cros: Implement cryptohome backend for pin.

chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api_unittest.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file tests the chromeos.quickUnlockPrivate extension API.
 
 #include "chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.h"
 
 #include <algorithm>
 
 #include "base/bind.h"
 #include "base/memory/ptr_util.h"
+#include "base/stl_util.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "chrome/browser/chromeos/login/quick_unlock/pin_backend.h"
+#include "chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/extension_api_unittest.h"
 #include "chrome/common/pref_names.h"
+#include "chromeos/cryptohome/mock_homedir_methods.h"
+#include "chromeos/cryptohome/system_salt_getter.h"
 #include "chromeos/login/auth/fake_extended_authenticator.h"
+#include "content/public/test/test_utils.h"
 #include "extensions/browser/api_test_utils.h"
 #include "extensions/browser/extension_function_dispatcher.h"
 
 using namespace extensions;
 namespace quick_unlock_private = extensions::api::quick_unlock_private;
 using CredentialCheck = quick_unlock_private::CredentialCheck;
 using CredentialProblem = quick_unlock_private::CredentialProblem;
 using CredentialRequirements = quick_unlock_private::CredentialRequirements;
 using QuickUnlockMode = quick_unlock_private::QuickUnlockMode;
 using QuickUnlockModeList = std::vector<QuickUnlockMode>;
 using CredentialList = std::vector<std::string>;
 
+using ::testing::Invoke;
+using ::testing::WithArgs;
+using ::testing::_;
+
 namespace chromeos {
 namespace {
 
 const char* kTestUserEmail = "testuser@gmail.com";
 const char* kTestUserEmailHash = "testuser@gmail.com-hash";
 const char* kValidPassword = "valid";
 const char* kInvalidPassword = "invalid";
 
 ExtendedAuthenticator* CreateFakeAuthenticator(
     AuthStatusConsumer* auth_status_consumer) {
@@ skipping 16 matching lines @@
   PIN_GOOD = 1 << 0,
   PIN_TOO_SHORT = 1 << 1,
   PIN_TOO_LONG = 1 << 2,
   PIN_WEAK_ERROR = 1 << 3,
   PIN_WEAK_WARNING = 1 << 4,
   PIN_CONTAINS_NONDIGIT = 1 << 5
 };
 
 }  // namespace
 
-class QuickUnlockPrivateUnitTest : public ExtensionApiUnittest {
+class QuickUnlockPrivateUnitTest
+    : public ExtensionApiUnittest,
+      public ::testing::WithParamInterface<quick_unlock::PinStorageType> {
  public:
   QuickUnlockPrivateUnitTest()
       : fake_user_manager_(new FakeChromeUserManager()),
         scoped_user_manager_(fake_user_manager_) {}
 
  protected:
   void SetUp() override {
     ExtensionApiUnittest::SetUp();
 
-    quick_unlock::EnableForTesting(quick_unlock::PinStorageType::kPrefs);
+    quick_unlock::EnableForTesting(GetParam());
+
+    quick_unlock::PinBackend::ResetForTesting();
+    run_loop_ = base::MakeUnique<base::RunLoop>();
+
+    // PinBackend will run cryptohome routines even if we're just using the pref
+    // backend. Make sure it has the globals needed.
+    SystemSaltGetter::Get()->SetRawSaltForTesting({1, 2, 3, 4, 5, 6, 7, 8});
+
+    homedir_methods_ = new cryptohome::MockHomedirMethods();
+    ON_CALL(*homedir_methods_, GetKeyDataEx(_, _, _))
+        .WillByDefault(WithArgs<2>(
+            Invoke(this, &QuickUnlockPrivateUnitTest::DoGetKeyDataCallback)));
+    ON_CALL(*homedir_methods_, AddKeyEx(_, _, _, _, _))
+        .WillByDefault(WithArgs<2, 4>(
+            Invoke(this, &QuickUnlockPrivateUnitTest::DoAddKeyCallback)));
+    ON_CALL(*homedir_methods_, RemoveKeyEx(_, _, _, _))
+        .WillByDefault(WithArgs<2, 3>(
+            Invoke(this, &QuickUnlockPrivateUnitTest::DoRemoveKeyCallback)));
+
+    // InitializeForTesting takes ownership over |homedir_methods_|.
+    cryptohome::HomedirMethods::InitializeForTesting(homedir_methods_);
 
     // Setup a primary user.
     auto test_account = AccountId::FromUserEmail(kTestUserEmail);
     fake_user_manager_->AddUser(test_account);
     fake_user_manager_->UserLoggedIn(test_account, kTestUserEmailHash, false);
+    chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting(
+        fake_user_manager_->GetPrimaryUser(), GetProfile());
 
