Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / user_cloud_policy_store_chromeos_unittest.cc
blobbca077a0fd44b1e9348c7fc9fe71fb668007450f
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
7 #include <vector>
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/files/file_util.h"
12 #include "base/files/scoped_temp_dir.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/message_loop/message_loop.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "chromeos/dbus/mock_cryptohome_client.h"
17 #include "chromeos/dbus/mock_session_manager_client.h"
18 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
19 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h"
20 #include "components/policy/core/common/cloud/policy_builder.h"
21 #include "policy/policy_constants.h"
22 #include "policy/proto/cloud_policy.pb.h"
23 #include "policy/proto/device_management_local.pb.h"
24 #include "testing/gmock/include/gmock/gmock.h"
25 #include "testing/gtest/include/gtest/gtest.h"
27 namespace em = enterprise_management;
29 using testing::AllOf;
30 using testing::AnyNumber;
31 using testing::Eq;
32 using testing::Mock;
33 using testing::Property;
34 using testing::Return;
35 using testing::SaveArg;
36 using testing::_;
38 namespace policy {
40 namespace {
42 const char kLegacyDeviceId[] = "legacy-device-id";
43 const char kLegacyToken[] = "legacy-token";
44 const char kSanitizedUsername[] =
45 "0123456789ABCDEF0123456789ABCDEF012345678@example.com";
46 const char kDefaultHomepage[] = "http://chromium.org";
48 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) {
49 base::MessageLoop::current()->PostTask(
50 FROM_HERE, base::Bind(arg1, call_status, sanitized_username));
53 class UserCloudPolicyStoreChromeOSTest : public testing::Test {
54 protected:
55 UserCloudPolicyStoreChromeOSTest() {}
57 void SetUp() override {
58 EXPECT_CALL(cryptohome_client_,
59 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
60 .Times(AnyNumber())
61 .WillRepeatedly(
62 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS,
63 kSanitizedUsername));
65 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir());
66 store_.reset(new UserCloudPolicyStoreChromeOS(
67 &cryptohome_client_, &session_manager_client_, loop_.task_runner(),
68 PolicyBuilder::kFakeUsername, user_policy_dir(), token_file(),
69 policy_file()));
70 store_->AddObserver(&observer_);
72 // Install the initial public key, so that by default the validation of
73 // the stored/loaded policy blob succeeds.
74 std::vector<uint8> public_key;
75 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
76 StoreUserPolicyKey(public_key);
78 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage);
79 policy_.Build();
82 void TearDown() override {
83 store_->RemoveObserver(&observer_);
84 store_.reset();
85 RunUntilIdle();
88 // Install an expectation on |observer_| for an error code.
89 void ExpectError(CloudPolicyStore::Status error) {
90 EXPECT_CALL(observer_,
91 OnStoreError(AllOf(Eq(store_.get()),
92 Property(&CloudPolicyStore::status,
93 Eq(error)))));
96 // Triggers a store_->Load() operation, handles the expected call to
97 // |session_manager_client_| and sends |response|.
98 void PerformPolicyLoad(const std::string& response) {
99 // Issue a load command.
100 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
101 EXPECT_CALL(session_manager_client_,
102 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _))
103 .WillOnce(SaveArg<1>(&retrieve_callback));
104 store_->Load();
105 RunUntilIdle();
106 Mock::VerifyAndClearExpectations(&session_manager_client_);
107 ASSERT_FALSE(retrieve_callback.is_null());
109 // Run the callback.
110 retrieve_callback.Run(response);
111 RunUntilIdle();
114 // Verifies that store_->policy_map() has the HomepageLocation entry with
115 // the |expected_value|.
116 void VerifyPolicyMap(const char* expected_value) {
117 EXPECT_EQ(1U, store_->policy_map().size());
118 const PolicyMap::Entry* entry =
119 store_->policy_map().Get(key::kHomepageLocation);
120 ASSERT_TRUE(entry);
121 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value));
124 void StoreUserPolicyKey(const std::vector<uint8>& public_key) {
125 ASSERT_TRUE(base::CreateDirectory(user_policy_key_file().DirName()));
126 ASSERT_TRUE(
127 base::WriteFile(user_policy_key_file(),
128 reinterpret_cast<const char*>(public_key.data()),
129 public_key.size()));
132 // Stores the current |policy_| and verifies that it is published.
