search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / user_cloud_policy_store_chromeos_unittest.cc
blob9e8deba2d04ef97f0e45c6532c51b8697c5ddd97
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
6
7 #include <vector>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/file_util.h"
12 #include "base/files/scoped_temp_dir.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/message_loop/message_loop.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "chromeos/dbus/mock_cryptohome_client.h"
17 #include "chromeos/dbus/mock_session_manager_client.h"
18 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
19 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h"
20 #include "components/policy/core/common/cloud/policy_builder.h"
21 #include "policy/policy_constants.h"
22 #include "policy/proto/cloud_policy.pb.h"
23 #include "policy/proto/device_management_local.pb.h"
24 #include "testing/gmock/include/gmock/gmock.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 namespace em = enterprise_management;
28
29 using testing::AllOf;
30 using testing::AnyNumber;
31 using testing::Eq;
32 using testing::Mock;
33 using testing::Property;
34 using testing::Return;
35 using testing::SaveArg;
36 using testing::_;
37
38 namespace policy {
39
40 namespace {
41
42 const char kLegacyDeviceId[] = "legacy-device-id";
43 const char kLegacyToken[] = "legacy-token";
44 const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678";
45 const char kDefaultHomepage[] = "http://chromium.org";
46
47 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) {
48 base::MessageLoop::current()->PostTask(
49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username));
50 }
51
52 class UserCloudPolicyStoreChromeOSTest : public testing::Test {
53 protected:
54 UserCloudPolicyStoreChromeOSTest() {}
55
56 virtual void SetUp() OVERRIDE {
57 EXPECT_CALL(cryptohome_client_,
58 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
59 .Times(AnyNumber())
60 .WillRepeatedly(
61 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS,
62 kSanitizedUsername));
63
64 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir());
65 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_,
66 &session_manager_client_,
67 loop_.message_loop_proxy(),
68 PolicyBuilder::kFakeUsername,
69 user_policy_dir(),
70 token_file(),
71 policy_file()));
72 store_->AddObserver(&observer_);
73
74 // Install the initial public key, so that by default the validation of
75 // the stored/loaded policy blob succeeds.
76 std::vector<uint8> public_key;
77 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
78 StoreUserPolicyKey(public_key);
79
80 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage);
81 policy_.Build();
82 }
83
84 virtual void TearDown() OVERRIDE {
85 store_->RemoveObserver(&observer_);
86 store_.reset();
87 RunUntilIdle();
88 }
89
90 // Install an expectation on |observer_| for an error code.
91 void ExpectError(CloudPolicyStore::Status error) {
92 EXPECT_CALL(observer_,
93 OnStoreError(AllOf(Eq(store_.get()),
94 Property(&CloudPolicyStore::status,
95 Eq(error)))));
96 }
97
98 // Triggers a store_->Load() operation, handles the expected call to
99 // |session_manager_client_| and sends |response|.
100 void PerformPolicyLoad(const std::string& response) {
101 // Issue a load command.
102 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
103 EXPECT_CALL(session_manager_client_,
104 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _))
105 .WillOnce(SaveArg<1>(&retrieve_callback));
106 store_->Load();
107 RunUntilIdle();
108 Mock::VerifyAndClearExpectations(&session_manager_client_);
109 ASSERT_FALSE(retrieve_callback.is_null());
110
111 // Run the callback.
112 retrieve_callback.Run(response);
113 RunUntilIdle();
114 }
115
116 // Verifies that store_->policy_map() has the HomepageLocation entry with
117 // the |expected_value|.
118 void VerifyPolicyMap(const char* expected_value) {
119 EXPECT_EQ(1U, store_->policy_map().size());
120 const PolicyMap::Entry* entry =
121 store_->policy_map().Get(key::kHomepageLocation);
122 ASSERT_TRUE(entry);
123 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value));
124 }
125
126 void StoreUserPolicyKey(const std::vector<uint8>& public_key) {
127 ASSERT_TRUE(base::CreateDirectory(user_policy_key_file().DirName()));
128 ASSERT_TRUE(
129 file_util::WriteFile(user_policy_key_file(),
130 reinterpret_cast<const char*>(public_key.data()),
131 public_key.size()));
132 }
133
134 // Stores the current |policy_| and verifies that it is published.
