| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <string> |
| 10 #include <vector> | 11 #include <vector> |
| 11 | 12 |
| 12 #include "base/bind.h" | 13 #include "base/bind.h" |
| 13 #include "base/files/file_util.h" | 14 #include "base/files/file_util.h" |
| 14 #include "base/files/scoped_temp_dir.h" | 15 #include "base/files/scoped_temp_dir.h" |
| 15 #include "base/location.h" | 16 #include "base/location.h" |
| 16 #include "base/macros.h" | 17 #include "base/macros.h" |
| 17 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 18 #include "base/message_loop/message_loop.h" | 19 #include "base/message_loop/message_loop.h" |
| 19 #include "base/run_loop.h" | 20 #include "base/run_loop.h" |
| 20 #include "base/single_thread_task_runner.h" | 21 #include "base/single_thread_task_runner.h" |
| 21 #include "base/threading/sequenced_worker_pool.h" | 22 #include "base/threading/sequenced_worker_pool.h" |
| 22 #include "base/threading/thread_task_runner_handle.h" | 23 #include "base/threading/thread_task_runner_handle.h" |
| 23 #include "chromeos/dbus/mock_cryptohome_client.h" | 24 #include "chromeos/dbus/mock_cryptohome_client.h" |
| 24 #include "chromeos/dbus/mock_session_manager_client.h" | 25 #include "chromeos/dbus/mock_session_manager_client.h" |
| 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 26 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 26 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" | 27 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" |
| 27 #include "components/policy/core/common/cloud/policy_builder.h" | 28 #include "components/policy/core/common/cloud/policy_builder.h" |
| 28 #include "components/policy/core/common/policy_types.h" | 29 #include "components/policy/core/common/policy_types.h" |
| 29 #include "components/policy/policy_constants.h" | 30 #include "components/policy/policy_constants.h" |
| 30 #include "components/policy/proto/cloud_policy.pb.h" | 31 #include "components/policy/proto/cloud_policy.pb.h" |
| 31 #include "components/policy/proto/device_management_local.pb.h" | 32 #include "components/policy/proto/device_management_local.pb.h" |
| 33 #include "crypto/rsa_private_key.h" |
| 32 #include "testing/gmock/include/gmock/gmock.h" | 34 #include "testing/gmock/include/gmock/gmock.h" |
| 33 #include "testing/gtest/include/gtest/gtest.h" | 35 #include "testing/gtest/include/gtest/gtest.h" |
| 34 | 36 |
| 35 namespace em = enterprise_management; | 37 namespace em = enterprise_management; |
| 36 | 38 |
| 37 using testing::AllOf; | 39 using testing::AllOf; |
| 38 using testing::AnyNumber; | 40 using testing::AnyNumber; |
| 39 using testing::Eq; | 41 using testing::Eq; |
| 40 using testing::Mock; | 42 using testing::Mock; |
| 41 using testing::Property; | 43 using testing::Property; |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 135 // Stores the current |policy_| and verifies that it is published. | 137 // Stores the current |policy_| and verifies that it is published. |
| 136 // If |new_public_key| is set then it will be persisted after storing but | 138 // If |new_public_key| is set then it will be persisted after storing but |
| 137 // before loading the policy, so that the signature validation can succeed. | 139 // before loading the policy, so that the signature validation can succeed. |
| 138 // If |previous_value| is set then a previously existing policy with that | 140 // If |previous_value| is set then a previously existing policy with that |
| 139 // value will be expected; otherwise no previous policy is expected. | 141 // value will be expected; otherwise no previous policy is expected. |
| 140 // If |new_value| is set then a new policy with that value is expected after | 142 // If |new_value| is set then a new policy with that value is expected after |
| 141 // storing the |policy_| blob. | 143 // storing the |policy_| blob. |
| 142 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, | 144 void PerformStorePolicy(const std::vector<uint8_t>* new_public_key, |
| 143 const char* previous_value, | 145 const char* previous_value, |
| 144 const char* new_value) { | 146 const char* new_value) { |
| 147 const CloudPolicyStore::Status initial_status = store_->status(); |
| 148 |
| 145 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 149 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 146 EXPECT_CALL(session_manager_client_, | 150 EXPECT_CALL(session_manager_client_, |
| 147 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 151 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 148 .WillOnce(SaveArg<2>(&store_callback)); | 152 .WillOnce(SaveArg<2>(&store_callback)); |
| 149 store_->Store(policy_.policy()); | 153 store_->Store(policy_.policy()); |
| 150 base::RunLoop().RunUntilIdle(); | 154 base::RunLoop().RunUntilIdle(); |
