1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
7 #include "base/basictypes.h"
9 #include "base/bind_helpers.h"
10 #include "base/memory/ref_counted.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop/message_loop.h"
13 #include "base/time/time.h"
14 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
15 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
16 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
17 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
18 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
19 #include "components/policy/core/common/cloud/policy_builder.h"
20 #include "content/public/test/test_browser_thread.h"
21 #include "crypto/rsa_private_key.h"
22 #include "policy/proto/device_management_backend.pb.h"
23 #include "testing/gmock/include/gmock/gmock.h"
24 #include "testing/gtest/include/gtest/gtest.h"
26 namespace em = enterprise_management;
33 class SessionManagerOperationTest : public testing::Test {
35 SessionManagerOperationTest()
36 : ui_thread_(content::BrowserThread::UI, &message_loop_),
37 file_thread_(content::BrowserThread::FILE, &message_loop_),
38 owner_key_util_(new MockOwnerKeyUtil()),
41 virtual void SetUp() OVERRIDE {
42 policy_.payload().mutable_pinned_apps()->add_app_id("fake-app");
46 MOCK_METHOD2(OnOperationCompleted,
47 void(SessionManagerOperation*, DeviceSettingsService::Status));
49 void CheckSuccessfulValidation(
50 policy::DeviceCloudPolicyValidator* validator) {
51 EXPECT_TRUE(validator->success());
52 EXPECT_TRUE(validator->payload().get());
53 EXPECT_EQ(validator->payload()->SerializeAsString(),
54 policy_.payload().SerializeAsString());
58 void CheckPublicKeyLoaded(SessionManagerOperation* op) {
59 ASSERT_TRUE(op->owner_key().get());
60 ASSERT_TRUE(op->owner_key()->public_key());
61 std::vector<uint8> public_key;
62 ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
63 EXPECT_EQ(public_key, *op->owner_key()->public_key());
66 void CheckPrivateKeyLoaded(SessionManagerOperation* op) {
67 ASSERT_TRUE(op->owner_key().get());
68 ASSERT_TRUE(op->owner_key()->private_key());
69 std::vector<uint8> expected_key;
70 ASSERT_TRUE(policy_.GetSigningKey()->ExportPrivateKey(&expected_key));
71 std::vector<uint8> actual_key;
72 ASSERT_TRUE(op->owner_key()->private_key()->ExportPrivateKey(&actual_key));
73 EXPECT_EQ(expected_key, actual_key);
77 base::MessageLoop message_loop_;
78 content::TestBrowserThread ui_thread_;
79 content::TestBrowserThread file_thread_;
81 policy::DevicePolicyBuilder policy_;
82 DeviceSettingsTestHelper device_settings_test_helper_;
83 scoped_refptr<MockOwnerKeyUtil> owner_key_util_;
88 DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest);
91 TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) {
92 LoadSettingsOperation op(
93 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
94 base::Unretained(this)));
98 &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE));
99 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
100 device_settings_test_helper_.Flush();
101 Mock::VerifyAndClearExpectations(this);
103 EXPECT_FALSE(op.policy_data().get());
104 EXPECT_FALSE(op.device_settings().get());
105 ASSERT_TRUE(op.owner_key().get());
106 EXPECT_FALSE(op.owner_key()->public_key());
107 EXPECT_FALSE(op.owner_key()->private_key());
110 TEST_F(SessionManagerOperationTest, LoadOwnerKey) {
111 owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
112 LoadSettingsOperation op(
113 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
114 base::Unretained(this)));
117 OnOperationCompleted(
118 &op, DeviceSettingsService::STORE_NO_POLICY));
119 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
120 device_settings_test_helper_.Flush();
121 Mock::VerifyAndClearExpectations(this);
123 CheckPublicKeyLoaded(&op);
126 TEST_F(SessionManagerOperationTest, LoadPolicy) {
127 owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
128 device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
129 LoadSettingsOperation op(
130 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
131 base::Unretained(this)));
134 OnOperationCompleted(
135 &op, DeviceSettingsService::STORE_SUCCESS));
136 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
137 device_settings_test_helper_.Flush();
138 Mock::VerifyAndClearExpectations(this);
140 ASSERT_TRUE(op.policy_data().get());
141 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
142 op.policy_data()->SerializeAsString());
143 ASSERT_TRUE(op.device_settings().get());
144 EXPECT_EQ(policy_.payload().SerializeAsString(),
145 op.device_settings()->SerializeAsString());
148 TEST_F(SessionManagerOperationTest, LoadPrivateOwnerKey) {
149 owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
150 LoadSettingsOperation op(
151 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
152 base::Unretained(this)));
155 OnOperationCompleted(
156 &op, DeviceSettingsService::STORE_NO_POLICY));
157 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
158 device_settings_test_helper_.Flush();
159 Mock::VerifyAndClearExpectations(this);
161 CheckPublicKeyLoaded(&op);
162 CheckPrivateKeyLoaded(&op);
165 TEST_F(SessionManagerOperationTest, RestartLoad) {
166 owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
167 device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
168 LoadSettingsOperation op(
169 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
170 base::Unretained(this)));
172 EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0);
173 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
174 device_settings_test_helper_.FlushLoops();
175 device_settings_test_helper_.FlushRetrieve();
176 EXPECT_TRUE(op.owner_key().get());
177 EXPECT_TRUE(op.owner_key()->public_key());
178 Mock::VerifyAndClearExpectations(this);
180 // Now install a different key and policy and restart the operation.
