src/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_invalidator.h"
   6
   7 #include <string>
   8
   9 #include "base/memory/ref_counted.h"
  10 #include "base/message_loop/message_loop_proxy.h"
  11 #include "base/run_loop.h"
  12 #include "chrome/browser/browser_process_platform_part.h"
  13 #include "chrome/browser/chrome_notification_types.h"
  14 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
  15 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
  16 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
  17 #include "chrome/browser/chromeos/policy/device_policy_builder.h"
  18 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
  19 #include "chrome/browser/chromeos/settings/cros_settings.h"
  20 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
  21 #include "chrome/browser/chromeos/settings/device_settings_service.h"
  22 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  23 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
  24 #include "chrome/browser/invalidation/fake_invalidation_service.h"
  25 #include "chrome/browser/invalidation/profile_invalidation_provider_factory.h"
  26 #include "chrome/browser/policy/cloud/cloud_policy_invalidator.h"
  27 #include "chrome/browser/profiles/profile.h"
  28 #include "chrome/test/base/testing_browser_process.h"
  29 #include "chrome/test/base/testing_profile_manager.h"
  30 #include "chromeos/cryptohome/system_salt_getter.h"
  31 #include "chromeos/dbus/dbus_thread_manager.h"
  32 #include "components/invalidation/invalidation_service.h"
  33 #include "components/invalidation/invalidator_state.h"
  34 #include "components/invalidation/profile_invalidation_provider.h"
  35 #include "components/invalidation/ticl_invalidation_service.h"
  36 #include "components/keyed_service/core/keyed_service.h"
  37 #include "components/policy/core/common/cloud/cloud_policy_client.h"
  38 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
  39 #include "components/policy/core/common/cloud/cloud_policy_core.h"
  40 #include "components/policy/core/common/cloud/mock_cloud_policy_client.h"
  41 #include "content/public/browser/browser_context.h"
  42 #include "content/public/browser/notification_details.h"
  43 #include "content/public/browser/notification_service.h"
  44 #include "content/public/test/test_browser_thread_bundle.h"
  45 #include "net/url_request/url_request_context_getter.h"
  46 #include "net/url_request/url_request_test_util.h"
  47 #include "policy/proto/device_management_backend.pb.h"
  48 #include "testing/gmock/include/gmock/gmock.h"
  49 #include "testing/gtest/include/gtest/gtest.h"
  50
  51 namespace policy {
  52
  53 namespace {
  54
  55 KeyedService* BuildProfileInvalidationProvider(
  56     content::BrowserContext* context) {
  57   scoped_ptr<invalidation::FakeInvalidationService> invalidation_service(
  58       new invalidation::FakeInvalidationService);
  59   invalidation_service->SetInvalidatorState(
  60       syncer::TRANSIENT_INVALIDATION_ERROR);
  61   return new invalidation::ProfileInvalidationProvider(
  62       invalidation_service.PassAs<invalidation::InvalidationService>());
  63 }
  64
  65 }  // namespace
  66
  67 class DeviceCloudPolicyInvalidatorTest : public testing::Test {
  68  public:
  69   DeviceCloudPolicyInvalidatorTest();
  70   virtual ~DeviceCloudPolicyInvalidatorTest();
  71
  72   // testing::Test:
  73   virtual void SetUp() OVERRIDE;
  74   virtual void TearDown() OVERRIDE;
  75
  76   // Ownership is not passed. The Profile is owned by the global ProfileManager.
