| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/base64url.h" | 7 #include "base/base64url.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
| 11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
| 13 #include "base/run_loop.h" | 13 #include "base/run_loop.h" |
| 14 #include "build/build_config.h" | 14 #include "build/build_config.h" |
| 15 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
| 16 #include "chrome/browser/extensions/extension_browsertest.h" | 16 #include "chrome/browser/extensions/extension_browsertest.h" |
| 17 #include "chrome/browser/policy/profile_policy_connector.h" | 17 #include "chrome/browser/policy/profile_policy_connector.h" |
| 18 #include "chrome/browser/policy/profile_policy_connector_factory.h" | 18 #include "chrome/browser/policy/profile_policy_connector_factory.h" |
| 19 #include "chrome/browser/policy/test/local_policy_test_server.h" | 19 #include "chrome/browser/policy/test/local_policy_test_server.h" |
| 20 #include "chrome/browser/profiles/profile.h" | 20 #include "chrome/browser/profiles/profile.h" |
| 21 #include "chrome/browser/ui/browser.h" | 21 #include "chrome/browser/ui/browser.h" |
| 22 #include "chrome/common/chrome_paths.h" | 22 #include "chrome/common/chrome_paths.h" |
| 23 #include "components/policy/core/browser/browser_policy_connector.h" | 23 #include "components/policy/core/browser/browser_policy_connector.h" |
| 24 #include "components/policy/core/common/cloud/cloud_policy_client.h" |
| 24 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 25 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 25 #include "components/policy/core/common/cloud/mock_cloud_policy_client.h" | 26 #include "components/policy/core/common/cloud/mock_cloud_policy_client.h" |
| 26 #include "components/policy/core/common/cloud/policy_builder.h" | 27 #include "components/policy/core/common/cloud/policy_builder.h" |
| 27 #include "components/policy/core/common/policy_service.h" | 28 #include "components/policy/core/common/policy_service.h" |
| 28 #include "components/policy/core/common/policy_switches.h" | 29 #include "components/policy/core/common/policy_switches.h" |
| 29 #include "components/policy/core/common/policy_test_utils.h" | 30 #include "components/policy/core/common/policy_test_utils.h" |
| 30 #include "components/policy/proto/chrome_extension_policy.pb.h" | 31 #include "components/policy/proto/chrome_extension_policy.pb.h" |
| 31 #include "components/policy/proto/cloud_policy.pb.h" | 32 #include "components/policy/proto/cloud_policy.pb.h" |
| 33 #include "components/policy/proto/device_management_backend.pb.h" |
| 32 #include "extensions/common/extension.h" | 34 #include "extensions/common/extension.h" |
| 33 #include "extensions/test/extension_test_message_listener.h" | 35 #include "extensions/test/extension_test_message_listener.h" |
| 34 #include "net/url_request/url_request_context_getter.h" | 36 #include "net/url_request/url_request_context_getter.h" |
| 35 #include "testing/gmock/include/gmock/gmock.h" | 37 #include "testing/gmock/include/gmock/gmock.h" |
| 36 #include "testing/gtest/include/gtest/gtest.h" | 38 #include "testing/gtest/include/gtest/gtest.h" |
| 37 | 39 |
| 38 #if defined(OS_CHROMEOS) | 40 #if defined(OS_CHROMEOS) |
| 39 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" | 41 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" |
| 40 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chrom
eos.h" | 42 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chrom
eos.h" |
| 41 #include "chromeos/chromeos_switches.h" | 43 #include "chromeos/chromeos_switches.h" |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 177 SigninManager* signin_manager = | 179 SigninManager* signin_manager = |
| 178 SigninManagerFactory::GetForProfile(browser()->profile()); | 180 SigninManagerFactory::GetForProfile(browser()->profile()); |
| 179 ASSERT_TRUE(signin_manager); | 181 ASSERT_TRUE(signin_manager); |
| 180 signin_manager->SetAuthenticatedAccountInfo("12345", | 182 signin_manager->SetAuthenticatedAccountInfo("12345", |
| 181 PolicyBuilder::kFakeUsername); | 183 PolicyBuilder::kFakeUsername); |
| 182 | 184 |
| 183 UserCloudPolicyManager* policy_manager = | 185 UserCloudPolicyManager* policy_manager = |
