[platform/framework/web/crosswalk.git] / src / chrome / browser / prefs / profile_pref_store_manager_unittest.cc

// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/prefs/profile_pref_store_manager.h"

#include <vector>

#include "base/compiler_specific.h"
#include "base/file_util.h"
#include "base/files/file_enumerator.h"
#include "base/files/scoped_temp_dir.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "base/message_loop/message_loop.h"
#include "base/prefs/json_pref_store.h"
#include "base/prefs/persistent_pref_store.h"
#include "base/prefs/pref_service.h"
#include "base/prefs/pref_service_factory.h"
#include "base/prefs/pref_store.h"
#include "base/prefs/testing_pref_service.h"
#include "base/run_loop.h"
#include "base/strings/string_util.h"
#include "base/values.h"
#include "chrome/browser/prefs/mock_validation_delegate.h"
#include "chrome/browser/prefs/pref_hash_filter.h"
#include "chrome/browser/prefs/tracked/pref_service_hash_store_contents.h"
#include "chrome/common/pref_names.h"
#include "components/pref_registry/pref_registry_syncable.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace {

class FirstEqualsPredicate {
 public:
  explicit FirstEqualsPredicate(const std::string& expected)
      : expected_(expected) {}
  bool operator()(const std::pair<std::string, base::Value*>& pair) {
    return pair.first == expected_;
  }

 private:
  const std::string expected_;
};

// Observes changes to the PrefStore and verifies that only registered prefs are
// written.
class RegistryVerifier : public PrefStore::Observer {
 public:
  explicit RegistryVerifier(PrefRegistry* pref_registry)
      : pref_registry_(pref_registry) {}

  // PrefStore::Observer implementation
  virtual void OnPrefValueChanged(const std::string& key) OVERRIDE {
    EXPECT_TRUE(pref_registry_->end() !=
                std::find_if(pref_registry_->begin(),
                             pref_registry_->end(),
                             FirstEqualsPredicate(key)))
        << "Unregistered key " << key << " was changed.";
  }

  virtual void OnInitializationCompleted(bool succeeded) OVERRIDE {}

 private:
  scoped_refptr<PrefRegistry> pref_registry_;
};

const char kUnprotectedPref[] = "unprotected_pref";
const char kTrackedAtomic[] = "tracked_atomic";
const char kProtectedAtomic[] = "protected_atomic";

const char kFoobar[] = "FOOBAR";
const char kBarfoo[] = "BARFOO";
const char kHelloWorld[] = "HELLOWORLD";
const char kGoodbyeWorld[] = "GOODBYEWORLD";

const PrefHashFilter::TrackedPreferenceMetadata kConfiguration[] = {
    {0u, kTrackedAtomic, PrefHashFilter::NO_ENFORCEMENT,
     PrefHashFilter::TRACKING_STRATEGY_ATOMIC},
    {1u, kProtectedAtomic, PrefHashFilter::ENFORCE_ON_LOAD,
     PrefHashFilter::TRACKING_STRATEGY_ATOMIC}};

const size_t kExtraReportingId = 2u;
const size_t kReportingIdCount = 3u;

}  // namespace

class ProfilePrefStoreManagerTest : public testing::Test {
 public:
  ProfilePrefStoreManagerTest()
      : configuration_(kConfiguration,
                       kConfiguration + arraysize(kConfiguration)),
        profile_pref_registry_(new user_prefs::PrefRegistrySyncable),
        registry_verifier_(profile_pref_registry_),
        seed_("seed") {}

  virtual void SetUp() OVERRIDE {
    ProfilePrefStoreManager::RegisterPrefs(local_state_.registry());
    ProfilePrefStoreManager::RegisterProfilePrefs(profile_pref_registry_);
    for (const PrefHashFilter::TrackedPreferenceMetadata* it = kConfiguration;
         it != kConfiguration + arraysize(kConfiguration);
         ++it) {
      if (it->strategy == PrefHashFilter::TRACKING_STRATEGY_ATOMIC) {
        profile_pref_registry_->RegisterStringPref(
            it->name,
            std::string(),
            user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
      } else {
        profile_pref_registry_->RegisterDictionaryPref(
            it->name, user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
      }
    }
    profile_pref_registry_->RegisterStringPref(
        kUnprotectedPref,
        std::string(),
        user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);

