src/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
   6
   7 #include "base/basictypes.h"
   8 #include "base/bind.h"
   9 #include "base/bind_helpers.h"
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/message_loop/message_loop.h"
  13 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
  14 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
  15 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
  16 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
  17 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
  18 #include "components/policy/core/common/cloud/policy_builder.h"
  19 #include "content/public/test/test_browser_thread.h"
  20 #include "crypto/rsa_private_key.h"
  21 #include "policy/proto/device_management_backend.pb.h"
  22 #include "testing/gmock/include/gmock/gmock.h"
  23 #include "testing/gtest/include/gtest/gtest.h"
  24
  25 namespace em = enterprise_management;
  26
  27 using testing::Mock;
  28 using testing::_;
  29
  30 namespace chromeos {
  31
  32 class SessionManagerOperationTest : public testing::Test {
  33  public:
  34   SessionManagerOperationTest()
  35       : ui_thread_(content::BrowserThread::UI, &message_loop_),
  36         file_thread_(content::BrowserThread::FILE, &message_loop_),
  37         owner_key_util_(new MockOwnerKeyUtil()),
  38         validated_(false) {}
  39
  40   virtual void SetUp() OVERRIDE {
  41     policy_.payload().mutable_pinned_apps()->add_app_id("fake-app");
  42     policy_.Build();
  43   }
  44
  45   MOCK_METHOD2(OnOperationCompleted,
  46                void(SessionManagerOperation*, DeviceSettingsService::Status));
  47
  48   void CheckSuccessfulValidation(
  49       policy::DeviceCloudPolicyValidator* validator) {
  50     EXPECT_TRUE(validator->success());
  51     EXPECT_TRUE(validator->payload().get());
  52     EXPECT_EQ(validator->payload()->SerializeAsString(),
  53               policy_.payload().SerializeAsString());
  54     validated_ = true;
  55   }
  56
  57   void CheckPublicKeyLoaded(SessionManagerOperation* op) {
  58     ASSERT_TRUE(op->owner_key().get());
  59     ASSERT_TRUE(op->owner_key()->public_key());
  60     std::vector<uint8> public_key;
  61     ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
  62     EXPECT_EQ(public_key, *op->owner_key()->public_key());
  63   }
  64
  65   void CheckPrivateKeyLoaded(SessionManagerOperation* op) {
  66     ASSERT_TRUE(op->owner_key().get());
  67     ASSERT_TRUE(op->owner_key()->private_key());
  68     std::vector<uint8> expected_key;
  69     ASSERT_TRUE(policy_.GetSigningKey()->ExportPrivateKey(&expected_key));
  70     std::vector<uint8> actual_key;
  71     ASSERT_TRUE(op->owner_key()->private_key()->ExportPrivateKey(&actual_key));
  72     EXPECT_EQ(expected_key, actual_key);
  73   }
  74
  75  protected:
  76   base::MessageLoop message_loop_;
  77   content::TestBrowserThread ui_thread_;
  78   content::TestBrowserThread file_thread_;
  79
  80   policy::DevicePolicyBuilder policy_;
  81   DeviceSettingsTestHelper device_settings_test_helper_;
  82   scoped_refptr<MockOwnerKeyUtil> owner_key_util_;
  83
  84   bool validated_;
  85
  86  private:
  87   DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest);
  88 };
  89
  90 TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) {
  91   LoadSettingsOperation op(
  92       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
  93                  base::Unretained(this)));
  94
  95   EXPECT_CALL(*this,
  96               OnOperationCompleted(
  97                   &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE));
  98   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
  99   device_settings_test_helper_.Flush();
 100   Mock::VerifyAndClearExpectations(this);
 101
 102   EXPECT_FALSE(op.policy_data().get());
 103   EXPECT_FALSE(op.device_settings().get());
 104   ASSERT_TRUE(op.owner_key().get());
 105   EXPECT_FALSE(op.owner_key()->public_key());
 106   EXPECT_FALSE(op.owner_key()->private_key());
 107 }
 108
 109 TEST_F(SessionManagerOperationTest, LoadOwnerKey) {
 110   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
 111   LoadSettingsOperation op(
 112       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 113                  base::Unretained(this)));
 114
 115   EXPECT_CALL(*this,
 116               OnOperationCompleted(
 117                   &op, DeviceSettingsService::STORE_NO_POLICY));
 118   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 119   device_settings_test_helper_.Flush();
 120   Mock::VerifyAndClearExpectations(this);
 121
 122   CheckPublicKeyLoaded(&op);
 123 }
 124
 125 TEST_F(SessionManagerOperationTest, LoadPolicy) {
 126   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
 127   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
 128   LoadSettingsOperation op(
 129       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 130                  base::Unretained(this)));
 131
 132   EXPECT_CALL(*this,
 133               OnOperationCompleted(
 134                   &op, DeviceSettingsService::STORE_SUCCESS));
 135   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 136   device_settings_test_helper_.Flush();
 137   Mock::VerifyAndClearExpectations(this);
 138
 139   ASSERT_TRUE(op.policy_data().get());
 140   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
 141             op.policy_data()->SerializeAsString());
 142   ASSERT_TRUE(op.device_settings().get());
 143   EXPECT_EQ(policy_.payload().SerializeAsString(),
 144             op.device_settings()->SerializeAsString());
 145 }
 146
 147 TEST_F(SessionManagerOperationTest, LoadPrivateOwnerKey) {
 148   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 149   LoadSettingsOperation op(
 150       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 151                  base::Unretained(this)));
 152
 153   EXPECT_CALL(*this,
 154               OnOperationCompleted(
 155                   &op, DeviceSettingsService::STORE_NO_POLICY));
 156   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 157   device_settings_test_helper_.Flush();
 158   Mock::VerifyAndClearExpectations(this);
 159
 160   CheckPublicKeyLoaded(&op);
 161   CheckPrivateKeyLoaded(&op);
 162 }
 163
 164 TEST_F(SessionManagerOperationTest, RestartLoad) {
 165   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 166   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
 167   LoadSettingsOperation op(
 168       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 169                  base::Unretained(this)));
 170
 171   EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0);
 172   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 173   device_settings_test_helper_.FlushLoops();
 174   device_settings_test_helper_.FlushRetrieve();
 175   EXPECT_TRUE(op.owner_key().get());
 176   EXPECT_TRUE(op.owner_key()->public_key());
 177   Mock::VerifyAndClearExpectations(this);
 178
 179   // Now install a different key and policy and restart the operation.
