search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Enable Enterprise enrollment on desktop builds.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / user_cloud_policy_store_chromeos_unittest.cc
blob5d1adcef8920bee20b5c343ee11db381cf13aa45
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
6
7 #include <vector>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/file_util.h"
12 #include "base/files/scoped_temp_dir.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/message_loop/message_loop.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "chromeos/dbus/mock_cryptohome_client.h"
17 #include "chromeos/dbus/mock_session_manager_client.h"
18 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
19 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h"
20 #include "components/policy/core/common/cloud/policy_builder.h"
21 #include "policy/policy_constants.h"
22 #include "policy/proto/cloud_policy.pb.h"
23 #include "policy/proto/device_management_local.pb.h"
24 #include "testing/gmock/include/gmock/gmock.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 namespace em = enterprise_management;
28
29 using testing::AllOf;
30 using testing::AnyNumber;
31 using testing::Eq;
32 using testing::Mock;
33 using testing::Property;
34 using testing::Return;
35 using testing::SaveArg;
36 using testing::_;
37
38 namespace policy {
39
40 namespace {
41
42 const char kLegacyDeviceId[] = "legacy-device-id";
43 const char kLegacyToken[] = "legacy-token";
44 const char kSanitizedUsername[] =
45 "0123456789ABCDEF0123456789ABCDEF012345678@example.com";
46 const char kDefaultHomepage[] = "http://chromium.org";
47
48 ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) {
49 base::MessageLoop::current()->PostTask(
50 FROM_HERE, base::Bind(arg1, call_status, sanitized_username));
51 }
52
53 class UserCloudPolicyStoreChromeOSTest : public testing::Test {
54 protected:
55 UserCloudPolicyStoreChromeOSTest() {}
56
57 virtual void SetUp() OVERRIDE {
58 EXPECT_CALL(cryptohome_client_,
59 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
60 .Times(AnyNumber())
61 .WillRepeatedly(
62 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS,
63 kSanitizedUsername));
64
65 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir());
66 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_,
67 &session_manager_client_,
68 loop_.message_loop_proxy(),
69 PolicyBuilder::kFakeUsername,
70 user_policy_dir(),
71 token_file(),
72 policy_file()));
73 store_->AddObserver(&observer_);
74
75 // Install the initial public key, so that by default the validation of
76 // the stored/loaded policy blob succeeds.
77 std::vector<uint8> public_key;
78 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
79 StoreUserPolicyKey(public_key);
80
81 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage);
82 policy_.Build();
83 }
84
85 virtual void TearDown() OVERRIDE {
86 store_->RemoveObserver(&observer_);
87 store_.reset();
88 RunUntilIdle();
89 }
90
91 // Install an expectation on |observer_| for an error code.
92 void ExpectError(CloudPolicyStore::Status error) {
93 EXPECT_CALL(observer_,
94 OnStoreError(AllOf(Eq(store_.get()),
95 Property(&CloudPolicyStore::status,
96 Eq(error)))));
97 }
98
99 // Triggers a store_->Load() operation, handles the expected call to
100 // |session_manager_client_| and sends |response|.
101 void PerformPolicyLoad(const std::string& response) {
102 // Issue a load command.
103 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
104 EXPECT_CALL(session_manager_client_,
105 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _))
106 .WillOnce(SaveArg<1>(&retrieve_callback));
107 store_->Load();
108 RunUntilIdle();
109 Mock::VerifyAndClearExpectations(&session_manager_client_);
110 ASSERT_FALSE(retrieve_callback.is_null());
111
112 // Run the callback.
113 retrieve_callback.Run(response);
114 RunUntilIdle();
115 }
116
117 // Verifies that store_->policy_map() has the HomepageLocation entry with
118 // the |expected_value|.
119 void VerifyPolicyMap(const char* expected_value) {
120 EXPECT_EQ(1U, store_->policy_map().size());
121 const PolicyMap::Entry* entry =
122 store_->policy_map().Get(key::kHomepageLocation);
123 ASSERT_TRUE(entry);
124 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value));
125 }
126
127 void StoreUserPolicyKey(const std::vector<uint8>& public_key) {
128 ASSERT_TRUE(base::CreateDirectory(user_policy_key_file().DirName()));
129 ASSERT_TRUE(
130 base::WriteFile(user_policy_key_file(),
131 reinterpret_cast<const char*>(public_key.data()),
132 public_key.size()));
133 }
134
135 // Stores the current |policy_| and verifies that it is published.