181 policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey());
182 policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true);
184 device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
185 owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
188 OnOperationCompleted(
189 &op, DeviceSettingsService::STORE_SUCCESS));
190 op.RestartLoad(true);
191 device_settings_test_helper_.Flush();
192 Mock::VerifyAndClearExpectations(this);
194 // Check that the new keys have been loaded.
195 CheckPublicKeyLoaded(&op);
196 CheckPrivateKeyLoaded(&op);
198 // Verify the new policy.
199 ASSERT_TRUE(op.policy_data().get());
200 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
201 op.policy_data()->SerializeAsString());
202 ASSERT_TRUE(op.device_settings().get());
203 EXPECT_EQ(policy_.payload().SerializeAsString(),
204 op.device_settings()->SerializeAsString());
207 TEST_F(SessionManagerOperationTest, StoreSettings) {
208 owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
209 StoreSettingsOperation op(
210 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
211 base::Unretained(this)),
215 OnOperationCompleted(
216 &op, DeviceSettingsService::STORE_SUCCESS));
217 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
218 device_settings_test_helper_.Flush();
219 Mock::VerifyAndClearExpectations(this);
221 EXPECT_EQ(device_settings_test_helper_.policy_blob(),
223 ASSERT_TRUE(op.policy_data().get());
224 EXPECT_EQ(policy_.policy_data().SerializeAsString(),
225 op.policy_data()->SerializeAsString());
226 ASSERT_TRUE(op.device_settings().get());
227 EXPECT_EQ(policy_.payload().SerializeAsString(),
228 op.device_settings()->SerializeAsString());
231 TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
232 owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
233 scoped_ptr<em::PolicyData> policy(new em::PolicyData(policy_.policy_data()));
234 SignAndStoreSettingsOperation op(
235 base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
236 base::Unretained(this)),
240 OnOperationCompleted(
241 &op, DeviceSettingsService::STORE_SUCCESS));
242 op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
243 device_settings_test_helper_.Flush();
244 Mock::VerifyAndClearExpectations(this);
246 // The blob should validate.
247 scoped_ptr<em::PolicyFetchResponse> policy_response(
248 new em::PolicyFetchResponse());
250 policy_response->ParseFromString(
251 device_settings_test_helper_.policy_blob()));
252 policy::DeviceCloudPolicyValidator* validator =
253 policy::DeviceCloudPolicyValidator::Create(
254 policy_response.Pass(), message_loop_.message_loop_proxy());
255 validator->ValidateUsername(policy_.policy_data().username(), true);
256 const base::Time expected_time = base::Time::UnixEpoch() +
257 base::TimeDelta::FromMilliseconds(policy::PolicyBuilder::kFakeTimestamp);
258 validator->ValidateTimestamp(
261 policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
262 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
263 validator->ValidatePayload();
264 std::vector<uint8> public_key;
265 policy_.GetSigningKey()->ExportPublicKey(&public_key);
266 // Convert from bytes to string format (which is what ValidateSignature()
268 std::string public_key_as_string = std::string(
269 reinterpret_cast<const char*>(vector_as_array(&public_key)),
271 validator->ValidateSignature(
272 public_key_as_string,
273 policy::GetPolicyVerificationKey(),
274 policy::PolicyBuilder::kFakeDomain,
276 validator->StartValidation(
277 base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
278 base::Unretained(this)));
280 message_loop_.RunUntilIdle();
281 EXPECT_TRUE(validated_);
283 // Loaded device settings should match what the operation received.
284 ASSERT_TRUE(op.device_settings().get());
285 EXPECT_EQ(policy_.payload().SerializeAsString(),
286 op.device_settings()->SerializeAsString());
289 } // namespace chromeos