  77   Profile *CreateProfile(const std::string& profile_name);
  78
  79   invalidation::TiclInvalidationService* GetDeviceInvalidationService();
  80   bool HasDeviceInvalidationServiceObserver() const;
  81
  82   invalidation::FakeInvalidationService* GetProfileInvalidationService(
  83       Profile* profile);
  84   int GetProfileInvalidationServiceObserverCount() const;
  85
  86   const invalidation::InvalidationService* GetInvalidationService() const;
  87   CloudPolicyInvalidator* GetCloudPolicyInvalidator() const;
  88
  89   void ConnectDeviceInvalidationService();
  90
  91  protected:
  92   DevicePolicyBuilder device_policy_;
  93
  94  private:
  95   content::TestBrowserThreadBundle thread_bundle_;
  96   scoped_refptr<net::URLRequestContextGetter> system_request_context_;
  97   TestingProfileManager profile_manager_;
  98   ScopedStubEnterpriseInstallAttributes install_attributes_;
  99   scoped_ptr<chromeos::ScopedTestDeviceSettingsService>
 100       test_device_settings_service_;
 101   scoped_ptr<chromeos::ScopedTestCrosSettings> test_cros_settings_;
 102   chromeos::DeviceSettingsTestHelper device_settings_test_helper_;
 103
 104   scoped_ptr<DeviceCloudPolicyInvalidator> invalidator_;
 105 };
 106
 107 DeviceCloudPolicyInvalidatorTest::DeviceCloudPolicyInvalidatorTest()
 108     : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP),
 109       system_request_context_(new net::TestURLRequestContextGetter(
 110           base::MessageLoopProxy::current())),
 111       profile_manager_(TestingBrowserProcess::GetGlobal()),
 112       install_attributes_("example.com",
 113                           "user@example.com",
 114                           "device_id",
 115                           DEVICE_MODE_ENTERPRISE) {
 116 }
 117
 118 DeviceCloudPolicyInvalidatorTest::~DeviceCloudPolicyInvalidatorTest() {
 119 }
 120
 121 void DeviceCloudPolicyInvalidatorTest::SetUp() {
 122   chromeos::SystemSaltGetter::Initialize();
 123   chromeos::DBusThreadManager::InitializeWithStub();
 124   chromeos::DeviceOAuth2TokenServiceFactory::Initialize();
 125   TestingBrowserProcess::GetGlobal()->SetSystemRequestContext(
 126       system_request_context_.get());
 127   ASSERT_TRUE(profile_manager_.SetUp());
 128
 129   test_device_settings_service_.reset(new
 130       chromeos::ScopedTestDeviceSettingsService);
 131   test_cros_settings_.reset(new chromeos::ScopedTestCrosSettings);
 132   scoped_refptr<chromeos::MockOwnerKeyUtil> owner_key_util(
 133       new chromeos::MockOwnerKeyUtil);
 134   owner_key_util->SetPublicKeyFromPrivateKey(
 135       *device_policy_.GetSigningKey());
 136   chromeos::DeviceSettingsService::Get()->SetSessionManager(
 137       &device_settings_test_helper_,
 138       owner_key_util);
 139
 140   device_policy_.policy_data().set_invalidation_source(123);
 141   device_policy_.policy_data().set_invalidation_name("invalidation");
 142   device_policy_.Build();
 143   device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
 144   device_settings_test_helper_.Flush();
 145
 146   scoped_ptr<MockCloudPolicyClient> policy_client(new MockCloudPolicyClient);
 147   EXPECT_CALL(*policy_client, SetupRegistration("token", "device-id"));
 148   CloudPolicyCore* core = TestingBrowserProcess::GetGlobal()->platform_part()->
 149       browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
 150           core();
 151   core->Connect(policy_client.PassAs<CloudPolicyClient>());
 152   core->StartRefreshScheduler();
 153
 154   invalidation::ProfileInvalidationProviderFactory::GetInstance()->
 155       RegisterTestingFactory(BuildProfileInvalidationProvider);
 156
 157   invalidator_.reset(new DeviceCloudPolicyInvalidator);
 158 }
 159
 160 void DeviceCloudPolicyInvalidatorTest::TearDown() {
 161   invalidator_.reset();
 162   base::RunLoop().RunUntilIdle();