133 // If |new_public_key| is set then it will be persisted after storing but
134 // before loading the policy, so that the signature validation can succeed.
135 // If |previous_value| is set then a previously existing policy with that
136 // value will be expected; otherwise no previous policy is expected.
137 // If |new_value| is set then a new policy with that value is expected after
138 // storing the |policy_| blob.
139 void PerformStorePolicy(const std::vector<uint8>* new_public_key,
140 const char* previous_value,
141 const char* new_value) {
142 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
143 EXPECT_CALL(session_manager_client_,
144 StorePolicyForUser(PolicyBuilder::kFakeUsername,
145 policy_.GetBlob(), _))
146 .WillOnce(SaveArg<2>(&store_callback));
147 store_->Store(policy_.policy());
148 RunUntilIdle();
149 Mock::VerifyAndClearExpectations(&session_manager_client_);
150 ASSERT_FALSE(store_callback.is_null());
152 // The new policy shouldn't be present yet.
153 PolicyMap previous_policy;
154 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL);
155 if (previous_value) {
156 previous_policy.Set(key::kHomepageLocation,
157 POLICY_LEVEL_MANDATORY,
158 POLICY_SCOPE_USER,
159 new base::StringValue(previous_value), NULL);
161 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
162 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
164 // Store the new public key so that the validation after the retrieve
165 // operation completes can verify the signature.
166 if (new_public_key)
167 StoreUserPolicyKey(*new_public_key);
169 // Let the store operation complete.
170 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
171 EXPECT_CALL(session_manager_client_,
172 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _))
173 .WillOnce(SaveArg<1>(&retrieve_callback));
174 store_callback.Run(true);
175 RunUntilIdle();
176 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
177 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
178 Mock::VerifyAndClearExpectations(&session_manager_client_);
179 ASSERT_FALSE(retrieve_callback.is_null());
181 // Finish the retrieve callback.
182 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
183 retrieve_callback.Run(policy_.GetBlob());
184 RunUntilIdle();
185 ASSERT_TRUE(store_->policy());
186 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
187 store_->policy()->SerializeAsString());
188 VerifyPolicyMap(new_value);
189 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
192 void VerifyStoreHasValidationError() {
193 EXPECT_FALSE(store_->policy());
194 EXPECT_TRUE(store_->policy_map().empty());
195 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
198 void RunUntilIdle() {
199 loop_.RunUntilIdle();
200 loop_.RunUntilIdle();
203 base::FilePath user_policy_dir() {
204 return tmp_dir_.path().AppendASCII("var_run_user_policy");
207 base::FilePath user_policy_key_file() {
208 return user_policy_dir().AppendASCII(kSanitizedUsername)
209 .AppendASCII("policy.pub");
212 base::FilePath token_file() {
213 return tmp_dir_.path().AppendASCII("token");
216 base::FilePath policy_file() {
217 return tmp_dir_.path().AppendASCII("policy");
220 base::MessageLoopForUI loop_;
221 chromeos::MockCryptohomeClient cryptohome_client_;
222 chromeos::MockSessionManagerClient session_manager_client_;
223 UserPolicyBuilder policy_;
224 MockCloudPolicyStoreObserver observer_;
225 scoped_ptr<UserCloudPolicyStoreChromeOS> store_;
227 private:
228 base::ScopedTempDir tmp_dir_;
230 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest);
233 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) {
234 // Start without any public key to trigger the initial key checks.
235 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
236 // Make the policy blob contain a new public key.
237 policy_.SetDefaultNewSigningKey();
238 policy_.Build();
239 std::vector<uint8> new_public_key;
240 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
241 ASSERT_NO_FATAL_FAILURE(
242 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
245 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) {
246 // Start without any public key to trigger the initial key checks.
247 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
248 // Make the policy blob contain a new public key.
249 policy_.SetDefaultSigningKey();
250 policy_.Build();
251 *policy_.policy().mutable_new_public_key_verification_signature() = "garbage";
253 EXPECT_CALL(session_manager_client_,
254 StorePolicyForUser(
255 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0);
256 store_->Store(policy_.policy());
257 RunUntilIdle();
258 Mock::VerifyAndClearExpectations(&session_manager_client_);
261 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) {
262 // Start without any public key to trigger the initial key checks.
263 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
264 // Make the policy blob contain a new public key.