135 // If |new_public_key| is set then it will be persisted after storing but
136 // before loading the policy, so that the signature validation can succeed.
137 // If |previous_value| is set then a previously existing policy with that
138 // value will be expected; otherwise no previous policy is expected.
139 // If |new_value| is set then a new policy with that value is expected after
140 // storing the |policy_| blob.
141 void PerformStorePolicy(const std::vector<uint8>* new_public_key,
142 const char* previous_value,
143 const char* new_value) {
144 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
145 EXPECT_CALL(session_manager_client_,
146 StorePolicyForUser(PolicyBuilder::kFakeUsername,
147 policy_.GetBlob(), _, _))
148 .WillOnce(SaveArg<3>(&store_callback));
149 store_->Store(policy_.policy());
150 RunUntilIdle();
151 Mock::VerifyAndClearExpectations(&session_manager_client_);
152 ASSERT_FALSE(store_callback.is_null());
153
154 // The new policy shouldn't be present yet.
155 PolicyMap previous_policy;
156 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL);
157 if (previous_value) {
158 previous_policy.Set(key::kHomepageLocation,
159 POLICY_LEVEL_MANDATORY,
160 POLICY_SCOPE_USER,
161 base::Value::CreateStringValue(previous_value), NULL);
162 }
163 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
164 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
165
166 // Store the new public key so that the validation after the retrieve
167 // operation completes can verify the signature.
168 if (new_public_key)
169 StoreUserPolicyKey(*new_public_key);
170
171 // Let the store operation complete.
172 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
173 EXPECT_CALL(session_manager_client_,
174 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _))
175 .WillOnce(SaveArg<1>(&retrieve_callback));
176 store_callback.Run(true);
177 RunUntilIdle();
178 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
179 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
180 Mock::VerifyAndClearExpectations(&session_manager_client_);
181 ASSERT_FALSE(retrieve_callback.is_null());
182
183 // Finish the retrieve callback.
184 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
185 retrieve_callback.Run(policy_.GetBlob());
186 RunUntilIdle();
187 ASSERT_TRUE(store_->policy());
188 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
189 store_->policy()->SerializeAsString());
190 VerifyPolicyMap(new_value);
191 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
192 }
193
194 void VerifyStoreHasValidationError() {
195 EXPECT_FALSE(store_->policy());
196 EXPECT_TRUE(store_->policy_map().empty());
197 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
198 }
199
200 void RunUntilIdle() {
201 loop_.RunUntilIdle();
202 loop_.RunUntilIdle();
203 }
204
205 base::FilePath user_policy_dir() {
206 return tmp_dir_.path().AppendASCII("var_run_user_policy");
207 }
208
209 base::FilePath user_policy_key_file() {
210 return user_policy_dir().AppendASCII(kSanitizedUsername)
211 .AppendASCII("policy.pub");
212 }
213
214 base::FilePath token_file() {
215 return tmp_dir_.path().AppendASCII("token");
216 }
217
218 base::FilePath policy_file() {
219 return tmp_dir_.path().AppendASCII("policy");
220 }
221
222 base::MessageLoopForUI loop_;
223 chromeos::MockCryptohomeClient cryptohome_client_;
224 chromeos::MockSessionManagerClient session_manager_client_;
225 UserPolicyBuilder policy_;
226 MockCloudPolicyStoreObserver observer_;
227 scoped_ptr<UserCloudPolicyStoreChromeOS> store_;
228
229 private:
230 base::ScopedTempDir tmp_dir_;
231
232 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest);
233 };
234
235 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) {
236 // Start without any public key to trigger the initial key checks.
237 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
238 // Make the policy blob contain a new public key.
239 policy_.SetDefaultNewSigningKey();
240 policy_.Build();
241 std::vector<uint8> new_public_key;
242 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
243 ASSERT_NO_FATAL_FAILURE(
244 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
245 }
246
247 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) {
248 ASSERT_NO_FATAL_FAILURE(
249 PerformStorePolicy(NULL, NULL, kDefaultHomepage));
250 }
251
252 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
253 // Make the policy blob contain a new public key.