    // As in chrome_pref_service_factory.cc, kPreferencesResetTime needs to be
    // declared as protected in order to be read from the proper store by the
    // SegregatedPrefStore. Only declare it after configured prefs have been
    // registered above for this test as kPreferenceResetTime is already
    // registered in ProfilePrefStoreManager::RegisterProfilePrefs.
    PrefHashFilter::TrackedPreferenceMetadata pref_reset_time_config =
        {configuration_.rbegin()->reporting_id + 1, prefs::kPreferenceResetTime,
         PrefHashFilter::ENFORCE_ON_LOAD,
         PrefHashFilter::TRACKING_STRATEGY_ATOMIC};
    configuration_.push_back(pref_reset_time_config);

    ASSERT_TRUE(profile_dir_.CreateUniqueTempDir());
    ReloadConfiguration();
  }

  void ReloadConfiguration() {
    manager_.reset(new ProfilePrefStoreManager(profile_dir_.path(),
                                               configuration_,
                                               kReportingIdCount,
                                               seed_,
                                               "device_id",
                                               &local_state_));
  }

  virtual void TearDown() OVERRIDE { DestroyPrefStore(); }

 protected:
  bool WasResetRecorded() {
    base::PrefServiceFactory pref_service_factory;
    pref_service_factory.set_user_prefs(pref_store_);

    scoped_ptr<PrefService> pref_service(
        pref_service_factory.Create(profile_pref_registry_));

    return !ProfilePrefStoreManager::GetResetTime(pref_service.get()).is_null();
  }

  void ClearResetRecorded() {
    base::PrefServiceFactory pref_service_factory;
    pref_service_factory.set_user_prefs(pref_store_);

    scoped_ptr<PrefService> pref_service(
        pref_service_factory.Create(profile_pref_registry_));

    ProfilePrefStoreManager::ClearResetTime(pref_service.get());
  }

  void InitializePrefs() {
    // According to the implementation of ProfilePrefStoreManager, this is
    // actually a SegregatedPrefStore backed by two underlying pref stores.
    scoped_refptr<PersistentPrefStore> pref_store =
        manager_->CreateProfilePrefStore(
            main_message_loop_.message_loop_proxy(),
            &mock_validation_delegate_);
    InitializePrefStore(pref_store);
    pref_store = NULL;
    base::RunLoop().RunUntilIdle();
  }

  void DestroyPrefStore() {
    if (pref_store_) {
      ClearResetRecorded();
      // Force everything to be written to disk, triggering the PrefHashFilter
      // while our RegistryVerifier is watching.
      pref_store_->CommitPendingWrite();
      base::RunLoop().RunUntilIdle();

      pref_store_->RemoveObserver(&registry_verifier_);
      pref_store_ = NULL;
      // Nothing should have to happen on the background threads, but just in
      // case...
      base::RunLoop().RunUntilIdle();
    }
  }

  void InitializeDeprecatedCombinedProfilePrefStore() {
    scoped_refptr<PersistentPrefStore> pref_store =
        manager_->CreateDeprecatedCombinedProfilePrefStore(
            main_message_loop_.message_loop_proxy());
    InitializePrefStore(pref_store);
    pref_store = NULL;
    base::RunLoop().RunUntilIdle();
  }

  void InitializePrefStore(PersistentPrefStore* pref_store) {
    pref_store->AddObserver(&registry_verifier_);
    PersistentPrefStore::PrefReadError error = pref_store->ReadPrefs();
    EXPECT_EQ(PersistentPrefStore::PREF_READ_ERROR_NO_FILE, error);
    pref_store->SetValue(kTrackedAtomic, new base::StringValue(kFoobar));
    pref_store->SetValue(kProtectedAtomic, new base::StringValue(kHelloWorld));
    pref_store->SetValue(kUnprotectedPref, new base::StringValue(kFoobar));
    pref_store->RemoveObserver(&registry_verifier_);
    pref_store->CommitPendingWrite();
    base::RunLoop().RunUntilIdle();
  }

  void LoadExistingPrefs() {
    DestroyPrefStore();
    pref_store_ = manager_->CreateProfilePrefStore(
        main_message_loop_.message_loop_proxy(), NULL);
    pref_store_->AddObserver(&registry_verifier_);
    pref_store_->ReadPrefs();
  }

