projects / platform / framework / web / crosswalk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Upstream version 10.39.225.0
[platform/framework/web/crosswalk.git] / src / chrome / browser / chromeos / policy / device_cloud_policy_manager_chromeos_unittest.cc
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
6
7 #include <algorithm>
8
9 #include "base/basictypes.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/message_loop/message_loop.h"
15 #include "base/prefs/pref_registry_simple.h"
16 #include "base/prefs/testing_pref_service.h"
17 #include "base/run_loop.h"
18 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
19 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
20 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
21 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
22 #include "chrome/browser/chromeos/settings/cros_settings.h"
23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
24 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
25 #include "chrome/browser/chromeos/settings/device_settings_service.h"
26 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
27 #include "chrome/browser/prefs/browser_prefs.h"
28 #include "chrome/test/base/testing_browser_process.h"
29 #include "chromeos/cryptohome/system_salt_getter.h"
30 #include "chromeos/dbus/dbus_client_implementation_type.h"
31 #include "chromeos/dbus/dbus_thread_manager.h"
32 #include "chromeos/dbus/fake_cryptohome_client.h"
33 #include "chromeos/dbus/fake_session_manager_client.h"
34 #include "chromeos/system/mock_statistics_provider.h"
35 #include "chromeos/system/statistics_provider.h"
36 #include "components/policy/core/common/cloud/cloud_policy_client.h"
37 #include "components/policy/core/common/cloud/mock_device_management_service.h"
38 #include "components/policy/core/common/external_data_fetcher.h"
39 #include "components/policy/core/common/schema_registry.h"
40 #include "google_apis/gaia/gaia_oauth_client.h"
41 #include "net/url_request/test_url_fetcher_factory.h"
42 #include "net/url_request/url_request_test_util.h"
43 #include "policy/policy_constants.h"
44 #include "policy/proto/device_management_backend.pb.h"
45 #include "testing/gmock/include/gmock/gmock.h"
46 #include "testing/gtest/include/gtest/gtest.h"
47
48 using testing::AnyNumber;
49 using testing::AtMost;
50 using testing::DoAll;
51 using testing::Mock;
52 using testing::Return;
53 using testing::SaveArg;
54 using testing::SetArgumentPointee;
55 using testing::_;
56
57 namespace em = enterprise_management;
58
59 namespace policy {
60 namespace {
61
62 void CopyLockResult(base::RunLoop* loop,
63                     EnterpriseInstallAttributes::LockResult* out,
64                     EnterpriseInstallAttributes::LockResult result) {
65   *out = result;
66   loop->Quit();
67 }
68
69 class DeviceCloudPolicyManagerChromeOSTest
70     : public chromeos::DeviceSettingsTestBase {
71  protected:
72   DeviceCloudPolicyManagerChromeOSTest()
73       : fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
74         state_keys_broker_(&fake_session_manager_client_,
75                            base::MessageLoopProxy::current()),
76         store_(NULL) {
77     EXPECT_CALL(mock_statistics_provider_,
78                 GetMachineStatistic(_, _))
79         .WillRepeatedly(Return(false));
80     EXPECT_CALL(mock_statistics_provider_,
81                 GetMachineStatistic("serial_number", _))
82         .WillRepeatedly(DoAll(SetArgumentPointee<1>(std::string("test_sn")),
83                               Return(true)));
84     chromeos::system::StatisticsProvider::SetTestProvider(
85         &mock_statistics_provider_);
86     std::vector<std::string> state_keys;
87     state_keys.push_back("1");
88     state_keys.push_back("2");
89     state_keys.push_back("3");
90     fake_session_manager_client_.set_server_backed_state_keys(state_keys);
91   }
92
93   virtual ~DeviceCloudPolicyManagerChromeOSTest() {
94     chromeos::system::StatisticsProvider::SetTestProvider(NULL);
95   }
96
97   virtual void SetUp() OVERRIDE {
98     DeviceSettingsTestBase::SetUp();
99     dbus_setter_->SetCryptohomeClient(
100         scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
101
102     install_attributes_.reset(
103         new EnterpriseInstallAttributes(fake_cryptohome_client_));
104     store_ =
105         new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
106                                            install_attributes_.get(),
107                                            base::MessageLoopProxy::current());
108     manager_.reset(new DeviceCloudPolicyManagerChromeOS(
109         make_scoped_ptr(store_),
110         base::MessageLoopProxy::current(),
111         &state_keys_broker_));
112
113     chrome::RegisterLocalState(local_state_.registry());
114     manager_->Init(&schema_registry_);
115
116     // DeviceOAuth2TokenService uses the system request context to fetch
117     // OAuth tokens, then writes the token to local state, encrypting it
118     // first with methods in CryptohomeTokenEncryptor.