| 151 Mock::VerifyAndClearExpectations(&session_manager_client_); | 155 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 152 ASSERT_FALSE(store_callback.is_null()); | 156 ASSERT_FALSE(store_callback.is_null()); |
| 153 | 157 |
| 154 // The new policy shouldn't be present yet. | 158 // The new policy shouldn't be present yet. |
| 155 PolicyMap previous_policy; | 159 PolicyMap previous_policy; |
| 156 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); | 160 EXPECT_EQ(previous_value != nullptr, store_->policy() != nullptr); |
| 157 if (previous_value) { | 161 if (previous_value) { |
| 158 previous_policy.Set(key::kHomepageLocation, POLICY_LEVEL_MANDATORY, | 162 previous_policy.Set(key::kHomepageLocation, POLICY_LEVEL_MANDATORY, |
| 159 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, | 163 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, |
| 160 base::MakeUnique<base::StringValue>(previous_value), | 164 base::MakeUnique<base::StringValue>(previous_value), |
| 161 nullptr); | 165 nullptr); |
| 162 } | 166 } |
| 163 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 167 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 164 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 168 EXPECT_EQ(initial_status, store_->status()); |
| 165 | 169 |
| 166 // Store the new public key so that the validation after the retrieve | 170 // Store the new public key so that the validation after the retrieve |
| 167 // operation completes can verify the signature. | 171 // operation completes can verify the signature. |
| 168 if (new_public_key) | 172 if (new_public_key) |
| 169 StoreUserPolicyKey(*new_public_key); | 173 StoreUserPolicyKey(*new_public_key); |
| 170 | 174 |
| 171 // Let the store operation complete. | 175 // Let the store operation complete. |
| 172 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; | 176 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; |
| 173 EXPECT_CALL(session_manager_client_, | 177 EXPECT_CALL(session_manager_client_, |
| 174 RetrievePolicyForUser(cryptohome_id_, _)) | 178 RetrievePolicyForUser(cryptohome_id_, _)) |
| 175 .WillOnce(SaveArg<1>(&retrieve_callback)); | 179 .WillOnce(SaveArg<1>(&retrieve_callback)); |
| 176 store_callback.Run(true); | 180 store_callback.Run(true); |
| 177 base::RunLoop().RunUntilIdle(); | 181 base::RunLoop().RunUntilIdle(); |
| 178 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); | 182 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); |
| 179 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 183 EXPECT_EQ(initial_status, store_->status()); |
| 180 Mock::VerifyAndClearExpectations(&session_manager_client_); | 184 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 181 ASSERT_FALSE(retrieve_callback.is_null()); | 185 ASSERT_FALSE(retrieve_callback.is_null()); |
| 182 | 186 |
| 183 // Finish the retrieve callback. | 187 // Finish the retrieve callback. |
| 184 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 188 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 185 retrieve_callback.Run(policy_.GetBlob()); | 189 retrieve_callback.Run(policy_.GetBlob()); |
| 186 base::RunLoop().RunUntilIdle(); | 190 base::RunLoop().RunUntilIdle(); |
| 187 ASSERT_TRUE(store_->policy()); | 191 ASSERT_TRUE(store_->policy()); |
| 188 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 192 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 189 store_->policy()->SerializeAsString()); | 193 store_->policy()->SerializeAsString()); |
| 190 VerifyPolicyMap(new_value); | 194 VerifyPolicyMap(new_value); |
| 191 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 195 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 192 } | 196 } |
| 193 | 197 |
| 194 void VerifyStoreHasValidationError() { | 198 void VerifyStoreHasValidationError() { |
| 195 EXPECT_FALSE(store_->policy()); | 199 EXPECT_FALSE(store_->policy()); |
| 196 EXPECT_TRUE(store_->policy_map().empty()); | 200 EXPECT_TRUE(store_->policy_map().empty()); |
| 197 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 201 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 198 } | 202 } |
| 199 | 203 |
| 204 static std::string ConvertPublicKeyToString( |
| 205 const std::vector<uint8_t>& public_key) { |
| 206 return std::string(reinterpret_cast<const char*>(public_key.data()), |
| 207 public_key.size()); |
| 208 } |
| 209 |
| 210 std::string GetPolicyPublicKeyAsString() { |
| 211 std::vector<uint8_t> public_key; |
| 212 EXPECT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); |
| 213 return ConvertPublicKeyToString(public_key); |
| 214 } |
| 215 |
| 216 std::string GetPolicyNewPublicKeyAsString() { |
| 217 std::vector<uint8_t> new_public_key; |
| 218 EXPECT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 219 return ConvertPublicKeyToString(new_public_key); |
| 220 } |
| 221 |
| 200 base::FilePath user_policy_dir() { | 222 base::FilePath user_policy_dir() { |
