| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> |
| 10 #include <vector> | 11 #include <vector> |
| 11 | 12 |
| 12 #include "base/bind.h" | 13 #include "base/bind.h" |
| 13 #include "base/files/file_util.h" | 14 #include "base/files/file_util.h" |
| 14 #include "base/files/scoped_temp_dir.h" | 15 #include "base/files/scoped_temp_dir.h" |
| 15 #include "base/location.h" | 16 #include "base/location.h" |
| 16 #include "base/macros.h" | 17 #include "base/macros.h" |
| 17 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 18 #include "base/message_loop/message_loop.h" | 19 #include "base/message_loop/message_loop.h" |
| 19 #include "base/run_loop.h" | 20 #include "base/run_loop.h" |
| 20 #include "base/single_thread_task_runner.h" | 21 #include "base/single_thread_task_runner.h" |
| 21 #include "base/threading/sequenced_worker_pool.h" | 22 #include "base/threading/sequenced_worker_pool.h" |
| 22 #include "base/threading/thread_task_runner_handle.h" | 23 #include "base/threading/thread_task_runner_handle.h" |
| 23 #include "chromeos/dbus/mock_cryptohome_client.h" | 24 #include "chromeos/dbus/mock_cryptohome_client.h" |
| 24 #include "chromeos/dbus/mock_session_manager_client.h" | 25 #include "chromeos/dbus/mock_session_manager_client.h" |
| 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 26 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 26 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" | 27 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" |
| 27 #include "components/policy/core/common/cloud/policy_builder.h" | 28 #include "components/policy/core/common/cloud/policy_builder.h" |
| 28 #include "components/policy/core/common/policy_types.h" | 29 #include "components/policy/core/common/policy_types.h" |
| 29 #include "components/policy/policy_constants.h" | 30 #include "components/policy/policy_constants.h" |
| 30 #include "components/policy/proto/cloud_policy.pb.h" | 31 #include "components/policy/proto/cloud_policy.pb.h" |
| 31 #include "components/policy/proto/device_management_local.pb.h" | 32 #include "components/policy/proto/device_management_local.pb.h" |
| 33 #include "crypto/rsa_private_key.h" |
| 32 #include "testing/gmock/include/gmock/gmock.h" | 34 #include "testing/gmock/include/gmock/gmock.h" |
| 33 #include "testing/gtest/include/gtest/gtest.h" | 35 #include "testing/gtest/include/gtest/gtest.h" |
| 34 | 36 |
| 35 namespace em = enterprise_management; | 37 namespace em = enterprise_management; |
| 36 | 38 |
| 37 using testing::AllOf; | 39 using testing::AllOf; |
| 38 using testing::AnyNumber; | 40 using testing::AnyNumber; |
| 39 using testing::Eq; | 41 using testing::Eq; |
| 40 using testing::Mock; | 42 using testing::Mock; |
| 41 using testing::Property; | 43 using testing::Property; |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 // Stores the current |policy_| and verifies that it is published. | 139 // Stores the current |policy_| and verifies that it is published. |
| 138 // If |new_public_key| is set then it will be persisted after storing but | 140 // If |new_public_key| is set then it will be persisted after storing but |
| 139 // before loading the policy, so that the signature validation can succeed. | 141 // before loading the policy, so that the signature validation can succeed. |
| 140 // If |previous_value| is set then a previously existing policy with that | 142 // If |previous_value| is set then a previously existing policy with that |
| 141 // value will be expected; otherwise no previous policy is expected. | 143 // value will be expected; otherwise no previous policy is expected. |
| 142 // If |new_value| is set then a new policy with that value is expected after | 144 // If |new_value| is set then a new policy with that value is expected after |
| 143 // storing the |policy_| blob. | 145 // storing the |policy_| blob. |
| 144 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, | 146 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, |
| 145 const char* previous_value, | 147 const char* previous_value, |
| 146 const char* new_value) { | 148 const char* new_value) { |
| 149 const CloudPolicyStore::Status initial_status = store_->status(); |
| 150 |
| 147 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 151 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 148 EXPECT_CALL(session_manager_client_, | 152 EXPECT_CALL(session_manager_client_, |
| 149 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 153 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 150 .WillOnce(SaveArg<2>(&store_callback)); | 154 .WillOnce(SaveArg<2>(&store_callback)); |
| 151 store_->Store(policy_.policy()); | 155 store_->Store(policy_.policy()); |
| 152 base::RunLoop().RunUntilIdle(); | 156 base::RunLoop().RunUntilIdle(); |
| 153 Mock::VerifyAndClearExpectations(&session_manager_client_); | 157 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 154 ASSERT_FALSE(store_callback.is_null()); | 158 ASSERT_FALSE(store_callback.is_null()); |
| 155 | 159 |
| 156 // The new policy shouldn't be present yet. | 160 // The new policy shouldn't be present yet. |
| 157 PolicyMap previous_policy; | 161 PolicyMap previous_policy; |
| 158 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); | 162 EXPECT_EQ(previous_value != nullptr, store_->policy() != nullptr); |
| 159 if (previous_value) { | 163 if (previous_value) { |
| 160 previous_policy.Set(key::kHomepageLocation, POLICY_LEVEL_MANDATORY, | 164 previous_policy.Set(key::kHomepageLocation, POLICY_LEVEL_MANDATORY, |
| 161 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, | 165 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, |
| 162 base::MakeUnique<base::StringValue>(previous_value), | 166 base::MakeUnique<base::StringValue>(previous_value), |
| 163 nullptr); | 167 nullptr); |