254 policy_.SetDefaultNewSigningKey();
255 policy_.Build();
256 std::vector<uint8> new_public_key;
257 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
258 ASSERT_NO_FATAL_FAILURE(
259 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
260 }
261
262 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
263 // Store policy.
264 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
265 EXPECT_CALL(session_manager_client_,
266 StorePolicyForUser(PolicyBuilder::kFakeUsername,
267 policy_.GetBlob(), _, _))
268 .WillOnce(SaveArg<3>(&store_callback));
269 store_->Store(policy_.policy());
270 RunUntilIdle();
271 Mock::VerifyAndClearExpectations(&session_manager_client_);
272 ASSERT_FALSE(store_callback.is_null());
273
274 // Let the store operation complete.
275 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR);
276 store_callback.Run(false);
277 RunUntilIdle();
278 EXPECT_FALSE(store_->policy());
279 EXPECT_TRUE(store_->policy_map().empty());
280 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status());
281 }
282
283 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
284 policy_.policy_data().clear_policy_type();
285 policy_.Build();
286
287 // Store policy.
288 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
289 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
290 EXPECT_CALL(session_manager_client_,
291 StorePolicyForUser(PolicyBuilder::kFakeUsername,
292 policy_.GetBlob(), _, _))
293 .Times(0);
294 store_->Store(policy_.policy());
295 RunUntilIdle();
296 Mock::VerifyAndClearExpectations(&session_manager_client_);
297 }
298
299 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
300 // Make the dbus call to cryptohome fail.
301 Mock::VerifyAndClearExpectations(&cryptohome_client_);
302 EXPECT_CALL(cryptohome_client_,
303 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
304 .Times(AnyNumber())
305 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE,
306 std::string()));
307
308 // Store policy.
309 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
310 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
311 EXPECT_CALL(session_manager_client_,
312 StorePolicyForUser(PolicyBuilder::kFakeUsername,
313 policy_.GetBlob(), _, _))
314 .Times(0);
315 store_->Store(policy_.policy());
316 RunUntilIdle();
317 Mock::VerifyAndClearExpectations(&session_manager_client_);
318 }
319
320 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
321 // Break the signature.
322 policy_.policy().mutable_policy_data_signature()->append("garbage");
323
324 // Store policy.
325 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
326 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
327 EXPECT_CALL(session_manager_client_,
328 StorePolicyForUser(PolicyBuilder::kFakeUsername,
329 policy_.GetBlob(), _, _))
330 .Times(0);
331 store_->Store(policy_.policy());
332 RunUntilIdle();
333 Mock::VerifyAndClearExpectations(&session_manager_client_);
334 }
335
336 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
337 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
338 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
339 Mock::VerifyAndClearExpectations(&observer_);
340
341 // Verify that the policy has been loaded.
342 ASSERT_TRUE(store_->policy());
343 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
344 store_->policy()->SerializeAsString());
345 VerifyPolicyMap(kDefaultHomepage);
346 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
347 }
348
349 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
350 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
351 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
352 Mock::VerifyAndClearExpectations(&observer_);
353
354 // Verify no policy has been installed.
355 EXPECT_FALSE(store_->policy());
356 EXPECT_TRUE(store_->policy_map().empty());
357 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
358 }
359
360 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) {
361 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR);
362 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid"));
363
364 // Verify no policy has been installed.
365 EXPECT_FALSE(store_->policy());
366 EXPECT_TRUE(store_->policy_map().empty());
367 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
368 }
369
370 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) {
371 policy_.policy_data().clear_policy_type();
372 policy_.Build();
373
374 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
375 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
376 VerifyStoreHasValidationError();
377 }
378
379 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
380 // The loaded policy can't be verified without the public key.
381 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
382 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
383 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
384 VerifyStoreHasValidationError();
385 }
386
387 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
388 // Break the signature.