 163
 164   invalidation::ProfileInvalidationProviderFactory::GetInstance()->
 165       RegisterTestingFactory(NULL);
 166   chromeos::DeviceSettingsService::Get()->UnsetSessionManager();
 167   TestingBrowserProcess::GetGlobal()->SetBrowserPolicyConnector(NULL);
 168   chromeos::DeviceOAuth2TokenServiceFactory::Shutdown();
 169   chromeos::DBusThreadManager::Shutdown();
 170   chromeos::SystemSaltGetter::Shutdown();
 171 }
 172
 173 Profile *DeviceCloudPolicyInvalidatorTest::CreateProfile(
 174     const std::string& profile_name) {
 175   Profile* profile = profile_manager_.CreateTestingProfile(profile_name);
 176   content::NotificationService::current()->Notify(
 177       chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
 178       content::NotificationService::AllSources(),
 179       content::Details<Profile>(profile));
 180   return profile;
 181 }
 182
 183 invalidation::TiclInvalidationService*
 184 DeviceCloudPolicyInvalidatorTest::GetDeviceInvalidationService() {
 185   return invalidator_->device_invalidation_service_.get();
 186 }
 187
 188 bool DeviceCloudPolicyInvalidatorTest::HasDeviceInvalidationServiceObserver(
 189     ) const {
 190   return invalidator_->device_invalidation_service_observer_.get();
 191 }
 192
 193 invalidation::FakeInvalidationService*
 194 DeviceCloudPolicyInvalidatorTest::GetProfileInvalidationService(
 195     Profile* profile) {
 196   invalidation::ProfileInvalidationProvider* invalidation_provider =
 197       static_cast<invalidation::ProfileInvalidationProvider*>(
 198           invalidation::ProfileInvalidationProviderFactory::GetInstance()->
 199               GetServiceForBrowserContext(profile, false));
 200   if (!invalidation_provider)
 201     return NULL;
 202   return static_cast<invalidation::FakeInvalidationService*>(
 203       invalidation_provider->GetInvalidationService());
 204 }
 205
 206 int DeviceCloudPolicyInvalidatorTest::
 207         GetProfileInvalidationServiceObserverCount() const {
 208   return invalidator_->profile_invalidation_service_observers_.size();
 209 }
 210
 211 const invalidation::InvalidationService*
 212 DeviceCloudPolicyInvalidatorTest::GetInvalidationService() const {
 213   return invalidator_->invalidation_service_;
 214 }
 215
 216 CloudPolicyInvalidator*
 217 DeviceCloudPolicyInvalidatorTest::GetCloudPolicyInvalidator() const {
 218   return invalidator_->invalidator_.get();
 219 }
 220
 221 void DeviceCloudPolicyInvalidatorTest::ConnectDeviceInvalidationService() {
 222   // Verify that a device-global invalidation service has been created.
 223   ASSERT_TRUE(GetDeviceInvalidationService());
 224   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 225
 226   // Verify that no per-profile invalidation service observers have been
 227   // created.
 228   EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
 229
 230   // Verify that no invalidator exists yet
 231   EXPECT_FALSE(GetCloudPolicyInvalidator());
 232   EXPECT_FALSE(GetInvalidationService());
 233
 234   // Indicate that the device-global invalidation service has connected.
 235   GetDeviceInvalidationService()->OnInvalidatorStateChange(
 236       syncer::INVALIDATIONS_ENABLED);
 237   base::RunLoop().RunUntilIdle();
 238
 239   // Verify that the device-global invalidation service still exists.
 240   EXPECT_TRUE(GetDeviceInvalidationService());
 241   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 242
 243   // Verify that an invalidator backed by the device-global invalidation service
 244   // has been created.
 245   EXPECT_TRUE(GetCloudPolicyInvalidator());
 246   EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
 247 }
 248
 249 // Verifies that a DeviceCloudPolicyInvalidator backed by a device-global
 250 // invalidation service is created/destroyed as the service
 251 // connects/disconnects.