| 164 } | 168 } |
| 165 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 169 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 166 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 170 EXPECT_EQ(initial_status, store_->status()); |
| 167 | 171 |
| 168 // Store the new public key so that the validation after the retrieve | 172 // Store the new public key so that the validation after the retrieve |
| 169 // operation completes can verify the signature. | 173 // operation completes can verify the signature. |
| 170 if (new_public_key) | 174 if (new_public_key) |
| 171 StoreUserPolicyKey(*new_public_key); | 175 StoreUserPolicyKey(*new_public_key); |
| 172 | 176 |
| 173 // Let the store operation complete. | 177 // Let the store operation complete. |
| 174 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 178 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
| 175 EXPECT_CALL(session_manager_client_, | 179 EXPECT_CALL(session_manager_client_, |
| 176 RetrievePolicyForUser(cryptohome_id_, _)) | 180 RetrievePolicyForUser(cryptohome_id_, _)) |
| 177 .WillOnce(SaveArg<1>(&retrieve_callback)); | 181 .WillOnce(SaveArg<1>(&retrieve_callback)); |
| 178 store_callback.Run(true); | 182 store_callback.Run(true); |
| 179 base::RunLoop().RunUntilIdle(); | 183 base::RunLoop().RunUntilIdle(); |
| 180 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 184 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 181 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 185 EXPECT_EQ(initial_status, store_->status()); |
| 182 Mock::VerifyAndClearExpectations(&session_manager_client_); | 186 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 183 ASSERT_FALSE(retrieve_callback.is_null()); | 187 ASSERT_FALSE(retrieve_callback.is_null()); |
| 184 | 188 |
| 185 // Finish the retrieve callback. | 189 // Finish the retrieve callback. |
| 186 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 190 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 187 retrieve_callback.Run(policy_.GetBlob()); | 191 retrieve_callback.Run(policy_.GetBlob()); |
| 188 base::RunLoop().RunUntilIdle(); | 192 base::RunLoop().RunUntilIdle(); |
| 189 ASSERT_TRUE(store_->policy()); | 193 ASSERT_TRUE(store_->policy()); |
| 190 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 194 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 191 store_->policy()->SerializeAsString()); | 195 store_->policy()->SerializeAsString()); |
| 192 VerifyPolicyMap(new_value); | 196 VerifyPolicyMap(new_value); |
| 193 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 197 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 194 } | 198 } |
| 195 | 199 |
| 196 void VerifyStoreHasValidationError() { | 200 void VerifyStoreHasValidationError() { |
| 197 EXPECT_FALSE(store_->policy()); | 201 EXPECT_FALSE(store_->policy()); |
| 198 EXPECT_TRUE(store_->policy_map().empty()); | 202 EXPECT_TRUE(store_->policy_map().empty()); |
| 199 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 203 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 200 } | 204 } |
| 201 | 205 |
| 206 static std::string ConvertPublicKeyToString( |
| 207 const std::vector<uint8_t>& public_key) { |
| 208 return std::string(reinterpret_cast<const char*>(public_key.data()), |
| 209 public_key.size()); |
| 210 } |
| 211 |
| 212 std::string GetPolicyPublicKeyAsString() { |
| 213 std::vector<uint8_t> public_key; |
| 214 EXPECT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); |
| 215 return ConvertPublicKeyToString(public_key); |
| 216 } |
| 217 |
| 218 std::string GetPolicyNewPublicKeyAsString() { |
| 219 std::vector<uint8_t> new_public_key; |
| 220 EXPECT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 221 return ConvertPublicKeyToString(new_public_key); |
| 222 } |
| 223 |
| 202 base::FilePath user_policy_dir() { | 224 base::FilePath user_policy_dir() { |
| 203 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); | 225 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); |
| 204 } | 226 } |
| 205 | 227 |
| 206 base::FilePath user_policy_key_file() { | 228 base::FilePath user_policy_key_file() { |
| 207 return user_policy_dir().AppendASCII(kSanitizedUsername) | 229 return user_policy_dir().AppendASCII(kSanitizedUsername) |
| 208 .AppendASCII("policy.pub"); | 230 .AppendASCII("policy.pub"); |
| 209 } | 231 } |
| 210 | 232 |
| 233 base::FilePath legacy_cache_dir() { |
| 234 return tmp_dir_.GetPath().AppendASCII("legacy_cache"); |
| 235 } |
| 236 |
| 211 base::FilePath token_file() { | 237 base::FilePath token_file() { |
| 212 return tmp_dir_.GetPath().AppendASCII("token"); | 238 return legacy_cache_dir().AppendASCII("token"); |
| 213 } | 239 } |
| 214 | 240 |
| 215 base::FilePath policy_file() { | 241 base::FilePath policy_file() { |
| 216 return tmp_dir_.GetPath().AppendASCII("policy"); | 242 return legacy_cache_dir().AppendASCII("policy"); |
| 217 } | 243 } |
| 218 | 244 |
| 219 base::MessageLoopForUI loop_; | 245 base::MessageLoopForUI loop_; |
| 220 chromeos::MockCryptohomeClient cryptohome_client_; | 246 chromeos::MockCryptohomeClient cryptohome_client_; |
| 221 chromeos::MockSessionManagerClient session_manager_client_; | 247 chromeos::MockSessionManagerClient session_manager_client_; |
| 222 UserPolicyBuilder policy_; | 248 UserPolicyBuilder policy_; |
| 223 MockCloudPolicyStoreObserver observer_; | 249 MockCloudPolicyStoreObserver observer_; |
| 224 std::unique_ptr<UserCloudPolicyStoreChromeOS> store_; | 250 std::unique_ptr<UserCloudPolicyStoreChromeOS> store_; |
| 225 const AccountId account_id_ = | 251 const AccountId account_id_ = |
| 226 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); | 252 AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); |
| 227 const cryptohome::Identification cryptohome_id_ = | 253 const cryptohome::Identification cryptohome_id_ = |
