device_cloud_policy_store_chromeos_unittest.cc revision 116680a4aac90f2aa7413d9095a592090648e557
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 6 7#include <vector> 8 9#include "base/basictypes.h" 10#include "base/compiler_specific.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/message_loop/message_loop_proxy.h" 13#include "base/run_loop.h" 14#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 15#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 16#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 17#include "chrome/test/base/scoped_testing_local_state.h" 18#include "chrome/test/base/testing_browser_process.h" 19#include "chromeos/cryptohome/cryptohome_util.h" 20#include "chromeos/dbus/fake_cryptohome_client.h" 21#include "chromeos/dbus/fake_dbus_thread_manager.h" 22#include "policy/policy_constants.h" 23#include "testing/gtest/include/gtest/gtest.h" 24 25namespace policy { 26 27namespace { 28 29void CopyLockResult(base::RunLoop* loop, 30 EnterpriseInstallAttributes::LockResult* out, 31 EnterpriseInstallAttributes::LockResult result) { 32 *out = result; 33 loop->Quit(); 34} 35 36} // namespace 37 38class DeviceCloudPolicyStoreChromeOSTest 39 : public chromeos::DeviceSettingsTestBase { 40 protected: 41 DeviceCloudPolicyStoreChromeOSTest() 42 : local_state_(TestingBrowserProcess::GetGlobal()), 43 fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()), 44 install_attributes_( 45 new EnterpriseInstallAttributes(fake_cryptohome_client_)), 46 store_(new DeviceCloudPolicyStoreChromeOS( 47 &device_settings_service_, 48 install_attributes_.get(), 49 base::MessageLoopProxy::current())) { 50 fake_dbus_thread_manager_->SetCryptohomeClient( 51 scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_)); 52 } 53 54 virtual void SetUp() OVERRIDE { 55 DeviceSettingsTestBase::SetUp(); 56 57 base::RunLoop loop; 58 EnterpriseInstallAttributes::LockResult result; 59 install_attributes_->LockDevice( 60 PolicyBuilder::kFakeUsername, 61 DEVICE_MODE_ENTERPRISE, 62 PolicyBuilder::kFakeDeviceId, 63 base::Bind(&CopyLockResult, &loop, &result)); 64 loop.Run(); 65 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); 66 } 67 68 void ExpectFailure(CloudPolicyStore::Status expected_status) { 69 EXPECT_EQ(expected_status, store_->status()); 70 EXPECT_TRUE(store_->is_initialized()); 71 EXPECT_FALSE(store_->has_policy()); 72 EXPECT_FALSE(store_->is_managed()); 73 } 74 75 void ExpectSuccess() { 76 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 77 EXPECT_TRUE(store_->is_initialized()); 78 EXPECT_TRUE(store_->has_policy()); 79 EXPECT_TRUE(store_->is_managed()); 80 EXPECT_TRUE(store_->policy()); 81 base::FundamentalValue expected(false); 82 EXPECT_TRUE( 83 base::Value::Equals(&expected, 84 store_->policy_map().GetValue( 85 key::kDeviceMetricsReportingEnabled))); 86 } 87 88 void PrepareExistingPolicy() { 89 store_->Load(); 90 FlushDeviceSettings(); 91 ExpectSuccess(); 92 93 device_policy_.UnsetNewSigningKey(); 94 device_policy_.Build(); 95 } 96 97 void PrepareNewSigningKey() { 98 device_policy_.SetDefaultNewSigningKey(); 99 device_policy_.Build(); 100 owner_key_util_->SetPublicKeyFromPrivateKey( 101 *device_policy_.GetNewSigningKey()); 102 } 103 104 void ResetToNonEnterprise() { 105 store_.reset(); 106 chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned", 107 std::string()); 108 install_attributes_.reset( 109 new EnterpriseInstallAttributes(fake_cryptohome_client_)); 110 store_.reset( 111 new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 112 install_attributes_.get(), 113 base::MessageLoopProxy::current())); 114 } 115 116 ScopedTestingLocalState local_state_; 117 chromeos::FakeCryptohomeClient* fake_cryptohome_client_; 118 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 119 120 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_; 121 122 private: 123 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest); 124}; 125 126TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) { 127 owner_key_util_->Clear(); 128 store_->Load(); 129 FlushDeviceSettings(); 130 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 131} 132 133TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 134 device_settings_test_helper_.set_policy_blob(std::string()); 135 store_->Load(); 136 FlushDeviceSettings(); 137 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR); 138} 139 140TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) { 141 ResetToNonEnterprise(); 142 store_->Load(); 143 FlushDeviceSettings(); 144 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 145} 146 147TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) { 148 store_->Load(); 149 FlushDeviceSettings(); 