 252 TEST_F(DeviceCloudPolicyInvalidatorTest, UseDeviceInvalidationService) {
 253   // Verify that an invalidator backed by the device-global invalidation service
 254   // is created when the service connects.
 255   ConnectDeviceInvalidationService();
 256   ASSERT_TRUE(GetDeviceInvalidationService());
 257
 258   // Indicate that the device-global invalidation service has disconnected.
 259   GetDeviceInvalidationService()->OnInvalidatorStateChange(
 260       syncer::INVALIDATION_CREDENTIALS_REJECTED);
 261   base::RunLoop().RunUntilIdle();
 262
 263   // Verify that the device-global invalidation service still exists.
 264   EXPECT_TRUE(GetDeviceInvalidationService());
 265   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 266
 267   // Verify that the invalidator has been destroyed.
 268   EXPECT_FALSE(GetCloudPolicyInvalidator());
 269   EXPECT_FALSE(GetInvalidationService());
 270 }
 271
 272 // Verifies that a DeviceCloudPolicyInvalidator backed by a per-profile
 273 // invalidation service is created/destroyed as the service
 274 // connects/disconnects.
 275 TEST_F(DeviceCloudPolicyInvalidatorTest, UseProfileInvalidationService) {
 276   // Create a user profile.
 277   Profile* profile = CreateProfile("test");
 278   ASSERT_TRUE(profile);
 279
 280   // Verify that a device-global invalidation service has been created.
 281   EXPECT_TRUE(GetDeviceInvalidationService());
 282   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 283
 284   // Verify that a per-profile invalidation service has been created.
 285   invalidation::FakeInvalidationService* profile_invalidation_service =
 286       GetProfileInvalidationService(profile);
 287   ASSERT_TRUE(profile_invalidation_service);
 288   EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
 289
 290   // Verify that no invalidator exists yet
 291   EXPECT_FALSE(GetCloudPolicyInvalidator());
 292   EXPECT_FALSE(GetInvalidationService());
 293
 294   // Indicate that the per-profile invalidation service has connected.
 295   profile_invalidation_service->SetInvalidatorState(
 296       syncer::INVALIDATIONS_ENABLED);
 297
 298   // Verify that the device-global invalidator has been destroyed.
 299   EXPECT_FALSE(GetDeviceInvalidationService());
 300   EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
 301
 302   // Verify that a per-profile invalidation service still exists.
 303   profile_invalidation_service = GetProfileInvalidationService(profile);
 304   ASSERT_TRUE(profile_invalidation_service);
 305   EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
 306
 307   // Verify that an invalidator backed by the per-profile invalidation service
 308   // has been created.
 309   EXPECT_TRUE(GetCloudPolicyInvalidator());
 310   EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
 311
 312   // Indicate that the per-profile invalidation service has disconnected.
 313   profile_invalidation_service->SetInvalidatorState(
 314       syncer::INVALIDATION_CREDENTIALS_REJECTED);
 315
 316   // Verify that a device-global invalidation service has been created.
 317   EXPECT_TRUE(GetDeviceInvalidationService());
 318   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 319
 320   // Verify that a per-profile invalidation service still exists.
 321   profile_invalidation_service = GetProfileInvalidationService(profile);
 322   EXPECT_TRUE(profile_invalidation_service);
 323   EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
 324
 325   // Verify that the invalidator has been destroyed.
 326   EXPECT_FALSE(GetCloudPolicyInvalidator());
 327   EXPECT_FALSE(GetInvalidationService());
 328 }
 329
 330 // Verifies that a DeviceCloudPolicyInvalidator exists whenever a connected
 331 // invalidation service is available, automatically switching between
 332 // device-global and per-profile invalidation services as they
 333 // connect/disconnect, giving priority to per-profile invalidation services.
 334 // Also verifies that the highest handled invalidation version is preserved when
 335 // switching invalidation services.