| 228 cryptohome::Identification(account_id_); | 254 cryptohome::Identification(account_id_); |
| 229 | 255 |
| 230 private: | 256 private: |
| 231 base::ScopedTempDir tmp_dir_; | 257 base::ScopedTempDir tmp_dir_; |
| 232 | 258 |
| 233 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); | 259 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); |
| 234 }; | 260 }; |
| 235 | 261 |
| 236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { | 262 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
| 237 // Start without any public key to trigger the initial key checks. | 263 // Start without any public key to trigger the initial key checks. |
| 238 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 264 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 239 // Make the policy blob contain a new public key. | 265 // Make the policy blob contain a new public key. |
| 240 policy_.SetDefaultNewSigningKey(); | 266 policy_.SetDefaultNewSigningKey(); |
| 241 policy_.Build(); | 267 policy_.Build(); |
| 242 std::vector<uint8_t> new_public_key; | 268 std::vector<uint8_t> new_public_key; |
| 243 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 269 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 244 ASSERT_NO_FATAL_FAILURE( | 270 ASSERT_NO_FATAL_FAILURE( |
| 245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 271 PerformStorePolicy(&new_public_key, nullptr, kDefaultHomepage)); |
| 272 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), |
| 273 store_->policy_signature_public_key()); |
| 246 } | 274 } |
| 247 | 275 |
| 248 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { | 276 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { |
| 249 // Start without any public key to trigger the initial key checks. | 277 // Start without any public key to trigger the initial key checks. |
| 250 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 278 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 251 // Make the policy blob contain a new public key. | 279 // Make the policy blob contain a new public key. |
| 252 policy_.SetDefaultSigningKey(); | 280 policy_.SetDefaultSigningKey(); |
| 253 policy_.Build(); | 281 policy_.Build(); |
| 254 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 282 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 255 "garbage"; | 283 "garbage"; |
| 256 | 284 |
| 257 EXPECT_CALL(session_manager_client_, | 285 EXPECT_CALL(session_manager_client_, |
| 258 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 286 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 259 .Times(0); | 287 .Times(0); |
| 260 store_->Store(policy_.policy()); | 288 store_->Store(policy_.policy()); |
| 261 base::RunLoop().RunUntilIdle(); | 289 base::RunLoop().RunUntilIdle(); |
| 262 Mock::VerifyAndClearExpectations(&session_manager_client_); | 290 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 291 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 263 } | 292 } |
| 264 | 293 |
| 265 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { | 294 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { |
| 266 // Start without any public key to trigger the initial key checks. | 295 // Start without any public key to trigger the initial key checks. |
| 267 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 296 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 268 // Make the policy blob contain a new public key. | 297 // Make the policy blob contain a new public key. |
| 269 policy_.SetDefaultSigningKey(); | 298 policy_.SetDefaultSigningKey(); |
| 270 policy_.Build(); | 299 policy_.Build(); |
| 271 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 300 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 272 | 301 |
| 273 EXPECT_CALL(session_manager_client_, | 302 EXPECT_CALL(session_manager_client_, |
| 274 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 303 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 275 .Times(0); | 304 .Times(0); |
| 276 store_->Store(policy_.policy()); | 305 store_->Store(policy_.policy()); |
| 277 base::RunLoop().RunUntilIdle(); | 306 base::RunLoop().RunUntilIdle(); |
| 278 Mock::VerifyAndClearExpectations(&session_manager_client_); | 307 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 308 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 279 } | 309 } |
| 280 | 310 |
| 281 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { | 311 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
| 282 ASSERT_NO_FATAL_FAILURE( | 312 ASSERT_NO_FATAL_FAILURE( |
| 283 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); | 313 PerformStorePolicy(nullptr, nullptr, kDefaultHomepage)); |
| 314 EXPECT_EQ(GetPolicyPublicKeyAsString(), |
| 315 store_->policy_signature_public_key()); |
| 284 } | 316 } |
| 285 | 317 |
| 286 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { | 318 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
| 287 // Make the policy blob contain a new public key. | 319 // Make the policy blob contain a new public key. |
| 288 policy_.SetDefaultNewSigningKey(); | 320 policy_.SetDefaultNewSigningKey(); |
| 289 policy_.Build(); | 321 policy_.Build(); |
| 290 std::vector<uint8_t> new_public_key; | 322 std::vector<uint8_t> new_public_key; |
| 291 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 323 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 292 ASSERT_NO_FATAL_FAILURE( | 324 ASSERT_NO_FATAL_FAILURE( |
| 293 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 325 PerformStorePolicy(&new_public_key, nullptr, kDefaultHomepage)); |
| 326 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), |
| 327 store_->policy_signature_public_key()); |
| 294 } | 328 } |
| 295 | 329 |
| 296 TEST_F(UserCloudPolicyStoreChromeOSTest, | 330 TEST_F(UserCloudPolicyStoreChromeOSTest, |
