session_manager_operation_unittest.cc revision f8ee788a64d60abd8f2d742a5fdedde054ecd910 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/settings/session_manager_operation.h"
6
7#include "base/basictypes.h"
8#include "base/bind.h"
9#include "base/bind_helpers.h"
10#include "base/memory/ref_counted.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/message_loop/message_loop.h"
13#include "base/time/time.h"
14#include "chrome/browser/chromeos/ownership/owner_settings_service.h"
15#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h"
16#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
17#include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
18#include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
19#include "chrome/test/base/testing_profile.h"
20#include "components/policy/core/common/cloud/cloud_policy_constants.h"
21#include "components/policy/core/common/cloud/cloud_policy_validator.h"
22#include "components/policy/core/common/cloud/policy_builder.h"
23#include "content/public/test/test_browser_thread.h"
24#include "crypto/rsa_private_key.h"
25#include "policy/proto/device_management_backend.pb.h"
26#include "testing/gmock/include/gmock/gmock.h"
27#include "testing/gtest/include/gtest/gtest.h"
28
29namespace em = enterprise_management;
30
31using testing::Mock;
32using testing::_;
33
34namespace chromeos {
35
36class SessionManagerOperationTest : public testing::Test {
37 public:
38  SessionManagerOperationTest()
39      : ui_thread_(content::BrowserThread::UI, &message_loop_),
40        file_thread_(content::BrowserThread::FILE, &message_loop_),
41        owner_key_util_(new MockOwnerKeyUtil()),
42        validated_(false) {}
43
44  virtual void SetUp() OVERRIDE {
45    policy_.payload().mutable_pinned_apps()->add_app_id("fake-app");
46    policy_.Build();
47
48    profile_.reset(new TestingProfile());
49    OwnerSettingsService::SetOwnerKeyUtilForTesting(owner_key_util_);
50    service_ = OwnerSettingsServiceFactory::GetForProfile(profile_.get());
51  }
52
53  void TearDown() { OwnerSettingsService::SetOwnerKeyUtilForTesting(NULL); }
54
55  MOCK_METHOD2(OnOperationCompleted,
56               void(SessionManagerOperation*, DeviceSettingsService::Status));
57
58  void CheckSuccessfulValidation(
59      policy::DeviceCloudPolicyValidator* validator) {
60    EXPECT_TRUE(validator->success());
61    EXPECT_TRUE(validator->payload().get());
62    EXPECT_EQ(validator->payload()->SerializeAsString(),
63              policy_.payload().SerializeAsString());
64    validated_ = true;
65  }
66
67  void CheckPublicKeyLoaded(SessionManagerOperation* op) {
68    ASSERT_TRUE(op->public_key().get());
69    ASSERT_TRUE(op->public_key()->is_loaded());
70    std::vector<uint8> public_key;
71    ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
72    EXPECT_EQ(public_key, op->public_key()->data());
73  }
74
75 protected:
76  base::MessageLoop message_loop_;
77  content::TestBrowserThread ui_thread_;
78  content::TestBrowserThread file_thread_;
79
80  policy::DevicePolicyBuilder policy_;
81  DeviceSettingsTestHelper device_settings_test_helper_;
82  scoped_refptr<MockOwnerKeyUtil> owner_key_util_;
83
84  scoped_ptr<TestingProfile> profile_;
85  OwnerSettingsService* service_;
86
87  bool validated_;
88
89 private:
90  DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest);
91};
92
93TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) {
94  LoadSettingsOperation op(
95      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
96                 base::Unretained(this)));
97
98  EXPECT_CALL(*this,
99              OnOperationCompleted(
100                  &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE));
101  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
102  device_settings_test_helper_.Flush();
103  Mock::VerifyAndClearExpectations(this);
104
105  EXPECT_FALSE(op.policy_data().get());
106  EXPECT_FALSE(op.device_settings().get());
107  ASSERT_TRUE(op.public_key().get());
108  EXPECT_FALSE(op.public_key()->is_loaded());
109}
110
111TEST_F(SessionManagerOperationTest, LoadOwnerKey) {
112  owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
113  LoadSettingsOperation op(
114      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
115                 base::Unretained(this)));
116
117  EXPECT_CALL(*this,
118              OnOperationCompleted(
119                  &op, DeviceSettingsService::STORE_NO_POLICY));
120  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
121  device_settings_test_helper_.Flush();
122  Mock::VerifyAndClearExpectations(this);
123
124  CheckPublicKeyLoaded(&op);
125}
126
127TEST_F(SessionManagerOperationTest, LoadPolicy) {
128  owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
129  device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
130  LoadSettingsOperation op(
131      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
132                 base::Unretained(this)));
133
134  EXPECT_CALL(*this,
135              OnOperationCompleted(
136                  &op, DeviceSettingsService::STORE_SUCCESS));
137  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
138  device_settings_test_helper_.Flush();
139  Mock::VerifyAndClearExpectations(this);
140
141  ASSERT_TRUE(op.policy_data().get());
142  EXPECT_EQ(policy_.policy_data().SerializeAsString(),
143            op.policy_data()->SerializeAsString());
144  ASSERT_TRUE(op.device_settings().get());
145  EXPECT_EQ(policy_.payload().SerializeAsString(),
146            op.device_settings()->SerializeAsString());
147}
148
149TEST_F(SessionManagerOperationTest, RestartLoad) {
150  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
151  device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
152  LoadSettingsOperation op(
153      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
154                 base::Unretained(this)));
155
156  EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0);
157  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
158  device_settings_test_helper_.FlushLoops();
159  device_settings_test_helper_.FlushRetrieve();
160  EXPECT_TRUE(op.public_key().get());
161  EXPECT_TRUE(op.public_key()->is_loaded());
162  Mock::VerifyAndClearExpectations(this);
163
164  // Now install a different key and policy and restart the operation.
