1b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// found in the LICENSE file. 4b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 5b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h" 6b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 7b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include <string> 8b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 9a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/bind.h" 10a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/location.h" 11a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/message_loop/message_loop_proxy.h" 12b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "base/prefs/pref_service.h" 135e3f23d412006dc4db4e659864679f29341e113fTorne (Richard Coles)#include "base/strings/stringprintf.h" 14b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "base/values.h" 15b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" 16b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" 17b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chrome/browser/extensions/extension_function_test_utils.h" 18b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chrome/common/pref_names.h" 19b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chrome/test/base/browser_with_test_window_test.h" 20b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chromeos/attestation/attestation_constants.h" 21b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chromeos/attestation/mock_attestation_flow.h" 22b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chromeos/cryptohome/async_method_caller.h" 23b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chromeos/cryptohome/mock_async_method_caller.h" 24b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chromeos/dbus/dbus_method_call_status.h" 25b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "chromeos/dbus/mock_cryptohome_client.h" 264e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#include "chromeos/settings/cros_settings_provider.h" 27a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_constants.h" 281320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "extensions/common/test_util.h" 29b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "testing/gmock/include/gmock/gmock.h" 30b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 31b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)#include "third_party/cros_system_api/dbus/service_constants.h" 32b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 33b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)using testing::_; 34b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)using testing::Invoke; 35b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)using testing::NiceMock; 36b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)using testing::Return; 370f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)using testing::WithArgs; 38b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 39b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)namespace utils = extension_function_test_utils; 40b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 41b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)namespace extensions { 42b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)namespace { 43b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 440f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)// Certificate errors as reported to the calling extension. 450f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)const int kDBusError = 1; 460f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)const int kUserRejected = 2; 470f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)const int kGetCertificateFailed = 3; 480f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)const int kResetRequired = 4; 490f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 500f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)// A simple functor to invoke a callback with predefined arguments. 510f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)class FakeBoolDBusMethod { 520f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) public: 530f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) FakeBoolDBusMethod(chromeos::DBusMethodCallStatus status, bool value) 540f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) : status_(status), 550f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) value_(value) {} 560f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 570f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) void operator() (const chromeos::BoolDBusMethodCallback& callback) { 58a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 59a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 60a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, status_, value_)); 610f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) } 62b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 630f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) private: 640f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBusMethodCallStatus status_; 650f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) bool value_; 660f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)}; 67b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 68b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void RegisterKeyCallbackTrue( 69b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationKeyType key_type, 708bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 71b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& key_name, 72b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const cryptohome::AsyncMethodCaller::Callback& callback) { 73a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 74a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 75a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, true, cryptohome::MOUNT_ERROR_NONE)); 76b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 77b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 78b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void RegisterKeyCallbackFalse( 79b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationKeyType key_type, 808bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 81b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& key_name, 82b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const cryptohome::AsyncMethodCaller::Callback& callback) { 83a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 84a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 85a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, false, cryptohome::MOUNT_ERROR_NONE)); 86b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 87b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 88b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void SignChallengeCallbackTrue( 89b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationKeyType key_type, 908bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 91b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& key_name, 92b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& domain, 93b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& device_id, 94b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationChallengeOptions options, 95b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& challenge, 96b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const cryptohome::AsyncMethodCaller::DataCallback& callback) { 97a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 98a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 99a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, true, "response")); 100b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 101b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 102b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void SignChallengeCallbackFalse( 103b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationKeyType key_type, 1048bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 105b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& key_name, 106b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& domain, 107b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& device_id, 108b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationChallengeOptions options, 109b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const std::string& challenge, 110b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const cryptohome::AsyncMethodCaller::DataCallback& callback) { 111a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 112a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 113a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, false, "")); 114b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 115b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 116b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void GetCertificateCallbackTrue( 117b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationCertificateProfile certificate_profile, 1188bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 1193551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const std::string& request_origin, 120b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) bool force_new_key, 121b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const chromeos::attestation::AttestationFlow::CertificateCallback& 122b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) callback) { 123a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 124a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 125a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, true, "certificate")); 126b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 127b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 128b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)void GetCertificateCallbackFalse( 129b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::AttestationCertificateProfile certificate_profile, 1308bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) const std::string& user_id, 1313551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) const std::string& request_origin, 132b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) bool force_new_key, 133b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) const chromeos::attestation::AttestationFlow::CertificateCallback& 134b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) callback) { 135a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::MessageLoopProxy::current()->PostTask( 136a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) FROM_HERE, 137a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Bind(callback, false, "")); 138b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 139b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 140b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { 141b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) protected: 1421320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EPKPChallengeKeyTestBase() : extension_(test_util::CreateEmptyExtension()) { 143b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // Set up the default behavior of mocks. 