1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <string> 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 7c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/bind.h" 89ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/run_loop.h" 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/attestation/attestation_key_payload.pb.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/attestation/attestation_policy_observer.h" 125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/attestation/fake_certificate.h" 13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/cros_settings.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_settings_service.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/attestation/mock_attestation_flow.h" 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/dbus/mock_cryptohome_client.h" 184e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#include "chromeos/settings/cros_settings_names.h" 19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/mock_cloud_policy_client.h" 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "content/public/test/test_browser_thread.h" 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using testing::_; 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using testing::Invoke; 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using testing::StrictMock; 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using testing::WithArgs; 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace chromeos { 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace attestation { 30c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 31c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace { 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const int64 kCertValid = 90; 345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const int64 kCertExpiringSoon = 20; 355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const int64 kCertExpired = -20; 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 37c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void DBusCallbackFalse(const BoolDBusMethodCallback& callback) { 3890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostTask( 39c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, false)); 40c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 41c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 42c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void DBusCallbackTrue(const BoolDBusMethodCallback& callback) { 4390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostTask( 44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, true)); 45c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 46c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 47eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochvoid DBusCallbackError(const BoolDBusMethodCallback& callback) { 48eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch base::MessageLoop::current()->PostTask( 49eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_FAILURE, false)); 50eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 51eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 52c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void CertCallbackSuccess(const AttestationFlow::CertificateCallback& callback) { 5390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostTask( 54c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) FROM_HERE, base::Bind(callback, true, "fake_cert")); 55c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 56c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 57c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void StatusCallbackSuccess( 58c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const policy::CloudPolicyClient::StatusCallback& callback) { 5990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostTask( 60c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) FROM_HERE, base::Bind(callback, true)); 61c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 62c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 63c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class FakeDBusData { 64c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 65c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) explicit FakeDBusData(const std::string& data) : data_(data) {} 66c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 67c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void operator() (const CryptohomeClient::DataMethodCallback& callback) { 6890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostTask( 69c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) FROM_HERE, 70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, true, data_)); 71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 72c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 73c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) private: 74c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string data_; 75c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 76c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 77c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace 78c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 79c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class AttestationPolicyObserverTest : public ::testing::Test { 80c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 81c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) AttestationPolicyObserverTest() 825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) : ui_thread_(content::BrowserThread::UI, &message_loop_) { 83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Remove the real DeviceSettingsProvider and replace it with a stub. 84c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CrosSettings* cros_settings = CrosSettings::Get(); 85c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_settings_provider_ = 86c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->GetProvider(kDeviceAttestationEnabled); 87c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->RemoveSettingsProvider(device_settings_provider_); 88c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->AddSettingsProvider(&stub_settings_provider_); 89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->SetBoolean(kDeviceAttestationEnabled, true); 90c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) policy_client_.SetDMToken("fake_dm_token"); 91c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 92c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 93c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual ~AttestationPolicyObserverTest() { 94c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Restore the real DeviceSettingsProvider. 95c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CrosSettings* cros_settings = CrosSettings::Get(); 96c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->RemoveSettingsProvider(&stub_settings_provider_); 97c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->AddSettingsProvider(device_settings_provider_); 98c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 99c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 100c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) protected: 101c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enum MockOptions { 102c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) MOCK_KEY_EXISTS = 1, // Configure so a certified key exists. 103c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) MOCK_KEY_UPLOADED = (1 << 1), // Configure so an upload has occurred. 104c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) MOCK_NEW_KEY = (1 << 2) // Configure expecting new key generation. 105c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) }; 106c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 107c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Configures mock expectations according to |mock_options|. If options 108c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // require that a certificate exists, |certificate| will be used. 109c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void SetupMocks(int mock_options, const std::string& certificate) { 110c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool key_exists = (mock_options & MOCK_KEY_EXISTS); 111c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Setup expected key / cert queries. 112c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (key_exists) { 1138bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 1148bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackTrue))); 1158bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(cryptohome_client_, TpmAttestationGetCertificate(_, _, _, _)) 1168bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(FakeDBusData(certificate)))); 117c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else { 1188bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 1198bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); 120c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 121c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 122c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Setup expected key payload queries. 