session_manager_operation_unittest.cc revision f8ee788a64d60abd8f2d742a5fdedde054ecd910
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/settings/session_manager_operation.h" 6 7#include "base/basictypes.h" 8#include "base/bind.h" 9#include "base/bind_helpers.h" 10#include "base/memory/ref_counted.h" 11#include "base/memory/scoped_ptr.h" 12#include "base/message_loop/message_loop.h" 13#include "base/time/time.h" 14#include "chrome/browser/chromeos/ownership/owner_settings_service.h" 15#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" 16#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 17#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 18#include "chrome/browser/chromeos/settings/mock_owner_key_util.h" 19#include "chrome/test/base/testing_profile.h" 20#include "components/policy/core/common/cloud/cloud_policy_constants.h" 21#include "components/policy/core/common/cloud/cloud_policy_validator.h" 22#include "components/policy/core/common/cloud/policy_builder.h" 23#include "content/public/test/test_browser_thread.h" 24#include "crypto/rsa_private_key.h" 25#include "policy/proto/device_management_backend.pb.h" 26#include "testing/gmock/include/gmock/gmock.h" 27#include "testing/gtest/include/gtest/gtest.h" 28 29namespace em = enterprise_management; 30 31using testing::Mock; 32using testing::_; 33 34namespace chromeos { 35 36class SessionManagerOperationTest : public testing::Test { 37 public: 38 SessionManagerOperationTest() 39 : ui_thread_(content::BrowserThread::UI, &message_loop_), 40 file_thread_(content::BrowserThread::FILE, &message_loop_), 41 owner_key_util_(new MockOwnerKeyUtil()), 42 validated_(false) {} 43 44 virtual void SetUp() OVERRIDE { 45 policy_.payload().mutable_pinned_apps()->add_app_id("fake-app"); 46 policy_.Build(); 47 48 profile_.reset(new TestingProfile()); 49 OwnerSettingsService::SetOwnerKeyUtilForTesting(owner_key_util_); 50 service_ = OwnerSettingsServiceFactory::GetForProfile(profile_.get()); 51 } 52 53 void TearDown() { OwnerSettingsService::SetOwnerKeyUtilForTesting(NULL); } 54 55 MOCK_METHOD2(OnOperationCompleted, 56 void(SessionManagerOperation*, DeviceSettingsService::Status)); 57 58 void CheckSuccessfulValidation( 59 policy::DeviceCloudPolicyValidator* validator) { 60 EXPECT_TRUE(validator->success()); 61 EXPECT_TRUE(validator->payload().get()); 62 EXPECT_EQ(validator->payload()->SerializeAsString(), 63 policy_.payload().SerializeAsString()); 64 validated_ = true; 65 } 66 67 void CheckPublicKeyLoaded(SessionManagerOperation* op) { 68 ASSERT_TRUE(op->public_key().get()); 69 ASSERT_TRUE(op->public_key()->is_loaded()); 70 std::vector<uint8> public_key; 71 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key)); 72 EXPECT_EQ(public_key, op->public_key()->data()); 73 } 74 75 protected: 76 base::MessageLoop message_loop_; 77 content::TestBrowserThread ui_thread_; 78 content::TestBrowserThread file_thread_; 79 80 policy::DevicePolicyBuilder policy_; 81 DeviceSettingsTestHelper device_settings_test_helper_; 82 scoped_refptr<MockOwnerKeyUtil> owner_key_util_; 83 84 scoped_ptr<TestingProfile> profile_; 85 OwnerSettingsService* service_; 86 87 bool validated_; 88 89 private: 90 DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest); 91}; 92 93TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) { 94 LoadSettingsOperation op( 95 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 96 base::Unretained(this))); 97 98 EXPECT_CALL(*this, 99 OnOperationCompleted( 100 &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE)); 101 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 102 device_settings_test_helper_.Flush(); 103 Mock::VerifyAndClearExpectations(this); 104 105 EXPECT_FALSE(op.policy_data().get()); 106 EXPECT_FALSE(op.device_settings().get()); 107 ASSERT_TRUE(op.public_key().get()); 108 EXPECT_FALSE(op.public_key()->is_loaded()); 109} 110 111TEST_F(SessionManagerOperationTest, LoadOwnerKey) { 112 owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey()); 113 LoadSettingsOperation op( 114 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 115 base::Unretained(this))); 116 117 EXPECT_CALL(*this, 118 OnOperationCompleted( 119 &op, DeviceSettingsService::STORE_NO_POLICY)); 120 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 121 device_settings_test_helper_.Flush(); 122 Mock::VerifyAndClearExpectations(this); 123 124 CheckPublicKeyLoaded(&op); 125} 126 127TEST_F(SessionManagerOperationTest, LoadPolicy) { 128 owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey()); 129 device_settings_test_helper_.set_policy_blob(policy_.GetBlob()); 130 LoadSettingsOperation op( 131 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 132 base::Unretained(this))); 133 134 EXPECT_CALL(*this, 135 OnOperationCompleted( 136 &op, DeviceSettingsService::STORE_SUCCESS)); 137 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 138 device_settings_test_helper_.Flush(); 139 Mock::VerifyAndClearExpectations(this); 140 141 ASSERT_TRUE(op.policy_data().get()); 142 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 143 op.policy_data()->SerializeAsString()); 144 ASSERT_TRUE(op.device_settings().get()); 