src/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
   6
   7 #include <vector>
   8
   9 #include "base/basictypes.h"
  10 #include "base/compiler_specific.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/message_loop/message_loop_proxy.h"
  13 #include "base/run_loop.h"
  14 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  15 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
  16 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  17 #include "chrome/test/base/scoped_testing_local_state.h"
  18 #include "chrome/test/base/testing_browser_process.h"
  19 #include "chromeos/cryptohome/cryptohome_util.h"
  20 #include "chromeos/dbus/fake_cryptohome_client.h"
  21 #include "policy/policy_constants.h"
  22 #include "testing/gtest/include/gtest/gtest.h"
  23
  24 namespace policy {
  25
  26 namespace {
  27
  28 void CopyLockResult(base::RunLoop* loop,
  29                     EnterpriseInstallAttributes::LockResult* out,
  30                     EnterpriseInstallAttributes::LockResult result) {
  31   *out = result;
  32   loop->Quit();
  33 }
  34
  35 }  // namespace
  36
  37 class DeviceCloudPolicyStoreChromeOSTest
  38     : public chromeos::DeviceSettingsTestBase {
  39  protected:
  40   DeviceCloudPolicyStoreChromeOSTest()
  41       : local_state_(TestingBrowserProcess::GetGlobal()),
  42         fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
  43         install_attributes_(
  44             new EnterpriseInstallAttributes(fake_cryptohome_client_.get())),
  45         store_(new DeviceCloudPolicyStoreChromeOS(
  46             &device_settings_service_,
  47             install_attributes_.get(),
  48             base::MessageLoopProxy::current())) {
  49     fake_cryptohome_client_->Init(NULL /* no dbus::Bus */);
  50   }
  51
  52   virtual void SetUp() OVERRIDE {
  53     DeviceSettingsTestBase::SetUp();
  54
  55     base::RunLoop loop;
  56     EnterpriseInstallAttributes::LockResult result;
  57     install_attributes_->LockDevice(
  58         PolicyBuilder::kFakeUsername,
  59         DEVICE_MODE_ENTERPRISE,
  60         PolicyBuilder::kFakeDeviceId,
  61         base::Bind(&CopyLockResult, &loop, &result));
  62     loop.Run();
  63     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
  64   }
  65
  66   void ExpectFailure(CloudPolicyStore::Status expected_status) {
  67     EXPECT_EQ(expected_status, store_->status());
  68     EXPECT_TRUE(store_->is_initialized());
  69     EXPECT_FALSE(store_->has_policy());
  70     EXPECT_FALSE(store_->is_managed());
  71   }
  72
  73   void ExpectSuccess() {
  74     EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
  75     EXPECT_TRUE(store_->is_initialized());
  76     EXPECT_TRUE(store_->has_policy());
  77     EXPECT_TRUE(store_->is_managed());
  78     EXPECT_TRUE(store_->policy());
  79     base::FundamentalValue expected(false);
  80     EXPECT_TRUE(
  81         base::Value::Equals(&expected,
  82                             store_->policy_map().GetValue(
  83                                 key::kDeviceMetricsReportingEnabled)));
  84   }
  85
  86   void PrepareExistingPolicy() {
  87     store_->Load();
  88     FlushDeviceSettings();
  89     ExpectSuccess();
  90
  91     device_policy_.UnsetNewSigningKey();
  92     device_policy_.Build();
  93   }
  94
  95   void PrepareNewSigningKey() {
  96     device_policy_.SetDefaultNewSigningKey();
  97     device_policy_.Build();
  98     owner_key_util_->SetPublicKeyFromPrivateKey(
  99         *device_policy_.GetNewSigningKey());
 100   }
 101
 102   void ResetToNonEnterprise() {
 103     store_.reset();
 104     chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
 105                                                     std::string());
 106     install_attributes_.reset(new EnterpriseInstallAttributes(
 107         fake_cryptohome_client_.get()));
 108     store_.reset(
 109         new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
 110                                            install_attributes_.get(),
 111                                            base::MessageLoopProxy::current()));
 112   }
 113
 114   ScopedTestingLocalState local_state_;
 115   scoped_ptr<chromeos::FakeCryptohomeClient> fake_cryptohome_client_;
 116   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
 117
 118   scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
 119
 120  private:
 121   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
 122 };
 123
 124 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
 125   owner_key_util_->Clear();
 126   store_->Load();
 127   FlushDeviceSettings();
 128   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 129 }
 130
 131 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
 132   device_settings_test_helper_.set_policy_blob(std::string());
 133   store_->Load();
 134   FlushDeviceSettings();
 135   ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
 136 }
 137
 138 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
 139   ResetToNonEnterprise();
 140   store_->Load();
 141   FlushDeviceSettings();
 142   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 143 }
 144
