| 437 | 505 |
| 438 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { | 506 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { |
| 439 // The loaded policy can't be verified without the public key. | 507 // The loaded policy can't be verified without the public key. |
| 440 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 508 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 441 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 509 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 442 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 510 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 443 VerifyStoreHasValidationError(); | 511 VerifyStoreHasValidationError(); |
| 512 EXPECT_EQ(std::string(), store_->public_key()); |
| 444 } | 513 } |
| 445 | 514 |
| 446 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | 515 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { |
| 447 // Break the signature. | 516 // Break the signature. |
| 448 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 517 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 449 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 518 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 450 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 519 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 451 VerifyStoreHasValidationError(); | 520 VerifyStoreHasValidationError(); |
| 521 EXPECT_EQ(std::string(), store_->public_key()); |
| 452 } | 522 } |
| 453 | 523 |
| 454 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | 524 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { |
| 455 std::string data; | 525 std::string data; |
| 456 | 526 |
| 527 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 528 |
| 457 em::DeviceCredentials credentials; | 529 em::DeviceCredentials credentials; |
| 458 credentials.set_device_token(kLegacyToken); | 530 credentials.set_device_token(kLegacyToken); |
| 459 credentials.set_device_id(kLegacyDeviceId); | 531 credentials.set_device_id(kLegacyDeviceId); |
| 460 ASSERT_TRUE(credentials.SerializeToString(&data)); | 532 ASSERT_TRUE(credentials.SerializeToString(&data)); |
| 461 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | 533 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); |
| 462 | 534 |
| 463 em::CachedCloudPolicyResponse cached_policy; | 535 em::CachedCloudPolicyResponse cached_policy; |
| 464 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 536 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 465 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 537 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 466 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | 538 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 480 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 552 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 481 store_->policy()->SerializeAsString()); | 553 store_->policy()->SerializeAsString()); |
| 482 VerifyPolicyMap(kDefaultHomepage); | 554 VerifyPolicyMap(kDefaultHomepage); |
| 483 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 555 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 484 } | 556 } |
| 485 | 557 |
| 486 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { | 558 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { |
| 487 std::string data; | 559 std::string data; |
| 488 testing::Sequence seq; | 560 testing::Sequence seq; |
| 489 | 561 |
| 562 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 563 |
| 490 em::CachedCloudPolicyResponse cached_policy; | 564 em::CachedCloudPolicyResponse cached_policy; |
| 491 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 565 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 492 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 566 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 493 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | 567 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); |
| 494 | 568 |
| 495 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 569 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 496 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 570 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 497 Mock::VerifyAndClearExpectations(&observer_); | 571 Mock::VerifyAndClearExpectations(&observer_); |
| 498 | 572 |
| 499 // Verify the legacy cache has been loaded. | 573 // Verify the legacy cache has been loaded. |
| 500 em::PolicyData expected_policy_data; | 574 em::PolicyData expected_policy_data; |
| 501 EXPECT_TRUE(expected_policy_data.ParseFromString( | 575 EXPECT_TRUE(expected_policy_data.ParseFromString( |
| 502 cached_policy.cloud_policy().policy_data())); | 576 cached_policy.cloud_policy().policy_data())); |
| 503 expected_policy_data.clear_public_key_version(); | 577 expected_policy_data.clear_public_key_version(); |
| 504 ASSERT_TRUE(store_->policy()); | 578 ASSERT_TRUE(store_->policy()); |
| 505 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 579 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 506 store_->policy()->SerializeAsString()); | 580 store_->policy()->SerializeAsString()); |
| 507 VerifyPolicyMap(kDefaultHomepage); | 581 VerifyPolicyMap(kDefaultHomepage); |
| 508 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 582 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 509 } | 583 } |
