src/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
   6
   7 #include "base/basictypes.h"
   8 #include "base/bind.h"
   9 #include "base/bind_helpers.h"
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/message_loop/message_loop.h"
  13 #include "base/time/time.h"
  14 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
  15 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  16 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
  17 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
  18 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
  19 #include "components/policy/core/common/cloud/policy_builder.h"
  20 #include "content/public/test/test_browser_thread.h"
  21 #include "crypto/rsa_private_key.h"
  22 #include "policy/proto/device_management_backend.pb.h"
  23 #include "testing/gmock/include/gmock/gmock.h"
  24 #include "testing/gtest/include/gtest/gtest.h"
  25
  26 namespace em = enterprise_management;
  27
  28 using testing::Mock;
  29 using testing::_;
  30
  31 namespace chromeos {
  32
  33 class SessionManagerOperationTest : public testing::Test {
  34  public:
  35   SessionManagerOperationTest()
  36       : ui_thread_(content::BrowserThread::UI, &message_loop_),
  37         file_thread_(content::BrowserThread::FILE, &message_loop_),
  38         owner_key_util_(new MockOwnerKeyUtil()),
  39         validated_(false) {}
  40
  41   virtual void SetUp() OVERRIDE {
  42     policy_.payload().mutable_pinned_apps()->add_app_id("fake-app");
  43     policy_.Build();
  44   }
  45
  46   MOCK_METHOD2(OnOperationCompleted,
  47                void(SessionManagerOperation*, DeviceSettingsService::Status));
  48
  49   void CheckSuccessfulValidation(
  50       policy::DeviceCloudPolicyValidator* validator) {
  51     EXPECT_TRUE(validator->success());
  52     EXPECT_TRUE(validator->payload().get());
  53     EXPECT_EQ(validator->payload()->SerializeAsString(),
  54               policy_.payload().SerializeAsString());
  55     validated_ = true;
  56   }
  57
  58   void CheckPublicKeyLoaded(SessionManagerOperation* op) {
  59     ASSERT_TRUE(op->owner_key().get());
  60     ASSERT_TRUE(op->owner_key()->public_key());
  61     std::vector<uint8> public_key;
  62     ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
  63     EXPECT_EQ(public_key, *op->owner_key()->public_key());
  64   }
  65
  66   void CheckPrivateKeyLoaded(SessionManagerOperation* op) {
  67     ASSERT_TRUE(op->owner_key().get());
  68     ASSERT_TRUE(op->owner_key()->private_key());
  69     std::vector<uint8> expected_key;
  70     ASSERT_TRUE(policy_.GetSigningKey()->ExportPrivateKey(&expected_key));
  71     std::vector<uint8> actual_key;
  72     ASSERT_TRUE(op->owner_key()->private_key()->ExportPrivateKey(&actual_key));
  73     EXPECT_EQ(expected_key, actual_key);
  74   }
  75
  76  protected:
  77   base::MessageLoop message_loop_;
  78   content::TestBrowserThread ui_thread_;
  79   content::TestBrowserThread file_thread_;
  80
  81   policy::DevicePolicyBuilder policy_;
  82   DeviceSettingsTestHelper device_settings_test_helper_;
  83   scoped_refptr<MockOwnerKeyUtil> owner_key_util_;
  84
  85   bool validated_;
  86
  87  private:
  88   DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest);
  89 };
  90
  91 TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) {
  92   LoadSettingsOperation op(
  93       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
  94                  base::Unretained(this)));
  95
  96   EXPECT_CALL(*this,
  97               OnOperationCompleted(
  98                   &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE));
  99   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 100   device_settings_test_helper_.Flush();
 101   Mock::VerifyAndClearExpectations(this);
 102
 103   EXPECT_FALSE(op.policy_data().get());
 104   EXPECT_FALSE(op.device_settings().get());
 105   ASSERT_TRUE(op.owner_key().get());
 106   EXPECT_FALSE(op.owner_key()->public_key());
 107   EXPECT_FALSE(op.owner_key()->private_key());
 108 }
 109
 110 TEST_F(SessionManagerOperationTest, LoadOwnerKey) {
 111   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
 112   LoadSettingsOperation op(
 113       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 114                  base::Unretained(this)));
 115
 116   EXPECT_CALL(*this,
 117               OnOperationCompleted(
 118                   &op, DeviceSettingsService::STORE_NO_POLICY));
 119   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 120   device_settings_test_helper_.Flush();
 121   Mock::VerifyAndClearExpectations(this);
 122
 123   CheckPublicKeyLoaded(&op);
 124 }
 125
 126 TEST_F(SessionManagerOperationTest, LoadPolicy) {
 127   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
 128   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
 129   LoadSettingsOperation op(
 130       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 131                  base::Unretained(this)));
 132
 133   EXPECT_CALL(*this,
 134               OnOperationCompleted(
 135                   &op, DeviceSettingsService::STORE_SUCCESS));
 136   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 137   device_settings_test_helper_.Flush();
 138   Mock::VerifyAndClearExpectations(this);
 139
 140   ASSERT_TRUE(op.policy_data().get());
 141   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
 142             op.policy_data()->SerializeAsString());
 143   ASSERT_TRUE(op.device_settings().get());
 144   EXPECT_EQ(policy_.payload().SerializeAsString(),
 145             op.device_settings()->SerializeAsString());
 146 }
 147
 148 TEST_F(SessionManagerOperationTest, LoadPrivateOwnerKey) {
 149   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 150   LoadSettingsOperation op(
 151       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 152                  base::Unretained(this)));
 153
 154   EXPECT_CALL(*this,
 155               OnOperationCompleted(
 156                   &op, DeviceSettingsService::STORE_NO_POLICY));
 157   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 158   device_settings_test_helper_.Flush();
 159   Mock::VerifyAndClearExpectations(this);
 160
 161   CheckPublicKeyLoaded(&op);
 162   CheckPrivateKeyLoaded(&op);
 163 }
 164
 165 TEST_F(SessionManagerOperationTest, RestartLoad) {
 166   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 167   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
 168   LoadSettingsOperation op(
 169       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 170                  base::Unretained(this)));
 171
 172   EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0);
 173   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 174   device_settings_test_helper_.FlushLoops();
 175   device_settings_test_helper_.FlushRetrieve();
 176   EXPECT_TRUE(op.owner_key().get());
 177   EXPECT_TRUE(op.owner_key()->public_key());
 178   Mock::VerifyAndClearExpectations(this);
 179
 180   // Now install a different key and policy and restart the operation.