119     request_context_getter_ = new net::TestURLRequestContextGetter(
120         base::MessageLoopProxy::current());
121     TestingBrowserProcess::GetGlobal()->SetSystemRequestContext(
122         request_context_getter_.get());
123     TestingBrowserProcess::GetGlobal()->SetLocalState(&local_state_);
124     // SystemSaltGetter is used in DeviceOAuth2TokenService.
125     chromeos::SystemSaltGetter::Initialize();
126     chromeos::DeviceOAuth2TokenServiceFactory::Initialize();
127     url_fetcher_response_code_ = 200;
128     url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\","
129                                    "\"expires_in\":1234,"
130                                    "\"refresh_token\":\"refreshToken4Test\"}";
131   }
132
133   virtual void TearDown() OVERRIDE {
134     manager_->Shutdown();
135     if (initializer_)
136       initializer_->Shutdown();
137     DeviceSettingsTestBase::TearDown();
138
139     chromeos::DeviceOAuth2TokenServiceFactory::Shutdown();
140     chromeos::SystemSaltGetter::Shutdown();
141     TestingBrowserProcess::GetGlobal()->SetLocalState(NULL);
142   }
143
144   void LockDevice() {
145     base::RunLoop loop;
146     EnterpriseInstallAttributes::LockResult result;
147     install_attributes_->LockDevice(
148         PolicyBuilder::kFakeUsername,
149         DEVICE_MODE_ENTERPRISE,
150         PolicyBuilder::kFakeDeviceId,
151         base::Bind(&CopyLockResult, &loop, &result));
152     loop.Run();
153     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
154   }
155
156   void ConnectManager() {
157     manager_->Initialize(&local_state_);
158     initializer_.reset(new DeviceCloudPolicyInitializer(
159         &local_state_,
160         &device_management_service_,
161         &consumer_device_management_service_,
162         base::MessageLoopProxy::current(),
163         install_attributes_.get(),
164         &state_keys_broker_,
165         store_,
166         manager_.get(),
167         &device_settings_service_,
168         base::Bind(&base::DoNothing)));
169     initializer_->Init();
170   }
171
172   void VerifyPolicyPopulated() {
173     PolicyBundle bundle;
174     bundle.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
175         .Set(key::kDeviceMetricsReportingEnabled,
176              POLICY_LEVEL_MANDATORY,
177              POLICY_SCOPE_MACHINE,
178              new base::FundamentalValue(false),
179              NULL);
180     EXPECT_TRUE(manager_->policies().Equals(bundle));
181   }
182
183   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
184
185   scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
186   net::TestURLFetcherFactory url_fetcher_factory_;
187   int url_fetcher_response_code_;
188   string url_fetcher_response_string_;
189   TestingPrefServiceSimple local_state_;
190   MockDeviceManagementService device_management_service_;
191   MockDeviceManagementService consumer_device_management_service_;
192   chromeos::ScopedTestDeviceSettingsService test_device_settings_service_;
193   chromeos::ScopedTestCrosSettings test_cros_settings_;
194   chromeos::system::MockStatisticsProvider mock_statistics_provider_;
195   chromeos::FakeSessionManagerClient fake_session_manager_client_;
196   chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
197   ServerBackedStateKeysBroker state_keys_broker_;
198
199   DeviceCloudPolicyStoreChromeOS* store_;
200   SchemaRegistry schema_registry_;
201   scoped_ptr<DeviceCloudPolicyManagerChromeOS> manager_;
202   scoped_ptr<DeviceCloudPolicyInitializer> initializer_;
203
204  private:
205   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSTest);
206 };
207
208 TEST_F(DeviceCloudPolicyManagerChromeOSTest, FreshDevice) {
209   owner_key_util_->Clear();
210   FlushDeviceSettings();
211   EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
