1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_invalidator.h"
9 #include "base/memory/ref_counted.h"
10 #include "base/message_loop/message_loop_proxy.h"
11 #include "base/run_loop.h"
12 #include "chrome/browser/browser_process_platform_part.h"
13 #include "chrome/browser/chrome_notification_types.h"
14 #include "chrome/browser/chromeos/login/users/fake_user_manager.h"
15 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
17 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
19 #include "chrome/browser/chromeos/policy/device_policy_builder.h"
20 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
21 #include "chrome/browser/chromeos/settings/cros_settings.h"
22 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
23 #include "chrome/browser/chromeos/settings/device_settings_service.h"
24 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
25 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
26 #include "chrome/browser/invalidation/fake_invalidation_service.h"
27 #include "chrome/browser/invalidation/profile_invalidation_provider_factory.h"
28 #include "chrome/browser/policy/cloud/cloud_policy_invalidator.h"
29 #include "chrome/browser/profiles/profile.h"
30 #include "chrome/test/base/testing_browser_process.h"
31 #include "chrome/test/base/testing_profile_manager.h"
32 #include "chromeos/cryptohome/system_salt_getter.h"
33 #include "chromeos/dbus/dbus_thread_manager.h"
34 #include "components/invalidation/invalidation_service.h"
35 #include "components/invalidation/invalidator_state.h"
36 #include "components/invalidation/profile_invalidation_provider.h"
37 #include "components/invalidation/ticl_invalidation_service.h"
38 #include "components/keyed_service/core/keyed_service.h"
39 #include "components/policy/core/common/cloud/cloud_policy_client.h"
40 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
41 #include "components/policy/core/common/cloud/cloud_policy_core.h"
42 #include "components/policy/core/common/cloud/mock_cloud_policy_client.h"
43 #include "content/public/browser/browser_context.h"
44 #include "content/public/browser/notification_details.h"
45 #include "content/public/browser/notification_service.h"
46 #include "content/public/test/test_browser_thread_bundle.h"
47 #include "net/url_request/url_request_context_getter.h"
48 #include "net/url_request/url_request_test_util.h"
49 #include "policy/proto/device_management_backend.pb.h"
50 #include "testing/gmock/include/gmock/gmock.h"
51 #include "testing/gtest/include/gtest/gtest.h"
57 const char kAffiliatedUserID1[] = "test_1@example.com";
58 const char kAffiliatedUserID2[] = "test_2@example.com";
59 const char kUnaffiliatedUserID[] = "test_2@other_domain.test";
61 KeyedService* BuildProfileInvalidationProvider(
62 content::BrowserContext* context) {
63 scoped_ptr<invalidation::FakeInvalidationService> invalidation_service(
64 new invalidation::FakeInvalidationService);
65 invalidation_service->SetInvalidatorState(
66 syncer::TRANSIENT_INVALIDATION_ERROR);
67 return new invalidation::ProfileInvalidationProvider(
68 invalidation_service.PassAs<invalidation::InvalidationService>());
73 class DeviceCloudPolicyInvalidatorTest : public testing::Test {
75 DeviceCloudPolicyInvalidatorTest();
76 virtual ~DeviceCloudPolicyInvalidatorTest();
79 virtual void SetUp() OVERRIDE;
80 virtual void TearDown() OVERRIDE;
82 // Ownership is not passed. The Profile is owned by the global ProfileManager.