136 // If |new_public_key| is set then it will be persisted after storing but
137 // before loading the policy, so that the signature validation can succeed.
138 // If |previous_value| is set then a previously existing policy with that
139 // value will be expected; otherwise no previous policy is expected.
140 // If |new_value| is set then a new policy with that value is expected after
141 // storing the |policy_| blob.
142 void PerformStorePolicy(const std::vector<uint8>* new_public_key,
143 const char* previous_value,
144 const char* new_value) {
145 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
146 EXPECT_CALL(session_manager_client_,
147 StorePolicyForUser(PolicyBuilder::kFakeUsername,
148 policy_.GetBlob(), _))
149 .WillOnce(SaveArg<2>(&store_callback));
150 store_->Store(policy_.policy());
151 RunUntilIdle();
152 Mock::VerifyAndClearExpectations(&session_manager_client_);
153 ASSERT_FALSE(store_callback.is_null());
154
155 // The new policy shouldn't be present yet.
156 PolicyMap previous_policy;
157 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL);
158 if (previous_value) {
159 previous_policy.Set(key::kHomepageLocation,
160 POLICY_LEVEL_MANDATORY,
161 POLICY_SCOPE_USER,
162 new base::StringValue(previous_value), NULL);
163 }
164 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
165 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
166
167 // Store the new public key so that the validation after the retrieve
168 // operation completes can verify the signature.
169 if (new_public_key)
170 StoreUserPolicyKey(*new_public_key);
171
172 // Let the store operation complete.
173 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback;
174 EXPECT_CALL(session_manager_client_,
175 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _))
176 .WillOnce(SaveArg<1>(&retrieve_callback));
177 store_callback.Run(true);
178 RunUntilIdle();
179 EXPECT_TRUE(previous_policy.Equals(store_->policy_map()));
180 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
181 Mock::VerifyAndClearExpectations(&session_manager_client_);
182 ASSERT_FALSE(retrieve_callback.is_null());
183
184 // Finish the retrieve callback.
185 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
186 retrieve_callback.Run(policy_.GetBlob());
187 RunUntilIdle();
188 ASSERT_TRUE(store_->policy());
189 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
190 store_->policy()->SerializeAsString());
191 VerifyPolicyMap(new_value);
192 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
193 }
194
195 void VerifyStoreHasValidationError() {
196 EXPECT_FALSE(store_->policy());
197 EXPECT_TRUE(store_->policy_map().empty());
198 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
199 }
200
201 void RunUntilIdle() {
202 loop_.RunUntilIdle();
203 loop_.RunUntilIdle();
204 }
205
206 base::FilePath user_policy_dir() {
207 return tmp_dir_.path().AppendASCII("var_run_user_policy");
208 }
209
210 base::FilePath user_policy_key_file() {
211 return user_policy_dir().AppendASCII(kSanitizedUsername)
212 .AppendASCII("policy.pub");
213 }
214
215 base::FilePath token_file() {
216 return tmp_dir_.path().AppendASCII("token");
217 }
218
219 base::FilePath policy_file() {
220 return tmp_dir_.path().AppendASCII("policy");
221 }
222
223 base::MessageLoopForUI loop_;
224 chromeos::MockCryptohomeClient cryptohome_client_;
225 chromeos::MockSessionManagerClient session_manager_client_;
226 UserPolicyBuilder policy_;
227 MockCloudPolicyStoreObserver observer_;
228 scoped_ptr<UserCloudPolicyStoreChromeOS> store_;
229
230 private:
231 base::ScopedTempDir tmp_dir_;
232
233 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest);
234 };
235
236 TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) {
237 // Start without any public key to trigger the initial key checks.
238 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
239 // Make the policy blob contain a new public key.
240 policy_.SetDefaultNewSigningKey();
241 policy_.Build();
242 std::vector<uint8> new_public_key;
243 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
244 ASSERT_NO_FATAL_FAILURE(
245 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
246 }
247
248 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) {
249 ASSERT_NO_FATAL_FAILURE(
250 PerformStorePolicy(NULL, NULL, kDefaultHomepage));
251 }
252
253 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) {
254 // Make the policy blob contain a new public key.
