device_cloud_policy_store_chromeos_unittest.cc revision 2385ea399aae016c0806a4f9ef3c9cfe3d2a39df 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
6
7#include <vector>
8
9#include "base/basictypes.h"
10#include "base/compiler_specific.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/run_loop.h"
13#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
14#include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
15#include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h"
16#include "chromeos/cryptohome/cryptohome_library.h"
17#include "chromeos/dbus/cryptohome_client.h"
18#include "policy/policy_constants.h"
19#include "testing/gtest/include/gtest/gtest.h"
20
21namespace policy {
22
23namespace {
24
25void CopyLockResult(base::RunLoop* loop,
26                    EnterpriseInstallAttributes::LockResult* out,
27                    EnterpriseInstallAttributes::LockResult result) {
28  *out = result;
29  loop->Quit();
30}
31
32}  // namespace
33
34class DeviceCloudPolicyStoreChromeOSTest
35    : public chromeos::DeviceSettingsTestBase {
36 protected:
37  DeviceCloudPolicyStoreChromeOSTest()
38      : cryptohome_library_(chromeos::CryptohomeLibrary::GetTestImpl()),
39        stub_cryptohome_client_(chromeos::CryptohomeClient::Create(
40            chromeos::STUB_DBUS_CLIENT_IMPLEMENTATION, NULL)),
41        install_attributes_(new EnterpriseInstallAttributes(
42            cryptohome_library_.get(), stub_cryptohome_client_.get())),
43        store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
44                                                  install_attributes_.get())) {}
45
46  virtual void SetUp() OVERRIDE {
47    DeviceSettingsTestBase::SetUp();
48
49    base::RunLoop loop;
50    EnterpriseInstallAttributes::LockResult result;
51    install_attributes_->LockDevice(
52        PolicyBuilder::kFakeUsername,
53        DEVICE_MODE_ENTERPRISE,
54        PolicyBuilder::kFakeDeviceId,
55        base::Bind(&CopyLockResult, &loop, &result));
56    loop.Run();
57    ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
58  }
59
60  void ExpectFailure(CloudPolicyStore::Status expected_status) {
61    EXPECT_EQ(expected_status, store_->status());
62    EXPECT_TRUE(store_->is_initialized());
63    EXPECT_FALSE(store_->has_policy());
64    EXPECT_FALSE(store_->is_managed());
65  }
66
67  void ExpectSuccess() {
68    EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
69    EXPECT_TRUE(store_->is_initialized());
70    EXPECT_TRUE(store_->has_policy());
71    EXPECT_TRUE(store_->is_managed());
72    EXPECT_TRUE(store_->policy());
73    base::FundamentalValue expected(false);
74    EXPECT_TRUE(
75        base::Value::Equals(&expected,
76                            store_->policy_map().GetValue(
77                                key::kDeviceMetricsReportingEnabled)));
78  }
79
80  void PrepareExistingPolicy() {
81    store_->Load();
82    FlushDeviceSettings();
83    ExpectSuccess();
84
85    device_policy_.UnsetNewSigningKey();
86    device_policy_.Build();
87  }
88
89  void PrepareNewSigningKey() {
90    device_policy_.SetDefaultNewSigningKey();
91    device_policy_.Build();
92    owner_key_util_->SetPublicKeyFromPrivateKey(
93        *device_policy_.GetNewSigningKey());
94  }
95
96  void ResetToNonEnterprise() {
97    store_.reset();
98    cryptohome_library_->InstallAttributesSet("enterprise.owned",
99                                              std::string());
100    install_attributes_.reset(new EnterpriseInstallAttributes(
101        cryptohome_library_.get(), stub_cryptohome_client_.get()));
102    store_.reset(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
103                                                    install_attributes_.get()));
104  }
105
106  scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_library_;
107  scoped_ptr<chromeos::CryptohomeClient> stub_cryptohome_client_;
108  scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
109
110  scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
111
112 private:
113  DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
114};
115
116TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
117  owner_key_util_->Clear();
118  store_->Load();
119  FlushDeviceSettings();
120  ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
121}
122
123TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
124  device_settings_test_helper_.set_policy_blob(std::string());
125  store_->Load();
126  FlushDeviceSettings();
127  ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
128}
129
130TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
131  ResetToNonEnterprise();
132  store_->Load();
133  FlushDeviceSettings();
134  ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
135}
136
137TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
138  store_->Load();
139  FlushDeviceSettings();
140  ExpectSuccess();
141}
142
143TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
144  PrepareExistingPolicy();
145  store_->Store(device_policy_.policy());
146  FlushDeviceSettings();
147  ExpectSuccess();
148}
149
150TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
151  PrepareExistingPolicy();
152  device_policy_.policy().clear_policy_data_signature();
153  store_->Store(device_policy_.policy());
154  FlushDeviceSettings();
155  EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
156  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
157            store_->validation_status());
158}
159
160TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
161  PrepareExistingPolicy();
162  device_policy_.policy().set_policy_data_signature("invalid");
163  store_->Store(device_policy_.policy());
164  FlushDeviceSettings();
165  EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
166  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
167            store_->validation_status());
168}
169
170TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
171  PrepareExistingPolicy();
172  device_policy_.SetDefaultNewSigningKey();
173  device_policy_.Build();
174  store_->Store(device_policy_.policy());
175  device_settings_test_helper_.FlushLoops();
176  device_settings_test_helper_.FlushStore();
177  owner_key_util_->SetPublicKeyFromPrivateKey(
178      *device_policy_.GetNewSigningKey());
179  ReloadDeviceSettings();
180  ExpectSuccess();
181}
182
183TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
184  PrepareNewSigningKey();
185  store_->InstallInitialPolicy(device_policy_.policy());
186  FlushDeviceSettings();
187  ExpectSuccess();
188}
189
190TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
191  PrepareNewSigningKey();
192  device_policy_.policy().clear_policy_data_signature();
193  store_->InstallInitialPolicy(device_policy_.policy());
194  FlushDeviceSettings();
195  ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
196  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
197            store_->validation_status());
198}
199
200TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
201  PrepareNewSigningKey();
202  device_policy_.policy().clear_new_public_key();
203  store_->InstallInitialPolicy(device_policy_.policy());
204  FlushDeviceSettings();
205  ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
206  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
207            store_->validation_status());
208}
209
210TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
211  PrepareNewSigningKey();
212  ResetToNonEnterprise();
213  store_->InstallInitialPolicy(device_policy_.policy());
214  FlushDeviceSettings();
215  ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
216}
217
218}  // namespace policy
219