212
213   manager_->Initialize(&local_state_);
214
215   PolicyBundle bundle;
216   EXPECT_TRUE(manager_->policies().Equals(bundle));
217 }
218
219 TEST_F(DeviceCloudPolicyManagerChromeOSTest, EnrolledDevice) {
220   LockDevice();
221   FlushDeviceSettings();
222   EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
223   EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
224   VerifyPolicyPopulated();
225
226   ConnectManager();
227   VerifyPolicyPopulated();
228
229   manager_->Shutdown();
230   VerifyPolicyPopulated();
231
232   EXPECT_EQ(store_->policy()->service_account_identity(),
233             PolicyBuilder::kFakeServiceAccountIdentity);
234 }
235
236 TEST_F(DeviceCloudPolicyManagerChromeOSTest, UnmanagedDevice) {
237   device_policy_.policy_data().set_state(em::PolicyData::UNMANAGED);
238   device_policy_.Build();
239   device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
240
241   LockDevice();
242   FlushDeviceSettings();
243   EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
244   EXPECT_FALSE(store_->is_managed());
245
246   // Policy settings should be ignored for UNMANAGED devices.
247   PolicyBundle bundle;
248   EXPECT_TRUE(manager_->policies().Equals(bundle));
249
250   // Trigger a policy refresh.
251   MockDeviceManagementJob* policy_fetch_job = NULL;
252   EXPECT_CALL(device_management_service_,
253               CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
254       .Times(AtMost(1))
255       .WillOnce(device_management_service_.CreateAsyncJob(&policy_fetch_job));
256   EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _, _))
257       .Times(AtMost(1));
258   ConnectManager();
259   base::RunLoop().RunUntilIdle();
260   Mock::VerifyAndClearExpectations(&device_management_service_);
261   ASSERT_TRUE(policy_fetch_job);
262
263   // Switch back to ACTIVE, service the policy fetch and let it propagate.
264   device_policy_.policy_data().set_state(em::PolicyData::ACTIVE);
265   device_policy_.Build();
266   device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
267   em::DeviceManagementResponse policy_fetch_response;
268   policy_fetch_response.mutable_policy_response()->add_response()->CopyFrom(
269       device_policy_.policy());
270   policy_fetch_job->SendResponse(DM_STATUS_SUCCESS, policy_fetch_response);
271   FlushDeviceSettings();
272
273   // Policy state should now be active and the policy map should be populated.
274   EXPECT_TRUE(store_->is_managed());
275   VerifyPolicyPopulated();
276 }
277
278 TEST_F(DeviceCloudPolicyManagerChromeOSTest, ConsumerDevice) {
279   FlushDeviceSettings();
280   EXPECT_EQ(CloudPolicyStore::STATUS_BAD_STATE, store_->status());
281   EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
282
283   PolicyBundle bundle;
284   EXPECT_TRUE(manager_->policies().Equals(bundle));
285
286   ConnectManager();
287   EXPECT_TRUE(manager_->policies().Equals(bundle));
288
289   manager_->Shutdown();
290   EXPECT_TRUE(manager_->policies().Equals(bundle));
291 }
292
293 class DeviceCloudPolicyManagerChromeOSEnrollmentTest
294     : public DeviceCloudPolicyManagerChromeOSTest {
295  public:
296   void Done(EnrollmentStatus status) {
297     status_ = status;
298     done_ = true;
299   }
300
301  protected:
302   DeviceCloudPolicyManagerChromeOSEnrollmentTest()
303       : is_auto_enrollment_(false),
304         management_mode_(em::PolicyData::ENTERPRISE_MANAGED),
305         register_status_(DM_STATUS_SUCCESS),
306         policy_fetch_status_(DM_STATUS_SUCCESS),
307         robot_auth_fetch_status_(DM_STATUS_SUCCESS),
308         store_result_(true),
309         status_(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)),
310         done_(false) {}
311
312   virtual void SetUp() OVERRIDE {
313     DeviceCloudPolicyManagerChromeOSTest::SetUp();
314
315     // Set up test data.
