session_manager_operation_unittest.cc revision 0529e5d033099cbfc42635f6f6183833b09dff6e 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/settings/session_manager_operation.h"
6
7#include "base/basictypes.h"
8#include "base/bind.h"
9#include "base/bind_helpers.h"
10#include "base/memory/ref_counted.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/message_loop/message_loop.h"
13#include "base/time/time.h"
14#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
15#include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
16#include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
17#include "components/policy/core/common/cloud/cloud_policy_constants.h"
18#include "components/policy/core/common/cloud/cloud_policy_validator.h"
19#include "components/policy/core/common/cloud/policy_builder.h"
20#include "content/public/test/test_browser_thread.h"
21#include "crypto/rsa_private_key.h"
22#include "policy/proto/device_management_backend.pb.h"
23#include "testing/gmock/include/gmock/gmock.h"
24#include "testing/gtest/include/gtest/gtest.h"
25
26namespace em = enterprise_management;
27
28using testing::Mock;
29using testing::_;
30
31namespace chromeos {
32
33class SessionManagerOperationTest : public testing::Test {
34 public:
35  SessionManagerOperationTest()
36      : ui_thread_(content::BrowserThread::UI, &message_loop_),
37        file_thread_(content::BrowserThread::FILE, &message_loop_),
38        owner_key_util_(new MockOwnerKeyUtil()),
39        validated_(false) {}
40
41  virtual void SetUp() OVERRIDE {
42    policy_.payload().mutable_pinned_apps()->add_app_id("fake-app");
43    policy_.Build();
44  }
45
46  MOCK_METHOD2(OnOperationCompleted,
47               void(SessionManagerOperation*, DeviceSettingsService::Status));
48
49  void CheckSuccessfulValidation(
50      policy::DeviceCloudPolicyValidator* validator) {
51    EXPECT_TRUE(validator->success());
52    EXPECT_TRUE(validator->payload().get());
53    EXPECT_EQ(validator->payload()->SerializeAsString(),
54              policy_.payload().SerializeAsString());
55    validated_ = true;
56  }
57
58  void CheckPublicKeyLoaded(SessionManagerOperation* op) {
59    ASSERT_TRUE(op->owner_key().get());
60    ASSERT_TRUE(op->owner_key()->public_key());
61    std::vector<uint8> public_key;
62    ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
63    EXPECT_EQ(public_key, *op->owner_key()->public_key());
64  }
65
66  void CheckPrivateKeyLoaded(SessionManagerOperation* op) {
67    ASSERT_TRUE(op->owner_key().get());
68    ASSERT_TRUE(op->owner_key()->private_key());
69    std::vector<uint8> expected_key;
70    ASSERT_TRUE(policy_.GetSigningKey()->ExportPrivateKey(&expected_key));
71    std::vector<uint8> actual_key;
72    ASSERT_TRUE(op->owner_key()->private_key()->ExportPrivateKey(&actual_key));
73    EXPECT_EQ(expected_key, actual_key);
74  }
75
76 protected:
77  base::MessageLoop message_loop_;
78  content::TestBrowserThread ui_thread_;
79  content::TestBrowserThread file_thread_;
80
81  policy::DevicePolicyBuilder policy_;
82  DeviceSettingsTestHelper device_settings_test_helper_;
83  scoped_refptr<MockOwnerKeyUtil> owner_key_util_;
84
85  bool validated_;
86
87 private:
88  DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest);
89};
90
91TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) {
92  LoadSettingsOperation op(
93      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
94                 base::Unretained(this)));
95
96  EXPECT_CALL(*this,
97              OnOperationCompleted(
98                  &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE));
99  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
100  device_settings_test_helper_.Flush();
101  Mock::VerifyAndClearExpectations(this);
102
103  EXPECT_FALSE(op.policy_data().get());
104  EXPECT_FALSE(op.device_settings().get());
105  ASSERT_TRUE(op.owner_key().get());
106  EXPECT_FALSE(op.owner_key()->public_key());
107  EXPECT_FALSE(op.owner_key()->private_key());
108}
109
110TEST_F(SessionManagerOperationTest, LoadOwnerKey) {
111  owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
112  LoadSettingsOperation op(
113      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
114                 base::Unretained(this)));
115
116  EXPECT_CALL(*this,
117              OnOperationCompleted(
118                  &op, DeviceSettingsService::STORE_NO_POLICY));
119  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
120  device_settings_test_helper_.Flush();
121  Mock::VerifyAndClearExpectations(this);
122
123  CheckPublicKeyLoaded(&op);
124}
125
126TEST_F(SessionManagerOperationTest, LoadPolicy) {
127  owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
128  device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
129  LoadSettingsOperation op(
130      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
131                 base::Unretained(this)));
132
133  EXPECT_CALL(*this,
134              OnOperationCompleted(
135                  &op, DeviceSettingsService::STORE_SUCCESS));
136  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
137  device_settings_test_helper_.Flush();
138  Mock::VerifyAndClearExpectations(this);
139
140  ASSERT_TRUE(op.policy_data().get());
141  EXPECT_EQ(policy_.policy_data().SerializeAsString(),
142            op.policy_data()->SerializeAsString());
143  ASSERT_TRUE(op.device_settings().get());
144  EXPECT_EQ(policy_.payload().SerializeAsString(),
145            op.device_settings()->SerializeAsString());
146}
147
148TEST_F(SessionManagerOperationTest, LoadPrivateOwnerKey) {
149  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
150  LoadSettingsOperation op(
151      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
152                 base::Unretained(this)));
153
154  EXPECT_CALL(*this,
155              OnOperationCompleted(
156                  &op, DeviceSettingsService::STORE_NO_POLICY));
157  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
158  device_settings_test_helper_.Flush();
159  Mock::VerifyAndClearExpectations(this);
160
161  CheckPublicKeyLoaded(&op);
162  CheckPrivateKeyLoaded(&op);
163}
164
165TEST_F(SessionManagerOperationTest, RestartLoad) {
166  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
167  device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
168  LoadSettingsOperation op(
169      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
170                 base::Unretained(this)));
171
172  EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0);
173  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
174  device_settings_test_helper_.FlushLoops();
175  device_settings_test_helper_.FlushRetrieve();
176  EXPECT_TRUE(op.owner_key().get());
177  EXPECT_TRUE(op.owner_key()->public_key());
178  Mock::VerifyAndClearExpectations(this);
179
180  // Now install a different key and policy and restart the operation.
