1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/message_loop/message_loop_proxy.h"
14 #include "base/run_loop.h"
15 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
17 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
18 #include "chrome/test/base/scoped_testing_local_state.h"
19 #include "chrome/test/base/testing_browser_process.h"
20 #include "chromeos/cryptohome/cryptohome_util.h"
21 #include "chromeos/dbus/dbus_thread_manager.h"
22 #include "chromeos/dbus/fake_cryptohome_client.h"
23 #include "content/public/test/test_utils.h"
24 #include "policy/policy_constants.h"
25 #include "testing/gtest/include/gtest/gtest.h"
31 void CopyLockResult(base::RunLoop* loop,
32 EnterpriseInstallAttributes::LockResult* out,
33 EnterpriseInstallAttributes::LockResult result) {
40 class DeviceCloudPolicyStoreChromeOSTest
41 : public chromeos::DeviceSettingsTestBase {
43 DeviceCloudPolicyStoreChromeOSTest()
44 : local_state_(TestingBrowserProcess::GetGlobal()),
45 fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
47 new EnterpriseInstallAttributes(fake_cryptohome_client_)),
48 store_(new DeviceCloudPolicyStoreChromeOS(
49 &device_settings_service_,
50 install_attributes_.get(),
51 base::MessageLoopProxy::current())) {
54 virtual void SetUp() OVERRIDE {
55 DeviceSettingsTestBase::SetUp();
57 dbus_setter_->SetCryptohomeClient(
58 scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
61 EnterpriseInstallAttributes::LockResult result;
62 install_attributes_->LockDevice(
63 PolicyBuilder::kFakeUsername,
64 DEVICE_MODE_ENTERPRISE,
65 PolicyBuilder::kFakeDeviceId,
66 base::Bind(&CopyLockResult, &loop, &result));
68 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
71 void ExpectFailure(CloudPolicyStore::Status expected_status) {
72 EXPECT_EQ(expected_status, store_->status());
73 EXPECT_TRUE(store_->is_initialized());
74 EXPECT_FALSE(store_->has_policy());
75 EXPECT_FALSE(store_->is_managed());
78 void ExpectSuccess() {
79 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
80 EXPECT_TRUE(store_->is_initialized());
81 EXPECT_TRUE(store_->has_policy());
82 EXPECT_TRUE(store_->is_managed());
83 EXPECT_TRUE(store_->policy());
84 base::FundamentalValue expected(false);
86 base::Value::Equals(&expected,
87 store_->policy_map().GetValue(
88 key::kDeviceMetricsReportingEnabled)));
91 void PrepareExistingPolicy() {
93 FlushDeviceSettings();
96 device_policy_.UnsetNewSigningKey();
97 device_policy_.Build();
100 void PrepareNewSigningKey() {
101 device_policy_.SetDefaultNewSigningKey();
102 device_policy_.Build();
103 owner_key_util_->SetPublicKeyFromPrivateKey(
104 *device_policy_.GetNewSigningKey());
107 void ResetToNonEnterprise() {
109 chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
111 install_attributes_.reset(
112 new EnterpriseInstallAttributes(fake_cryptohome_client_));
114 new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
115 install_attributes_.get(),
116 base::MessageLoopProxy::current()));
119 ScopedTestingLocalState local_state_;
120 chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
121 scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
123 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
126 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
129 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
130 owner_key_util_->Clear();
132 FlushDeviceSettings();
133 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
136 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
137 device_settings_test_helper_.set_policy_blob(std::string());
139 FlushDeviceSettings();
140 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
143 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
144 ResetToNonEnterprise();
146 FlushDeviceSettings();
147 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
150 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
152 FlushDeviceSettings();
156 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
157 PrepareExistingPolicy();
158 store_->Store(device_policy_.policy());
159 FlushDeviceSettings();
163 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
164 PrepareExistingPolicy();
165 device_policy_.policy().clear_policy_data_signature();
166 store_->Store(device_policy_.policy());
167 FlushDeviceSettings();
168 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
169 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
170 store_->validation_status());
173 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
174 PrepareExistingPolicy();
175 device_policy_.policy().set_policy_data_signature("invalid");
176 store_->Store(device_policy_.policy());
177 FlushDeviceSettings();
178 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
179 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
180 store_->validation_status());
183 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
184 PrepareExistingPolicy();
185 device_policy_.SetDefaultNewSigningKey();
186 device_policy_.Build();
187 store_->Store(device_policy_.policy());
188 content::RunAllBlockingPoolTasksUntilIdle();
189 device_settings_test_helper_.FlushStore();
190 owner_key_util_->SetPublicKeyFromPrivateKey(
191 *device_policy_.GetNewSigningKey());
192 ReloadDeviceSettings();
196 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
197 StoreKeyRotationVerificationFailure) {
198 PrepareExistingPolicy();
199 device_policy_.SetDefaultNewSigningKey();
200 device_policy_.Build();
201 *device_policy_.policy().mutable_new_public_key_verification_signature() =
203 store_->Store(device_policy_.policy());
204 FlushDeviceSettings();
205 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
206 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
207 store_->validation_status());
210 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
211 StoreKeyRotationMissingSignatureFailure) {
212 PrepareExistingPolicy();
213 device_policy_.SetDefaultNewSigningKey();
214 device_policy_.Build();
215 device_policy_.policy().clear_new_public_key_verification_signature();
216 store_->Store(device_policy_.policy());
217 FlushDeviceSettings();
218 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
219 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
220 store_->validation_status());
223 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
224 PrepareNewSigningKey();
225 store_->InstallInitialPolicy(device_policy_.policy());
226 FlushDeviceSettings();
230 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
231 PrepareNewSigningKey();
232 device_policy_.policy().clear_policy_data_signature();
233 store_->InstallInitialPolicy(device_policy_.policy());
234 FlushDeviceSettings();
235 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
236 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
237 store_->validation_status());
240 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
241 InstallInitialPolicyVerificationFailure) {
242 PrepareNewSigningKey();
243 *device_policy_.policy().mutable_new_public_key_verification_signature() =
245 store_->InstallInitialPolicy(device_policy_.policy());
246 FlushDeviceSettings();
247 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
248 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
249 store_->validation_status());
252 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
253 InstallInitialPolicyMissingSignatureFailure) {
254 PrepareNewSigningKey();
255 device_policy_.policy().clear_new_public_key_verification_signature();
256 store_->InstallInitialPolicy(device_policy_.policy());
257 FlushDeviceSettings();
258 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
259 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
260 store_->validation_status());
263 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
264 PrepareNewSigningKey();
265 device_policy_.policy().clear_new_public_key();
266 store_->InstallInitialPolicy(device_policy_.policy());
267 FlushDeviceSettings();
268 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
269 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
270 store_->validation_status());
273 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
274 PrepareNewSigningKey();
275 ResetToNonEnterprise();
276 store_->InstallInitialPolicy(device_policy_.policy());
277 FlushDeviceSettings();
278 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
281 } // namespace policy