150 ExpectSuccess(); 151} 152 153TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) { 154 PrepareExistingPolicy(); 155 store_->Store(device_policy_.policy()); 156 FlushDeviceSettings(); 157 ExpectSuccess(); 158} 159 160TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) { 161 PrepareExistingPolicy(); 162 device_policy_.policy().clear_policy_data_signature(); 163 store_->Store(device_policy_.policy()); 164 FlushDeviceSettings(); 165 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 166 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 167 store_->validation_status()); 168} 169 170TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) { 171 PrepareExistingPolicy(); 172 device_policy_.policy().set_policy_data_signature("invalid"); 173 store_->Store(device_policy_.policy()); 174 FlushDeviceSettings(); 175 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 176 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 177 store_->validation_status()); 178} 179 180TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) { 181 PrepareExistingPolicy(); 182 device_policy_.SetDefaultNewSigningKey(); 183 device_policy_.Build(); 184 store_->Store(device_policy_.policy()); 185 device_settings_test_helper_.FlushLoops(); 186 device_settings_test_helper_.FlushStore(); 187 owner_key_util_->SetPublicKeyFromPrivateKey( 188 *device_policy_.GetNewSigningKey()); 189 ReloadDeviceSettings(); 190 ExpectSuccess(); 191} 192 193TEST_F(DeviceCloudPolicyStoreChromeOSTest, 194 StoreKeyRotationVerificationFailure) { 195 PrepareExistingPolicy(); 196 device_policy_.SetDefaultNewSigningKey(); 197 device_policy_.Build(); 198 *device_policy_.policy().mutable_new_public_key_verification_signature() = 199 "garbage"; 200 store_->Store(device_policy_.policy()); 201 FlushDeviceSettings(); 202 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 203 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE, 204 store_->validation_status()); 205} 206 207TEST_F(DeviceCloudPolicyStoreChromeOSTest, 208 StoreKeyRotationMissingSignatureFailure) { 209 PrepareExistingPolicy(); 210 device_policy_.SetDefaultNewSigningKey(); 211 device_policy_.Build(); 212 device_policy_.policy().clear_new_public_key_verification_signature(); 213 store_->Store(device_policy_.policy()); 214 FlushDeviceSettings(); 215 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 216 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE, 217 store_->validation_status()); 218} 219 220TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) { 221 PrepareNewSigningKey(); 222 store_->InstallInitialPolicy(device_policy_.policy()); 223 FlushDeviceSettings(); 224 ExpectSuccess(); 225} 226 227TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) { 228 PrepareNewSigningKey(); 229 device_policy_.policy().clear_policy_data_signature(); 230 store_->InstallInitialPolicy(device_policy_.policy()); 231 FlushDeviceSettings(); 232 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 233 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 234 store_->validation_status()); 235} 236 237TEST_F(DeviceCloudPolicyStoreChromeOSTest, 238 InstallInitialPolicyVerificationFailure) { 239 PrepareNewSigningKey(); 240 *device_policy_.policy().mutable_new_public_key_verification_signature() = 241 "garbage"; 242 store_->InstallInitialPolicy(device_policy_.policy()); 243 FlushDeviceSettings(); 244 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 245 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE, 246 store_->validation_status()); 247} 248 249TEST_F(DeviceCloudPolicyStoreChromeOSTest, 250 InstallInitialPolicyMissingSignatureFailure) { 251 PrepareNewSigningKey(); 252 device_policy_.policy().clear_new_public_key_verification_signature(); 253 store_->InstallInitialPolicy(device_policy_.policy()); 254 FlushDeviceSettings(); 255 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 256 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE, 257 store_->validation_status()); 258} 259 260TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) { 261 PrepareNewSigningKey(); 262 device_policy_.policy().clear_new_public_key(); 263 store_->InstallInitialPolicy(device_policy_.policy()); 264 FlushDeviceSettings(); 265 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 266 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 267 store_->validation_status()); 268} 269 270TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) { 271 PrepareNewSigningKey(); 272 ResetToNonEnterprise(); 273 store_->InstallInitialPolicy(device_policy_.policy()); 274 FlushDeviceSettings(); 275 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 276} 277 278} // namespace policy 279