src/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
   6
   7 #include <vector>
   8
   9 #include "base/basictypes.h"
  10 #include "base/compiler_specific.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/message_loop/message_loop_proxy.h"
  13 #include "base/run_loop.h"
  14 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  15 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
  16 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  17 #include "chrome/test/base/scoped_testing_local_state.h"
  18 #include "chrome/test/base/testing_browser_process.h"
  19 #include "chromeos/cryptohome/cryptohome_util.h"
  20 #include "chromeos/dbus/fake_cryptohome_client.h"
  21 #include "chromeos/dbus/fake_dbus_thread_manager.h"
  22 #include "policy/policy_constants.h"
  23 #include "testing/gtest/include/gtest/gtest.h"
  24
  25 namespace policy {
  26
  27 namespace {
  28
  29 void CopyLockResult(base::RunLoop* loop,
  30                     EnterpriseInstallAttributes::LockResult* out,
  31                     EnterpriseInstallAttributes::LockResult result) {
  32   *out = result;
  33   loop->Quit();
  34 }
  35
  36 }  // namespace
  37
  38 class DeviceCloudPolicyStoreChromeOSTest
  39     : public chromeos::DeviceSettingsTestBase {
  40  protected:
  41   DeviceCloudPolicyStoreChromeOSTest()
  42       : local_state_(TestingBrowserProcess::GetGlobal()),
  43         fake_cryptohome_client_(new chromeos::FakeCryptohomeClient()),
  44         install_attributes_(
  45             new EnterpriseInstallAttributes(fake_cryptohome_client_)),
  46         store_(new DeviceCloudPolicyStoreChromeOS(
  47             &device_settings_service_,
  48             install_attributes_.get(),
  49             base::MessageLoopProxy::current())) {
  50     fake_dbus_thread_manager_->SetCryptohomeClient(
  51         scoped_ptr<chromeos::CryptohomeClient>(fake_cryptohome_client_));
  52   }
  53
  54   virtual void SetUp() OVERRIDE {
  55     DeviceSettingsTestBase::SetUp();
  56
  57     base::RunLoop loop;
  58     EnterpriseInstallAttributes::LockResult result;
  59     install_attributes_->LockDevice(
  60         PolicyBuilder::kFakeUsername,
  61         DEVICE_MODE_ENTERPRISE,
  62         PolicyBuilder::kFakeDeviceId,
  63         base::Bind(&CopyLockResult, &loop, &result));
  64     loop.Run();
  65     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
  66   }
  67
  68   void ExpectFailure(CloudPolicyStore::Status expected_status) {
  69     EXPECT_EQ(expected_status, store_->status());
  70     EXPECT_TRUE(store_->is_initialized());
  71     EXPECT_FALSE(store_->has_policy());
  72     EXPECT_FALSE(store_->is_managed());
  73   }
  74
  75   void ExpectSuccess() {
  76     EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
  77     EXPECT_TRUE(store_->is_initialized());
  78     EXPECT_TRUE(store_->has_policy());
  79     EXPECT_TRUE(store_->is_managed());
  80     EXPECT_TRUE(store_->policy());
  81     base::FundamentalValue expected(false);
  82     EXPECT_TRUE(
  83         base::Value::Equals(&expected,
  84                             store_->policy_map().GetValue(
  85                                 key::kDeviceMetricsReportingEnabled)));
  86   }
  87
  88   void PrepareExistingPolicy() {
  89     store_->Load();
  90     FlushDeviceSettings();
  91     ExpectSuccess();
  92
  93     device_policy_.UnsetNewSigningKey();
  94     device_policy_.Build();
  95   }
  96
  97   void PrepareNewSigningKey() {
  98     device_policy_.SetDefaultNewSigningKey();
  99     device_policy_.Build();
 100     owner_key_util_->SetPublicKeyFromPrivateKey(
 101         *device_policy_.GetNewSigningKey());
 102   }
 103
 104   void ResetToNonEnterprise() {
 105     store_.reset();
 106     chromeos::cryptohome_util::InstallAttributesSet("enterprise.owned",
 107                                                     std::string());
 108     install_attributes_.reset(
 109         new EnterpriseInstallAttributes(fake_cryptohome_client_));
 110     store_.reset(
 111         new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
 112                                            install_attributes_.get(),
 113                                            base::MessageLoopProxy::current()));
 114   }
 115
 116   ScopedTestingLocalState local_state_;
 117   chromeos::FakeCryptohomeClient* fake_cryptohome_client_;
 118   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
 119
 120   scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
 121
 122  private:
 123   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
 124 };
 125
 126 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
 127   owner_key_util_->Clear();
 128   store_->Load();
 129   FlushDeviceSettings();
 130   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 131 }
 132
 133 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
 134   device_settings_test_helper_.set_policy_blob(std::string());
 135   store_->Load();
 136   FlushDeviceSettings();
 137   ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
 138 }
 139
 140 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
 141   ResetToNonEnterprise();
 142   store_->Load();
 143   FlushDeviceSettings();
