Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/policy/device_policy_cache.h"
      6 
      7 #include "chrome/browser/chromeos/cros/cryptohome_library.h"
      8 #include "chrome/browser/policy/device_policy_identity_strategy.h"
      9 #include "chrome/browser/policy/enterprise_install_attributes.h"
     10 #include "policy/configuration_policy_type.h"
     11 #include "testing/gmock/include/gmock/gmock.h"
     12 #include "testing/gtest/include/gtest/gtest.h"
     13 
     14 namespace policy {
     15 
     16 namespace {
     17 
     18 // Test registration user name.
     19 const char kTestUser[] = "test (at) example.com";
     20 
     21 using ::chromeos::SignedSettings;
     22 using ::chromeos::SignedSettingsHelper;
     23 using ::testing::_;
     24 using ::testing::InSequence;
     25 
     26 class MockSignedSettingsHelper : public SignedSettingsHelper {
     27  public:
     28   MockSignedSettingsHelper() {}
     29   virtual ~MockSignedSettingsHelper() {}
     30 
     31   MOCK_METHOD2(StartStorePolicyOp, void(const em::PolicyFetchResponse&,
     32                                         SignedSettingsHelper::Callback*));
     33   MOCK_METHOD1(StartRetrievePolicyOp, void(SignedSettingsHelper::Callback*));
     34   MOCK_METHOD1(CancelCallback, void(SignedSettingsHelper::Callback*));
     35 
     36   // This test doesn't need these methods, but since they're pure virtual in
     37   // SignedSettingsHelper, they must be implemented:
     38   MOCK_METHOD2(StartCheckWhitelistOp, void(const std::string&,
     39                                            SignedSettingsHelper::Callback*));
     40   MOCK_METHOD3(StartWhitelistOp, void(const std::string&, bool,
     41                                       SignedSettingsHelper::Callback*));
     42   MOCK_METHOD3(StartStorePropertyOp, void(const std::string&,
     43                                           const std::string&,
     44                                           SignedSettingsHelper::Callback*));
     45   MOCK_METHOD2(StartRetrieveProperty, void(const std::string&,
     46                                            SignedSettingsHelper::Callback*));
     47 
     48  private:
     49   DISALLOW_COPY_AND_ASSIGN(MockSignedSettingsHelper);
     50 };
     51 
     52 ACTION_P(MockSignedSettingsHelperStorePolicy, status_code) {
     53   arg1->OnStorePolicyCompleted(status_code);
     54 }
     55 
     56 ACTION_P2(MockSignedSettingsHelperRetrievePolicy, status_code, policy) {
     57   arg0->OnRetrievePolicyCompleted(status_code, policy);
     58 }
     59 
     60 void CreateRefreshRatePolicy(em::PolicyFetchResponse* policy,
     61                              const std::string& user,
     62                              int refresh_rate) {
     63   // This method omits a few fields which currently aren't needed by tests:
     64   // timestamp, machine_name, policy_type, public key info.
     65   em::PolicyData signed_response;
     66   em::ChromeDeviceSettingsProto settings;
     67   settings.mutable_policy_refresh_rate()->set_policy_refresh_rate(refresh_rate);
     68   signed_response.set_username(user);
     69   signed_response.set_request_token("dmtoken");
     70   signed_response.set_device_id("deviceid");
     71   EXPECT_TRUE(
     72       settings.SerializeToString(signed_response.mutable_policy_value()));
     73   std::string serialized_signed_response;
     74   EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response));
     75   policy->set_policy_data(serialized_signed_response);
     76 }
     77 
     78 void CreateProxyPolicy(em::PolicyFetchResponse* policy,
     79                        const std::string& user,
     80                        const std::string& proxy_mode,
     81                        const std::string& proxy_server,
     82                        const std::string& proxy_pac_url,
     83                        const std::string& proxy_bypass_list) {
     84   em::PolicyData signed_response;
     85   em::ChromeDeviceSettingsProto settings;
     86   em::DeviceProxySettingsProto* proxy_settings =
     87       settings.mutable_device_proxy_settings();
     88   proxy_settings->set_proxy_mode(proxy_mode);
     89   proxy_settings->set_proxy_server(proxy_server);
     90   proxy_settings->set_proxy_pac_url(proxy_pac_url);
     91   proxy_settings->set_proxy_bypass_list(proxy_bypass_list);
     92   signed_response.set_username(user);
     93   signed_response.set_request_token("dmtoken");
     94   signed_response.set_device_id("deviceid");
     95   EXPECT_TRUE(
     96       settings.SerializeToString(signed_response.mutable_policy_value()));
     97   std::string serialized_signed_response;
     98   EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response));
     99   policy->set_policy_data(serialized_signed_response);
    100 }
    101 
    102 }  // namespace
    103 
    104 class DevicePolicyCacheTest : public testing::Test {
    105  protected:
    106   DevicePolicyCacheTest()
    107       : cryptohome_(chromeos::CryptohomeLibrary::GetImpl(true)),
    108         install_attributes_(cryptohome_.get()) {}
    109 
    110   virtual void SetUp() {
    111     cache_.reset(new DevicePolicyCache(&identity_strategy_,
    112                                        &install_attributes_,
    113                                        &signed_settings_helper_));
    114   }
    115 
    116   virtual void TearDown() {
    117     EXPECT_CALL(signed_settings_helper_, CancelCallback(_));
    118     cache_.reset();
    119   }
    120 
    121   void MakeEnterpriseDevice(const char* registration_user) {
    122     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    123               install_attributes_.LockDevice(registration_user));
    124   }
    125 
    126   const Value* GetMandatoryPolicy(ConfigurationPolicyType policy) {
    127     return cache_->mandatory_policy_.Get(policy);
    128   }
    129 
    130   const Value* GetRecommendedPolicy(ConfigurationPolicyType policy) {
    131     return cache_->recommended_policy_.Get(policy);
    132   }
    133 
    134   scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_;
    135   EnterpriseInstallAttributes install_attributes_;
    136   DevicePolicyIdentityStrategy identity_strategy_;
    137   MockSignedSettingsHelper signed_settings_helper_;
    138   scoped_ptr<DevicePolicyCache> cache_;
    139 
    140  private:
    141   DISALLOW_COPY_AND_ASSIGN(DevicePolicyCacheTest);
    142 };
    143 
    144 TEST_F(DevicePolicyCacheTest, Startup) {
    145   em::PolicyFetchResponse policy;
    146   CreateRefreshRatePolicy(&policy, kTestUser, 120);
    147   EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
    148       MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
    149                                              policy));
    150   cache_->Load();
    151   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    152   FundamentalValue expected(120);
    153   EXPECT_TRUE(Value::Equals(&expected,
    154                             GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
    155 }
    156 
    157 TEST_F(DevicePolicyCacheTest, SetPolicy) {
    158   InSequence s;
    159 
    160   MakeEnterpriseDevice(kTestUser);
    161 
    162   // Startup.
