src/components/policy/core/common/cloud/component_cloud_policy_updater_unittest.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/policy/core/common/cloud/component_cloud_policy_updater.h"
   6
   7 #include "base/callback.h"
   8 #include "base/compiler_specific.h"
   9 #include "base/files/scoped_temp_dir.h"
  10 #include "base/sequenced_task_runner.h"
  11 #include "base/test/test_simple_task_runner.h"
  12 #include "base/values.h"
  13 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
  14 #include "components/policy/core/common/cloud/component_cloud_policy_store.h"
  15 #include "components/policy/core/common/cloud/external_policy_data_fetcher.h"
  16 #include "components/policy/core/common/cloud/policy_builder.h"
  17 #include "components/policy/core/common/cloud/resource_cache.h"
  18 #include "components/policy/core/common/external_data_fetcher.h"
  19 #include "components/policy/core/common/policy_bundle.h"
  20 #include "components/policy/core/common/policy_map.h"
  21 #include "components/policy/core/common/policy_types.h"
  22 #include "crypto/sha2.h"
  23 #include "net/url_request/test_url_fetcher_factory.h"
  24 #include "net/url_request/url_fetcher_delegate.h"
  25 #include "net/url_request/url_request_context_getter.h"
  26 #include "policy/proto/chrome_extension_policy.pb.h"
  27 #include "policy/proto/device_management_backend.pb.h"
  28 #include "testing/gmock/include/gmock/gmock.h"
  29 #include "testing/gtest/include/gtest/gtest.h"
  30 #include "url/gurl.h"
  31
  32 namespace em = enterprise_management;
  33
  34 using testing::Mock;
  35
  36 namespace policy {
  37
  38 namespace {
  39
  40 const char kTestExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
  41 const char kTestExtension2[] = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
  42 const char kTestExtension3[] = "cccccccccccccccccccccccccccccccc";
  43 const char kTestDownload[] = "http://example.com/getpolicy?id=123";
  44 const char kTestDownload2[] = "http://example.com/getpolicy?id=456";
  45 const char kTestDownload3[] = "http://example.com/getpolicy?id=789";
  46 const char kTestPolicy[] =
  47     "{"
  48     "  \"Name\": {"
  49     "    \"Value\": \"disabled\""
  50     "  },"
  51     "  \"Second\": {"
  52     "    \"Value\": \"maybe\","
  53     "    \"Level\": \"Recommended\""
  54     "  }"
  55     "}";
  56
  57 class MockComponentCloudPolicyStoreDelegate
  58     : public ComponentCloudPolicyStore::Delegate {
  59  public:
  60   virtual ~MockComponentCloudPolicyStoreDelegate() {}
  61
  62   MOCK_METHOD0(OnComponentCloudPolicyStoreUpdated, void());
  63 };
  64
  65 }  // namespace
  66
  67 class ComponentCloudPolicyUpdaterTest : public testing::Test {
  68  protected:
  69   virtual void SetUp() OVERRIDE;
  70   virtual void TearDown() OVERRIDE;
  71
  72   scoped_ptr<em::PolicyFetchResponse> CreateResponse();
  73
  74   scoped_refptr<base::TestSimpleTaskRunner> task_runner_;
  75   base::ScopedTempDir temp_dir_;
  76   scoped_ptr<ResourceCache> cache_;
  77   scoped_ptr<ComponentCloudPolicyStore> store_;
  78   MockComponentCloudPolicyStoreDelegate store_delegate_;
  79   net::TestURLFetcherFactory fetcher_factory_;
  80   scoped_ptr<ExternalPolicyDataFetcherBackend> fetcher_backend_;
  81   scoped_ptr<ComponentCloudPolicyUpdater> updater_;
  82   ComponentPolicyBuilder builder_;
  83   PolicyBundle expected_bundle_;
  84 };
  85
  86 void ComponentCloudPolicyUpdaterTest::SetUp() {
  87   ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
  88   task_runner_ = new base::TestSimpleTaskRunner();
  89   cache_.reset(new ResourceCache(temp_dir_.path(), task_runner_));