145 EXPECT_EQ(policy_.payload().SerializeAsString(), 146 op.device_settings()->SerializeAsString()); 147} 148 149TEST_F(SessionManagerOperationTest, RestartLoad) { 150 owner_key_util_->SetPrivateKey(policy_.GetSigningKey()); 151 device_settings_test_helper_.set_policy_blob(policy_.GetBlob()); 152 LoadSettingsOperation op( 153 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 154 base::Unretained(this))); 155 156 EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0); 157 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 158 device_settings_test_helper_.FlushLoops(); 159 device_settings_test_helper_.FlushRetrieve(); 160 EXPECT_TRUE(op.public_key().get()); 161 EXPECT_TRUE(op.public_key()->is_loaded()); 162 Mock::VerifyAndClearExpectations(this); 163 164 // Now install a different key and policy and restart the operation. 165 policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey()); 166 policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true); 167 policy_.Build(); 168 device_settings_test_helper_.set_policy_blob(policy_.GetBlob()); 169 owner_key_util_->SetPrivateKey(policy_.GetSigningKey()); 170 171 EXPECT_CALL(*this, 172 OnOperationCompleted( 173 &op, DeviceSettingsService::STORE_SUCCESS)); 174 op.RestartLoad(true); 175 device_settings_test_helper_.Flush(); 176 Mock::VerifyAndClearExpectations(this); 177 178 // Check that the new keys have been loaded. 179 CheckPublicKeyLoaded(&op); 180 181 // Verify the new policy. 182 ASSERT_TRUE(op.policy_data().get()); 183 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 184 op.policy_data()->SerializeAsString()); 185 ASSERT_TRUE(op.device_settings().get()); 186 EXPECT_EQ(policy_.payload().SerializeAsString(), 187 op.device_settings()->SerializeAsString()); 188} 189 190TEST_F(SessionManagerOperationTest, StoreSettings) { 191 owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey()); 192 StoreSettingsOperation op( 193 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 194 base::Unretained(this)), 195 policy_.GetCopy()); 196 197 EXPECT_CALL(*this, 198 OnOperationCompleted( 199 &op, DeviceSettingsService::STORE_SUCCESS)); 200 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 201 device_settings_test_helper_.Flush(); 202 Mock::VerifyAndClearExpectations(this); 203 204 EXPECT_EQ(device_settings_test_helper_.policy_blob(), 205 policy_.GetBlob()); 206 ASSERT_TRUE(op.policy_data().get()); 207 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 208 op.policy_data()->SerializeAsString()); 209 ASSERT_TRUE(op.device_settings().get()); 210 EXPECT_EQ(policy_.payload().SerializeAsString(), 211 op.device_settings()->SerializeAsString()); 212} 213 214TEST_F(SessionManagerOperationTest, SignAndStoreSettings) { 215 owner_key_util_->SetPrivateKey(policy_.GetSigningKey()); 216 service_->OnTPMTokenReady(); 217 218 scoped_ptr<em::PolicyData> policy(new em::PolicyData(policy_.policy_data())); 219 SignAndStoreSettingsOperation op( 220 base::Bind(&SessionManagerOperationTest::OnOperationCompleted, 221 base::Unretained(this)), 222 policy.Pass()); 223 op.set_delegate(service_->as_weak_ptr()); 224 225 EXPECT_CALL(*this, 226 OnOperationCompleted( 227 &op, DeviceSettingsService::STORE_SUCCESS)); 228 op.Start(&device_settings_test_helper_, owner_key_util_, NULL); 229 device_settings_test_helper_.Flush(); 230 Mock::VerifyAndClearExpectations(this); 231 232 // The blob should validate. 233 scoped_ptr<em::PolicyFetchResponse> policy_response( 234 new em::PolicyFetchResponse()); 235 ASSERT_TRUE( 236 policy_response->ParseFromString( 237 device_settings_test_helper_.policy_blob())); 238 policy::DeviceCloudPolicyValidator* validator = 239 policy::DeviceCloudPolicyValidator::Create( 240 policy_response.Pass(), message_loop_.message_loop_proxy()); 241 validator->ValidateUsername(policy_.policy_data().username(), true); 242 const base::Time expected_time = base::Time::UnixEpoch() + 243 base::TimeDelta::FromMilliseconds(policy::PolicyBuilder::kFakeTimestamp); 244 validator->ValidateTimestamp( 245 expected_time, 246 expected_time, 247 policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 248 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType); 249 validator->ValidatePayload(); 250 std::vector<uint8> public_key; 251 policy_.GetSigningKey()->ExportPublicKey(&public_key); 252 // Convert from bytes to string format (which is what ValidateSignature() 253 // takes). 254 std::string public_key_as_string = std::string( 255 reinterpret_cast<const char*>(vector_as_array(&public_key)), 256 public_key.size()); 257 validator->ValidateSignature( 258 public_key_as_string, 259 policy::GetPolicyVerificationKey(), 260 policy::PolicyBuilder::kFakeDomain, 261 false); 262 validator->StartValidation( 263 base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation, 264 base::Unretained(this))); 265 266 message_loop_.RunUntilIdle(); 267 EXPECT_TRUE(validated_); 268 269 // Loaded device settings should match what the operation received. 270 ASSERT_TRUE(op.device_settings().get()); 271 EXPECT_EQ(policy_.payload().SerializeAsString(), 272 op.device_settings()->SerializeAsString()); 273} 274 275} // namespace chromeos 276