Home | History | Annotate | Download | only in settings 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
      6 
      7 #include "base/basictypes.h"
      8 #include "base/bind.h"
      9 #include "base/bind_helpers.h"
     10 #include "base/memory/ref_counted.h"
     11 #include "base/memory/scoped_ptr.h"
     12 #include "base/message_loop/message_loop.h"
     13 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
     14 #include "chrome/browser/chromeos/settings/mock_owner_key_util.h"
     15 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
     16 #include "chrome/browser/policy/cloud/cloud_policy_validator.h"
     17 #include "chrome/browser/policy/cloud/policy_builder.h"
     18 #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h"
     19 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
     20 #include "content/public/test/test_browser_thread.h"
     21 #include "crypto/rsa_private_key.h"
     22 #include "testing/gmock/include/gmock/gmock.h"
     23 #include "testing/gtest/include/gtest/gtest.h"
     24 
     25 namespace em = enterprise_management;
     26 
     27 using testing::Mock;
     28 using testing::_;
     29 
     30 namespace chromeos {
     31 
     32 class SessionManagerOperationTest : public testing::Test {
     33  public:
     34   SessionManagerOperationTest()
     35       : ui_thread_(content::BrowserThread::UI, &message_loop_),
     36         file_thread_(content::BrowserThread::FILE, &message_loop_),
     37         owner_key_util_(new MockOwnerKeyUtil()),
     38         validated_(false) {}
     39 
     40   virtual void SetUp() OVERRIDE {
     41     policy_.payload().mutable_pinned_apps()->add_app_id("fake-app");
     42     policy_.Build();
     43   }
     44 
     45   MOCK_METHOD2(OnOperationCompleted,
     46                void(SessionManagerOperation*, DeviceSettingsService::Status));
     47 
     48   void CheckSuccessfulValidation(
     49       policy::DeviceCloudPolicyValidator* validator) {
     50     EXPECT_TRUE(validator->success());
     51     EXPECT_TRUE(validator->payload().get());
     52     EXPECT_EQ(validator->payload()->SerializeAsString(),
     53               policy_.payload().SerializeAsString());
     54     validated_ = true;
     55   }
     56 
     57   void CheckPublicKeyLoaded(SessionManagerOperation* op) {
     58     ASSERT_TRUE(op->owner_key().get());
     59     ASSERT_TRUE(op->owner_key()->public_key());
     60     std::vector<uint8> public_key;
     61     ASSERT_TRUE(policy_.GetSigningKey()->ExportPublicKey(&public_key));
     62     EXPECT_EQ(public_key, *op->owner_key()->public_key());
     63   }
     64 
     65   void CheckPrivateKeyLoaded(SessionManagerOperation* op) {
     66     ASSERT_TRUE(op->owner_key().get());
     67     ASSERT_TRUE(op->owner_key()->private_key());
     68     std::vector<uint8> expected_key;
     69     ASSERT_TRUE(policy_.GetSigningKey()->ExportPrivateKey(&expected_key));
     70     std::vector<uint8> actual_key;
     71     ASSERT_TRUE(op->owner_key()->private_key()->ExportPrivateKey(&actual_key));
     72     EXPECT_EQ(expected_key, actual_key);
     73   }
     74 
     75  protected:
     76   base::MessageLoop message_loop_;
     77   content::TestBrowserThread ui_thread_;
     78   content::TestBrowserThread file_thread_;
     79 
     80   policy::DevicePolicyBuilder policy_;
     81   DeviceSettingsTestHelper device_settings_test_helper_;
     82   scoped_refptr<MockOwnerKeyUtil> owner_key_util_;
     83 
     84   bool validated_;
     85 
     86  private:
     87   DISALLOW_COPY_AND_ASSIGN(SessionManagerOperationTest);
     88 };
     89 
     90 TEST_F(SessionManagerOperationTest, LoadNoPolicyNoKey) {
     91   LoadSettingsOperation op(
     92       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
     93                  base::Unretained(this)));
     94 
     95   EXPECT_CALL(*this,
     96               OnOperationCompleted(
     97                   &op, DeviceSettingsService::STORE_KEY_UNAVAILABLE));
     98   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
     99   device_settings_test_helper_.Flush();
    100   Mock::VerifyAndClearExpectations(this);
    101 
    102   EXPECT_FALSE(op.policy_data().get());
