1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/policy/core/common/cloud/component_cloud_policy_updater.h"
7 #include "base/callback.h"
8 #include "base/compiler_specific.h"
9 #include "base/files/scoped_temp_dir.h"
10 #include "base/sequenced_task_runner.h"
11 #include "base/test/test_simple_task_runner.h"
12 #include "base/values.h"
13 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
14 #include "components/policy/core/common/cloud/component_cloud_policy_store.h"
15 #include "components/policy/core/common/cloud/external_policy_data_fetcher.h"
16 #include "components/policy/core/common/cloud/policy_builder.h"
17 #include "components/policy/core/common/cloud/resource_cache.h"
18 #include "components/policy/core/common/external_data_fetcher.h"
19 #include "components/policy/core/common/policy_bundle.h"
20 #include "components/policy/core/common/policy_map.h"
21 #include "components/policy/core/common/policy_types.h"
22 #include "crypto/sha2.h"
23 #include "net/url_request/test_url_fetcher_factory.h"
24 #include "net/url_request/url_fetcher_delegate.h"
25 #include "net/url_request/url_request_context_getter.h"
26 #include "policy/proto/chrome_extension_policy.pb.h"
27 #include "policy/proto/device_management_backend.pb.h"
28 #include "testing/gmock/include/gmock/gmock.h"
29 #include "testing/gtest/include/gtest/gtest.h"
32 namespace em = enterprise_management;
40 const char kTestExtension[] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
41 const char kTestExtension2[] = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
42 const char kTestExtension3[] = "cccccccccccccccccccccccccccccccc";
43 const char kTestDownload[] = "http://example.com/getpolicy?id=123";
44 const char kTestDownload2[] = "http://example.com/getpolicy?id=456";
45 const char kTestDownload3[] = "http://example.com/getpolicy?id=789";
46 const char kTestPolicy[] =
49 " \"Value\": \"disabled\""
52 " \"Value\": \"maybe\","
53 " \"Level\": \"Recommended\""
57 class MockComponentCloudPolicyStoreDelegate
58 : public ComponentCloudPolicyStore::Delegate {
60 virtual ~MockComponentCloudPolicyStoreDelegate() {}
62 MOCK_METHOD0(OnComponentCloudPolicyStoreUpdated, void());
67 class ComponentCloudPolicyUpdaterTest : public testing::Test {
69 virtual void SetUp() OVERRIDE;
70 virtual void TearDown() OVERRIDE;
72 scoped_ptr<em::PolicyFetchResponse> CreateResponse();
74 scoped_refptr<base::TestSimpleTaskRunner> task_runner_;
75 base::ScopedTempDir temp_dir_;
76 scoped_ptr<ResourceCache> cache_;
77 scoped_ptr<ComponentCloudPolicyStore> store_;
78 MockComponentCloudPolicyStoreDelegate store_delegate_;
79 net::TestURLFetcherFactory fetcher_factory_;
80 scoped_ptr<ExternalPolicyDataFetcherBackend> fetcher_backend_;
81 scoped_ptr<ComponentCloudPolicyUpdater> updater_;
82 ComponentPolicyBuilder builder_;
83 PolicyBundle expected_bundle_;
86 void ComponentCloudPolicyUpdaterTest::SetUp() {
87 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
88 task_runner_ = new base::TestSimpleTaskRunner();
89 cache_.reset(new ResourceCache(temp_dir_.path(), task_runner_));
90 store_.reset(new ComponentCloudPolicyStore(&store_delegate_, cache_.get()));
91 store_->SetCredentials(ComponentPolicyBuilder::kFakeUsername,
92 ComponentPolicyBuilder::kFakeToken);
93 fetcher_factory_.set_remove_fetcher_on_delete(true);
94 fetcher_backend_.reset(new ExternalPolicyDataFetcherBackend(
96 scoped_refptr<net::URLRequestContextGetter>()));
97 updater_.reset(new ComponentCloudPolicyUpdater(
99 fetcher_backend_->CreateFrontend(task_runner_),
101 ASSERT_EQ(store_->policy().end(), store_->policy().begin());
103 builder_.policy_data().set_policy_type(
104 dm_protocol::kChromeExtensionPolicyType);
105 builder_.policy_data().set_settings_entity_id(kTestExtension);
106 builder_.payload().set_download_url(kTestDownload);
107 builder_.payload().set_secure_hash(crypto::SHA256HashString(kTestPolicy));
109 PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension);
110 PolicyMap& policy = expected_bundle_.Get(ns);
112 POLICY_LEVEL_MANDATORY,
114 new base::StringValue("disabled"),
117 POLICY_LEVEL_RECOMMENDED,
119 new base::StringValue("maybe"),
123 void ComponentCloudPolicyUpdaterTest::TearDown() {
125 task_runner_->RunUntilIdle();
128 scoped_ptr<em::PolicyFetchResponse>
129 ComponentCloudPolicyUpdaterTest::CreateResponse() {
131 return make_scoped_ptr(new em::PolicyFetchResponse(builder_.policy()));
134 TEST_F(ComponentCloudPolicyUpdaterTest, FetchAndCache) {
135 // Submit a policy fetch response.