  void ReplaceStringInPrefs(const std::string& find,
                            const std::string& replace) {
    base::FileEnumerator file_enum(
        profile_dir_.path(), true, base::FileEnumerator::FILES);

    for (base::FilePath path = file_enum.Next(); !path.empty();
         path = file_enum.Next()) {
      // Tamper with the file's contents
      std::string contents;
      EXPECT_TRUE(base::ReadFileToString(path, &contents));
      ReplaceSubstringsAfterOffset(&contents, 0u, find, replace);
      EXPECT_EQ(static_cast<int>(contents.length()),
                base::WriteFile(path, contents.c_str(), contents.length()));
    }
  }

  void ExpectStringValueEquals(const std::string& name,
                               const std::string& expected) {
    const base::Value* value = NULL;
    std::string as_string;
    if (!pref_store_->GetValue(name, &value)) {
      ADD_FAILURE() << name << " is not a defined value.";
    } else if (!value->GetAsString(&as_string)) {
      ADD_FAILURE() << name << " could not be coerced to a string.";
    } else {
      EXPECT_EQ(expected, as_string);
    }
  }

  void ExpectValidationObserved(const std::string& pref_path) {
    // No validations are expected for platforms that do not support tracking.
    if (!ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking)
      return;
    if (!mock_validation_delegate_.GetEventForPath(pref_path))
      ADD_FAILURE() << "No validation observed for preference: " << pref_path;
  }

  base::MessageLoop main_message_loop_;
  std::vector<PrefHashFilter::TrackedPreferenceMetadata> configuration_;
  base::ScopedTempDir profile_dir_;
  TestingPrefServiceSimple local_state_;
  scoped_refptr<user_prefs::PrefRegistrySyncable> profile_pref_registry_;
  RegistryVerifier registry_verifier_;
  MockValidationDelegate mock_validation_delegate_;
  scoped_ptr<ProfilePrefStoreManager> manager_;
  scoped_refptr<PersistentPrefStore> pref_store_;

  std::string seed_;
};

TEST_F(ProfilePrefStoreManagerTest, StoreValues) {
  InitializePrefs();

  LoadExistingPrefs();

  ExpectStringValueEquals(kTrackedAtomic, kFoobar);
  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
  EXPECT_FALSE(WasResetRecorded());
  ExpectValidationObserved(kTrackedAtomic);
  ExpectValidationObserved(kProtectedAtomic);
}

TEST_F(ProfilePrefStoreManagerTest, GetPrefFilePathFromProfilePath) {
  base::FilePath pref_file_path =
      ProfilePrefStoreManager::GetPrefFilePathFromProfilePath(
          profile_dir_.path());

  EXPECT_FALSE(base::PathExists(pref_file_path));

  InitializePrefs();

  EXPECT_TRUE(base::PathExists(pref_file_path));
}

TEST_F(ProfilePrefStoreManagerTest, ProtectValues) {
  InitializePrefs();

  ReplaceStringInPrefs(kFoobar, kBarfoo);
  ReplaceStringInPrefs(kHelloWorld, kGoodbyeWorld);

  LoadExistingPrefs();

  // kTrackedAtomic is unprotected and thus will be loaded as it appears on
  // disk.
  ExpectStringValueEquals(kTrackedAtomic, kBarfoo);

  // If preference tracking is supported, the tampered value of kProtectedAtomic
  // will be discarded at load time, leaving this preference undefined.
  EXPECT_NE(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            pref_store_->GetValue(kProtectedAtomic, NULL));
  EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            WasResetRecorded());

  ExpectValidationObserved(kTrackedAtomic);
  ExpectValidationObserved(kProtectedAtomic);
}

TEST_F(ProfilePrefStoreManagerTest, MigrateFromOneFile) {
  InitializeDeprecatedCombinedProfilePrefStore();

  // The deprecated model stores hashes in local state (on supported
  // platforms)..
  ASSERT_EQ(
      ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
      local_state_.GetUserPrefValue(
          PrefServiceHashStoreContents::kProfilePreferenceHashes) != NULL);

  LoadExistingPrefs();

  // After a first migration, the hashes were copied to the two user preference
  // files but were not cleaned.
  ASSERT_EQ(
      ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
      local_state_.GetUserPrefValue(
          PrefServiceHashStoreContents::kProfilePreferenceHashes) != NULL);

