src/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
   6
   7 #include <string>
   8 #include <vector>
   9
  10 #include "base/basictypes.h"
  11 #include "base/compiler_specific.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/message_loop/message_loop_proxy.h"
  14 #include "base/run_loop.h"
  15 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
  17 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  18 #include "chrome/test/base/scoped_testing_local_state.h"
  19 #include "chrome/test/base/testing_browser_process.h"
  20 #include "chromeos/cryptohome/cryptohome_util.h"
  21 #include "chromeos/dbus/dbus_thread_manager.h"
  22 #include "chromeos/dbus/fake_cryptohome_client.h"
  23 #include "content/public/test/test_utils.h"
  24 #include "policy/policy_constants.h"
  25 #include "testing/gtest/include/gtest/gtest.h"
  26
  27 namespace policy {
  28
  29 namespace {
  30
  31 void CopyLockResult(base::RunLoop* loop,
  32                     EnterpriseInstallAttributes::LockResult* out,
  33                     EnterpriseInstallAttributes::LockResult result) {
  34   *out = result;
  35   loop->Quit();
  36 }
  37
  38 }  // namespace
  39
  40 class DeviceCloudPolicyStoreChromeOSTest
  41     : public chromeos::DeviceSettingsTestBase {
  42  protected:
  43   DeviceCloudPolicyStoreChromeOSTest()
  44       : local_state_(TestingBrowserProcess::GetGlobal()),
  45         fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
  46         install_attributes_(
  47             new EnterpriseInstallAttributes(fake_cryptohome_client_)),
  48         store_(new DeviceCloudPolicyStoreChromeOS(
  49             &device_settings_service_,
  50             install_attributes_.get(),
  51             base::MessageLoopProxy::current())) {
  52   }
  53
  54   virtual void SetUp() OVERRIDE {
  55     DeviceSettingsTestBase::SetUp();
  56
  57     dbus_setter_->SetCryptohomeClient(
  58         scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
  59
  60     base::RunLoop loop;
  61     EnterpriseInstallAttributes::LockResult result;
  62     install_attributes_->LockDevice(
  63         PolicyBuilder::kFakeUsername,
  64         DEVICE_MODE_ENTERPRISE,
  65         PolicyBuilder::kFakeDeviceId,
  66         base::Bind(&CopyLockResult, &loop, &result));
  67     loop.Run();
  68     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
  69   }
  70
  71   void ExpectFailure(CloudPolicyStore::Status expected_status) {
  72     EXPECT_EQ(expected_status, store_->status());
  73     EXPECT_TRUE(store_->is_initialized());
  74     EXPECT_FALSE(store_->has_policy());
  75     EXPECT_FALSE(store_->is_managed());
  76   }
  77
  78   void ExpectSuccess() {
  79     EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
  80     EXPECT_TRUE(store_->is_initialized());
  81     EXPECT_TRUE(store_->has_policy());
  82     EXPECT_TRUE(store_->is_managed());
  83     EXPECT_TRUE(store_->policy());
  84     base::FundamentalValue expected(false);
  85     EXPECT_TRUE(
  86         base::Value::Equals(&expected,
  87                             store_->policy_map().GetValue(
  88                                 key::kDeviceMetricsReportingEnabled)));
  89   }
  90
  91   void PrepareExistingPolicy() {
  92     store_->Load();
  93     FlushDeviceSettings();
  94     ExpectSuccess();
  95
  96     device_policy_.UnsetNewSigningKey();
  97     device_policy_.Build();
  98   }
  99
 100   void PrepareNewSigningKey() {
 101     device_policy_.SetDefaultNewSigningKey();
 102     device_policy_.Build();
 103     owner_key_util_->SetPublicKeyFromPrivateKey(
 104         *device_policy_.GetNewSigningKey());
 105   }
 106
 107   void ResetToNonEnterprise() {
 108     store_.reset();
 109     chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
 110                                                     std::string());
 111     install_attributes_.reset(
 112         new EnterpriseInstallAttributes(fake_cryptohome_client_));
 113     store_.reset(
 114         new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
 115                                            install_attributes_.get(),
 116                                            base::MessageLoopProxy::current()));
 117   }
 118
 119   ScopedTestingLocalState local_state_;
 120   chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
 121   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
 122
 123   scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
 124
 125  private:
 126   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
 127 };
 128
 129 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
 130   owner_key_util_->Clear();
 131   store_->Load();
 132   FlushDeviceSettings();
 133   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 134 }
 135
 136 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
 137   device_settings_test_helper_.set_policy_blob(std::string());
 138   store_->Load();
 139   FlushDeviceSettings();
 140   ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
 141 }
 142
 143 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
 144   ResetToNonEnterprise();
 145   store_->Load();
 146   FlushDeviceSettings();
