session_manager_operation_unittest.cc revision 7dbb3d5cf0c15f500944d211057644d6a2f37371
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/settings/session_manager_operation.h" 6 7#include "base/basictypes.h" 8#include "base/bind.h" 9#include "base/bind_helpers.h" 10#include "base/memory/ref_counted.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/message_loop.h" 13#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 14#include "chrome/browser/chromeos/settings/mock_owner_key_util.h" 15#include "chrome/browser/policy/cloud/cloud_policy_constants.h" 16#include "chrome/browser/policy/cloud/cloud_policy_validator.h" 17#include "chrome/browser/policy/cloud/policy_builder.h" 18#include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" 19#include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" 20#include "content/public/test/test_browser_thread.h" 21#include "crypto/rsa_private_key.h" 22#include "testing/gmock/include/gmock/gmock.h" 23#include "testing/gtest/include/gtest/gtest.h" 24 25namespace em = enterprise_management; 26 27using testing::Mock; 28using testing::_; 29 30namespace chromeos { 31 32class SessionManagerOperationTest : public testing::Test { 33 public: 34 SessionManagerOperationTest() 35 : ui_thread_(content::BrowserThread::UI, &message_loop_), 36 file_thread_(content::BrowserThread::FILE, &message_loop_), 37 owner_key_util_(new MockOwnerKeyUtil()), 38 validated_(false) {} 39 40 virtual void SetUp() OVERRIDE { 41 policy_.payload().mutable_pinned_apps()->add_app_id("fake-app"); 42 policy_.Build(); 43 } 44 45 MOCK_METHOD2(OnOperationCompleted, 46 void(SessionManagerOperation*, DeviceSettingsService::Status)); 47 48 void CheckSuccessfulValidation( 49 policy::DeviceCloudPolicyValidator* validator) { 50 EXPECT_TRUE(validator->success()); 51 EXPECT_TRUE(validator->payload().get()); 52 EXPECT_EQ(validator->payload()->SerializeAsString(), 53 policy_.payload().SerializeAsString()); 54 validated_ = true; 55 } 56 57 void CheckPublicKeyLoaded(SessionManagerOperation* op) { 58 ASSERT_TRUE(op->owner_key().get()); 59 ASSERT_TRUE(op->owner_key()->public_key()); 60 std::vector<uint8> public_key; 61 ASSERT_TRUE(policy_.signing_key()->ExportPublicKey(&public_key)); 62 EXPECT_EQ(public_key, *op->owner_key()->public_key()); 63 } 64 65 void CheckPrivateKeyLoaded(SessionManagerOperation* op) { 66 ASSERT_TRUE(op->owner_key().get()); 67 ASSERT_TRUE(op->owner_key()->private_key()); 68 std::vector<uint8> expected_key; 69 ASSERT_TRUE(policy_.signing_key()->ExportPrivateKey(&expected_key)); 70 std::vector<uint8> actual_key; 71 ASSERT_TRUE(op->owner_key()->private_key()->ExportPrivateKey(&actual_key)); 72 EXPECT_EQ(expected_key, actual_key); 73 } 74 75 protected: 76 base::MessageLoop message_loop_; 77 content::TestBrowserThread ui_thread_; 78 content::TestBrowserThread file_thread_; 79 80 policy::DevicePolicyBuilder policy_; 81 DeviceSettingsTestHelper device_settings_test_helper_; 82 scoped_refptr<MockOwnerKeyUtil> owner_key_util_; 83 84 bool validated_; 85 86 private: 87 DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest); 88}; 89 90TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) { 91 LoadSettingsOperation op( 92 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 93 base::Unretained(this))); 94 95 EXPECT_CALL(*this, 96 OnOperationCompleted( 97 &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE)); 98 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 99 device_settings_test_helper_.Flush(); 100 Mock::VerifyAndClearExpectations(this); 101 102 EXPECT_FALSE(op.policy_data().get()); 103 EXPECT_FALSE(op.device_settings().get()); 