265 policy_.SetDefaultSigningKey();
266 policy_.Build();
267 policy_.policy().clear_new_public_key_verification_signature();
269 EXPECT_CALL(session_manager_client_,
270 StorePolicyForUser(
271 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0);
272 store_->Store(policy_.policy());
273 RunUntilIdle();
274 Mock::VerifyAndClearExpectations(&session_manager_client_);
277 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) {
278 ASSERT_NO_FATAL_FAILURE(
279 PerformStorePolicy(NULL, NULL, kDefaultHomepage));
282 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
283 // Make the policy blob contain a new public key.
284 policy_.SetDefaultNewSigningKey();
285 policy_.Build();
286 std::vector<uint8> new_public_key;
287 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
288 ASSERT_NO_FATAL_FAILURE(
289 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
292 TEST_F(UserCloudPolicyStoreChromeOSTest,
293 StoreWithRotationMissingSignatureError) {
294 // Make the policy blob contain a new public key.
295 policy_.SetDefaultNewSigningKey();
296 policy_.Build();
297 policy_.policy().clear_new_public_key_verification_signature();
299 EXPECT_CALL(session_manager_client_,
300 StorePolicyForUser(
301 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0);
302 store_->Store(policy_.policy());
303 RunUntilIdle();
304 Mock::VerifyAndClearExpectations(&session_manager_client_);
307 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) {
308 // Make the policy blob contain a new public key.
309 policy_.SetDefaultNewSigningKey();
310 policy_.Build();
311 *policy_.policy().mutable_new_public_key_verification_signature() = "garbage";
313 EXPECT_CALL(session_manager_client_,
314 StorePolicyForUser(
315 PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0);
316 store_->Store(policy_.policy());
317 RunUntilIdle();
318 Mock::VerifyAndClearExpectations(&session_manager_client_);
321 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
322 // Store policy.
323 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
324 EXPECT_CALL(session_manager_client_,
325 StorePolicyForUser(PolicyBuilder::kFakeUsername,
326 policy_.GetBlob(), _))
327 .WillOnce(SaveArg<2>(&store_callback));
328 store_->Store(policy_.policy());
329 RunUntilIdle();
330 Mock::VerifyAndClearExpectations(&session_manager_client_);
331 ASSERT_FALSE(store_callback.is_null());
333 // Let the store operation complete.
334 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR);
335 store_callback.Run(false);
336 RunUntilIdle();
337 EXPECT_FALSE(store_->policy());
338 EXPECT_TRUE(store_->policy_map().empty());
339 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status());
342 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
343 policy_.policy_data().clear_policy_type();
344 policy_.Build();
346 // Store policy.
347 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
348 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
349 EXPECT_CALL(session_manager_client_,
350 StorePolicyForUser(PolicyBuilder::kFakeUsername,
351 policy_.GetBlob(), _))
352 .Times(0);
353 store_->Store(policy_.policy());
354 RunUntilIdle();
355 Mock::VerifyAndClearExpectations(&session_manager_client_);
358 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
359 // Make the dbus call to cryptohome fail.
360 Mock::VerifyAndClearExpectations(&cryptohome_client_);
361 EXPECT_CALL(cryptohome_client_,
362 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
363 .Times(AnyNumber())
364 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE,
365 std::string()));
367 // Store policy.
368 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
369 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
370 EXPECT_CALL(session_manager_client_,
371 StorePolicyForUser(PolicyBuilder::kFakeUsername,
372 policy_.GetBlob(), _))
373 .Times(0);
374 store_->Store(policy_.policy());
375 RunUntilIdle();
376 Mock::VerifyAndClearExpectations(&session_manager_client_);
379 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
380 // Break the signature.
381 policy_.policy().mutable_policy_data_signature()->append("garbage");
383 // Store policy.
384 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
385 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
386 EXPECT_CALL(session_manager_client_,
387 StorePolicyForUser(PolicyBuilder::kFakeUsername,
388 policy_.GetBlob(), _))
389 .Times(0);
390 store_->Store(policy_.policy());
391 RunUntilIdle();
392 Mock::VerifyAndClearExpectations(&session_manager_client_);
395 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
396 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
397 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
398 Mock::VerifyAndClearExpectations(&observer_);
400 // Verify that the policy has been loaded.