| 201 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); | 223 return tmp_dir_.GetPath().AppendASCII("var_run_user_policy"); |
| 202 } | 224 } |
| 203 | 225 |
| 204 base::FilePath user_policy_key_file() { | 226 base::FilePath user_policy_key_file() { |
| 205 return user_policy_dir().AppendASCII(kSanitizedUsername) | 227 return user_policy_dir().AppendASCII(kSanitizedUsername) |
| 206 .AppendASCII("policy.pub"); | 228 .AppendASCII("policy.pub"); |
| 207 } | 229 } |
| 208 | 230 |
| 209 base::MessageLoopForUI loop_; | 231 base::MessageLoopForUI loop_; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 225 | 247 |
| 226 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { | 248 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { |
| 227 // Start without any public key to trigger the initial key checks. | 249 // Start without any public key to trigger the initial key checks. |
| 228 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 250 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 229 // Make the policy blob contain a new public key. | 251 // Make the policy blob contain a new public key. |
| 230 policy_.SetDefaultNewSigningKey(); | 252 policy_.SetDefaultNewSigningKey(); |
| 231 policy_.Build(); | 253 policy_.Build(); |
| 232 std::vector<uint8_t> new_public_key; | 254 std::vector<uint8_t> new_public_key; |
| 233 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 255 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 234 ASSERT_NO_FATAL_FAILURE( | 256 ASSERT_NO_FATAL_FAILURE( |
| 235 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 257 PerformStorePolicy(&new_public_key, nullptr, kDefaultHomepage)); |
| 258 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), |
| 259 store_->policy_signature_public_key()); |
| 236 } | 260 } |
| 237 | 261 |
| 238 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { | 262 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { |
| 239 // Start without any public key to trigger the initial key checks. | 263 // Start without any public key to trigger the initial key checks. |
| 240 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 264 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 241 // Make the policy blob contain a new public key. | 265 // Make the policy blob contain a new public key. |
| 242 policy_.SetDefaultSigningKey(); | 266 policy_.SetDefaultSigningKey(); |
| 243 policy_.Build(); | 267 policy_.Build(); |
| 244 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 268 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 245 "garbage"; | 269 "garbage"; |
| 246 | 270 |
| 247 EXPECT_CALL(session_manager_client_, | 271 EXPECT_CALL(session_manager_client_, |
| 248 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 272 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 249 .Times(0); | 273 .Times(0); |
| 250 store_->Store(policy_.policy()); | 274 store_->Store(policy_.policy()); |
| 251 base::RunLoop().RunUntilIdle(); | 275 base::RunLoop().RunUntilIdle(); |
| 252 Mock::VerifyAndClearExpectations(&session_manager_client_); | 276 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 277 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 253 } | 278 } |
| 254 | 279 |
| 255 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { | 280 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { |
| 256 // Start without any public key to trigger the initial key checks. | 281 // Start without any public key to trigger the initial key checks. |
| 257 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 282 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 258 // Make the policy blob contain a new public key. | 283 // Make the policy blob contain a new public key. |
| 259 policy_.SetDefaultSigningKey(); | 284 policy_.SetDefaultSigningKey(); |
| 260 policy_.Build(); | 285 policy_.Build(); |
| 261 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 286 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 262 | 287 |
| 263 EXPECT_CALL(session_manager_client_, | 288 EXPECT_CALL(session_manager_client_, |
| 264 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 289 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 265 .Times(0); | 290 .Times(0); |
| 266 store_->Store(policy_.policy()); | 291 store_->Store(policy_.policy()); |
| 267 base::RunLoop().RunUntilIdle(); | 292 base::RunLoop().RunUntilIdle(); |
| 268 Mock::VerifyAndClearExpectations(&session_manager_client_); | 293 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 294 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 269 } | 295 } |
| 270 | 296 |
| 271 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { | 297 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { |
| 272 ASSERT_NO_FATAL_FAILURE( | 298 ASSERT_NO_FATAL_FAILURE( |
| 273 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); | 299 PerformStorePolicy(nullptr, nullptr, kDefaultHomepage)); |
