1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/settings/device_settings_service.h" 6 7 #include "base/basictypes.h" 8 #include "base/bind.h" 9 #include "base/bind_helpers.h" 10 #include "base/compiler_specific.h" 11 #include "base/time/time.h" 12 #include "chrome/browser/chromeos/ownership/owner_settings_service.h" 13 #include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" 14 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 15 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 16 #include "chrome/test/base/testing_profile.h" 17 #include "components/policy/core/common/cloud/cloud_policy_constants.h" 18 #include "policy/proto/device_management_backend.pb.h" 19 #include "testing/gmock/include/gmock/gmock.h" 20 #include "testing/gtest/include/gtest/gtest.h" 21 22 namespace em = enterprise_management; 23 24 using ::testing::Mock; 25 26 namespace chromeos { 27 28 namespace { 29 30 class MockDeviceSettingsObserver : public DeviceSettingsService::Observer { 31 public: 32 virtual ~MockDeviceSettingsObserver() {} 33 34 MOCK_METHOD0(OwnershipStatusChanged, void()); 35 MOCK_METHOD0(DeviceSettingsUpdated, void()); 36 }; 37 38 } // namespace 39 40 class DeviceSettingsServiceTest : public DeviceSettingsTestBase { 41 public: 42 void SetOperationCompleted() { 43 operation_completed_ = true; 44 } 45 46 void SetOwnershipStatus( 47 DeviceSettingsService::OwnershipStatus ownership_status) { 48 ownership_status_ = ownership_status; 49 } 50 51 void OnIsOwner(bool is_owner) { 52 is_owner_ = is_owner; 53 is_owner_set_ = true; 54 } 55 56 protected: 57 DeviceSettingsServiceTest() 58 : operation_completed_(false), 59 is_owner_(true), 60 is_owner_set_(false), 61 ownership_status_(DeviceSettingsService::OWNERSHIP_UNKNOWN) {} 62 63 virtual void SetUp() OVERRIDE { 64 device_policy_.payload().mutable_device_policy_refresh_rate()-> 65 set_device_policy_refresh_rate(120); 66 DeviceSettingsTestBase::SetUp(); 67 } 68 69 void CheckPolicy() { 70 ASSERT_TRUE(device_settings_service_.policy_data()); 71 EXPECT_EQ(device_policy_.policy_data().SerializeAsString(), 72 device_settings_service_.policy_data()->SerializeAsString()); 73 ASSERT_TRUE(device_settings_service_.device_settings()); 74 EXPECT_EQ(device_policy_.payload().SerializeAsString(), 75 device_settings_service_.device_settings()->SerializeAsString()); 76 } 77 78 bool operation_completed_; 79 bool is_owner_; 80 bool is_owner_set_; 81 DeviceSettingsService::OwnershipStatus ownership_status_; 82 83 private: 84 DISALLOW_COPY_AND_ASSIGN(DeviceSettingsServiceTest); 85 }; 86 87 TEST_F(DeviceSettingsServiceTest, LoadNoKey) { 88 owner_key_util_->Clear(); 89 ReloadDeviceSettings(); 90 91 EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE, 92 device_settings_service_.status()); 93 EXPECT_FALSE(device_settings_service_.policy_data()); 94 EXPECT_FALSE(device_settings_service_.device_settings()); 95 } 96 97 TEST_F(DeviceSettingsServiceTest, LoadNoPolicy) { 98 device_settings_test_helper_.set_policy_blob(std::string()); 99 ReloadDeviceSettings(); 100 101 EXPECT_EQ(DeviceSettingsService::STORE_NO_POLICY, 102 device_settings_service_.status()); 103 EXPECT_FALSE(device_settings_service_.policy_data()); 104 EXPECT_FALSE(device_settings_service_.device_settings()); 105 } 106 107 TEST_F(DeviceSettingsServiceTest, LoadValidationError) { 108 device_policy_.policy().set_policy_data_signature("bad"); 109 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 110 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 111 ReloadDeviceSettings(); 112 113 EXPECT_EQ(DeviceSettingsService::STORE_VALIDATION_ERROR, 114 device_settings_service_.status()); 115 EXPECT_FALSE(device_settings_service_.policy_data()); 116 EXPECT_FALSE(device_settings_service_.device_settings()); 117 } 118 119 TEST_F(DeviceSettingsServiceTest, LoadValidationErrorFutureTimestamp) { 120 base::Time timestamp(base::Time::NowFromSystemTime() + 121 base::TimeDelta::FromDays(5000)); 122 device_policy_.policy_data().set_timestamp( 123 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); 124 device_policy_.Build(); 125 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 126 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 127 ReloadDeviceSettings(); 128 129 // Loading a cached device policy with a timestamp in the future should work, 130 // since this may be due to a broken clock on the client device. 