1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
6
7#include "base/bind.h"
8#include "base/bind_helpers.h"
9#include "base/files/file_util.h"
10#include "base/files/scoped_temp_dir.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/path_service.h"
13#include "base/run_loop.h"
14#include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h"
15#include "chromeos/chromeos_paths.h"
16#include "chromeos/cryptohome/cryptohome_util.h"
17#include "chromeos/dbus/cryptohome_client.h"
18#include "chromeos/dbus/dbus_thread_manager.h"
19#include "google_apis/gaia/gaia_auth_util.h"
20#include "testing/gtest/include/gtest/gtest.h"
21
22namespace policy {
23
24namespace cryptohome_util = chromeos::cryptohome_util;
25
26namespace {
27
28void CopyLockResult(base::RunLoop* loop,
29                    EnterpriseInstallAttributes::LockResult* out,
30                    EnterpriseInstallAttributes::LockResult result) {
31  *out = result;
32  loop->Quit();
33}
34
35}  // namespace
36
37static const char kTestUser[] = "test@example.com";
38static const char kTestUserCanonicalize[] = "UPPER.CASE@example.com";
39static const char kTestDomain[] = "example.com";
40static const char kTestDeviceId[] = "133750519";
41
42class EnterpriseInstallAttributesTest : public testing::Test {
43 protected:
44  EnterpriseInstallAttributesTest() {}
45
46  virtual void SetUp() OVERRIDE {
47    ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
48    ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
49        chromeos::FILE_INSTALL_ATTRIBUTES, GetTempPath(), true, false));
50    chromeos::DBusThreadManager::Initialize();
51    install_attributes_.reset(new EnterpriseInstallAttributes(
52        chromeos::DBusThreadManager::Get()->GetCryptohomeClient()));
53  }
54
55  virtual void TearDown() OVERRIDE {
56    chromeos::DBusThreadManager::Shutdown();
57  }
58
59  base::FilePath GetTempPath() const {
60    base::FilePath temp_path = base::MakeAbsoluteFilePath(temp_dir_.path());
61    return temp_path.Append("install_attrs_test");
62  }
63
64  void SetAttribute(
65      cryptohome::SerializedInstallAttributes* install_attrs_proto,
66      const std::string& name,
67      const std::string& value) {
68    cryptohome::SerializedInstallAttributes::Attribute* attribute;
69    attribute = install_attrs_proto->add_attributes();
70    attribute->set_name(name);
71    attribute->set_value(value);
72  }
73
74  base::MessageLoopForUI message_loop_;
75  base::ScopedTempDir temp_dir_;
76  scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
77
78  EnterpriseInstallAttributes::LockResult LockDeviceAndWaitForResult(
79      const std::string& user,
80      DeviceMode device_mode,
81      const std::string& device_id) {
82    base::RunLoop loop;
83    EnterpriseInstallAttributes::LockResult result;
84    install_attributes_->LockDevice(
85        user,
86        device_mode,
87        device_id,
88        base::Bind(&CopyLockResult, &loop, &result));
89    loop.Run();
90    return result;
91  }
92};
93
94TEST_F(EnterpriseInstallAttributesTest, Lock) {
95  EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
96            LockDeviceAndWaitForResult(
97                kTestUser,
98                DEVICE_MODE_ENTERPRISE,
99                kTestDeviceId));
100
101  EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
102            LockDeviceAndWaitForResult(
103                kTestUser,
104                DEVICE_MODE_ENTERPRISE,
105                kTestDeviceId));
106  // Another user from the same domain should also succeed.
107  EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
108            LockDeviceAndWaitForResult(
109                "test1@example.com",
110                DEVICE_MODE_ENTERPRISE,
111                kTestDeviceId));
112  // But another domain should fail.
113  EXPECT_EQ(EnterpriseInstallAttributes::LOCK_WRONG_USER,
114            LockDeviceAndWaitForResult(
115                "test@bluebears.com",
116                DEVICE_MODE_ENTERPRISE,
117                kTestDeviceId));
118}
119
120TEST_F(EnterpriseInstallAttributesTest, LockCanonicalize) {
121  EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
122            LockDeviceAndWaitForResult(
123                kTestUserCanonicalize,
124                DEVICE_MODE_ENTERPRISE,
125                kTestDeviceId));
126  EXPECT_EQ(gaia::CanonicalizeEmail(kTestUserCanonicalize),
127            install_attributes_->GetRegistrationUser());
128}
129
130TEST_F(EnterpriseInstallAttributesTest, IsEnterpriseDevice) {
131  install_attributes_->ReadCacheFile(GetTempPath());
132  EXPECT_FALSE(install_attributes_->IsEnterpriseDevice());
133  ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
134            LockDeviceAndWaitForResult(
135                kTestUser,
136                DEVICE_MODE_ENTERPRISE,
137                kTestDeviceId));
138  EXPECT_TRUE(install_attributes_->IsEnterpriseDevice());
139}
140
141TEST_F(EnterpriseInstallAttributesTest, GetDomain) {
142  install_attributes_->ReadCacheFile(GetTempPath());
143  EXPECT_EQ(std::string(), install_attributes_->GetDomain());
144  ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
145            LockDeviceAndWaitForResult(
146                kTestUser,
147                DEVICE_MODE_ENTERPRISE,
148                kTestDeviceId));
149  EXPECT_EQ(kTestDomain, install_attributes_->GetDomain());
150}
151
152TEST_F(EnterpriseInstallAttributesTest, GetRegistrationUser) {
153  install_attributes_->ReadCacheFile(GetTempPath());
154  EXPECT_EQ(std::string(), install_attributes_->GetRegistrationUser());
155  ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
156            LockDeviceAndWaitForResult(
157                kTestUser,
158                DEVICE_MODE_ENTERPRISE,
159                kTestDeviceId));
160  EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
161}
162
163TEST_F(EnterpriseInstallAttributesTest, GetDeviceId) {
164  install_attributes_->ReadCacheFile(GetTempPath());
165  EXPECT_EQ(std::string(), install_attributes_->GetDeviceId());
166  ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
167            LockDeviceAndWaitForResult(
168                kTestUser,
169                DEVICE_MODE_ENTERPRISE,
170                kTestDeviceId));
171  EXPECT_EQ(kTestDeviceId, install_attributes_->GetDeviceId());
172}
173
174TEST_F(EnterpriseInstallAttributesTest, GetMode) {
175  install_attributes_->ReadCacheFile(GetTempPath());
176  EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
177  ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
178            LockDeviceAndWaitForResult(
179                kTestUser,
180                DEVICE_MODE_RETAIL_KIOSK,
181                kTestDeviceId));
182  EXPECT_EQ(DEVICE_MODE_RETAIL_KIOSK,
183            install_attributes_->GetMode());
184}
185
186TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) {
187  install_attributes_->ReadCacheFile(GetTempPath());
188  EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
189  // Lock the attributes empty.
