Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
      6 
      7 #include <vector>
      8 
      9 #include "base/basictypes.h"
     10 #include "base/compiler_specific.h"
     11 #include "base/memory/scoped_ptr.h"
     12 #include "base/run_loop.h"
     13 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
     14 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
     15 #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h"
     16 #include "chromeos/cryptohome/cryptohome_library.h"
     17 #include "chromeos/dbus/cryptohome_client.h"
     18 #include "policy/policy_constants.h"
     19 #include "testing/gtest/include/gtest/gtest.h"
     20 
     21 namespace policy {
     22 
     23 namespace {
     24 
     25 void CopyLockResult(base::RunLoop* loop,
     26                     EnterpriseInstallAttributes::LockResult* out,
     27                     EnterpriseInstallAttributes::LockResult result) {
     28   *out = result;
     29   loop->Quit();
     30 }
     31 
     32 }  // namespace
     33 
     34 class DeviceCloudPolicyStoreChromeOSTest
     35     : public chromeos::DeviceSettingsTestBase {
     36  protected:
     37   DeviceCloudPolicyStoreChromeOSTest()
     38       : cryptohome_library_(chromeos::CryptohomeLibrary::GetTestImpl()),
     39         stub_cryptohome_client_(chromeos::CryptohomeClient::Create(
     40             chromeos::STUB_DBUS_CLIENT_IMPLEMENTATION, NULL)),
     41         install_attributes_(new EnterpriseInstallAttributes(
     42             cryptohome_library_.get(), stub_cryptohome_client_.get())),
     43         store_(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
     44                                                   install_attributes_.get())) {}
     45 
     46   virtual void SetUp() OVERRIDE {
     47     DeviceSettingsTestBase::SetUp();
     48 
     49     base::RunLoop loop;
     50     EnterpriseInstallAttributes::LockResult result;
     51     install_attributes_->LockDevice(
     52         PolicyBuilder::kFakeUsername,
     53         DEVICE_MODE_ENTERPRISE,
     54         PolicyBuilder::kFakeDeviceId,
     55         base::Bind(&CopyLockResult, &loop, &result));
     56     loop.Run();
     57     ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, result);
     58   }
     59 
     60   void ExpectFailure(CloudPolicyStore::Status expected_status) {
     61     EXPECT_EQ(expected_status, store_->status());
     62     EXPECT_TRUE(store_->is_initialized());
     63     EXPECT_FALSE(store_->has_policy());
     64     EXPECT_FALSE(store_->is_managed());
     65   }
     66 
     67   void ExpectSuccess() {
     68     EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status());
     69     EXPECT_TRUE(store_->is_initialized());
     70     EXPECT_TRUE(store_->has_policy());
     71     EXPECT_TRUE(store_->is_managed());
     72     EXPECT_TRUE(store_->policy());
     73     base::FundamentalValue expected(false);
     74     EXPECT_TRUE(
     75         base::Value::Equals(&expected,
     76                             store_->policy_map().GetValue(
     77                                 key::kDeviceMetricsReportingEnabled)));
     78   }
     79 
     80   void PrepareExistingPolicy() {
     81     store_->Load();
     82     FlushDeviceSettings();
     83     ExpectSuccess();
     84 
     85     device_policy_.UnsetNewSigningKey();
     86     device_policy_.Build();
     87   }
     88 
     89   void PrepareNewSigningKey() {
     90     device_policy_.SetDefaultNewSigningKey();
     91     device_policy_.Build();
     92     owner_key_util_->SetPublicKeyFromPrivateKey(
     93         *device_policy_.GetNewSigningKey());
     94   }
     95 
     96   void ResetToNonEnterprise() {
     97     store_.reset();
     98     cryptohome_library_->InstallAttributesSet("enterprise.owned",
     99                                               std::string());
    100     install_attributes_.reset(new EnterpriseInstallAttributes(
    101         cryptohome_library_.get(), stub_cryptohome_client_.get()));
    102     store_.reset(new DeviceCloudPolicyStoreChromeOS(&device_settings_service_,
    103                                                     install_attributes_.get()));
    104   }
    105 
    106   scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_library_;
    107   scoped_ptr<chromeos::CryptohomeClient> stub_cryptohome_client_;
    108   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