| 510 | 584 |
| 511 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { | 585 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { |
| 512 std::string data; | 586 std::string data; |
| 513 | 587 |
| 588 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 589 |
| 514 em::DeviceCredentials credentials; | 590 em::DeviceCredentials credentials; |
| 515 credentials.set_device_token(kLegacyToken); | 591 credentials.set_device_token(kLegacyToken); |
| 516 credentials.set_device_id(kLegacyDeviceId); | 592 credentials.set_device_id(kLegacyDeviceId); |
| 517 ASSERT_TRUE(credentials.SerializeToString(&data)); | 593 ASSERT_TRUE(credentials.SerializeToString(&data)); |
| 518 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | 594 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); |
| 519 | 595 |
| 520 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 596 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 521 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 597 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 522 Mock::VerifyAndClearExpectations(&observer_); | 598 Mock::VerifyAndClearExpectations(&observer_); |
| 523 | 599 |
| 524 // Verify that legacy user policy and token have been loaded. | 600 // Verify that legacy user policy and token have been loaded. |
| 525 em::PolicyData expected_policy_data; | 601 em::PolicyData expected_policy_data; |
| 526 expected_policy_data.set_request_token(kLegacyToken); | 602 expected_policy_data.set_request_token(kLegacyToken); |
| 527 expected_policy_data.set_device_id(kLegacyDeviceId); | 603 expected_policy_data.set_device_id(kLegacyDeviceId); |
| 528 ASSERT_TRUE(store_->policy()); | 604 ASSERT_TRUE(store_->policy()); |
| 529 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 605 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 530 store_->policy()->SerializeAsString()); | 606 store_->policy()->SerializeAsString()); |
| 531 EXPECT_TRUE(store_->policy_map().empty()); | 607 EXPECT_TRUE(store_->policy_map().empty()); |
| 532 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 608 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 533 } | 609 } |
| 534 | 610 |
| 535 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { | 611 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { |
| 536 // Start without an existing public key. | 612 // Start without an existing public key. |
| 537 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 613 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 538 | 614 |
| 615 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 616 |
| 539 std::string data; | 617 std::string data; |
| 540 em::CachedCloudPolicyResponse cached_policy; | 618 em::CachedCloudPolicyResponse cached_policy; |
| 541 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 619 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 542 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 620 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 543 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | 621 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); |
| 544 | 622 |
| 545 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 623 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 546 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 624 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 547 Mock::VerifyAndClearExpectations(&observer_); | 625 Mock::VerifyAndClearExpectations(&observer_); |
| 548 | 626 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 589 Mock::VerifyAndClearExpectations(&observer_); | 667 Mock::VerifyAndClearExpectations(&observer_); |
| 590 Mock::VerifyAndClearExpectations(&session_manager_client_); | 668 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 591 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 669 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 592 | 670 |
| 593 // The policy should become available without having to spin any loops. | 671 // The policy should become available without having to spin any loops. |
| 594 ASSERT_TRUE(store_->policy()); | 672 ASSERT_TRUE(store_->policy()); |
| 595 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 673 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 596 store_->policy()->SerializeAsString()); | 674 store_->policy()->SerializeAsString()); |
| 597 VerifyPolicyMap(kDefaultHomepage); | 675 VerifyPolicyMap(kDefaultHomepage); |
| 598 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 676 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 677 EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key()); |
| 599 } | 678 } |
| 600 | 679 |
| 601 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { | 680 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { |
| 602 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 681 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 603 EXPECT_CALL(session_manager_client_, | 682 EXPECT_CALL(session_manager_client_, |
| 604 BlockingRetrievePolicyForUser(cryptohome_id_)) | 683 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 605 .WillOnce(Return("")); | 684 .WillOnce(Return("")); |
| 606 | 685 |
| 607 EXPECT_FALSE(store_->policy()); | 686 EXPECT_FALSE(store_->policy()); |
| 608 store_->LoadImmediately(); | 687 store_->LoadImmediately(); |