255 policy_.SetDefaultNewSigningKey();
256 policy_.Build();
257 std::vector<uint8> new_public_key;
258 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
259 ASSERT_NO_FATAL_FAILURE(
260 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage));
261 }
262
263 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) {
264 // Store policy.
265 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
266 EXPECT_CALL(session_manager_client_,
267 StorePolicyForUser(PolicyBuilder::kFakeUsername,
268 policy_.GetBlob(), _))
269 .WillOnce(SaveArg<2>(&store_callback));
270 store_->Store(policy_.policy());
271 RunUntilIdle();
272 Mock::VerifyAndClearExpectations(&session_manager_client_);
273 ASSERT_FALSE(store_callback.is_null());
274
275 // Let the store operation complete.
276 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR);
277 store_callback.Run(false);
278 RunUntilIdle();
279 EXPECT_FALSE(store_->policy());
280 EXPECT_TRUE(store_->policy_map().empty());
281 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status());
282 }
283
284 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) {
285 policy_.policy_data().clear_policy_type();
286 policy_.Build();
287
288 // Store policy.
289 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
290 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
291 EXPECT_CALL(session_manager_client_,
292 StorePolicyForUser(PolicyBuilder::kFakeUsername,
293 policy_.GetBlob(), _))
294 .Times(0);
295 store_->Store(policy_.policy());
296 RunUntilIdle();
297 Mock::VerifyAndClearExpectations(&session_manager_client_);
298 }
299
300 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) {
301 // Make the dbus call to cryptohome fail.
302 Mock::VerifyAndClearExpectations(&cryptohome_client_);
303 EXPECT_CALL(cryptohome_client_,
304 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _))
305 .Times(AnyNumber())
306 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE,
307 std::string()));
308
309 // Store policy.
310 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
311 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
312 EXPECT_CALL(session_manager_client_,
313 StorePolicyForUser(PolicyBuilder::kFakeUsername,
314 policy_.GetBlob(), _))
315 .Times(0);
316 store_->Store(policy_.policy());
317 RunUntilIdle();
318 Mock::VerifyAndClearExpectations(&session_manager_client_);
319 }
320
321 TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) {
322 // Break the signature.
323 policy_.policy().mutable_policy_data_signature()->append("garbage");
324
325 // Store policy.
326 chromeos::SessionManagerClient::StorePolicyCallback store_callback;
327 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
328 EXPECT_CALL(session_manager_client_,
329 StorePolicyForUser(PolicyBuilder::kFakeUsername,
330 policy_.GetBlob(), _))
331 .Times(0);
332 store_->Store(policy_.policy());
333 RunUntilIdle();
334 Mock::VerifyAndClearExpectations(&session_manager_client_);
335 }
336
337 TEST_F(UserCloudPolicyStoreChromeOSTest, Load) {
338 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
339 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
340 Mock::VerifyAndClearExpectations(&observer_);
341
342 // Verify that the policy has been loaded.
343 ASSERT_TRUE(store_->policy());
344 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
345 store_->policy()->SerializeAsString());
346 VerifyPolicyMap(kDefaultHomepage);
347 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
348 }
349
350 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
351 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
352 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
353 Mock::VerifyAndClearExpectations(&observer_);
354
355 // Verify no policy has been installed.
356 EXPECT_FALSE(store_->policy());
357 EXPECT_TRUE(store_->policy_map().empty());
358 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
359 }
360
361 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) {
362 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR);
363 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid"));
364
365 // Verify no policy has been installed.
366 EXPECT_FALSE(store_->policy());
367 EXPECT_TRUE(store_->policy_map().empty());
368 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
369 }
370
371 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) {
372 policy_.policy_data().clear_policy_type();
373 policy_.Build();
374
375 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
376 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
377 VerifyStoreHasValidationError();
378 }
379
380 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) {
381 // The loaded policy can't be verified without the public key.
382 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
383 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
384 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
385 VerifyStoreHasValidationError();
386 }
387
388 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) {
389 // Break the signature.