| 297 StoreWithRotationMissingSignatureError) { | 331 StoreWithRotationMissingSignatureError) { |
| 298 // Make the policy blob contain a new public key. | 332 // Make the policy blob contain a new public key. |
| 299 policy_.SetDefaultNewSigningKey(); | 333 policy_.SetDefaultNewSigningKey(); |
| 300 policy_.Build(); | 334 policy_.Build(); |
| 301 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 335 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 302 | 336 |
| 303 EXPECT_CALL(session_manager_client_, | 337 EXPECT_CALL(session_manager_client_, |
| 304 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 338 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 305 .Times(0); | 339 .Times(0); |
| 306 store_->Store(policy_.policy()); | 340 store_->Store(policy_.policy()); |
| 307 base::RunLoop().RunUntilIdle(); | 341 base::RunLoop().RunUntilIdle(); |
| 308 Mock::VerifyAndClearExpectations(&session_manager_client_); | 342 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 343 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 309 } | 344 } |
| 310 | 345 |
| 311 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { | 346 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { |
| 312 // Make the policy blob contain a new public key. | 347 // Make the policy blob contain a new public key. |
| 313 policy_.SetDefaultNewSigningKey(); | 348 policy_.SetDefaultNewSigningKey(); |
| 314 policy_.Build(); | 349 policy_.Build(); |
| 315 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 350 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 316 "garbage"; | 351 "garbage"; |
| 317 | 352 |
| 318 EXPECT_CALL(session_manager_client_, | 353 EXPECT_CALL(session_manager_client_, |
| 319 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 354 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 320 .Times(0); | 355 .Times(0); |
| 321 store_->Store(policy_.policy()); | 356 store_->Store(policy_.policy()); |
| 322 base::RunLoop().RunUntilIdle(); | 357 base::RunLoop().RunUntilIdle(); |
| 323 Mock::VerifyAndClearExpectations(&session_manager_client_); | 358 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 359 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 324 } | 360 } |
| 325 | 361 |
| 326 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 362 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
| 327 // Store policy. | 363 // Store policy. |
| 328 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 364 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 329 EXPECT_CALL(session_manager_client_, | 365 EXPECT_CALL(session_manager_client_, |
| 330 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 366 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 331 .WillOnce(SaveArg<2>(&store_callback)); | 367 .WillOnce(SaveArg<2>(&store_callback)); |
| 332 store_->Store(policy_.policy()); | 368 store_->Store(policy_.policy()); |
| 333 base::RunLoop().RunUntilIdle(); | 369 base::RunLoop().RunUntilIdle(); |
| 334 Mock::VerifyAndClearExpectations(&session_manager_client_); | 370 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 335 ASSERT_FALSE(store_callback.is_null()); | 371 ASSERT_FALSE(store_callback.is_null()); |
| 336 | 372 |
| 337 // Let the store operation complete. | 373 // Let the store operation complete. |
| 338 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 374 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
| 339 store_callback.Run(false); | 375 store_callback.Run(false); |
| 340 base::RunLoop().RunUntilIdle(); | 376 base::RunLoop().RunUntilIdle(); |
| 341 EXPECT_FALSE(store_->policy()); | 377 EXPECT_FALSE(store_->policy()); |
| 342 EXPECT_TRUE(store_->policy_map().empty()); | 378 EXPECT_TRUE(store_->policy_map().empty()); |
| 343 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 379 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
| 380 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 344 } | 381 } |
| 345 | 382 |
| 346 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 383 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
| 347 policy_.policy_data().clear_policy_type(); | 384 policy_.policy_data().clear_policy_type(); |
| 348 policy_.Build(); | 385 policy_.Build(); |
| 349 | 386 |
| 350 // Store policy. | 387 // Store policy. |
| 351 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 388 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 352 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 389 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 353 EXPECT_CALL(session_manager_client_, | 390 EXPECT_CALL(session_manager_client_, |
| 354 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 391 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 355 .Times(0); | 392 .Times(0); |
| 356 store_->Store(policy_.policy()); | 393 store_->Store(policy_.policy()); |
| 357 base::RunLoop().RunUntilIdle(); | 394 base::RunLoop().RunUntilIdle(); |
| 358 Mock::VerifyAndClearExpectations(&session_manager_client_); | 395 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 396 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 359 } | 397 } |
| 360 | 398 |
| 361 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | 399 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { |
| 362 // Make the dbus call to cryptohome fail. | 400 // Make the dbus call to cryptohome fail. |
| 363 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 401 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 364 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) | 402 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 365 .Times(AnyNumber()) | 403 .Times(AnyNumber()) |
| 366 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | 404 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, |
| 367 std::string())); | 405 std::string())); |
