1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/settings/device_settings_service.h"
6
7#include "base/basictypes.h"
8#include "base/bind.h"
9#include "base/bind_helpers.h"
10#include "base/compiler_specific.h"
11#include "base/time/time.h"
12#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
13#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h"
14#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
15#include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
16#include "chrome/test/base/testing_profile.h"
17#include "components/policy/core/common/cloud/cloud_policy_constants.h"
18#include "policy/proto/device_management_backend.pb.h"
19#include "testing/gmock/include/gmock/gmock.h"
20#include "testing/gtest/include/gtest/gtest.h"
21
22namespace em = enterprise_management;
23
24using ::testing::Mock;
25
26namespace chromeos {
27
28namespace {
29
30class MockDeviceSettingsObserver : public DeviceSettingsService::Observer {
31 public:
32  virtual ~MockDeviceSettingsObserver() {}
33
34  MOCK_METHOD0(OwnershipStatusChanged, void());
35  MOCK_METHOD0(DeviceSettingsUpdated, void());
36};
37
38}  // namespace
39
40class DeviceSettingsServiceTest : public DeviceSettingsTestBase {
41 public:
42  void SetOperationCompleted() {
43    operation_completed_ = true;
44  }
45
46  void SetOwnershipStatus(
47      DeviceSettingsService::OwnershipStatus ownership_status) {
48    ownership_status_ = ownership_status;
49  }
50
51  void OnIsOwner(bool is_owner) {
52    is_owner_ = is_owner;
53    is_owner_set_ = true;
54  }
55
56 protected:
57  DeviceSettingsServiceTest()
58      : operation_completed_(false),
59        is_owner_(true),
60        is_owner_set_(false),
61        ownership_status_(DeviceSettingsService::OWNERSHIP_UNKNOWN) {}
62
63  virtual void SetUp() OVERRIDE {
64    device_policy_.payload().mutable_device_policy_refresh_rate()->
65        set_device_policy_refresh_rate(120);
66    DeviceSettingsTestBase::SetUp();
67  }
68
69  void CheckPolicy() {
70    ASSERT_TRUE(device_settings_service_.policy_data());
71    EXPECT_EQ(device_policy_.policy_data().SerializeAsString(),
72              device_settings_service_.policy_data()->SerializeAsString());
73    ASSERT_TRUE(device_settings_service_.device_settings());
74    EXPECT_EQ(device_policy_.payload().SerializeAsString(),
75              device_settings_service_.device_settings()->SerializeAsString());
76  }
77
78  bool operation_completed_;
79  bool is_owner_;
80  bool is_owner_set_;
81  DeviceSettingsService::OwnershipStatus ownership_status_;
82
83 private:
84  DISALLOW_COPY_AND_ASSIGN(DeviceSettingsServiceTest);
85};
86
87TEST_F(DeviceSettingsServiceTest, LoadNoKey) {
88  owner_key_util_->Clear();
89  ReloadDeviceSettings();
90
91  EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE,
92            device_settings_service_.status());
93  EXPECT_FALSE(device_settings_service_.policy_data());
94  EXPECT_FALSE(device_settings_service_.device_settings());
95}
96
97TEST_F(DeviceSettingsServiceTest, LoadNoPolicy) {
98  device_settings_test_helper_.set_policy_blob(std::string());
99  ReloadDeviceSettings();
100
101  EXPECT_EQ(DeviceSettingsService::STORE_NO_POLICY,
102            device_settings_service_.status());
103  EXPECT_FALSE(device_settings_service_.policy_data());
104  EXPECT_FALSE(device_settings_service_.device_settings());
105}
106
107TEST_F(DeviceSettingsServiceTest, LoadValidationError) {
108  device_policy_.policy().set_policy_data_signature("bad");
109  device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
110  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
111  ReloadDeviceSettings();
112
113  EXPECT_EQ(DeviceSettingsService::STORE_VALIDATION_ERROR,
114            device_settings_service_.status());
115  EXPECT_FALSE(device_settings_service_.policy_data());
116  EXPECT_FALSE(device_settings_service_.device_settings());
117}
118
119TEST_F(DeviceSettingsServiceTest, LoadValidationErrorFutureTimestamp) {
120  base::Time timestamp(base::Time::NowFromSystemTime() +
121                       base::TimeDelta::FromDays(5000));
122  device_policy_.policy_data().set_timestamp(
123      (timestamp - base::Time::UnixEpoch()).InMilliseconds());
124  device_policy_.Build();
125  device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
126  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
127  ReloadDeviceSettings();
128
129  // Loading a cached device policy with a timestamp in the future should work,
130  // since this may be due to a broken clock on the client device.