131 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 132 device_settings_service_.status()); 133 CheckPolicy(); 134 } 135 136 TEST_F(DeviceSettingsServiceTest, LoadSuccess) { 137 ReloadDeviceSettings(); 138 139 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 140 device_settings_service_.status()); 141 CheckPolicy(); 142 } 143 144 TEST_F(DeviceSettingsServiceTest, SignAndStoreNoKey) { 145 ReloadDeviceSettings(); 146 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 147 device_settings_service_.status()); 148 149 scoped_ptr<em::ChromeDeviceSettingsProto> new_device_settings( 150 new em::ChromeDeviceSettingsProto(device_policy_.payload())); 151 new_device_settings->mutable_device_policy_refresh_rate()-> 152 set_device_policy_refresh_rate(300); 153 device_settings_service_.SignAndStore( 154 new_device_settings.Pass(), 155 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 156 base::Unretained(this))); 157 FlushDeviceSettings(); 158 EXPECT_TRUE(operation_completed_); 159 EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE, 160 device_settings_service_.status()); 161 CheckPolicy(); 162 } 163 164 TEST_F(DeviceSettingsServiceTest, SignAndStoreFailure) { 165 ReloadDeviceSettings(); 166 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 167 device_settings_service_.status()); 168 169 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 170 InitOwner(device_policy_.policy_data().username(), true); 171 FlushDeviceSettings(); 172 173 scoped_ptr<em::ChromeDeviceSettingsProto> new_device_settings( 174 new em::ChromeDeviceSettingsProto(device_policy_.payload())); 175 new_device_settings->mutable_device_policy_refresh_rate()-> 176 set_device_policy_refresh_rate(300); 177 device_settings_test_helper_.set_store_result(false); 178 device_settings_service_.SignAndStore( 179 new_device_settings.Pass(), 180 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 181 base::Unretained(this))); 182 FlushDeviceSettings(); 183 EXPECT_TRUE(operation_completed_); 184 EXPECT_EQ(DeviceSettingsService::STORE_OPERATION_FAILED, 185 device_settings_service_.status()); 186 CheckPolicy(); 187 } 188 189 TEST_F(DeviceSettingsServiceTest, SignAndStoreSuccess) { 190 const base::Time before(base::Time::Now()); 191 ReloadDeviceSettings(); 192 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 193 device_settings_service_.status()); 194 195 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 196 InitOwner(device_policy_.policy_data().username(), true); 197 FlushDeviceSettings(); 198 199 device_policy_.payload().mutable_device_policy_refresh_rate()-> 200 set_device_policy_refresh_rate(300); 201 device_policy_.Build(); 202 device_settings_service_.SignAndStore( 203 scoped_ptr<em::ChromeDeviceSettingsProto>( 204 new em::ChromeDeviceSettingsProto(device_policy_.payload())), 205 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 206 base::Unretained(this))); 207 FlushDeviceSettings(); 208 const base::Time after(base::Time::Now()); 209 210 EXPECT_TRUE(operation_completed_); 211 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 212 device_settings_service_.status()); 213 ASSERT_TRUE(device_settings_service_.device_settings()); 214 EXPECT_EQ(device_policy_.payload().SerializeAsString(), 215 device_settings_service_.device_settings()->SerializeAsString()); 216 217 // Check that the loaded policy_data contains the expected values. 218 const em::PolicyData* policy_data = device_settings_service_.policy_data(); 219 EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType, 220 policy_data->policy_type()); 221 EXPECT_LE((before - base::Time::UnixEpoch()).InMilliseconds(), 222 policy_data->timestamp()); 223 EXPECT_GE((after - base::Time::UnixEpoch()).InMilliseconds(), 224 policy_data->timestamp()); 225 EXPECT_EQ(device_settings_service_.GetUsername(), 226 policy_data->username()); 227 } 228 229 TEST_F(DeviceSettingsServiceTest, SetManagementSettingsModeTransition) { 230 ReloadDeviceSettings(); 231 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 232 device_settings_service_.status()); 233 234 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 235 InitOwner(device_policy_.policy_data().username(), true); 236 FlushDeviceSettings(); 237 238 // The initial management mode should be NOT_MANAGED. 