search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_cloud_policy_manager_chromeos_unittest.cc
blob7072f2da6c32a29f228505903e843eb6e5023c69
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
6
7 #include <algorithm>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/prefs/pref_registry_simple.h"
15 #include "base/prefs/testing_pref_service.h"
16 #include "base/run_loop.h"
17 #include "base/thread_task_runner_handle.h"
18 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
19 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h"
20 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
21 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
22 #include "chrome/browser/chromeos/policy/enrollment_config.h"
23 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
24 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
25 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
28 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
29 #include "chrome/browser/chromeos/settings/device_settings_service.h"
30 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
31 #include "chrome/browser/prefs/browser_prefs.h"
32 #include "chrome/test/base/testing_browser_process.h"
33 #include "chrome/test/base/testing_profile.h"
34 #include "chromeos/cryptohome/system_salt_getter.h"
35 #include "chromeos/dbus/dbus_client_implementation_type.h"
36 #include "chromeos/dbus/dbus_thread_manager.h"
37 #include "chromeos/dbus/fake_cryptohome_client.h"
38 #include "chromeos/dbus/fake_session_manager_client.h"
39 #include "chromeos/system/fake_statistics_provider.h"
40 #include "chromeos/system/statistics_provider.h"
41 #include "components/policy/core/common/cloud/cloud_policy_client.h"
42 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
43 #include "components/policy/core/common/cloud/cloud_policy_core.h"
44 #include "components/policy/core/common/cloud/mock_device_management_service.h"
45 #include "components/policy/core/common/external_data_fetcher.h"
46 #include "components/policy/core/common/schema_registry.h"
47 #include "google_apis/gaia/gaia_oauth_client.h"
48 #include "net/url_request/test_url_fetcher_factory.h"
49 #include "net/url_request/url_request_test_util.h"
50 #include "policy/policy_constants.h"
51 #include "policy/proto/device_management_backend.pb.h"
52 #include "testing/gmock/include/gmock/gmock.h"
53 #include "testing/gtest/include/gtest/gtest.h"
54
55 using testing::AnyNumber;
56 using testing::AtMost;
57 using testing::DoAll;
58 using testing::Mock;
59 using testing::Return;
60 using testing::SaveArg;
61 using testing::SetArgumentPointee;
62 using testing::_;
63
64 namespace em = enterprise_management;
65
66 namespace policy {
67 namespace {
68
69 void CopyLockResult(base::RunLoop* loop,
70 EnterpriseInstallAttributes::LockResult* out,
71 EnterpriseInstallAttributes::LockResult result) {
72 *out = result;
73 loop->Quit();
74 }
75
76 class TestingDeviceCloudPolicyManagerChromeOS
77 : public DeviceCloudPolicyManagerChromeOS {
78 public:
79 TestingDeviceCloudPolicyManagerChromeOS(
80 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store,
81 const scoped_refptr<base::SequencedTaskRunner>& task_runner,
82 ServerBackedStateKeysBroker* state_keys_broker)
83 : DeviceCloudPolicyManagerChromeOS(
84 store.Pass(), task_runner, state_keys_broker) {}
85 ~TestingDeviceCloudPolicyManagerChromeOS() override {}
86 };
87
88 class DeviceCloudPolicyManagerChromeOSTest
89 : public chromeos::DeviceSettingsTestBase,
90 public DeviceCloudPolicyManagerChromeOS::Observer {
91 protected:
92 DeviceCloudPolicyManagerChromeOSTest()
93 : fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
94 state_keys_broker_(&fake_session_manager_client_,
95 base::ThreadTaskRunnerHandle::Get()),
96 store_(NULL) {
97 fake_statistics_provider_.SetMachineStatistic("serial_numer", "test_sn");
98 std::vector<std::string> state_keys;
99 state_keys.push_back("1");
100 state_keys.push_back("2");
101 state_keys.push_back("3");
102 fake_session_manager_client_.set_server_backed_state_keys(state_keys);
103 }
104
105 ~DeviceCloudPolicyManagerChromeOSTest() override {
106 chromeos::system::StatisticsProvider::SetTestProvider(NULL);
107 }
108
109 void SetUp() override {
110 DeviceSettingsTestBase::SetUp();
111
112 dbus_setter_->SetCryptohomeClient(
113 scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
114
115 install_attributes_.reset(
116 new EnterpriseInstallAttributes(fake_cryptohome_client_));
117 store_ = new DeviceCloudPolicyStoreChromeOS(
118 &device_settings_service_, install_attributes_.get(),
119 base::ThreadTaskRunnerHandle::Get());
120 manager_.reset(new TestingDeviceCloudPolicyManagerChromeOS(
121 make_scoped_ptr(store_), base::ThreadTaskRunnerHandle::Get(),
122 &state_keys_broker_));
123
124 chrome::RegisterLocalState(local_state_.registry());
125 manager_->Init(&schema_registry_);
126
127 // DeviceOAuth2TokenService uses the system request context to fetch
128 // OAuth tokens, then writes the token to local state, encrypting it
129 // first with methods in CryptohomeTokenEncryptor.