    163   em::PolicyFetchResponse policy;
    164   CreateRefreshRatePolicy(&policy, kTestUser, 120);
    165   EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
    166       MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
    167                                              policy));
    168   cache_->Load();
    169   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    170   FundamentalValue expected(120);
    171   EXPECT_TRUE(Value::Equals(&expected,
    172                             GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
    173 
    174   // Set new policy information.
    175   em::PolicyFetchResponse new_policy;
    176   CreateRefreshRatePolicy(&new_policy, kTestUser, 300);
    177   EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).WillOnce(
    178       MockSignedSettingsHelperStorePolicy(chromeos::SignedSettings::SUCCESS));
    179   EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
    180       MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
    181                                              new_policy));
    182   cache_->SetPolicy(new_policy);
    183   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    184   FundamentalValue updated_expected(300);
    185   EXPECT_TRUE(Value::Equals(&updated_expected,
    186                             GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
    187 }
    188 
    189 TEST_F(DevicePolicyCacheTest, SetPolicyWrongUser) {
    190   InSequence s;
    191 
    192   MakeEnterpriseDevice(kTestUser);
    193 
    194   // Startup.
    195   em::PolicyFetchResponse policy;
    196   CreateRefreshRatePolicy(&policy, kTestUser, 120);
    197   EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
    198       MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
    199                                              policy));
    200   cache_->Load();
    201   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    202 
    203   // Set new policy information. This should fail due to invalid user.
    204   em::PolicyFetchResponse new_policy;
    205   CreateRefreshRatePolicy(&new_policy, "foreign_user (at) example.com", 300);
    206   EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0);
    207   cache_->SetPolicy(new_policy);
    208   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    209 
    210   FundamentalValue expected(120);
    211   EXPECT_TRUE(Value::Equals(&expected,
    212                             GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
    213 }
    214 
    215 TEST_F(DevicePolicyCacheTest, SetPolicyNonEnterpriseDevice) {
    216   InSequence s;
    217 
    218   // Startup.
    219   em::PolicyFetchResponse policy;
    220   CreateRefreshRatePolicy(&policy, kTestUser, 120);
    221   EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
    222       MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
    223                                              policy));
    224   cache_->Load();
    225   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    226 
    227   // Set new policy information. This should fail due to invalid user.
    228   em::PolicyFetchResponse new_policy;
    229   CreateRefreshRatePolicy(&new_policy, kTestUser, 120);
    230   EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0);
    231   cache_->SetPolicy(new_policy);
    232   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    233 
    234   FundamentalValue expected(120);
    235   EXPECT_TRUE(Value::Equals(&expected,
    236                             GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
    237 }
    238 
    239 TEST_F(DevicePolicyCacheTest, SetProxyPolicy) {
    240   InSequence s;
    241 
    242   MakeEnterpriseDevice(kTestUser);
    243 
    244   // Startup.
    245   em::PolicyFetchResponse policy;
    246   CreateProxyPolicy(&policy, kTestUser, "direct", "http://proxy:8080",
    247                     "http://proxy:8080/pac.js", "127.0.0.1,example.com");
    248   EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
    249       MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
    250                                              policy));
    251   cache_->Load();
    252   testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
    253   StringValue expected_proxy_mode("direct");
    254   StringValue expected_proxy_server("http://proxy:8080");
    255   StringValue expected_proxy_pac_url("http://proxy:8080/pac.js");
    256   StringValue expected_proxy_bypass_list("127.0.0.1,example.com");
    257   EXPECT_TRUE(Value::Equals(&expected_proxy_mode,
    258                             GetRecommendedPolicy(kPolicyProxyMode)));
    259   EXPECT_TRUE(Value::Equals(&expected_proxy_server,
    260                             GetRecommendedPolicy(kPolicyProxyServer)));
    261   EXPECT_TRUE(Value::Equals(&expected_proxy_pac_url,
    262                             GetRecommendedPolicy(kPolicyProxyPacUrl)));
    263   EXPECT_TRUE(Value::Equals(&expected_proxy_bypass_list,
    264                             GetRecommendedPolicy(kPolicyProxyBypassList)));
    265 }
    266 
    267 }  // namespace policy
    268