  ExpectStringValueEquals(kTrackedAtomic, kFoobar);
  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
  EXPECT_FALSE(WasResetRecorded());

  LoadExistingPrefs();

  // In a subsequent launch, the local state hash store should be reset.
  ASSERT_FALSE(local_state_.GetUserPrefValue(
      PrefServiceHashStoreContents::kProfilePreferenceHashes));

  ExpectStringValueEquals(kTrackedAtomic, kFoobar);
  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
  EXPECT_FALSE(WasResetRecorded());
}

TEST_F(ProfilePrefStoreManagerTest, MigrateWithTampering) {
  InitializeDeprecatedCombinedProfilePrefStore();

  ReplaceStringInPrefs(kFoobar, kBarfoo);
  ReplaceStringInPrefs(kHelloWorld, kGoodbyeWorld);

  // The deprecated model stores hashes in local state (on supported
  // platforms)..
  ASSERT_EQ(
      ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
      local_state_.GetUserPrefValue(
          PrefServiceHashStoreContents::kProfilePreferenceHashes) != NULL);

  LoadExistingPrefs();

  // After a first migration, the hashes were copied to the two user preference
  // files but were not cleaned.
  ASSERT_EQ(
      ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
      local_state_.GetUserPrefValue(
          PrefServiceHashStoreContents::kProfilePreferenceHashes) != NULL);

  // kTrackedAtomic is unprotected and thus will be loaded as it appears on
  // disk.
  ExpectStringValueEquals(kTrackedAtomic, kBarfoo);

  // If preference tracking is supported, the tampered value of kProtectedAtomic
  // will be discarded at load time, leaving this preference undefined.
  EXPECT_NE(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            pref_store_->GetValue(kProtectedAtomic, NULL));
  EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            WasResetRecorded());

  LoadExistingPrefs();

  // In a subsequent launch, the local state hash store would be reset.
  ASSERT_FALSE(local_state_.GetUserPrefValue(
      PrefServiceHashStoreContents::kProfilePreferenceHashes));

  ExpectStringValueEquals(kTrackedAtomic, kBarfoo);
  EXPECT_FALSE(WasResetRecorded());
}

TEST_F(ProfilePrefStoreManagerTest, InitializePrefsFromMasterPrefs) {
  base::DictionaryValue master_prefs;
  master_prefs.Set(kTrackedAtomic, new base::StringValue(kFoobar));
  master_prefs.Set(kProtectedAtomic, new base::StringValue(kHelloWorld));
  EXPECT_TRUE(manager_->InitializePrefsFromMasterPrefs(master_prefs));

  LoadExistingPrefs();

  // Verify that InitializePrefsFromMasterPrefs correctly applied the MACs
  // necessary to authenticate these values.
  ExpectStringValueEquals(kTrackedAtomic, kFoobar);
  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
  EXPECT_FALSE(WasResetRecorded());
}

TEST_F(ProfilePrefStoreManagerTest, UnprotectedToProtected) {
  InitializePrefs();

  ExpectValidationObserved(kTrackedAtomic);
  ExpectValidationObserved(kProtectedAtomic);

  LoadExistingPrefs();
  ExpectStringValueEquals(kUnprotectedPref, kFoobar);

  // Ensure everything is written out to disk.
  DestroyPrefStore();

  ReplaceStringInPrefs(kFoobar, kBarfoo);

  // It's unprotected, so we can load the modified value.
  LoadExistingPrefs();
  ExpectStringValueEquals(kUnprotectedPref, kBarfoo);

  // Now update the configuration to protect it.
  PrefHashFilter::TrackedPreferenceMetadata new_protected = {
      kExtraReportingId, kUnprotectedPref, PrefHashFilter::ENFORCE_ON_LOAD,
      PrefHashFilter::TRACKING_STRATEGY_ATOMIC};
  configuration_.push_back(new_protected);
  ReloadConfiguration();

  // And try loading with the new configuration.
  LoadExistingPrefs();

  // Since there was a valid super MAC we were able to extend the existing trust
  // to the newly protected preference.
  ExpectStringValueEquals(kUnprotectedPref, kBarfoo);
  EXPECT_FALSE(WasResetRecorded());

  // Ensure everything is written out to disk.
  DestroyPrefStore();

