1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/policy/user_policy_cache.h" 6 7 #include <limits> 8 #include <string> 9 10 #include "base/file_util.h" 11 #include "base/memory/scoped_temp_dir.h" 12 #include "base/message_loop.h" 13 #include "base/values.h" 14 #include "chrome/browser/policy/configuration_policy_provider.h" 15 #include "chrome/browser/policy/proto/cloud_policy.pb.h" 16 #include "chrome/browser/policy/proto/device_management_backend.pb.h" 17 #include "chrome/browser/policy/proto/device_management_local.pb.h" 18 #include "chrome/browser/policy/proto/old_generic_format.pb.h" 19 #include "content/browser/browser_thread.h" 20 #include "testing/gmock/include/gmock/gmock.h" 21 #include "testing/gtest/include/gtest/gtest.h" 22 23 namespace policy { 24 25 // Decodes a CloudPolicySettings object into two maps with mandatory and 26 // recommended settings, respectively. The implementation is generated code 27 // in policy/cloud_policy_generated.cc. 28 void DecodePolicy(const em::CloudPolicySettings& policy, 29 PolicyMap* mandatory, PolicyMap* recommended); 30 31 // The implementations of these methods are in cloud_policy_generated.cc. 32 Value* DecodeIntegerValue(google::protobuf::int64 value); 33 ListValue* DecodeStringList(const em::StringList& string_list); 34 35 class MockConfigurationPolicyProviderObserver 36 : public ConfigurationPolicyProvider::Observer { 37 public: 38 MockConfigurationPolicyProviderObserver() {} 39 virtual ~MockConfigurationPolicyProviderObserver() {} 40 MOCK_METHOD0(OnUpdatePolicy, void()); 41 void OnProviderGoingAway() {} 42 }; 43 44 // Tests the device management policy cache. 45 class UserPolicyCacheTest : public testing::Test { 46 protected: 47 UserPolicyCacheTest() 48 : loop_(MessageLoop::TYPE_UI), 49 ui_thread_(BrowserThread::UI, &loop_), 50 file_thread_(BrowserThread::FILE, &loop_) {} 51 52 void SetUp() { 53 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); 54 } 55 56 void TearDown() { 57 loop_.RunAllPending(); 58 } 59 60 // Creates a (signed) PolicyFetchResponse setting the given |homepage| and 61 // featuring the given |timestamp| (as issued by the server). 62 // Mildly hacky special feature: pass an empty string as |homepage| to get 63 // a completely empty policy. 64 em::PolicyFetchResponse* CreateHomepagePolicy( 65 const std::string& homepage, 66 const base::Time& timestamp, 67 const em::PolicyOptions::PolicyMode policy_mode) { 68 em::PolicyData signed_response; 69 if (homepage != "") { 70 em::CloudPolicySettings settings; 71 em::HomepageLocationProto* homepagelocation_proto = 72 settings.mutable_homepagelocation(); 73 homepagelocation_proto->set_homepagelocation(homepage); 74 homepagelocation_proto->mutable_policy_options()->set_mode(policy_mode); 75 EXPECT_TRUE( 76 settings.SerializeToString(signed_response.mutable_policy_value())); 77 } 78 signed_response.set_timestamp( 79 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); 80 std::string serialized_signed_response; 81 EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response)); 82 83 em::PolicyFetchResponse* response = new em::PolicyFetchResponse; 84 response->set_policy_data(serialized_signed_response); 85 // TODO(jkummerow): Set proper new_public_key and signature (when 86 // implementing support for signature verification). 87 response->set_policy_data_signature("TODO"); 88 response->set_new_public_key("TODO"); 89 return response; 90 } 91 92 void WritePolicy(const em::PolicyFetchResponse& policy) { 93 std::string data; 94 em::CachedCloudPolicyResponse cached_policy; 95 cached_policy.mutable_cloud_policy()->CopyFrom(policy); 96 EXPECT_TRUE(cached_policy.SerializeToString(&data)); 97 int size = static_cast<int>(data.size()); 98 EXPECT_EQ(size, file_util::WriteFile(test_file(), data.c_str(), size)); 99 } 100 101 // Takes ownership of |policy_response|. 