83 Profile *LogInAndReturnProfile(const std::string& user_id);
85 invalidation::TiclInvalidationService* GetDeviceInvalidationService();
86 bool HasDeviceInvalidationServiceObserver() const;
88 invalidation::FakeInvalidationService* GetProfileInvalidationService(
90 int GetProfileInvalidationServiceObserverCount() const;
92 const invalidation::InvalidationService* GetInvalidationService() const;
93 CloudPolicyInvalidator* GetCloudPolicyInvalidator() const;
95 void ConnectDeviceInvalidationService();
98 DevicePolicyBuilder device_policy_;
101 content::TestBrowserThreadBundle thread_bundle_;
102 scoped_refptr<net::URLRequestContextGetter> system_request_context_;
103 TestingProfileManager profile_manager_;
104 chromeos::FakeUserManager* fake_user_manager_;
105 chromeos::ScopedUserManagerEnabler user_manager_enabler_;
106 ScopedStubEnterpriseInstallAttributes install_attributes_;
107 scoped_ptr<chromeos::ScopedTestDeviceSettingsService>
108 test_device_settings_service_;
109 scoped_ptr<chromeos::ScopedTestCrosSettings> test_cros_settings_;
110 chromeos::DeviceSettingsTestHelper device_settings_test_helper_;
112 scoped_ptr<DeviceCloudPolicyInvalidator> invalidator_;
115 DeviceCloudPolicyInvalidatorTest::DeviceCloudPolicyInvalidatorTest()
116 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP),
117 system_request_context_(new net::TestURLRequestContextGetter(
118 base::MessageLoopProxy::current())),
119 profile_manager_(TestingBrowserProcess::GetGlobal()),
120 fake_user_manager_(new chromeos::FakeUserManager),
121 user_manager_enabler_(fake_user_manager_),
122 install_attributes_("example.com",
125 DEVICE_MODE_ENTERPRISE) {
128 DeviceCloudPolicyInvalidatorTest::~DeviceCloudPolicyInvalidatorTest() {
131 void DeviceCloudPolicyInvalidatorTest::SetUp() {
132 chromeos::SystemSaltGetter::Initialize();
133 chromeos::DBusThreadManager::InitializeWithStub();
134 chromeos::DeviceOAuth2TokenServiceFactory::Initialize();
135 TestingBrowserProcess::GetGlobal()->SetSystemRequestContext(
136 system_request_context_.get());
137 ASSERT_TRUE(profile_manager_.SetUp());
139 test_device_settings_service_.reset(new
140 chromeos::ScopedTestDeviceSettingsService);
141 test_cros_settings_.reset(new chromeos::ScopedTestCrosSettings);
142 scoped_refptr<chromeos::MockOwnerKeyUtil> owner_key_util(
143 new chromeos::MockOwnerKeyUtil);
144 owner_key_util->SetPublicKeyFromPrivateKey(
145 *device_policy_.GetSigningKey());
146 chromeos::DeviceSettingsService::Get()->SetSessionManager(
147 &device_settings_test_helper_,
150 device_policy_.policy_data().set_invalidation_source(123);
151 device_policy_.policy_data().set_invalidation_name("invalidation");
152 device_policy_.Build();
153 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
154 device_settings_test_helper_.Flush();
156 scoped_ptr<MockCloudPolicyClient> policy_client(new MockCloudPolicyClient);
157 EXPECT_CALL(*policy_client, SetupRegistration("token", "device-id"));
158 CloudPolicyCore* core = TestingBrowserProcess::GetGlobal()->platform_part()->
159 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
161 core->Connect(policy_client.PassAs<CloudPolicyClient>());
162 core->StartRefreshScheduler();
164 invalidation::ProfileInvalidationProviderFactory::GetInstance()->
165 RegisterTestingFactory(BuildProfileInvalidationProvider);
167 invalidator_.reset(new DeviceCloudPolicyInvalidator);
170 void DeviceCloudPolicyInvalidatorTest::TearDown() {
171 invalidator_.reset();
172 base::RunLoop().RunUntilIdle();
174 invalidation::ProfileInvalidationProviderFactory::GetInstance()->
175 RegisterTestingFactory(NULL);
176 chromeos::DeviceSettingsService::Get()->UnsetSessionManager();
177 TestingBrowserProcess::GetGlobal()->SetBrowserPolicyConnector(NULL);
178 chromeos::DeviceOAuth2TokenServiceFactory::Shutdown();
179 chromeos::DBusThreadManager::Shutdown();
180 chromeos::SystemSaltGetter::Shutdown();
183 Profile *DeviceCloudPolicyInvalidatorTest::LogInAndReturnProfile(
184 const std::string& user_id) {
185 fake_user_manager_->AddUser(user_id);
186 Profile* profile = profile_manager_.CreateTestingProfile(user_id);