190  ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize());
191  base::RunLoop loop;
192  install_attributes_->ReadImmutableAttributes(loop.QuitClosure());
193  loop.Run();
194
195  ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall());
196  EXPECT_EQ(DEVICE_MODE_CONSUMER, install_attributes_->GetMode());
197}
198
199TEST_F(EnterpriseInstallAttributesTest, ConsumerKioskDevice) {
200  install_attributes_->ReadCacheFile(GetTempPath());
201  EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
202  // Lock the attributes for consumer kiosk.
203  ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
204            LockDeviceAndWaitForResult(
205                std::string(),
206                DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,
207                std::string()));
208
209  ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall());
210  EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,
211            install_attributes_->GetMode());
212  ASSERT_TRUE(install_attributes_->IsConsumerKioskDeviceWithAutoLaunch());
213}
214
215TEST_F(EnterpriseInstallAttributesTest, DeviceLockedFromOlderVersion) {
216  install_attributes_->ReadCacheFile(GetTempPath());
217  EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
218  // Lock the attributes as if it was done from older Chrome version.
219  ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
220      EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"));
221  ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
222      EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser));
223  ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize());
224  base::RunLoop loop;
225  install_attributes_->ReadImmutableAttributes(loop.QuitClosure());
226  loop.Run();
227
228  ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall());
229  EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
230  EXPECT_EQ(kTestDomain, install_attributes_->GetDomain());
231  EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
232  EXPECT_EQ("", install_attributes_->GetDeviceId());
233}
234
235TEST_F(EnterpriseInstallAttributesTest, ReadCacheFile) {
236  cryptohome::SerializedInstallAttributes install_attrs_proto;
237  SetAttribute(&install_attrs_proto,
238               EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true");
239  SetAttribute(&install_attrs_proto,
240               EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser);
241  const std::string blob(install_attrs_proto.SerializeAsString());
242  ASSERT_EQ(static_cast<int>(blob.size()),
243            base::WriteFile(GetTempPath(), blob.c_str(), blob.size()));
244  install_attributes_->ReadCacheFile(GetTempPath());
245  EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
246  EXPECT_EQ(kTestDomain, install_attributes_->GetDomain());
247  EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
248  EXPECT_EQ("", install_attributes_->GetDeviceId());
249}
250
251TEST_F(EnterpriseInstallAttributesTest, ReadCacheFileForConsumerKiosk) {
252  cryptohome::SerializedInstallAttributes install_attrs_proto;
253  SetAttribute(&install_attrs_proto,
254               EnterpriseInstallAttributes::kAttrConsumerKioskEnabled, "true");
255  const std::string blob(install_attrs_proto.SerializeAsString());
256  ASSERT_EQ(static_cast<int>(blob.size()),
257            base::WriteFile(GetTempPath(), blob.c_str(), blob.size()));
258  install_attributes_->ReadCacheFile(GetTempPath());
259  EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,
260            install_attributes_->GetMode());
261  EXPECT_EQ("", install_attributes_->GetDomain());
262  EXPECT_EQ("", install_attributes_->GetRegistrationUser());
263  EXPECT_EQ("", install_attributes_->GetDeviceId());
264}
265
266TEST_F(EnterpriseInstallAttributesTest, VerifyFakeInstallAttributesCache) {
267  // This test verifies that FakeCryptohomeClient::InstallAttributesFinalize
268  // writes a cache that EnterpriseInstallAttributes::ReadCacheFile accepts.
269
270  // Verify that no attributes are initially set.
271  install_attributes_->ReadCacheFile(GetTempPath());
272  EXPECT_EQ("", install_attributes_->GetRegistrationUser());
273
274  // Write test values.
275  ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
276      EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"));
277  ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
278      EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser));
279  ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize());
280
281  // Verify that EnterpriseInstallAttributes correctly decodes the stub
282  // cache file.
283  install_attributes_->ReadCacheFile(GetTempPath());
284  EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
285}
286
287}  // namespace policy
288