| 300 EXPECT_EQ(GetPolicyPublicKeyAsString(), |
| 301 store_->policy_signature_public_key()); |
| 274 } | 302 } |
| 275 | 303 |
| 276 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { | 304 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { |
| 277 // Make the policy blob contain a new public key. | 305 // Make the policy blob contain a new public key. |
| 278 policy_.SetDefaultNewSigningKey(); | 306 policy_.SetDefaultNewSigningKey(); |
| 279 policy_.Build(); | 307 policy_.Build(); |
| 280 std::vector<uint8_t> new_public_key; | 308 std::vector<uint8_t> new_public_key; |
| 281 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); | 309 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 282 ASSERT_NO_FATAL_FAILURE( | 310 ASSERT_NO_FATAL_FAILURE( |
| 283 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); | 311 PerformStorePolicy(&new_public_key, nullptr, kDefaultHomepage)); |
| 312 EXPECT_EQ(ConvertPublicKeyToString(new_public_key), |
| 313 store_->policy_signature_public_key()); |
| 284 } | 314 } |
| 285 | 315 |
| 286 TEST_F(UserCloudPolicyStoreChromeOSTest, | 316 TEST_F(UserCloudPolicyStoreChromeOSTest, |
| 287 StoreWithRotationMissingSignatureError) { | 317 StoreWithRotationMissingSignatureError) { |
| 288 // Make the policy blob contain a new public key. | 318 // Make the policy blob contain a new public key. |
| 289 policy_.SetDefaultNewSigningKey(); | 319 policy_.SetDefaultNewSigningKey(); |
| 290 policy_.Build(); | 320 policy_.Build(); |
| 291 policy_.policy().clear_new_public_key_verification_signature_deprecated(); | 321 policy_.policy().clear_new_public_key_verification_signature_deprecated(); |
| 292 | 322 |
| 293 EXPECT_CALL(session_manager_client_, | 323 EXPECT_CALL(session_manager_client_, |
| 294 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 324 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 295 .Times(0); | 325 .Times(0); |
| 296 store_->Store(policy_.policy()); | 326 store_->Store(policy_.policy()); |
| 297 base::RunLoop().RunUntilIdle(); | 327 base::RunLoop().RunUntilIdle(); |
| 298 Mock::VerifyAndClearExpectations(&session_manager_client_); | 328 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 329 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 299 } | 330 } |
| 300 | 331 |
| 301 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { | 332 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { |
| 302 // Make the policy blob contain a new public key. | 333 // Make the policy blob contain a new public key. |
| 303 policy_.SetDefaultNewSigningKey(); | 334 policy_.SetDefaultNewSigningKey(); |
| 304 policy_.Build(); | 335 policy_.Build(); |
| 305 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = | 336 *policy_.policy().mutable_new_public_key_verification_signature_deprecated() = |
| 306 "garbage"; | 337 "garbage"; |
| 307 | 338 |
| 308 EXPECT_CALL(session_manager_client_, | 339 EXPECT_CALL(session_manager_client_, |
| 309 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 340 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 310 .Times(0); | 341 .Times(0); |
| 311 store_->Store(policy_.policy()); | 342 store_->Store(policy_.policy()); |
| 312 base::RunLoop().RunUntilIdle(); | 343 base::RunLoop().RunUntilIdle(); |
| 313 Mock::VerifyAndClearExpectations(&session_manager_client_); | 344 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 345 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 314 } | 346 } |
| 315 | 347 |
| 316 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { | 348 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { |
| 317 // Store policy. | 349 // Store policy. |
| 318 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 350 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 319 EXPECT_CALL(session_manager_client_, | 351 EXPECT_CALL(session_manager_client_, |
| 320 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 352 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 321 .WillOnce(SaveArg<2>(&store_callback)); | 353 .WillOnce(SaveArg<2>(&store_callback)); |
| 322 store_->Store(policy_.policy()); | 354 store_->Store(policy_.policy()); |
| 323 base::RunLoop().RunUntilIdle(); | 355 base::RunLoop().RunUntilIdle(); |
| 324 Mock::VerifyAndClearExpectations(&session_manager_client_); | 356 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 325 ASSERT_FALSE(store_callback.is_null()); | 357 ASSERT_FALSE(store_callback.is_null()); |
| 326 | 358 |
| 327 // Let the store operation complete. | 359 // Let the store operation complete. |
| 328 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); | 360 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); |
| 329 store_callback.Run(false); | 361 store_callback.Run(false); |
| 330 base::RunLoop().RunUntilIdle(); | 362 base::RunLoop().RunUntilIdle(); |
| 331 EXPECT_FALSE(store_->policy()); | 363 EXPECT_FALSE(store_->policy()); |