| 184 UserCloudPolicyManagerFactory::GetForBrowserContext( | 186 UserCloudPolicyManagerFactory::GetForBrowserContext( |
| 185 browser()->profile()); | 187 browser()->profile()); |
| 186 ASSERT_TRUE(policy_manager); | 188 ASSERT_TRUE(policy_manager); |
| 189 policy_manager->SetSigninUsername(PolicyBuilder::kFakeUsername); |
| 187 policy_manager->Connect(g_browser_process->local_state(), | 190 policy_manager->Connect(g_browser_process->local_state(), |
| 188 g_browser_process->system_request_context(), | 191 g_browser_process->system_request_context(), |
| 189 UserCloudPolicyManager::CreateCloudPolicyClient( | 192 UserCloudPolicyManager::CreateCloudPolicyClient( |
| 190 connector->device_management_service(), | 193 connector->device_management_service(), |
| 191 g_browser_process->system_request_context())); | 194 g_browser_process->system_request_context())); |
| 192 #endif // defined(OS_CHROMEOS) | 195 #endif // defined(OS_CHROMEOS) |
| 193 | 196 |
| 194 // Register the cloud policy client. | 197 // Register the cloud policy client. |
| 195 ASSERT_TRUE(policy_manager->core()->client()); | 198 client_ = policy_manager->core()->client(); |
| 199 ASSERT_TRUE(client_); |
| 196 base::RunLoop run_loop; | 200 base::RunLoop run_loop; |
| 197 MockCloudPolicyClientObserver observer; | 201 MockCloudPolicyClientObserver observer; |
| 198 EXPECT_CALL(observer, OnRegistrationStateChanged(_)) | 202 EXPECT_CALL(observer, OnRegistrationStateChanged(_)) |
| 199 .WillOnce(InvokeWithoutArgs(&run_loop, &base::RunLoop::Quit)); | 203 .WillOnce(InvokeWithoutArgs(&run_loop, &base::RunLoop::Quit)); |
| 200 policy_manager->core()->client()->AddObserver(&observer); | 204 client_->AddObserver(&observer); |
| 201 policy_manager->core()->client()->SetupRegistration(kDMToken, kDeviceID); | 205 client_->SetupRegistration(kDMToken, kDeviceID); |
| 202 run_loop.Run(); | 206 run_loop.Run(); |
| 203 Mock::VerifyAndClearExpectations(&observer); | 207 Mock::VerifyAndClearExpectations(&observer); |
| 204 policy_manager->core()->client()->RemoveObserver(&observer); | 208 client_->RemoveObserver(&observer); |
| 205 } | 209 } |
| 206 | 210 |
| 207 #if !defined(OS_CHROMEOS) | 211 #if !defined(OS_CHROMEOS) |
| 208 void SignOut() { | 212 void SignOut() { |
| 209 SigninManager* signin_manager = | 213 SigninManager* signin_manager = |
| 210 SigninManagerFactory::GetForProfile(browser()->profile()); | 214 SigninManagerFactory::GetForProfile(browser()->profile()); |
| 211 ASSERT_TRUE(signin_manager); | 215 ASSERT_TRUE(signin_manager); |
| 212 signin_manager->SignOut(signin_metrics::SIGNOUT_TEST, | 216 signin_manager->SignOut(signin_metrics::SIGNOUT_TEST, |
| 213 signin_metrics::SignoutDelete::IGNORE_METRIC); | 217 signin_metrics::SignoutDelete::IGNORE_METRIC); |
| 214 } | 218 } |
| 215 #endif | 219 #endif |
| 216 | 220 |
| 217 void RefreshPolicies() { | 221 void RefreshPolicies() { |
| 218 ProfilePolicyConnector* profile_connector = | 222 ProfilePolicyConnector* profile_connector = |
| 219 ProfilePolicyConnectorFactory::GetForBrowserContext( | 223 ProfilePolicyConnectorFactory::GetForBrowserContext( |
| 220 browser()->profile()); | 224 browser()->profile()); |
| 221 PolicyService* policy_service = profile_connector->policy_service(); | 225 PolicyService* policy_service = profile_connector->policy_service(); |
| 222 base::RunLoop run_loop; | 226 base::RunLoop run_loop; |
| 223 policy_service->RefreshPolicies(run_loop.QuitClosure()); | 227 policy_service->RefreshPolicies(run_loop.QuitClosure()); |
| 224 run_loop.Run(); | 228 run_loop.Run(); |
| 225 } | 229 } |
| 226 | 230 |
| 227 LocalPolicyTestServer test_server_; | 231 LocalPolicyTestServer test_server_; |
| 228 scoped_refptr<const extensions::Extension> extension_; | 232 scoped_refptr<const extensions::Extension> extension_; |
| 229 std::unique_ptr<ExtensionTestMessageListener> event_listener_; | 233 std::unique_ptr<ExtensionTestMessageListener> event_listener_; |
| 234 CloudPolicyClient* client_ = nullptr; |
| 230 }; | 235 }; |
| 231 | 236 |
| 232 IN_PROC_BROWSER_TEST_F(ComponentCloudPolicyTest, FetchExtensionPolicy) { | 237 IN_PROC_BROWSER_TEST_F(ComponentCloudPolicyTest, FetchExtensionPolicy) { |
| 233 // Read the initial policy. | 238 // Read the initial policy. |
