13551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 23551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 33551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)// found in the LICENSE file. 43551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 53551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include <string> 63551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 73551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "base/bind.h" 83551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "base/message_loop/message_loop.h" 93551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "base/run_loop.h" 1058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "chrome/browser/chromeos/attestation/attestation_signed_data.pb.h" 115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/attestation/fake_certificate.h" 123551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "chrome/browser/chromeos/attestation/platform_verification_flow.h" 13cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/users/mock_user_manager.h" 1458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "chrome/browser/chromeos/settings/cros_settings.h" 1558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_settings_service.h" 1658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" 170f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)#include "chrome/browser/content_settings/host_content_settings_map.h" 185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/profiles/profile_impl.h" 195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/renderer_host/pepper/device_id_fetcher.h" 200f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)#include "chrome/common/content_settings_pattern.h" 2158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)#include "chrome/common/pref_names.h" 225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/test/base/testing_pref_service_syncable.h" 233551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "chromeos/attestation/mock_attestation_flow.h" 243551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "chromeos/cryptohome/mock_async_method_caller.h" 253551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "chromeos/dbus/fake_cryptohome_client.h" 264e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#include "chromeos/settings/cros_settings_names.h" 273551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "content/public/test/test_browser_thread.h" 283551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 293551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 303551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)using testing::_; 31424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles)using testing::DoAll; 323551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)using testing::Invoke; 33424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles)using testing::Return; 34424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles)using testing::SetArgumentPointee; 353551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)using testing::StrictMock; 363551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)using testing::WithArgs; 373551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 383551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)namespace chromeos { 393551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)namespace attestation { 403551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 413551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)namespace { 423551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 433551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)const char kTestID[] = "test_id"; 443551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)const char kTestChallenge[] = "test_challenge"; 4558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)const char kTestSignedData[] = "test_challenge_with_salt"; 4658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)const char kTestSignature[] = "test_signature"; 473551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)const char kTestCertificate[] = "test_certificate"; 483551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)const char kTestEmail[] = "test_email@chromium.org"; 4958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)const char kTestURL[] = "http://mytestdomain/test"; 500f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)const char kTestURLSecure[] = "https://mytestdomain/test"; 51a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)const char kTestURLExtension[] = "chrome-extension://mytestextension"; 523551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 533551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)class FakeDelegate : public PlatformVerificationFlow::Delegate { 543551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) public: 553551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) FakeDelegate() : response_(PlatformVerificationFlow::CONSENT_RESPONSE_ALLOW), 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) num_consent_calls_(0), 575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) url_(kTestURL), 585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) is_incognito_(false) { 595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Configure a user for the mock user manager. 605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) mock_user_manager_.SetActiveUser(kTestEmail); 615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 623551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) virtual ~FakeDelegate() {} 633551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SetUp() { 655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ProfileImpl::RegisterProfilePrefs(pref_service_.registry()); 665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::DeviceIDFetcher::RegisterProfilePrefs(pref_service_.registry()); 675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PlatformVerificationFlow::RegisterProfilePrefs(pref_service_.registry()); 685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) HostContentSettingsMap::RegisterProfilePrefs(pref_service_.registry()); 695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content_settings_ = new HostContentSettingsMap(&pref_service_, false); 705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void TearDown() { 735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content_settings_->ShutdownOnUIThread(); 745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 763551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) virtual void ShowConsentPrompt( 773551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) content::WebContents* web_contents, 783551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const PlatformVerificationFlow::Delegate::ConsentCallback& callback) 793551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) OVERRIDE { 803551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) num_consent_calls_++; 813551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) callback.Run(response_); 823551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 833551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual PrefService* GetPrefs(content::WebContents* web_contents) OVERRIDE { 855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return &pref_service_; 865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual const GURL& GetURL(content::WebContents* web_contents) OVERRIDE { 895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return url_; 905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual User* GetUser(content::WebContents* web_contents) OVERRIDE { 935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return mock_user_manager_.GetActiveUser(); 945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual HostContentSettingsMap* GetContentSettings( 975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WebContents* web_contents) OVERRIDE { 985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return content_settings_; 995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual bool IsGuestOrIncognito(content::WebContents* web_contents) OVERRIDE { 1025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return is_incognito_; 1035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1053551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void set_response(PlatformVerificationFlow::ConsentResponse response) { 1063551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) response_ = response; 1073551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 1083551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1093551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) int num_consent_calls() { 1103551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) return num_consent_calls_; 1113551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 1123551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) TestingPrefServiceSyncable& pref_service() { 1145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return pref_service_; 1155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void set_url(const GURL& url) { 1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) url_ = url; 1195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void set_is_incognito(bool is_incognito) { 1225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) is_incognito_ = is_incognito; 1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1253551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) private: 1263551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) PlatformVerificationFlow::ConsentResponse response_; 1273551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) int num_consent_calls_; 