Expose signing key from cloud policy stores

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc
index bad7097c7f61b304a1c263df039154e5ec048642..2e0225e91e73e719aa7483da089b998bbb551155 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc
@@ -7,6 +7,7 @@
 #include <stdint.h>
 
 #include <memory>
+#include <string>
 #include <vector>
 
 #include "base/bind.h"
@@ -29,6 +30,7 @@
 #include "components/policy/policy_constants.h"
 #include "components/policy/proto/cloud_policy.pb.h"
 #include "components/policy/proto/device_management_local.pb.h"
+#include "crypto/rsa_private_key.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -199,6 +201,24 @@ class UserCloudPolicyStoreChromeOSTest : public testing::Test {
     EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
   }
 
+  static std::string ConvertPublicKeyToString(
+      const std::vector<uint8_t>& public_key) {
+    return std::string(reinterpret_cast<const char*>(public_key.data()),
+                       public_key.size());
+  }
+
+  std::string GetPolicyPublicKeyAsString() {
+    std::vector<uint8_t> public_key;
+    EXPECT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
+    return ConvertPublicKeyToString(public_key);
+  }
+
+  std::string GetPolicyNewPublicKeyAsString() {
+    std::vector<uint8_t> new_public_key;
+    EXPECT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
+    return ConvertPublicKeyToString(new_public_key);
+  }
+
   base::FilePath user_policy_dir() {
     return tmp_dir_.GetPath().AppendASCII("var_run_user_policy");
   }
@@ -243,6 +263,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) {
   ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
   ASSERT_NO_FATAL_FAILURE(
       PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
+  EXPECT_EQ(ConvertPublicKeyToString(new_public_key), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) {
@@ -260,6 +281,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) {
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) {
@@ -276,11 +298,13 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) {
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) {
   ASSERT_NO_FATAL_FAILURE(
       PerformStorePolicy(NULL, NULL, kDefaultHomepage));
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
@@ -291,6 +315,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
   ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
   ASSERT_NO_FATAL_FAILURE(
       PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
+  EXPECT_EQ(ConvertPublicKeyToString(new_public_key), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest,
@@ -306,6 +331,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest,
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) {
@@ -321,6 +347,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) {
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
@@ -341,6 +368,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status());
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
@@ -356,6 +384,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
@@ -375,6 +404,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
@@ -390,6 +420,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
   store_->Store(policy_.policy());
   base::RunLoop().RunUntilIdle();
   Mock::VerifyAndClearExpectations(&session_manager_client_);
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
@@ -403,6 +434,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
             store_->policy()->SerializeAsString());
   VerifyPolicyMap(kDefaultHomepage);
   EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
@@ -414,6 +446,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) {
@@ -424,6 +457,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) {
@@ -433,6 +467,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) {
   ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
   ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
   VerifyStoreHasValidationError();
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
@@ -441,6 +476,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
   ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
   ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
   VerifyStoreHasValidationError();
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
@@ -449,6 +485,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
   ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
   ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
   VerifyStoreHasValidationError();
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) {
@@ -596,6 +633,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) {
             store_->policy()->SerializeAsString());
   VerifyPolicyMap(kDefaultHomepage);
   EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
+  EXPECT_EQ(GetPolicyPublicKeyAsString(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) {
@@ -612,6 +650,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) {
@@ -628,6 +667,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) {
@@ -647,6 +687,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status());
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) {
@@ -666,6 +707,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) {
   EXPECT_FALSE(store_->policy());
   EXPECT_TRUE(store_->policy_map().empty());
   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
+  EXPECT_EQ(std::string(), store_->public_key());
 }
 
 }  // namespace