| 234 ExtensionTestMessageListener policy_listener(kTestPolicyJSON, false); | 239 ExtensionTestMessageListener policy_listener(kTestPolicyJSON, false); |
| 235 event_listener_->Reply("get-policy-Name"); | 240 event_listener_->Reply("get-policy-Name"); |
| 236 EXPECT_TRUE(policy_listener.WaitUntilSatisfied()); | 241 EXPECT_TRUE(policy_listener.WaitUntilSatisfied()); |
| 237 } | 242 } |
| 238 | 243 |
| 239 IN_PROC_BROWSER_TEST_F(ComponentCloudPolicyTest, UpdateExtensionPolicy) { | 244 IN_PROC_BROWSER_TEST_F(ComponentCloudPolicyTest, UpdateExtensionPolicy) { |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 // The extension got updated policy; verify it. | 346 // The extension got updated policy; verify it. |
| 342 ExtensionTestMessageListener signin_policy_listener(kTestPolicyJSON, false); | 347 ExtensionTestMessageListener signin_policy_listener(kTestPolicyJSON, false); |
| 343 event_listener2.Reply("get-policy-Name"); | 348 event_listener2.Reply("get-policy-Name"); |
| 344 EXPECT_TRUE(signin_policy_listener.WaitUntilSatisfied()); | 349 EXPECT_TRUE(signin_policy_listener.WaitUntilSatisfied()); |
| 345 | 350 |
| 346 // And the cache is back. | 351 // And the cache is back. |
| 347 EXPECT_TRUE(base::PathExists(cache_path)); | 352 EXPECT_TRUE(base::PathExists(cache_path)); |
| 348 } | 353 } |
| 349 #endif | 354 #endif |
| 350 | 355 |
| 356 // Test of the component cloud policy when the policy test server is configured |
| 357 // to perform the signing key rotation for each policy fetch. |
| 358 class KeyRotationComponentCloudPolicyTest : public ComponentCloudPolicyTest { |
| 359 protected: |
| 360 void SetUpInProcessBrowserTestFixture() override { |
| 361 test_server_.EnableAutomaticRotationOfSigningKeys(); |
| 362 ComponentCloudPolicyTest::SetUpInProcessBrowserTestFixture(); |
| 363 } |
| 364 |
| 365 int GetFetchedPolicyPublicKeyVersion(const std::string& extension_id) { |
| 366 const em::PolicyFetchResponse* fetched_policy = client_->GetPolicyFor( |
| 367 dm_protocol::kChromeExtensionPolicyType, extension_id); |
| 368 if (!fetched_policy || !fetched_policy->has_policy_data()) |
| 369 return -1; |
| 370 em::PolicyData policy_data; |
| 371 if (!policy_data.ParseFromString(fetched_policy->policy_data()) || |
| 372 !policy_data.has_public_key_version()) |
| 373 return -1; |
| 374 return policy_data.public_key_version(); |
| 375 } |
| 376 }; |
| 377 |
| 378 IN_PROC_BROWSER_TEST_F(KeyRotationComponentCloudPolicyTest, Basic) { |
| 379 // Read the initial policy. |
| 380 ExtensionTestMessageListener policy_listener(kTestPolicyJSON, true); |
| 381 event_listener_->Reply("get-policy-Name"); |
| 382 EXPECT_TRUE(policy_listener.WaitUntilSatisfied()); |
| 383 const int public_key_version = |
| 384 GetFetchedPolicyPublicKeyVersion(kTestExtension); |
| 385 EXPECT_NE(-1, public_key_version); |
| 386 |
| 387 // Update the policy at the server and reload the policy, causing also the key |
| 388 // rotation to be performed by the policy test server. |
| 389 event_listener_.reset(new ExtensionTestMessageListener("event", true)); |
| 390 policy_listener.Reply("idle"); |
| 391 EXPECT_TRUE(test_server_.UpdatePolicyData( |
| 392 dm_protocol::kChromeExtensionPolicyType, kTestExtension, kTestPolicy2)); |
| 393 RefreshPolicies(); |
| 394 |
| 395 // Check that the update event was received, and verify that the policy has |
| 396 // the new value and that the key rotation happened. |
| 397 EXPECT_TRUE(event_listener_->WaitUntilSatisfied()); |
| 398 const int new_public_key_version = |
| 399 GetFetchedPolicyPublicKeyVersion(kTestExtension); |
| 400 EXPECT_LT(public_key_version, new_public_key_version); |
| 401 |
| 402 ExtensionTestMessageListener policy_listener1("{}", true); |
| 403 event_listener_->Reply("get-policy-Name"); |
| 404 EXPECT_TRUE(policy_listener1.WaitUntilSatisfied()); |
| 405 |
| 406 ExtensionTestMessageListener policy_listener2(kTestPolicy2JSON, false); |
| 407 policy_listener1.Reply("get-policy-Another"); |
| 408 EXPECT_TRUE(policy_listener2.WaitUntilSatisfied()); |
| 409 } |
| 410 |
| 351 } // namespace policy | 411 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2493603002:
Implement component cloud policy signature validation (Closed)