136 updater_->UpdateExternalPolicy(CreateResponse());
137 task_runner_->RunUntilIdle();
139 // Verify that a download has been started.
140 net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
141 ASSERT_TRUE(fetcher);
142 EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
144 // Complete the download.
145 fetcher->set_response_code(200);
146 fetcher->SetResponseString(kTestPolicy);
147 fetcher->delegate()->OnURLFetchComplete(fetcher);
148 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
149 task_runner_->RunUntilIdle();
150 Mock::VerifyAndClearExpectations(&store_delegate_);
152 // Verify that the downloaded policy is being served.
153 EXPECT_TRUE(store_->policy().Equals(expected_bundle_));
156 TEST_F(ComponentCloudPolicyUpdaterTest, PolicyFetchResponseTooLarge) {
157 // Submit a policy fetch response that exceeds the allowed maximum size.
158 std::string long_download("http://example.com/get?id=");
159 long_download.append(20 * 1024, '1');
160 builder_.payload().set_download_url(long_download);
161 updater_->UpdateExternalPolicy(CreateResponse());
163 // Submit two valid policy fetch responses.
164 builder_.policy_data().set_settings_entity_id(kTestExtension2);
165 builder_.payload().set_download_url(kTestDownload2);
166 updater_->UpdateExternalPolicy(CreateResponse());
167 builder_.policy_data().set_settings_entity_id(kTestExtension3);
168 builder_.payload().set_download_url(kTestDownload3);
169 updater_->UpdateExternalPolicy(CreateResponse());
170 task_runner_->RunUntilIdle();
172 // Verify that the first policy fetch response has been ignored and downloads
173 // have been started for the next two fetch responses instead.
174 net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
175 ASSERT_TRUE(fetcher);
176 EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
177 fetcher = fetcher_factory_.GetFetcherByID(1);
178 ASSERT_TRUE(fetcher);
179 EXPECT_EQ(GURL(kTestDownload3), fetcher->GetOriginalURL());
182 TEST_F(ComponentCloudPolicyUpdaterTest, PolicyFetchResponseInvalid) {
183 // Submit an invalid policy fetch response.
184 builder_.policy_data().set_username("wronguser@example.com");
185 updater_->UpdateExternalPolicy(CreateResponse());
187 // Submit two valid policy fetch responses.
188 builder_.policy_data().set_username(ComponentPolicyBuilder::kFakeUsername);
189 builder_.policy_data().set_settings_entity_id(kTestExtension2);
190 builder_.payload().set_download_url(kTestDownload2);
191 updater_->UpdateExternalPolicy(CreateResponse());
192 builder_.policy_data().set_settings_entity_id(kTestExtension3);
193 builder_.payload().set_download_url(kTestDownload3);
194 updater_->UpdateExternalPolicy(CreateResponse());
195 task_runner_->RunUntilIdle();
197 // Verify that the first policy fetch response has been ignored and downloads
198 // have been started for the next two fetch responses instead.
199 net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
200 ASSERT_TRUE(fetcher);
201 EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
202 fetcher = fetcher_factory_.GetFetcherByID(1);
203 ASSERT_TRUE(fetcher);
204 EXPECT_EQ(GURL(kTestDownload3), fetcher->GetOriginalURL());
207 TEST_F(ComponentCloudPolicyUpdaterTest, AlreadyCached) {
208 // Cache policy for an extension.
210 PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension);
211 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
212 EXPECT_TRUE(store_->Store(ns,
214 crypto::SHA256HashString(kTestPolicy),
216 Mock::VerifyAndClearExpectations(&store_delegate_);
218 // Submit a policy fetch response whose extension ID and hash match the
219 // already cached policy.
220 updater_->UpdateExternalPolicy(CreateResponse());
221 task_runner_->RunUntilIdle();
223 // Verify that no download has been started.
224 EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
227 TEST_F(ComponentCloudPolicyUpdaterTest, PolicyDataInvalid) {
228 // Submit three policy fetch responses.
229 updater_->UpdateExternalPolicy(CreateResponse());
230 builder_.payload().set_download_url(kTestDownload2);
231 builder_.policy_data().set_settings_entity_id(kTestExtension2);
232 updater_->UpdateExternalPolicy(CreateResponse());
233 builder_.policy_data().set_settings_entity_id(kTestExtension3);
234 builder_.payload().set_download_url(kTestDownload3);
235 updater_->UpdateExternalPolicy(CreateResponse());
236 task_runner_->RunUntilIdle();
238 // Verify that the first download has been started.