401 ASSERT_TRUE(store_->policy());
402 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
403 store_->policy()->SerializeAsString());
404 VerifyPolicyMap(kDefaultHomepage);
405 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
408 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
409 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
410 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
411 Mock::VerifyAndClearExpectations(&observer_);
413 // Verify no policy has been installed.
414 EXPECT_FALSE(store_->policy());
415 EXPECT_TRUE(store_->policy_map().empty());
416 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
419 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) {
420 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR);
421 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid"));
423 // Verify no policy has been installed.
424 EXPECT_FALSE(store_->policy());
425 EXPECT_TRUE(store_->policy_map().empty());
426 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
429 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) {
430 policy_.policy_data().clear_policy_type();
431 policy_.Build();
433 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
434 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
435 VerifyStoreHasValidationError();
438 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
439 // The loaded policy can't be verified without the public key.
440 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
441 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
442 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
443 VerifyStoreHasValidationError();
446 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
447 // Break the signature.
448 policy_.policy().mutable_policy_data_signature()->append("garbage");
449 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
450 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
451 VerifyStoreHasValidationError();
454 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) {
455 std::string data;
457 em::DeviceCredentials credentials;
458 credentials.set_device_token(kLegacyToken);
459 credentials.set_device_id(kLegacyDeviceId);
460 ASSERT_TRUE(credentials.SerializeToString(&data));
461 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size()));
463 em::CachedCloudPolicyResponse cached_policy;
464 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
465 ASSERT_TRUE(cached_policy.SerializeToString(&data));
466 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size()));
468 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
469 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
470 Mock::VerifyAndClearExpectations(&observer_);
472 // Verify that legacy user policy and token have been loaded.
473 em::PolicyData expected_policy_data;
474 EXPECT_TRUE(expected_policy_data.ParseFromString(
475 cached_policy.cloud_policy().policy_data()));
476 expected_policy_data.clear_public_key_version();
477 expected_policy_data.set_request_token(kLegacyToken);
478 expected_policy_data.set_device_id(kLegacyDeviceId);
479 ASSERT_TRUE(store_->policy());
480 EXPECT_EQ(expected_policy_data.SerializeAsString(),
481 store_->policy()->SerializeAsString());
482 VerifyPolicyMap(kDefaultHomepage);
483 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
486 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) {
487 std::string data;
488 testing::Sequence seq;
490 em::CachedCloudPolicyResponse cached_policy;
491 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
492 ASSERT_TRUE(cached_policy.SerializeToString(&data));
493 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size()));
495 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
496 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
497 Mock::VerifyAndClearExpectations(&observer_);
499 // Verify the legacy cache has been loaded.
500 em::PolicyData expected_policy_data;
501 EXPECT_TRUE(expected_policy_data.ParseFromString(
502 cached_policy.cloud_policy().policy_data()));
503 expected_policy_data.clear_public_key_version();
504 ASSERT_TRUE(store_->policy());
505 EXPECT_EQ(expected_policy_data.SerializeAsString(),
506 store_->policy()->SerializeAsString());
507 VerifyPolicyMap(kDefaultHomepage);
508 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
511 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) {
512 std::string data;
514 em::DeviceCredentials credentials;
515 credentials.set_device_token(kLegacyToken);
516 credentials.set_device_id(kLegacyDeviceId);
517 ASSERT_TRUE(credentials.SerializeToString(&data));
518 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size()));
520 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
521 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
522 Mock::VerifyAndClearExpectations(&observer_);
524 // Verify that legacy user policy and token have been loaded.
525 em::PolicyData expected_policy_data;
526 expected_policy_data.set_request_token(kLegacyToken);
527 expected_policy_data.set_device_id(kLegacyDeviceId);
528 ASSERT_TRUE(store_->policy());
529 EXPECT_EQ(expected_policy_data.SerializeAsString(),
530 store_->policy()->SerializeAsString());
531 EXPECT_TRUE(store_->policy_map().empty());
532 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
535 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) {
536 // Start without an existing public key.
537 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
539 std::string data;
540 em::CachedCloudPolicyResponse cached_policy;
541 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
542 ASSERT_TRUE(cached_policy.SerializeToString(&data));
543 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size()));
545 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
546 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
547 Mock::VerifyAndClearExpectations(&observer_);
549 // Verify the legacy cache has been loaded.
