| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| |
| #include <vector> |
| |
| #include "base/basictypes.h" |
| #include "base/compiler_specific.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/run_loop.h" |
| #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" |
| #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" |
| #include "chromeos/cryptohome/cryptohome_util.h" |
| #include "chromeos/dbus/fake_cryptohome_client.h" |
| #include "policy/policy_constants.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace policy { |
| |
| namespace { |
| |
| void CopyLockResult(base::RunLoop* loop, |
| EnterpriseInstallAttributes::LockResult* out, |
| EnterpriseInstallAttributes::LockResult result) { |
| *out = result; |
| loop->Quit(); |
| } |
| |
| } // namespace |
| |
| class DeviceCloudPolicyStoreChromeOSTest |
| : public chromeos::DeviceSettingsTestBase { |
| protected: |
| DeviceCloudPolicyStoreChromeOSTest() |
| : fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()), |
| install_attributes_(new EnterpriseInstallAttributes( |
| fake_cryptohome_client_.get())), |
| store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, |
| install_attributes_.get(), |
| loop_.message_loop_proxy())) { |
| fake_cryptohome_client_->Init(NULL /* no dbus::Bus */); |
| } |
| |
| virtual void SetUp() OVERRIDE { |
| DeviceSettingsTestBase::SetUp(); |
| |
| base::RunLoop loop; |
| EnterpriseInstallAttributes::LockResult result; |
| install_attributes_->LockDevice( |
| PolicyBuilder::kFakeUsername, |
| DEVICE_MODE_ENTERPRISE, |
| PolicyBuilder::kFakeDeviceId, |
| base::Bind(&CopyLockResult, &loop, &result)); |
| loop.Run(); |
| ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); |
| } |
| |
| void ExpectFailure(CloudPolicyStore::Status expected_status) { |
| EXPECT_EQ(expected_status, store_->status()); |
| EXPECT_TRUE(store_->is_initialized()); |
| EXPECT_FALSE(store_->has_policy()); |
| EXPECT_FALSE(store_->is_managed()); |
| } |
| |
| void ExpectSuccess() { |
| EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); |
| EXPECT_TRUE(store_->is_initialized()); |
| EXPECT_TRUE(store_->has_policy()); |
| EXPECT_TRUE(store_->is_managed()); |
| EXPECT_TRUE(store_->policy()); |
| base::FundamentalValue expected(false); |
| EXPECT_TRUE( |
| base::Value::Equals(&expected, |
| store_->policy_map().GetValue( |
| key::kDeviceMetricsReportingEnabled))); |
| } |
| |
| void PrepareExistingPolicy() { |
| store_->Load(); |
| FlushDeviceSettings(); |
| ExpectSuccess(); |
| |
| device_policy_.UnsetNewSigningKey(); |
| device_policy_.Build(); |
| } |
| |
| void PrepareNewSigningKey() { |
| device_policy_.SetDefaultNewSigningKey(); |
| device_policy_.Build(); |
| owner_key_util_->SetPublicKeyFromPrivateKey( |
| *device_policy_.GetNewSigningKey()); |
| } |
| |
| void ResetToNonEnterprise() { |
| store_.reset(); |
| chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned", |
| std::string()); |
| install_attributes_.reset(new EnterpriseInstallAttributes( |
| fake_cryptohome_client_.get())); |
| store_.reset( |
| new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, |
| install_attributes_.get(), |
| loop_.message_loop_proxy())); |
| } |
| |
| scoped_ptr<chromeos::FakeCryptohomeClient> fake_cryptohome_client_; |
| scoped_ptr<EnterpriseInstallAttributes> install_attributes_; |
| |
| scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_; |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest); |
| }; |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) { |
| owner_key_util_->Clear(); |
| store_->Load(); |
| FlushDeviceSettings(); |
| ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) { |
| device_settings_test_helper_.set_policy_blob(std::string()); |
| store_->Load(); |
| FlushDeviceSettings(); |
| ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) { |
| ResetToNonEnterprise(); |
| store_->Load(); |
| FlushDeviceSettings(); |
| ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) { |
| store_->Load(); |
| FlushDeviceSettings(); |
| ExpectSuccess(); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) { |
| PrepareExistingPolicy(); |
| store_->Store(device_policy_.policy()); |
| FlushDeviceSettings(); |
| ExpectSuccess(); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) { |
| PrepareExistingPolicy(); |
| device_policy_.policy().clear_policy_data_signature(); |
| store_->Store(device_policy_.policy()); |
| FlushDeviceSettings(); |
| EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, |
| store_->validation_status()); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) { |
| PrepareExistingPolicy(); |
| device_policy_.policy().set_policy_data_signature("invalid"); |
| store_->Store(device_policy_.policy()); |
| FlushDeviceSettings(); |
| EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); |
| EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, |
| store_->validation_status()); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) { |
| PrepareExistingPolicy(); |
| device_policy_.SetDefaultNewSigningKey(); |
| device_policy_.Build(); |
| store_->Store(device_policy_.policy()); |
| device_settings_test_helper_.FlushLoops(); |
| device_settings_test_helper_.FlushStore(); |
| owner_key_util_->SetPublicKeyFromPrivateKey( |
| *device_policy_.GetNewSigningKey()); |
| ReloadDeviceSettings(); |
| ExpectSuccess(); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) { |
| PrepareNewSigningKey(); |
| store_->InstallInitialPolicy(device_policy_.policy()); |
| FlushDeviceSettings(); |
| ExpectSuccess(); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) { |
| PrepareNewSigningKey(); |
| device_policy_.policy().clear_policy_data_signature(); |
| store_->InstallInitialPolicy(device_policy_.policy()); |
| FlushDeviceSettings(); |
| ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, |
| store_->validation_status()); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) { |
| PrepareNewSigningKey(); |
| device_policy_.policy().clear_new_public_key(); |
| store_->InstallInitialPolicy(device_policy_.policy()); |
| FlushDeviceSettings(); |
| ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); |
| EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, |
| store_->validation_status()); |
| } |
| |
| TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) { |
| PrepareNewSigningKey(); |
| ResetToNonEnterprise(); |
| store_->InstallInitialPolicy(device_policy_.policy()); |
| FlushDeviceSettings(); |
| ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); |
| } |
| |
| } // namespace policy |