 144   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 145 }
 146
 147 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
 148   store_->Load();
 149   FlushDeviceSettings();
 150   ExpectSuccess();
 151 }
 152
 153 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
 154   PrepareExistingPolicy();
 155   store_->Store(device_policy_.policy());
 156   FlushDeviceSettings();
 157   ExpectSuccess();
 158 }
 159
 160 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
 161   PrepareExistingPolicy();
 162   device_policy_.policy().clear_policy_data_signature();
 163   store_->Store(device_policy_.policy());
 164   FlushDeviceSettings();
 165   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 166   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 167             store_->validation_status());
 168 }
 169
 170 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
 171   PrepareExistingPolicy();
 172   device_policy_.policy().set_policy_data_signature("invalid");
 173   store_->Store(device_policy_.policy());
 174   FlushDeviceSettings();
 175   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 176   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
 177             store_->validation_status());
 178 }
 179
 180 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
 181   PrepareExistingPolicy();
 182   device_policy_.SetDefaultNewSigningKey();
 183   device_policy_.Build();
 184   store_->Store(device_policy_.policy());
 185   device_settings_test_helper_.FlushLoops();
 186   device_settings_test_helper_.FlushStore();
 187   owner_key_util_->SetPublicKeyFromPrivateKey(
 188       *device_policy_.GetNewSigningKey());
 189   ReloadDeviceSettings();
 190   ExpectSuccess();
 191 }
 192
 193 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 194        StoreKeyRotationVerificationFailure) {
 195   PrepareExistingPolicy();
 196   device_policy_.SetDefaultNewSigningKey();
 197   device_policy_.Build();
 198   *device_policy_.policy().mutable_new_public_key_verification_signature() =
 199       "garbage";
 200   store_->Store(device_policy_.policy());
 201   FlushDeviceSettings();
 202   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 203   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 204             store_->validation_status());
 205 }
 206
 207 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 208        StoreKeyRotationMissingSignatureFailure) {
 209   PrepareExistingPolicy();
 210   device_policy_.SetDefaultNewSigningKey();
 211   device_policy_.Build();
 212   device_policy_.policy().clear_new_public_key_verification_signature();
 213   store_->Store(device_policy_.policy());
 214   FlushDeviceSettings();
 215   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
 216   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 217             store_->validation_status());
 218 }
 219
 220 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
 221   PrepareNewSigningKey();
 222   store_->InstallInitialPolicy(device_policy_.policy());
 223   FlushDeviceSettings();
 224   ExpectSuccess();
 225 }
 226
 227 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
 228   PrepareNewSigningKey();
 229   device_policy_.policy().clear_policy_data_signature();
 230   store_->InstallInitialPolicy(device_policy_.policy());
 231   FlushDeviceSettings();
 232   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 233   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 234             store_->validation_status());
 235 }
 236
 237 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 238        InstallInitialPolicyVerificationFailure) {
 239   PrepareNewSigningKey();
 240   *device_policy_.policy().mutable_new_public_key_verification_signature() =
 241       "garbage";
 242   store_->InstallInitialPolicy(device_policy_.policy());
 243   FlushDeviceSettings();
 244   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 245   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 246             store_->validation_status());
 247 }
 248
 249 TEST_F(DeviceCloudPolicyStoreChromeOSTest,
 250        InstallInitialPolicyMissingSignatureFailure) {
 251   PrepareNewSigningKey();
 252   device_policy_.policy().clear_new_public_key_verification_signature();
 253   store_->InstallInitialPolicy(device_policy_.policy());
 254   FlushDeviceSettings();
 255   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 256   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_KEY_VERIFICATION_SIGNATURE,
 257             store_->validation_status());
 258 }
 259
 260 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
 261   PrepareNewSigningKey();
 262   device_policy_.policy().clear_new_public_key();
 263   store_->InstallInitialPolicy(device_policy_.policy());
 264   FlushDeviceSettings();
 265   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
 266   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
 267             store_->validation_status());
 268 }
 269
 270 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
 271   PrepareNewSigningKey();
 272   ResetToNonEnterprise();
 273   store_->InstallInitialPolicy(device_policy_.policy());
 274   FlushDeviceSettings();
 275   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
 276 }
 277
 278 }  // namespace policy