 145 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
 146   store_->Load();
 147   FlushDeviceSettings();
 148   ExpectSuccess();
 149 }
 150
 151 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
 152   PrepareExistingPolicy();
 153   store_->Store(device_policy_.policy());
 154   FlushDeviceSettings();
 155   ExpectSuccess();
 156 }
 157
 158 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
 159   PrepareExistingPolicy();
 160   device_policy_.policy().clear_policy_data_signature();
 161   store_->Store(device_policy_.policy());
 162   FlushDeviceSettings();
 163   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 164   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 165             store_->validation_status());
 166 }
 167
 168 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
 169   PrepareExistingPolicy();
 170   device_policy_.policy().set_policy_data_signature("invalid");
 171   store_->Store(device_policy_.policy());
 172   FlushDeviceSettings();
 173   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 174   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 175             store_->validation_status());
 176 }
 177
 178 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
 179   PrepareExistingPolicy();
 180   device_policy_.SetDefaultNewSigningKey();
 181   device_policy_.Build();
 182   store_->Store(device_policy_.policy());
 183   device_settings_test_helper_.FlushLoops();
 184   device_settings_test_helper_.FlushStore();
 185   owner_key_util_->SetPublicKeyFromPrivateKey(
 186       *device_policy_.GetNewSigningKey());
 187   ReloadDeviceSettings();
 188   ExpectSuccess();
 189 }
 190
 191 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 192        StoreKeyRotationVerificationFailure) {
 193   PrepareExistingPolicy();
 194   device_policy_.SetDefaultNewSigningKey();
 195   device_policy_.Build();
 196   *device_policy_.policy().mutable_new_public_key_verification_signature() =
 197       "garbage";
 198   store_->Store(device_policy_.policy());
 199   FlushDeviceSettings();
 200   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 201   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 202             store_->validation_status());
 203 }
 204
 205 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 206        StoreKeyRotationMissingSignatureFailure) {
 207   PrepareExistingPolicy();
 208   device_policy_.SetDefaultNewSigningKey();
 209   device_policy_.Build();
 210   device_policy_.policy().clear_new_public_key_verification_signature();
 211   store_->Store(device_policy_.policy());
 212   FlushDeviceSettings();
 213   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 214   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 215             store_->validation_status());
 216 }
 217
 218 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
 219   PrepareNewSigningKey();
 220   store_->InstallInitialPolicy(device_policy_.policy());
 221   FlushDeviceSettings();
 222   ExpectSuccess();
 223 }
 224
 225 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
 226   PrepareNewSigningKey();
 227   device_policy_.policy().clear_policy_data_signature();
 228   store_->InstallInitialPolicy(device_policy_.policy());
 229   FlushDeviceSettings();
 230   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 231   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 232             store_->validation_status());
 233 }
 234
 235 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 236        InstallInitialPolicyVerificationFailure) {
 237   PrepareNewSigningKey();
 238   *device_policy_.policy().mutable_new_public_key_verification_signature() =
 239       "garbage";
 240   store_->InstallInitialPolicy(device_policy_.policy());
 241   FlushDeviceSettings();
 242   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 243   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 244             store_->validation_status());
 245 }
 246
 247 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 248        InstallInitialPolicyMissingSignatureFailure) {
 249   PrepareNewSigningKey();
 250   device_policy_.policy().clear_new_public_key_verification_signature();
 251   store_->InstallInitialPolicy(device_policy_.policy());
 252   FlushDeviceSettings();
 253   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 254   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 255             store_->validation_status());
 256 }
 257
 258 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
 259   PrepareNewSigningKey();
 260   device_policy_.policy().clear_new_public_key();
 261   store_->InstallInitialPolicy(device_policy_.policy());
 262   FlushDeviceSettings();
 263   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 264   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 265             store_->validation_status());
 266 }
 267
 268 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
 269   PrepareNewSigningKey();
 270   ResetToNonEnterprise();
 271   store_->InstallInitialPolicy(device_policy_.policy());
 272   FlushDeviceSettings();
 273   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 274 }
 275
 276 }  // namespace policy