187 content::NotificationService::current()->Notify(
188 chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
189 content::NotificationService::AllSources(),
190 content::Details<Profile>(profile));
194 invalidation::TiclInvalidationService*
195 DeviceCloudPolicyInvalidatorTest::GetDeviceInvalidationService() {
196 return invalidator_->device_invalidation_service_.get();
199 bool DeviceCloudPolicyInvalidatorTest::HasDeviceInvalidationServiceObserver(
201 return invalidator_->device_invalidation_service_observer_.get();
204 invalidation::FakeInvalidationService*
205 DeviceCloudPolicyInvalidatorTest::GetProfileInvalidationService(
207 invalidation::ProfileInvalidationProvider* invalidation_provider =
208 static_cast<invalidation::ProfileInvalidationProvider*>(
209 invalidation::ProfileInvalidationProviderFactory::GetInstance()->
210 GetServiceForBrowserContext(profile, false));
211 if (!invalidation_provider)
213 return static_cast<invalidation::FakeInvalidationService*>(
214 invalidation_provider->GetInvalidationService());
217 int DeviceCloudPolicyInvalidatorTest::
218 GetProfileInvalidationServiceObserverCount() const {
219 return invalidator_->profile_invalidation_service_observers_.size();
222 const invalidation::InvalidationService*
223 DeviceCloudPolicyInvalidatorTest::GetInvalidationService() const {
224 return invalidator_->invalidation_service_;
227 CloudPolicyInvalidator*
228 DeviceCloudPolicyInvalidatorTest::GetCloudPolicyInvalidator() const {
229 return invalidator_->invalidator_.get();
232 void DeviceCloudPolicyInvalidatorTest::ConnectDeviceInvalidationService() {
233 const int per_profile_invalidation_service_observer_count =
234 GetProfileInvalidationServiceObserverCount();
236 // Verify that a device-global invalidation service has been created.
237 ASSERT_TRUE(GetDeviceInvalidationService());
238 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
240 // Verify that no new per-profile invalidation service observers have been
242 EXPECT_EQ(per_profile_invalidation_service_observer_count,
243 GetProfileInvalidationServiceObserverCount());
245 // Verify that no invalidator exists yet
246 EXPECT_FALSE(GetCloudPolicyInvalidator());
247 EXPECT_FALSE(GetInvalidationService());
249 // Indicate that the device-global invalidation service has connected.
250 GetDeviceInvalidationService()->OnInvalidatorStateChange(
251 syncer::INVALIDATIONS_ENABLED);
252 base::RunLoop().RunUntilIdle();
254 // Verify that the device-global invalidation service still exists.
255 EXPECT_TRUE(GetDeviceInvalidationService());
256 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
258 // Verify that an invalidator backed by the device-global invalidation service
260 EXPECT_TRUE(GetCloudPolicyInvalidator());
261 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
264 // Verifies that a DeviceCloudPolicyInvalidator backed by a device-global
265 // invalidation service is created/destroyed as the service
266 // connects/disconnects.
267 TEST_F(DeviceCloudPolicyInvalidatorTest, UseDeviceInvalidationService) {
268 // Verify that an invalidator backed by the device-global invalidation service
269 // is created when the service connects.
270 ConnectDeviceInvalidationService();
271 ASSERT_TRUE(GetDeviceInvalidationService());
272 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
274 // Indicate that the device-global invalidation service has disconnected.
275 GetDeviceInvalidationService()->OnInvalidatorStateChange(
276 syncer::INVALIDATION_CREDENTIALS_REJECTED);
277 base::RunLoop().RunUntilIdle();
279 // Verify that the device-global invalidation service still exists.
280 EXPECT_TRUE(GetDeviceInvalidationService());
281 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
283 // Verify that the invalidator has been destroyed.
284 EXPECT_FALSE(GetCloudPolicyInvalidator());
285 EXPECT_FALSE(GetInvalidationService());
288 // Verifies that when the per-profile invalidation service for an affiliated
289 // user connect/disconnects, a DeviceCloudPolicyInvalidator backed by it is
290 // created/destroyed.