| 368 | 406 |
| 369 // Store policy. | 407 // Store policy. |
| 370 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 408 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 371 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 409 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 372 EXPECT_CALL(session_manager_client_, | 410 EXPECT_CALL(session_manager_client_, |
| 373 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 411 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 374 .Times(0); | 412 .Times(0); |
| 375 store_->Store(policy_.policy()); | 413 store_->Store(policy_.policy()); |
| 376 base::RunLoop().RunUntilIdle(); | 414 base::RunLoop().RunUntilIdle(); |
| 377 Mock::VerifyAndClearExpectations(&session_manager_client_); | 415 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 416 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 378 } | 417 } |
| 379 | 418 |
| 380 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | 419 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { |
| 381 // Break the signature. | 420 // Break the signature. |
| 382 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 421 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 383 | 422 |
| 384 // Store policy. | 423 // Store policy. |
| 385 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 424 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 386 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 425 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 387 EXPECT_CALL(session_manager_client_, | 426 EXPECT_CALL(session_manager_client_, |
| 388 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 427 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 389 .Times(0); | 428 .Times(0); |
| 390 store_->Store(policy_.policy()); | 429 store_->Store(policy_.policy()); |
| 391 base::RunLoop().RunUntilIdle(); | 430 base::RunLoop().RunUntilIdle(); |
| 392 Mock::VerifyAndClearExpectations(&session_manager_client_); | 431 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 432 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 433 } |
| 434 |
| 435 TEST_F(UserCloudPolicyStoreChromeOSTest, MultipleStoresWithRotation) { |
| 436 // Store initial policy signed with the initial public key. |
| 437 ASSERT_NO_FATAL_FAILURE( |
| 438 PerformStorePolicy(nullptr, nullptr, kDefaultHomepage)); |
| 439 const std::string initial_public_key = GetPolicyPublicKeyAsString(); |
| 440 EXPECT_EQ(initial_public_key, store_->policy_signature_public_key()); |
| 441 |
| 442 // Try storing an invalid policy signed with the new public key. |
| 443 policy_.SetDefaultNewSigningKey(); |
| 444 policy_.policy_data().clear_policy_type(); |
| 445 policy_.Build(); |
| 446 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 447 store_->Store(policy_.policy()); |
| 448 base::RunLoop().RunUntilIdle(); |
| 449 // Still the initial public key is exposed. |
| 450 EXPECT_EQ(initial_public_key, store_->policy_signature_public_key()); |
| 451 |
| 452 // Store the correct policy signed with the new public key. |
| 453 policy_.policy_data().set_policy_type(dm_protocol::kChromeUserPolicyType); |
| 454 policy_.Build(); |
| 455 std::vector<uint8_t> new_public_key; |
| 456 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 457 ASSERT_NO_FATAL_FAILURE( |
| 458 PerformStorePolicy(&new_public_key, kDefaultHomepage, kDefaultHomepage)); |
| 459 EXPECT_EQ(GetPolicyNewPublicKeyAsString(), |
| 460 store_->policy_signature_public_key()); |
| 393 } | 461 } |
| 394 | 462 |
| 395 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 463 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
| 396 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 464 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 397 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 465 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 398 Mock::VerifyAndClearExpectations(&observer_); | 466 Mock::VerifyAndClearExpectations(&observer_); |
| 399 | 467 |
| 400 // Verify that the policy has been loaded. | 468 // Verify that the policy has been loaded. |
| 401 ASSERT_TRUE(store_->policy()); | 469 ASSERT_TRUE(store_->policy()); |
| 402 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 470 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 403 store_->policy()->SerializeAsString()); | 471 store_->policy()->SerializeAsString()); |
| 404 VerifyPolicyMap(kDefaultHomepage); | 472 VerifyPolicyMap(kDefaultHomepage); |
| 405 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 473 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 474 EXPECT_EQ(GetPolicyPublicKeyAsString(), |
| 475 store_->policy_signature_public_key()); |
| 406 } | 476 } |
| 407 | 477 |
| 408 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 478 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
| 409 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 479 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 410 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 480 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 411 Mock::VerifyAndClearExpectations(&observer_); | 481 Mock::VerifyAndClearExpectations(&observer_); |
| 412 | 482 |
| 413 // Verify no policy has been installed. | 483 // Verify no policy has been installed. |
| 414 EXPECT_FALSE(store_->policy()); | 484 EXPECT_FALSE(store_->policy()); |
| 415 EXPECT_TRUE(store_->policy_map().empty()); | 485 EXPECT_TRUE(store_->policy_map().empty()); |
| 416 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 486 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 487 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 417 } | 488 } |
| 418 | 489 |
| 419 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { | 490 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { |
| 420 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); | 491 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); |
| 421 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); | 492 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); |
| 422 | 493 |
| 423 // Verify no policy has been installed. | 494 // Verify no policy has been installed. |
| 424 EXPECT_FALSE(store_->policy()); | 495 EXPECT_FALSE(store_->policy()); |
| 425 EXPECT_TRUE(store_->policy_map().empty()); | 496 EXPECT_TRUE(store_->policy_map().empty()); |
| 426 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 497 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 498 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 427 } | 499 } |
| 428 | 500 |
| 429 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { | 501 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { |
| 430 policy_.policy_data().clear_policy_type(); | 502 policy_.policy_data().clear_policy_type(); |
| 431 policy_.Build(); | 503 policy_.Build(); |
| 432 | 504 |
| 433 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 505 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 434 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 506 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 435 VerifyStoreHasValidationError(); | 507 VerifyStoreHasValidationError(); |
| 508 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 436 } | 509 } |
| 437 | 510 |
| 438 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { | 511 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { |
| 439 // The loaded policy can't be verified without the public key. | 512 // The loaded policy can't be verified without the public key. |
| 440 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 513 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 441 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 514 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 442 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 515 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 443 VerifyStoreHasValidationError(); | 516 VerifyStoreHasValidationError(); |
| 517 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 444 } | 518 } |
| 445 | 519 |
| 446 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | 520 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { |
| 447 // Break the signature. | 521 // Break the signature. |
| 448 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 522 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 449 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 523 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 450 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 524 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 451 VerifyStoreHasValidationError(); | 525 VerifyStoreHasValidationError(); |
| 526 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 452 } | 527 } |
| 453 | 528 |
| 454 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { | 529 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { |
| 455 std::string data; | 530 std::string data; |
| 456 | 531 |
| 532 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 533 |
| 457 em::DeviceCredentials credentials; | 534 em::DeviceCredentials credentials; |
| 458 credentials.set_device_token(kLegacyToken); | 535 credentials.set_device_token(kLegacyToken); |
| 459 credentials.set_device_id(kLegacyDeviceId); | 536 credentials.set_device_id(kLegacyDeviceId); |
| 460 ASSERT_TRUE(credentials.SerializeToString(&data)); | 537 ASSERT_TRUE(credentials.SerializeToString(&data)); |
| 461 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | 538 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); |
| 462 | 539 |
| 463 em::CachedCloudPolicyResponse cached_policy; | 540 em::CachedCloudPolicyResponse cached_policy; |
| 464 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 541 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 465 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 542 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 466 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | 543 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 480 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 557 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 481 store_->policy()->SerializeAsString()); | 558 store_->policy()->SerializeAsString()); |
| 482 VerifyPolicyMap(kDefaultHomepage); | 559 VerifyPolicyMap(kDefaultHomepage); |
| 483 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 560 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 484 } | 561 } |
| 485 | 562 |
| 486 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { | 563 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { |
| 487 std::string data; | 564 std::string data; |
| 488 testing::Sequence seq; | 565 testing::Sequence seq; |
| 489 | 566 |
| 567 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 568 |
| 490 em::CachedCloudPolicyResponse cached_policy; | 569 em::CachedCloudPolicyResponse cached_policy; |
| 491 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 570 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 492 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 571 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 493 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | 572 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); |
| 494 | 573 |
| 495 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 574 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 496 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 575 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 497 Mock::VerifyAndClearExpectations(&observer_); | 576 Mock::VerifyAndClearExpectations(&observer_); |
| 498 | 577 |
| 499 // Verify the legacy cache has been loaded. | 578 // Verify the legacy cache has been loaded. |