239 EXPECT_EQ(em::PolicyData::NOT_MANAGED, 240 device_settings_service_.policy_data()->management_mode()); 241 242 // NOT_MANAGED -> CONSUMER_MANAGED: Okay. 243 device_settings_service_.SetManagementSettings( 244 em::PolicyData::CONSUMER_MANAGED, 245 "fake_request_token", 246 "fake_device_id", 247 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 248 base::Unretained(this))); 249 FlushDeviceSettings(); 250 251 EXPECT_TRUE(operation_completed_); 252 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 253 device_settings_service_.status()); 254 EXPECT_EQ(em::PolicyData::CONSUMER_MANAGED, 255 device_settings_service_.policy_data()->management_mode()); 256 257 // CONSUMER_MANAGED -> ENTERPRISE_MANAGED: Invalid. 258 device_settings_service_.SetManagementSettings( 259 em::PolicyData::ENTERPRISE_MANAGED, 260 "fake_request_token", 261 "fake_device_id", 262 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 263 base::Unretained(this))); 264 FlushDeviceSettings(); 265 266 EXPECT_TRUE(operation_completed_); 267 EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR, 268 device_settings_service_.status()); 269 EXPECT_EQ(em::PolicyData::CONSUMER_MANAGED, 270 device_settings_service_.policy_data()->management_mode()); 271 272 // CONSUMER_MANAGED -> NOT_MANAGED: Okay. 273 device_settings_service_.SetManagementSettings( 274 em::PolicyData::NOT_MANAGED, 275 "fake_request_token", 276 "fake_device_id", 277 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 278 base::Unretained(this))); 279 FlushDeviceSettings(); 280 281 EXPECT_TRUE(operation_completed_); 282 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 283 device_settings_service_.status()); 284 EXPECT_EQ(em::PolicyData::NOT_MANAGED, 285 device_settings_service_.policy_data()->management_mode()); 286 287 // NOT_MANAGED -> ENTERPRISE_MANAGED: Invalid. 288 device_settings_service_.SetManagementSettings( 289 em::PolicyData::ENTERPRISE_MANAGED, 290 "fake_request_token", 291 "fake_device_id", 292 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 293 base::Unretained(this))); 294 FlushDeviceSettings(); 295 296 EXPECT_TRUE(operation_completed_); 297 EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR, 298 device_settings_service_.status()); 299 EXPECT_EQ(em::PolicyData::NOT_MANAGED, 300 device_settings_service_.policy_data()->management_mode()); 301 302 // Inject a policy data with management mode set to ENTERPRISE_MANAGED. 303 device_policy_.policy_data().set_management_mode( 304 em::PolicyData::ENTERPRISE_MANAGED); 305 device_policy_.Build(); 306 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 307 ReloadDeviceSettings(); 308 EXPECT_EQ(em::PolicyData::ENTERPRISE_MANAGED, 309 device_settings_service_.policy_data()->management_mode()); 310 311 // ENTERPRISE_MANAGED -> NOT_MANAGED: Invalid. 312 device_settings_service_.SetManagementSettings( 313 em::PolicyData::NOT_MANAGED, 314 "fake_request_token", 315 "fake_device_id", 316 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 317 base::Unretained(this))); 318 FlushDeviceSettings(); 319 320 EXPECT_TRUE(operation_completed_); 321 EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR, 322 device_settings_service_.status()); 323 EXPECT_EQ(em::PolicyData::ENTERPRISE_MANAGED, 324 device_settings_service_.policy_data()->management_mode()); 325 326 // ENTERPRISE_MANAGED -> CONSUMER_MANAGED: Invalid. 327 device_settings_service_.SetManagementSettings( 328 em::PolicyData::CONSUMER_MANAGED, 329 "fake_request_token", 330 "fake_device_id", 331 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 332 base::Unretained(this))); 333 FlushDeviceSettings(); 334 335 EXPECT_TRUE(operation_completed_); 336 EXPECT_EQ(DeviceSettingsService::STORE_POLICY_ERROR, 337 device_settings_service_.status()); 338 EXPECT_EQ(em::PolicyData::ENTERPRISE_MANAGED, 339 device_settings_service_.policy_data()->management_mode()); 340 341 } 342 343 TEST_F(DeviceSettingsServiceTest, SetManagementSettingsSuccess) { 344 ReloadDeviceSettings(); 345 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 346 device_settings_service_.status()); 347 348 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 349 InitOwner(device_policy_.policy_data().username(), true); 350 FlushDeviceSettings(); 351 352 device_settings_service_.SetManagementSettings( 353 em::PolicyData::CONSUMER_MANAGED, 354 "fake_request_token", 355 "fake_device_id", 356 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 357 base::Unretained(this))); 358 FlushDeviceSettings(); 359 360 EXPECT_TRUE(operation_completed_); 361 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 362 device_settings_service_.status()); 363 ASSERT_TRUE(device_settings_service_.device_settings()); 364 365 // Check that the loaded policy_data contains the expected values. 