chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
   6
   7 #include <vector>
   8
   9 #include "base/basictypes.h"
  10 #include "base/compiler_specific.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/run_loop.h"
  13 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  14 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  15 #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h"
  16 #include "chromeos/cryptohome/cryptohome_library.h"
  17 #include "chromeos/dbus/fake_cryptohome_client.h"
  18 #include "policy/policy_constants.h"
  19 #include "testing/gtest/include/gtest/gtest.h"
  20
  21 namespace policy {
  22
  23 namespace {
  24
  25 void CopyLockResult(base::RunLoop* loop,
  26                     EnterpriseInstallAttributes::LockResult* out,
  27                     EnterpriseInstallAttributes::LockResult result) {
  28   *out = result;
  29   loop->Quit();
  30 }
  31
  32 }  // namespace
  33
  34 class DeviceCloudPolicyStoreChromeOSTest
  35     : public chromeos::DeviceSettingsTestBase {
  36  protected:
  37   DeviceCloudPolicyStoreChromeOSTest()
  38       : fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
  39         install_attributes_(new EnterpriseInstallAttributes(
  40             fake_cryptohome_client_.get())),
  41         store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
  42                                                   install_attributes_.get())) {
  43     fake_cryptohome_client_->Init(NULL /* no dbus::Bus */);
  44   }
  45
  46   virtual void SetUp() OVERRIDE {
  47     DeviceSettingsTestBase::SetUp();
  48
  49     base::RunLoop loop;
  50     EnterpriseInstallAttributes::LockResult result;
  51     install_attributes_->LockDevice(
  52         PolicyBuilder::kFakeUsername,
  53         DEVICE_MODE_ENTERPRISE,
  54         PolicyBuilder::kFakeDeviceId,
  55         base::Bind(&CopyLockResult, &loop, &result));
  56     loop.Run();
  57     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
  58   }
  59
  60   void ExpectFailure(CloudPolicyStore::Status expected_status) {
  61     EXPECT_EQ(expected_status, store_->status());
  62     EXPECT_TRUE(store_->is_initialized());
  63     EXPECT_FALSE(store_->has_policy());
  64     EXPECT_FALSE(store_->is_managed());
  65   }
  66
  67   void ExpectSuccess() {
  68     EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
  69     EXPECT_TRUE(store_->is_initialized());
  70     EXPECT_TRUE(store_->has_policy());
  71     EXPECT_TRUE(store_->is_managed());
  72     EXPECT_TRUE(store_->policy());
  73     base::FundamentalValue expected(false);
  74     EXPECT_TRUE(
  75         base::Value::Equals(&expected,
  76                             store_->policy_map().GetValue(
  77                                 key::kDeviceMetricsReportingEnabled)));
  78   }
  79
  80   void PrepareExistingPolicy() {
  81     store_->Load();
  82     FlushDeviceSettings();
  83     ExpectSuccess();
  84
  85     device_policy_.UnsetNewSigningKey();
  86     device_policy_.Build();
  87   }
  88
  89   void PrepareNewSigningKey() {
  90     device_policy_.SetDefaultNewSigningKey();
  91     device_policy_.Build();
  92     owner_key_util_->SetPublicKeyFromPrivateKey(
  93         *device_policy_.GetNewSigningKey());
  94   }
  95
  96   void ResetToNonEnterprise() {
  97     store_.reset();
  98     chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
  99                                                     std::string());
 100     install_attributes_.reset(new EnterpriseInstallAttributes(
 101         fake_cryptohome_client_.get()));
 102     store_.reset(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
 103                                                     install_attributes_.get()));
 104   }
 105
 106   scoped_ptr<chromeos::FakeCryptohomeClient> fake_cryptohome_client_;
 107   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
 108
 109   scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
 110
 111  private:
 112   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
 113 };
 114
 115 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
 116   owner_key_util_->Clear();
 117   store_->Load();
 118   FlushDeviceSettings();
 119   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 120 }
 121
 122 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
 123   device_settings_test_helper_.set_policy_blob(std::string());
 124   store_->Load();
 125   FlushDeviceSettings();
 126   ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
 127 }
 128
 129 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
 130   ResetToNonEnterprise();
 131   store_->Load();
 132   FlushDeviceSettings();
 133   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 134 }
 135
 136 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
 137   store_->Load();
 138   FlushDeviceSettings();
 139   ExpectSuccess();
 140 }
 141
 142 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
 143   PrepareExistingPolicy();
 144   store_->Store(device_policy_.policy());
 145   FlushDeviceSettings();
 146   ExpectSuccess();
 147 }
 148
 149 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
 150   PrepareExistingPolicy();
 151   device_policy_.policy().clear_policy_data_signature();
 152   store_->Store(device_policy_.policy());
 153   FlushDeviceSettings();
 154   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 155   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 156             store_->validation_status());
 157 }
 158
 159 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
 160   PrepareExistingPolicy();
 161   device_policy_.policy().set_policy_data_signature("invalid");
 162   store_->Store(device_policy_.policy());
 163   FlushDeviceSettings();
 164   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 165   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 166             store_->validation_status());
 167 }
 168
 169 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
 170   PrepareExistingPolicy();
 171   device_policy_.SetDefaultNewSigningKey();
 172   device_policy_.Build();
 173   store_->Store(device_policy_.policy());
 174   device_settings_test_helper_.FlushLoops();
 175   device_settings_test_helper_.FlushStore();
 176   owner_key_util_->SetPublicKeyFromPrivateKey(
 177       *device_policy_.GetNewSigningKey());
 178   ReloadDeviceSettings();
 179   ExpectSuccess();
 180 }
 181
 182 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
 183   PrepareNewSigningKey();
 184   store_->InstallInitialPolicy(device_policy_.policy());
 185   FlushDeviceSettings();
 186   ExpectSuccess();
 187 }
 188
 189 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
 190   PrepareNewSigningKey();
 191   device_policy_.policy().clear_policy_data_signature();
 192   store_->InstallInitialPolicy(device_policy_.policy());
 193   FlushDeviceSettings();
 194   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 195   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 196             store_->validation_status());
 197 }
 198
 199 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
 200   PrepareNewSigningKey();
 201   device_policy_.policy().clear_new_public_key();
 202   store_->InstallInitialPolicy(device_policy_.policy());
 203   FlushDeviceSettings();
 204   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 205   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 206             store_->validation_status());
 207 }
 208
 209 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
 210   PrepareNewSigningKey();
 211   ResetToNonEnterprise();
 212   store_->InstallInitialPolicy(device_policy_.policy());
 213   FlushDeviceSettings();
 214   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 215 }
 216
 217 }  // namespace policy