291 TEST_F(DeviceCloudPolicyInvalidatorTest,
292 UseAffiliatedProfileInvalidationService) {
293 // Log in as an affiliated user.
294 Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
295 ASSERT_TRUE(profile);
297 // Verify that a device-global invalidation service has been created.
298 EXPECT_TRUE(GetDeviceInvalidationService());
299 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
301 // Verify that a per-profile invalidation service has been created.
302 invalidation::FakeInvalidationService* profile_invalidation_service =
303 GetProfileInvalidationService(profile);
304 ASSERT_TRUE(profile_invalidation_service);
305 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
307 // Verify that no invalidator exists yet.
308 EXPECT_FALSE(GetCloudPolicyInvalidator());
309 EXPECT_FALSE(GetInvalidationService());
311 // Indicate that the per-profile invalidation service has connected.
312 profile_invalidation_service->SetInvalidatorState(
313 syncer::INVALIDATIONS_ENABLED);
315 // Verify that the device-global invalidator has been destroyed.
316 EXPECT_FALSE(GetDeviceInvalidationService());
317 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
319 // Verify that a per-profile invalidation service still exists.
320 profile_invalidation_service = GetProfileInvalidationService(profile);
321 ASSERT_TRUE(profile_invalidation_service);
322 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
324 // Verify that an invalidator backed by the per-profile invalidation service
326 EXPECT_TRUE(GetCloudPolicyInvalidator());
327 EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
329 // Indicate that the per-profile invalidation service has disconnected.
330 profile_invalidation_service->SetInvalidatorState(
331 syncer::INVALIDATION_CREDENTIALS_REJECTED);
333 // Verify that a device-global invalidation service has been created.
334 EXPECT_TRUE(GetDeviceInvalidationService());
335 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
337 // Verify that a per-profile invalidation service still exists.
338 profile_invalidation_service = GetProfileInvalidationService(profile);
339 EXPECT_TRUE(profile_invalidation_service);
340 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
342 // Verify that the invalidator has been destroyed.
343 EXPECT_FALSE(GetCloudPolicyInvalidator());
344 EXPECT_FALSE(GetInvalidationService());
347 // Verifies that even if the per-profile invalidation service for an
348 // unaffiliated user connects, no DeviceCloudPolicyInvalidator backed by it is
350 TEST_F(DeviceCloudPolicyInvalidatorTest,
351 DoNotUseUnaffiliatedProfileInvalidationService) {
352 // Log in as an unaffiliated user.
353 Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID);
354 ASSERT_TRUE(profile);
356 // Verify that a device-global invalidation service has been created.
357 EXPECT_TRUE(GetDeviceInvalidationService());
358 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
360 // Verify that a per-profile invalidation service has been created.
361 invalidation::FakeInvalidationService* profile_invalidation_service =
362 GetProfileInvalidationService(profile);
363 ASSERT_TRUE(profile_invalidation_service);
364 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
366 // Verify that no invalidator exists yet.
367 EXPECT_FALSE(GetCloudPolicyInvalidator());
368 EXPECT_FALSE(GetInvalidationService());
370 // Indicate that the per-profile invalidation service has connected.
371 profile_invalidation_service->SetInvalidatorState(
372 syncer::INVALIDATIONS_ENABLED);
374 // Verify that the device-global invalidator still exists.
375 EXPECT_TRUE(GetDeviceInvalidationService());
376 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
378 // Verify that a per-profile invalidation service still exists.
379 profile_invalidation_service = GetProfileInvalidationService(profile);
380 EXPECT_TRUE(profile_invalidation_service);
381 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
383 // Verify that no invalidator has been created.
384 EXPECT_FALSE(GetCloudPolicyInvalidator());
385 EXPECT_FALSE(GetInvalidationService());
388 // Verifies that when the per-profile invalidation service for an affiliated
389 // user connects, a DeviceCloudPolicyInvalidator backed by it replaces the
390 // current DeviceCloudPolicyInvalidator backed by a device-global invalidation
391 // service. Also verifies that the device-global invalidation service is
392 // destroyed at this point and the highest handled invalidation version is
393 // preserved when switching invalidation services.
