1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 6 7 #include <vector> 8 9 #include "base/basictypes.h" 10 #include "base/compiler_specific.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/run_loop.h" 13 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 14 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 15 #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" 16 #include "chromeos/cryptohome/cryptohome_library.h" 17 #include "chromeos/dbus/cryptohome_client.h" 18 #include "policy/policy_constants.h" 19 #include "testing/gtest/include/gtest/gtest.h" 20 21 namespace policy { 22 23 namespace { 24 25 void CopyLockResult(base::RunLoop* loop, 26 EnterpriseInstallAttributes::LockResult* out, 27 EnterpriseInstallAttributes::LockResult result) { 28 *out = result; 29 loop->Quit(); 30 } 31 32 } // namespace 33 34 class DeviceCloudPolicyStoreChromeOSTest 35 : public chromeos::DeviceSettingsTestBase { 36 protected: 37 DeviceCloudPolicyStoreChromeOSTest() 38 : cryptohome_library_(chromeos::CryptohomeLibrary::GetTestImpl()), 39 stub_cryptohome_client_(chromeos::CryptohomeClient::Create( 40 chromeos::STUB_DBUS_CLIENT_IMPLEMENTATION, NULL)), 41 install_attributes_(new EnterpriseInstallAttributes( 42 cryptohome_library_.get(), stub_cryptohome_client_.get())), 43 store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 44 install_attributes_.get())) {} 45 46 virtual void SetUp() OVERRIDE { 47 DeviceSettingsTestBase::SetUp(); 48 49 base::RunLoop loop; 50 EnterpriseInstallAttributes::LockResult result; 51 install_attributes_->LockDevice( 52 PolicyBuilder::kFakeUsername, 53 DEVICE_MODE_ENTERPRISE, 54 PolicyBuilder::kFakeDeviceId, 55 base::Bind(&CopyLockResult, &loop, &result)); 56 loop.Run(); 57 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result); 58 } 59 60 void ExpectFailure(CloudPolicyStore::Status expected_status) { 61 EXPECT_EQ(expected_status, store_->status()); 62 EXPECT_TRUE(store_->is_initialized()); 63 EXPECT_FALSE(store_->has_policy()); 64 EXPECT_FALSE(store_->is_managed()); 65 } 66 67 void ExpectSuccess() { 68 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 69 EXPECT_TRUE(store_->is_initialized()); 70 EXPECT_TRUE(store_->has_policy()); 71 EXPECT_TRUE(store_->is_managed()); 72 EXPECT_TRUE(store_->policy()); 73 base::FundamentalValue expected(false); 74 EXPECT_TRUE( 75 base::Value::Equals(&expected, 76 store_->policy_map().GetValue( 77 key::kDeviceMetricsReportingEnabled))); 78 } 79 80 void PrepareExistingPolicy() { 81 store_->Load(); 82 FlushDeviceSettings(); 83 ExpectSuccess(); 84 85 device_policy_.UnsetNewSigningKey(); 86 device_policy_.Build(); 87 } 88 89 void PrepareNewSigningKey() { 90 device_policy_.SetDefaultNewSigningKey(); 91 device_policy_.Build(); 92 owner_key_util_->SetPublicKeyFromPrivateKey( 93 *device_policy_.GetNewSigningKey()); 94 } 95 96 void ResetToNonEnterprise() { 97 store_.reset(); 98 cryptohome_library_->InstallAttributesSet("enterprise.owned", 99 std::string()); 100 install_attributes_.reset(new EnterpriseInstallAttributes( 101 cryptohome_library_.get(), stub_cryptohome_client_.get())); 102 store_.reset(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_, 103 install_attributes_.get())); 104 } 105 106 scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_library_; 107 scoped_ptr<chromeos::CryptohomeClient> stub_cryptohome_client_; 108 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 109 110 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_; 111 112 private: 113 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest); 114 }; 115 116 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) { 117 owner_key_util_->Clear(); 118 store_->Load(); 119 FlushDeviceSettings(); 120 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 121 } 122 123 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 124 device_settings_test_helper_.set_policy_blob(std::string()); 125 store_->Load(); 126 FlushDeviceSettings(); 127 ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR); 128 } 129 130 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) { 131 ResetToNonEnterprise(); 132 store_->Load(); 133 FlushDeviceSettings(); 134 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 135 } 136 137 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) { 138 store_->Load(); 139 FlushDeviceSettings(); 140 ExpectSuccess(); 141 } 142 143 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) { 144 PrepareExistingPolicy(); 145 store_->Store(device_policy_.policy()); 146 FlushDeviceSettings(); 147 ExpectSuccess(); 148 } 149 150 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) { 151 PrepareExistingPolicy(); 152 device_policy_.policy().clear_policy_data_signature(); 153 store_->Store(device_policy_.policy()); 154 FlushDeviceSettings(); 155 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 156 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 157 store_->validation_status()); 158 } 159 160 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) { 161 PrepareExistingPolicy(); 162 device_policy_.policy().set_policy_data_signature("invalid"); 163 store_->Store(device_policy_.policy()); 164 FlushDeviceSettings(); 165 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 166 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE, 167 store_->validation_status()); 168 } 169 170 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) { 171 PrepareExistingPolicy(); 172 device_policy_.SetDefaultNewSigningKey(); 173 device_policy_.Build(); 174 store_->Store(device_policy_.policy()); 175 device_settings_test_helper_.FlushLoops(); 176 device_settings_test_helper_.FlushStore(); 177 owner_key_util_->SetPublicKeyFromPrivateKey( 178 *device_policy_.GetNewSigningKey()); 179 ReloadDeviceSettings(); 180 ExpectSuccess(); 181 } 182 183 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) { 184 PrepareNewSigningKey(); 185 store_->InstallInitialPolicy(device_policy_.policy()); 186 FlushDeviceSettings(); 187 ExpectSuccess(); 188 } 189 190 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) { 191 PrepareNewSigningKey(); 192 device_policy_.policy().clear_policy_data_signature(); 193 store_->InstallInitialPolicy(device_policy_.policy()); 194 FlushDeviceSettings(); 195 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 196 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 197 store_->validation_status()); 198 } 199 200 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) { 201 PrepareNewSigningKey(); 202 device_policy_.policy().clear_new_public_key(); 203 store_->InstallInitialPolicy(device_policy_.policy()); 204 FlushDeviceSettings(); 205 ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR); 206 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE, 207 store_->validation_status()); 208 } 209 210 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) { 211 PrepareNewSigningKey(); 212 ResetToNonEnterprise(); 213 store_->InstallInitialPolicy(device_policy_.policy()); 214 FlushDeviceSettings(); 215 ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE); 216 } 217 218 } // namespace policy 219