1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
9 #include "base/basictypes.h"
10 #include "base/compiler_specific.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop/message_loop_proxy.h"
13 #include "base/run_loop.h"
14 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
15 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
16 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
17 #include "chrome/test/base/scoped_testing_local_state.h"
18 #include "chrome/test/base/testing_browser_process.h"
19 #include "chromeos/cryptohome/cryptohome_util.h"
20 #include "chromeos/dbus/fake_cryptohome_client.h"
21 #include "chromeos/dbus/fake_dbus_thread_manager.h"
22 #include "policy/policy_constants.h"
23 #include "testing/gtest/include/gtest/gtest.h"
29 void CopyLockResult(base::RunLoop* loop,
30 EnterpriseInstallAttributes::LockResult* out,
31 EnterpriseInstallAttributes::LockResult result) {
38 class DeviceCloudPolicyStoreChromeOSTest
39 : public chromeos::DeviceSettingsTestBase {
41 DeviceCloudPolicyStoreChromeOSTest()
42 : local_state_(TestingBrowserProcess::GetGlobal()),
43 fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
45 new EnterpriseInstallAttributes(fake_cryptohome_client_)),
46 store_(new DeviceCloudPolicyStoreChromeOS(
47 &device_settings_service_,
48 install_attributes_.get(),
49 base::MessageLoopProxy::current())) {
50 fake_dbus_thread_manager_->SetCryptohomeClient(
51 scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
54 virtual void SetUp() OVERRIDE {
55 DeviceSettingsTestBase::SetUp();
58 EnterpriseInstallAttributes::LockResult result;
59 install_attributes_->LockDevice(
60 PolicyBuilder::kFakeUsername,
61 DEVICE_MODE_ENTERPRISE,
62 PolicyBuilder::kFakeDeviceId,
63 base::Bind(&CopyLockResult, &loop, &result));
65 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
68 void ExpectFailure(CloudPolicyStore::Status expected_status) {
69 EXPECT_EQ(expected_status, store_->status());
70 EXPECT_TRUE(store_->is_initialized());
71 EXPECT_FALSE(store_->has_policy());
72 EXPECT_FALSE(store_->is_managed());
75 void ExpectSuccess() {
76 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
77 EXPECT_TRUE(store_->is_initialized());
78 EXPECT_TRUE(store_->has_policy());
79 EXPECT_TRUE(store_->is_managed());
80 EXPECT_TRUE(store_->policy());
81 base::FundamentalValue expected(false);
83 base::Value::Equals(&expected,
84 store_->policy_map().GetValue(
85 key::kDeviceMetricsReportingEnabled)));
88 void PrepareExistingPolicy() {
90 FlushDeviceSettings();
93 device_policy_.UnsetNewSigningKey();
94 device_policy_.Build();
97 void PrepareNewSigningKey() {
98 device_policy_.SetDefaultNewSigningKey();
99 device_policy_.Build();
100 owner_key_util_->SetPublicKeyFromPrivateKey(
101 *device_policy_.GetNewSigningKey());
104 void ResetToNonEnterprise() {
106 chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
108 install_attributes_.reset(
109 new EnterpriseInstallAttributes(fake_cryptohome_client_));
111 new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
112 install_attributes_.get(),
113 base::MessageLoopProxy::current()));
116 ScopedTestingLocalState local_state_;
117 chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
118 scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
120 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
123 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
126 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
127 owner_key_util_->Clear();
129 FlushDeviceSettings();
130 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
133 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
134 device_settings_test_helper_.set_policy_blob(std::string());
136 FlushDeviceSettings();
137 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
140 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
141 ResetToNonEnterprise();
143 FlushDeviceSettings();
144 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
147 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
149 FlushDeviceSettings();
153 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
154 PrepareExistingPolicy();
155 store_->Store(device_policy_.policy());
156 FlushDeviceSettings();
160 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
161 PrepareExistingPolicy();
162 device_policy_.policy().clear_policy_data_signature();
163 store_->Store(device_policy_.policy());
164 FlushDeviceSettings();
165 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
166 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
167 store_->validation_status());
170 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
171 PrepareExistingPolicy();
172 device_policy_.policy().set_policy_data_signature("invalid");
173 store_->Store(device_policy_.policy());
174 FlushDeviceSettings();
175 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
176 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
177 store_->validation_status());
180 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
181 PrepareExistingPolicy();
182 device_policy_.SetDefaultNewSigningKey();
183 device_policy_.Build();
184 store_->Store(device_policy_.policy());
185 device_settings_test_helper_.FlushLoops();
186 device_settings_test_helper_.FlushStore();
187 owner_key_util_->SetPublicKeyFromPrivateKey(
188 *device_policy_.GetNewSigningKey());
189 ReloadDeviceSettings();
193 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
194 StoreKeyRotationVerificationFailure) {
195 PrepareExistingPolicy();
196 device_policy_.SetDefaultNewSigningKey();
197 device_policy_.Build();
198 *device_policy_.policy().mutable_new_public_key_verification_signature() =
200 store_->Store(device_policy_.policy());
201 FlushDeviceSettings();
202 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
203 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
204 store_->validation_status());
207 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
208 StoreKeyRotationMissingSignatureFailure) {
209 PrepareExistingPolicy();
210 device_policy_.SetDefaultNewSigningKey();
211 device_policy_.Build();
212 device_policy_.policy().clear_new_public_key_verification_signature();
213 store_->Store(device_policy_.policy());
214 FlushDeviceSettings();
215 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
216 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
217 store_->validation_status());
220 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
221 PrepareNewSigningKey();
222 store_->InstallInitialPolicy(device_policy_.policy());
223 FlushDeviceSettings();
227 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
228 PrepareNewSigningKey();
229 device_policy_.policy().clear_policy_data_signature();
230 store_->InstallInitialPolicy(device_policy_.policy());
231 FlushDeviceSettings();
232 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
233 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
234 store_->validation_status());
237 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
238 InstallInitialPolicyVerificationFailure) {
239 PrepareNewSigningKey();
240 *device_policy_.policy().mutable_new_public_key_verification_signature() =
242 store_->InstallInitialPolicy(device_policy_.policy());
243 FlushDeviceSettings();
244 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
245 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
246 store_->validation_status());
249 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
250 InstallInitialPolicyMissingSignatureFailure) {
251 PrepareNewSigningKey();
252 device_policy_.policy().clear_new_public_key_verification_signature();
253 store_->InstallInitialPolicy(device_policy_.policy());
254 FlushDeviceSettings();
255 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
256 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
257 store_->validation_status());
260 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
261 PrepareNewSigningKey();
262 device_policy_.policy().clear_new_public_key();
263 store_->InstallInitialPolicy(device_policy_.policy());
264 FlushDeviceSettings();
265 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
266 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
267 store_->validation_status());
270 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
271 PrepareNewSigningKey();
272 ResetToNonEnterprise();
273 store_->InstallInitialPolicy(device_policy_.policy());
274 FlushDeviceSettings();
275 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
278 } // namespace policy