| 332 EXPECT_TRUE(store_->policy_map().empty()); | 364 EXPECT_TRUE(store_->policy_map().empty()); |
| 333 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); | 365 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); |
| 366 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 334 } | 367 } |
| 335 | 368 |
| 336 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { | 369 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { |
| 337 policy_.policy_data().clear_policy_type(); | 370 policy_.policy_data().clear_policy_type(); |
| 338 policy_.Build(); | 371 policy_.Build(); |
| 339 | 372 |
| 340 // Store policy. | 373 // Store policy. |
| 341 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 374 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 342 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 375 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 343 EXPECT_CALL(session_manager_client_, | 376 EXPECT_CALL(session_manager_client_, |
| 344 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 377 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 345 .Times(0); | 378 .Times(0); |
| 346 store_->Store(policy_.policy()); | 379 store_->Store(policy_.policy()); |
| 347 base::RunLoop().RunUntilIdle(); | 380 base::RunLoop().RunUntilIdle(); |
| 348 Mock::VerifyAndClearExpectations(&session_manager_client_); | 381 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 382 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 349 } | 383 } |
| 350 | 384 |
| 351 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { | 385 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { |
| 352 // Make the dbus call to cryptohome fail. | 386 // Make the dbus call to cryptohome fail. |
| 353 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 387 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 354 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) | 388 EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) |
| 355 .Times(AnyNumber()) | 389 .Times(AnyNumber()) |
| 356 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, | 390 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, |
| 357 std::string())); | 391 std::string())); |
| 358 | 392 |
| 359 // Store policy. | 393 // Store policy. |
| 360 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 394 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 361 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 395 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 362 EXPECT_CALL(session_manager_client_, | 396 EXPECT_CALL(session_manager_client_, |
| 363 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 397 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 364 .Times(0); | 398 .Times(0); |
| 365 store_->Store(policy_.policy()); | 399 store_->Store(policy_.policy()); |
| 366 base::RunLoop().RunUntilIdle(); | 400 base::RunLoop().RunUntilIdle(); |
| 367 Mock::VerifyAndClearExpectations(&session_manager_client_); | 401 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 402 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 368 } | 403 } |
| 369 | 404 |
| 370 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { | 405 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { |
| 371 // Break the signature. | 406 // Break the signature. |
| 372 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 407 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 373 | 408 |
| 374 // Store policy. | 409 // Store policy. |
| 375 chromeos::SessionManagerClient::StorePolicyCallback store_callback; | 410 chromeos::SessionManagerClient::StorePolicyCallback store_callback; |
| 376 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 411 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 377 EXPECT_CALL(session_manager_client_, | 412 EXPECT_CALL(session_manager_client_, |
| 378 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) | 413 StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) |
| 379 .Times(0); | 414 .Times(0); |
| 380 store_->Store(policy_.policy()); | 415 store_->Store(policy_.policy()); |
| 381 base::RunLoop().RunUntilIdle(); | 416 base::RunLoop().RunUntilIdle(); |
| 382 Mock::VerifyAndClearExpectations(&session_manager_client_); | 417 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 418 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 419 } |
| 420 |
| 421 TEST_F(UserCloudPolicyStoreChromeOSTest, MultipleStoresWithRotation) { |
| 422 // Store initial policy signed with the initial public key. |
| 423 ASSERT_NO_FATAL_FAILURE( |
| 424 PerformStorePolicy(nullptr, nullptr, kDefaultHomepage)); |
| 425 const std::string initial_public_key = GetPolicyPublicKeyAsString(); |
| 426 EXPECT_EQ(initial_public_key, store_->policy_signature_public_key()); |
| 427 |
| 428 // Try storing an invalid policy signed with the new public key. |
| 429 policy_.SetDefaultNewSigningKey(); |
| 430 policy_.policy_data().clear_policy_type(); |
