1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/policy/device_policy_cache.h"
6
7#include "chrome/browser/chromeos/cros/cryptohome_library.h"
8#include "chrome/browser/policy/device_policy_identity_strategy.h"
9#include "chrome/browser/policy/enterprise_install_attributes.h"
10#include "policy/configuration_policy_type.h"
11#include "testing/gmock/include/gmock/gmock.h"
12#include "testing/gtest/include/gtest/gtest.h"
13
14namespace policy {
15
16namespace {
17
18// Test registration user name.
19const char kTestUser[] = "test@example.com";
20
21using ::chromeos::SignedSettings;
22using ::chromeos::SignedSettingsHelper;
23using ::testing::_;
24using ::testing::InSequence;
25
26class MockSignedSettingsHelper : public SignedSettingsHelper {
27 public:
28  MockSignedSettingsHelper() {}
29  virtual ~MockSignedSettingsHelper() {}
30
31  MOCK_METHOD2(StartStorePolicyOp, void(const em::PolicyFetchResponse&,
32                                        SignedSettingsHelper::Callback*));
33  MOCK_METHOD1(StartRetrievePolicyOp, void(SignedSettingsHelper::Callback*));
34  MOCK_METHOD1(CancelCallback, void(SignedSettingsHelper::Callback*));
35
36  // This test doesn't need these methods, but since they're pure virtual in
37  // SignedSettingsHelper, they must be implemented:
38  MOCK_METHOD2(StartCheckWhitelistOp, void(const std::string&,
39                                           SignedSettingsHelper::Callback*));
40  MOCK_METHOD3(StartWhitelistOp, void(const std::string&, bool,
41                                      SignedSettingsHelper::Callback*));
42  MOCK_METHOD3(StartStorePropertyOp, void(const std::string&,
43                                          const std::string&,
44                                          SignedSettingsHelper::Callback*));
45  MOCK_METHOD2(StartRetrieveProperty, void(const std::string&,
46                                           SignedSettingsHelper::Callback*));
47
48 private:
49  DISALLOW_COPY_AND_ASSIGN(MockSignedSettingsHelper);
50};
51
52ACTION_P(MockSignedSettingsHelperStorePolicy, status_code) {
53  arg1->OnStorePolicyCompleted(status_code);
54}
55
56ACTION_P2(MockSignedSettingsHelperRetrievePolicy, status_code, policy) {
57  arg0->OnRetrievePolicyCompleted(status_code, policy);
58}
59
60void CreateRefreshRatePolicy(em::PolicyFetchResponse* policy,
61                             const std::string& user,
62                             int refresh_rate) {
63  // This method omits a few fields which currently aren't needed by tests:
64  // timestamp, machine_name, policy_type, public key info.
65  em::PolicyData signed_response;
66  em::ChromeDeviceSettingsProto settings;
67  settings.mutable_policy_refresh_rate()->set_policy_refresh_rate(refresh_rate);
68  signed_response.set_username(user);
69  signed_response.set_request_token("dmtoken");
70  signed_response.set_device_id("deviceid");
71  EXPECT_TRUE(
72      settings.SerializeToString(signed_response.mutable_policy_value()));
73  std::string serialized_signed_response;
74  EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response));
75  policy->set_policy_data(serialized_signed_response);
76}
77
78void CreateProxyPolicy(em::PolicyFetchResponse* policy,
79                       const std::string& user,
80                       const std::string& proxy_mode,
81                       const std::string& proxy_server,
82                       const std::string& proxy_pac_url,
83                       const std::string& proxy_bypass_list) {
84  em::PolicyData signed_response;
85  em::ChromeDeviceSettingsProto settings;
86  em::DeviceProxySettingsProto* proxy_settings =
87      settings.mutable_device_proxy_settings();
88  proxy_settings->set_proxy_mode(proxy_mode);
89  proxy_settings->set_proxy_server(proxy_server);
90  proxy_settings->set_proxy_pac_url(proxy_pac_url);
91  proxy_settings->set_proxy_bypass_list(proxy_bypass_list);
92  signed_response.set_username(user);
93  signed_response.set_request_token("dmtoken");
94  signed_response.set_device_id("deviceid");
95  EXPECT_TRUE(
96      settings.SerializeToString(signed_response.mutable_policy_value()));
97  std::string serialized_signed_response;
98  EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response));
99  policy->set_policy_data(serialized_signed_response);
100}
101
102}  // namespace
103
104class DevicePolicyCacheTest : public testing::Test {
105 protected:
106  DevicePolicyCacheTest()
107      : cryptohome_(chromeos::CryptohomeLibrary::GetImpl(true)),
108        install_attributes_(cryptohome_.get()) {}
109
110  virtual void SetUp() {
111    cache_.reset(new DevicePolicyCache(&identity_strategy_,
112                                       &install_attributes_,
113                                       &signed_settings_helper_));
114  }
115
116  virtual void TearDown() {
117    EXPECT_CALL(signed_settings_helper_, CancelCallback(_));
118    cache_.reset();
119  }
120
121  void MakeEnterpriseDevice(const char* registration_user) {
122    ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
123              install_attributes_.LockDevice(registration_user));
124  }
125
126  const Value* GetMandatoryPolicy(ConfigurationPolicyType policy) {
127    return cache_->mandatory_policy_.Get(policy);
128  }
129
130  const Value* GetRecommendedPolicy(ConfigurationPolicyType policy) {
131    return cache_->recommended_policy_.Get(policy);
132  }
133
134  scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_;
135  EnterpriseInstallAttributes install_attributes_;
136  DevicePolicyIdentityStrategy identity_strategy_;
137  MockSignedSettingsHelper signed_settings_helper_;
138  scoped_ptr<DevicePolicyCache> cache_;
139
140 private:
141  DISALLOW_COPY_AND_ASSIGN(DevicePolicyCacheTest);
142};
143
144TEST_F(DevicePolicyCacheTest, Startup) {
145  em::PolicyFetchResponse policy;
146  CreateRefreshRatePolicy(&policy, kTestUser, 120);
147  EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
148      MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
149                                             policy));
150  cache_->Load();
151  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
152  FundamentalValue expected(120);
153  EXPECT_TRUE(Value::Equals(&expected,
154                            GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
155}
156
157TEST_F(DevicePolicyCacheTest, SetPolicy) {
158  InSequence s;
159
160  MakeEnterpriseDevice(kTestUser);
161
162  // Startup.