316     device_policy_.SetDefaultNewSigningKey();
317     device_policy_.policy_data().set_timestamp(
318         (base::Time::NowFromSystemTime() -
319          base::Time::UnixEpoch()).InMilliseconds());
320     device_policy_.Build();
321
322     register_response_.mutable_register_response()->set_device_management_token(
323         PolicyBuilder::kFakeToken);
324     policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom(
325         device_policy_.policy());
326     robot_auth_fetch_response_.mutable_service_api_access_response()
327         ->set_auth_code("auth_code_for_test");
328     loaded_blob_ = device_policy_.GetBlob();
329
330     // Initialize the manager.
331     FlushDeviceSettings();
332     EXPECT_EQ(CloudPolicyStore::STATUS_BAD_STATE, store_->status());
333     EXPECT_TRUE(manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
334
335     PolicyBundle bundle;
336     EXPECT_TRUE(manager_->policies().Equals(bundle));
337
338     ConnectManager();
339   }
340
341   void ExpectFailedEnrollment(EnrollmentStatus::Status status) {
342     EXPECT_EQ(status, status_.status());
343     EXPECT_FALSE(store_->is_managed());
344     PolicyBundle empty_bundle;
345     EXPECT_TRUE(manager_->policies().Equals(empty_bundle));
346   }
347
348   void ExpectSuccessfulEnrollment() {
349     EXPECT_EQ(EnrollmentStatus::STATUS_SUCCESS, status_.status());
350     ASSERT_TRUE(manager_->core()->client());
351     EXPECT_TRUE(manager_->core()->client()->is_registered());
352
353     if (management_mode_ != em::PolicyData::CONSUMER_MANAGED) {
354       EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
355       EXPECT_TRUE(store_->has_policy());
356       EXPECT_TRUE(store_->is_managed());
357       VerifyPolicyPopulated();
358     }
359   }
360
361   void RunTest() {
362     // Trigger enrollment.
363     MockDeviceManagementJob* register_job = NULL;
364     EXPECT_CALL(device_management_service_,
365                 CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION, _))
366         .Times(AtMost(1))
367         .WillOnce(device_management_service_.CreateAsyncJob(&register_job));
368     EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _, _))
369         .Times(AtMost(1))
370         .WillOnce(DoAll(SaveArg<5>(&client_id_),
371                         SaveArg<6>(&register_request_)));
372     DeviceCloudPolicyInitializer::AllowedDeviceModes modes;
373     modes[DEVICE_MODE_ENTERPRISE] = true;
374     initializer_->StartEnrollment(
375         management_mode_,
376         &device_management_service_,
377         "auth token", is_auto_enrollment_, modes,
378         base::Bind(&DeviceCloudPolicyManagerChromeOSEnrollmentTest::Done,
379                    base::Unretained(this)));
380     base::RunLoop().RunUntilIdle();
381     Mock::VerifyAndClearExpectations(&device_management_service_);
382
383     if (done_)
384       return;
385
386     // Process registration.
387     ASSERT_TRUE(register_job);
388     MockDeviceManagementJob* policy_fetch_job = NULL;
389     EXPECT_CALL(device_management_service_,
390                 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
391         .Times(AtMost(1))
392         .WillOnce(device_management_service_.CreateAsyncJob(&policy_fetch_job));
393     EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _, _))
394         .Times(AtMost(1));
395     register_job->SendResponse(register_status_, register_response_);
396     Mock::VerifyAndClearExpectations(&device_management_service_);
397
398     if (done_)
399       return;
400
401     // Process policy fetch.
402     ASSERT_TRUE(policy_fetch_job);
403     policy_fetch_job->SendResponse(policy_fetch_status_,
404                                    policy_fetch_response_);
405
406     if (done_)
407       return;
408
409     // Process verification.