389 policy_.policy().mutable_policy_data_signature()->append("garbage");
390 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
391 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
392 VerifyStoreHasValidationError();
393 }
394
395 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) {
396 std::string data;
397
398 em::DeviceCredentials credentials;
399 credentials.set_device_token(kLegacyToken);
400 credentials.set_device_id(kLegacyDeviceId);
401 ASSERT_TRUE(credentials.SerializeToString(&data));
402 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size()));
403
404 em::CachedCloudPolicyResponse cached_policy;
405 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
406 ASSERT_TRUE(cached_policy.SerializeToString(&data));
407 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
408
409 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
410 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
411 Mock::VerifyAndClearExpectations(&observer_);
412
413 // Verify that legacy user policy and token have been loaded.
414 em::PolicyData expected_policy_data;
415 EXPECT_TRUE(expected_policy_data.ParseFromString(
416 cached_policy.cloud_policy().policy_data()));
417 expected_policy_data.clear_public_key_version();
418 expected_policy_data.set_request_token(kLegacyToken);
419 expected_policy_data.set_device_id(kLegacyDeviceId);
420 ASSERT_TRUE(store_->policy());
421 EXPECT_EQ(expected_policy_data.SerializeAsString(),
422 store_->policy()->SerializeAsString());
423 VerifyPolicyMap(kDefaultHomepage);
424 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
425 }
426
427 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) {
428 std::string data;
429 testing::Sequence seq;
430
431 em::CachedCloudPolicyResponse cached_policy;
432 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
433 ASSERT_TRUE(cached_policy.SerializeToString(&data));
434 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
435
436 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
437 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
438 Mock::VerifyAndClearExpectations(&observer_);
439
440 // Verify the legacy cache has been loaded.
441 em::PolicyData expected_policy_data;
442 EXPECT_TRUE(expected_policy_data.ParseFromString(
443 cached_policy.cloud_policy().policy_data()));
444 expected_policy_data.clear_public_key_version();
445 ASSERT_TRUE(store_->policy());
446 EXPECT_EQ(expected_policy_data.SerializeAsString(),
447 store_->policy()->SerializeAsString());
448 VerifyPolicyMap(kDefaultHomepage);
449 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
450 }
451
452 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) {
453 std::string data;
454
455 em::DeviceCredentials credentials;
456 credentials.set_device_token(kLegacyToken);
457 credentials.set_device_id(kLegacyDeviceId);
458 ASSERT_TRUE(credentials.SerializeToString(&data));
459 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size()));
460
461 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
462 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
463 Mock::VerifyAndClearExpectations(&observer_);
464
465 // Verify that legacy user policy and token have been loaded.
466 em::PolicyData expected_policy_data;
467 expected_policy_data.set_request_token(kLegacyToken);
468 expected_policy_data.set_device_id(kLegacyDeviceId);
469 ASSERT_TRUE(store_->policy());
470 EXPECT_EQ(expected_policy_data.SerializeAsString(),
471 store_->policy()->SerializeAsString());
472 EXPECT_TRUE(store_->policy_map().empty());
473 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
474 }
475
476 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) {
477 // Start without an existing public key.
478 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
479
480 std::string data;
481 em::CachedCloudPolicyResponse cached_policy;
482 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
483 ASSERT_TRUE(cached_policy.SerializeToString(&data));
484 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size()));
485
486 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
487 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
488 Mock::VerifyAndClearExpectations(&observer_);
489
490 // Verify the legacy cache has been loaded.
491 em::PolicyData expected_policy_data;
492 EXPECT_TRUE(expected_policy_data.ParseFromString(
493 cached_policy.cloud_policy().policy_data()));
494 expected_policy_data.clear_public_key_version();
495 ASSERT_TRUE(store_->policy());
496 EXPECT_EQ(expected_policy_data.SerializeAsString(),
497 store_->policy()->SerializeAsString());
498 VerifyPolicyMap(kDefaultHomepage);
499 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
500 EXPECT_TRUE(base::PathExists(policy_file()));
501
502 // Now store a new policy using the new homepage location.