394 TEST_F(DeviceCloudPolicyInvalidatorTest,
395 SwitchToAffiliatedProfileInvalidationService) {
396 CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
397 TestingBrowserProcess::GetGlobal()->platform_part()->
398 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
402 // Verify that an invalidator backed by the device-global invalidation service
403 // is created when the service connects.
404 ConnectDeviceInvalidationService();
405 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
406 ASSERT_TRUE(invalidator);
407 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
409 // Verify that the invalidator's highest handled invalidation version starts
411 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
413 // Handle an invalidation with version 1. Verify that the invalidator's
414 // highest handled invalidation version is updated accordingly.
415 store->Store(device_policy_.policy(), 1);
416 invalidator->OnStoreLoaded(store);
417 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
419 // Log in as an affiliated user.
420 Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
421 ASSERT_TRUE(profile);
423 // Verify that the device-global invalidation service still exists.
424 EXPECT_TRUE(GetDeviceInvalidationService());
425 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
427 // Verify that a per-profile invalidation service has been created.
428 invalidation::FakeInvalidationService* profile_invalidation_service =
429 GetProfileInvalidationService(profile);
430 ASSERT_TRUE(profile_invalidation_service);
431 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
433 // Verify that an invalidator backed by the device-global invalidation service
435 EXPECT_TRUE(GetCloudPolicyInvalidator());
436 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
438 // Indicate that the per-profile invalidation service has connected.
439 profile_invalidation_service->SetInvalidatorState(
440 syncer::INVALIDATIONS_ENABLED);
442 // Verify that the device-global invalidator has been destroyed.
443 EXPECT_FALSE(GetDeviceInvalidationService());
444 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
446 // Verify that a per-profile invalidation service still exists.
447 profile_invalidation_service = GetProfileInvalidationService(profile);
448 EXPECT_TRUE(profile_invalidation_service);
449 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
451 // Verify that an invalidator backed by the per-profile invalidation service
453 invalidator = GetCloudPolicyInvalidator();
454 ASSERT_TRUE(invalidator);
455 EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
457 // Verify that the invalidator's highest handled invalidation version starts
459 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
462 // Verifies that when the per-profile invalidation service for an unaffiliated
463 // user connects, the current DeviceCloudPolicyInvalidator backed by a
464 // device-global invalidation service is not destroyed and replaced.
465 TEST_F(DeviceCloudPolicyInvalidatorTest,
466 DoNotSwitchToUnaffiliatedProfileInvalidationService) {
467 // Verify that an invalidator backed by the device-global invalidation service
468 // is created when the service connects.
469 ConnectDeviceInvalidationService();
470 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
471 ASSERT_TRUE(invalidator);
472 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
474 // Verify that the invalidator's highest handled invalidation version starts
476 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
478 // Log in as an unaffiliated user.
479 Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID);
480 ASSERT_TRUE(profile);
482 // Verify that the device-global invalidation service still exists.
483 EXPECT_TRUE(GetDeviceInvalidationService());
484 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
486 // Verify that a per-profile invalidation service has been created.
487 invalidation::FakeInvalidationService* profile_invalidation_service =
488 GetProfileInvalidationService(profile);
489 ASSERT_TRUE(profile_invalidation_service);
490 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
492 // Verify that an invalidator backed by the device-global invalidation service
494 EXPECT_TRUE(GetCloudPolicyInvalidator());
495 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
497 // Indicate that the per-profile invalidation service has connected.
498 profile_invalidation_service->SetInvalidatorState(
499 syncer::INVALIDATIONS_ENABLED);
501 // Verify that the device-global invalidator still exists.
502 EXPECT_TRUE(GetDeviceInvalidationService());
503 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
505 // Verify that a per-profile invalidation service still exists.
506 profile_invalidation_service = GetProfileInvalidationService(profile);
507 EXPECT_TRUE(profile_invalidation_service);
508 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
510 // Verify that an invalidator backed by the device-global invalidation service
512 EXPECT_TRUE(GetCloudPolicyInvalidator());
513 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
516 // Verifies that when the per-profile invalidation service backing the current
517 // DeviceCloudPolicyInvalidator disconnects and no other connected invalidation
518 // service is available for use, a device-global invalidation service is
519 // created. Also verifies that when this service connects, a
520 // DeviceCloudPolicyInvalidator backed by it is created and the highest handled
521 // invalidation version is preserved when switching invalidation services.