| 431 policy_.Build(); |
| 432 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 433 store_->Store(policy_.policy()); |
| 434 base::RunLoop().RunUntilIdle(); |
| 435 // Still the initial public key is exposed. |
| 436 EXPECT_EQ(initial_public_key, store_->policy_signature_public_key()); |
| 437 |
| 438 // Store the correct policy signed with the new public key. |
| 439 policy_.policy_data().set_policy_type(dm_protocol::kChromeUserPolicyType); |
| 440 policy_.Build(); |
| 441 std::vector<uint8_t> new_public_key; |
| 442 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key)); |
| 443 ASSERT_NO_FATAL_FAILURE( |
| 444 PerformStorePolicy(&new_public_key, kDefaultHomepage, kDefaultHomepage)); |
| 445 EXPECT_EQ(GetPolicyNewPublicKeyAsString(), |
| 446 store_->policy_signature_public_key()); |
| 383 } | 447 } |
| 384 | 448 |
| 385 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { | 449 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { |
| 386 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 450 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 387 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 451 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 388 Mock::VerifyAndClearExpectations(&observer_); | 452 Mock::VerifyAndClearExpectations(&observer_); |
| 389 | 453 |
| 390 // Verify that the policy has been loaded. | 454 // Verify that the policy has been loaded. |
| 391 ASSERT_TRUE(store_->policy()); | 455 ASSERT_TRUE(store_->policy()); |
| 392 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 456 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 393 store_->policy()->SerializeAsString()); | 457 store_->policy()->SerializeAsString()); |
| 394 VerifyPolicyMap(kDefaultHomepage); | 458 VerifyPolicyMap(kDefaultHomepage); |
| 395 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 459 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 460 EXPECT_EQ(GetPolicyPublicKeyAsString(), |
| 461 store_->policy_signature_public_key()); |
| 396 } | 462 } |
| 397 | 463 |
| 398 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { | 464 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
| 399 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 465 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 400 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); | 466 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); |
| 401 Mock::VerifyAndClearExpectations(&observer_); | 467 Mock::VerifyAndClearExpectations(&observer_); |
| 402 | 468 |
| 403 // Verify no policy has been installed. | 469 // Verify no policy has been installed. |
| 404 EXPECT_FALSE(store_->policy()); | 470 EXPECT_FALSE(store_->policy()); |
| 405 EXPECT_TRUE(store_->policy_map().empty()); | 471 EXPECT_TRUE(store_->policy_map().empty()); |
| 406 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 472 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 473 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 407 } | 474 } |
| 408 | 475 |
| 409 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { | 476 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { |
| 410 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); | 477 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); |
| 411 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); | 478 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); |
| 412 | 479 |
| 413 // Verify no policy has been installed. | 480 // Verify no policy has been installed. |
| 414 EXPECT_FALSE(store_->policy()); | 481 EXPECT_FALSE(store_->policy()); |
| 415 EXPECT_TRUE(store_->policy_map().empty()); | 482 EXPECT_TRUE(store_->policy_map().empty()); |
| 416 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 483 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 484 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 417 } | 485 } |
| 418 | 486 |
| 419 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { | 487 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { |
| 420 policy_.policy_data().clear_policy_type(); | 488 policy_.policy_data().clear_policy_type(); |
| 421 policy_.Build(); | 489 policy_.Build(); |
| 422 | 490 |
| 423 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 491 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 424 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 492 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 425 VerifyStoreHasValidationError(); | 493 VerifyStoreHasValidationError(); |
| 494 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 426 } | 495 } |
| 427 | 496 |
| 428 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { | 497 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { |
| 429 // The loaded policy can't be verified without the public key. | 498 // The loaded policy can't be verified without the public key. |