239 net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
240 ASSERT_TRUE(fetcher);
241 EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
243 // Verify that the second download has been started.
244 fetcher = fetcher_factory_.GetFetcherByID(1);
245 ASSERT_TRUE(fetcher);
246 EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
248 // Indicate that the policy data size will exceed allowed maximum.
249 fetcher->delegate()->OnURLFetchDownloadProgress(fetcher, 6 * 1024 * 1024, -1);
250 task_runner_->RunUntilIdle();
252 // Verify that the third download has been started.
253 fetcher = fetcher_factory_.GetFetcherByID(2);
254 ASSERT_TRUE(fetcher);
255 EXPECT_EQ(GURL(kTestDownload3), fetcher->GetOriginalURL());
258 TEST_F(ComponentCloudPolicyUpdaterTest, FetchUpdatedData) {
259 // Submit a policy fetch response.
260 updater_->UpdateExternalPolicy(CreateResponse());
261 task_runner_->RunUntilIdle();
263 // Verify that the first download has been started.
264 net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
265 ASSERT_TRUE(fetcher);
266 EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
268 // Submit a second policy fetch response for the same extension with an
269 // updated download URL.
270 builder_.payload().set_download_url(kTestDownload2);
271 updater_->UpdateExternalPolicy(CreateResponse());
272 task_runner_->RunUntilIdle();
274 // Verify that the first download is no longer running.
275 EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
277 // Verify that the second download has been started.
278 fetcher = fetcher_factory_.GetFetcherByID(1);
279 ASSERT_TRUE(fetcher);
280 EXPECT_EQ(GURL(kTestDownload2), fetcher->GetOriginalURL());
283 TEST_F(ComponentCloudPolicyUpdaterTest, FetchUpdatedDataWithoutPolicy) {
284 // Submit a policy fetch response.
285 updater_->UpdateExternalPolicy(CreateResponse());
286 task_runner_->RunUntilIdle();
288 // Verify that the download has been started.
289 net::TestURLFetcher* fetcher = fetcher_factory_.GetFetcherByID(0);
290 ASSERT_TRUE(fetcher);
291 EXPECT_EQ(GURL(kTestDownload), fetcher->GetOriginalURL());
293 // Complete the download.
294 fetcher->set_response_code(200);
295 fetcher->SetResponseString(kTestPolicy);
296 fetcher->delegate()->OnURLFetchComplete(fetcher);
297 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
298 task_runner_->RunUntilIdle();
299 Mock::VerifyAndClearExpectations(&store_delegate_);
301 // Verify that the downloaded policy is being served.
302 EXPECT_TRUE(store_->policy().Equals(expected_bundle_));
304 // Submit a second policy fetch response for the same extension with no
305 // download URL, meaning that no policy should be provided for this extension.
306 builder_.payload().clear_download_url();
307 builder_.payload().clear_secure_hash();
308 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
309 updater_->UpdateExternalPolicy(CreateResponse());
310 Mock::VerifyAndClearExpectations(&store_delegate_);
311 task_runner_->RunUntilIdle();
313 // Verify that no download has been started.
314 EXPECT_FALSE(fetcher_factory_.GetFetcherByID(1));
316 // Verify that the policy is no longer being served.
317 const PolicyBundle empty_bundle;
318 EXPECT_TRUE(store_->policy().Equals(empty_bundle));
321 TEST_F(ComponentCloudPolicyUpdaterTest, NoPolicy) {
322 // Submit a policy fetch response with a valid download URL.
323 updater_->UpdateExternalPolicy(CreateResponse());
324 task_runner_->RunUntilIdle();
326 // Verify that the download has been started.
327 EXPECT_TRUE(fetcher_factory_.GetFetcherByID(0));
329 // Update the policy fetch response before the download has finished. The new
330 // policy fetch response has no download URL.
331 builder_.payload().Clear();
332 updater_->UpdateExternalPolicy(CreateResponse());
333 task_runner_->RunUntilIdle();
335 // Verify that the download is no longer running.
336 EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
339 TEST_F(ComponentCloudPolicyUpdaterTest, CancelUpdate) {
340 // Submit a policy fetch response with a valid download URL.
341 updater_->UpdateExternalPolicy(CreateResponse());
342 task_runner_->RunUntilIdle();
344 // Verify that the download has been started.
345 EXPECT_TRUE(fetcher_factory_.GetFetcherByID(0));
347 // Now cancel that update before the download completes.
348 EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()).Times(0);
349 updater_->CancelUpdate(
350 PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kTestExtension));
351 task_runner_->RunUntilIdle();
352 Mock::VerifyAndClearExpectations(&store_delegate_);
353 EXPECT_FALSE(fetcher_factory_.GetFetcherByID(0));
356 } // namespace policy