15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <vector> 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/bind.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 99ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 108bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles)#include "base/message_loop/message_loop_proxy.h" 115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/stl_util.h" 12868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#include "base/strings/string_util.h" 13a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_constants.h" 14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_validator.h" 15a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/policy_builder.h" 165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/policy_switches.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/rsa_private_key.h" 185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "policy/proto/device_management_backend.pb.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "testing/gmock/include/gmock/gmock.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace em = enterprise_management; 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using testing::Invoke; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using testing::Mock; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace policy { 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ACTION_P(CheckStatus, expected_status) { 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(expected_status, arg0->status()); 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class CloudPolicyValidatorTest : public testing::Test { 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CloudPolicyValidatorTest() 385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) : timestamp_(base::Time::UnixEpoch() + 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::TimeDelta::FromMilliseconds( 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PolicyBuilder::kFakeTimestamp)), 4158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) timestamp_option_(CloudPolicyValidatorBase::TIMESTAMP_REQUIRED), 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) ignore_missing_dm_token_(CloudPolicyValidatorBase::DM_TOKEN_REQUIRED), 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allow_key_rotation_(true), 445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) existing_dm_token_(PolicyBuilder::kFakeToken), 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) owning_domain_(PolicyBuilder::kFakeDomain), 465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) cached_key_signature_(PolicyBuilder::GetTestSigningKeySignature()) { 472385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.SetDefaultNewSigningKey(); 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { 515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.Build(); 525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ValidatePolicy(check_action, policy_.GetCopy()); 535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void ValidatePolicy( 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) testing::Action<void(UserCloudPolicyValidator*)> check_action, 575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response) { 582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Create a validator. 595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( 605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_response.Pass()); 612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Run validation and check the result. 632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) EXPECT_CALL(*this, ValidationCompletion(validator.get())).WillOnce( 642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) check_action); 652a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator.release()->StartValidation( 662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Bind(&CloudPolicyValidatorTest::ValidationCompletion, 672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Unretained(this))); 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) loop_.RunUntilIdle(); 692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) Mock::VerifyAndClearExpectations(this); 702a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<UserCloudPolicyValidator> CreateValidator( 735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response) { 745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::vector<uint8> public_key_bytes; 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) EXPECT_TRUE( 765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PolicyBuilder::CreateTestSigningKey()->ExportPublicKey( 775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &public_key_bytes)); 785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Convert from bytes to string format (which is what ValidateSignature() 805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // takes). 815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string public_key = std::string( 825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) reinterpret_cast<const char*>(vector_as_array(&public_key_bytes)), 835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public_key_bytes.size()); 842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 858bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) UserCloudPolicyValidator* validator = UserCloudPolicyValidator::Create( 865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_response.Pass(), base::MessageLoopProxy::current()); 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidateTimestamp(timestamp_, timestamp_, 8858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) timestamp_option_); 89a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) validator->ValidateUsername(PolicyBuilder::kFakeUsername, true); 905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (!owning_domain_.empty()) 915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateDomain(owning_domain_); 922a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator->ValidateDMToken(existing_dm_token_, ignore_missing_dm_token_); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidatePayload(); 955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateCachedKey(public_key, 965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) cached_key_signature_, 975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetPolicyVerificationKey(), 985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) owning_domain_); 995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateSignature(public_key, 1005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetPolicyVerificationKey(), 1015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) owning_domain_, 1025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) allow_key_rotation_); 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (allow_key_rotation_) 1045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateInitialKey(GetPolicyVerificationKey(), owning_domain_); 1052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return make_scoped_ptr(validator); 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_TRUE(validator->success()); 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(policy_.policy().SerializeAsString(), 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->policy()->SerializeAsString()); 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(policy_.policy_data().SerializeAsString(), 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->policy_data()->SerializeAsString()); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EXPECT_EQ(policy_.payload().SerializeAsString(), 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->payload()->SerializeAsString()); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::MessageLoopForUI loop_; 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time timestamp_; 12158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CloudPolicyValidatorBase::ValidateTimestampOption timestamp_option_; 1222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CloudPolicyValidatorBase::ValidateDMTokenOption ignore_missing_dm_token_; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string signing_key_; 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool allow_key_rotation_; 1252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::string existing_dm_token_; 1265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string owning_domain_; 1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string cached_key_signature_; 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UserPolicyBuilder policy_; 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(CloudPolicyValidatorTest); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, SuccessfulValidation) { 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(Invoke(this, &CloudPolicyValidatorTest::CheckSuccessfulValidation)); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidation) { 1425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.Build(); 1435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( 1445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.GetCopy()); 1452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Run validation immediately (no background tasks). 1462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator->RunValidation(); 1472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CheckSuccessfulValidation(validator.get()); 1482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 1492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithNoExistingDMToken) { 1512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) existing_dm_token_.clear(); 1522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) Validate(Invoke(this, &CloudPolicyValidatorTest::CheckSuccessfulValidation)); 1532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 1542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1552a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithNoDMTokens) { 1562a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) existing_dm_token_.clear(); 1572a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) policy_.policy_data().clear_request_token(); 1582a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) ignore_missing_dm_token_ = CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED; 1592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) Validate(Invoke(this, &CloudPolicyValidatorTest::CheckSuccessfulValidation)); 1602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 1612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, UsernameCanonicalization) { 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().set_username( 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) StringToUpperASCII(std::string(PolicyBuilder::kFakeUsername))); 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoPolicyType) { 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().clear_policy_type(); 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE)); 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorWrongPolicyType) { 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().set_policy_type("invalid"); 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE)); 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoTimestamp) { 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().clear_timestamp(); 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, IgnoreMissingTimestamp) { 18458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) timestamp_option_ = CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED; 