102 void SetPolicy(UserPolicyCache* cache, 103 em::PolicyFetchResponse* policy_response, 104 bool expect_changed_policy) { 105 scoped_ptr<em::PolicyFetchResponse> policy(policy_response); 106 ConfigurationPolicyObserverRegistrar registrar; 107 registrar.Init(cache->GetManagedPolicyProvider(), &observer); 108 if (expect_changed_policy) 109 EXPECT_CALL(observer, OnUpdatePolicy()).Times(1); 110 else 111 EXPECT_CALL(observer, OnUpdatePolicy()).Times(0); 112 cache->SetPolicy(*policy); 113 testing::Mock::VerifyAndClearExpectations(&observer); 114 } 115 116 FilePath test_file() { 117 return temp_dir_.path().AppendASCII("UserPolicyCacheTest"); 118 } 119 120 const PolicyMap& mandatory_policy(const UserPolicyCache& cache) { 121 return cache.mandatory_policy_; 122 } 123 124 const PolicyMap& recommended_policy(const UserPolicyCache& cache) { 125 return cache.recommended_policy_; 126 } 127 128 MessageLoop loop_; 129 MockConfigurationPolicyProviderObserver observer; 130 131 private: 132 ScopedTempDir temp_dir_; 133 BrowserThread ui_thread_; 134 BrowserThread file_thread_; 135 }; 136 137 TEST_F(UserPolicyCacheTest, DecodePolicy) { 138 em::CloudPolicySettings settings; 139 settings.mutable_homepagelocation()->set_homepagelocation("chromium.org"); 140 settings.mutable_javascriptenabled()->set_javascriptenabled(true); 141 settings.mutable_javascriptenabled()->mutable_policy_options()->set_mode( 142 em::PolicyOptions::MANDATORY); 143 settings.mutable_policyrefreshrate()->set_policyrefreshrate(5); 144 settings.mutable_policyrefreshrate()->mutable_policy_options()->set_mode( 145 em::PolicyOptions::RECOMMENDED); 146 PolicyMap mandatory_policy; 147 PolicyMap recommended_policy; 148 DecodePolicy(settings, &mandatory_policy, &recommended_policy); 149 PolicyMap mandatory; 150 mandatory.Set(kPolicyHomepageLocation, 151 Value::CreateStringValue("chromium.org")); 152 mandatory.Set(kPolicyJavascriptEnabled, Value::CreateBooleanValue(true)); 153 PolicyMap recommended; 154 recommended.Set(kPolicyPolicyRefreshRate, Value::CreateIntegerValue(5)); 155 EXPECT_TRUE(mandatory.Equals(mandatory_policy)); 156 EXPECT_TRUE(recommended.Equals(recommended_policy)); 157 } 158 159 TEST_F(UserPolicyCacheTest, DecodeIntegerValue) { 160 const int min = std::numeric_limits<int>::min(); 161 const int max = std::numeric_limits<int>::max(); 162 scoped_ptr<Value> value( 163 DecodeIntegerValue(static_cast<google::protobuf::int64>(42))); 164 ASSERT_TRUE(value.get()); 165 FundamentalValue expected_42(42); 166 EXPECT_TRUE(value->Equals(&expected_42)); 167 value.reset( 168 DecodeIntegerValue(static_cast<google::protobuf::int64>(min - 1LL))); 169 EXPECT_EQ(NULL, value.get()); 170 value.reset(DecodeIntegerValue(static_cast<google::protobuf::int64>(min))); 171 ASSERT_TRUE(value.get()); 172 FundamentalValue expected_min(min); 173 EXPECT_TRUE(value->Equals(&expected_min)); 174 value.reset( 175 DecodeIntegerValue(static_cast<google::protobuf::int64>(max + 1LL))); 176 EXPECT_EQ(NULL, value.get()); 177 value.reset(DecodeIntegerValue(static_cast<google::protobuf::int64>(max))); 178 ASSERT_TRUE(value.get()); 179 FundamentalValue expected_max(max); 180 EXPECT_TRUE(value->Equals(&expected_max)); 181 } 182 183 TEST_F(UserPolicyCacheTest, DecodeStringList) { 184 em::StringList string_list; 185 string_list.add_entries("ponies"); 186 string_list.add_entries("more ponies"); 187 