| 430 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); | 499 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); |
| 431 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 500 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 432 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 501 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 433 VerifyStoreHasValidationError(); | 502 VerifyStoreHasValidationError(); |
| 503 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 434 } | 504 } |
| 435 | 505 |
| 436 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { | 506 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { |
| 437 // Break the signature. | 507 // Break the signature. |
| 438 policy_.policy().mutable_policy_data_signature()->append("garbage"); | 508 policy_.policy().mutable_policy_data_signature()->append("garbage"); |
| 439 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); | 509 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| 440 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); | 510 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); |
| 441 VerifyStoreHasValidationError(); | 511 VerifyStoreHasValidationError(); |
| 512 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 442 } | 513 } |
| 443 | 514 |
| 444 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { | 515 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { |
| 445 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 516 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 446 EXPECT_CALL(session_manager_client_, | 517 EXPECT_CALL(session_manager_client_, |
| 447 BlockingRetrievePolicyForUser(cryptohome_id_)) | 518 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 448 .WillOnce(Return(policy_.GetBlob())); | 519 .WillOnce(Return(policy_.GetBlob())); |
| 449 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 520 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 450 .WillOnce(Return(kSanitizedUsername)); | 521 .WillOnce(Return(kSanitizedUsername)); |
| 451 | 522 |
| 452 EXPECT_FALSE(store_->policy()); | 523 EXPECT_FALSE(store_->policy()); |
| 453 store_->LoadImmediately(); | 524 store_->LoadImmediately(); |
| 454 // Note: verify that the |observer_| got notified synchronously, without | 525 // Note: verify that the |observer_| got notified synchronously, without |
| 455 // having to spin the current loop. TearDown() will flush the loop so this | 526 // having to spin the current loop. TearDown() will flush the loop so this |
| 456 // must be done within the test. | 527 // must be done within the test. |
| 457 Mock::VerifyAndClearExpectations(&observer_); | 528 Mock::VerifyAndClearExpectations(&observer_); |
| 458 Mock::VerifyAndClearExpectations(&session_manager_client_); | 529 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 459 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 530 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 460 | 531 |
| 461 // The policy should become available without having to spin any loops. | 532 // The policy should become available without having to spin any loops. |
| 462 ASSERT_TRUE(store_->policy()); | 533 ASSERT_TRUE(store_->policy()); |
| 463 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 534 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 464 store_->policy()->SerializeAsString()); | 535 store_->policy()->SerializeAsString()); |
| 465 VerifyPolicyMap(kDefaultHomepage); | 536 VerifyPolicyMap(kDefaultHomepage); |
| 466 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 537 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 538 EXPECT_EQ(GetPolicyPublicKeyAsString(), |
| 539 store_->policy_signature_public_key()); |
| 467 } | 540 } |
| 468 | 541 |
| 469 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { | 542 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { |
| 470 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); | 543 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); |
| 471 EXPECT_CALL(session_manager_client_, | 544 EXPECT_CALL(session_manager_client_, |
| 472 BlockingRetrievePolicyForUser(cryptohome_id_)) | 545 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 473 .WillOnce(Return("")); | 546 .WillOnce(Return("")); |
| 474 | 547 |
| 475 EXPECT_FALSE(store_->policy()); | 548 EXPECT_FALSE(store_->policy()); |
| 476 store_->LoadImmediately(); | 549 store_->LoadImmediately(); |
| 477 Mock::VerifyAndClearExpectations(&observer_); | 550 Mock::VerifyAndClearExpectations(&observer_); |
| 478 Mock::VerifyAndClearExpectations(&session_manager_client_); | 551 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 479 | 552 |
| 480 EXPECT_FALSE(store_->policy()); | 553 EXPECT_FALSE(store_->policy()); |
| 481 EXPECT_TRUE(store_->policy_map().empty()); | 554 EXPECT_TRUE(store_->policy_map().empty()); |
| 482 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); | 555 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| 556 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 483 } | 557 } |