1448bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) ON_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 1450f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillByDefault(WithArgs<3>(Invoke(FakeBoolDBusMethod( 1460f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_SUCCESS, false)))); 1470f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) ON_CALL(mock_cryptohome_client_, TpmAttestationIsPrepared(_)) 1480f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillByDefault(Invoke(FakeBoolDBusMethod( 1490f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_SUCCESS, true))); 1508bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) ON_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) 151b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillByDefault(Invoke(RegisterKeyCallbackTrue)); 152b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) ON_CALL(mock_async_method_caller_, 1538bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) 154b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillByDefault(Invoke(SignChallengeCallbackTrue)); 1553551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) ON_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) 156b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillByDefault(Invoke(GetCertificateCallbackTrue)); 157b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 158b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // Set the Enterprise install attributes. 159b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_install_attributes_.SetDomain("google.com"); 160b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_install_attributes_.SetRegistrationUser("test@google.com"); 161b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_install_attributes_.SetDeviceId("device_id"); 162b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_install_attributes_.SetMode(policy::DEVICE_MODE_ENTERPRISE); 163b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 164b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // Replace the default device setting provider with the stub. 165b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) device_settings_provider_ = chromeos::CrosSettings::Get()->GetProvider( 166b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::kReportDeviceVersionInfo); 167b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(device_settings_provider_ != NULL); 168b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(chromeos::CrosSettings::Get()-> 169b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) RemoveSettingsProvider(device_settings_provider_)); 170b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::CrosSettings::Get()-> 171b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) AddSettingsProvider(&stub_settings_provider_); 172b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 173b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // Set the device settings. 174b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_settings_provider_.Set(chromeos::kDeviceAttestationEnabled, 175b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) base::FundamentalValue(true)); 176b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) } 177b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 178b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) virtual ~EPKPChallengeKeyTestBase() { 179b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(chromeos::CrosSettings::Get()-> 180b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) RemoveSettingsProvider(&stub_settings_provider_)); 181b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::CrosSettings::Get()-> 182b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) AddSettingsProvider(device_settings_provider_); 183b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) } 184b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 185a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) virtual void SetUp() OVERRIDE { 186a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) BrowserWithTestWindowTest::SetUp(); 187a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) 188a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) // Set the user preferences. 189a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) prefs_ = browser()->profile()->GetPrefs(); 190a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) prefs_->SetString(prefs::kGoogleServicesUsername, "test@google.com"); 19190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::ListValue whitelist; 19290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) whitelist.AppendString(extension_->id()); 19390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) prefs_->Set(prefs::kAttestationExtensionWhitelist, whitelist); 194a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) } 195a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) 196b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) NiceMock<chromeos::MockCryptohomeClient> mock_cryptohome_client_; 197b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) NiceMock<cryptohome::MockAsyncMethodCaller> mock_async_method_caller_; 198b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) NiceMock<chromeos::attestation::MockAttestationFlow> mock_attestation_flow_; 199b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) scoped_refptr<extensions::Extension> extension_; 200b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) policy::StubEnterpriseInstallAttributes stub_install_attributes_; 201b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::CrosSettingsProvider* device_settings_provider_; 202b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::StubCrosSettingsProvider stub_settings_provider_; 203a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) PrefService* prefs_; 204b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)}; 205b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 206b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)class EPKPChallengeMachineKeyTest : public EPKPChallengeKeyTestBase { 207b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) protected: 208b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kArgs[]; 209b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 210b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeMachineKeyTest() 211b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) : func_(new EPKPChallengeMachineKey(&mock_cryptohome_client_, 212b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) &mock_async_method_caller_, 213b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) &mock_attestation_flow_, 214b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) &stub_install_attributes_)) { 215b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) func_->set_extension(extension_.get()); 216b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) } 217b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 2180f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) // Returns an error string for the given code. 2190f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) std::string GetCertificateError(int error_code) { 2200f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) return base::StringPrintf( 2210f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EPKPChallengeMachineKey::kGetCertificateFailedError, 2220f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) error_code); 2230f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) } 2240f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 225b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) scoped_refptr<EPKPChallengeMachineKey> func_; 226b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)}; 227b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 228b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// Base 64 encoding of 'challenge'. 229b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)const char EPKPChallengeMachineKeyTest::kArgs[] = "[\"Y2hhbGxlbmdl\"]"; 230b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 231b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, ChallengeBadBase64) { 232b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kChallengeBadBase64Error, 233b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError( 234b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) func_.get(), "[\"****\"]", browser())); 235b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 236b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 237b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, NonEnterpriseDevice) { 238b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_install_attributes_.SetRegistrationUser(""); 239b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 240b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeMachineKey::kNonEnterpriseDeviceError, 241b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 242b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 243b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 24490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, ExtensionNotWhitelisted) { 24590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::ListValue empty_whitelist; 24690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) prefs_->Set(prefs::kAttestationExtensionWhitelist, empty_whitelist); 24790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 24890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kExtensionNotWhitelistedError, 24990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 25090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 25190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 