 147   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 148 }
 149
 150 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
 151   store_->Load();
 152   FlushDeviceSettings();
 153   ExpectSuccess();
 154 }
 155
 156 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
 157   PrepareExistingPolicy();
 158   store_->Store(device_policy_.policy());
 159   FlushDeviceSettings();
 160   ExpectSuccess();
 161 }
 162
 163 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
 164   PrepareExistingPolicy();
 165   device_policy_.policy().clear_policy_data_signature();
 166   store_->Store(device_policy_.policy());
 167   FlushDeviceSettings();
 168   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 169   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 170             store_->validation_status());
 171 }
 172
 173 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
 174   PrepareExistingPolicy();
 175   device_policy_.policy().set_policy_data_signature("invalid");
 176   store_->Store(device_policy_.policy());
 177   FlushDeviceSettings();
 178   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 179   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 180             store_->validation_status());
 181 }
 182
 183 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
 184   PrepareExistingPolicy();
 185   device_policy_.SetDefaultNewSigningKey();
 186   device_policy_.Build();
 187   store_->Store(device_policy_.policy());
 188   content::RunAllBlockingPoolTasksUntilIdle();
 189   device_settings_test_helper_.FlushStore();
 190   owner_key_util_->SetPublicKeyFromPrivateKey(
 191       *device_policy_.GetNewSigningKey());
 192   ReloadDeviceSettings();
 193   ExpectSuccess();
 194 }
 195
 196 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 197        StoreKeyRotationVerificationFailure) {
 198   PrepareExistingPolicy();
 199   device_policy_.SetDefaultNewSigningKey();
 200   device_policy_.Build();
 201   *device_policy_.policy().mutable_new_public_key_verification_signature() =
 202       "garbage";
 203   store_->Store(device_policy_.policy());
 204   FlushDeviceSettings();
 205   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 206   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 207             store_->validation_status());
 208 }
 209
 210 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 211        StoreKeyRotationMissingSignatureFailure) {
 212   PrepareExistingPolicy();
 213   device_policy_.SetDefaultNewSigningKey();
 214   device_policy_.Build();
 215   device_policy_.policy().clear_new_public_key_verification_signature();
 216   store_->Store(device_policy_.policy());
 217   FlushDeviceSettings();
 218   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 219   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 220             store_->validation_status());
 221 }
 222
 223 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
 224   PrepareNewSigningKey();
 225   store_->InstallInitialPolicy(device_policy_.policy());
 226   FlushDeviceSettings();
 227   ExpectSuccess();
 228 }
 229
 230 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
 231   PrepareNewSigningKey();
 232   device_policy_.policy().clear_policy_data_signature();
 233   store_->InstallInitialPolicy(device_policy_.policy());
 234   FlushDeviceSettings();
 235   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 236   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 237             store_->validation_status());
 238 }
 239
 240 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 241        InstallInitialPolicyVerificationFailure) {
 242   PrepareNewSigningKey();
 243   *device_policy_.policy().mutable_new_public_key_verification_signature() =
 244       "garbage";
 245   store_->InstallInitialPolicy(device_policy_.policy());
 246   FlushDeviceSettings();
 247   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 248   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 249             store_->validation_status());
 250 }
 251
 252 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 253        InstallInitialPolicyMissingSignatureFailure) {
 254   PrepareNewSigningKey();
 255   device_policy_.policy().clear_new_public_key_verification_signature();
 256   store_->InstallInitialPolicy(device_policy_.policy());
 257   FlushDeviceSettings();
 258   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 259   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 260             store_->validation_status());
 261 }
 262
 263 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
 264   PrepareNewSigningKey();
 265   device_policy_.policy().clear_new_public_key();
 266   store_->InstallInitialPolicy(device_policy_.policy());
 267   FlushDeviceSettings();
 268   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 269   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 270             store_->validation_status());
 271 }
 272
 273 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
 274   PrepareNewSigningKey();
 275   ResetToNonEnterprise();
 276   store_->InstallInitialPolicy(device_policy_.policy());
 277   FlushDeviceSettings();
 278   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 279 }
 280
 281 }  // namespace policy