| 484 | 558 |
| 485 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { | 559 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { |
| 486 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 560 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 487 EXPECT_CALL(session_manager_client_, | 561 EXPECT_CALL(session_manager_client_, |
| 488 BlockingRetrievePolicyForUser(cryptohome_id_)) | 562 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 489 .WillOnce(Return("le blob")); | 563 .WillOnce(Return("le blob")); |
| 490 | 564 |
| 491 EXPECT_FALSE(store_->policy()); | 565 EXPECT_FALSE(store_->policy()); |
| 492 store_->LoadImmediately(); | 566 store_->LoadImmediately(); |
| 493 Mock::VerifyAndClearExpectations(&observer_); | 567 Mock::VerifyAndClearExpectations(&observer_); |
| 494 Mock::VerifyAndClearExpectations(&session_manager_client_); | 568 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 495 | 569 |
| 496 EXPECT_FALSE(store_->policy()); | 570 EXPECT_FALSE(store_->policy()); |
| 497 EXPECT_TRUE(store_->policy_map().empty()); | 571 EXPECT_TRUE(store_->policy_map().empty()); |
| 498 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); | 572 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); |
| 573 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 499 } | 574 } |
| 500 | 575 |
| 501 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { | 576 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { |
| 502 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 577 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 503 EXPECT_CALL(session_manager_client_, | 578 EXPECT_CALL(session_manager_client_, |
| 504 BlockingRetrievePolicyForUser(cryptohome_id_)) | 579 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 505 .WillOnce(Return(policy_.GetBlob())); | 580 .WillOnce(Return(policy_.GetBlob())); |
| 506 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 581 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 507 .WillOnce(Return("")); | 582 .WillOnce(Return("")); |
| 508 | 583 |
| 509 EXPECT_FALSE(store_->policy()); | 584 EXPECT_FALSE(store_->policy()); |
| 510 store_->LoadImmediately(); | 585 store_->LoadImmediately(); |
| 511 Mock::VerifyAndClearExpectations(&observer_); | 586 Mock::VerifyAndClearExpectations(&observer_); |
| 512 Mock::VerifyAndClearExpectations(&session_manager_client_); | 587 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 513 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 588 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 514 | 589 |
| 515 EXPECT_FALSE(store_->policy()); | 590 EXPECT_FALSE(store_->policy()); |
| 516 EXPECT_TRUE(store_->policy_map().empty()); | 591 EXPECT_TRUE(store_->policy_map().empty()); |
| 517 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); | 592 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status()); |
| 593 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 518 } | 594 } |
| 519 | 595 |
| 520 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { | 596 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { |
| 521 EXPECT_CALL(observer_, OnStoreError(store_.get())); | 597 EXPECT_CALL(observer_, OnStoreError(store_.get())); |
| 522 EXPECT_CALL(session_manager_client_, | 598 EXPECT_CALL(session_manager_client_, |
| 523 BlockingRetrievePolicyForUser(cryptohome_id_)) | 599 BlockingRetrievePolicyForUser(cryptohome_id_)) |
| 524 .WillOnce(Return(policy_.GetBlob())); | 600 .WillOnce(Return(policy_.GetBlob())); |
| 525 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) | 601 EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) |
| 526 .WillOnce(Return("wrong@example.com")); | 602 .WillOnce(Return("wrong@example.com")); |
| 527 | 603 |
| 528 EXPECT_FALSE(store_->policy()); | 604 EXPECT_FALSE(store_->policy()); |
| 529 store_->LoadImmediately(); | 605 store_->LoadImmediately(); |
| 530 Mock::VerifyAndClearExpectations(&observer_); | 606 Mock::VerifyAndClearExpectations(&observer_); |
| 531 Mock::VerifyAndClearExpectations(&session_manager_client_); | 607 Mock::VerifyAndClearExpectations(&session_manager_client_); |
| 532 Mock::VerifyAndClearExpectations(&cryptohome_client_); | 608 Mock::VerifyAndClearExpectations(&cryptohome_client_); |
| 533 | 609 |
| 534 EXPECT_FALSE(store_->policy()); | 610 EXPECT_FALSE(store_->policy()); |
| 535 EXPECT_TRUE(store_->policy_map().empty()); | 611 EXPECT_TRUE(store_->policy_map().empty()); |
| 536 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); | 612 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| 613 EXPECT_EQ(std::string(), store_->policy_signature_public_key()); |
| 537 } | 614 } |
| 538 | 615 |
| 539 } // namespace | 616 } // namespace |
| 540 | 617 |
| 541 } // namespace policy | 618 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