550 em::PolicyData expected_policy_data;
551 EXPECT_TRUE(expected_policy_data.ParseFromString(
552 cached_policy.cloud_policy().policy_data()));
553 expected_policy_data.clear_public_key_version();
554 ASSERT_TRUE(store_->policy());
555 EXPECT_EQ(expected_policy_data.SerializeAsString(),
556 store_->policy()->SerializeAsString());
557 VerifyPolicyMap(kDefaultHomepage);
558 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
559 EXPECT_TRUE(base::PathExists(policy_file()));
561 // Now store a new policy using the new homepage location.
562 const char kNewHomepage[] = "http://google.com";
563 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage);
564 policy_.SetDefaultNewSigningKey();
565 policy_.Build();
566 std::vector<uint8> new_public_key;
567 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
568 ASSERT_NO_FATAL_FAILURE(
569 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage));
570 VerifyPolicyMap(kNewHomepage);
572 // Verify that the legacy cache has been removed.
573 EXPECT_FALSE(base::PathExists(policy_file()));
576 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) {
577 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
578 EXPECT_CALL(session_manager_client_,
579 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
580 .WillOnce(Return(policy_.GetBlob()));
581 EXPECT_CALL(cryptohome_client_,
582 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
583 .WillOnce(Return(kSanitizedUsername));
585 EXPECT_FALSE(store_->policy());
586 store_->LoadImmediately();
587 // Note: verify that the |observer_| got notified synchronously, without
588 // having to spin the current loop. TearDown() will flush the loop so this
589 // must be done within the test.
590 Mock::VerifyAndClearExpectations(&observer_);
591 Mock::VerifyAndClearExpectations(&session_manager_client_);
592 Mock::VerifyAndClearExpectations(&cryptohome_client_);
594 // The policy should become available without having to spin any loops.
595 ASSERT_TRUE(store_->policy());
596 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
597 store_->policy()->SerializeAsString());
598 VerifyPolicyMap(kDefaultHomepage);
599 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
602 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) {
603 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
604 EXPECT_CALL(session_manager_client_,
605 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
606 .WillOnce(Return(""));
608 EXPECT_FALSE(store_->policy());
609 store_->LoadImmediately();
610 Mock::VerifyAndClearExpectations(&observer_);
611 Mock::VerifyAndClearExpectations(&session_manager_client_);
613 EXPECT_FALSE(store_->policy());
614 EXPECT_TRUE(store_->policy_map().empty());
615 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
618 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) {
619 EXPECT_CALL(observer_, OnStoreError(store_.get()));
620 EXPECT_CALL(session_manager_client_,
621 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
622 .WillOnce(Return("le blob"));
624 EXPECT_FALSE(store_->policy());
625 store_->LoadImmediately();
626 Mock::VerifyAndClearExpectations(&observer_);
627 Mock::VerifyAndClearExpectations(&session_manager_client_);
629 EXPECT_FALSE(store_->policy());
630 EXPECT_TRUE(store_->policy_map().empty());
631 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
634 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) {
635 EXPECT_CALL(observer_, OnStoreError(store_.get()));
636 EXPECT_CALL(session_manager_client_,
637 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
638 .WillOnce(Return(policy_.GetBlob()));
639 EXPECT_CALL(cryptohome_client_,
640 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
641 .WillOnce(Return(""));
643 EXPECT_FALSE(store_->policy());
644 store_->LoadImmediately();
645 Mock::VerifyAndClearExpectations(&observer_);
646 Mock::VerifyAndClearExpectations(&session_manager_client_);
647 Mock::VerifyAndClearExpectations(&cryptohome_client_);
649 EXPECT_FALSE(store_->policy());
650 EXPECT_TRUE(store_->policy_map().empty());
651 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status());
654 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) {
655 EXPECT_CALL(observer_, OnStoreError(store_.get()));
656 EXPECT_CALL(session_manager_client_,
657 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
658 .WillOnce(Return(policy_.GetBlob()));
659 EXPECT_CALL(cryptohome_client_,
660 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
661 .WillOnce(Return("wrong@example.com"));
663 EXPECT_FALSE(store_->policy());
664 store_->LoadImmediately();
665 Mock::VerifyAndClearExpectations(&observer_);
666 Mock::VerifyAndClearExpectations(&session_manager_client_);
667 Mock::VerifyAndClearExpectations(&cryptohome_client_);
669 EXPECT_FALSE(store_->policy());
670 EXPECT_TRUE(store_->policy_map().empty());
671 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
674 } // namespace
676 } // namespace policy