131  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
132            device_settings_service_.status());
133  CheckPolicy();
134}
135
136TEST_F(DeviceSettingsServiceTest, LoadSuccess) {
137  ReloadDeviceSettings();
138
139  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
140            device_settings_service_.status());
141  CheckPolicy();
142}
143
144TEST_F(DeviceSettingsServiceTest, SignAndStoreNoKey) {
145  ReloadDeviceSettings();
146  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
147            device_settings_service_.status());
148
149  scoped_ptr<em::ChromeDeviceSettingsProto> new_device_settings(
150      new em::ChromeDeviceSettingsProto(device_policy_.payload()));
151  new_device_settings->mutable_device_policy_refresh_rate()->
152      set_device_policy_refresh_rate(300);
153  device_settings_service_.SignAndStore(
154      new_device_settings.Pass(),
155      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
156                 base::Unretained(this)));
157  FlushDeviceSettings();
158  EXPECT_TRUE(operation_completed_);
159  EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE,
160            device_settings_service_.status());
161  CheckPolicy();
162}
163
164TEST_F(DeviceSettingsServiceTest, SignAndStoreFailure) {
165  ReloadDeviceSettings();
166  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
167            device_settings_service_.status());
168
169  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
170  InitOwner(device_policy_.policy_data().username(), true);
171  FlushDeviceSettings();
172
173  scoped_ptr<em::ChromeDeviceSettingsProto> new_device_settings(
174      new em::ChromeDeviceSettingsProto(device_policy_.payload()));
175  new_device_settings->mutable_device_policy_refresh_rate()->
176      set_device_policy_refresh_rate(300);
177  device_settings_test_helper_.set_store_result(false);
178  device_settings_service_.SignAndStore(
179      new_device_settings.Pass(),
180      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
181                 base::Unretained(this)));
182  FlushDeviceSettings();
183  EXPECT_TRUE(operation_completed_);
184  EXPECT_EQ(DeviceSettingsService::STORE_OPERATION_FAILED,
185            device_settings_service_.status());
186  CheckPolicy();
187}
188
189TEST_F(DeviceSettingsServiceTest, SignAndStoreSuccess) {
190  const base::Time before(base::Time::Now());
191  ReloadDeviceSettings();
192  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
193            device_settings_service_.status());
194
195  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
196  InitOwner(device_policy_.policy_data().username(), true);
197  FlushDeviceSettings();
198
199  device_policy_.payload().mutable_device_policy_refresh_rate()->
200      set_device_policy_refresh_rate(300);
201  device_policy_.Build();
202  device_settings_service_.SignAndStore(
203      scoped_ptr<em::ChromeDeviceSettingsProto>(
204          new em::ChromeDeviceSettingsProto(device_policy_.payload())),
205      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
206                 base::Unretained(this)));
207  FlushDeviceSettings();
208  const base::Time after(base::Time::Now());
209
210  EXPECT_TRUE(operation_completed_);
211  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
212            device_settings_service_.status());
213  ASSERT_TRUE(device_settings_service_.device_settings());
214  EXPECT_EQ(device_policy_.payload().SerializeAsString(),
215            device_settings_service_.device_settings()->SerializeAsString());
216
217   // Check that the loaded policy_data contains the expected values.
218  const em::PolicyData* policy_data = device_settings_service_.policy_data();
219  EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType,
220            policy_data->policy_type());
221  EXPECT_LE((before - base::Time::UnixEpoch()).InMilliseconds(),
222            policy_data->timestamp());
223  EXPECT_GE((after - base::Time::UnixEpoch()).InMilliseconds(),
224            policy_data->timestamp());
225  EXPECT_EQ(device_settings_service_.GetUsername(),
226            policy_data->username());
227}
228
229TEST_F(DeviceSettingsServiceTest, SetManagementSettingsModeTransition) {
230  ReloadDeviceSettings();
231  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
232            device_settings_service_.status());
233
234  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
235  InitOwner(device_policy_.policy_data().username(), true);
236  FlushDeviceSettings();
237
238  // The initial management mode should be NOT_MANAGED.
239  EXPECT_EQ(em::PolicyData::NOT_MANAGED,
240            device_settings_service_.policy_data()->management_mode());
241
242  // NOT_MANAGED -> CONSUMER_MANAGED: Okay.