390 policy_.policy().mutable_policy_data_signature()->append("garbage");
391 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR);
392 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob()));
393 VerifyStoreHasValidationError();
394 }
395
396 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) {
397 std::string data;
398
399 em::DeviceCredentials credentials;
400 credentials.set_device_token(kLegacyToken);
401 credentials.set_device_id(kLegacyDeviceId);
402 ASSERT_TRUE(credentials.SerializeToString(&data));
403 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size()));
404
405 em::CachedCloudPolicyResponse cached_policy;
406 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
407 ASSERT_TRUE(cached_policy.SerializeToString(&data));
408 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size()));
409
410 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
411 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
412 Mock::VerifyAndClearExpectations(&observer_);
413
414 // Verify that legacy user policy and token have been loaded.
415 em::PolicyData expected_policy_data;
416 EXPECT_TRUE(expected_policy_data.ParseFromString(
417 cached_policy.cloud_policy().policy_data()));
418 expected_policy_data.clear_public_key_version();
419 expected_policy_data.set_request_token(kLegacyToken);
420 expected_policy_data.set_device_id(kLegacyDeviceId);
421 ASSERT_TRUE(store_->policy());
422 EXPECT_EQ(expected_policy_data.SerializeAsString(),
423 store_->policy()->SerializeAsString());
424 VerifyPolicyMap(kDefaultHomepage);
425 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
426 }
427
428 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) {
429 std::string data;
430 testing::Sequence seq;
431
432 em::CachedCloudPolicyResponse cached_policy;
433 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
434 ASSERT_TRUE(cached_policy.SerializeToString(&data));
435 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size()));
436
437 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
438 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
439 Mock::VerifyAndClearExpectations(&observer_);
440
441 // Verify the legacy cache has been loaded.
442 em::PolicyData expected_policy_data;
443 EXPECT_TRUE(expected_policy_data.ParseFromString(
444 cached_policy.cloud_policy().policy_data()));
445 expected_policy_data.clear_public_key_version();
446 ASSERT_TRUE(store_->policy());
447 EXPECT_EQ(expected_policy_data.SerializeAsString(),
448 store_->policy()->SerializeAsString());
449 VerifyPolicyMap(kDefaultHomepage);
450 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
451 }
452
453 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) {
454 std::string data;
455
456 em::DeviceCredentials credentials;
457 credentials.set_device_token(kLegacyToken);
458 credentials.set_device_id(kLegacyDeviceId);
459 ASSERT_TRUE(credentials.SerializeToString(&data));
460 ASSERT_NE(-1, base::WriteFile(token_file(), data.c_str(), data.size()));
461
462 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
463 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
464 Mock::VerifyAndClearExpectations(&observer_);
465
466 // Verify that legacy user policy and token have been loaded.
467 em::PolicyData expected_policy_data;
468 expected_policy_data.set_request_token(kLegacyToken);
469 expected_policy_data.set_device_id(kLegacyDeviceId);
470 ASSERT_TRUE(store_->policy());
471 EXPECT_EQ(expected_policy_data.SerializeAsString(),
472 store_->policy()->SerializeAsString());
473 EXPECT_TRUE(store_->policy_map().empty());
474 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
475 }
476
477 TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) {
478 // Start without an existing public key.
479 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false));
480
481 std::string data;
482 em::CachedCloudPolicyResponse cached_policy;
483 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy());
484 ASSERT_TRUE(cached_policy.SerializeToString(&data));
485 ASSERT_NE(-1, base::WriteFile(policy_file(), data.c_str(), data.size()));
486
487 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
488 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(""));
489 Mock::VerifyAndClearExpectations(&observer_);
490
491 // Verify the legacy cache has been loaded.
492 em::PolicyData expected_policy_data;
493 EXPECT_TRUE(expected_policy_data.ParseFromString(
494 cached_policy.cloud_policy().policy_data()));
495 expected_policy_data.clear_public_key_version();
496 ASSERT_TRUE(store_->policy());
497 EXPECT_EQ(expected_policy_data.SerializeAsString(),
498 store_->policy()->SerializeAsString());
499 VerifyPolicyMap(kDefaultHomepage);
500 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
501 EXPECT_TRUE(base::PathExists(policy_file()));
502
503 // Now store a new policy using the new homepage location.
