OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cryptohi.h> | 5 #include <cryptohi.h> |
6 | 6 |
7 #include "base/macros.h" | 7 #include "base/macros.h" |
8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
9 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" | 9 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" |
10 #include "chrome/browser/extensions/extension_apitest.h" | 10 #include "chrome/browser/extensions/extension_apitest.h" |
11 #include "chrome/browser/extensions/extension_service.h" | 11 #include "chrome/browser/extensions/extension_service.h" |
12 #include "chrome/browser/net/nss_context.h" | 12 #include "chrome/browser/net/cert_database_service_factory.h" |
13 #include "chrome/browser/net/url_request_mock_util.h" | 13 #include "chrome/browser/net/url_request_mock_util.h" |
14 #include "chromeos/chromeos_switches.h" | 14 #include "chromeos/chromeos_switches.h" |
15 #include "chromeos/login/user_names.h" | 15 #include "chromeos/login/user_names.h" |
| 16 #include "chromeos/tpm_token_loader.h" |
| 17 #include "components/cert_database/cert_database_service.h" |
16 #include "components/policy/core/browser/browser_policy_connector.h" | 18 #include "components/policy/core/browser/browser_policy_connector.h" |
17 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 19 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
18 #include "components/policy/core/common/policy_map.h" | 20 #include "components/policy/core/common/policy_map.h" |
19 #include "content/public/browser/notification_service.h" | 21 #include "content/public/browser/notification_service.h" |
20 #include "content/public/common/content_switches.h" | 22 #include "content/public/common/content_switches.h" |
21 #include "content/public/test/test_utils.h" | 23 #include "content/public/test/test_utils.h" |
22 #include "crypto/nss_util_internal.h" | 24 #include "crypto/nss_util_internal.h" |
23 #include "crypto/scoped_test_system_nss_key_slot.h" | 25 #include "crypto/scoped_test_system_nss_key_slot.h" |
24 #include "extensions/browser/notification_types.h" | 26 #include "extensions/browser/notification_types.h" |
25 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
159 | 161 |
160 SystemToken system_token_; | 162 SystemToken system_token_; |
161 DeviceStatus device_status_; | 163 DeviceStatus device_status_; |
162 UserAffiliation user_affiliation_; | 164 UserAffiliation user_affiliation_; |
163 }; | 165 }; |
164 | 166 |
165 class EnterprisePlatformKeysTest | 167 class EnterprisePlatformKeysTest |
166 : public ExtensionApiTest, | 168 : public ExtensionApiTest, |
167 public ::testing::WithParamInterface<Params> { | 169 public ::testing::WithParamInterface<Params> { |
168 public: | 170 public: |
169 EnterprisePlatformKeysTest() {} | 171 EnterprisePlatformKeysTest() { |
| 172 chromeos::TPMTokenLoader::InitializeForTest(); |
| 173 } |
170 | 174 |
171 virtual void SetUpCommandLine(CommandLine* command_line) override { | 175 virtual void SetUpCommandLine(CommandLine* command_line) override { |
172 ExtensionApiTest::SetUpCommandLine(command_line); | 176 ExtensionApiTest::SetUpCommandLine(command_line); |
173 | 177 |
174 // Enable the WebCrypto API. | 178 // Enable the WebCrypto API. |
175 command_line->AppendSwitch( | 179 command_line->AppendSwitch( |
176 switches::kEnableExperimentalWebPlatformFeatures); | 180 switches::kEnableExperimentalWebPlatformFeatures); |
177 | 181 |
178 std::string user_email = "someuser@anydomain.com"; | 182 std::string user_email = "someuser@anydomain.com"; |
179 | 183 |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
220 | 224 |
221 // Enable the URLRequestMock, which is required for force-installing the | 225 // Enable the URLRequestMock, which is required for force-installing the |
222 // test extension through policy. | 226 // test extension through policy. |
223 content::BrowserThread::PostTask( | 227 content::BrowserThread::PostTask( |
224 content::BrowserThread::IO, | 228 content::BrowserThread::IO, |
225 FROM_HERE, | 229 FROM_HERE, |
226 base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true)); | 230 base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true)); |
227 | 231 |
228 { | 232 { |
229 base::RunLoop loop; | 233 base::RunLoop loop; |
230 GetNSSCertDatabaseForProfile( | 234 cert_database::CertDatabaseService* cert_service = |
231 browser()->profile(), | 235 cert_database::CertDatabaseServiceFactory::GetForBrowserContext( |
