Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / system / device_disabling_manager_unittest.cc
blobd01d4dda7f9c18925c0b4644f852c57d3c6f88f7
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/system/device_disabling_manager.h"
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/command_line.h"
10 #include "base/memory/ref_counted.h"
11 #include "base/prefs/scoped_user_pref_update.h"
12 #include "base/prefs/testing_pref_service.h"
13 #include "base/run_loop.h"
14 #include "chrome/browser/browser_process_platform_part.h"
15 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
16 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
17 #include "chrome/browser/chromeos/policy/device_policy_builder.h"
18 #include "chrome/browser/chromeos/policy/server_backed_device_state.h"
19 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
20 #include "chrome/browser/chromeos/settings/device_settings_service.h"
21 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
22 #include "chrome/common/pref_names.h"
23 #include "chrome/test/base/testing_browser_process.h"
24 #include "chromeos/chromeos_switches.h"
25 #include "components/ownership/mock_owner_key_util.h"
26 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
27 #include "components/user_manager/fake_user_manager.h"
28 #include "content/public/test/test_browser_thread_bundle.h"
29 #include "policy/proto/device_management_backend.pb.h"
30 #include "testing/gmock/include/gmock/gmock.h"
31 #include "testing/gtest/include/gtest/gtest.h"
33 using testing::_;
34 using testing::Mock;
36 namespace chromeos {
37 namespace system {
39 namespace {
41 const char kTestUser[] = "user@example.com";
42 const char kEnrollmentDomain[] = "example.com";
43 const char kDisabledMessage1[] = "Device disabled 1.";
44 const char kDisabledMessage2[] = "Device disabled 2.";
48 class DeviceDisablingManagerTestBase : public testing::Test,
49 public DeviceDisablingManager::Delegate {
50 public:
51 DeviceDisablingManagerTestBase();
53 // testing::Test:
54 void TearDown() override;
56 virtual void CreateDeviceDisablingManager();
57 virtual void DestroyDeviceDisablingManager();
59 void UpdateInstallAttributes(const std::string& enrollment_domain,
60 const std::string& registration_user,
61 policy::DeviceMode device_mode);
62 void LogIn();
64 // DeviceDisablingManager::Delegate:
65 MOCK_METHOD0(RestartToLoginScreen, void());
66 MOCK_METHOD0(ShowDeviceDisabledScreen, void());
68 DeviceDisablingManager* GetDeviceDisablingManager() {
69 return device_disabling_manager_.get();
72 private:
73 policy::ScopedStubEnterpriseInstallAttributes install_attributes_;
74 chromeos::ScopedTestDeviceSettingsService test_device_settings_service_;
75 chromeos::ScopedTestCrosSettings test_cros_settings_;
76 user_manager::FakeUserManager fake_user_manager_;
77 scoped_ptr<DeviceDisablingManager> device_disabling_manager_;
79 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTestBase);
82 DeviceDisablingManagerTestBase::DeviceDisablingManagerTestBase()
83 : install_attributes_("", "", "", policy::DEVICE_MODE_NOT_SET) {
86 void DeviceDisablingManagerTestBase::TearDown() {
87 DestroyDeviceDisablingManager();
90 void DeviceDisablingManagerTestBase::CreateDeviceDisablingManager() {
91 device_disabling_manager_.reset(new DeviceDisablingManager(
92 this,
93 CrosSettings::Get(),
94 &fake_user_manager_));
97 void DeviceDisablingManagerTestBase::DestroyDeviceDisablingManager() {
98 device_disabling_manager_.reset();
101 void DeviceDisablingManagerTestBase::UpdateInstallAttributes(
102 const std::string& enrollment_domain,
103 const std::string& registration_user,
104 policy::DeviceMode device_mode) {
105 policy::StubEnterpriseInstallAttributes* install_attributes =
106 static_cast<policy::StubEnterpriseInstallAttributes*>(
107 TestingBrowserProcess::GetGlobal()->platform_part()->
108 browser_policy_connector_chromeos()->GetInstallAttributes());
109 install_attributes->SetDomain(enrollment_domain);
110 install_attributes->SetRegistrationUser(registration_user);
111 install_attributes->SetMode(device_mode);
114 void DeviceDisablingManagerTestBase::LogIn() {
115 fake_user_manager_.AddUser(kTestUser);
118 // Base class for tests that verify device disabling behavior during OOBE, when
119 // the device is not owned yet.
