device_cloud_policy_store_chromeos_unittest.cc revision f8ee788a64d60abd8f2d742a5fdedde054ecd910 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
6
7#include <vector>
8
9#include "base/basictypes.h"
10#include "base/compiler_specific.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/run_loop.h"
13#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
14#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
15#include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
16#include "chromeos/cryptohome/cryptohome_util.h"
17#include "chromeos/dbus/fake_cryptohome_client.h"
18#include "policy/policy_constants.h"
19#include "testing/gtest/include/gtest/gtest.h"
20
21namespace policy {
22
23namespace {
24
25void CopyLockResult(base::RunLoop* loop,
26                    EnterpriseInstallAttributes::LockResult* out,
27                    EnterpriseInstallAttributes::LockResult result) {
28  *out = result;
29  loop->Quit();
30}
31
32}  // namespace
33
34class DeviceCloudPolicyStoreChromeOSTest
35    : public chromeos::DeviceSettingsTestBase {
36 protected:
37  DeviceCloudPolicyStoreChromeOSTest()
38      : fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
39        install_attributes_(new EnterpriseInstallAttributes(
40            fake_cryptohome_client_.get())),
41        store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
42                                                  install_attributes_.get(),
43                                                  loop_.message_loop_proxy())) {
44    fake_cryptohome_client_->Init(NULL /* no dbus::Bus */);
45  }
46
47  virtual void SetUp() OVERRIDE {
48    DeviceSettingsTestBase::SetUp();
49
50    base::RunLoop loop;
51    EnterpriseInstallAttributes::LockResult result;
52    install_attributes_->LockDevice(
53        PolicyBuilder::kFakeUsername,
54        DEVICE_MODE_ENTERPRISE,
55        PolicyBuilder::kFakeDeviceId,
56        base::Bind(&CopyLockResult, &loop, &result));
57    loop.Run();
58    ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
59  }
60
61  void ExpectFailure(CloudPolicyStore::Status expected_status) {
62    EXPECT_EQ(expected_status, store_->status());
63    EXPECT_TRUE(store_->is_initialized());
64    EXPECT_FALSE(store_->has_policy());
65    EXPECT_FALSE(store_->is_managed());
66  }
67
68  void ExpectSuccess() {
69    EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
70    EXPECT_TRUE(store_->is_initialized());
71    EXPECT_TRUE(store_->has_policy());
72    EXPECT_TRUE(store_->is_managed());
73    EXPECT_TRUE(store_->policy());
74    base::FundamentalValue expected(false);
75    EXPECT_TRUE(
76        base::Value::Equals(&expected,
77                            store_->policy_map().GetValue(
78                                key::kDeviceMetricsReportingEnabled)));
79  }
80
81  void PrepareExistingPolicy() {
82    store_->Load();
83    FlushDeviceSettings();
84    ExpectSuccess();
85
86    device_policy_.UnsetNewSigningKey();
87    device_policy_.Build();
88  }
89
90  void PrepareNewSigningKey() {
91    device_policy_.SetDefaultNewSigningKey();
92    device_policy_.Build();
93    owner_key_util_->SetPublicKeyFromPrivateKey(
94        *device_policy_.GetNewSigningKey());
95  }
96
97  void ResetToNonEnterprise() {
98    store_.reset();
99    chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
100                                                    std::string());
101    install_attributes_.reset(new EnterpriseInstallAttributes(
102        fake_cryptohome_client_.get()));
103    store_.reset(
104        new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
105                                           install_attributes_.get(),
106                                           loop_.message_loop_proxy()));
107  }
108
109  scoped_ptr<chromeos::FakeCryptohomeClient> fake_cryptohome_client_;
110  scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
111
112  scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
113
114 private:
115  DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
116};
117
118TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
119  owner_key_util_->Clear();
120  store_->Load();
121  FlushDeviceSettings();
122  ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
123}
124
125TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
126  device_settings_test_helper_.set_policy_blob(std::string());
127  store_->Load();
128  FlushDeviceSettings();
129  ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
130}
131
132TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
133  ResetToNonEnterprise();
134  store_->Load();
135  FlushDeviceSettings();
136  ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
137}
138
139TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
140  store_->Load();
141  FlushDeviceSettings();