410     MockDeviceManagementJob* robot_auth_fetch_job = NULL;
411     EXPECT_CALL(device_management_service_, CreateJob(
412         DeviceManagementRequestJob::TYPE_API_AUTH_CODE_FETCH, _))
413         .Times(AtMost(1))
414         .WillOnce(device_management_service_.CreateAsyncJob(
415             &robot_auth_fetch_job));
416     EXPECT_CALL(device_management_service_, StartJob(_, _, _, _, _, _, _))
417         .Times(AtMost(1));
418     base::RunLoop().RunUntilIdle();
419     Mock::VerifyAndClearExpectations(&device_management_service_);
420
421     if (done_)
422       return;
423
424     // Process robot auth token fetch.
425     ASSERT_TRUE(robot_auth_fetch_job);
426     robot_auth_fetch_job->SendResponse(robot_auth_fetch_status_,
427                                        robot_auth_fetch_response_);
428     Mock::VerifyAndClearExpectations(&device_management_service_);
429
430     if (done_)
431       return;
432
433     // Process robot refresh token fetch if the auth code fetch succeeded.
434     // DeviceCloudPolicyInitializer holds an EnrollmentHandlerChromeOS which
435     // holds a GaiaOAuthClient that fetches the refresh token during enrollment.
436     // We return a successful OAuth response via a TestURLFetcher to trigger the
437     // happy path for these classes so that enrollment can continue.
438     if (robot_auth_fetch_status_ == DM_STATUS_SUCCESS) {
439       net::TestURLFetcher* url_fetcher = url_fetcher_factory_.GetFetcherByID(
440           gaia::GaiaOAuthClient::kUrlFetcherId);
441       ASSERT_TRUE(url_fetcher);
442       url_fetcher->SetMaxRetriesOn5xx(0);
443       url_fetcher->set_status(net::URLRequestStatus());
444       url_fetcher->set_response_code(url_fetcher_response_code_);
445       url_fetcher->SetResponseString(url_fetcher_response_string_);
446       url_fetcher->delegate()->OnURLFetchComplete(url_fetcher);
447     }
448
449     if (management_mode_ == em::PolicyData::CONSUMER_MANAGED)
450       FlushDeviceSettings();
451     else
452       base::RunLoop().RunUntilIdle();
453
454     if (done_)
455       return;
456
457     // Process robot refresh token store.
458     chromeos::DeviceOAuth2TokenService* token_service =
459         chromeos::DeviceOAuth2TokenServiceFactory::Get();
460     EXPECT_TRUE(token_service->RefreshTokenIsAvailable(
461         token_service->GetRobotAccountId()));
462
463     // Process policy store.
464     device_settings_test_helper_.set_store_result(store_result_);
465     device_settings_test_helper_.FlushStore();
466     EXPECT_EQ(device_policy_.GetBlob(),
467               device_settings_test_helper_.policy_blob());
468
469     if (done_)
470       return;
471
472     // Key installation and policy load.