120 class DeviceDisablingManagerOOBETest : public DeviceDisablingManagerTestBase {
121 public:
122 DeviceDisablingManagerOOBETest();
124 // DeviceDisablingManagerTestBase:
125 void SetUp() override;
126 void TearDown() override;
128 bool device_disabled() const { return device_disabled_; }
130 void CheckWhetherDeviceDisabledDuringOOBE();
132 void SetDeviceDisabled(bool disabled);
134 private:
135 void OnDeviceDisabledChecked(bool device_disabled);
137 TestingPrefServiceSimple local_state_;
139 content::TestBrowserThreadBundle thread_bundle_;
140 base::RunLoop run_loop_;
141 bool device_disabled_;
143 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerOOBETest);
146 DeviceDisablingManagerOOBETest::DeviceDisablingManagerOOBETest()
147 : device_disabled_(false) {
148 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
149 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
152 void DeviceDisablingManagerOOBETest::SetUp() {
153 TestingBrowserProcess::GetGlobal()->SetLocalState(&local_state_);
154 policy::DeviceCloudPolicyManagerChromeOS::RegisterPrefs(
155 local_state_.registry());
156 CreateDeviceDisablingManager();
159 void DeviceDisablingManagerOOBETest::TearDown() {
160 DeviceDisablingManagerTestBase::TearDown();
161 TestingBrowserProcess::GetGlobal()->SetLocalState(nullptr);
164 void DeviceDisablingManagerOOBETest::CheckWhetherDeviceDisabledDuringOOBE() {
165 GetDeviceDisablingManager()->CheckWhetherDeviceDisabledDuringOOBE(
166 base::Bind(&DeviceDisablingManagerOOBETest::OnDeviceDisabledChecked,
167 base::Unretained(this)));
168 run_loop_.Run();
171 void DeviceDisablingManagerOOBETest::SetDeviceDisabled(bool disabled) {
172 DictionaryPrefUpdate dict(&local_state_, prefs::kServerBackedDeviceState);
173 if (disabled) {
174 dict->SetString(policy::kDeviceStateRestoreMode,
175 policy::kDeviceStateRestoreModeDisabled);
176 } else {
177 dict->Remove(policy::kDeviceStateRestoreMode, nullptr);
179 dict->SetString(policy::kDeviceStateManagementDomain, kEnrollmentDomain);
180 dict->SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage1);
183 void DeviceDisablingManagerOOBETest::OnDeviceDisabledChecked(
184 bool device_disabled) {
185 device_disabled_ = device_disabled;
186 run_loop_.Quit();
189 // Verifies that the device is not considered disabled during OOBE by default.
190 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledByDefault) {
191 CheckWhetherDeviceDisabledDuringOOBE();
192 EXPECT_FALSE(device_disabled());
195 // Verifies that the device is not considered disabled during OOBE when it is
196 // explicitly marked as not disabled.
197 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenExplicitlyNotDisabled) {
198 SetDeviceDisabled(false);
199 CheckWhetherDeviceDisabledDuringOOBE();
200 EXPECT_FALSE(device_disabled());
203 // Verifies that the device is not considered disabled during OOBE when device
204 // disabling is turned off by flag, even if the device is marked as disabled.
205 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenTurnedOffByFlag) {
206 base::CommandLine::ForCurrentProcess()->AppendSwitch(
207 switches::kDisableDeviceDisabling);
208 SetDeviceDisabled(true);
209 CheckWhetherDeviceDisabledDuringOOBE();
210 EXPECT_FALSE(device_disabled());
213 // Verifies that the device is not considered disabled during OOBE when it is
214 // already enrolled, even if the device is marked as disabled.
215 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenEnterpriseOwned) {
216 UpdateInstallAttributes(kEnrollmentDomain,
217 kTestUser,
218 policy::DEVICE_MODE_ENTERPRISE);
219 SetDeviceDisabled(true);
220 CheckWhetherDeviceDisabledDuringOOBE();
221 EXPECT_FALSE(device_disabled());
224 // Verifies that the device is not considered disabled during OOBE when it is
225 // already owned by a consumer, even if the device is marked as disabled.
226 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenConsumerOwned) {
227 UpdateInstallAttributes(std::string() /* enrollment_domain */,
228 std::string() /* registration_user */,
229 policy::DEVICE_MODE_CONSUMER);
230 SetDeviceDisabled(true);
231 CheckWhetherDeviceDisabledDuringOOBE();
232 EXPECT_FALSE(device_disabled());
235 // Verifies that the device is considered disabled during OOBE when it is marked
236 // as disabled, device disabling is not turned off by flag and the device is not
237 // owned yet.
238 TEST_F(DeviceDisablingManagerOOBETest, ShowWhenDisabledAndNotOwned) {
239 SetDeviceDisabled(true);
240 CheckWhetherDeviceDisabledDuringOOBE();
241 EXPECT_TRUE(device_disabled());
242 EXPECT_EQ(kEnrollmentDomain,
243 GetDeviceDisablingManager()->enrollment_domain());
244 EXPECT_EQ(kDisabledMessage1, GetDeviceDisablingManager()->disabled_message());
247 // Base class for tests that verify device disabling behavior once the device is
248 // owned.