1285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) TestingPrefServiceSyncable pref_service_; 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) MockUserManager mock_user_manager_; 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GURL url_; 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<HostContentSettingsMap> content_settings_; 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool is_incognito_; 1333551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1343551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(FakeDelegate); 1353551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)}; 1363551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1373551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)class CustomFakeCryptohomeClient : public FakeCryptohomeClient { 1383551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) public: 1393551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) CustomFakeCryptohomeClient() : call_status_(DBUS_METHOD_CALL_SUCCESS), 140424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) attestation_enrolled_(true), 141424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) attestation_prepared_(true) {} 1423551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) virtual void TpmAttestationIsEnrolled( 1433551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const BoolDBusMethodCallback& callback) OVERRIDE { 1443551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::MessageLoop::current()->PostTask(FROM_HERE, 1453551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::Bind(callback, 1463551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) call_status_, 1473551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) attestation_enrolled_)); 1483551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 1493551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 150424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) virtual void TpmAttestationIsPrepared( 151424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) const BoolDBusMethodCallback& callback) OVERRIDE { 152424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) base::MessageLoop::current()->PostTask(FROM_HERE, 153424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) base::Bind(callback, 154424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) call_status_, 155424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) attestation_prepared_)); 156424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) } 157424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) 1583551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void set_call_status(DBusMethodCallStatus call_status) { 1593551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) call_status_ = call_status; 1603551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 1613551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1623551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void set_attestation_enrolled(bool attestation_enrolled) { 1633551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) attestation_enrolled_ = attestation_enrolled; 1643551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 1653551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 166424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) void set_attestation_prepared(bool attestation_prepared) { 167424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) attestation_prepared_ = attestation_prepared; 168424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) } 169424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) 1703551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) private: 1713551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) DBusMethodCallStatus call_status_; 1723551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) bool attestation_enrolled_; 173424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) bool attestation_prepared_; 1743551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)}; 1753551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1763551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} // namespace 1773551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1783551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)class PlatformVerificationFlowTest : public ::testing::Test { 1793551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) public: 1803551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) PlatformVerificationFlowTest() 1815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) : ui_thread_(content::BrowserThread::UI, &message_loop_), 1823551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) certificate_success_(true), 1835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_certificate_index_(0), 1843551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) sign_challenge_success_(true), 1858bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) result_(PlatformVerificationFlow::INTERNAL_ERROR) {} 1863551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1873551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void SetUp() { 1885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.SetUp(); 1893551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 1903551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Create a verifier for tests to call. 1910f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) verifier_ = new PlatformVerificationFlow(&mock_attestation_flow_, 1920f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) &mock_async_caller_, 1930f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) &fake_cryptohome_client_, 1940f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) &fake_delegate_); 1953551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 196424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) // Create callbacks for tests to use with verifier_. 1973551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) callback_ = base::Bind(&PlatformVerificationFlowTest::FakeChallengeCallback, 1983551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::Unretained(this)); 19958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 20058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) // Configure the global cros_settings. 20158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CrosSettings* cros_settings = CrosSettings::Get(); 20258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) device_settings_provider_ = 20358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) cros_settings->GetProvider(kAttestationForContentProtectionEnabled); 20458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) cros_settings->RemoveSettingsProvider(device_settings_provider_); 20558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) cros_settings->AddSettingsProvider(&stub_settings_provider_); 20658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) cros_settings->SetBoolean(kAttestationForContentProtectionEnabled, true); 20758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 2085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Start with the first-time setting set since most tests want this. 2095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.pref_service().SetUserPref(prefs::kRAConsentFirstTime, 2105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new base::FundamentalValue(true)); 2113551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2120f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) } 2130f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 2143551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void TearDown() { 21558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) // Restore the real DeviceSettingsProvider. 21658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CrosSettings* cros_settings = CrosSettings::Get(); 21758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) cros_settings->RemoveSettingsProvider(&stub_settings_provider_); 21858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) cros_settings->AddSettingsProvider(device_settings_provider_); 2195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.TearDown(); 2203551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 2213551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2223551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void ExpectAttestationFlow() { 2233551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // When consent is not given or the feature is disabled, it is important 2243551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // that there are no calls to the attestation service. Thus, a test must 2253551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // explicitly expect these calls or the mocks will fail the test. 2263551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2273551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Configure the mock AttestationFlow to call FakeGetCertificate. 2283551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, 2293551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) GetCertificate(PROFILE_CONTENT_PROTECTION_CERTIFICATE, 2303551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) kTestEmail, kTestID, _, _)) 2313551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) .WillRepeatedly(WithArgs<4>(Invoke( 2323551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) this, &PlatformVerificationFlowTest::FakeGetCertificate))); 2333551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2343551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Configure the mock AsyncMethodCaller to call FakeSignChallenge. 