130 request_context_getter_ = new net::TestURLRequestContextGetter(
131 base::ThreadTaskRunnerHandle::Get());
132 TestingBrowserProcess::GetGlobal()->SetSystemRequestContext(
133 request_context_getter_.get());
134 TestingBrowserProcess::GetGlobal()->SetLocalState(&local_state_);
135 // SystemSaltGetter is used in DeviceOAuth2TokenService.
136 chromeos::SystemSaltGetter::Initialize();
137 chromeos::DeviceOAuth2TokenServiceFactory::Initialize();
138 url_fetcher_response_code_ = 200;
139 url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\","
140 "\"expires_in\":1234,"
141 "\"refresh_token\":\"refreshToken4Test\"}";
142
143 AllowUninterestingRemoteCommandFetches();
144 }
145
146 void TearDown() override {
147 manager_->RemoveDeviceCloudPolicyManagerObserver(this);
148 manager_->Shutdown();
149 if (initializer_)
150 initializer_->Shutdown();
151 DeviceSettingsTestBase::TearDown();
152
153 chromeos::DeviceOAuth2TokenServiceFactory::Shutdown();
154 chromeos::SystemSaltGetter::Shutdown();
155 TestingBrowserProcess::GetGlobal()->SetLocalState(NULL);
156 }
157
158 void LockDevice() {
159 base::RunLoop loop;
160 EnterpriseInstallAttributes::LockResult result;
161 install_attributes_->LockDevice(
162 PolicyBuilder::kFakeUsername,
163 DEVICE_MODE_ENTERPRISE,
164 PolicyBuilder::kFakeDeviceId,
165 base::Bind(&CopyLockResult, &loop, &result));
166 loop.Run();
167 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
168 }
169
170 void ConnectManager() {
171 manager_->Initialize(&local_state_);
172 manager_->AddDeviceCloudPolicyManagerObserver(this);
173 initializer_.reset(new DeviceCloudPolicyInitializer(
174 &local_state_, &device_management_service_,
175 &consumer_device_management_service_,
176 base::ThreadTaskRunnerHandle::Get(), install_attributes_.get(),
177 &state_keys_broker_, store_, manager_.get()));
178 initializer_->Init();
179 }
180
181 void VerifyPolicyPopulated() {
182 PolicyBundle bundle;
183 bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
184 .Set(key::kDeviceMetricsReportingEnabled,
185 POLICY_LEVEL_MANDATORY,
186 POLICY_SCOPE_MACHINE,
187 new base::FundamentalValue(false),
188 NULL);
189 EXPECT_TRUE(manager_->policies().Equals(bundle));
190 }
191
192 void AllowUninterestingRemoteCommandFetches() {
193 // We are not interested in remote command fetches that the client initiates
194 // automatically. Make them fail and ignore them otherwise.