104 ASSERT_TRUE(op.owner_key().get()); 105 EXPECT_FALSE(op.owner_key()->public_key()); 106 EXPECT_FALSE(op.owner_key()->private_key()); 107} 108 109TEST_F(SessionManagerOperationTest, LoadOwnerKey) { 110 owner_key_util_->SetPublicKeyFromPrivateKey(policy_.signing_key()); 111 LoadSettingsOperation op( 112 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 113 base::Unretained(this))); 114 115 EXPECT_CALL(*this, 116 OnOperationCompleted( 117 &op, DeviceSettingsService::STORE_NO_POLICY)); 118 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 119 device_settings_test_helper_.Flush(); 120 Mock::VerifyAndClearExpectations(this); 121 122 CheckPublicKeyLoaded(&op); 123} 124 125TEST_F(SessionManagerOperationTest, LoadPolicy) { 126 owner_key_util_->SetPublicKeyFromPrivateKey(policy_.signing_key()); 127 device_settings_test_helper_.set_policy_blob(policy_.GetBlob()); 128 LoadSettingsOperation op( 129 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 130 base::Unretained(this))); 131 132 EXPECT_CALL(*this, 133 OnOperationCompleted( 134 &op, DeviceSettingsService::STORE_SUCCESS)); 135 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 136 device_settings_test_helper_.Flush(); 137 Mock::VerifyAndClearExpectations(this); 138 139 ASSERT_TRUE(op.policy_data().get()); 140 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 141 op.policy_data()->SerializeAsString()); 142 ASSERT_TRUE(op.device_settings().get()); 143 EXPECT_EQ(policy_.payload().SerializeAsString(), 144 op.device_settings()->SerializeAsString()); 145} 146 147TEST_F(SessionManagerOperationTest, LoadPrivateOwnerKey) { 148 owner_key_util_->SetPrivateKey(policy_.signing_key()); 149 LoadSettingsOperation op( 150 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 151 base::Unretained(this))); 152 153 EXPECT_CALL(*this, 154 OnOperationCompleted( 155 &op, DeviceSettingsService::STORE_NO_POLICY)); 156 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 157 device_settings_test_helper_.Flush(); 158 Mock::VerifyAndClearExpectations(this); 159 160 CheckPublicKeyLoaded(&op); 161 CheckPrivateKeyLoaded(&op); 162} 163 164TEST_F(SessionManagerOperationTest, RestartLoad) { 165 owner_key_util_->SetPrivateKey(policy_.signing_key()); 166 device_settings_test_helper_.set_policy_blob(policy_.GetBlob()); 167 LoadSettingsOperation op( 168 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 169 base::Unretained(this))); 170 171 EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0); 172 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 173 device_settings_test_helper_.FlushLoops(); 174 device_settings_test_helper_.FlushRetrieve(); 175 EXPECT_TRUE(op.owner_key().get()); 176 EXPECT_TRUE(op.owner_key()->public_key()); 177 Mock::VerifyAndClearExpectations(this); 178 179 // Now install a different key and policy and restart the operation. 180 policy_.set_signing_key(policy::PolicyBuilder::CreateTestNewSigningKey()); 181 policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true); 182 policy_.Build(); 183 device_settings_test_helper_.set_policy_blob(policy_.GetBlob()); 184 owner_key_util_->SetPrivateKey(policy_.signing_key()); 185 186 EXPECT_CALL(*this, 187 OnOperationCompleted( 188 &op, DeviceSettingsService::STORE_SUCCESS)); 189 op.RestartLoad(true); 190 device_settings_test_helper_.Flush(); 191 Mock::VerifyAndClearExpectations(this); 192 193 // Check that the new keys have been loaded. 194 CheckPublicKeyLoaded(&op); 195 CheckPrivateKeyLoaded(&op); 196 197 // Verify the new policy. 