243  device_settings_service_.SetManagementSettings(
244      em::PolicyData::CONSUMER_MANAGED,
245      "fake_request_token",
246      "fake_device_id",
247      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
248                 base::Unretained(this)));
249  FlushDeviceSettings();
250
251  EXPECT_TRUE(operation_completed_);
252  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
253            device_settings_service_.status());
254  EXPECT_EQ(em::PolicyData::CONSUMER_MANAGED,
255            device_settings_service_.policy_data()->management_mode());
256
257  // CONSUMER_MANAGED -> ENTERPRISE_MANAGED: Invalid.
258  device_settings_service_.SetManagementSettings(
259      em::PolicyData::ENTERPRISE_MANAGED,
260      "fake_request_token",
261      "fake_device_id",
262      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
263                 base::Unretained(this)));
264  FlushDeviceSettings();
265
266  EXPECT_TRUE(operation_completed_);
267  EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR,
268            device_settings_service_.status());
269  EXPECT_EQ(em::PolicyData::CONSUMER_MANAGED,
270            device_settings_service_.policy_data()->management_mode());
271
272  // CONSUMER_MANAGED -> NOT_MANAGED: Okay.
273  device_settings_service_.SetManagementSettings(
274      em::PolicyData::NOT_MANAGED,
275      "fake_request_token",
276      "fake_device_id",
277      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
278                 base::Unretained(this)));
279  FlushDeviceSettings();
280
281  EXPECT_TRUE(operation_completed_);
282  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
283            device_settings_service_.status());
284  EXPECT_EQ(em::PolicyData::NOT_MANAGED,
285            device_settings_service_.policy_data()->management_mode());
286
287  // NOT_MANAGED -> ENTERPRISE_MANAGED: Invalid.
288  device_settings_service_.SetManagementSettings(
289      em::PolicyData::ENTERPRISE_MANAGED,
290      "fake_request_token",
291      "fake_device_id",
292      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
293                 base::Unretained(this)));
294  FlushDeviceSettings();
295
296  EXPECT_TRUE(operation_completed_);
297  EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR,
298            device_settings_service_.status());
299  EXPECT_EQ(em::PolicyData::NOT_MANAGED,
300            device_settings_service_.policy_data()->management_mode());
301
302  // Inject a policy data with management mode set to ENTERPRISE_MANAGED.
303  device_policy_.policy_data().set_management_mode(
304      em::PolicyData::ENTERPRISE_MANAGED);
305  device_policy_.Build();
306  device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
307  ReloadDeviceSettings();
308  EXPECT_EQ(em::PolicyData::ENTERPRISE_MANAGED,
309            device_settings_service_.policy_data()->management_mode());
310
311  // ENTERPRISE_MANAGED -> NOT_MANAGED: Invalid.
312  device_settings_service_.SetManagementSettings(
313      em::PolicyData::NOT_MANAGED,
314      "fake_request_token",
315      "fake_device_id",
316      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
317                 base::Unretained(this)));
318  FlushDeviceSettings();
319
320  EXPECT_TRUE(operation_completed_);
321  EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR,
322            device_settings_service_.status());
323  EXPECT_EQ(em::PolicyData::ENTERPRISE_MANAGED,
324            device_settings_service_.policy_data()->management_mode());
325
326  // ENTERPRISE_MANAGED -> CONSUMER_MANAGED: Invalid.
327  device_settings_service_.SetManagementSettings(
328      em::PolicyData::CONSUMER_MANAGED,
329      "fake_request_token",
330      "fake_device_id",
331      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
332                 base::Unretained(this)));
333  FlushDeviceSettings();
334
335  EXPECT_TRUE(operation_completed_);
336  EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR,
337            device_settings_service_.status());
338  EXPECT_EQ(em::PolicyData::ENTERPRISE_MANAGED,
339            device_settings_service_.policy_data()->management_mode());
340
341}
342
343TEST_F(DeviceSettingsServiceTest, SetManagementSettingsSuccess) {
344  ReloadDeviceSettings();
345  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
346            device_settings_service_.status());
347
348  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
349  InitOwner(device_policy_.policy_data().username(), true);
350  FlushDeviceSettings();
351
352  device_settings_service_.SetManagementSettings(
353      em::PolicyData::CONSUMER_MANAGED,
354      "fake_request_token",
355      "fake_device_id",
356      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
357                 base::Unretained(this)));
358  FlushDeviceSettings();
359
360  EXPECT_TRUE(operation_completed_);
361  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
362            device_settings_service_.status());
363  ASSERT_TRUE(device_settings_service_.device_settings());
364
365  // Check that the loaded policy_data contains the expected values.