195 EXPECT_CALL(device_management_service_,
196 CreateJob(DeviceManagementRequestJob::TYPE_REMOTE_COMMANDS, _))
197 .Times(AnyNumber())
198 .WillRepeatedly(device_management_service_.FailJob(
199 DM_STATUS_TEMPORARY_UNAVAILABLE));
200 EXPECT_CALL(
201 device_management_service_,
202 StartJob(dm_protocol::kValueRequestRemoteCommands, _, _, _, _, _))
203 .Times(AnyNumber());
204 }
205
206 MOCK_METHOD0(OnDeviceCloudPolicyManagerConnected, void());
207 MOCK_METHOD0(OnDeviceCloudPolicyManagerDisconnected, void());
208
209 scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
210
211 scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
212 net::TestURLFetcherFactory url_fetcher_factory_;
213 int url_fetcher_response_code_;
214 std::string url_fetcher_response_string_;
215 TestingPrefServiceSimple local_state_;
216 MockDeviceManagementService device_management_service_;
217 MockDeviceManagementService consumer_device_management_service_;
218 chromeos::ScopedTestDeviceSettingsService test_device_settings_service_;
219 chromeos::ScopedTestCrosSettings test_cros_settings_;
220 chromeos::system::ScopedFakeStatisticsProvider fake_statistics_provider_;
221 chromeos::FakeSessionManagerClient fake_session_manager_client_;
222 chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
223 ServerBackedStateKeysBroker state_keys_broker_;
224
225 DeviceCloudPolicyStoreChromeOS* store_;
226 SchemaRegistry schema_registry_;
227 scoped_ptr<TestingDeviceCloudPolicyManagerChromeOS> manager_;
228 scoped_ptr<DeviceCloudPolicyInitializer> initializer_;
229
230 private:
231 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSTest);
232 };
233
234 TEST_F(DeviceCloudPolicyManagerChromeOSTest, FreshDevice) {
235 owner_key_util_->Clear();
236 FlushDeviceSettings();
237 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
238
239 manager_->Initialize(&local_state_);
240
241 PolicyBundle bundle;
242 EXPECT_TRUE(manager_->policies().Equals(bundle));
243 }
244
245 TEST_F(DeviceCloudPolicyManagerChromeOSTest, EnrolledDevice) {
246 LockDevice();
247 FlushDeviceSettings();
248 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
249 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
250 VerifyPolicyPopulated();
251
252 // Trigger a policy refresh - this triggers a policy update.
253 MockDeviceManagementJob* policy_fetch_job = NULL;
254 EXPECT_CALL(device_management_service_,
255 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
256 .Times(AtMost(1))
257 .WillOnce(device_management_service_.CreateAsyncJob(&policy_fetch_job));
258 EXPECT_CALL(device_management_service_,
259 StartJob(dm_protocol::kValueRequestPolicy, _, _, _, _, _))
260 .Times(AtMost(1));
261 ConnectManager();
262 base::RunLoop().RunUntilIdle();
263 Mock::VerifyAndClearExpectations(&device_management_service_);
264 ASSERT_TRUE(policy_fetch_job);
265 // Should create a status uploader for reporting on enrolled devices.
266 EXPECT_TRUE(manager_->GetStatusUploader());
267 VerifyPolicyPopulated();
268
269 manager_->Shutdown();
270 VerifyPolicyPopulated();
271
272 EXPECT_EQ(store_->policy()->service_account_identity(),
273 PolicyBuilder::kFakeServiceAccountIdentity);
274 }
275
276 TEST_F(DeviceCloudPolicyManagerChromeOSTest, UnmanagedDevice) {
277 device_policy_.policy_data().set_state(em::PolicyData::UNMANAGED);
278 device_policy_.Build();
279 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
280
281 LockDevice();
282 FlushDeviceSettings();
283 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
284 EXPECT_FALSE(store_->is_managed());
285
286 // Policy settings should be ignored for UNMANAGED devices.
287 PolicyBundle bundle;
288 EXPECT_TRUE(manager_->policies().Equals(bundle));
289
290 // Trigger a policy refresh.
291 MockDeviceManagementJob* policy_fetch_job = NULL;
292 EXPECT_CALL(device_management_service_,
293 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
294 .Times(AtMost(1))
295 .WillOnce(device_management_service_.CreateAsyncJob(&policy_fetch_job));
296 EXPECT_CALL(device_management_service_,
297 StartJob(dm_protocol::kValueRequestPolicy, _, _, _, _, _))
298 .Times(AtMost(1));
299 ConnectManager();
300 base::RunLoop().RunUntilIdle();
301 Mock::VerifyAndClearExpectations(&device_management_service_);
302 ASSERT_TRUE(policy_fetch_job);
303 // Should create a status provider for reporting on enrolled devices, even
304 // those that aren't managed.
305 EXPECT_TRUE(manager_->GetStatusUploader());
306
307 // Switch back to ACTIVE, service the policy fetch and let it propagate.