 181   policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey());
 182   policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true);
 183   policy_.Build();
 184   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
 185   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 186
 187   EXPECT_CALL(*this,
 188               OnOperationCompleted(
 189                   &op, DeviceSettingsService::STORE_SUCCESS));
 190   op.RestartLoad(true);
 191   device_settings_test_helper_.Flush();
 192   Mock::VerifyAndClearExpectations(this);
 193
 194   // Check that the new keys have been loaded.
 195   CheckPublicKeyLoaded(&op);
 196   CheckPrivateKeyLoaded(&op);
 197
 198   // Verify the new policy.
 199   ASSERT_TRUE(op.policy_data().get());
 200   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
 201             op.policy_data()->SerializeAsString());
 202   ASSERT_TRUE(op.device_settings().get());
 203   EXPECT_EQ(policy_.payload().SerializeAsString(),
 204             op.device_settings()->SerializeAsString());
 205 }
 206
 207 TEST_F(SessionManagerOperationTest, StoreSettings) {
 208   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
 209   StoreSettingsOperation op(
 210       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 211                  base::Unretained(this)),
 212       policy_.GetCopy());
 213
 214   EXPECT_CALL(*this,
 215               OnOperationCompleted(
 216                   &op, DeviceSettingsService::STORE_SUCCESS));
 217   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 218   device_settings_test_helper_.Flush();
 219   Mock::VerifyAndClearExpectations(this);
 220
 221   EXPECT_EQ(device_settings_test_helper_.policy_blob(),
 222             policy_.GetBlob());
 223   ASSERT_TRUE(op.policy_data().get());
 224   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
 225             op.policy_data()->SerializeAsString());
 226   ASSERT_TRUE(op.device_settings().get());
 227   EXPECT_EQ(policy_.payload().SerializeAsString(),
 228             op.device_settings()->SerializeAsString());
 229 }
 230
 231 TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
 232   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 233   scoped_ptr<em::PolicyData> policy(new em::PolicyData(policy_.policy_data()));
 234   SignAndStoreSettingsOperation op(
 235       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 236                  base::Unretained(this)),
 237       policy.Pass());
 238
 239   EXPECT_CALL(*this,
 240               OnOperationCompleted(
 241                   &op, DeviceSettingsService::STORE_SUCCESS));
 242   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 243   device_settings_test_helper_.Flush();
 244   Mock::VerifyAndClearExpectations(this);
 245
 246   // The blob should validate.
 247   scoped_ptr<em::PolicyFetchResponse> policy_response(
 248       new em::PolicyFetchResponse());
 249   ASSERT_TRUE(
 250       policy_response->ParseFromString(
 251           device_settings_test_helper_.policy_blob()));
 252   policy::DeviceCloudPolicyValidator* validator =
 253       policy::DeviceCloudPolicyValidator::Create(
 254           policy_response.Pass(), message_loop_.message_loop_proxy());
 255   validator->ValidateUsername(policy_.policy_data().username(), true);
 256   const base::Time expected_time = base::Time::UnixEpoch() +
 257       base::TimeDelta::FromMilliseconds(policy::PolicyBuilder::kFakeTimestamp);
 258   validator->ValidateTimestamp(
 259       expected_time,
 260       expected_time,
 261       policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
 262   validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
 263   validator->ValidatePayload();
 264   std::vector<uint8> public_key;
 265   policy_.GetSigningKey()->ExportPublicKey(&public_key);
 266   // Convert from bytes to string format (which is what ValidateSignature()
 267   // takes).
 268   std::string public_key_as_string = std::string(
 269       reinterpret_cast<const char*>(vector_as_array(&public_key)),
 270       public_key.size());
 271   validator->ValidateSignature(
 272       public_key_as_string,
 273       policy::GetPolicyVerificationKey(),
 274       policy::PolicyBuilder::kFakeDomain,
 275       false);
 276   validator->StartValidation(
 277       base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
 278                  base::Unretained(this)));
 279
 280   message_loop_.RunUntilIdle();
 281   EXPECT_TRUE(validated_);
 282
 283   // Loaded device settings should match what the operation received.
 284   ASSERT_TRUE(op.device_settings().get());
 285   EXPECT_EQ(policy_.payload().SerializeAsString(),
 286             op.device_settings()->SerializeAsString());
 287 }
 288
 289 }  // namespace chromeos