device_cloud_policy_store_chromeos_unittest.cc revision 424c4d7b64af9d0d8fd9624f381f469654d5e3d2
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 6 7#include <vector> 8 9#include "base/basictypes.h" 10#include "base/compiler_specific.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/run_loop.h" 13#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 14#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 15#include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" 16#include "chromeos/cryptohome/cryptohome_library.h" 17#include "chromeos/dbus/cryptohome_client_stub.h" 18#include "policy/policy_constants.h" 19#include "testing/gtest/include/gtest/gtest.h" 20 21namespace policy { 22 23namespace { 24 25void CopyLockResult(base::RunLoop* loop, 26 EnterpriseInstallAttributes::LockResult* out, 27 EnterpriseInstallAttributes::LockResult result) { 28 *out = result; 29 loop->Quit(); 30} 31 32} // namespace 33 34class DeviceCloudPolicyStoreChromeOSTest 35 : public chromeos::DeviceSettingsTestBase { 36 protected: 37 DeviceCloudPolicyStoreChromeOSTest() 38 : cryptohome_library_(chromeos::CryptohomeLibrary::GetTestImpl()), 39 stub_cryptohome_client_(new chromeos::CryptohomeClientStubImpl()), 40 install_attributes_(new EnterpriseInstallAttributes( 41 cryptohome_library_.get(), stub_cryptohome_client_.get())), 42 store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 43 install_attributes_.get())) { 44 stub_cryptohome_client_->Init(NULL /* no dbus::Bus */); 45 } 46 47 virtual void SetUp() OVERRIDE { 48 DeviceSettingsTestBase::SetUp(); 49 50 base::RunLoop loop; 51 EnterpriseInstallAttributes::LockResult result; 52 install_attributes_->LockDevice( 53 PolicyBuilder::kFakeUsername, 54 DEVICE_MODE_ENTERPRISE, 55 PolicyBuilder::kFakeDeviceId, 56 base::Bind(&CopyLockResult, &loop, &result)); 57 loop.Run(); 58 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); 59 } 60 61 void ExpectFailure(CloudPolicyStore::Status expected_status) { 62 EXPECT_EQ(expected_status, store_->status()); 63 EXPECT_TRUE(store_->is_initialized()); 64 EXPECT_FALSE(store_->has_policy()); 65 EXPECT_FALSE(store_->is_managed()); 66 } 67 68 void ExpectSuccess() { 69 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 70 EXPECT_TRUE(store_->is_initialized()); 71 EXPECT_TRUE(store_->has_policy()); 72 EXPECT_TRUE(store_->is_managed()); 73 EXPECT_TRUE(store_->policy()); 74 base::FundamentalValue expected(false); 75 EXPECT_TRUE( 76 base::Value::Equals(&expected, 77 store_->policy_map().GetValue( 78 key::kDeviceMetricsReportingEnabled))); 79 } 80 81 void PrepareExistingPolicy() { 82 store_->Load(); 83 FlushDeviceSettings(); 84 ExpectSuccess(); 85 86 device_policy_.UnsetNewSigningKey(); 87 device_policy_.Build(); 88 } 89 90 void PrepareNewSigningKey() { 91 device_policy_.SetDefaultNewSigningKey(); 92 device_policy_.Build(); 93 owner_key_util_->SetPublicKeyFromPrivateKey( 94 *device_policy_.GetNewSigningKey()); 95 } 96 97 void ResetToNonEnterprise() { 98 store_.reset(); 99 cryptohome_library_->InstallAttributesSet("enterprise.owned", 100 std::string()); 101 install_attributes_.reset(new EnterpriseInstallAttributes( 102 cryptohome_library_.get(), stub_cryptohome_client_.get())); 103 store_.reset(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 104 install_attributes_.get())); 105 } 106 107 scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_library_; 108 scoped_ptr<chromeos::CryptohomeClientStubImpl> stub_cryptohome_client_; 109 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 110 111 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_; 112 113 private: 114 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest); 115}; 116 117TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) { 118 owner_key_util_->Clear(); 119 store_->Load(); 120 FlushDeviceSettings(); 121 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 122} 123 124TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 125 device_settings_test_helper_.set_policy_blob(std::string()); 126 store_->Load(); 127 FlushDeviceSettings(); 128 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR); 129} 130 131TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) { 132 ResetToNonEnterprise(); 133 store_->Load(); 134 FlushDeviceSettings(); 135 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 136} 137 138TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) { 139 store_->Load(); 140 FlushDeviceSettings(); 141 ExpectSuccess(); 142} 143 144TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) { 145 PrepareExistingPolicy(); 146 store_->Store(device_policy_.policy()); 147 FlushDeviceSettings(); 148 ExpectSuccess(); 149} 150 151TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) { 152 PrepareExistingPolicy(); 153 device_policy_.policy().clear_policy_data_signature(); 154 store_->Store(device_policy_.policy()); 155 FlushDeviceSettings(); 156 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 157 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 158 store_->validation_status()); 159} 160 161TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) { 162 PrepareExistingPolicy(); 163 device_policy_.policy().set_policy_data_signature("invalid"); 164 store_->Store(device_policy_.policy()); 165 FlushDeviceSettings(); 166 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 167 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 168 store_->validation_status()); 169} 170 171TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) { 172 PrepareExistingPolicy(); 173 device_policy_.SetDefaultNewSigningKey(); 174 device_policy_.Build(); 175 store_->Store(device_policy_.policy()); 176 device_settings_test_helper_.FlushLoops(); 177 device_settings_test_helper_.FlushStore(); 178 owner_key_util_->SetPublicKeyFromPrivateKey( 179 *device_policy_.GetNewSigningKey()); 180 ReloadDeviceSettings(); 181 ExpectSuccess(); 182} 183 184TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) { 185 PrepareNewSigningKey(); 186 store_->InstallInitialPolicy(device_policy_.policy()); 187 FlushDeviceSettings(); 188 ExpectSuccess(); 189} 190 191TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) { 192 PrepareNewSigningKey(); 193 device_policy_.policy().clear_policy_data_signature(); 194 store_->InstallInitialPolicy(device_policy_.policy()); 195 FlushDeviceSettings(); 196 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 197 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 198 store_->validation_status()); 199} 200 201TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) { 202 PrepareNewSigningKey(); 203 device_policy_.policy().clear_new_public_key(); 204 store_->InstallInitialPolicy(device_policy_.policy()); 205 FlushDeviceSettings(); 206 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 207 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 208 store_->validation_status()); 209} 210 211TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) { 212 PrepareNewSigningKey(); 213 ResetToNonEnterprise(); 214 store_->InstallInitialPolicy(device_policy_.policy()); 215 FlushDeviceSettings(); 216 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 217} 218 219} // namespace policy 220