  90   store_.reset(new ComponentCloudPolicyStore(&store_delegate_, cache_.get()));
  91   store_->SetCredentials(ComponentPolicyBuilder::kFakeUsername,
  92                          ComponentPolicyBuilder::kFakeToken);
  93   fetcher_factory_.set_remove_fetcher_on_delete(true);
  94   fetcher_backend_.reset(new ExternalPolicyDataFetcherBackend(
  95       task_runner_,
  96       scoped_refptr<net::URLRequestContextGetter>()));
  97   updater_.reset(new ComponentCloudPolicyUpdater(
  98       task_runner_,
  99       fetcher_backend_->CreateFrontend(task_runner_),
 100       store_.get()));
 101   ASSERT_EQ(store_->policy().end(), store_->policy().begin());
 102
 103   builder_.policy_data().set_policy_type(
 104       dm_protocol::kChromeExtensionPolicyType);
 105   builder_.policy_data().set_settings_entity_id(kTestExtension);
 106   builder_.payload().set_download_url(kTestDownload);
 107   builder_.payload().set_secure_hash(crypto::SHA256HashString(kTestPolicy));
 108
 109   PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension);
 110   PolicyMap& policy = expected_bundle_.Get(ns);
 111   policy.Set("Name",
 112              POLICY_LEVEL_MANDATORY,
 113              POLICY_SCOPE_USER,
 114              new base::StringValue("disabled"),
 115              NULL);
 116   policy.Set("Second",
 117              POLICY_LEVEL_RECOMMENDED,
 118              POLICY_SCOPE_USER,
 119              new base::StringValue("maybe"),
 120              NULL);
 121 }
 122
 123 void ComponentCloudPolicyUpdaterTest::TearDown() {
 124   updater_.reset();
 125   task_runner_->RunUntilIdle();
 126 }
 127
 128 scoped_ptr<em::PolicyFetchResponse>
 129     ComponentCloudPolicyUpdaterTest::CreateResponse() {
 130   builder_.Build();
 131   return make_scoped_ptr(new em::PolicyFetchResponse(builder_.policy()));
 132 }
 133
 134 TEST_F(ComponentCloudPolicyUpdaterTest, FetchAndCache) {
 135   // Submit a policy fetch response.
 136   updater_->UpdateExternalPolicy(CreateResponse());
 137   task_runner_->RunUntilIdle();
 138
 139   // Verify that a download has been started.
 140   net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
 141   ASSERT_TRUE(fetcher);
 142   EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
 143
 144   // Complete the download.
 145   fetcher->set_response_code(200);
 146   fetcher->SetResponseString(kTestPolicy);
 147   fetcher->delegate()->OnURLFetchComplete(fetcher);
 148   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
 149   task_runner_->RunUntilIdle();
 150   Mock::VerifyAndClearExpectations(&store_delegate_);
 151
 152   // Verify that the downloaded policy is being served.
 153   EXPECT_TRUE(store_->policy().Equals(expected_bundle_));
 154 }
 155
 156 TEST_F(ComponentCloudPolicyUpdaterTest, PolicyFetchResponseTooLarge) {
 157   // Submit a policy fetch response that exceeds the allowed maximum size.
 158   std::string long_download("http://example.com/get?id=");
 159   long_download.append(20 * 1024, '1');
 160   builder_.payload().set_download_url(long_download);
 161   updater_->UpdateExternalPolicy(CreateResponse());
 162
 163   // Submit two valid policy fetch responses.
 164   builder_.policy_data().set_settings_entity_id(kTestExtension2);
 165   builder_.payload().set_download_url(kTestDownload2);
 166   updater_->UpdateExternalPolicy(CreateResponse());
 167   builder_.policy_data().set_settings_entity_id(kTestExtension3);
 168   builder_.payload().set_download_url(kTestDownload3);
 169   updater_->UpdateExternalPolicy(CreateResponse());
 170   task_runner_->RunUntilIdle();
 171
 172   // Verify that the first policy fetch response has been ignored and downloads
 173   // have been started for the next two fetch responses instead.