181  policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey());
182  policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true);
183  policy_.Build();
184  device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
185  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
186
187  EXPECT_CALL(*this,
188              OnOperationCompleted(
189                  &op, DeviceSettingsService::STORE_SUCCESS));
190  op.RestartLoad(true);
191  device_settings_test_helper_.Flush();
192  Mock::VerifyAndClearExpectations(this);
193
194  // Check that the new keys have been loaded.
195  CheckPublicKeyLoaded(&op);
196  CheckPrivateKeyLoaded(&op);
197
198  // Verify the new policy.
199  ASSERT_TRUE(op.policy_data().get());
200  EXPECT_EQ(policy_.policy_data().SerializeAsString(),
201            op.policy_data()->SerializeAsString());
202  ASSERT_TRUE(op.device_settings().get());
203  EXPECT_EQ(policy_.payload().SerializeAsString(),
204            op.device_settings()->SerializeAsString());
205}
206
207TEST_F(SessionManagerOperationTest, StoreSettings) {
208  owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
209  StoreSettingsOperation op(
210      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
211                 base::Unretained(this)),
212      policy_.GetCopy());
213
214  EXPECT_CALL(*this,
215              OnOperationCompleted(
216                  &op, DeviceSettingsService::STORE_SUCCESS));
217  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
218  device_settings_test_helper_.Flush();
219  Mock::VerifyAndClearExpectations(this);
220
221  EXPECT_EQ(device_settings_test_helper_.policy_blob(),
222            policy_.GetBlob());
223  ASSERT_TRUE(op.policy_data().get());
224  EXPECT_EQ(policy_.policy_data().SerializeAsString(),
225            op.policy_data()->SerializeAsString());
226  ASSERT_TRUE(op.device_settings().get());
227  EXPECT_EQ(policy_.payload().SerializeAsString(),
228            op.device_settings()->SerializeAsString());
229}
230
231TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
232  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
233  scoped_ptr<em::PolicyData> policy(new em::PolicyData(policy_.policy_data()));
234  SignAndStoreSettingsOperation op(
235      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
236                 base::Unretained(this)),
237      policy.Pass());
238
239  EXPECT_CALL(*this,
240              OnOperationCompleted(
241                  &op, DeviceSettingsService::STORE_SUCCESS));
242  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
243  device_settings_test_helper_.Flush();
244  Mock::VerifyAndClearExpectations(this);
245
246  // The blob should validate.
247  scoped_ptr<em::PolicyFetchResponse> policy_response(
248      new em::PolicyFetchResponse());
249  ASSERT_TRUE(
250      policy_response->ParseFromString(
251          device_settings_test_helper_.policy_blob()));
252  policy::DeviceCloudPolicyValidator* validator =
253      policy::DeviceCloudPolicyValidator::Create(
254          policy_response.Pass(), message_loop_.message_loop_proxy());
255  validator->ValidateUsername(policy_.policy_data().username(), true);
256  const base::Time expected_time = base::Time::UnixEpoch() +
257      base::TimeDelta::FromMilliseconds(policy::PolicyBuilder::kFakeTimestamp);
258  validator->ValidateTimestamp(
259      expected_time,
260      expected_time,
261      policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
262  validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
263  validator->ValidatePayload();
264  std::vector<uint8> public_key;
265  policy_.GetSigningKey()->ExportPublicKey(&public_key);
266  // Convert from bytes to string format (which is what ValidateSignature()
267  // takes).
268  std::string public_key_as_string = std::string(
269      reinterpret_cast<const char*>(vector_as_array(&public_key)),
270      public_key.size());
271  validator->ValidateSignature(
272      public_key_as_string,
273      policy::GetPolicyVerificationKey(),
274      policy::PolicyBuilder::kFakeDomain,
275      false);
276  validator->StartValidation(
277      base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
278                 base::Unretained(this)));
279
280  message_loop_.RunUntilIdle();
281  EXPECT_TRUE(validated_);
282
283  // Loaded device settings should match what the operation received.
284  ASSERT_TRUE(op.device_settings().get());
285  EXPECT_EQ(policy_.payload().SerializeAsString(),
286            op.device_settings()->SerializeAsString());
287}
288
289}  // namespace chromeos
290