503 const char kNewHomepage[] = "http://google.com";
504 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage);
505 policy_.SetDefaultNewSigningKey();
506 policy_.Build();
507 std::vector<uint8> new_public_key;
508 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
509 ASSERT_NO_FATAL_FAILURE(
510 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage));
511 VerifyPolicyMap(kNewHomepage);
512
513 // Verify that the legacy cache has been removed.
514 EXPECT_FALSE(base::PathExists(policy_file()));
515 }
516
517 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) {
518 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
519 EXPECT_CALL(session_manager_client_,
520 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
521 .WillOnce(Return(policy_.GetBlob()));
522 EXPECT_CALL(cryptohome_client_,
523 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
524 .WillOnce(Return(kSanitizedUsername));
525
526 EXPECT_FALSE(store_->policy());
527 store_->LoadImmediately();
528 // Note: verify that the |observer_| got notified synchronously, without
529 // having to spin the current loop. TearDown() will flush the loop so this
530 // must be done within the test.
531 Mock::VerifyAndClearExpectations(&observer_);
532 Mock::VerifyAndClearExpectations(&session_manager_client_);
533 Mock::VerifyAndClearExpectations(&cryptohome_client_);
534
535 // The policy should become available without having to spin any loops.
536 ASSERT_TRUE(store_->policy());
537 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
538 store_->policy()->SerializeAsString());
539 VerifyPolicyMap(kDefaultHomepage);
540 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
541 }
542
543 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) {
544 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
545 EXPECT_CALL(session_manager_client_,
546 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
547 .WillOnce(Return(""));
548
549 EXPECT_FALSE(store_->policy());
550 store_->LoadImmediately();
551 Mock::VerifyAndClearExpectations(&observer_);
552 Mock::VerifyAndClearExpectations(&session_manager_client_);
553
554 EXPECT_FALSE(store_->policy());
555 EXPECT_TRUE(store_->policy_map().empty());
556 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
557 }
558
559 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) {
560 EXPECT_CALL(observer_, OnStoreError(store_.get()));
561 EXPECT_CALL(session_manager_client_,
562 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
563 .WillOnce(Return("le blob"));
564
565 EXPECT_FALSE(store_->policy());
566 store_->LoadImmediately();
567 Mock::VerifyAndClearExpectations(&observer_);
568 Mock::VerifyAndClearExpectations(&session_manager_client_);
569
570 EXPECT_FALSE(store_->policy());
571 EXPECT_TRUE(store_->policy_map().empty());
572 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
573 }
574
575 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) {
576 EXPECT_CALL(observer_, OnStoreError(store_.get()));
577 EXPECT_CALL(session_manager_client_,
578 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
579 .WillOnce(Return(policy_.GetBlob()));
580 EXPECT_CALL(cryptohome_client_,
581 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
582 .WillOnce(Return(""));
583
584 EXPECT_FALSE(store_->policy());
585 store_->LoadImmediately();
586 Mock::VerifyAndClearExpectations(&observer_);
587 Mock::VerifyAndClearExpectations(&session_manager_client_);
588 Mock::VerifyAndClearExpectations(&cryptohome_client_);
589
590 EXPECT_FALSE(store_->policy());
591 EXPECT_TRUE(store_->policy_map().empty());
592 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status());
593 }
594
595 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) {
596 EXPECT_CALL(observer_, OnStoreError(store_.get()));
597 EXPECT_CALL(session_manager_client_,
598 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
599 .WillOnce(Return(policy_.GetBlob()));
600 EXPECT_CALL(cryptohome_client_,
601 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
602 .WillOnce(Return("wrong"));
603
604 EXPECT_FALSE(store_->policy());
605 store_->LoadImmediately();
606 Mock::VerifyAndClearExpectations(&observer_);
607 Mock::VerifyAndClearExpectations(&session_manager_client_);
608 Mock::VerifyAndClearExpectations(&cryptohome_client_);
609
610 EXPECT_FALSE(store_->policy());
611 EXPECT_TRUE(store_->policy_map().empty());
612 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
613 }
614
615 } // namespace
616
617 } // namespace policy