| 609 Mock::VerifyAndClearExpectations(&observer_); | 688 Mock::VerifyAndClearExpectations(&observer_); |
| 610 Mock::VerifyAndClearExpectations(&session_manager_client_); | 689 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 611 | 690 |
| 612 EXPECT_FALSE(store_->policy()); | 691 EXPECT_FALSE(store_->policy()); |
| 613 EXPECT_TRUE(store_->policy_map().empty()); | 692 EXPECT_TRUE(store_->policy_map().empty()); |
| 614 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 693 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 694 EXPECT_EQ(std::string(), store_->public_key()); |
| 615 } | 695 } |
| 616 | 696 |
| 617 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { | 697 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { |
| 618 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 698 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 619 EXPECT_CALL(session_manager_client_, | 699 EXPECT_CALL(session_manager_client_, |
| 620 BlockingRetrievePolicyForUser(cryptohome_id_)) | 700 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 621 .WillOnce(Return("le blob")); | 701 .WillOnce(Return("le blob")); |
| 622 | 702 |
| 623 EXPECT_FALSE(store_->policy()); | 703 EXPECT_FALSE(store_->policy()); |
| 624 store_->LoadImmediately(); | 704 store_->LoadImmediately(); |
| 625 Mock::VerifyAndClearExpectations(&observer_); | 705 Mock::VerifyAndClearExpectations(&observer_); |
| 626 Mock::VerifyAndClearExpectations(&session_manager_client_); | 706 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 627 | 707 |
| 628 EXPECT_FALSE(store_->policy()); | 708 EXPECT_FALSE(store_->policy()); |
| 629 EXPECT_TRUE(store_->policy_map().empty()); | 709 EXPECT_TRUE(store_->policy_map().empty()); |
| 630 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 710 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 711 EXPECT_EQ(std::string(), store_->public_key()); |
| 631 } | 712 } |
| 632 | 713 |
| 633 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { | 714 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { |
| 634 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 715 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 635 EXPECT_CALL(session_manager_client_, | 716 EXPECT_CALL(session_manager_client_, |
| 636 BlockingRetrievePolicyForUser(cryptohome_id_)) | 717 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 637 .WillOnce(Return(policy_.GetBlob())); | 718 .WillOnce(Return(policy_.GetBlob())); |
| 638 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 719 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 639 .WillOnce(Return("")); | 720 .WillOnce(Return("")); |
| 640 | 721 |
| 641 EXPECT_FALSE(store_->policy()); | 722 EXPECT_FALSE(store_->policy()); |
| 642 store_->LoadImmediately(); | 723 store_->LoadImmediately(); |
| 643 Mock::VerifyAndClearExpectations(&observer_); | 724 Mock::VerifyAndClearExpectations(&observer_); |
| 644 Mock::VerifyAndClearExpectations(&session_manager_client_); | 725 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 645 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 726 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 646 | 727 |
| 647 EXPECT_FALSE(store_->policy()); | 728 EXPECT_FALSE(store_->policy()); |
| 648 EXPECT_TRUE(store_->policy_map().empty()); | 729 EXPECT_TRUE(store_->policy_map().empty()); |
| 649 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); | 730 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); |
| 731 EXPECT_EQ(std::string(), store_->public_key()); |
| 650 } | 732 } |
| 651 | 733 |
| 652 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { | 734 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { |
| 653 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 735 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 654 EXPECT_CALL(session_manager_client_, | 736 EXPECT_CALL(session_manager_client_, |
| 655 BlockingRetrievePolicyForUser(cryptohome_id_)) | 737 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 656 .WillOnce(Return(policy_.GetBlob())); | 738 .WillOnce(Return(policy_.GetBlob())); |
| 657 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 739 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 658 .WillOnce(Return("wrong@example.com")); | 740 .WillOnce(Return("wrong@example.com")); |
| 659 | 741 |
| 660 EXPECT_FALSE(store_->policy()); | 742 EXPECT_FALSE(store_->policy()); |
| 661 store_->LoadImmediately(); | 743 store_->LoadImmediately(); |
| 662 Mock::VerifyAndClearExpectations(&observer_); | 744 Mock::VerifyAndClearExpectations(&observer_); |
| 663 Mock::VerifyAndClearExpectations(&session_manager_client_); | 745 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 664 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 746 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 665 | 747 |
| 666 EXPECT_FALSE(store_->policy()); | 748 EXPECT_FALSE(store_->policy()); |
| 667 EXPECT_TRUE(store_->policy_map().empty()); | 749 EXPECT_TRUE(store_->policy_map().empty()); |
| 668 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 750 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 751 EXPECT_EQ(std::string(), store_->public_key()); |
| 669 } | 752 } |
| 670 | 753 |
| 671 } // namespace | 754 } // namespace |
| 672 | 755 |
| 673 } // namespace policy | 756 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