    103   EXPECT_FALSE(op.device_settings().get());
    104   ASSERT_TRUE(op.owner_key().get());
    105   EXPECT_FALSE(op.owner_key()->public_key());
    106   EXPECT_FALSE(op.owner_key()->private_key());
    107 }
    108 
    109 TEST_F(SessionManagerOperationTest, LoadOwnerKey) {
    110   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
    111   LoadSettingsOperation op(
    112       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
    113                  base::Unretained(this)));
    114 
    115   EXPECT_CALL(*this,
    116               OnOperationCompleted(
    117                   &op, DeviceSettingsService::STORE_NO_POLICY));
    118   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
    119   device_settings_test_helper_.Flush();
    120   Mock::VerifyAndClearExpectations(this);
    121 
    122   CheckPublicKeyLoaded(&op);
    123 }
    124 
    125 TEST_F(SessionManagerOperationTest, LoadPolicy) {
    126   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
    127   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
    128   LoadSettingsOperation op(
    129       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
    130                  base::Unretained(this)));
    131 
    132   EXPECT_CALL(*this,
    133               OnOperationCompleted(
    134                   &op, DeviceSettingsService::STORE_SUCCESS));
    135   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
    136   device_settings_test_helper_.Flush();
    137   Mock::VerifyAndClearExpectations(this);
    138 
    139   ASSERT_TRUE(op.policy_data().get());
    140   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
    141             op.policy_data()->SerializeAsString());
    142   ASSERT_TRUE(op.device_settings().get());
    143   EXPECT_EQ(policy_.payload().SerializeAsString(),
    144             op.device_settings()->SerializeAsString());
    145 }
    146 
    147 TEST_F(SessionManagerOperationTest, LoadPrivateOwnerKey) {
    148   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
    149   LoadSettingsOperation op(
    150       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
    151                  base::Unretained(this)));
    152 
    153   EXPECT_CALL(*this,
    154               OnOperationCompleted(
    155                   &op, DeviceSettingsService::STORE_NO_POLICY));
    156   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
    157   device_settings_test_helper_.Flush();
    158   Mock::VerifyAndClearExpectations(this);
    159 
    160   CheckPublicKeyLoaded(&op);
    161   CheckPrivateKeyLoaded(&op);
    162 }
    163 
    164 TEST_F(SessionManagerOperationTest, RestartLoad) {
    165   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
    166   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
    167   LoadSettingsOperation op(
    168       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
    169                  base::Unretained(this)));
    170 
    171   EXPECT_CALL(*this, OnOperationCompleted(&op, _)).Times(0);
    172   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
    173   device_settings_test_helper_.FlushLoops();
    174   device_settings_test_helper_.FlushRetrieve();
    175   EXPECT_TRUE(op.owner_key().get());
    176   EXPECT_TRUE(op.owner_key()->public_key());
    177   Mock::VerifyAndClearExpectations(this);
    178 
    179   // Now install a different key and policy and restart the operation.
    180   policy_.SetSigningKey(*policy::PolicyBuilder::CreateTestOtherSigningKey());
    181   policy_.payload().mutable_metrics_enabled()->set_metrics_enabled(true);
    182   policy_.Build();
    183   device_settings_test_helper_.set_policy_blob(policy_.GetBlob());
    184   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
    185 
    186   EXPECT_CALL(*this,
    187               OnOperationCompleted(
    188                   &op, DeviceSettingsService::STORE_SUCCESS));
    189   op.RestartLoad(true);
    190   device_settings_test_helper_.Flush();
    191   Mock::VerifyAndClearExpectations(this);
    192 
    193   // Check that the new keys have been loaded.
    194   CheckPublicKeyLoaded(&op);
    195   CheckPrivateKeyLoaded(&op);
    196 
    197   // Verify the new policy.