25290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, UserNotManaged) { 253a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) prefs_->SetString(prefs::kGoogleServicesUsername, "test@chromium.org"); 254a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) 25590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kUserNotManaged, 256a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 257a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles)} 258a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) 259b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, DevicePolicyDisabled) { 260b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_settings_provider_.Set(chromeos::kDeviceAttestationEnabled, 261b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) base::FundamentalValue(false)); 262b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 263b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kDevicePolicyDisabledError, 264b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 265b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 266b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 267b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, DoesKeyExistDbusFailed) { 2688bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 2690f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(FakeBoolDBusMethod( 2700f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_FAILURE, false)))); 271b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 2720f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kDBusError), 273b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 274b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 275b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 276b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, GetCertificateFailed) { 2773551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) 278b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillRepeatedly(Invoke(GetCertificateCallbackFalse)); 279b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 2800f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kGetCertificateFailed), 281b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 282b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 283b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 284b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, SignChallengeFailed) { 285b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, 2868bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) 287b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillRepeatedly(Invoke(SignChallengeCallbackFalse)); 288b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 289b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kSignChallengeFailedError, 290b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 291b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 292b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 293b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, KeyExists) { 2948bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 2950f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(FakeBoolDBusMethod( 2960f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_SUCCESS, true)))); 297b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // GetCertificate must not be called if the key exists. 2983551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) 299b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(0); 300b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 301b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(utils::RunFunction(func_.get(), kArgs, browser(), utils::NONE)); 302b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 303b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 304b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, Success) { 305b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // GetCertificate must be called exactly once. 306b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, 307b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) GetCertificate( 308b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, 3093551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) _, _, _, _)) 310b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(1); 311b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // SignEnterpriseChallenge must be called exactly once. 312b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, 313b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) TpmAttestationSignEnterpriseChallenge( 3148bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) chromeos::attestation::KEY_DEVICE, "", "attest-ent-machine", 315b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) "google.com", "device_id", _, "challenge", _)) 316b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(1); 317b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 318a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult( 319a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) func_.get(), kArgs, browser(), utils::NONE)); 320b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 321b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) std::string response; 322b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) value->GetAsString(&response); 323b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ("cmVzcG9uc2U=" /* Base64 encoding of 'response' */, response); 324b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 325b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 3260f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, AttestationNotPrepared) { 3270f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationIsPrepared(_)) 3280f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(Invoke(FakeBoolDBusMethod( 3290f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_SUCCESS, false))); 3300f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 3310f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kResetRequired), 3320f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 3330f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 3340f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 3350f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(EPKPChallengeMachineKeyTest, AttestationPreparedDbusFailed) { 3360f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationIsPrepared(_)) 3370f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(Invoke(FakeBoolDBusMethod( 3380f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_FAILURE, true))); 3390f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 3400f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kDBusError), 3410f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 3420f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 3430f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 344b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)class EPKPChallengeUserKeyTest : public EPKPChallengeKeyTestBase { 345b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) protected: 346b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) static const char kArgs[]; 347b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 348b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeUserKeyTest() : 349b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) func_(new EPKPChallengeUserKey(&mock_cryptohome_client_, 350b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) &mock_async_method_caller_, 351b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) &mock_attestation_flow_, 352b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) &stub_install_attributes_)) { 353b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) func_->set_extension(extension_.get()); 354b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) } 355b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 356b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) virtual void SetUp() OVERRIDE { 357b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EPKPChallengeKeyTestBase::SetUp(); 358b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 359b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // Set the user preferences. 360b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) prefs_->SetBoolean(prefs::kAttestationEnabled, true); 361b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) } 362b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 3630f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) // Returns an error string for the given code. 3640f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) std::string GetCertificateError(int error_code) { 3650f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) return base::StringPrintf(EPKPChallengeUserKey::kGetCertificateFailedError, 3660f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) error_code); 3670f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) } 3680f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 369b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) scoped_refptr<EPKPChallengeUserKey> func_; 370b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)}; 371b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 372b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)// Base 64 encoding of 'challenge' 373b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)const char EPKPChallengeUserKeyTest::kArgs[] = "[\"Y2hhbGxlbmdl\", true]"; 374b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 375b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, ChallengeBadBase64) { 376b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kChallengeBadBase64Error, 377b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError( 378b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) func_.get(), "[\"****\", true]", browser())); 379b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 380b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 381b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, UserPolicyDisabled) { 382b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) prefs_->SetBoolean(prefs::kAttestationEnabled, false); 383b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 384b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeUserKey::kUserPolicyDisabledError, 385b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 