308 device_policy_.policy_data().set_state(em::PolicyData::ACTIVE);
309 device_policy_.Build();
310 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
311 em::DeviceManagementResponse policy_fetch_response;
312 policy_fetch_response.mutable_policy_response()->add_response()->CopyFrom(
313 device_policy_.policy());
314 policy_fetch_job->SendResponse(DM_STATUS_SUCCESS, policy_fetch_response);
315 FlushDeviceSettings();
316
317 // Policy state should now be active and the policy map should be populated.
318 EXPECT_TRUE(store_->is_managed());
319 VerifyPolicyPopulated();
320 }
321
322 TEST_F(DeviceCloudPolicyManagerChromeOSTest, ConsumerDevice) {
323 FlushDeviceSettings();
324 EXPECT_EQ(CloudPolicyStore::STATUS_BAD_STATE, store_->status());
325 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
326
327 PolicyBundle bundle;
328 EXPECT_TRUE(manager_->policies().Equals(bundle));
329
330 ConnectManager();
331 EXPECT_TRUE(manager_->policies().Equals(bundle));
332 // Should not create a status provider for reporting on consumer devices.
333 EXPECT_FALSE(manager_->GetStatusUploader());
334
335 manager_->Shutdown();
336 EXPECT_TRUE(manager_->policies().Equals(bundle));
337 }
338
339 TEST_F(DeviceCloudPolicyManagerChromeOSTest, ConnectAndDisconnect) {
340 LockDevice();
341 FlushDeviceSettings();
342 EXPECT_FALSE(manager_->core()->service()); // Not connected.
343
344 // Connect the manager.
345 MockDeviceManagementJob* policy_fetch_job = nullptr;
346 EXPECT_CALL(device_management_service_,
347 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
348 .WillOnce(device_management_service_.CreateAsyncJob(&policy_fetch_job));
349 EXPECT_CALL(device_management_service_,
350 StartJob(dm_protocol::kValueRequestPolicy, _, _, _, _, _));
351 EXPECT_CALL(*this, OnDeviceCloudPolicyManagerConnected());
352 ConnectManager();
353 base::RunLoop().RunUntilIdle();
354 Mock::VerifyAndClearExpectations(&device_management_service_);
355 Mock::VerifyAndClearExpectations(this);
356 EXPECT_TRUE(manager_->core()->service()); // Connected.
357
358 // Disconnect the manager.
359 EXPECT_CALL(*this, OnDeviceCloudPolicyManagerDisconnected());
360 manager_->Disconnect();
361 EXPECT_FALSE(manager_->core()->service()); // Not connnected.
362 }
363
364 class DeviceCloudPolicyManagerChromeOSEnrollmentTest
365 : public DeviceCloudPolicyManagerChromeOSTest {
366 public:
367 void Done(EnrollmentStatus status) {
368 status_ = status;
369 done_ = true;
370 }
371
372 MOCK_METHOD1(OnUnregistered, void(bool));
373
374 protected:
375 DeviceCloudPolicyManagerChromeOSEnrollmentTest()
376 : management_mode_(MANAGEMENT_MODE_ENTERPRISE_MANAGED),
377 register_status_(DM_STATUS_SUCCESS),
378 policy_fetch_status_(DM_STATUS_SUCCESS),
379 robot_auth_fetch_status_(DM_STATUS_SUCCESS),
380 store_result_(true),
381 status_(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)),
382 done_(false) {}
383
384 void SetUp() override {
385 DeviceCloudPolicyManagerChromeOSTest::SetUp();
386
387 // Set up test data.
388 device_policy_.SetDefaultNewSigningKey();
389 device_policy_.policy_data().set_timestamp(
390 (base::Time::NowFromSystemTime() -
391 base::Time::UnixEpoch()).InMilliseconds());
392 device_policy_.Build();
393
394 register_response_.mutable_register_response()->set_device_management_token(
395 PolicyBuilder::kFakeToken);
396 policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom(
397 device_policy_.policy());
398 robot_auth_fetch_response_.mutable_service_api_access_response()
399 ->set_auth_code("auth_code_for_test");
400 loaded_blob_ = device_policy_.GetBlob();
401
402 // Initialize the manager.