 336 TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
 337   CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
 338       TestingBrowserProcess::GetGlobal()->platform_part()->
 339           browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
 340               device_store());
 341   ASSERT_TRUE(store);
 342
 343   // Verify that an invalidator backed by the device-global invalidation service
 344   // is created when the service connects.
 345   ConnectDeviceInvalidationService();
 346   CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
 347   ASSERT_TRUE(invalidator);
 348   ASSERT_TRUE(GetDeviceInvalidationService());
 349
 350   // Verify that the invalidator's highest handled invalidation version starts
 351   // out as zero.
 352   EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
 353
 354   // Create a first user profile.
 355   Profile* profile_1 = CreateProfile("test_1");
 356   ASSERT_TRUE(profile_1);
 357
 358   // Verify that the device-global invalidation service still exists.
 359   EXPECT_TRUE(GetDeviceInvalidationService());
 360   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 361
 362   // Verify that a per-profile invalidation service has been created for the
 363   // first user profile.
 364   invalidation::FakeInvalidationService* profile_1_invalidation_service =
 365       GetProfileInvalidationService(profile_1);
 366   ASSERT_TRUE(profile_1_invalidation_service);
 367   EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
 368
 369   // Verify that an invalidator backed by the device-global invalidation service
 370   // still exists.
 371   EXPECT_TRUE(GetCloudPolicyInvalidator());
 372   EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
 373
 374   // Indicate that the first user profile's per-profile invalidation service has
 375   // connected.
 376   profile_1_invalidation_service->SetInvalidatorState(
 377       syncer::INVALIDATIONS_ENABLED);
 378
 379   // Verify that the device-global invalidator has been destroyed.
 380   EXPECT_FALSE(GetDeviceInvalidationService());
 381   EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
 382
 383   // Verify that a per-profile invalidation service still exists for the first
 384   // user profile.
 385   profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
 386   EXPECT_TRUE(profile_1_invalidation_service);
 387   EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
 388
 389   // Verify that an invalidator backed by the per-profile invalidation service
 390   // for the first user profile has been created.
 391   invalidator = GetCloudPolicyInvalidator();
 392   ASSERT_TRUE(invalidator);
 393   EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
 394
 395   // Verify that the invalidator's highest handled invalidation version starts
 396   // out as zero.
 397   EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
 398
 399   // Handle an invalidation with version 1. Verify that the invalidator's
 400   // highest handled invalidation version is updated accordingly.
 401   store->Store(device_policy_.policy(), 1);
 402   invalidator->OnStoreLoaded(store);
 403   EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
 404
 405   // Create a second user profile.
 406   Profile* profile_2 = CreateProfile("test_2");
 407   ASSERT_TRUE(profile_2);
 408
 409   // Verify that the device-global invalidator still does not exist.
 410   EXPECT_FALSE(GetDeviceInvalidationService());
 411   EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
 412
 413   // Verify that a per-profile invalidation service still exists for the first
 414   // user profile and one has been created for the second user profile.
 415   profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
 416   EXPECT_TRUE(profile_1_invalidation_service);
 417   invalidation::FakeInvalidationService* profile_2_invalidation_service =
 418       GetProfileInvalidationService(profile_2);
 419   ASSERT_TRUE(profile_2_invalidation_service);
 420   EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
 421
 422   // Verify that an invalidator backed by the per-profile invalidation service
 423   // for the first user profile still exists.
 424   EXPECT_TRUE(GetCloudPolicyInvalidator());
 425   EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
 426
 427   // Indicate that the second user profile's per-profile invalidation service
 428   // has connected.
 429   profile_2_invalidation_service->SetInvalidatorState(
 430       syncer::INVALIDATIONS_ENABLED);
 431
 432   // Verify that the device-global invalidator still does not exist.
 433   EXPECT_FALSE(GetDeviceInvalidationService());
 434   EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
 435
 436   // Verify that per-profile invalidation services still exist for both user
 437   // profiles.
