Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_cloud_policy_store_chromeos_unittest.cc
blob7f4fab476178560e4806684f74662b433a851ba0
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
7 #include <string>
8 #include <vector>
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/run_loop.h"
14 #include "base/thread_task_runner_handle.h"
15 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
17 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
18 #include "chrome/test/base/scoped_testing_local_state.h"
19 #include "chrome/test/base/testing_browser_process.h"
20 #include "chromeos/cryptohome/cryptohome_util.h"
21 #include "chromeos/dbus/dbus_thread_manager.h"
22 #include "chromeos/dbus/fake_cryptohome_client.h"
23 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
24 #include "content/public/test/test_utils.h"
25 #include "policy/policy_constants.h"
26 #include "policy/proto/device_management_backend.pb.h"
27 #include "testing/gtest/include/gtest/gtest.h"
29 namespace em = enterprise_management;
31 namespace policy {
33 namespace {
35 void CopyLockResult(base::RunLoop* loop,
36 EnterpriseInstallAttributes::LockResult* out,
37 EnterpriseInstallAttributes::LockResult result) {
38 *out = result;
39 loop->Quit();
42 } // namespace
44 class DeviceCloudPolicyStoreChromeOSTest
45 : public chromeos::DeviceSettingsTestBase {
46 protected:
47 DeviceCloudPolicyStoreChromeOSTest()
48 : local_state_(TestingBrowserProcess::GetGlobal()),
49 fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
50 install_attributes_(
51 new EnterpriseInstallAttributes(fake_cryptohome_client_)),
52 store_(new DeviceCloudPolicyStoreChromeOS(
53 &device_settings_service_,
54 install_attributes_.get(),
55 base::ThreadTaskRunnerHandle::Get())) {}
57 void SetUp() override {
58 DeviceSettingsTestBase::SetUp();
60 dbus_setter_->SetCryptohomeClient(
61 scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
63 base::RunLoop loop;
64 EnterpriseInstallAttributes::LockResult result;
65 install_attributes_->LockDevice(
66 PolicyBuilder::kFakeUsername,
67 DEVICE_MODE_ENTERPRISE,
68 PolicyBuilder::kFakeDeviceId,
69 base::Bind(&CopyLockResult, &loop, &result));
70 loop.Run();
71 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
74 void SetManagementModeAndLoad(em::PolicyData::ManagementMode mode) {
75 device_policy_.policy_data().set_management_mode(mode);
76 device_policy_.Build();
77 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
78 device_settings_service_.Load();
79 FlushDeviceSettings();
80 EXPECT_EQ(chromeos::DeviceSettingsService::STORE_SUCCESS,
81 device_settings_service_.status());
84 void ExpectFailure(CloudPolicyStore::Status expected_status) {
85 EXPECT_EQ(expected_status, store_->status());
86 EXPECT_TRUE(store_->is_initialized());
87 EXPECT_FALSE(store_->has_policy());
88 EXPECT_FALSE(store_->is_managed());
91 void ExpectSuccessWithManagementMode(ManagementMode mode) {
92 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
93 EXPECT_TRUE(store_->is_initialized());
94 EXPECT_TRUE(store_->has_policy());
95 EXPECT_TRUE(store_->is_managed());
96 EXPECT_TRUE(store_->policy());
97 EXPECT_TRUE(store_->policy_map().empty());
98 if (store_->policy())
99 EXPECT_EQ(mode, GetManagementMode(*store_->policy()));
102 void ExpectSuccess() {
103 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
104 EXPECT_TRUE(store_->is_initialized());
105 EXPECT_TRUE(store_->has_policy());
106 EXPECT_TRUE(store_->is_managed());
107 EXPECT_TRUE(store_->policy());
108 base::FundamentalValue expected(false);
109 EXPECT_TRUE(
110 base::Value::Equals(&expected,
111 store_->policy_map().GetValue(
112 key::kDeviceMetricsReportingEnabled)));
115 void PrepareExistingPolicy() {
116 store_->Load();
117 FlushDeviceSettings();
118 ExpectSuccess();
120 device_policy_.UnsetNewSigningKey();
121 device_policy_.Build();
124 void PrepareNewSigningKey() {
125 device_policy_.SetDefaultNewSigningKey();
126 device_policy_.Build();
127 owner_key_util_->SetPublicKeyFromPrivateKey(
128 *device_policy_.GetNewSigningKey());
131 void ResetToNonEnterprise() {
132 store_.reset();
133 chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
134 std::string());
135 install_attributes_.reset(
136 new EnterpriseInstallAttributes(fake_cryptohome_client_));
137 store_.reset(new DeviceCloudPolicyStoreChromeOS(
138 &device_settings_service_, install_attributes_.get(),
139 base::ThreadTaskRunnerHandle::Get()));
142 ScopedTestingLocalState local_state_;
143 chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
144 scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
146 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
148 private:
149 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
152 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
153 owner_key_util_->Clear();
154 store_->Load();
155 FlushDeviceSettings();
156 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
159 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
160 device_settings_test_helper_.set_policy_blob(std::string());
161 store_->Load();
162 FlushDeviceSettings();
163 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
166 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
167 ResetToNonEnterprise();
168 store_->Load();
169 FlushDeviceSettings();
170 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
173 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
174 store_->Load();
175 FlushDeviceSettings();
176 ExpectSuccess();
179 TEST_F(DeviceCloudPolicyStoreChromeOSTest, UpdateFromServiceOnConsumerDevices) {
180 ResetToNonEnterprise();
182 SetManagementModeAndLoad(em::PolicyData::CONSUMER_MANAGED);
183 ExpectSuccessWithManagementMode(MANAGEMENT_MODE_CONSUMER_MANAGED);
185 // Unenroll from consumer management.