 174   net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
 175   ASSERT_TRUE(fetcher);
 176   EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
 177   fetcher = fetcher_factory_.GetFetcherByID(1);
 178   ASSERT_TRUE(fetcher);
 179   EXPECT_EQ(GURL(kTestDownload3), fetcher->GetOriginalURL());
 180 }
 181
 182 TEST_F(ComponentCloudPolicyUpdaterTest, PolicyFetchResponseInvalid) {
 183   // Submit an invalid policy fetch response.
 184   builder_.policy_data().set_username("wronguser@example.com");
 185   updater_->UpdateExternalPolicy(CreateResponse());
 186
 187   // Submit two valid policy fetch responses.
 188   builder_.policy_data().set_username(ComponentPolicyBuilder::kFakeUsername);
 189   builder_.policy_data().set_settings_entity_id(kTestExtension2);
 190   builder_.payload().set_download_url(kTestDownload2);
 191   updater_->UpdateExternalPolicy(CreateResponse());
 192   builder_.policy_data().set_settings_entity_id(kTestExtension3);
 193   builder_.payload().set_download_url(kTestDownload3);
 194   updater_->UpdateExternalPolicy(CreateResponse());
 195   task_runner_->RunUntilIdle();
 196
 197   // Verify that the first policy fetch response has been ignored and downloads
 198   // have been started for the next two fetch responses instead.
 199   net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
 200   ASSERT_TRUE(fetcher);
 201   EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
 202   fetcher = fetcher_factory_.GetFetcherByID(1);
 203   ASSERT_TRUE(fetcher);
 204   EXPECT_EQ(GURL(kTestDownload3), fetcher->GetOriginalURL());
 205 }
 206
 207 TEST_F(ComponentCloudPolicyUpdaterTest, AlreadyCached) {
 208   // Cache policy for an extension.
 209   builder_.Build();
 210   PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension);
 211   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
 212   EXPECT_TRUE(store_->Store(ns,
 213                             builder_.GetBlob(),
 214                             crypto::SHA256HashString(kTestPolicy),
 215                             kTestPolicy));
 216   Mock::VerifyAndClearExpectations(&store_delegate_);
 217
 218   // Submit a policy fetch response whose extension ID and hash match the
 219   // already cached policy.
 220   updater_->UpdateExternalPolicy(CreateResponse());
 221   task_runner_->RunUntilIdle();
 222
 223   // Verify that no download has been started.
 224   EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
 225 }
 226
 227 TEST_F(ComponentCloudPolicyUpdaterTest, PolicyDataInvalid) {
 228   // Submit three policy fetch responses.
 229   updater_->UpdateExternalPolicy(CreateResponse());
 230   builder_.payload().set_download_url(kTestDownload2);
 231   builder_.policy_data().set_settings_entity_id(kTestExtension2);
 232   updater_->UpdateExternalPolicy(CreateResponse());
 233   builder_.policy_data().set_settings_entity_id(kTestExtension3);
 234   builder_.payload().set_download_url(kTestDownload3);
 235   updater_->UpdateExternalPolicy(CreateResponse());
 236   task_runner_->RunUntilIdle();
 237
 238   // Verify that the first download has been started.
 239   net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
 240   ASSERT_TRUE(fetcher);
 241   EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
 242
 243   // Verify that the second download has been started.
 244   fetcher = fetcher_factory_.GetFetcherByID(1);
 245   ASSERT_TRUE(fetcher);
 246   EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
 247
 248   // Indicate that the policy data size will exceed allowed maximum.
 249   fetcher->delegate()->OnURLFetchDownloadProgress(fetcher, 6 * 1024 * 1024, -1);
 250   task_runner_->RunUntilIdle();
 251
 252   // Verify that the third download has been started.
 253   fetcher = fetcher_factory_.GetFetcherByID(2);
 254   ASSERT_TRUE(fetcher);
 255   EXPECT_EQ(GURL(kTestDownload3), fetcher->GetOriginalURL());
 256 }
 257
 258 TEST_F(ComponentCloudPolicyUpdaterTest, FetchUpdatedData) {
 259   // Submit a policy fetch response.