198 ASSERT_TRUE(op.policy_data().get()); 199 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 200 op.policy_data()->SerializeAsString()); 201 ASSERT_TRUE(op.device_settings().get()); 202 EXPECT_EQ(policy_.payload().SerializeAsString(), 203 op.device_settings()->SerializeAsString()); 204} 205 206TEST_F(SessionManagerOperationTest, StoreSettings) { 207 owner_key_util_->SetPublicKeyFromPrivateKey(policy_.signing_key()); 208 StoreSettingsOperation op( 209 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 210 base::Unretained(this)), 211 policy_.GetCopy()); 212 213 EXPECT_CALL(*this, 214 OnOperationCompleted( 215 &op, DeviceSettingsService::STORE_SUCCESS)); 216 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 217 device_settings_test_helper_.Flush(); 218 Mock::VerifyAndClearExpectations(this); 219 220 EXPECT_EQ(device_settings_test_helper_.policy_blob(), 221 policy_.GetBlob()); 222 ASSERT_TRUE(op.policy_data().get()); 223 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 224 op.policy_data()->SerializeAsString()); 225 ASSERT_TRUE(op.device_settings().get()); 226 EXPECT_EQ(policy_.payload().SerializeAsString(), 227 op.device_settings()->SerializeAsString()); 228} 229 230TEST_F(SessionManagerOperationTest, SignAndStoreSettings) { 231 base::Time before(base::Time::NowFromSystemTime()); 232 owner_key_util_->SetPrivateKey(policy_.signing_key()); 233 SignAndStoreSettingsOperation op( 234 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 235 base::Unretained(this)), 236 scoped_ptr<em::ChromeDeviceSettingsProto>( 237 new em::ChromeDeviceSettingsProto(policy_.payload())), 238 policy_.policy_data().username()); 239 240 EXPECT_CALL(*this, 241 OnOperationCompleted( 242 &op, DeviceSettingsService::STORE_SUCCESS)); 243 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 244 device_settings_test_helper_.Flush(); 245 Mock::VerifyAndClearExpectations(this); 246 base::Time after(base::Time::NowFromSystemTime()); 247 248 // The blob should validate. 249 scoped_ptr<em::PolicyFetchResponse> policy_response( 250 new em::PolicyFetchResponse()); 251 ASSERT_TRUE( 252 policy_response->ParseFromString( 253 device_settings_test_helper_.policy_blob())); 254 policy::DeviceCloudPolicyValidator* validator = 255 policy::DeviceCloudPolicyValidator::Create(policy_response.Pass()); 256 validator->ValidateUsername(policy_.policy_data().username()); 257 validator->ValidateTimestamp( 258 before, 259 after, 260 policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 261 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType); 262 validator->ValidatePayload(); 263 std::vector<uint8> public_key; 264 policy_.signing_key()->ExportPublicKey(&public_key); 265 validator->ValidateSignature(public_key, false); 266 validator->StartValidation( 267 base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation, 268 base::Unretained(this))); 269 270 message_loop_.RunUntilIdle(); 271 EXPECT_TRUE(validated_); 272 273 // Check that the loaded policy_data contains the expected values. 274 EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType, 275 op.policy_data()->policy_type()); 276 EXPECT_LE((before - base::Time::UnixEpoch()).InMilliseconds(), 277 op.policy_data()->timestamp()); 278 EXPECT_GE((after - base::Time::UnixEpoch()).InMilliseconds(), 279 op.policy_data()->timestamp()); 280 EXPECT_FALSE(op.policy_data()->has_request_token()); 281 EXPECT_EQ(policy_.policy_data().username(), op.policy_data()->username()); 282 283 // Loaded device settings should match what the operation received. 284 ASSERT_TRUE(op.device_settings().get()); 285 EXPECT_EQ(policy_.payload().SerializeAsString(), 286 op.device_settings()->SerializeAsString()); 287} 288 289} // namespace chromeos 290