366 const em::PolicyData* policy_data = device_settings_service_.policy_data(); 367 EXPECT_EQ(policy::dm_protocol::kChromeDevicePolicyType, 368 policy_data->policy_type()); 369 EXPECT_EQ(device_settings_service_.GetUsername(), 370 policy_data->username()); 371 EXPECT_EQ(em::PolicyData::CONSUMER_MANAGED, policy_data->management_mode()); 372 EXPECT_EQ("fake_request_token", policy_data->request_token()); 373 EXPECT_EQ("fake_device_id", policy_data->device_id()); 374 } 375 376 TEST_F(DeviceSettingsServiceTest, StoreFailure) { 377 owner_key_util_->Clear(); 378 device_settings_test_helper_.set_policy_blob(std::string()); 379 ReloadDeviceSettings(); 380 EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE, 381 device_settings_service_.status()); 382 383 device_settings_test_helper_.set_store_result(false); 384 device_settings_service_.Store( 385 device_policy_.GetCopy(), 386 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 387 base::Unretained(this))); 388 FlushDeviceSettings(); 389 EXPECT_TRUE(operation_completed_); 390 EXPECT_EQ(DeviceSettingsService::STORE_OPERATION_FAILED, 391 device_settings_service_.status()); 392 } 393 394 TEST_F(DeviceSettingsServiceTest, StoreSuccess) { 395 owner_key_util_->Clear(); 396 device_settings_test_helper_.set_policy_blob(std::string()); 397 ReloadDeviceSettings(); 398 EXPECT_EQ(DeviceSettingsService::STORE_KEY_UNAVAILABLE, 399 device_settings_service_.status()); 400 401 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 402 InitOwner(device_policy_.policy_data().username(), true); 403 device_settings_service_.Store( 404 device_policy_.GetCopy(), 405 base::Bind(&DeviceSettingsServiceTest::SetOperationCompleted, 406 base::Unretained(this))); 407 FlushDeviceSettings(); 408 EXPECT_TRUE(operation_completed_); 409 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 410 device_settings_service_.status()); 411 CheckPolicy(); 412 } 413 414 TEST_F(DeviceSettingsServiceTest, StoreRotation) { 415 ReloadDeviceSettings(); 416 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 417 device_settings_service_.status()); 418 419 device_policy_.payload().mutable_device_policy_refresh_rate()-> 420 set_device_policy_refresh_rate(300); 421 device_policy_.SetDefaultNewSigningKey(); 422 device_policy_.Build(); 423 device_settings_service_.Store(device_policy_.GetCopy(), base::Closure()); 424 FlushDeviceSettings(); 425 owner_key_util_->SetPublicKeyFromPrivateKey( 426 *device_policy_.GetNewSigningKey()); 427 device_settings_service_.OwnerKeySet(true); 428 FlushDeviceSettings(); 429 EXPECT_EQ(DeviceSettingsService::STORE_SUCCESS, 430 device_settings_service_.status()); 431 CheckPolicy(); 432 433 // Check the new key has been loaded. 434 std::vector<uint8> key; 435 ASSERT_TRUE(device_policy_.GetNewSigningKey()->ExportPublicKey(&key)); 436 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 437 } 438 439 TEST_F(DeviceSettingsServiceTest, OwnershipStatus) { 440 owner_key_util_->Clear(); 441 442 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 443 EXPECT_FALSE(device_settings_service_.GetPublicKey().get()); 444 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN, 445 device_settings_service_.GetOwnershipStatus()); 446 447 device_settings_service_.GetOwnershipStatusAsync( 448 base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus, 449 base::Unretained(this))); 450 FlushDeviceSettings(); 451 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 452 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 453 EXPECT_FALSE(device_settings_service_.GetPublicKey()->is_loaded()); 454 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_NONE, 455 device_settings_service_.GetOwnershipStatus()); 456 