249 class DeviceDisablingManagerTest : public DeviceDisablingManagerTestBase,
250 public DeviceDisablingManager::Observer {
251 public:
252 DeviceDisablingManagerTest();
254 // DeviceDisablingManagerTestBase:
255 void TearDown() override;
256 void CreateDeviceDisablingManager() override;
257 void DestroyDeviceDisablingManager() override;
259 //DeviceDisablingManager::Observer:
260 MOCK_METHOD1(OnDisabledMessageChanged, void(const std::string&));
262 void SetUnowned();
263 void SetEnterpriseOwned();
264 void SetConsumerOwned();
265 void MakeCrosSettingsTrusted();
267 void SetDeviceDisabled(bool disabled);
268 void SetDisabledMessage(const std::string& disabled_message);
270 private:
271 void SimulatePolicyFetch();
273 content::TestBrowserThreadBundle thread_bundle_;
274 chromeos::DeviceSettingsTestHelper device_settings_test_helper_;
275 policy::DevicePolicyBuilder device_policy_;
277 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTest);
280 DeviceDisablingManagerTest::DeviceDisablingManagerTest() {
283 void DeviceDisablingManagerTest::TearDown() {
284 chromeos::DeviceSettingsService::Get()->UnsetSessionManager();
285 DeviceDisablingManagerTestBase::TearDown();
288 void DeviceDisablingManagerTest::CreateDeviceDisablingManager() {
289 DeviceDisablingManagerTestBase::CreateDeviceDisablingManager();
290 GetDeviceDisablingManager()->AddObserver(this);
293 void DeviceDisablingManagerTest::DestroyDeviceDisablingManager() {
294 if (GetDeviceDisablingManager())
295 GetDeviceDisablingManager()->RemoveObserver(this);
296 DeviceDisablingManagerTestBase::DestroyDeviceDisablingManager();
299 void DeviceDisablingManagerTest::SetUnowned() {
300 UpdateInstallAttributes(std::string() /* enrollment_domain */,
301 std::string() /* registration_user */,
302 policy::DEVICE_MODE_NOT_SET);
305 void DeviceDisablingManagerTest::SetEnterpriseOwned() {
306 UpdateInstallAttributes(kEnrollmentDomain,
307 kTestUser,
308 policy::DEVICE_MODE_ENTERPRISE);
311 void DeviceDisablingManagerTest::SetConsumerOwned() {
312 UpdateInstallAttributes(std::string() /* enrollment_domain */,
313 std::string() /* registration_user */,
314 policy::DEVICE_MODE_CONSUMER);
317 void DeviceDisablingManagerTest::MakeCrosSettingsTrusted() {
318 scoped_refptr<ownership::MockOwnerKeyUtil> owner_key_util(
319 new ownership::MockOwnerKeyUtil);
320 owner_key_util->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey());
321 chromeos::DeviceSettingsService::Get()->SetSessionManager(
322 &device_settings_test_helper_,
323 owner_key_util);
324 SimulatePolicyFetch();
327 void DeviceDisablingManagerTest::SetDeviceDisabled(bool disabled) {
328 if (disabled) {
329 device_policy_.policy_data().mutable_device_state()->set_device_mode(
330 enterprise_management::DeviceState::DEVICE_MODE_DISABLED);
331 } else {
332 device_policy_.policy_data().mutable_device_state()->clear_device_mode();
334 SimulatePolicyFetch();
337 void DeviceDisablingManagerTest::SetDisabledMessage(
338 const std::string& disabled_message) {
339 device_policy_.policy_data().mutable_device_state()->
340 mutable_disabled_state()->set_message(disabled_message);
341 SimulatePolicyFetch();
344 void DeviceDisablingManagerTest::SimulatePolicyFetch() {
345 device_policy_.Build();
346 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
347 chromeos::DeviceSettingsService::Get()->OwnerKeySet(true);
348 device_settings_test_helper_.Flush();
351 // Verifies that the device is not considered disabled by default when it is
352 // enrolled for enterprise management.
353 TEST_F(DeviceDisablingManagerTest, NotDisabledByDefault) {
354 SetEnterpriseOwned();
355 MakeCrosSettingsTrusted();
357 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
358 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
359 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
360 CreateDeviceDisablingManager();
363 // Verifies that the device is not considered disabled when it is explicitly
364 // marked as not disabled.
365 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenExplicitlyNotDisabled) {
366 SetEnterpriseOwned();
367 MakeCrosSettingsTrusted();
368 SetDeviceDisabled(false);
370 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
371 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
372 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
373 CreateDeviceDisablingManager();
376 // Verifies that the device is not considered disabled when device disabling is
377 // turned off by flag, even if the device is marked as disabled.
