device_cloud_policy_store_chromeos_unittest.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 6 7#include <vector> 8 9#include "base/basictypes.h" 10#include "base/compiler_specific.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/run_loop.h" 13#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 14#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 15#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 16#include "chromeos/cryptohome/cryptohome_util.h" 17#include "chromeos/dbus/fake_cryptohome_client.h" 18#include "policy/policy_constants.h" 19#include "testing/gtest/include/gtest/gtest.h" 20 21namespace policy { 22 23namespace { 24 25void CopyLockResult(base::RunLoop* loop, 26 EnterpriseInstallAttributes::LockResult* out, 27 EnterpriseInstallAttributes::LockResult result) { 28 *out = result; 29 loop->Quit(); 30} 31 32} // namespace 33 34class DeviceCloudPolicyStoreChromeOSTest 35 : public chromeos::DeviceSettingsTestBase { 36 protected: 37 DeviceCloudPolicyStoreChromeOSTest() 38 : fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()), 39 install_attributes_(new EnterpriseInstallAttributes( 40 fake_cryptohome_client_.get())), 41 store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 42 install_attributes_.get(), 43 loop_.message_loop_proxy())) { 44 fake_cryptohome_client_->Init(NULL /* no dbus::Bus */); 45 } 46 47 virtual void SetUp() OVERRIDE { 48 DeviceSettingsTestBase::SetUp(); 49 50 base::RunLoop loop; 51 EnterpriseInstallAttributes::LockResult result; 52 install_attributes_->LockDevice( 53 PolicyBuilder::kFakeUsername, 54 DEVICE_MODE_ENTERPRISE, 55 PolicyBuilder::kFakeDeviceId, 56 base::Bind(&CopyLockResult, &loop, &result)); 57 loop.Run(); 58 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); 59 } 60 61 void ExpectFailure(CloudPolicyStore::Status expected_status) { 62 EXPECT_EQ(expected_status, store_->status()); 63 EXPECT_TRUE(store_->is_initialized()); 64 EXPECT_FALSE(store_->has_policy()); 65 EXPECT_FALSE(store_->is_managed()); 66 } 67 68 void ExpectSuccess() { 69 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 70 EXPECT_TRUE(store_->is_initialized()); 71 EXPECT_TRUE(store_->has_policy()); 72 EXPECT_TRUE(store_->is_managed()); 73 EXPECT_TRUE(store_->policy()); 74 base::FundamentalValue expected(false); 75 EXPECT_TRUE( 76 base::Value::Equals(&expected, 77 store_->policy_map().GetValue( 78 key::kDeviceMetricsReportingEnabled))); 79 } 80 81 void PrepareExistingPolicy() { 82 store_->Load(); 83 FlushDeviceSettings(); 84 ExpectSuccess(); 85 86 device_policy_.UnsetNewSigningKey(); 87 device_policy_.Build(); 88 } 89 90 void PrepareNewSigningKey() { 91 device_policy_.SetDefaultNewSigningKey(); 92 device_policy_.Build(); 93 owner_key_util_->SetPublicKeyFromPrivateKey( 94 *device_policy_.GetNewSigningKey()); 95 } 96 97 void ResetToNonEnterprise() { 98 store_.reset(); 99 chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned", 100 std::string()); 101 install_attributes_.reset(new EnterpriseInstallAttributes( 102 fake_cryptohome_client_.get())); 103 store_.reset( 104 new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 105 install_attributes_.get(), 106 loop_.message_loop_proxy())); 107 } 108 109 scoped_ptr<chromeos::FakeCryptohomeClient> fake_cryptohome_client_; 110 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 111 112 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_; 113 114 private: 115 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest); 116}; 117 118TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) { 119 owner_key_util_->Clear(); 120 store_->Load(); 121 FlushDeviceSettings(); 122 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 123} 124 125TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 126 device_settings_test_helper_.set_policy_blob(std::string()); 127 store_->Load(); 128 FlushDeviceSettings(); 129 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR); 130} 131 132TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) { 133 ResetToNonEnterprise(); 134 store_->Load(); 135 FlushDeviceSettings(); 136 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 137} 138 139TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) { 140 store_->Load(); 141 FlushDeviceSettings(); 142 ExpectSuccess(); 143} 144 145TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) { 146 PrepareExistingPolicy(); 147 store_->Store(device_policy_.policy()); 148 FlushDeviceSettings(); 149 ExpectSuccess(); 150} 151 152TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) { 153 PrepareExistingPolicy(); 154 device_policy_.policy().clear_policy_data_signature(); 155 store_->Store(device_policy_.policy()); 156 FlushDeviceSettings(); 157 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 158 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 159 store_->validation_status()); 160} 161 162TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) { 163 PrepareExistingPolicy(); 164 device_policy_.policy().set_policy_data_signature("invalid"); 165 store_->Store(device_policy_.policy()); 166 FlushDeviceSettings(); 167 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 168 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 169 store_->validation_status()); 170} 171 172TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) { 173 PrepareExistingPolicy(); 174 device_policy_.SetDefaultNewSigningKey(); 175 device_policy_.Build(); 176 store_->Store(device_policy_.policy()); 177 device_settings_test_helper_.FlushLoops(); 178 device_settings_test_helper_.FlushStore(); 179 owner_key_util_->SetPublicKeyFromPrivateKey( 180 *device_policy_.GetNewSigningKey()); 181 ReloadDeviceSettings(); 182 ExpectSuccess(); 183} 184 185TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) { 186 PrepareNewSigningKey(); 187 store_->InstallInitialPolicy(device_policy_.policy()); 188 FlushDeviceSettings(); 189 ExpectSuccess(); 190} 191 192TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) { 193 PrepareNewSigningKey(); 194 device_policy_.policy().clear_policy_data_signature(); 195 store_->InstallInitialPolicy(device_policy_.policy()); 196 FlushDeviceSettings(); 197 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 198 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 199 store_->validation_status()); 200} 201 202TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) { 203 PrepareNewSigningKey(); 204 device_policy_.policy().clear_new_public_key(); 205 store_->InstallInitialPolicy(device_policy_.policy()); 206 FlushDeviceSettings(); 207 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 208 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 209 store_->validation_status()); 210} 211 212TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) { 213 PrepareNewSigningKey(); 214 ResetToNonEnterprise(); 215 store_->InstallInitialPolicy(device_policy_.policy()); 216 FlushDeviceSettings(); 217 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 218} 219 220} // namespace policy 221