232 base::Bind(&EnterprisePlatformKeysTest::DidGetCertDatabase, | 236 browser()->profile()); |
233 base::Unretained(this), | 237 EXPECT_TRUE(cert_service); |
234 loop.QuitClosure())); | 238 cert_service->GetNSSCertDatabase( |
| 239 base::Bind(&EnterprisePlatformKeysTest::DidGetCertDatabase, |
| 240 base::Unretained(this), loop.QuitClosure())); |
235 loop.Run(); | 241 loop.Run(); |
236 } | 242 } |
237 | 243 |
238 SetPolicy(); | 244 SetPolicy(); |
239 } | 245 } |
240 | 246 |
241 virtual void TearDownOnMainThread() override { | 247 virtual void TearDownOnMainThread() override { |
242 ExtensionApiTest::TearDownOnMainThread(); | 248 ExtensionApiTest::TearDownOnMainThread(); |
243 | 249 |
244 if (GetParam().system_token_ == SYSTEM_TOKEN_EXISTS) { | 250 if (GetParam().system_token_ == SYSTEM_TOKEN_EXISTS) { |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
346 CheckSystemTokenAvailability, | 352 CheckSystemTokenAvailability, |
347 EnterprisePlatformKeysTest, | 353 EnterprisePlatformKeysTest, |
348 ::testing::Values(Params(SYSTEM_TOKEN_EXISTS, | 354 ::testing::Values(Params(SYSTEM_TOKEN_EXISTS, |
349 DEVICE_STATUS_ENROLLED, | 355 DEVICE_STATUS_ENROLLED, |
350 USER_AFFILIATION_ENROLLED_DOMAIN), | 356 USER_AFFILIATION_ENROLLED_DOMAIN), |
351 Params(SYSTEM_TOKEN_EXISTS, | 357 Params(SYSTEM_TOKEN_EXISTS, |
352 DEVICE_STATUS_ENROLLED, | 358 DEVICE_STATUS_ENROLLED, |
353 USER_AFFILIATION_UNRELATED), | 359 USER_AFFILIATION_UNRELATED), |
354 Params(SYSTEM_TOKEN_EXISTS, | 360 Params(SYSTEM_TOKEN_EXISTS, |
355 DEVICE_STATUS_NOT_ENROLLED, | 361 DEVICE_STATUS_NOT_ENROLLED, |
356 USER_AFFILIATION_UNRELATED), | 362 USER_AFFILIATION_UNRELATED))); |
357 Params(SYSTEM_TOKEN_NOT_EXISTS, | 363 // TODO(pneubeck): Enable this case again, once TPMTokenLoader can handle a |
358 DEVICE_STATUS_ENROLLED, | 364 // missing system token correctly. https://crbug.com/426773 |
359 USER_AFFILIATION_ENROLLED_DOMAIN))); | 365 // Params(SYSTEM_TOKEN_NOT_EXISTS, |
| 366 // DEVICE_STATUS_ENROLLED, |
| 367 // USER_AFFILIATION_ENROLLED_DOMAIN) |
360 | 368 |
361 class EnterprisePlatformKeysTestNonPolicyInstalledExtension | 369 class EnterprisePlatformKeysTestNonPolicyInstalledExtension |
362 : public EnterprisePlatformKeysTest {}; | 370 : public EnterprisePlatformKeysTest {}; |
363 | 371 |
364 // Ensure that extensions that are not pre-installed by policy throw an install | 372 // Ensure that extensions that are not pre-installed by policy throw an install |
365 // warning if they request the enterprise.platformKeys permission in the | 373 // warning if they request the enterprise.platformKeys permission in the |
366 // manifest and that such extensions don't see the | 374 // manifest and that such extensions don't see the |
367 // chrome.enterprise.platformKeys namespace. | 375 // chrome.enterprise.platformKeys namespace. |
368 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, | 376 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, |
369 EnterprisePlatformKeysIsRestrictedToPolicyExtension) { | 377 EnterprisePlatformKeysIsRestrictedToPolicyExtension) { |
370 ASSERT_TRUE(RunExtensionSubtest("enterprise_platform_keys", | 378 ASSERT_TRUE(RunExtensionSubtest("enterprise_platform_keys", |
371 "api_not_available.html", | 379 "api_not_available.html", |
372 kFlagIgnoreManifestWarnings)); | 380 kFlagIgnoreManifestWarnings)); |
373 | 381 |
374 base::FilePath extension_path = | 382 base::FilePath extension_path = |
375 test_data_dir_.AppendASCII("enterprise_platform_keys"); | 383 test_data_dir_.AppendASCII("enterprise_platform_keys"); |
376 ExtensionService* service = | 384 ExtensionService* service = |
377 extensions::ExtensionSystem::Get(profile())->extension_service(); | 385 extensions::ExtensionSystem::Get(profile())->extension_service(); |
378 const extensions::Extension* extension = | 386 const extensions::Extension* extension = |
379 GetExtensionByPath(service->extensions(), extension_path); | 387 GetExtensionByPath(service->extensions(), extension_path); |
380 ASSERT_FALSE(extension->install_warnings().empty()); | 388 ASSERT_FALSE(extension->install_warnings().empty()); |
381 EXPECT_EQ( | 389 EXPECT_EQ( |
382 "'enterprise.platformKeys' is not allowed for specified install " | 390 "'enterprise.platformKeys' is not allowed for specified install " |
383 "location.", | 391 "location.", |
384 extension->install_warnings()[0].message); | 392 extension->install_warnings()[0].message); |
385 } | 393 } |
OLD | NEW |