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().clear_timestamp(); 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) { 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time timestamp(timestamp_ - base::TimeDelta::FromMinutes(5)); 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().set_timestamp( 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (timestamp - base::Time::UnixEpoch()).InMilliseconds()); 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorTimestampFromTheFuture) { 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().set_timestamp( 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (timestamp - base::Time::UnixEpoch()).InMilliseconds()); 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 20358537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)TEST_F(CloudPolicyValidatorTest, IgnoreErrorTimestampFromTheFuture) { 20458537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); 20558537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) timestamp_option_ = 20658537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE; 20758537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) policy_.policy_data().set_timestamp( 20858537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) (timestamp - base::Time::UnixEpoch()).InMilliseconds()); 20958537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); 21058537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles)} 21158537e28ecd584eab876aee8be7156509866d23aTorne (Richard Coles) 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoRequestToken) { 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().clear_request_token(); 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_TOKEN)); 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoRequestTokenNotRequired) { 2182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Even though DMTokens are not required, if the existing policy has a token, 2192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // we should still generate an error if the new policy has none. 2202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) policy_.policy_data().clear_request_token(); 2212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) ignore_missing_dm_token_ = CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED; 2222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_TOKEN)); 2232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 2242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 2252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoRequestTokenNoTokenPassed) { 2262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Mimic the first fetch of policy (no existing DM token) - should still 2272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // complain about not having any DMToken. 2282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) existing_dm_token_.clear(); 2292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) policy_.policy_data().clear_request_token(); 2302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_TOKEN)); 2312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 2322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidRequestToken) { 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().set_request_token("invalid"); 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_TOKEN)); 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoPolicyValue) { 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.clear_payload(); 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate( 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CheckStatus(CloudPolicyValidatorBase::VALIDATION_POLICY_PARSE_ERROR)); 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidPolicyValue) { 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.clear_payload(); 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().set_policy_value("invalid"); 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate( 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CheckStatus(CloudPolicyValidatorBase::VALIDATION_POLICY_PARSE_ERROR)); 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoUsername) { 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy_data().clear_username(); 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_USERNAME)); 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidUsername) { 2575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.policy_data().set_username("invalid@example.com"); 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_USERNAME)); 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorErrorMessage) { 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().set_error_message("error"); 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate( 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CheckStatus(CloudPolicyValidatorBase::VALIDATION_ERROR_CODE_PRESENT)); 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorErrorCode) { 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().set_error_code(42); 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate( 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CheckStatus(CloudPolicyValidatorBase::VALIDATION_ERROR_CODE_PRESENT)); 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoSignature) { 2742385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetSigningKey(); 2752385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().clear_policy_data_signature(); 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidSignature) { 2812385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetSigningKey(); 2822385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().set_policy_data_signature("invalid"); 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoPublicKey) { 2882385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetSigningKey(); 2892385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().clear_new_public_key(); 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKey) { 2952385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetSigningKey(); 2962385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().set_new_public_key("invalid"); 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoPublicKeySignature) { 3022385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetSigningKey(); 3032385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().clear_new_public_key_signature(); 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeySignature) { 3092385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetSigningKey(); 3102385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_.policy().set_new_public_key_signature("invalid"); 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#if !defined(OS_CHROMEOS) 3165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Validation key is not currently checked on Chrome OS 3175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// (http://crbug.com/328038). 3185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeyVerificationSignature) { 3195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.Build(); 3205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.policy().set_new_public_key_verification_signature("invalid"); 3215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ValidatePolicy(CheckStatus( 3225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE), 3235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.GetCopy()); 3245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorDomainMismatchForKeyVerification) { 3275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.Build(); 3285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Generate a non-matching owning_domain, which should cause a validation 3295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // failure. 3305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) owning_domain_ = "invalid.com"; 3315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ValidatePolicy(CheckStatus( 3325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE), 3335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.GetCopy()); 3345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorDomainExtractedFromUsernameMismatch) { 3375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Generate a non-matching username domain, which should cause a validation 3385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // failure when we try to verify the signing key with it. 3395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.policy_data().set_username("wonky@invalid.com"); 3405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.Build(); 3415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Pass an empty domain to tell validator to extract the domain from the 3425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // policy's |username| field. 3435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) owning_domain_ = ""; 3445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ValidatePolicy(CheckStatus( 3455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE), 3465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy_.GetCopy()); 3475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoCachedKeySignature) { 3505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Generate an empty cached_key_signature_ and this should cause a validation 3515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // error when we try to verify the signing key with it. 3525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) cached_key_signature_ = ""; 3535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) Validate(CheckStatus( 3545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE)); 3555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorInvalidCachedKeySignature) { 3585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Generate a key signature for a different key (one that does not match 3595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // the signing key) and this should cause a validation error when we try to 3605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // verify the signing key with it. 3615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) cached_key_signature_ = PolicyBuilder::GetTestOtherSigningKeySignature(); 3625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) Validate(CheckStatus( 3635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE)); 3645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif 3665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, SuccessfulNoDomainValidation) { 3685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Don't pass in a domain - this tells the validation code to instead 3695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // extract the domain from the username. 3705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) owning_domain_ = ""; 3715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) Validate(Invoke(this, &CloudPolicyValidatorTest::CheckSuccessfulValidation)); 3725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, ErrorNoRotationAllowed) { 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allow_key_rotation_ = false; 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)TEST_F(CloudPolicyValidatorTest, NoRotation) { 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allow_key_rotation_ = false; 3812385ea399aae016c0806a4f9ef3c9cfe3d2a39dfBen Murdoch policy_.UnsetNewSigningKey(); 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); 3835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace policy 388