+    modes_changed_handler_ = base::Bind(&DoNothing);
     // Ensure that quick unlock is turned off.
     SetModes(QuickUnlockModeList{}, CredentialList{});
+  }
 
-    modes_changed_handler_ = base::Bind(&DoNothing);
+  void TearDown() override {
+    PumpRunLoop();
+    run_loop_.reset();
+
+    homedir_methods_ = nullptr;
+    fake_user_manager_ = nullptr;
+
+    ExtensionApiUnittest::TearDown();
+    cryptohome::HomedirMethods::Shutdown();
+  }
+
+  // Executes all pending tasks.
+  void PumpRunLoop() {
+    base::ThreadTaskRunnerHandle::Get()->PostTask(
+        FROM_HERE, run_loop_->QuitWhenIdleClosure());
+    run_loop_->Run();
+    run_loop_ = base::MakeUnique<base::RunLoop>();
   }
 
   // If a mode change event is raised, fail the test.
   void FailIfModesChanged() {
     modes_changed_handler_ = base::Bind(&FailIfCalled);
   }
 
   // If a mode change event is raised, expect the given |modes|.
   void ExpectModesChanged(const QuickUnlockModeList& modes) {
     modes_changed_handler_ =
@@ skipping 166 matching lines @@
     return api_test_utils::RunFunctionAndReturnError(func, args, profile());
   }
 
   // Returns true if |password| is correct. This calls into SetModes to do so.
   // This will turn off any active quick unlock modes.
   bool CheckPassword(const std::string& password) {
     return SetModesUsingPassword(password, QuickUnlockModeList{},
                                  CredentialList{});
   }
 
+  // Returns if the pin is set in the backend.
+  bool IsPinSetInBackend() {
+    const AccountId account_id = AccountId::FromUserEmail(kTestUserEmail);
+
+    bool is_set = false;
+    quick_unlock::PinBackend::IsSet(
+        account_id,
+        base::Bind([](bool* result, bool is_set) { *result = is_set; },
+                   &is_set));
+
+    PumpRunLoop();
+
+    return is_set;
+  }
+
  private:
   // Runs the given |func| with the given |params|.
   std::unique_ptr<base::Value> RunFunction(
       scoped_refptr<UIThreadExtensionFunction> func,
       std::unique_ptr<base::ListValue> params) {
-    return std::unique_ptr<base::Value>(
+    PumpRunLoop();
+    auto result = std::unique_ptr<base::Value>(
         api_test_utils::RunFunctionWithDelegateAndReturnSingleResult(
             func, std::move(params), profile(),
             base::MakeUnique<ExtensionFunctionDispatcher>(profile()),
             api_test_utils::NONE));
+    PumpRunLoop();
+    return result;
   }
 
   // Verifies a mode change event is raised and that |expected| is now the
   // active set of quick unlock modes.
   void ExpectModeList(const QuickUnlockModeList& expected,
                       const QuickUnlockModeList& actual) {
     EXPECT_EQ(expected, actual);
     expect_modes_changed_ = false;
   }
 
-  FakeChromeUserManager* fake_user_manager_;
+  // Methods used to setup the mock homedir methods instance.
+  void DoGetKeyDataCallback(
+      const cryptohome::HomedirMethods::GetKeyDataCallback& callback) {
+    callback.Run(true, cryptohome::MountError::MOUNT_ERROR_NONE, keys_);
+  }
+
+  void DoAddKeyCallback(const cryptohome::KeyDefinition& key,
+                        const cryptohome::HomedirMethods::Callback& callback) {
+    keys_.push_back(key);
+    callback.Run(true, cryptohome::MountError::MOUNT_ERROR_NONE);
+  }
+
+  void DoRemoveKeyCallback(
+      const std::string& label,
+      const cryptohome::HomedirMethods::Callback& callback) {
+    base::EraseIf(keys_, [&label](const cryptohome::KeyDefinition& key) {
+      return key.label == label;
+    });
+    callback.Run(true, cryptohome::MountError::MOUNT_ERROR_NONE);
+  }
+
+  // Run loop that collects all pending tasks. Use |PumpRunLoop| to run them.
+  std::unique_ptr<base::RunLoop> run_loop_;
+
+  // Keys registered on cryptohome.
+  std::vector<cryptohome::KeyDefinition> keys_;
+
+  cryptohome::MockHomedirMethods* homedir_methods_ = nullptr;  // Unowned
+  FakeChromeUserManager* fake_user_manager_ = nullptr;
   ScopedUserManagerEnabler scoped_user_manager_;
   QuickUnlockPrivateSetModesFunction::ModesChangedEventHandler
       modes_changed_handler_;
   bool expect_modes_changed_ = false;
 