366  const em::PolicyData* policy_data = device_settings_service_.policy_data();
367  EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType,
368            policy_data->policy_type());
369  EXPECT_EQ(device_settings_service_.GetUsername(),
370            policy_data->username());
371  EXPECT_EQ(em::PolicyData::CONSUMER_MANAGED, policy_data->management_mode());
372  EXPECT_EQ("fake_request_token", policy_data->request_token());
373  EXPECT_EQ("fake_device_id", policy_data->device_id());
374}
375
376TEST_F(DeviceSettingsServiceTest, StoreFailure) {
377  owner_key_util_->Clear();
378  device_settings_test_helper_.set_policy_blob(std::string());
379  ReloadDeviceSettings();
380  EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE,
381            device_settings_service_.status());
382
383  device_settings_test_helper_.set_store_result(false);
384  device_settings_service_.Store(
385      device_policy_.GetCopy(),
386      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
387                 base::Unretained(this)));
388  FlushDeviceSettings();
389  EXPECT_TRUE(operation_completed_);
390  EXPECT_EQ(DeviceSettingsService::STORE_OPERATION_FAILED,
391            device_settings_service_.status());
392}
393
394TEST_F(DeviceSettingsServiceTest, StoreSuccess) {
395  owner_key_util_->Clear();
396  device_settings_test_helper_.set_policy_blob(std::string());
397  ReloadDeviceSettings();
398  EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE,
399            device_settings_service_.status());
400
401  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
402  InitOwner(device_policy_.policy_data().username(), true);
403  device_settings_service_.Store(
404      device_policy_.GetCopy(),
405      base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted,
406                 base::Unretained(this)));
407  FlushDeviceSettings();
408  EXPECT_TRUE(operation_completed_);
409  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
410            device_settings_service_.status());
411  CheckPolicy();
412}
413
414TEST_F(DeviceSettingsServiceTest, StoreRotation) {
415  ReloadDeviceSettings();
416  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
417            device_settings_service_.status());
418
419  device_policy_.payload().mutable_device_policy_refresh_rate()->
420      set_device_policy_refresh_rate(300);
421  device_policy_.SetDefaultNewSigningKey();
422  device_policy_.Build();
423  device_settings_service_.Store(device_policy_.GetCopy(), base::Closure());
424  FlushDeviceSettings();
425  owner_key_util_->SetPublicKeyFromPrivateKey(
426      *device_policy_.GetNewSigningKey());
427  device_settings_service_.OwnerKeySet(true);
428  FlushDeviceSettings();
429  EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS,
430            device_settings_service_.status());
431  CheckPolicy();
432
433  // Check the new key has been loaded.
434  std::vector<uint8> key;
435  ASSERT_TRUE(device_policy_.GetNewSigningKey()->ExportPublicKey(&key));
436  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
437}
438
439TEST_F(DeviceSettingsServiceTest, OwnershipStatus) {
440  owner_key_util_->Clear();
441
442  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
443  EXPECT_FALSE(device_settings_service_.GetPublicKey().get());
444  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN,
445            device_settings_service_.GetOwnershipStatus());
446
447  device_settings_service_.GetOwnershipStatusAsync(
448      base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus,
449                 base::Unretained(this)));
450  FlushDeviceSettings();
451  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
452  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
453  EXPECT_FALSE(device_settings_service_.GetPublicKey()->is_loaded());
454  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_NONE,
455            device_settings_service_.GetOwnershipStatus());
456  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_NONE, ownership_status_);
457
458  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
459  ReloadDeviceSettings();
460  device_settings_service_.GetOwnershipStatusAsync(
461      base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus,
462                 base::Unretained(this)));
463  FlushDeviceSettings();
464  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
465  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
466  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
467  std::vector<uint8> key;
468  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
469  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
470  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
471            device_settings_service_.GetOwnershipStatus());
472  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_);
473
474  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
475  InitOwner(device_policy_.policy_data().username(), true);
476  device_settings_service_.GetOwnershipStatusAsync(
477      base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus,
478                 base::Unretained(this)));
479  FlushDeviceSettings();
480  EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey());
481  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
482  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
483  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
484  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
485  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
486            device_settings_service_.GetOwnershipStatus());
487  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_);
488}
489
490TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForNonOwner) {
491  owner_key_util_->Clear();
492
493  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
494  EXPECT_FALSE(device_settings_service_.GetPublicKey().get());
495  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN,
496            device_settings_service_.GetOwnershipStatus());
497
498  const std::string& user_id = device_policy_.policy_data().username();
499  InitOwner(user_id, false);
500  OwnerSettingsServiceChromeOS* service =
501      OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get());
502  ASSERT_TRUE(service);
503  service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner,
504                                   base::Unretained(this)));
505
506  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
507  ReloadDeviceSettings();
508