378 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenTurnedOffByFlag) {
379 base::CommandLine::ForCurrentProcess()->AppendSwitch(
380 switches::kDisableDeviceDisabling);
381 SetEnterpriseOwned();
382 MakeCrosSettingsTrusted();
383 SetDeviceDisabled(true);
385 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
386 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
387 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
388 CreateDeviceDisablingManager();
391 // Verifies that the device is not considered disabled when it is owned by a
392 // consumer, even if the device is marked as disabled.
393 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenConsumerOwned) {
394 SetConsumerOwned();
395 MakeCrosSettingsTrusted();
396 SetDeviceDisabled(true);
398 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
399 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
400 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
401 CreateDeviceDisablingManager();
404 // Verifies that the device disabled screen is shown immediately when the device
405 // is already marked as disabled on start-up.
406 TEST_F(DeviceDisablingManagerTest, DisabledOnLoginScreen) {
407 SetEnterpriseOwned();
408 MakeCrosSettingsTrusted();
409 SetDisabledMessage(kDisabledMessage1);
410 SetDeviceDisabled(true);
412 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
413 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(1);
414 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
415 CreateDeviceDisablingManager();
416 EXPECT_EQ(kEnrollmentDomain,
417 GetDeviceDisablingManager()->enrollment_domain());
418 EXPECT_EQ(kDisabledMessage1, GetDeviceDisablingManager()->disabled_message());
421 // Verifies that the device disabled screen is shown immediately when the device
422 // becomes disabled while the login screen is showing. Also verifies that Chrome
423 // restarts when the device becomes enabled again.
424 TEST_F(DeviceDisablingManagerTest, DisableAndReEnableOnLoginScreen) {
425 SetEnterpriseOwned();
426 MakeCrosSettingsTrusted();
427 SetDisabledMessage(kDisabledMessage1);
429 // Verify that initially, the disabled screen is not shown and Chrome does not
430 // restart.
431 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
432 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
433 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
434 CreateDeviceDisablingManager();
435 Mock::VerifyAndClearExpectations(this);
437 // Mark the device as disabled. Verify that the device disabled screen is
438 // shown.
439 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
440 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(1);
441 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
442 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage1)).Times(1);
443 SetDeviceDisabled(true);
444 Mock::VerifyAndClearExpectations(this);
445 EXPECT_EQ(kEnrollmentDomain,
446 GetDeviceDisablingManager()->enrollment_domain());
447 EXPECT_EQ(kDisabledMessage1, GetDeviceDisablingManager()->disabled_message());
449 // Update the disabled message. Verify that the device disabled screen is
450 // updated.
451 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
452 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
453 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
454 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage2)).Times(1);
455 SetDisabledMessage(kDisabledMessage2);
456 Mock::VerifyAndClearExpectations(this);
457 EXPECT_EQ(kDisabledMessage2, GetDeviceDisablingManager()->disabled_message());
459 // Mark the device as enabled again. Verify that Chrome restarts.
460 EXPECT_CALL(*this, RestartToLoginScreen()).Times(1);
461 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
462 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
463 SetDeviceDisabled(false);
466 // Verifies that Chrome restarts when the device becomes disabled while a
467 // session is in progress.
468 TEST_F(DeviceDisablingManagerTest, DisableDuringSession) {
469 SetEnterpriseOwned();
470 MakeCrosSettingsTrusted();
471 SetDisabledMessage(kDisabledMessage1);
472 LogIn();
474 // Verify that initially, the disabled screen is not shown and Chrome does not
475 // restart.
476 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0);
477 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
478 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
479 CreateDeviceDisablingManager();
480 Mock::VerifyAndClearExpectations(this);
482 // Mark the device as disabled. Verify that Chrome restarts.
483 EXPECT_CALL(*this, RestartToLoginScreen()).Times(1);
484 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0);
485 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0);
486 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage1)).Times(1);
487 SetDeviceDisabled(true);
490 // Verifies that the HonorDeviceDisablingDuringNormalOperation() method returns
491 // true iff the device is enterprise enrolled and device disabling is not turned
492 // off by flag.
493 TEST_F(DeviceDisablingManagerTest, HonorDeviceDisablingDuringNormalOperation) {
494 // Not enterprise owned, not disabled by flag.
495 EXPECT_FALSE(
496 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
498 // Enterprise owned, not disabled by flag.
499 SetEnterpriseOwned();
500 EXPECT_TRUE(
501 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
503 // Enterprise owned, disabled by flag.
504 base::CommandLine::ForCurrentProcess()->AppendSwitch(
505 switches::kDisableDeviceDisabling);
506 EXPECT_FALSE(
507 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
509 // Not enterprise owned, disabled by flag.
510 SetUnowned();
511 EXPECT_FALSE(
512 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation());
515 } // namespace system
516 } // namespace chromeos