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_NONE, ownership_status_); 457 458 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 459 ReloadDeviceSettings(); 460 device_settings_service_.GetOwnershipStatusAsync( 461 base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus, 462 base::Unretained(this))); 463 FlushDeviceSettings(); 464 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 465 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 466 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 467 std::vector<uint8> key; 468 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 469 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 470 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 471 device_settings_service_.GetOwnershipStatus()); 472 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_); 473 474 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 475 InitOwner(device_policy_.policy_data().username(), true); 476 device_settings_service_.GetOwnershipStatusAsync( 477 base::Bind(&DeviceSettingsServiceTest::SetOwnershipStatus, 478 base::Unretained(this))); 479 FlushDeviceSettings(); 480 EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey()); 481 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 482 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 483 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 484 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 485 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 486 device_settings_service_.GetOwnershipStatus()); 487 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, ownership_status_); 488 } 489 490 TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForNonOwner) { 491 owner_key_util_->Clear(); 492 493 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 494 EXPECT_FALSE(device_settings_service_.GetPublicKey().get()); 495 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN, 496 device_settings_service_.GetOwnershipStatus()); 497 498 const std::string& user_id = device_policy_.policy_data().username(); 499 InitOwner(user_id, false); 500 OwnerSettingsService* service = 501 OwnerSettingsServiceFactory::GetForProfile(profile_.get()); 502 ASSERT_TRUE(service); 503 service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner, 504 base::Unretained(this))); 505 506 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 507 ReloadDeviceSettings(); 508 509 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 510 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 511 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 512 std::vector<uint8> key; 513 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 514 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 515 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 516 device_settings_service_.GetOwnershipStatus()); 517 EXPECT_FALSE(is_owner_set_); 518 519 service->OnTPMTokenReady(); 520 FlushDeviceSettings(); 521 522 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 523 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 524 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 525 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 526 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 527 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 528 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 529 device_settings_service_.GetOwnershipStatus()); 530 EXPECT_TRUE(is_owner_set_); 531 EXPECT_FALSE(is_owner_); 532 } 533 534 TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForOwner) { 535 owner_key_util_->Clear(); 536 537 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 538 EXPECT_FALSE(device_settings_service_.GetPublicKey().get()); 539 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN, 540 device_settings_service_.GetOwnershipStatus()); 541 542 const std::string& user_id = device_policy_.policy_data().username(); 543 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 544 InitOwner(user_id, false); 545 OwnerSettingsService* service = 546 OwnerSettingsServiceFactory::GetForProfile(profile_.get()); 547 ASSERT_TRUE(service); 548 service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner, 549 base::Unretained(this))); 550 ReloadDeviceSettings(); 551 552 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 553 