device_cloud_policy_store_chromeos_unittest.cc revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 6 7#include <vector> 8 9#include "base/basictypes.h" 10#include "base/compiler_specific.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/run_loop.h" 13#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 14#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 15#include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" 16#include "chromeos/cryptohome/mock_cryptohome_library.h" 17#include "chromeos/dbus/mock_cryptohome_client.h" 18#include "policy/policy_constants.h" 19#include "testing/gtest/include/gtest/gtest.h" 20 21namespace policy { 22 23namespace { 24 25void CopyLockResult(base::RunLoop* loop, 26 EnterpriseInstallAttributes::LockResult* out, 27 EnterpriseInstallAttributes::LockResult result) { 28 *out = result; 29 loop->Quit(); 30} 31 32} // namespace 33 34class DeviceCloudPolicyStoreChromeOSTest 35 : public chromeos::DeviceSettingsTestBase { 36 protected: 37 DeviceCloudPolicyStoreChromeOSTest() 38 : cryptohome_library_(chromeos::CryptohomeLibrary::GetTestImpl()), 39 stub_cryptohome_client_(chromeos::CryptohomeClient::Create( 40 chromeos::STUB_DBUS_CLIENT_IMPLEMENTATION, NULL)), 41 install_attributes_(new EnterpriseInstallAttributes( 42 cryptohome_library_.get(), stub_cryptohome_client_.get())), 43 store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 44 install_attributes_.get())) {} 45 46 virtual void SetUp() OVERRIDE { 47 DeviceSettingsTestBase::SetUp(); 48 49 base::RunLoop loop; 50 EnterpriseInstallAttributes::LockResult result; 51 install_attributes_->LockDevice( 52 PolicyBuilder::kFakeUsername, 53 DEVICE_MODE_ENTERPRISE, 54 PolicyBuilder::kFakeDeviceId, 55 base::Bind(&CopyLockResult, &loop, &result)); 56 loop.Run(); 57 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); 58 } 59 60 void ExpectFailure(CloudPolicyStore::Status expected_status) { 61 EXPECT_EQ(expected_status, store_->status()); 62 EXPECT_TRUE(store_->is_initialized()); 63 EXPECT_FALSE(store_->has_policy()); 64 EXPECT_FALSE(store_->is_managed()); 65 } 66 67 void ExpectSuccess() { 68 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 69 EXPECT_TRUE(store_->is_initialized()); 70 EXPECT_TRUE(store_->has_policy()); 71 EXPECT_TRUE(store_->is_managed()); 72 EXPECT_TRUE(store_->policy()); 73 base::FundamentalValue expected(false); 74 EXPECT_TRUE( 75 base::Value::Equals(&expected, 76 store_->policy_map().GetValue( 77 key::kDeviceMetricsReportingEnabled))); 78 } 79 80 void PrepareExistingPolicy() { 81 store_->Load(); 82 FlushDeviceSettings(); 83 ExpectSuccess(); 84 85 device_policy_.set_new_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); 86 device_policy_.Build(); 87 } 88 89 void PrepareNewSigningKey() { 90 device_policy_.set_new_signing_key( 91 PolicyBuilder::CreateTestNewSigningKey()); 92 device_policy_.Build(); 93 owner_key_util_->SetPublicKeyFromPrivateKey( 94 device_policy_.new_signing_key()); 95 } 96 97 void ResetToNonEnterprise() { 98 store_.reset(); 99 cryptohome_library_->InstallAttributesSet("enterprise.owned", 100 std::string()); 101 install_attributes_.reset(new EnterpriseInstallAttributes( 102 cryptohome_library_.get(), stub_cryptohome_client_.get())); 103 store_.reset(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 104 install_attributes_.get())); 105 } 106 107 scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_library_; 108 scoped_ptr<chromeos::CryptohomeClient> stub_cryptohome_client_; 109 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 110 111 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_; 112 113 private: 114 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest); 115}; 116 117TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) { 118 owner_key_util_->Clear(); 119 store_->Load(); 120 FlushDeviceSettings(); 121 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 122} 123 124TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 125 device_settings_test_helper_.set_policy_blob(std::string()); 126 store_->Load(); 127 FlushDeviceSettings(); 128 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR); 129} 130 131TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) { 132 ResetToNonEnterprise(); 133 store_->Load(); 134 FlushDeviceSettings(); 135 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 136} 137 138TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) { 139 store_->Load(); 140 FlushDeviceSettings(); 141 ExpectSuccess(); 142} 143 144TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) { 145 PrepareExistingPolicy(); 146 store_->Store(device_policy_.policy()); 147 FlushDeviceSettings(); 148 ExpectSuccess(); 149} 150 151TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) { 152 PrepareExistingPolicy(); 153 device_policy_.policy().clear_policy_data_signature(); 154 store_->Store(device_policy_.policy()); 155 FlushDeviceSettings(); 156 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 157 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 158 store_->validation_status()); 159} 160 161TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) { 162 PrepareExistingPolicy(); 163 device_policy_.policy().set_policy_data_signature("invalid"); 164 store_->Store(device_policy_.policy()); 165 FlushDeviceSettings(); 166 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 167 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 168 store_->validation_status()); 169} 170 171TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) { 172 PrepareExistingPolicy(); 173 device_policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); 174 device_policy_.Build(); 175 store_->Store(device_policy_.policy()); 176 device_settings_test_helper_.FlushLoops(); 177 device_settings_test_helper_.FlushStore(); 178 owner_key_util_->SetPublicKeyFromPrivateKey(device_policy_.new_signing_key()); 179 ReloadDeviceSettings(); 180 ExpectSuccess(); 181} 182 183TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) { 184 PrepareNewSigningKey(); 185 store_->InstallInitialPolicy(device_policy_.policy()); 186 FlushDeviceSettings(); 187 ExpectSuccess(); 188} 189 190TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) { 191 PrepareNewSigningKey(); 192 device_policy_.policy().clear_policy_data_signature(); 193 store_->InstallInitialPolicy(device_policy_.policy()); 194 FlushDeviceSettings(); 195 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 196 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 197 store_->validation_status()); 198} 199 200TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) { 201 PrepareNewSigningKey(); 202 device_policy_.policy().clear_new_public_key(); 203 store_->InstallInitialPolicy(device_policy_.policy()); 204 FlushDeviceSettings(); 205 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 206 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 207 store_->validation_status()); 208} 209 210TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) { 211 PrepareNewSigningKey(); 212 ResetToNonEnterprise(); 213 store_->InstallInitialPolicy(device_policy_.policy()); 214 FlushDeviceSettings(); 215 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 216} 217 218} // namespace policy 219