123c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool key_uploaded = (mock_options & MOCK_KEY_UPLOADED); 124c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string payload = CreatePayload(); 1258bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(cryptohome_client_, TpmAttestationGetKeyPayload(_, _, _, _)) 1268bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke( 127c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) FakeDBusData(key_uploaded ? payload : "")))); 128c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 129c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Setup expected key uploads. Use WillOnce() so StrictMock will trigger an 130c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // error if our expectations are not met exactly. We want to verify that 131c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // during a single run through the observer only one upload operation occurs 132c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // (because it is costly) and similarly, that the writing of the uploaded 133c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // status in the key payload matches the upload operation. 134c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool new_key = (mock_options & MOCK_NEW_KEY); 135c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (new_key || !key_uploaded) { 136c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_CALL(policy_client_, 137c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) UploadCertificate(new_key ? "fake_cert" : certificate, _)) 138c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .WillOnce(WithArgs<1>(Invoke(StatusCallbackSuccess))); 139c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_CALL(cryptohome_client_, 1408bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) TpmAttestationSetKeyPayload(_, _, _, payload, _)) 1418bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillOnce(WithArgs<4>(Invoke(DBusCallbackTrue))); 142c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 143c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 144c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Setup expected key generations. Again use WillOnce(). Key generation is 145c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // another costly operation and if it gets triggered more than once during 146c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // a single pass this indicates a logical problem in the observer. 147c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (new_key) { 1483551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(attestation_flow_, GetCertificate(_, _, _, _, _)) 1493551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) .WillOnce(WithArgs<4>(Invoke(CertCallbackSuccess))); 150c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 151c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 152c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 153c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void Run() { 154c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) AttestationPolicyObserver observer(&policy_client_, 155c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) &cryptohome_client_, 156c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) &attestation_flow_); 157eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch observer.set_retry_delay(0); 158c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::RunLoop().RunUntilIdle(); 159c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 160c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 161c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string CreatePayload() { 162c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) AttestationKeyPayload proto; 163c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) proto.set_is_certificate_uploaded(true); 164c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string serialized; 165c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) proto.SerializeToString(&serialized); 166c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return serialized; 167c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 168c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 1695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::MessageLoopForUI message_loop_; 170c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) content::TestBrowserThread ui_thread_; 171c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ScopedTestDeviceSettingsService test_device_settings_service_; 172c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ScopedTestCrosSettings test_cros_settings_; 173c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CrosSettingsProvider* device_settings_provider_; 174c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StubCrosSettingsProvider stub_settings_provider_; 175c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StrictMock<MockCryptohomeClient> cryptohome_client_; 176c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StrictMock<MockAttestationFlow> attestation_flow_; 177c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StrictMock<policy::MockCloudPolicyClient> policy_client_; 178c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 179c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 180c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, FeatureDisabled) { 181c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CrosSettings* cros_settings = CrosSettings::Get(); 182c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) cros_settings->SetBoolean(kDeviceAttestationEnabled, false); 183c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 184c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 185c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 186c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, UnregisteredPolicyClient) { 187c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) policy_client_.SetDMToken(""); 188c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 189c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 190c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 191c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, NewCertificate) { 192c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SetupMocks(MOCK_NEW_KEY, ""); 193c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 194c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 195c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 196c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, KeyExistsNotUploaded) { 197c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string certificate; 1985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(kCertValid), 1995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &certificate)); 200c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SetupMocks(MOCK_KEY_EXISTS, certificate); 201c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 202c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 203c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 204c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, KeyExistsAlreadyUploaded) { 205c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string certificate; 2065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(kCertValid), 2075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &certificate)); 208c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SetupMocks(MOCK_KEY_EXISTS | MOCK_KEY_UPLOADED, certificate); 209c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 210c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 211c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 212c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, KeyExistsCertExpiringSoon) { 213c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string certificate; 2145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(kCertExpiringSoon), 2155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &certificate)); 216c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SetupMocks(MOCK_KEY_EXISTS | MOCK_KEY_UPLOADED | MOCK_NEW_KEY, certificate); 217c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 218c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 219c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 220c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, KeyExistsCertExpired) { 221c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string certificate; 2225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(GetFakeCertificate(base::TimeDelta::FromDays(kCertExpired), 2235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &certificate)); 224c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SetupMocks(MOCK_KEY_EXISTS | MOCK_KEY_UPLOADED | MOCK_NEW_KEY, certificate); 225c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 226c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 227c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 228c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(AttestationPolicyObserverTest, IgnoreUnknownCertFormat) { 229c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) SetupMocks(MOCK_KEY_EXISTS | MOCK_KEY_UPLOADED, "unsupported"); 230c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Run(); 231c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 232c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 233eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(AttestationPolicyObserverTest, DBusFailureRetry) { 234eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetupMocks(MOCK_NEW_KEY, ""); 235eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Simulate a DBus failure. 2368bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 2378bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillOnce(WithArgs<3>(Invoke(DBusCallbackError))) 2388bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); 239eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch Run(); 240eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 241eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 242c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace attestation 243c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace chromeos 244