 438   profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
 439   ASSERT_TRUE(profile_1_invalidation_service);
 440   profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
 441   EXPECT_TRUE(profile_2_invalidation_service);
 442   EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
 443
 444   // Verify that an invalidator backed by the per-profile invalidation service
 445   // for the first user profile still exists.
 446   EXPECT_TRUE(GetCloudPolicyInvalidator());
 447   EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
 448
 449   // Indicate that the per-profile invalidation service for the first user
 450   // profile has disconnected.
 451   profile_1_invalidation_service->SetInvalidatorState(
 452       syncer::INVALIDATION_CREDENTIALS_REJECTED);
 453
 454   // Verify that the device-global invalidator still does not exist.
 455   EXPECT_FALSE(GetDeviceInvalidationService());
 456   EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
 457
 458   // Verify that per-profile invalidation services still exist for both user
 459   // profiles.
 460   profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
 461   EXPECT_TRUE(profile_1_invalidation_service);
 462   profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
 463   ASSERT_TRUE(profile_2_invalidation_service);
 464   EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
 465
 466   // Verify that an invalidator backed by the per-profile invalidation service
 467   // for the second user profile has been created.
 468   invalidator = GetCloudPolicyInvalidator();
 469   ASSERT_TRUE(invalidator);
 470   EXPECT_EQ(profile_2_invalidation_service, GetInvalidationService());
 471
 472   // Verify that the invalidator's highest handled invalidation version starts
 473   // out as 1.
 474   EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
 475
 476   // Handle an invalidation with version 2. Verify that the invalidator's
 477   // highest handled invalidation version is updated accordingly.
 478   store->Store(device_policy_.policy(), 2);
 479   invalidator->OnStoreLoaded(store);
 480   EXPECT_EQ(2, invalidator->highest_handled_invalidation_version());
 481
 482   // Indicate that the per-profile invalidation service for the second user
 483   // profile has disconnected.
 484   profile_2_invalidation_service->SetInvalidatorState(
 485       syncer::INVALIDATION_CREDENTIALS_REJECTED);
 486
 487   // Verify that a device-global invalidation service has been created.
 488   ASSERT_TRUE(GetDeviceInvalidationService());
 489   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 490
 491   // Verify that per-profile invalidation services still exist for both user
 492   // profiles.
 493   profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
 494   EXPECT_TRUE(profile_1_invalidation_service);
 495   profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
 496   EXPECT_TRUE(profile_2_invalidation_service);
 497   EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
 498
 499   // Verify that the invalidator has been destroyed.
 500   EXPECT_FALSE(GetCloudPolicyInvalidator());
 501   EXPECT_FALSE(GetInvalidationService());
 502
 503   // Indicate that the device-global invalidation service has connected.
 504   GetDeviceInvalidationService()->OnInvalidatorStateChange(
 505       syncer::INVALIDATIONS_ENABLED);
 506   base::RunLoop().RunUntilIdle();
 507
 508   // Verify that the device-global invalidation service still exists.
 509   EXPECT_TRUE(GetDeviceInvalidationService());
 510   EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
 511
 512   // Verify that per-profile invalidation services still exist for both user
 513   // profiles.
 514   profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
 515   EXPECT_TRUE(profile_1_invalidation_service);
 516   profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
 517   EXPECT_TRUE(profile_2_invalidation_service);
 518   EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
 519
 520   // Verify that an invalidator backed by the device-global invalidation service
 521   // has been created.
 522   invalidator = GetCloudPolicyInvalidator();
 523   ASSERT_TRUE(invalidator);
 524   EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
 525
 526   // Verify that the invalidator's highest handled invalidation version starts
 527   // out as 2.
 528   EXPECT_EQ(2, invalidator->highest_handled_invalidation_version());
 529 }
 530
 531 }  // namespace policy