186 SetManagementModeAndLoad(em::PolicyData::LOCAL_OWNER);
187 ExpectSuccessWithManagementMode(MANAGEMENT_MODE_LOCAL_OWNER);
190 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
191 PrepareExistingPolicy();
192 store_->Store(device_policy_.policy());
193 FlushDeviceSettings();
194 ExpectSuccess();
197 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
198 PrepareExistingPolicy();
199 device_policy_.policy().clear_policy_data_signature();
200 store_->Store(device_policy_.policy());
201 FlushDeviceSettings();
202 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
203 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
204 store_->validation_status());
207 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
208 PrepareExistingPolicy();
209 device_policy_.policy().set_policy_data_signature("invalid");
210 store_->Store(device_policy_.policy());
211 FlushDeviceSettings();
212 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
213 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
214 store_->validation_status());
217 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
218 PrepareExistingPolicy();
219 device_policy_.SetDefaultNewSigningKey();
220 device_policy_.Build();
221 store_->Store(device_policy_.policy());
222 content::RunAllBlockingPoolTasksUntilIdle();
223 device_settings_test_helper_.FlushStore();
224 owner_key_util_->SetPublicKeyFromPrivateKey(
225 *device_policy_.GetNewSigningKey());
226 ReloadDeviceSettings();
227 ExpectSuccess();
230 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
231 StoreKeyRotationVerificationFailure) {
232 PrepareExistingPolicy();
233 device_policy_.SetDefaultNewSigningKey();
234 device_policy_.Build();
235 *device_policy_.policy().mutable_new_public_key_verification_signature() =
236 "garbage";
237 store_->Store(device_policy_.policy());
238 FlushDeviceSettings();
239 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
240 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
241 store_->validation_status());
244 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
245 StoreKeyRotationMissingSignatureFailure) {
246 PrepareExistingPolicy();
247 device_policy_.SetDefaultNewSigningKey();
248 device_policy_.Build();
249 device_policy_.policy().clear_new_public_key_verification_signature();
250 store_->Store(device_policy_.policy());
251 FlushDeviceSettings();
252 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
253 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
254 store_->validation_status());
257 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
258 PrepareNewSigningKey();
259 store_->InstallInitialPolicy(device_policy_.policy());
260 FlushDeviceSettings();
261 ExpectSuccess();
264 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
265 PrepareNewSigningKey();
266 device_policy_.policy().clear_policy_data_signature();
267 store_->InstallInitialPolicy(device_policy_.policy());
268 FlushDeviceSettings();
269 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
270 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
271 store_->validation_status());
274 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
275 InstallInitialPolicyVerificationFailure) {
276 PrepareNewSigningKey();
277 *device_policy_.policy().mutable_new_public_key_verification_signature() =
278 "garbage";
279 store_->InstallInitialPolicy(device_policy_.policy());
280 FlushDeviceSettings();
281 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
282 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
283 store_->validation_status());
286 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
287 InstallInitialPolicyMissingSignatureFailure) {
288 PrepareNewSigningKey();
289 device_policy_.policy().clear_new_public_key_verification_signature();
290 store_->InstallInitialPolicy(device_policy_.policy());
291 FlushDeviceSettings();
292 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
293 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
294 store_->validation_status());
297 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
298 PrepareNewSigningKey();
299 device_policy_.policy().clear_new_public_key();
300 store_->InstallInitialPolicy(device_policy_.policy());
301 FlushDeviceSettings();
302 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
303 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
304 store_->validation_status());
307 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
308 PrepareNewSigningKey();
309 ResetToNonEnterprise();
310 store_->InstallInitialPolicy(device_policy_.policy());
311 FlushDeviceSettings();
312 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
315 } // namespace policy