2353551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) std::string expected_key_name = std::string(kContentProtectionKeyPrefix) + 2363551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) std::string(kTestID); 2373551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(mock_async_caller_, 2388bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) TpmAttestationSignSimpleChallenge(KEY_USER, kTestEmail, 2398bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) expected_key_name, 2403551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) kTestChallenge, _)) 2418bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillRepeatedly(WithArgs<4>(Invoke( 2423551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) this, &PlatformVerificationFlowTest::FakeSignChallenge))); 2433551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 2443551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2450f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) void SetUserConsent(const GURL& url, bool allow) { 2465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) verifier_->RecordDomainConsent(fake_delegate_.GetContentSettings(NULL), 2475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) url, 2485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) allow); 2490f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) } 2500f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 2513551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void FakeGetCertificate( 2523551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const AttestationFlow::CertificateCallback& callback) { 2535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string certificate = 2545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) (fake_certificate_index_ < fake_certificate_list_.size()) ? 2555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_certificate_list_[fake_certificate_index_] : kTestCertificate; 2563551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::MessageLoop::current()->PostTask(FROM_HERE, 2573551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::Bind(callback, 2583551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) certificate_success_, 2595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) certificate)); 2605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ++fake_certificate_index_; 2613551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 2623551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2633551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void FakeSignChallenge( 2643551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const cryptohome::AsyncMethodCaller::DataCallback& callback) { 26558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) base::MessageLoop::current()->PostTask( 26658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) FROM_HERE, 26758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) base::Bind(callback, 26858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) sign_challenge_success_, 26958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CreateFakeResponseProto())); 2703551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 2713551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 2723551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) void FakeChallengeCallback(PlatformVerificationFlow::Result result, 27358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) const std::string& salt, 27458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) const std::string& signature, 2753551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const std::string& certificate) { 2763551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) result_ = result; 27758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) challenge_salt_ = salt; 27858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) challenge_signature_ = signature; 2793551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) certificate_ = certificate; 2803551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) } 2813551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 28258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) std::string CreateFakeResponseProto() { 28358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) SignedData pb; 28458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) pb.set_data(kTestSignedData); 28558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) pb.set_signature(kTestSignature); 28658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) std::string serial; 28758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CHECK(pb.SerializeToString(&serial)); 28858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) return serial; 28958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) } 29058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 2913551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) protected: 2925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::MessageLoopForUI message_loop_; 2933551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) content::TestBrowserThread ui_thread_; 2943551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) StrictMock<MockAttestationFlow> mock_attestation_flow_; 2953551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) cryptohome::MockAsyncMethodCaller mock_async_caller_; 2963551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) CustomFakeCryptohomeClient fake_cryptohome_client_; 2973551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) FakeDelegate fake_delegate_; 29858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CrosSettingsProvider* device_settings_provider_; 29958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) StubCrosSettingsProvider stub_settings_provider_; 30058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) ScopedTestDeviceSettingsService test_device_settings_service_; 30158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) ScopedTestCrosSettings test_cros_settings_; 3020f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) scoped_refptr<PlatformVerificationFlow> verifier_; 3033551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 3043551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Controls result of FakeGetCertificate. 3053551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) bool certificate_success_; 3065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<std::string> fake_certificate_list_; 3075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) size_t fake_certificate_index_; 3083551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 3093551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Controls result of FakeSignChallenge. 3103551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) bool sign_challenge_success_; 3113551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 312424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) // Callback functions and data. 3133551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) PlatformVerificationFlow::ChallengeCallback callback_; 3143551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) PlatformVerificationFlow::Result result_; 31558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) std::string challenge_salt_; 31658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) std::string challenge_signature_; 3173551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) std::string certificate_; 3183551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)}; 3193551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 3203551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, SuccessNoConsent) { 3210f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) SetUserConsent(GURL(kTestURL), true); 3223551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Make sure the call will fail if consent is requested. 3233551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY); 3243551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) ExpectAttestationFlow(); 3253551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 3263551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 3273551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_); 32858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(kTestSignedData, challenge_salt_); 32958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(kTestSignature, challenge_signature_); 3303551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(kTestCertificate, certificate_); 3313551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(0, fake_delegate_.num_consent_calls()); 3323551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 3333551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 33458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)TEST_F(PlatformVerificationFlowTest, SuccessWithAttestationConsent) { 3350f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) SetUserConsent(GURL(kTestURL), true); 33658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) fake_cryptohome_client_.set_attestation_enrolled(false); 3373551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) ExpectAttestationFlow(); 3383551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 3393551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 3403551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_); 34158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(kTestSignedData, challenge_salt_); 34258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(kTestSignature, challenge_signature_); 3433551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(kTestCertificate, certificate_); 3443551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(1, fake_delegate_.num_consent_calls()); 3453551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 3463551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 34758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)TEST_F(PlatformVerificationFlowTest, SuccessWithFirstTimeConsent) { 