403 FlushDeviceSettings();
404 EXPECT_EQ(CloudPolicyStore::STATUS_BAD_STATE, store_->status());
405 EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
406
407 PolicyBundle bundle;
408 EXPECT_TRUE(manager_->policies().Equals(bundle));
409
410 ConnectManager();
411 }
412
413 void ExpectFailedEnrollment(EnrollmentStatus::Status status) {
414 EXPECT_EQ(status, status_.status());
415 EXPECT_FALSE(store_->is_managed());
416 PolicyBundle empty_bundle;
417 EXPECT_TRUE(manager_->policies().Equals(empty_bundle));
418 }
419
420 void ExpectSuccessfulEnrollment() {
421 EXPECT_EQ(EnrollmentStatus::STATUS_SUCCESS, status_.status());
422 ASSERT_TRUE(manager_->core()->client());
423 EXPECT_TRUE(manager_->core()->client()->is_registered());
424
425 if (management_mode_ != MANAGEMENT_MODE_CONSUMER_MANAGED) {
426 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
427 EXPECT_TRUE(store_->has_policy());
428 EXPECT_TRUE(store_->is_managed());
429 VerifyPolicyPopulated();
430 }
431 }
432
433 void RunTest() {
434 // Trigger enrollment.
435 MockDeviceManagementJob* register_job = NULL;
436 EXPECT_CALL(device_management_service_,
437 CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION, _))
438 .Times(AtMost(1))
439 .WillOnce(device_management_service_.CreateAsyncJob(&register_job));
440 EXPECT_CALL(device_management_service_,
441 StartJob(dm_protocol::kValueRequestRegister, _, _, _, _, _))
442 .Times(AtMost(1))
443 .WillOnce(
444 DoAll(SaveArg<4>(&client_id_), SaveArg<5>(&register_request_)));
445 DeviceCloudPolicyInitializer::AllowedDeviceModes modes;
446 modes[DEVICE_MODE_ENTERPRISE] = true;
447
448 chromeos::OwnerSettingsServiceChromeOS* owner_settings_service =
449 chromeos::OwnerSettingsServiceChromeOSFactory::GetForBrowserContext(
450 profile_.get());
451 ASSERT_TRUE(owner_settings_service);
452
453 EnrollmentConfig enrollment_config;
454 enrollment_config.mode = EnrollmentConfig::MODE_MANUAL;
455 initializer_->StartEnrollment(
456 management_mode_, &device_management_service_, owner_settings_service,
457 enrollment_config, "auth token", modes,
458 base::Bind(&DeviceCloudPolicyManagerChromeOSEnrollmentTest::Done,
459 base::Unretained(this)));
460 base::RunLoop().RunUntilIdle();
461 Mock::VerifyAndClearExpectations(&device_management_service_);
462 AllowUninterestingRemoteCommandFetches();
463
464 if (done_)
465 return;
466
467 // Process registration.
468 ASSERT_TRUE(register_job);
469 MockDeviceManagementJob* policy_fetch_job = NULL;
470 EXPECT_CALL(device_management_service_,
471 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
472 .Times(AtMost(1))
473 .WillOnce(device_management_service_.CreateAsyncJob(&policy_fetch_job));
474 EXPECT_CALL(device_management_service_,
475 StartJob(dm_protocol::kValueRequestPolicy, _, _, _, _, _))
476 .Times(AtMost(1));
477 register_job->SendResponse(register_status_, register_response_);
478 Mock::VerifyAndClearExpectations(&device_management_service_);
479 AllowUninterestingRemoteCommandFetches();
480
481 if (done_)
482 return;
483
484 // Process policy fetch.
485 ASSERT_TRUE(policy_fetch_job);
486 policy_fetch_job->SendResponse(policy_fetch_status_,
487 policy_fetch_response_);
488
489 if (done_)
490 return;
491
492 // Process verification.
493 MockDeviceManagementJob* robot_auth_fetch_job = NULL;
494 EXPECT_CALL(device_management_service_, CreateJob(
495 DeviceManagementRequestJob::TYPE_API_AUTH_CODE_FETCH, _))
496 .Times(AtMost(1))
497 .WillOnce(device_management_service_.CreateAsyncJob(
498 &robot_auth_fetch_job));
499 EXPECT_CALL(
500 device_management_service_,
501 StartJob(dm_protocol::kValueRequestApiAuthorization, _, _, _, _, _))
502 .Times(AtMost(1));
503 base::RunLoop().RunUntilIdle();
504 Mock::VerifyAndClearExpectations(&device_management_service_);
505 AllowUninterestingRemoteCommandFetches();
506
507 if (done_)
508 return;
509
510 // Process robot auth token fetch.