522 TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchToDeviceInvalidationService) {
523 CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
524 TestingBrowserProcess::GetGlobal()->platform_part()->
525 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
529 // Log in as an affiliated user.
530 Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
531 ASSERT_TRUE(profile);
533 // Verify that a device-global invalidation service has been created.
534 EXPECT_TRUE(GetDeviceInvalidationService());
535 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
537 // Verify that a per-profile invalidation service has been created.
538 invalidation::FakeInvalidationService* profile_invalidation_service =
539 GetProfileInvalidationService(profile);
540 ASSERT_TRUE(profile_invalidation_service);
541 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
543 // Verify that no invalidator exists yet.
544 EXPECT_FALSE(GetCloudPolicyInvalidator());
545 EXPECT_FALSE(GetInvalidationService());
547 // Indicate that the per-profile invalidation service has connected.
548 profile_invalidation_service->SetInvalidatorState(
549 syncer::INVALIDATIONS_ENABLED);
551 // Verify that the device-global invalidator has been destroyed.
552 EXPECT_FALSE(GetDeviceInvalidationService());
553 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
555 // Verify that a per-profile invalidation service still exists.
556 profile_invalidation_service = GetProfileInvalidationService(profile);
557 ASSERT_TRUE(profile_invalidation_service);
558 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
560 // Verify that an invalidator backed by the per-profile invalidation service
562 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
563 ASSERT_TRUE(invalidator);
564 EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
566 // Verify that the invalidator's highest handled invalidation version starts
568 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
570 // Handle an invalidation with version 1. Verify that the invalidator's
571 // highest handled invalidation version is updated accordingly.
572 store->Store(device_policy_.policy(), 1);
573 invalidator->OnStoreLoaded(store);
574 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
576 // Indicate that the per-profile invalidation service has disconnected.
577 profile_invalidation_service->SetInvalidatorState(
578 syncer::INVALIDATION_CREDENTIALS_REJECTED);
580 // Verify that a device-global invalidation service has been created.
581 EXPECT_TRUE(GetDeviceInvalidationService());
582 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
584 // Verify that a per-profile invalidation service still exists.
585 profile_invalidation_service = GetProfileInvalidationService(profile);
586 EXPECT_TRUE(profile_invalidation_service);
587 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
589 // Verify that the invalidator has been destroyed.
590 EXPECT_FALSE(GetCloudPolicyInvalidator());
591 EXPECT_FALSE(GetInvalidationService());
593 // Verify that an invalidator backed by the device-global invalidation service
594 // is created when the service connects.
595 ConnectDeviceInvalidationService();
596 invalidator = GetCloudPolicyInvalidator();
597 ASSERT_TRUE(invalidator);
598 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
600 // Verify that the invalidator's highest handled invalidation version starts
602 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
605 // Verifies that when the per-profile invalidation service backing the current
606 // DeviceCloudPolicyInvalidator disconnects and another connected per-profile
607 // invalidation service is available for use, a DeviceCloudPolicyInvalidator
608 // backed by that service is created. Also verifies that the highest handled
609 // invalidation version is preserved when switching invalidation services.
610 TEST_F(DeviceCloudPolicyInvalidatorTest,
611 SwitchBetweenAffiliatedProfileInvalidationServices) {
612 CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
613 TestingBrowserProcess::GetGlobal()->platform_part()->
614 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
618 // Verify that a device-global invalidation service has been created.
619 EXPECT_TRUE(GetDeviceInvalidationService());
620 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
622 // Verify that no invalidator exists yet.
623 EXPECT_FALSE(GetCloudPolicyInvalidator());
624 EXPECT_FALSE(GetInvalidationService());
626 // Log in as a first affiliated user.
627 Profile* profile_1 = LogInAndReturnProfile(kAffiliatedUserID1);
628 ASSERT_TRUE(profile_1);
630 // Verify that the device-global invalidation service still exists.