504 const char kNewHomepage[] = "http://google.com";
505 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage);
506 policy_.SetDefaultNewSigningKey();
507 policy_.Build();
508 std::vector<uint8> new_public_key;
509 ASSERT_TRUE(policy_.GetNewSigningKey()->ExportPublicKey(&new_public_key));
510 ASSERT_NO_FATAL_FAILURE(
511 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage));
512 VerifyPolicyMap(kNewHomepage);
513
514 // Verify that the legacy cache has been removed.
515 EXPECT_FALSE(base::PathExists(policy_file()));
516 }
517
518 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) {
519 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
520 EXPECT_CALL(session_manager_client_,
521 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
522 .WillOnce(Return(policy_.GetBlob()));
523 EXPECT_CALL(cryptohome_client_,
524 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
525 .WillOnce(Return(kSanitizedUsername));
526
527 EXPECT_FALSE(store_->policy());
528 store_->LoadImmediately();
529 // Note: verify that the |observer_| got notified synchronously, without
530 // having to spin the current loop. TearDown() will flush the loop so this
531 // must be done within the test.
532 Mock::VerifyAndClearExpectations(&observer_);
533 Mock::VerifyAndClearExpectations(&session_manager_client_);
534 Mock::VerifyAndClearExpectations(&cryptohome_client_);
535
536 // The policy should become available without having to spin any loops.
537 ASSERT_TRUE(store_->policy());
538 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
539 store_->policy()->SerializeAsString());
540 VerifyPolicyMap(kDefaultHomepage);
541 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
542 }
543
544 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) {
545 EXPECT_CALL(observer_, OnStoreLoaded(store_.get()));
546 EXPECT_CALL(session_manager_client_,
547 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
548 .WillOnce(Return(""));
549
550 EXPECT_FALSE(store_->policy());
551 store_->LoadImmediately();
552 Mock::VerifyAndClearExpectations(&observer_);
553 Mock::VerifyAndClearExpectations(&session_manager_client_);
554
555 EXPECT_FALSE(store_->policy());
556 EXPECT_TRUE(store_->policy_map().empty());
557 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
558 }
559
560 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) {
561 EXPECT_CALL(observer_, OnStoreError(store_.get()));
562 EXPECT_CALL(session_manager_client_,
563 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
564 .WillOnce(Return("le blob"));
565
566 EXPECT_FALSE(store_->policy());
567 store_->LoadImmediately();
568 Mock::VerifyAndClearExpectations(&observer_);
569 Mock::VerifyAndClearExpectations(&session_manager_client_);
570
571 EXPECT_FALSE(store_->policy());
572 EXPECT_TRUE(store_->policy_map().empty());
573 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status());
574 }
575
576 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) {
577 EXPECT_CALL(observer_, OnStoreError(store_.get()));
578 EXPECT_CALL(session_manager_client_,
579 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
580 .WillOnce(Return(policy_.GetBlob()));
581 EXPECT_CALL(cryptohome_client_,
582 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
583 .WillOnce(Return(""));
584
585 EXPECT_FALSE(store_->policy());
586 store_->LoadImmediately();
587 Mock::VerifyAndClearExpectations(&observer_);
588 Mock::VerifyAndClearExpectations(&session_manager_client_);
589 Mock::VerifyAndClearExpectations(&cryptohome_client_);
590
591 EXPECT_FALSE(store_->policy());
592 EXPECT_TRUE(store_->policy_map().empty());
593 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, store_->status());
594 }
595
596 TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) {
597 EXPECT_CALL(observer_, OnStoreError(store_.get()));
598 EXPECT_CALL(session_manager_client_,
599 BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername))
600 .WillOnce(Return(policy_.GetBlob()));
601 EXPECT_CALL(cryptohome_client_,
602 BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername))
603 .WillOnce(Return("wrong@example.com"));
604
605 EXPECT_FALSE(store_->policy());
606 store_->LoadImmediately();
607 Mock::VerifyAndClearExpectations(&observer_);
608 Mock::VerifyAndClearExpectations(&session_manager_client_);
609 Mock::VerifyAndClearExpectations(&cryptohome_client_);
610
611 EXPECT_FALSE(store_->policy());
612 EXPECT_TRUE(store_->policy_map().empty());
613 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
614 }
615
616 } // namespace
617
618 } // namespace policy