511 ASSERT_TRUE(robot_auth_fetch_job);
512 robot_auth_fetch_job->SendResponse(robot_auth_fetch_status_,
513 robot_auth_fetch_response_);
514 Mock::VerifyAndClearExpectations(&device_management_service_);
515 AllowUninterestingRemoteCommandFetches();
516
517 if (done_)
518 return;
519
520 // Process robot refresh token fetch if the auth code fetch succeeded.
521 // DeviceCloudPolicyInitializer holds an EnrollmentHandlerChromeOS which
522 // holds a GaiaOAuthClient that fetches the refresh token during enrollment.
523 // We return a successful OAuth response via a TestURLFetcher to trigger the
524 // happy path for these classes so that enrollment can continue.
525 if (robot_auth_fetch_status_ == DM_STATUS_SUCCESS) {
526 net::TestURLFetcher* url_fetcher = url_fetcher_factory_.GetFetcherByID(
527 gaia::GaiaOAuthClient::kUrlFetcherId);
528 ASSERT_TRUE(url_fetcher);
529 url_fetcher->SetMaxRetriesOn5xx(0);
530 url_fetcher->set_status(net::URLRequestStatus());
531 url_fetcher->set_response_code(url_fetcher_response_code_);
532 url_fetcher->SetResponseString(url_fetcher_response_string_);
533 url_fetcher->delegate()->OnURLFetchComplete(url_fetcher);
534 }
535
536 if (management_mode_ == MANAGEMENT_MODE_CONSUMER_MANAGED)
537 FlushDeviceSettings();
538 else
539 base::RunLoop().RunUntilIdle();
540
541 if (done_)
542 return;
543
544 // Process robot refresh token store.
545 chromeos::DeviceOAuth2TokenService* token_service =
546 chromeos::DeviceOAuth2TokenServiceFactory::Get();
547 EXPECT_TRUE(token_service->RefreshTokenIsAvailable(
548 token_service->GetRobotAccountId()));
549
550 // Process policy store.
551 device_settings_test_helper_.set_store_result(store_result_);
552 device_settings_test_helper_.FlushStore();
553 EXPECT_EQ(device_policy_.GetBlob(),
554 device_settings_test_helper_.policy_blob());
555
556 if (done_)
557 return;
558
559 // Key installation and policy load.
560 device_settings_test_helper_.set_policy_blob(loaded_blob_);
561 owner_key_util_->SetPublicKeyFromPrivateKey(
562 *device_policy_.GetNewSigningKey());
563 ReloadDeviceSettings();
564 }
565
566 ManagementMode management_mode_;
567
568 DeviceManagementStatus register_status_;
569 em::DeviceManagementResponse register_response_;
570
571 DeviceManagementStatus policy_fetch_status_;
572 em::DeviceManagementResponse policy_fetch_response_;
573
574 DeviceManagementStatus robot_auth_fetch_status_;
575 em::DeviceManagementResponse robot_auth_fetch_response_;
576
577 bool store_result_;
578 std::string loaded_blob_;
579
580 em::DeviceManagementRequest register_request_;
581 std::string client_id_;
582 EnrollmentStatus status_;
583
584 bool done_;
585
586 private:
587 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSEnrollmentTest);
588 };
589
590 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) {
591 RunTest();
592 ExpectSuccessfulEnrollment();
593 }
594
595 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) {
596 LockDevice();
597
598 RunTest();
599 ExpectSuccessfulEnrollment();
600 EXPECT_TRUE(register_request_.register_request().reregister());
601 EXPECT_EQ(PolicyBuilder::kFakeDeviceId, client_id_);
602 }
603
604 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, RegistrationFailed) {
605 register_status_ = DM_STATUS_REQUEST_FAILED;
606 RunTest();
607 ExpectFailedEnrollment(EnrollmentStatus::STATUS_REGISTRATION_FAILED);
608 EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status());
609 }
610
611 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
612 RobotAuthCodeFetchFailed) {
613 robot_auth_fetch_status_ = DM_STATUS_REQUEST_FAILED;
614 RunTest();
615 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED);
616 }
617
618 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
619 RobotRefreshTokenFetchResponseCodeFailed) {
620 url_fetcher_response_code_ = 400;
621 RunTest();
622 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED);
623 EXPECT_EQ(400, status_.http_status());
624 }
625
626 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
627 RobotRefreshTokenFetchResponseStringFailed) {
628 url_fetcher_response_string_ = "invalid response json";
629 RunTest();
630 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED);
631 }
632
633 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
634 RobotRefreshEncryptionFailed) {
635 // The encryption lib is a noop for tests, but empty results from encryption
636 // is an error, so we simulate an encryption error by returning an empty
637 // refresh token.