631 EXPECT_TRUE(GetDeviceInvalidationService());
632 EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
634 // Verify that a per-profile invalidation service has been created for the
636 invalidation::FakeInvalidationService* profile_1_invalidation_service =
637 GetProfileInvalidationService(profile_1);
638 ASSERT_TRUE(profile_1_invalidation_service);
639 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
641 // Verify that no invalidator has been created.
642 EXPECT_FALSE(GetCloudPolicyInvalidator());
643 EXPECT_FALSE(GetInvalidationService());
645 // Indicate that the first user's per-profile invalidation service has
647 profile_1_invalidation_service->SetInvalidatorState(
648 syncer::INVALIDATIONS_ENABLED);
650 // Verify that the device-global invalidator has been destroyed.
651 EXPECT_FALSE(GetDeviceInvalidationService());
652 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
654 // Verify that a per-profile invalidation service still exists for the first
656 profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
657 EXPECT_TRUE(profile_1_invalidation_service);
658 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
660 // Verify that an invalidator backed by the first user's per-profile
661 // invalidation service has been created.
662 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
663 ASSERT_TRUE(invalidator);
664 EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
666 // Verify that the invalidator's highest handled invalidation version starts
668 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
670 // Handle an invalidation with version 1. Verify that the invalidator's
671 // highest handled invalidation version is updated accordingly.
672 store->Store(device_policy_.policy(), 1);
673 invalidator->OnStoreLoaded(store);
674 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
676 // Log in as a second affiliated user.
677 Profile* profile_2 = LogInAndReturnProfile(kAffiliatedUserID2);
678 ASSERT_TRUE(profile_2);
680 // Verify that the device-global invalidator still does not exist.
681 EXPECT_FALSE(GetDeviceInvalidationService());
682 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
684 // Verify that a per-profile invalidation service still exists for the first
685 // user and one has been created for the second user.
686 profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
687 EXPECT_TRUE(profile_1_invalidation_service);
688 invalidation::FakeInvalidationService* profile_2_invalidation_service =
689 GetProfileInvalidationService(profile_2);
690 ASSERT_TRUE(profile_2_invalidation_service);
691 EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
693 // Verify that an invalidator backed by the first user's per-profile
694 // invalidation service still exists.
695 EXPECT_TRUE(GetCloudPolicyInvalidator());
696 EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
698 // Indicate that the second user's per-profile invalidation service has
700 profile_2_invalidation_service->SetInvalidatorState(
701 syncer::INVALIDATIONS_ENABLED);
703 // Verify that the device-global invalidator still does not exist.
704 EXPECT_FALSE(GetDeviceInvalidationService());
705 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
707 // Verify that per-profile invalidation services still exist for both users.
708 profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
709 ASSERT_TRUE(profile_1_invalidation_service);
710 profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
711 EXPECT_TRUE(profile_2_invalidation_service);
712 EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
714 // Verify that an invalidator backed by the first user's per-profile
715 // invalidation service still exists.
716 EXPECT_TRUE(GetCloudPolicyInvalidator());
717 EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
719 // Indicate that the first user's per-profile invalidation service has
721 profile_1_invalidation_service->SetInvalidatorState(
722 syncer::INVALIDATION_CREDENTIALS_REJECTED);
724 // Verify that the device-global invalidator still does not exist.
725 EXPECT_FALSE(GetDeviceInvalidationService());
726 EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
728 // Verify that per-profile invalidation services still exist for both users.
729 profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
730 EXPECT_TRUE(profile_1_invalidation_service);
731 profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
732 ASSERT_TRUE(profile_2_invalidation_service);
733 EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
735 // Verify that an invalidator backed by the second user's per-profile
736 // invalidation service has been created.
737 invalidator = GetCloudPolicyInvalidator();
738 ASSERT_TRUE(invalidator);
739 EXPECT_EQ(profile_2_invalidation_service, GetInvalidationService());
741 // Verify that the invalidator's highest handled invalidation version starts
743 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
746 } // namespace policy