    198   ASSERT_TRUE(op.policy_data().get());
    199   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
    200             op.policy_data()->SerializeAsString());
    201   ASSERT_TRUE(op.device_settings().get());
    202   EXPECT_EQ(policy_.payload().SerializeAsString(),
    203             op.device_settings()->SerializeAsString());
    204 }
    205 
    206 TEST_F(SessionManagerOperationTest, StoreSettings) {
    207   owner_key_util_->SetPublicKeyFromPrivateKey(*policy_.GetSigningKey());
    208   StoreSettingsOperation op(
    209       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
    210                  base::Unretained(this)),
    211       policy_.GetCopy());
    212 
    213   EXPECT_CALL(*this,
    214               OnOperationCompleted(
    215                   &op, DeviceSettingsService::STORE_SUCCESS));
    216   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
    217   device_settings_test_helper_.Flush();
    218   Mock::VerifyAndClearExpectations(this);
    219 
    220   EXPECT_EQ(device_settings_test_helper_.policy_blob(),
    221             policy_.GetBlob());
    222   ASSERT_TRUE(op.policy_data().get());
    223   EXPECT_EQ(policy_.policy_data().SerializeAsString(),
    224             op.policy_data()->SerializeAsString());
    225   ASSERT_TRUE(op.device_settings().get());
    226   EXPECT_EQ(policy_.payload().SerializeAsString(),
    227             op.device_settings()->SerializeAsString());
    228 }
    229 
    230 TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
    231   base::Time before(base::Time::NowFromSystemTime());
    232   owner_key_util_->SetPrivateKey(policy_.GetSigningKey());
    233   SignAndStoreSettingsOperation op(
    234       base::Bind(&SessionManagerOperationTest::OnOperationCompleted,
    235                  base::Unretained(this)),
    236       scoped_ptr<em::ChromeDeviceSettingsProto>(
    237           new em::ChromeDeviceSettingsProto(policy_.payload())),
    238       policy_.policy_data().username());
    239 
    240   EXPECT_CALL(*this,
    241               OnOperationCompleted(
    242                   &op, DeviceSettingsService::STORE_SUCCESS));
    243   op.Start(&device_settings_test_helper_, owner_key_util_, NULL);
    244   device_settings_test_helper_.Flush();
    245   Mock::VerifyAndClearExpectations(this);
    246   base::Time after(base::Time::NowFromSystemTime());
    247 
    248   // The blob should validate.
    249   scoped_ptr<em::PolicyFetchResponse> policy_response(
    250       new em::PolicyFetchResponse());
    251   ASSERT_TRUE(
    252       policy_response->ParseFromString(
    253           device_settings_test_helper_.policy_blob()));
    254   policy::DeviceCloudPolicyValidator* validator =
    255       policy::DeviceCloudPolicyValidator::Create(policy_response.Pass());
    256   validator->ValidateUsername(policy_.policy_data().username());
    257   validator->ValidateTimestamp(
    258       before,
    259       after,
    260       policy::CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
    261   validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
    262   validator->ValidatePayload();
    263   std::vector<uint8> public_key;
    264   policy_.GetSigningKey()->ExportPublicKey(&public_key);
    265   validator->ValidateSignature(public_key, false);
    266   validator->StartValidation(
    267       base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
    268                  base::Unretained(this)));
    269 
    270   message_loop_.RunUntilIdle();
    271   EXPECT_TRUE(validated_);
    272 
    273   // Check that the loaded policy_data contains the expected values.
    274   EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType,
    275             op.policy_data()->policy_type());
    276   EXPECT_LE((before - base::Time::UnixEpoch()).InMilliseconds(),
    277             op.policy_data()->timestamp());
    278   EXPECT_GE((after - base::Time::UnixEpoch()).InMilliseconds(),
    279             op.policy_data()->timestamp());
    280   EXPECT_FALSE(op.policy_data()->has_request_token());
    281   EXPECT_EQ(policy_.policy_data().username(), op.policy_data()->username());
    282 
    283   // Loaded device settings should match what the operation received.
    284   ASSERT_TRUE(op.device_settings().get());
    285   EXPECT_EQ(policy_.payload().SerializeAsString(),
    286             op.device_settings()->SerializeAsString());
    287 }
    288 
    289 }  // namespace chromeos
    290