142  ExpectSuccess();
143}
144
145TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
146  PrepareExistingPolicy();
147  store_->Store(device_policy_.policy());
148  FlushDeviceSettings();
149  ExpectSuccess();
150}
151
152TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
153  PrepareExistingPolicy();
154  device_policy_.policy().clear_policy_data_signature();
155  store_->Store(device_policy_.policy());
156  FlushDeviceSettings();
157  EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
158  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
159            store_->validation_status());
160}
161
162TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
163  PrepareExistingPolicy();
164  device_policy_.policy().set_policy_data_signature("invalid");
165  store_->Store(device_policy_.policy());
166  FlushDeviceSettings();
167  EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
168  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
169            store_->validation_status());
170}
171
172TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
173  PrepareExistingPolicy();
174  device_policy_.SetDefaultNewSigningKey();
175  device_policy_.Build();
176  store_->Store(device_policy_.policy());
177  device_settings_test_helper_.FlushLoops();
178  device_settings_test_helper_.FlushStore();
179  owner_key_util_->SetPublicKeyFromPrivateKey(
180      *device_policy_.GetNewSigningKey());
181  ReloadDeviceSettings();
182  ExpectSuccess();
183}
184
185TEST_F(DeviceCloudPolicyStoreChromeOSTest,
186       StoreKeyRotationVerificationFailure) {
187  PrepareExistingPolicy();
188  device_policy_.SetDefaultNewSigningKey();
189  device_policy_.Build();
190  *device_policy_.policy().mutable_new_public_key_verification_signature() =
191      "garbage";
192  store_->Store(device_policy_.policy());
193  FlushDeviceSettings();
194  EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
195  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
196            store_->validation_status());
197}
198
199TEST_F(DeviceCloudPolicyStoreChromeOSTest,
200       StoreKeyRotationMissingSignatureFailure) {
201  PrepareExistingPolicy();
202  device_policy_.SetDefaultNewSigningKey();
203  device_policy_.Build();
204  device_policy_.policy().clear_new_public_key_verification_signature();
205  store_->Store(device_policy_.policy());
206  FlushDeviceSettings();
207  EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
208  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
209            store_->validation_status());
210}
211
212TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
213  PrepareNewSigningKey();
214  store_->InstallInitialPolicy(device_policy_.policy());
215  FlushDeviceSettings();
216  ExpectSuccess();
217}
218
219TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
220  PrepareNewSigningKey();
221  device_policy_.policy().clear_policy_data_signature();
222  store_->InstallInitialPolicy(device_policy_.policy());
223  FlushDeviceSettings();
224  ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
225  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
226            store_->validation_status());
227}
228
229TEST_F(DeviceCloudPolicyStoreChromeOSTest,
230       InstallInitialPolicyVerificationFailure) {
231  PrepareNewSigningKey();
232  *device_policy_.policy().mutable_new_public_key_verification_signature() =
233      "garbage";
234  store_->InstallInitialPolicy(device_policy_.policy());
235  FlushDeviceSettings();
236  ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
237  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
238            store_->validation_status());
239}
240
241TEST_F(DeviceCloudPolicyStoreChromeOSTest,
242       InstallInitialPolicyMissingSignatureFailure) {
243  PrepareNewSigningKey();
244  device_policy_.policy().clear_new_public_key_verification_signature();
245  store_->InstallInitialPolicy(device_policy_.policy());
246  FlushDeviceSettings();
247  ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
248  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
249            store_->validation_status());
250}
251
252TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
253  PrepareNewSigningKey();
254  device_policy_.policy().clear_new_public_key();
255  store_->InstallInitialPolicy(device_policy_.policy());
256  FlushDeviceSettings();
257  ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
258  EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
259            store_->validation_status());
260}
261
262TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
263  PrepareNewSigningKey();
264  ResetToNonEnterprise();
265  store_->InstallInitialPolicy(device_policy_.policy());
266  FlushDeviceSettings();
267  ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
268}
269
270}  // namespace policy
271