509  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
510  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
511  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
512  std::vector<uint8> key;
513  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
514  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
515  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
516            device_settings_service_.GetOwnershipStatus());
517  EXPECT_FALSE(is_owner_set_);
518
519  service->OnTPMTokenReady(true /* is ready */);
520  FlushDeviceSettings();
521
522  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
523  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
524  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
525  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
526  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
527  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
528  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
529            device_settings_service_.GetOwnershipStatus());
530  EXPECT_TRUE(is_owner_set_);
531  EXPECT_FALSE(is_owner_);
532}
533
534TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForOwner) {
535  owner_key_util_->Clear();
536
537  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
538  EXPECT_FALSE(device_settings_service_.GetPublicKey().get());
539  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN,
540            device_settings_service_.GetOwnershipStatus());
541
542  const std::string& user_id = device_policy_.policy_data().username();
543  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
544  InitOwner(user_id, false);
545  OwnerSettingsServiceChromeOS* service =
546      OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get());
547  ASSERT_TRUE(service);
548  service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner,
549                                   base::Unretained(this)));
550  ReloadDeviceSettings();
551
552  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
553  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
554  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
555  std::vector<uint8> key;
556  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
557  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
558  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
559            device_settings_service_.GetOwnershipStatus());
560  EXPECT_FALSE(is_owner_set_);
561
562  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
563  service->OnTPMTokenReady(true /* is ready */);
564  FlushDeviceSettings();
565
566  EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey());
567  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
568  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
569  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
570  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
571  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
572            device_settings_service_.GetOwnershipStatus());
573  EXPECT_TRUE(is_owner_set_);
574  EXPECT_TRUE(is_owner_);
575}
576
577TEST_F(DeviceSettingsServiceTest, IsCurrentUserOwnerAsyncWithLoadedCerts) {
578  owner_key_util_->Clear();
579
580  EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey());
581  EXPECT_FALSE(device_settings_service_.GetPublicKey().get());
582  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN,
583            device_settings_service_.GetOwnershipStatus());
584
585  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
586  owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
587
588  InitOwner(device_policy_.policy_data().username(), true);
589  ReloadDeviceSettings();
590  FlushDeviceSettings();
591
592  EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey());
593  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
594  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
595  std::vector<uint8> key;
596  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
597  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
598  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
599            device_settings_service_.GetOwnershipStatus());
600  EXPECT_FALSE(is_owner_set_);
601
602  OwnerSettingsServiceChromeOS* service =
603      OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get());
604  ASSERT_TRUE(service);
605  service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner,
606                                   base::Unretained(this)));
607  // The callback should be called immediately.
608  base::MessageLoop::current()->RunUntilIdle();
609
610  EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey());
611  ASSERT_TRUE(device_settings_service_.GetPublicKey().get());
612  ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded());
613  ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key));
614  EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key);
615  EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN,
616            device_settings_service_.GetOwnershipStatus());
617  EXPECT_TRUE(is_owner_set_);
618  EXPECT_TRUE(is_owner_);
619}
620
621TEST_F(DeviceSettingsServiceTest, Observer) {
622  owner_key_util_->Clear();
623  MockDeviceSettingsObserver observer_;
624  device_settings_service_.AddObserver(&observer_);
625
626  EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(1);
627  EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1);
628  ReloadDeviceSettings();
629  Mock::VerifyAndClearExpectations(&observer_);
630
631  EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(1);
632  EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1);
633  owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
634  InitOwner(device_policy_.policy_data().username(), true);
635  ReloadDeviceSettings();
636  Mock::VerifyAndClearExpectations(&observer_);
637
638  EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(0);
639  EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1);
640  device_settings_service_.Store(device_policy_.GetCopy(), base::Closure());
641  FlushDeviceSettings();
642  Mock::VerifyAndClearExpectations(&observer_);
643
644  EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(0);
645  EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1);
646  device_settings_service_.PropertyChangeComplete(true);
647  FlushDeviceSettings();
648  Mock::VerifyAndClearExpectations(&observer_);
649
650  device_settings_service_.RemoveObserver(&observer_);
651}
652
653}  // namespace chromeos
654