473     device_settings_test_helper_.set_policy_blob(loaded_blob_);
474     owner_key_util_->SetPublicKeyFromPrivateKey(
475         *device_policy_.GetNewSigningKey());
476     ReloadDeviceSettings();
477   }
478
479   bool is_auto_enrollment_;
480   em::PolicyData::ManagementMode management_mode_;
481
482   DeviceManagementStatus register_status_;
483   em::DeviceManagementResponse register_response_;
484
485   DeviceManagementStatus policy_fetch_status_;
486   em::DeviceManagementResponse policy_fetch_response_;
487
488   DeviceManagementStatus robot_auth_fetch_status_;
489   em::DeviceManagementResponse robot_auth_fetch_response_;
490
491   bool store_result_;
492   std::string loaded_blob_;
493
494   em::DeviceManagementRequest register_request_;
495   std::string client_id_;
496   EnrollmentStatus status_;
497
498   bool done_;
499
500  private:
501   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOSEnrollmentTest);
502 };
503
504 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Success) {
505   RunTest();
506   ExpectSuccessfulEnrollment();
507 }
508
509 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, AutoEnrollment) {
510   is_auto_enrollment_ = true;
511   RunTest();
512   ExpectSuccessfulEnrollment();
513   EXPECT_TRUE(register_request_.register_request().auto_enrolled());
514 }
515
516 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, Reenrollment) {
517   LockDevice();
518
519   RunTest();
520   ExpectSuccessfulEnrollment();
521   EXPECT_TRUE(register_request_.register_request().reregister());
522   EXPECT_EQ(PolicyBuilder::kFakeDeviceId, client_id_);
523 }
524
525 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, RegistrationFailed) {
526   register_status_ = DM_STATUS_REQUEST_FAILED;
527   RunTest();
528   ExpectFailedEnrollment(EnrollmentStatus::STATUS_REGISTRATION_FAILED);
529   EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status());
530 }
531
532 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
533        RobotAuthCodeFetchFailed) {
534   robot_auth_fetch_status_ = DM_STATUS_REQUEST_FAILED;
535   RunTest();
536   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED);
537 }
538
539 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
540        RobotRefreshTokenFetchResponseCodeFailed) {
541   url_fetcher_response_code_ = 400;
542   RunTest();
543   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED);
544   EXPECT_EQ(400, status_.http_status());
545 }
546
547 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
548        RobotRefreshTokenFetchResponseStringFailed) {
549   url_fetcher_response_string_ = "invalid response json";
550   RunTest();
551   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED);
552 }
553
554 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
555        RobotRefreshEncryptionFailed) {
556   // The encryption lib is a noop for tests, but empty results from encryption
557   // is an error, so we simulate an encryption error by returning an empty
558   // refresh token.
559   url_fetcher_response_string_ = "{\"access_token\":\"accessToken4Test\","
560                                  "\"expires_in\":1234,"
561                                  "\"refresh_token\":\"\"}";
562   RunTest();
563   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED);
564 }
565
566 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, PolicyFetchFailed) {
567   policy_fetch_status_ = DM_STATUS_REQUEST_FAILED;
568   RunTest();
569   ExpectFailedEnrollment(EnrollmentStatus::STATUS_POLICY_FETCH_FAILED);
570   EXPECT_EQ(DM_STATUS_REQUEST_FAILED, status_.client_status());
571 }
572
573 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, ValidationFailed) {
574   device_policy_.policy().set_policy_data_signature("bad");
575   policy_fetch_response_.clear_policy_response();
576   policy_fetch_response_.mutable_policy_response()->add_response()->CopyFrom(
577       device_policy_.policy());
578   RunTest();
579   ExpectFailedEnrollment(EnrollmentStatus::STATUS_VALIDATION_FAILED);
580   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
581             status_.validation_status());
582 }
583
584 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, StoreError) {
585   store_result_ = false;
586   RunTest();
587   ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR);
588   EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR,
589             status_.store_status());
590 }
591
592 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest, LoadError) {
593   loaded_blob_.clear();
594   RunTest();
595   ExpectFailedEnrollment(EnrollmentStatus::STATUS_STORE_ERROR);
596   EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
597             status_.store_status());
598 }
599
600 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentTest,
601        SuccessfulConsumerManagementEnrollment) {
602   management_mode_ = em::PolicyData::CONSUMER_MANAGED;
603   owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey());
604   InitOwner(device_policy_.policy_data().username(), true);
605   FlushDeviceSettings();
606
607   RunTest();
608   ExpectSuccessfulEnrollment();
609 }
610
611 // A subclass that runs with a blank system salt.
612 class DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest
613     : public DeviceCloudPolicyManagerChromeOSEnrollmentTest {
614  protected:
615   DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest() {
616     // Set up a FakeCryptohomeClient with a blank system salt.
617     fake_cryptohome_client_->set_system_salt(std::vector<uint8>());
618   }
619 };
620
621 TEST_F(DeviceCloudPolicyManagerChromeOSEnrollmentBlankSystemSaltTest,
622        RobotRefreshSaveFailed) {
623   // Without the system salt, the robot token can't be stored.
624   RunTest();
625   ExpectFailedEnrollment(EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED);
626 }
627
628 }  // namespace
629 }  // namespace policy
Domain: Web Framework / Uncategorized;