163  em::PolicyFetchResponse policy;
164  CreateRefreshRatePolicy(&policy, kTestUser, 120);
165  EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
166      MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
167                                             policy));
168  cache_->Load();
169  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
170  FundamentalValue expected(120);
171  EXPECT_TRUE(Value::Equals(&expected,
172                            GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
173
174  // Set new policy information.
175  em::PolicyFetchResponse new_policy;
176  CreateRefreshRatePolicy(&new_policy, kTestUser, 300);
177  EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).WillOnce(
178      MockSignedSettingsHelperStorePolicy(chromeos::SignedSettings::SUCCESS));
179  EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
180      MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
181                                             new_policy));
182  cache_->SetPolicy(new_policy);
183  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
184  FundamentalValue updated_expected(300);
185  EXPECT_TRUE(Value::Equals(&updated_expected,
186                            GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
187}
188
189TEST_F(DevicePolicyCacheTest, SetPolicyWrongUser) {
190  InSequence s;
191
192  MakeEnterpriseDevice(kTestUser);
193
194  // Startup.
195  em::PolicyFetchResponse policy;
196  CreateRefreshRatePolicy(&policy, kTestUser, 120);
197  EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
198      MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
199                                             policy));
200  cache_->Load();
201  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
202
203  // Set new policy information. This should fail due to invalid user.
204  em::PolicyFetchResponse new_policy;
205  CreateRefreshRatePolicy(&new_policy, "foreign_user@example.com", 300);
206  EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0);
207  cache_->SetPolicy(new_policy);
208  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
209
210  FundamentalValue expected(120);
211  EXPECT_TRUE(Value::Equals(&expected,
212                            GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
213}
214
215TEST_F(DevicePolicyCacheTest, SetPolicyNonEnterpriseDevice) {
216  InSequence s;
217
218  // Startup.
219  em::PolicyFetchResponse policy;
220  CreateRefreshRatePolicy(&policy, kTestUser, 120);
221  EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
222      MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
223                                             policy));
224  cache_->Load();
225  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
226
227  // Set new policy information. This should fail due to invalid user.
228  em::PolicyFetchResponse new_policy;
229  CreateRefreshRatePolicy(&new_policy, kTestUser, 120);
230  EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0);
231  cache_->SetPolicy(new_policy);
232  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
233
234  FundamentalValue expected(120);
235  EXPECT_TRUE(Value::Equals(&expected,
236                            GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
237}
238
239TEST_F(DevicePolicyCacheTest, SetProxyPolicy) {
240  InSequence s;
241
242  MakeEnterpriseDevice(kTestUser);
243
244  // Startup.
245  em::PolicyFetchResponse policy;
246  CreateProxyPolicy(&policy, kTestUser, "direct", "http://proxy:8080",
247                    "http://proxy:8080/pac.js", "127.0.0.1,example.com");
248  EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
249      MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
250                                             policy));
251  cache_->Load();
252  testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
253  StringValue expected_proxy_mode("direct");
254  StringValue expected_proxy_server("http://proxy:8080");
255  StringValue expected_proxy_pac_url("http://proxy:8080/pac.js");
256  StringValue expected_proxy_bypass_list("127.0.0.1,example.com");
257  EXPECT_TRUE(Value::Equals(&expected_proxy_mode,
258                            GetRecommendedPolicy(kPolicyProxyMode)));
259  EXPECT_TRUE(Value::Equals(&expected_proxy_server,
260                            GetRecommendedPolicy(kPolicyProxyServer)));
261  EXPECT_TRUE(Value::Equals(&expected_proxy_pac_url,
262                            GetRecommendedPolicy(kPolicyProxyPacUrl)));
263  EXPECT_TRUE(Value::Equals(&expected_proxy_bypass_list,
264                            GetRecommendedPolicy(kPolicyProxyBypassList)));
265}
266
267}  // namespace policy
268