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 554 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 555 std::vector<uint8> key; 556 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 557 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 558 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 559 device_settings_service_.GetOwnershipStatus()); 560 EXPECT_FALSE(is_owner_set_); 561 562 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 563 service->OnTPMTokenReady(); 564 FlushDeviceSettings(); 565 566 EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey()); 567 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 568 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 569 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 570 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 571 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 572 device_settings_service_.GetOwnershipStatus()); 573 EXPECT_TRUE(is_owner_set_); 574 EXPECT_TRUE(is_owner_); 575 } 576 577 TEST_F(DeviceSettingsServiceTest, IsCurrentUserOwnerAsyncWithLoadedCerts) { 578 owner_key_util_->Clear(); 579 580 EXPECT_FALSE(device_settings_service_.HasPrivateOwnerKey()); 581 EXPECT_FALSE(device_settings_service_.GetPublicKey().get()); 582 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_UNKNOWN, 583 device_settings_service_.GetOwnershipStatus()); 584 585 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 586 owner_key_util_->SetPrivateKey(device_policy_.GetSigningKey()); 587 588 InitOwner(device_policy_.policy_data().username(), true); 589 ReloadDeviceSettings(); 590 FlushDeviceSettings(); 591 592 EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey()); 593 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 594 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 595 std::vector<uint8> key; 596 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 597 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 598 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 599 device_settings_service_.GetOwnershipStatus()); 600 EXPECT_FALSE(is_owner_set_); 601 602 OwnerSettingsService* service = 603 OwnerSettingsServiceFactory::GetForProfile(profile_.get()); 604 ASSERT_TRUE(service); 605 service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner, 606 base::Unretained(this))); 607 // The callback should be called immediately. 608 base::MessageLoop::current()->RunUntilIdle(); 609 610 EXPECT_TRUE(device_settings_service_.HasPrivateOwnerKey()); 611 ASSERT_TRUE(device_settings_service_.GetPublicKey().get()); 612 ASSERT_TRUE(device_settings_service_.GetPublicKey()->is_loaded()); 613 ASSERT_TRUE(device_policy_.GetSigningKey()->ExportPublicKey(&key)); 614 EXPECT_EQ(device_settings_service_.GetPublicKey()->data(), key); 615 EXPECT_EQ(DeviceSettingsService::OWNERSHIP_TAKEN, 616 device_settings_service_.GetOwnershipStatus()); 617 EXPECT_TRUE(is_owner_set_); 618 EXPECT_TRUE(is_owner_); 619 } 620 621 TEST_F(DeviceSettingsServiceTest, Observer) { 622 owner_key_util_->Clear(); 623 MockDeviceSettingsObserver observer_; 624 device_settings_service_.AddObserver(&observer_); 625 626 EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(1); 627 EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1); 628 ReloadDeviceSettings(); 629 Mock::VerifyAndClearExpectations(&observer_); 630 631 EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(1); 632 EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1); 633 owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); 634 InitOwner(device_policy_.policy_data().username(), true); 635 ReloadDeviceSettings(); 636 Mock::VerifyAndClearExpectations(&observer_); 637 638 EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(0); 639 EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1); 640 device_settings_service_.Store(device_policy_.GetCopy(), base::Closure()); 641 FlushDeviceSettings(); 642 Mock::VerifyAndClearExpectations(&observer_); 643 644 EXPECT_CALL(observer_, OwnershipStatusChanged()).Times(0); 645 EXPECT_CALL(observer_, DeviceSettingsUpdated()).Times(1); 646 device_settings_service_.PropertyChangeComplete(true); 647 FlushDeviceSettings(); 648 Mock::VerifyAndClearExpectations(&observer_); 649 650 device_settings_service_.RemoveObserver(&observer_); 651 } 652 653 } // namespace chromeos 654