scoped_ptr<ListValue> decoded(DecodeStringList(string_list)); 188 ListValue expected; 189 expected.Append(Value::CreateStringValue("ponies")); 190 expected.Append(Value::CreateStringValue("more ponies")); 191 EXPECT_TRUE(decoded->Equals(&expected)); 192 } 193 194 TEST_F(UserPolicyCacheTest, Empty) { 195 UserPolicyCache cache(test_file()); 196 PolicyMap empty; 197 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 198 EXPECT_TRUE(empty.Equals(recommended_policy(cache))); 199 EXPECT_EQ(base::Time(), cache.last_policy_refresh_time()); 200 } 201 202 TEST_F(UserPolicyCacheTest, LoadNoFile) { 203 UserPolicyCache cache(test_file()); 204 cache.Load(); 205 PolicyMap empty; 206 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 207 EXPECT_EQ(base::Time(), cache.last_policy_refresh_time()); 208 } 209 210 TEST_F(UserPolicyCacheTest, RejectFuture) { 211 scoped_ptr<em::PolicyFetchResponse> policy_response( 212 CreateHomepagePolicy("", base::Time::NowFromSystemTime() + 213 base::TimeDelta::FromMinutes(5), 214 em::PolicyOptions::MANDATORY)); 215 WritePolicy(*policy_response); 216 UserPolicyCache cache(test_file()); 217 cache.Load(); 218 PolicyMap empty; 219 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 220 EXPECT_EQ(base::Time(), cache.last_policy_refresh_time()); 221 } 222 223 TEST_F(UserPolicyCacheTest, LoadWithFile) { 224 scoped_ptr<em::PolicyFetchResponse> policy_response( 225 CreateHomepagePolicy("", base::Time::NowFromSystemTime(), 226 em::PolicyOptions::MANDATORY)); 227 WritePolicy(*policy_response); 228 UserPolicyCache cache(test_file()); 229 cache.Load(); 230 PolicyMap empty; 231 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 232 EXPECT_NE(base::Time(), cache.last_policy_refresh_time()); 233 EXPECT_GE(base::Time::Now(), cache.last_policy_refresh_time()); 234 } 235 236 TEST_F(UserPolicyCacheTest, LoadWithData) { 237 scoped_ptr<em::PolicyFetchResponse> policy( 238 CreateHomepagePolicy("http://www.example.com", 239 base::Time::NowFromSystemTime(), 240 em::PolicyOptions::MANDATORY)); 241 WritePolicy(*policy); 242 UserPolicyCache cache(test_file()); 243 cache.Load(); 244 PolicyMap expected; 245 expected.Set(kPolicyHomepageLocation, 246 Value::CreateStringValue("http://www.example.com")); 247 EXPECT_TRUE(expected.Equals(mandatory_policy(cache))); 248 } 249 250 TEST_F(UserPolicyCacheTest, SetPolicy) { 251 UserPolicyCache cache(test_file()); 252 em::PolicyFetchResponse* policy = 253 CreateHomepagePolicy("http://www.example.com", 254 base::Time::NowFromSystemTime(), 255 em::PolicyOptions::MANDATORY); 256 SetPolicy(&cache, policy, true); 257 em::PolicyFetchResponse* policy2 = 258 CreateHomepagePolicy("http://www.example.com", 259 base::Time::NowFromSystemTime(), 260 em::PolicyOptions::MANDATORY); 261 SetPolicy(&cache, policy2, false); 262 PolicyMap expected; 263 expected.Set(kPolicyHomepageLocation, 264 Value::CreateStringValue("http://www.example.com")); 265 PolicyMap empty; 266 EXPECT_TRUE(expected.Equals(mandatory_policy(cache))); 267 EXPECT_TRUE(empty.Equals(recommended_policy(cache))); 268 policy = CreateHomepagePolicy("http://www.example.com", 269 base::Time::NowFromSystemTime(), 270 em::PolicyOptions::RECOMMENDED); 271 SetPolicy(&cache, policy, true); 272 EXPECT_TRUE(expected.Equals(recommended_policy(cache))); 273 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 274 } 275 276 TEST_F(UserPolicyCacheTest, ResetPolicy) { 277 UserPolicyCache cache(test_file()); 278 279 em::PolicyFetchResponse* policy = 280 CreateHomepagePolicy("http://www.example.com", 281 base::Time::NowFromSystemTime(), 282 em::PolicyOptions::MANDATORY); 283 SetPolicy(&cache, policy, true); 