  // It's protected now, so (if the platform supports it) any tampering should
  // lead to a reset.
  ReplaceStringInPrefs(kBarfoo, kFoobar);
  LoadExistingPrefs();
  EXPECT_NE(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            pref_store_->GetValue(kUnprotectedPref, NULL));
  EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            WasResetRecorded());
}

TEST_F(ProfilePrefStoreManagerTest, NewPrefWhenFirstProtecting) {
  std::vector<PrefHashFilter::TrackedPreferenceMetadata>
      original_configuration = configuration_;
  for (std::vector<PrefHashFilter::TrackedPreferenceMetadata>::iterator it =
           configuration_.begin();
       it != configuration_.end();
       ++it) {
    it->enforcement_level = PrefHashFilter::NO_ENFORCEMENT;
  }
  ReloadConfiguration();

  InitializePrefs();

  ExpectValidationObserved(kTrackedAtomic);
  ExpectValidationObserved(kProtectedAtomic);

  LoadExistingPrefs();
  ExpectStringValueEquals(kUnprotectedPref, kFoobar);

  // Ensure everything is written out to disk.
  DestroyPrefStore();

  // Now introduce protection, including the never-before tracked "new_pref".
  configuration_ = original_configuration;
  PrefHashFilter::TrackedPreferenceMetadata new_protected = {
      kExtraReportingId, kUnprotectedPref, PrefHashFilter::ENFORCE_ON_LOAD,
      PrefHashFilter::TRACKING_STRATEGY_ATOMIC};
  configuration_.push_back(new_protected);
  ReloadConfiguration();

  // And try loading with the new configuration.
  LoadExistingPrefs();

  // Since there was a valid super MAC we were able to extend the existing trust
  // to the newly tracked & protected preference.
  ExpectStringValueEquals(kUnprotectedPref, kFoobar);
  EXPECT_FALSE(WasResetRecorded());
}

TEST_F(ProfilePrefStoreManagerTest, UnprotectedToProtectedWithoutTrust) {
  InitializePrefs();

  ExpectValidationObserved(kTrackedAtomic);
  ExpectValidationObserved(kProtectedAtomic);

  // Now update the configuration to protect it.
  PrefHashFilter::TrackedPreferenceMetadata new_protected = {
      kExtraReportingId, kUnprotectedPref, PrefHashFilter::ENFORCE_ON_LOAD,
      PrefHashFilter::TRACKING_STRATEGY_ATOMIC};
  configuration_.push_back(new_protected);
  seed_ = "new-seed-to-break-trust";
  ReloadConfiguration();

  // And try loading with the new configuration.
  LoadExistingPrefs();

  // If preference tracking is supported, kUnprotectedPref will have been
  // discarded because new values are not accepted without a valid super MAC.
  EXPECT_NE(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            pref_store_->GetValue(kUnprotectedPref, NULL));
  EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
            WasResetRecorded());
}

// This test verifies that preference values are correctly maintained when a
// preference's protection state changes from protected to unprotected.
TEST_F(ProfilePrefStoreManagerTest, ProtectedToUnprotected) {
  InitializePrefs();

  ExpectValidationObserved(kTrackedAtomic);
  ExpectValidationObserved(kProtectedAtomic);

  DestroyPrefStore();

  // Unconfigure protection for kProtectedAtomic
  for (std::vector<PrefHashFilter::TrackedPreferenceMetadata>::iterator it =
           configuration_.begin();
       it != configuration_.end();
       ++it) {
    if (it->name == kProtectedAtomic) {
      it->enforcement_level = PrefHashFilter::NO_ENFORCEMENT;
      break;
    }
  }

  seed_ = "new-seed-to-break-trust";
  ReloadConfiguration();
  LoadExistingPrefs();

  // Verify that the value was not reset.
  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
  EXPECT_FALSE(WasResetRecorded());

  // Accessing the value of the previously protected pref didn't trigger its
  // move to the unprotected preferences file, though the loading of the pref
  // store should still have caused the MAC store to be recalculated.
  LoadExistingPrefs();
  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);

  // Trigger the logic that migrates it back to the unprotected preferences
  // file.
  pref_store_->SetValue(kProtectedAtomic, new base::StringValue(kGoodbyeWorld));
  LoadExistingPrefs();
  ExpectStringValueEquals(kProtectedAtomic, kGoodbyeWorld);
  EXPECT_FALSE(WasResetRecorded());
}