1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
9 #include "base/basictypes.h"
10 #include "base/compiler_specific.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop/message_loop_proxy.h"
13 #include "base/run_loop.h"
14 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
15 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
16 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
17 #include "chrome/test/base/scoped_testing_local_state.h"
18 #include "chrome/test/base/testing_browser_process.h"
19 #include "chromeos/cryptohome/cryptohome_util.h"
20 #include "chromeos/dbus/fake_cryptohome_client.h"
21 #include "policy/policy_constants.h"
22 #include "testing/gtest/include/gtest/gtest.h"
28 void CopyLockResult(base::RunLoop* loop,
29 EnterpriseInstallAttributes::LockResult* out,
30 EnterpriseInstallAttributes::LockResult result) {
37 class DeviceCloudPolicyStoreChromeOSTest
38 : public chromeos::DeviceSettingsTestBase {
40 DeviceCloudPolicyStoreChromeOSTest()
41 : local_state_(TestingBrowserProcess::GetGlobal()),
42 fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
44 new EnterpriseInstallAttributes(fake_cryptohome_client_.get())),
45 store_(new DeviceCloudPolicyStoreChromeOS(
46 &device_settings_service_,
47 install_attributes_.get(),
48 base::MessageLoopProxy::current())) {
49 fake_cryptohome_client_->Init(NULL /* no dbus::Bus */);
52 virtual void SetUp() OVERRIDE {
53 DeviceSettingsTestBase::SetUp();
56 EnterpriseInstallAttributes::LockResult result;
57 install_attributes_->LockDevice(
58 PolicyBuilder::kFakeUsername,
59 DEVICE_MODE_ENTERPRISE,
60 PolicyBuilder::kFakeDeviceId,
61 base::Bind(&CopyLockResult, &loop, &result));
63 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
66 void ExpectFailure(CloudPolicyStore::Status expected_status) {
67 EXPECT_EQ(expected_status, store_->status());
68 EXPECT_TRUE(store_->is_initialized());
69 EXPECT_FALSE(store_->has_policy());
70 EXPECT_FALSE(store_->is_managed());
73 void ExpectSuccess() {
74 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
75 EXPECT_TRUE(store_->is_initialized());
76 EXPECT_TRUE(store_->has_policy());
77 EXPECT_TRUE(store_->is_managed());
78 EXPECT_TRUE(store_->policy());
79 base::FundamentalValue expected(false);
81 base::Value::Equals(&expected,
82 store_->policy_map().GetValue(
83 key::kDeviceMetricsReportingEnabled)));
86 void PrepareExistingPolicy() {
88 FlushDeviceSettings();
91 device_policy_.UnsetNewSigningKey();
92 device_policy_.Build();
95 void PrepareNewSigningKey() {
96 device_policy_.SetDefaultNewSigningKey();
97 device_policy_.Build();
98 owner_key_util_->SetPublicKeyFromPrivateKey(
99 *device_policy_.GetNewSigningKey());
102 void ResetToNonEnterprise() {
104 chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
106 install_attributes_.reset(new EnterpriseInstallAttributes(
107 fake_cryptohome_client_.get()));
109 new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
110 install_attributes_.get(),
111 base::MessageLoopProxy::current()));
114 ScopedTestingLocalState local_state_;
115 scoped_ptr<chromeos::FakeCryptohomeClient> fake_cryptohome_client_;
116 scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
118 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
121 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
124 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
125 owner_key_util_->Clear();
127 FlushDeviceSettings();
128 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
131 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
132 device_settings_test_helper_.set_policy_blob(std::string());
134 FlushDeviceSettings();
135 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
138 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
139 ResetToNonEnterprise();
141 FlushDeviceSettings();
142 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
145 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
147 FlushDeviceSettings();
151 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
152 PrepareExistingPolicy();
153 store_->Store(device_policy_.policy());
154 FlushDeviceSettings();
158 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
159 PrepareExistingPolicy();
160 device_policy_.policy().clear_policy_data_signature();
161 store_->Store(device_policy_.policy());
162 FlushDeviceSettings();
163 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
164 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
165 store_->validation_status());
168 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
169 PrepareExistingPolicy();
170 device_policy_.policy().set_policy_data_signature("invalid");
171 store_->Store(device_policy_.policy());
172 FlushDeviceSettings();
173 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
174 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
175 store_->validation_status());
178 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
179 PrepareExistingPolicy();
180 device_policy_.SetDefaultNewSigningKey();
181 device_policy_.Build();
182 store_->Store(device_policy_.policy());
183 device_settings_test_helper_.FlushLoops();
184 device_settings_test_helper_.FlushStore();
185 owner_key_util_->SetPublicKeyFromPrivateKey(
186 *device_policy_.GetNewSigningKey());
187 ReloadDeviceSettings();
191 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
192 StoreKeyRotationVerificationFailure) {
193 PrepareExistingPolicy();
194 device_policy_.SetDefaultNewSigningKey();
195 device_policy_.Build();
196 *device_policy_.policy().mutable_new_public_key_verification_signature() =
198 store_->Store(device_policy_.policy());
199 FlushDeviceSettings();
200 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
201 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
202 store_->validation_status());
205 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
206 StoreKeyRotationMissingSignatureFailure) {
207 PrepareExistingPolicy();
208 device_policy_.SetDefaultNewSigningKey();
209 device_policy_.Build();
210 device_policy_.policy().clear_new_public_key_verification_signature();
211 store_->Store(device_policy_.policy());
212 FlushDeviceSettings();
213 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
214 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
215 store_->validation_status());
218 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
219 PrepareNewSigningKey();
220 store_->InstallInitialPolicy(device_policy_.policy());
221 FlushDeviceSettings();
225 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
226 PrepareNewSigningKey();
227 device_policy_.policy().clear_policy_data_signature();
228 store_->InstallInitialPolicy(device_policy_.policy());
229 FlushDeviceSettings();
230 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
231 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
232 store_->validation_status());
235 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
236 InstallInitialPolicyVerificationFailure) {
237 PrepareNewSigningKey();
238 *device_policy_.policy().mutable_new_public_key_verification_signature() =
240 store_->InstallInitialPolicy(device_policy_.policy());
241 FlushDeviceSettings();
242 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
243 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
244 store_->validation_status());
247 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
248 InstallInitialPolicyMissingSignatureFailure) {
249 PrepareNewSigningKey();
250 device_policy_.policy().clear_new_public_key_verification_signature();
251 store_->InstallInitialPolicy(device_policy_.policy());
252 FlushDeviceSettings();
253 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
254 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
255 store_->validation_status());
258 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
259 PrepareNewSigningKey();
260 device_policy_.policy().clear_new_public_key();
261 store_->InstallInitialPolicy(device_policy_.policy());
262 FlushDeviceSettings();
263 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
264 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
265 store_->validation_status());
268 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
269 PrepareNewSigningKey();
270 ResetToNonEnterprise();
271 store_->InstallInitialPolicy(device_policy_.policy());
272 FlushDeviceSettings();
273 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
276 } // namespace policy