284 PolicyMap expected; 285 expected.Set(kPolicyHomepageLocation, 286 Value::CreateStringValue("http://www.example.com")); 287 EXPECT_TRUE(expected.Equals(mandatory_policy(cache))); 288 289 em::PolicyFetchResponse* empty_policy = 290 CreateHomepagePolicy("", base::Time::NowFromSystemTime(), 291 em::PolicyOptions::MANDATORY); 292 SetPolicy(&cache, empty_policy, true); 293 PolicyMap empty; 294 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 295 } 296 297 TEST_F(UserPolicyCacheTest, PersistPolicy) { 298 { 299 UserPolicyCache cache(test_file()); 300 scoped_ptr<em::PolicyFetchResponse> policy( 301 CreateHomepagePolicy("http://www.example.com", 302 base::Time::NowFromSystemTime(), 303 em::PolicyOptions::MANDATORY)); 304 cache.SetPolicy(*policy); 305 } 306 307 loop_.RunAllPending(); 308 309 EXPECT_TRUE(file_util::PathExists(test_file())); 310 UserPolicyCache cache(test_file()); 311 cache.Load(); 312 PolicyMap expected; 313 expected.Set(kPolicyHomepageLocation, 314 Value::CreateStringValue("http://www.example.com")); 315 EXPECT_TRUE(expected.Equals(mandatory_policy(cache))); 316 } 317 318 TEST_F(UserPolicyCacheTest, FreshPolicyOverride) { 319 scoped_ptr<em::PolicyFetchResponse> policy( 320 CreateHomepagePolicy("http://www.example.com", 321 base::Time::NowFromSystemTime(), 322 em::PolicyOptions::MANDATORY)); 323 WritePolicy(*policy); 324 325 UserPolicyCache cache(test_file()); 326 em::PolicyFetchResponse* updated_policy = 327 CreateHomepagePolicy("http://www.chromium.org", 328 base::Time::NowFromSystemTime(), 329 em::PolicyOptions::MANDATORY); 330 SetPolicy(&cache, updated_policy, true); 331 332 cache.Load(); 333 PolicyMap expected; 334 expected.Set(kPolicyHomepageLocation, 335 Value::CreateStringValue("http://www.chromium.org")); 336 EXPECT_TRUE(expected.Equals(mandatory_policy(cache))); 337 } 338 339 // Test case for the temporary support for GenericNamedValues in the 340 // CloudPolicySettings protobuf. Can be removed when this support is no longer 341 // required. 342 TEST_F(UserPolicyCacheTest, OldStylePolicy) { 343 UserPolicyCache cache(test_file()); 344 em::PolicyFetchResponse* policy = new em::PolicyFetchResponse(); 345 em::PolicyData signed_response; 346 em::LegacyChromeSettingsProto settings; 347 em::GenericNamedValue* named_value = settings.add_named_value(); 348 named_value->set_name("HomepageLocation"); 349 em::GenericValue* value_container = named_value->mutable_value(); 350 value_container->set_value_type(em::GenericValue::VALUE_TYPE_STRING); 351 value_container->set_string_value("http://www.example.com"); 352 EXPECT_TRUE( 353 settings.SerializeToString(signed_response.mutable_policy_value())); 354 base::TimeDelta timestamp = 355 base::Time::NowFromSystemTime() - base::Time::UnixEpoch(); 356 signed_response.set_timestamp(timestamp.InMilliseconds()); 357 EXPECT_TRUE( 358 signed_response.SerializeToString(policy->mutable_policy_data())); 359 360 SetPolicy(&cache, policy, true); 361 PolicyMap expected; 362 expected.Set(kPolicyHomepageLocation, 363 Value::CreateStringValue("http://www.example.com")); 364 PolicyMap empty; 365 EXPECT_TRUE(expected.Equals(mandatory_policy(cache))); 366 EXPECT_TRUE(empty.Equals(recommended_policy(cache))); 367 // If new-style policy comes in, it should override old-style policy. 368 policy = CreateHomepagePolicy("http://www.example.com", 369 base::Time::NowFromSystemTime(), 370 em::PolicyOptions::RECOMMENDED); 371 SetPolicy(&cache, policy, true); 372 EXPECT_TRUE(expected.Equals(recommended_policy(cache))); 373 EXPECT_TRUE(empty.Equals(mandatory_policy(cache))); 374 } 375 376 } // namespace policy 377