 180   policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey());
 181   policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true);
 182   policy_.Build();
 183   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
 184   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 185
 186   EXPECT_CALL(*this,
 187               OnOperationCompleted(
 188                   &op, DeviceSettingsService::STORE_SUCCESS));
 189   op.RestartLoad(true);
 190   device_settings_test_helper_.Flush();
 191   Mock::VerifyAndClearExpectations(this);
 192
 193   // Check that the new keys have been loaded.
 194   CheckPublicKeyLoaded(&op);
 195   CheckPrivateKeyLoaded(&op);
 196
 197   // Verify the new policy.
 198   ASSERT_TRUE(op.policy_data().get());
 199   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
 200             op.policy_data()->SerializeAsString());
 201   ASSERT_TRUE(op.device_settings().get());
 202   EXPECT_EQ(policy_.payload().SerializeAsString(),
 203             op.device_settings()->SerializeAsString());
 204 }
 205
 206 TEST_F(SessionManagerOperationTest, StoreSettings) {
 207   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
 208   StoreSettingsOperation op(
 209       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 210                  base::Unretained(this)),
 211       policy_.GetCopy());
 212
 213   EXPECT_CALL(*this,
 214               OnOperationCompleted(
 215                   &op, DeviceSettingsService::STORE_SUCCESS));
 216   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 217   device_settings_test_helper_.Flush();
 218   Mock::VerifyAndClearExpectations(this);
 219
 220   EXPECT_EQ(device_settings_test_helper_.policy_blob(),
 221             policy_.GetBlob());
 222   ASSERT_TRUE(op.policy_data().get());
 223   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
 224             op.policy_data()->SerializeAsString());
 225   ASSERT_TRUE(op.device_settings().get());
 226   EXPECT_EQ(policy_.payload().SerializeAsString(),
 227             op.device_settings()->SerializeAsString());
 228 }
 229
 230 TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
 231   base::Time before(base::Time::NowFromSystemTime());
 232   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
 233   SignAndStoreSettingsOperation op(
 234       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
 235                  base::Unretained(this)),
 236       scoped_ptr<em::ChromeDeviceSettingsProto>(
 237           new em::ChromeDeviceSettingsProto(policy_.payload())),
 238       policy_.policy_data().username());
 239
 240   EXPECT_CALL(*this,
 241               OnOperationCompleted(
 242                   &op, DeviceSettingsService::STORE_SUCCESS));
 243   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
 244   device_settings_test_helper_.Flush();
 245   Mock::VerifyAndClearExpectations(this);
 246   base::Time after(base::Time::NowFromSystemTime());
 247
 248   // The blob should validate.
 249   scoped_ptr<em::PolicyFetchResponse> policy_response(
 250       new em::PolicyFetchResponse());
 251   ASSERT_TRUE(
 252       policy_response->ParseFromString(
 253           device_settings_test_helper_.policy_blob()));
 254   policy::DeviceCloudPolicyValidator* validator =
 255       policy::DeviceCloudPolicyValidator::Create(
 256           policy_response.Pass(), message_loop_.message_loop_proxy());
 257   validator->ValidateUsername(policy_.policy_data().username());
 258   validator->ValidateTimestamp(
 259       before,
 260       after,
 261       policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
 262   validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
 263   validator->ValidatePayload();
 264   std::vector<uint8> public_key;
 265   policy_.GetSigningKey()->ExportPublicKey(&public_key);
 266   // Convert from bytes to string format (which is what ValidateSignature()
 267   // takes).
 268   std::string public_key_as_string = std::string(
 269       reinterpret_cast<const char*>(vector_as_array(&public_key)),
 270       public_key.size());
 271   validator->ValidateSignature(
 272       public_key_as_string,
 273       policy::GetPolicyVerificationKey(),
 274       policy::PolicyBuilder::kFakeDomain,
 275       false);
 276   validator->StartValidation(
 277       base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
 278                  base::Unretained(this)));
 279
 280   message_loop_.RunUntilIdle();
 281   EXPECT_TRUE(validated_);
 282
 283   // Check that the loaded policy_data contains the expected values.
 284   EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType,
 285             op.policy_data()->policy_type());
 286   EXPECT_LE((before - base::Time::UnixEpoch()).InMilliseconds(),
 287             op.policy_data()->timestamp());
 288   EXPECT_GE((after - base::Time::UnixEpoch()).InMilliseconds(),
 289             op.policy_data()->timestamp());
 290   EXPECT_FALSE(op.policy_data()->has_request_token());
 291   EXPECT_EQ(policy_.policy_data().username(), op.policy_data()->username());
 292
 293   // Loaded device settings should match what the operation received.
 294   ASSERT_TRUE(op.device_settings().get());
 295   EXPECT_EQ(policy_.payload().SerializeAsString(),
 296             op.device_settings()->SerializeAsString());
 297 }
 298
 299 }  // namespace chromeos