 260   updater_->UpdateExternalPolicy(CreateResponse());
 261   task_runner_->RunUntilIdle();
 262
 263   // Verify that the first download has been started.
 264   net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
 265   ASSERT_TRUE(fetcher);
 266   EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
 267
 268   // Submit a second policy fetch response for the same extension with an
 269   // updated download URL.
 270   builder_.payload().set_download_url(kTestDownload2);
 271   updater_->UpdateExternalPolicy(CreateResponse());
 272   task_runner_->RunUntilIdle();
 273
 274   // Verify that the first download is no longer running.
 275   EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
 276
 277   // Verify that the second download has been started.
 278   fetcher = fetcher_factory_.GetFetcherByID(1);
 279   ASSERT_TRUE(fetcher);
 280   EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
 281 }
 282
 283 TEST_F(ComponentCloudPolicyUpdaterTest, FetchUpdatedDataWithoutPolicy) {
 284   // Submit a policy fetch response.
 285   updater_->UpdateExternalPolicy(CreateResponse());
 286   task_runner_->RunUntilIdle();
 287
 288   // Verify that the download has been started.
 289   net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
 290   ASSERT_TRUE(fetcher);
 291   EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
 292
 293   // Complete the download.
 294   fetcher->set_response_code(200);
 295   fetcher->SetResponseString(kTestPolicy);
 296   fetcher->delegate()->OnURLFetchComplete(fetcher);
 297   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
 298   task_runner_->RunUntilIdle();
 299   Mock::VerifyAndClearExpectations(&store_delegate_);
 300
 301   // Verify that the downloaded policy is being served.
 302   EXPECT_TRUE(store_->policy().Equals(expected_bundle_));
 303
 304   // Submit a second policy fetch response for the same extension with no
 305   // download URL, meaning that no policy should be provided for this extension.
 306   builder_.payload().clear_download_url();
 307   builder_.payload().clear_secure_hash();
 308   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
 309   updater_->UpdateExternalPolicy(CreateResponse());
 310   Mock::VerifyAndClearExpectations(&store_delegate_);
 311   task_runner_->RunUntilIdle();
 312
 313   // Verify that no download has been started.
 314   EXPECT_FALSE(fetcher_factory_.GetFetcherByID(1));
 315
 316   // Verify that the policy is no longer being served.
 317   const PolicyBundle empty_bundle;
 318   EXPECT_TRUE(store_->policy().Equals(empty_bundle));
 319 }
 320
 321 TEST_F(ComponentCloudPolicyUpdaterTest, NoPolicy) {
 322   // Submit a policy fetch response with a valid download URL.
 323   updater_->UpdateExternalPolicy(CreateResponse());
 324   task_runner_->RunUntilIdle();
 325
 326   // Verify that the download has been started.
 327   EXPECT_TRUE(fetcher_factory_.GetFetcherByID(0));
 328
 329   // Update the policy fetch response before the download has finished. The new
 330   // policy fetch response has no download URL.
 331   builder_.payload().Clear();
 332   updater_->UpdateExternalPolicy(CreateResponse());
 333   task_runner_->RunUntilIdle();
 334
 335   // Verify that the download is no longer running.
 336   EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
 337 }
 338
 339 TEST_F(ComponentCloudPolicyUpdaterTest, CancelUpdate) {
 340   // Submit a policy fetch response with a valid download URL.
 341   updater_->UpdateExternalPolicy(CreateResponse());
 342   task_runner_->RunUntilIdle();
 343
 344   // Verify that the download has been started.
 345   EXPECT_TRUE(fetcher_factory_.GetFetcherByID(0));
 346
 347   // Now cancel that update before the download completes.
 348   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()).Times(0);
 349   updater_->CancelUpdate(
 350       PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kTestExtension));
 351   task_runner_->RunUntilIdle();
 352   Mock::VerifyAndClearExpectations(&store_delegate_);
 353   EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
 354 }
 355
 356 }  // namespace policy