   DISALLOW_COPY_AND_ASSIGN(QuickUnlockPrivateUnitTest);
 };
 
 // Verify that password checking works.
-TEST_F(QuickUnlockPrivateUnitTest, CheckPassword) {
+TEST_P(QuickUnlockPrivateUnitTest, CheckPassword) {
   EXPECT_TRUE(CheckPassword(kValidPassword));
   EXPECT_FALSE(CheckPassword(kInvalidPassword));
 }
 
 // Verifies that this returns PIN for GetAvailableModes.
-TEST_F(QuickUnlockPrivateUnitTest, GetAvailableModes) {
+TEST_P(QuickUnlockPrivateUnitTest, GetAvailableModes) {
   EXPECT_EQ(GetAvailableModes(),
             QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN});
 }
 
 // Verifies that an invalid password cannot be used to update the mode list.
-TEST_F(QuickUnlockPrivateUnitTest, SetModesFailsWithInvalidPassword) {
+TEST_P(QuickUnlockPrivateUnitTest, SetModesFailsWithInvalidPassword) {
   // Verify there is no active mode.
   EXPECT_EQ(GetActiveModes(), QuickUnlockModeList{});
 
   // Try to enable PIN, but use an invalid password. Verify that no event is
   // raised and GetActiveModes still returns an empty set.
   FailIfModesChanged();
   EXPECT_FALSE(SetModesUsingPassword(
       kInvalidPassword,
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN}, {"111111"}));
   EXPECT_EQ(GetActiveModes(), QuickUnlockModeList{});
 }
 
 // Verifies that the quickUnlockPrivate.onActiveModesChanged is only raised when
 // the active set of modes changes.
-TEST_F(QuickUnlockPrivateUnitTest, ModeChangeEventOnlyRaisedWhenModesChange) {
+TEST_P(QuickUnlockPrivateUnitTest, ModeChangeEventOnlyRaisedWhenModesChange) {
   // Make sure quick unlock is turned off, and then verify that turning it off
   // again does not trigger an event.
   EXPECT_TRUE(SetModes(QuickUnlockModeList{}, CredentialList{}));
   FailIfModesChanged();
   EXPECT_TRUE(SetModes(QuickUnlockModeList{}, CredentialList{}));
 
   // Turn on PIN unlock, and then verify turning it on again and also changing
   // the password does not trigger an event.
   ExpectModesChanged(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN});
   EXPECT_TRUE(SetModes(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN}, {"111111"}));
   FailIfModesChanged();
   EXPECT_TRUE(SetModes(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN}, {"222222"}));
   EXPECT_TRUE(SetModes(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN}, {""}));
 }
 
 // Ensures that quick unlock can be enabled and disabled by checking the result
 // of quickUnlockPrivate.GetActiveModes and PinStorage::IsPinSet.
-TEST_F(QuickUnlockPrivateUnitTest, SetModesAndGetActiveModes) {
-  quick_unlock::QuickUnlockStorage* quick_unlock_storage =
-      quick_unlock::QuickUnlockFactory::GetForProfile(profile());
-
+TEST_P(QuickUnlockPrivateUnitTest, SetModesAndGetActiveModes) {
   // Update mode to PIN raises an event and updates GetActiveModes.
   ExpectModesChanged(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN});
   EXPECT_TRUE(SetModes(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN}, {"111111"}));
   EXPECT_EQ(GetActiveModes(),
             QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN});
-  EXPECT_TRUE(quick_unlock_storage->pin_storage()->IsPinSet());
+  EXPECT_TRUE(IsPinSetInBackend());
 
   // SetModes can be used to turn off a quick unlock mode.
   ExpectModesChanged(QuickUnlockModeList{});
   EXPECT_TRUE(SetModes(QuickUnlockModeList{}, CredentialList{}));
   EXPECT_EQ(GetActiveModes(), QuickUnlockModeList{});
-  EXPECT_FALSE(quick_unlock_storage->pin_storage()->IsPinSet());
+  EXPECT_FALSE(IsPinSetInBackend());
 }
 
 // Verifies that enabling PIN quick unlock actually talks to the PIN subsystem.
-TEST_F(QuickUnlockPrivateUnitTest, VerifyAuthenticationAgainstPIN) {
+TEST_P(QuickUnlockPrivateUnitTest, VerifyAuthenticationAgainstPIN) {
+  // Cryptohome authentication does not go through PinBackend at the moment and
+  // cannot be easily tested.
+  if (GetParam() == quick_unlock::PinStorageType::kCryptohome)
+    return;
+
   quick_unlock::QuickUnlockStorage* quick_unlock_storage =
       quick_unlock::QuickUnlockFactory::GetForProfile(profile());
+  quick_unlock::PinStoragePrefs* pin_storage =
+      quick_unlock_storage->pin_storage_prefs();
 