165  policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey());
166  policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true);
167  policy_.Build();
168  device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
169  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
170
171  EXPECT_CALL(*this,
172              OnOperationCompleted(
173                  &op, DeviceSettingsService::STORE_SUCCESS));
174  op.RestartLoad(true);
175  device_settings_test_helper_.Flush();
176  Mock::VerifyAndClearExpectations(this);
177
178  // Check that the new keys have been loaded.
179  CheckPublicKeyLoaded(&op);
180
181  // Verify the new policy.
182  ASSERT_TRUE(op.policy_data().get());
183  EXPECT_EQ(policy_.policy_data().SerializeAsString(),
184            op.policy_data()->SerializeAsString());
185  ASSERT_TRUE(op.device_settings().get());
186  EXPECT_EQ(policy_.payload().SerializeAsString(),
187            op.device_settings()->SerializeAsString());
188}
189
190TEST_F(SessionManagerOperationTest, StoreSettings) {
191  owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
192  StoreSettingsOperation op(
193      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
194                 base::Unretained(this)),
195      policy_.GetCopy());
196
197  EXPECT_CALL(*this,
198              OnOperationCompleted(
199                  &op, DeviceSettingsService::STORE_SUCCESS));
200  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
201  device_settings_test_helper_.Flush();
202  Mock::VerifyAndClearExpectations(this);
203
204  EXPECT_EQ(device_settings_test_helper_.policy_blob(),
205            policy_.GetBlob());
206  ASSERT_TRUE(op.policy_data().get());
207  EXPECT_EQ(policy_.policy_data().SerializeAsString(),
208            op.policy_data()->SerializeAsString());
209  ASSERT_TRUE(op.device_settings().get());
210  EXPECT_EQ(policy_.payload().SerializeAsString(),
211            op.device_settings()->SerializeAsString());
212}
213
214TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
215  owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
216  service_->OnTPMTokenReady();
217
218  scoped_ptr<em::PolicyData> policy(new em::PolicyData(policy_.policy_data()));
219  SignAndStoreSettingsOperation op(
220      base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
221                 base::Unretained(this)),
222      policy.Pass());
223  op.set_delegate(service_->as_weak_ptr());
224
225  EXPECT_CALL(*this,
226              OnOperationCompleted(
227                  &op, DeviceSettingsService::STORE_SUCCESS));
228  op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
229  device_settings_test_helper_.Flush();
230  Mock::VerifyAndClearExpectations(this);
231
232  // The blob should validate.
233  scoped_ptr<em::PolicyFetchResponse> policy_response(
234      new em::PolicyFetchResponse());
235  ASSERT_TRUE(
236      policy_response->ParseFromString(
237          device_settings_test_helper_.policy_blob()));
238  policy::DeviceCloudPolicyValidator* validator =
239      policy::DeviceCloudPolicyValidator::Create(
240          policy_response.Pass(), message_loop_.message_loop_proxy());
241  validator->ValidateUsername(policy_.policy_data().username(), true);
242  const base::Time expected_time = base::Time::UnixEpoch() +
243      base::TimeDelta::FromMilliseconds(policy::PolicyBuilder::kFakeTimestamp);
244  validator->ValidateTimestamp(
245      expected_time,
246      expected_time,
247      policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
248  validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
249  validator->ValidatePayload();
250  std::vector<uint8> public_key;
251  policy_.GetSigningKey()->ExportPublicKey(&public_key);
252  // Convert from bytes to string format (which is what ValidateSignature()
253  // takes).
254  std::string public_key_as_string = std::string(
255      reinterpret_cast<const char*>(vector_as_array(&public_key)),
256      public_key.size());
257  validator->ValidateSignature(
258      public_key_as_string,
259      policy::GetPolicyVerificationKey(),
260      policy::PolicyBuilder::kFakeDomain,
261      false);
262  validator->StartValidation(
263      base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
264                 base::Unretained(this)));
265
266  message_loop_.RunUntilIdle();
267  EXPECT_TRUE(validated_);
268
269  // Loaded device settings should match what the operation received.
270  ASSERT_TRUE(op.device_settings().get());
271  EXPECT_EQ(policy_.payload().SerializeAsString(),
272            op.device_settings()->SerializeAsString());
273}
274
275}  // namespace chromeos
276