638 url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\","
639 "\"expires_in\":1234,"
640 "\"refresh_token\":\"\"}";
641 RunTest();
642 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED);
643 }
644
645 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, PolicyFetchFailed) {
646 policy_fetch_status_ = DM_STATUS_REQUEST_FAILED;
647 RunTest();
648 ExpectFailedEnrollment(EnrollmentStatus::STATUS_POLICY_FETCH_FAILED);
649 EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status());
650 }
651
652 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, ValidationFailed) {
653 device_policy_.policy().set_policy_data_signature("bad");
654 policy_fetch_response_.clear_policy_response();
655 policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom(
656 device_policy_.policy());
657 RunTest();
658 ExpectFailedEnrollment(EnrollmentStatus::STATUS_VALIDATION_FAILED);
659 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
660 status_.validation_status());
661 }
662
663 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, StoreError) {
664 store_result_ = false;
665 RunTest();
666 ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR);
667 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR,
668 status_.store_status());
669 }
670
671 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) {
672 loaded_blob_.clear();
673 RunTest();
674 ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR);
675 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
676 status_.store_status());
677 }
678
679 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
680 SuccessfulConsumerManagementEnrollment) {
681 management_mode_ = MANAGEMENT_MODE_CONSUMER_MANAGED;
682 owner_key_util_->SetPrivateKey(device_policy_.GetNewSigningKey());
683 InitOwner(device_policy_.policy_data().username(), true);
684 FlushDeviceSettings();
685
686 device_policy_.policy_data().set_management_mode(em::PolicyData::LOCAL_OWNER);
687 device_policy_.Build();
688 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
689 ReloadDeviceSettings();
690
691 RunTest();
692 ExpectSuccessfulEnrollment();
693 }
694
695 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, UnregisterSucceeds) {
696 // Enroll first.
697 RunTest();
698 ExpectSuccessfulEnrollment();
699
700 // Set up mock objects for the upcoming unregistration job.
701 em::DeviceManagementResponse response;
702 response.mutable_unregister_response();
703 EXPECT_CALL(device_management_service_,
704 CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _))
705 .WillOnce(device_management_service_.SucceedJob(response));
706 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _));
707 EXPECT_CALL(*this, OnUnregistered(true));
708
709 // Start unregistering.
710 manager_->Unregister(base::Bind(
711 &DeviceCloudPolicyManagerChromeOSEnrollmentTest::OnUnregistered,
712 base::Unretained(this)));
713 }
714
715 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, UnregisterFails) {
716 // Enroll first.
717 RunTest();
718 ExpectSuccessfulEnrollment();
719
720 // Set up mock objects for the upcoming unregistration job.
721 EXPECT_CALL(device_management_service_,
722 CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION, _))
723 .WillOnce(device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED));
724 EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _));
725 EXPECT_CALL(*this, OnUnregistered(false));
726
727 // Start unregistering.
728 manager_->Unregister(base::Bind(
729 &DeviceCloudPolicyManagerChromeOSEnrollmentTest::OnUnregistered,
730 base::Unretained(this)));
731 }
732
733 // A subclass that runs with a blank system salt.
734 class DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest
735 : public DeviceCloudPolicyManagerChromeOSEnrollmentTest {
736 protected:
737 DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest() {
738 // Set up a FakeCryptohomeClient with a blank system salt.
739 fake_cryptohome_client_->set_system_salt(std::vector<uint8>());
740 }
741 };
742
743 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest,
744 RobotRefreshSaveFailed) {
745 // Without the system salt, the robot token can't be stored.
746 RunTest();
747 ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED);
748 }
749
750 } // namespace
751 } // namespace policy