386b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 387b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 388b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, ExtensionNotWhitelisted) { 389b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) base::ListValue empty_whitelist; 390b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) prefs_->Set(prefs::kAttestationExtensionWhitelist, empty_whitelist); 391b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 39290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kExtensionNotWhitelistedError, 393b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 394b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 395b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 39690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, UserNotManaged) { 397b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) prefs_->SetString(prefs::kGoogleServicesUsername, "test@chromium.org"); 398b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 39990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kUserNotManaged, 400b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 401b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 402b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 403b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, DevicePolicyDisabled) { 404b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_settings_provider_.Set(chromeos::kDeviceAttestationEnabled, 405b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) base::FundamentalValue(false)); 406b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 407b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kDevicePolicyDisabledError, 408b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 409b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 410b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 411b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, DoesKeyExistDbusFailed) { 4128bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 4130f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(FakeBoolDBusMethod( 4140f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_FAILURE, false)))); 415b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 4160f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kDBusError), 417b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 418b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 419b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 420b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailed) { 4213551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) 422b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillRepeatedly(Invoke(GetCertificateCallbackFalse)); 423b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 4240f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kGetCertificateFailed), 425b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 426b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 427b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 428b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, SignChallengeFailed) { 429b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, 4308bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) 431b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillRepeatedly(Invoke(SignChallengeCallbackFalse)); 432b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 433b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeKeyBase::kSignChallengeFailedError, 434b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 435b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 436b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 437b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, KeyRegistrationFailed) { 4388bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) 439b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .WillRepeatedly(Invoke(RegisterKeyCallbackFalse)); 440b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 441b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ(EPKPChallengeUserKey::kKeyRegistrationFailedError, 442b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 443b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 444b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 445b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, KeyExists) { 4468bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) 4470f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(WithArgs<3>(Invoke(FakeBoolDBusMethod( 4480f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_SUCCESS, true)))); 449b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // GetCertificate must not be called if the key exists. 4503551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) 451b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(0); 452b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 453b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(utils::RunFunction(func_.get(), kArgs, browser(), utils::NONE)); 454b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 455b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 456b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, KeyNotRegistered) { 4578bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) 458b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(0); 459b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 460b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_TRUE(utils::RunFunction( 461b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) func_.get(), "[\"Y2hhbGxlbmdl\", false]", browser(), utils::NONE)); 462b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 463b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 464b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, PersonalDevice) { 465b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) stub_install_attributes_.SetRegistrationUser(""); 466b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 467b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // Currently personal devices are not supported. 4680f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kUserRejected), 469b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 470b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 471b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 472b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, Success) { 473b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // GetCertificate must be called exactly once. 474b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_attestation_flow_, 475b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) GetCertificate( 476b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, 4773551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) _, _, _, _)) 478b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(1); 479b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // SignEnterpriseChallenge must be called exactly once. 480b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, 481b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) TpmAttestationSignEnterpriseChallenge( 4828bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) chromeos::attestation::KEY_USER, "test@google.com", 4838bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) "attest-ent-user", "test@google.com", "device_id", _, 4848bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) "challenge", _)) 485b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(1); 486b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) // RegisterKey must be called exactly once. 487b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_CALL(mock_async_method_caller_, 488b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) TpmAttestationRegisterKey(chromeos::attestation::KEY_USER, 4898bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) "test@google.com", 490b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) "attest-ent-user", _)) 491b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) .Times(1); 492b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 493a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult( 494a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) func_.get(), kArgs, browser(), utils::NONE)); 495b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 496b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) std::string response; 497b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) value->GetAsString(&response); 498b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) EXPECT_EQ("cmVzcG9uc2U=" /* Base64 encoding of 'response' */, response); 499b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} 500b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles) 5010f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, AttestationNotPrepared) { 5020f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationIsPrepared(_)) 5030f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(Invoke(FakeBoolDBusMethod( 5040f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_SUCCESS, false))); 5050f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 5060f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kResetRequired), 5070f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 5080f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 5090f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 5100f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)TEST_F(EPKPChallengeUserKeyTest, AttestationPreparedDbusFailed) { 5110f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_CALL(mock_cryptohome_client_, TpmAttestationIsPrepared(_)) 5120f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) .WillRepeatedly(Invoke(FakeBoolDBusMethod( 5130f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) chromeos::DBUS_METHOD_CALL_FAILURE, true))); 5140f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 5150f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) EXPECT_EQ(GetCertificateError(kDBusError), 5160f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) utils::RunFunctionAndReturnError(func_.get(), kArgs, browser())); 5170f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles)} 5180f1bc08d4cfcc34181b0b5cbf065c40f687bf740Torne (Richard Coles) 519b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} // namespace 520b2df76ea8fec9e32f6f3718986dba0d95315b29cTorne (Richard Coles)} // namespace extensions 521