| 500 em::PolicyData expected_policy_data; | 579 em::PolicyData expected_policy_data; |
| 501 EXPECT_TRUE(expected_policy_data.ParseFromString( | 580 EXPECT_TRUE(expected_policy_data.ParseFromString( |
| 502 cached_policy.cloud_policy().policy_data())); | 581 cached_policy.cloud_policy().policy_data())); |
| 503 expected_policy_data.clear_public_key_version(); | 582 expected_policy_data.clear_public_key_version(); |
| 504 ASSERT_TRUE(store_->policy()); | 583 ASSERT_TRUE(store_->policy()); |
| 505 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 584 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 506 store_->policy()->SerializeAsString()); | 585 store_->policy()->SerializeAsString()); |
| 507 VerifyPolicyMap(kDefaultHomepage); | 586 VerifyPolicyMap(kDefaultHomepage); |
| 508 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 587 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 509 } | 588 } |
| 510 | 589 |
| 511 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { | 590 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { |
| 512 std::string data; | 591 std::string data; |
| 513 | 592 |
| 593 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 594 |
| 514 em::DeviceCredentials credentials; | 595 em::DeviceCredentials credentials; |
| 515 credentials.set_device_token(kLegacyToken); | 596 credentials.set_device_token(kLegacyToken); |
| 516 credentials.set_device_id(kLegacyDeviceId); | 597 credentials.set_device_id(kLegacyDeviceId); |
| 517 ASSERT_TRUE(credentials.SerializeToString(&data)); | 598 ASSERT_TRUE(credentials.SerializeToString(&data)); |
| 518 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); | 599 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size())); |
| 519 | 600 |
| 520 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 601 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 521 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 602 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 522 Mock::VerifyAndClearExpectations(&observer_); | 603 Mock::VerifyAndClearExpectations(&observer_); |
| 523 | 604 |
| 524 // Verify that legacy user policy and token have been loaded. | 605 // Verify that legacy user policy and token have been loaded. |
| 525 em::PolicyData expected_policy_data; | 606 em::PolicyData expected_policy_data; |
| 526 expected_policy_data.set_request_token(kLegacyToken); | 607 expected_policy_data.set_request_token(kLegacyToken); |
| 527 expected_policy_data.set_device_id(kLegacyDeviceId); | 608 expected_policy_data.set_device_id(kLegacyDeviceId); |
| 528 ASSERT_TRUE(store_->policy()); | 609 ASSERT_TRUE(store_->policy()); |
| 529 EXPECT_EQ(expected_policy_data.SerializeAsString(), | 610 EXPECT_EQ(expected_policy_data.SerializeAsString(), |
| 530 store_->policy()->SerializeAsString()); | 611 store_->policy()->SerializeAsString()); |
| 531 EXPECT_TRUE(store_->policy_map().empty()); | 612 EXPECT_TRUE(store_->policy_map().empty()); |
| 532 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 613 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 533 } | 614 } |
| 534 | 615 |
| 535 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { | 616 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { |
| 536 // Start without an existing public key. | 617 // Start without an existing public key. |
| 537 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 618 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 538 | 619 |
| 620 ASSERT_TRUE(base::CreateDirectory(legacy_cache_dir())); |
| 621 |
| 539 std::string data; | 622 std::string data; |
| 540 em::CachedCloudPolicyResponse cached_policy; | 623 em::CachedCloudPolicyResponse cached_policy; |
| 541 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); | 624 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); |
| 542 ASSERT_TRUE(cached_policy.SerializeToString(&data)); | 625 ASSERT_TRUE(cached_policy.SerializeToString(&data)); |
| 543 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); | 626 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size())); |
| 544 | 627 |
| 545 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 628 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 546 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 629 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 547 Mock::VerifyAndClearExpectations(&observer_); | 630 Mock::VerifyAndClearExpectations(&observer_); |
| 548 | 631 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 589 Mock::VerifyAndClearExpectations(&observer_); | 672 Mock::VerifyAndClearExpectations(&observer_); |
| 590 Mock::VerifyAndClearExpectations(&session_manager_client_); | 673 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 591 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 674 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 592 | 675 |
| 593 // The policy should become available without having to spin any loops. | 676 // The policy should become available without having to spin any loops. |
| 594 ASSERT_TRUE(store_->policy()); | 677 ASSERT_TRUE(store_->policy()); |
| 595 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 678 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 596 store_->policy()->SerializeAsString()); | 679 store_->policy()->SerializeAsString()); |
| 597 VerifyPolicyMap(kDefaultHomepage); | 680 VerifyPolicyMap(kDefaultHomepage); |
| 598 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 681 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 682 EXPECT_EQ(GetPolicyPublicKeyAsString(), |
| 683 store_->policy_signature_public_key()); |
| 599 } | 684 } |
| 600 | 685 |
| 601 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { | 686 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { |
| 602 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 687 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 603 EXPECT_CALL(session_manager_client_, | 688 EXPECT_CALL(session_manager_client_, |
| 604 BlockingRetrievePolicyForUser(cryptohome_id_)) | 689 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 605 .WillOnce(Return("")); | 690 .WillOnce(Return("")); |
| 606 | 691 |
| 607 EXPECT_FALSE(store_->policy()); | 692 EXPECT_FALSE(store_->policy()); |
| 608 store_->LoadImmediately(); | 693 store_->LoadImmediately(); |
| 609 Mock::VerifyAndClearExpectations(&observer_); | 694 Mock::VerifyAndClearExpectations(&observer_); |
| 610 Mock::VerifyAndClearExpectations(&session_manager_client_); | 695 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 611 | 696 |
| 612 EXPECT_FALSE(store_->policy()); | 697 EXPECT_FALSE(store_->policy()); |
| 613 EXPECT_TRUE(store_->policy_map().empty()); | 698 EXPECT_TRUE(store_->policy_map().empty()); |
| 614 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 699 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 700 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 615 } | 701 } |
| 616 | 702 |
| 617 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { | 703 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { |
| 618 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 704 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 619 EXPECT_CALL(session_manager_client_, | 705 EXPECT_CALL(session_manager_client_, |
| 620 BlockingRetrievePolicyForUser(cryptohome_id_)) | 706 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 621 .WillOnce(Return("le blob")); | 707 .WillOnce(Return("le blob")); |
| 622 | 708 |
| 623 EXPECT_FALSE(store_->policy()); | 709 EXPECT_FALSE(store_->policy()); |
| 624 store_->LoadImmediately(); | 710 store_->LoadImmediately(); |
| 625 Mock::VerifyAndClearExpectations(&observer_); | 711 Mock::VerifyAndClearExpectations(&observer_); |
| 626 Mock::VerifyAndClearExpectations(&session_manager_client_); | 712 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 627 | 713 |
| 628 EXPECT_FALSE(store_->policy()); | 714 EXPECT_FALSE(store_->policy()); |
| 629 EXPECT_TRUE(store_->policy_map().empty()); | 715 EXPECT_TRUE(store_->policy_map().empty()); |
| 630 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 716 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 717 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 631 } | 718 } |
| 632 | 719 |
| 633 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { | 720 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { |
| 634 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 721 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 635 EXPECT_CALL(session_manager_client_, | 722 EXPECT_CALL(session_manager_client_, |
| 636 BlockingRetrievePolicyForUser(cryptohome_id_)) | 723 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 637 .WillOnce(Return(policy_.GetBlob())); | 724 .WillOnce(Return(policy_.GetBlob())); |
| 638 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 725 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 639 .WillOnce(Return("")); | 726 .WillOnce(Return("")); |
| 640 | 727 |
| 641 EXPECT_FALSE(store_->policy()); | 728 EXPECT_FALSE(store_->policy()); |
| 642 store_->LoadImmediately(); | 729 store_->LoadImmediately(); |
| 643 Mock::VerifyAndClearExpectations(&observer_); | 730 Mock::VerifyAndClearExpectations(&observer_); |
| 644 Mock::VerifyAndClearExpectations(&session_manager_client_); | 731 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 645 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 732 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 646 | 733 |
| 647 EXPECT_FALSE(store_->policy()); | 734 EXPECT_FALSE(store_->policy()); |
| 648 EXPECT_TRUE(store_->policy_map().empty()); | 735 EXPECT_TRUE(store_->policy_map().empty()); |
| 649 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); | 736 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); |
| 737 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 650 } | 738 } |
| 651 | 739 |
| 652 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { | 740 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { |
| 653 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 741 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 654 EXPECT_CALL(session_manager_client_, | 742 EXPECT_CALL(session_manager_client_, |
| 655 BlockingRetrievePolicyForUser(cryptohome_id_)) | 743 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 656 .WillOnce(Return(policy_.GetBlob())); | 744 .WillOnce(Return(policy_.GetBlob())); |
| 657 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 745 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 658 .WillOnce(Return("wrong@example.com")); | 746 .WillOnce(Return("wrong@example.com")); |
| 659 | 747 |
| 660 EXPECT_FALSE(store_->policy()); | 748 EXPECT_FALSE(store_->policy()); |
| 661 store_->LoadImmediately(); | 749 store_->LoadImmediately(); |
| 662 Mock::VerifyAndClearExpectations(&observer_); | 750 Mock::VerifyAndClearExpectations(&observer_); |
| 663 Mock::VerifyAndClearExpectations(&session_manager_client_); | 751 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 664 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 752 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 665 | 753 |
| 666 EXPECT_FALSE(store_->policy()); | 754 EXPECT_FALSE(store_->policy()); |
| 667 EXPECT_TRUE(store_->policy_map().empty()); | 755 EXPECT_TRUE(store_->policy_map().empty()); |
| 668 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 756 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 757 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 669 } | 758 } |
| 670 | 759 |
| 671 } // namespace | 760 } // namespace |
| 672 | 761 |
| 673 } // namespace policy | 762 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