   EXPECT_TRUE(SetModes(QuickUnlockModeList{}, CredentialList{}));
-  EXPECT_FALSE(quick_unlock_storage->pin_storage()->IsPinSet());
+  EXPECT_FALSE(IsPinSetInBackend());
 
   EXPECT_TRUE(SetModes(
       QuickUnlockModeList{QuickUnlockMode::QUICK_UNLOCK_MODE_PIN}, {"111111"}));
-  EXPECT_TRUE(quick_unlock_storage->pin_storage()->IsPinSet());
+  EXPECT_TRUE(IsPinSetInBackend());
 
   quick_unlock_storage->MarkStrongAuth();
-  quick_unlock_storage->pin_storage()->ResetUnlockAttemptCount();
-  EXPECT_TRUE(quick_unlock_storage->TryAuthenticatePin("111111"));
-  EXPECT_FALSE(quick_unlock_storage->TryAuthenticatePin("000000"));
+  pin_storage->ResetUnlockAttemptCount();
+  EXPECT_TRUE(pin_storage->TryAuthenticatePin("111111"));
+  EXPECT_FALSE(pin_storage->TryAuthenticatePin("000000"));
 }
 
 // Verifies that the number of modes and the number of passwords given must be
 // the same.
-TEST_F(QuickUnlockPrivateUnitTest, ThrowErrorOnMismatchedParameterCount) {
+TEST_P(QuickUnlockPrivateUnitTest, ThrowErrorOnMismatchedParameterCount) {
   EXPECT_FALSE(SetModesWithError("[\"valid\", [\"PIN\"], []]").empty());
   EXPECT_FALSE(SetModesWithError("[\"valid\", [], [\"11\"]]").empty());
 }
 
 // Validates PIN error checking in conjuction with policy-related prefs.
-TEST_F(QuickUnlockPrivateUnitTest, CheckCredentialProblemReporting) {
+TEST_P(QuickUnlockPrivateUnitTest, CheckCredentialProblemReporting) {
   PrefService* pref_service = profile()->GetPrefs();
 
   // Verify the pin checks work with the default preferences which are minimum
   // length of 6, maximum length of 0 (no maximum) and no easy to guess check.
   CheckPin(PIN_GOOD, "111112");
   CheckPin(PIN_GOOD, "1111112");
   CheckPin(PIN_GOOD, "1111111111111112");
   CheckPin(PIN_WEAK_WARNING, "111111");
   CheckPin(PIN_TOO_SHORT, "1");
   CheckPin(PIN_TOO_SHORT, "11");
@@ skipping 51 matching lines @@
   CheckPin(PIN_WEAK_ERROR, "3210");
   CheckPin(PIN_WEAK_ERROR, "987654");
   // Too common.
   CheckPin(PIN_WEAK_ERROR, "1212");
 
   // Verify that if a PIN has more than one error, both are returned.
   CheckPin(PIN_TOO_SHORT | PIN_WEAK_ERROR, "111");
   CheckPin(PIN_TOO_SHORT | PIN_WEAK_ERROR, "234");
 }
 
-TEST_F(QuickUnlockPrivateUnitTest, GetCredentialRequirements) {
+TEST_P(QuickUnlockPrivateUnitTest, GetCredentialRequirements) {
   PrefService* pref_service = profile()->GetPrefs();
 
   // Verify that trying out PINs under the minimum/maximum lengths will send the
   // minimum/maximum lengths as additional information for display purposes.
   pref_service->SetInteger(prefs::kPinUnlockMinimumLength, 6);
   pref_service->SetInteger(prefs::kPinUnlockMaximumLength, 8);
   CheckGetCredentialRequirements(6, 8);
 
   // Verify that by setting a maximum length to be nonzero and smaller than the
   // minimum length, the resulting maxium length will be equal to the minimum
   // length pref.
   pref_service->SetInteger(prefs::kPinUnlockMaximumLength, 4);
   CheckGetCredentialRequirements(6, 6);
 
   // Verify that the values received from policy are sanitized.
   pref_service->SetInteger(prefs::kPinUnlockMinimumLength, -3);
   pref_service->SetInteger(prefs::kPinUnlockMaximumLength, -3);
   CheckGetCredentialRequirements(1, 0);
 }
+
+INSTANTIATE_TEST_CASE_P(
+    StorageProviders,
+    QuickUnlockPrivateUnitTest,
+    ::testing::Values(quick_unlock::PinStorageType::kPrefs,
+                      quick_unlock::PinStorageType::kCryptohome));
+
 }  // namespace chromeos