3480f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) SetUserConsent(GURL(kTestURL), true); 3495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.pref_service().SetUserPref(prefs::kRAConsentFirstTime, 3505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new base::FundamentalValue(false)); 3513551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) ExpectAttestationFlow(); 3523551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 3533551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 3543551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_); 35558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(kTestSignedData, challenge_salt_); 35658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(kTestSignature, challenge_signature_); 3573551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(kTestCertificate, certificate_); 3583551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(1, fake_delegate_.num_consent_calls()); 3593551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 3603551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 3613551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, ConsentRejected) { 3623551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY); 3633551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 3643551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 3653551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_); 3663551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(1, fake_delegate_.num_consent_calls()); 3673551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 3683551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 3693551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, FeatureDisabled) { 37058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CrosSettings::Get()->SetBoolean(kAttestationForContentProtectionEnabled, 37158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) false); 37258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 37358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) base::RunLoop().RunUntilIdle(); 37458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_); 37558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(0, fake_delegate_.num_consent_calls()); 37658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)} 37758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 37858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)TEST_F(PlatformVerificationFlowTest, FeatureDisabledByUser) { 3795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.pref_service().SetUserPref(prefs::kEnableDRM, 3805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new base::FundamentalValue(false)); 38158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 38258537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) base::RunLoop().RunUntilIdle(); 38358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_); 38458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) EXPECT_EQ(0, fake_delegate_.num_consent_calls()); 38558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)} 38658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 38758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)TEST_F(PlatformVerificationFlowTest, FeatureDisabledByUserForDomain) { 3880f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) SetUserConsent(GURL(kTestURL), false); 3893551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 3903551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 3913551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_); 3923551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(0, fake_delegate_.num_consent_calls()); 3933551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 3943551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 3953551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, NotVerified) { 3963551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) certificate_success_ = false; 3973551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) ExpectAttestationFlow(); 3983551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 3993551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4003551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_); 4013551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 4023551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 4033551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, ChallengeSigningError) { 4043551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) sign_challenge_success_ = false; 4053551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) ExpectAttestationFlow(); 4063551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4073551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4083551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::INTERNAL_ERROR, result_); 4093551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 4103551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 4113551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, DBusFailure) { 4123551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) fake_cryptohome_client_.set_call_status(DBUS_METHOD_CALL_FAILURE); 4133551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4143551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4153551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::INTERNAL_ERROR, result_); 4163551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 4173551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 4183551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, ConsentNoResponse) { 4193551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_NONE); 4203551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4213551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4223551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_); 4233551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} 4243551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 4250f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, ConsentPerScheme) { 4260f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY); 4270f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4280f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4290f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_); 4300f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) // Call again and expect denial based on previous response. 4310f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4320f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4330f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_); 4340f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) // Call with a different scheme and expect another consent prompt. 4355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.set_url(GURL(kTestURLSecure)); 4360f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4370f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4380f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_); 4390f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(2, fake_delegate_.num_consent_calls()); 4400f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 4410f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 442a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, ConsentForExtension) { 443a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY); 444a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) fake_delegate_.set_url(GURL(kTestURLExtension)); 445a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 446a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 447a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_); 448a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) EXPECT_EQ(1, fake_delegate_.num_consent_calls()); 449a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} 450a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 4510f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, Timeout) { 4520f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) verifier_->set_timeout_delay(base::TimeDelta::FromSeconds(0)); 4530f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) ExpectAttestationFlow(); 4540f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4550f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4560f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::TIMEOUT, result_); 4570f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 4580f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 4595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, ExpiredCert) { 4605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExpectAttestationFlow(); 4615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_certificate_list_.resize(2); 4625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(-1), 4635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &fake_certificate_list_[0])); 4645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(1), 4655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &fake_certificate_list_[1])); 4665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_); 4695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(certificate_, fake_certificate_list_[1]); 4705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 4715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(PlatformVerificationFlowTest, IncognitoMode) { 4735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_delegate_.set_is_incognito(true); 4745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); 4755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_); 4775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 4785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4793551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} // namespace attestation 4803551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)} // namespace chromeos 481