    109 
    110   scoped_ptr<DeviceCloudPolicyStoreChromeOS> store_;
    111 
    112  private:
    113   DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOSTest);
    114 };
    115 
    116 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoKey) {
    117   owner_key_util_->Clear();
    118   store_->Load();
    119   FlushDeviceSettings();
    120   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
    121 }
    122 
    123 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNoPolicy) {
    124   device_settings_test_helper_.set_policy_blob(std::string());
    125   store_->Load();
    126   FlushDeviceSettings();
    127   ExpectFailure(CloudPolicyStore::STATUS_LOAD_ERROR);
    128 }
    129 
    130 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadNotEnterprise) {
    131   ResetToNonEnterprise();
    132   store_->Load();
    133   FlushDeviceSettings();
    134   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
    135 }
    136 
    137 TEST_F(DeviceCloudPolicyStoreChromeOSTest, LoadSuccess) {
    138   store_->Load();
    139   FlushDeviceSettings();
    140   ExpectSuccess();
    141 }
    142 
    143 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreSuccess) {
    144   PrepareExistingPolicy();
    145   store_->Store(device_policy_.policy());
    146   FlushDeviceSettings();
    147   ExpectSuccess();
    148 }
    149 
    150 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreNoSignature) {
    151   PrepareExistingPolicy();
    152   device_policy_.policy().clear_policy_data_signature();
    153   store_->Store(device_policy_.policy());
    154   FlushDeviceSettings();
    155   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
    156   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
    157             store_->validation_status());
    158 }
    159 
    160 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreBadSignature) {
    161   PrepareExistingPolicy();
    162   device_policy_.policy().set_policy_data_signature("invalid");
    163   store_->Store(device_policy_.policy());
    164   FlushDeviceSettings();
    165   EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status());
    166   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE,
    167             store_->validation_status());
    168 }
    169 
    170 TEST_F(DeviceCloudPolicyStoreChromeOSTest, StoreKeyRotation) {
    171   PrepareExistingPolicy();
    172   device_policy_.SetDefaultNewSigningKey();
    173   device_policy_.Build();
    174   store_->Store(device_policy_.policy());
    175   device_settings_test_helper_.FlushLoops();
    176   device_settings_test_helper_.FlushStore();
    177   owner_key_util_->SetPublicKeyFromPrivateKey(
    178       *device_policy_.GetNewSigningKey());
    179   ReloadDeviceSettings();
    180   ExpectSuccess();
    181 }
    182 
    183 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicySuccess) {
    184   PrepareNewSigningKey();
    185   store_->InstallInitialPolicy(device_policy_.policy());
    186   FlushDeviceSettings();
    187   ExpectSuccess();
    188 }
    189 
    190 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoSignature) {
    191   PrepareNewSigningKey();
    192   device_policy_.policy().clear_policy_data_signature();
    193   store_->InstallInitialPolicy(device_policy_.policy());
    194   FlushDeviceSettings();
    195   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
    196   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
    197             store_->validation_status());
    198 }
    199 
    200 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNoKey) {
    201   PrepareNewSigningKey();
    202   device_policy_.policy().clear_new_public_key();
    203   store_->InstallInitialPolicy(device_policy_.policy());
    204   FlushDeviceSettings();
    205   ExpectFailure(CloudPolicyStore::STATUS_VALIDATION_ERROR);
    206   EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_BAD_INITIAL_SIGNATURE,
    207             store_->validation_status());
    208 }
    209 
    210 TEST_F(DeviceCloudPolicyStoreChromeOSTest, InstallInitialPolicyNotEnterprise) {
    211   PrepareNewSigningKey();
    212   ResetToNonEnterprise();
    213   store_->InstallInitialPolicy(device_policy_.policy());
    214   FlushDeviceSettings();
    215   ExpectFailure(CloudPolicyStore::STATUS_BAD_STATE);
    216 }
    217 
    218 }  // namespace policy
    219