Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
      6 
      7 #include "base/bind.h"
      8 #include "base/bind_helpers.h"
      9 #include "base/files/file_util.h"
     10 #include "base/files/scoped_temp_dir.h"
     11 #include "base/memory/scoped_ptr.h"
     12 #include "base/path_service.h"
     13 #include "base/run_loop.h"
     14 #include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h"
     15 #include "chromeos/chromeos_paths.h"
     16 #include "chromeos/cryptohome/cryptohome_util.h"
     17 #include "chromeos/dbus/cryptohome_client.h"
     18 #include "chromeos/dbus/dbus_thread_manager.h"
     19 #include "google_apis/gaia/gaia_auth_util.h"
     20 #include "testing/gtest/include/gtest/gtest.h"
     21 
     22 namespace policy {
     23 
     24 namespace cryptohome_util = chromeos::cryptohome_util;
     25 
     26 namespace {
     27 
     28 void CopyLockResult(base::RunLoop* loop,
     29                     EnterpriseInstallAttributes::LockResult* out,
     30                     EnterpriseInstallAttributes::LockResult result) {
     31   *out = result;
     32   loop->Quit();
     33 }
     34 
     35 }  // namespace
     36 
     37 static const char kTestUser[] = "test (at) example.com";
     38 static const char kTestUserCanonicalize[] = "UPPER.CASE (at) example.com";
     39 static const char kTestDomain[] = "example.com";
     40 static const char kTestDeviceId[] = "133750519";
     41 
     42 class EnterpriseInstallAttributesTest : public testing::Test {
     43  protected:
     44   EnterpriseInstallAttributesTest() {}
     45 
     46   virtual void SetUp() OVERRIDE {
     47     ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
     48     ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
     49         chromeos::FILE_INSTALL_ATTRIBUTES, GetTempPath(), true, false));
     50     chromeos::DBusThreadManager::Initialize();
     51     install_attributes_.reset(new EnterpriseInstallAttributes(
     52         chromeos::DBusThreadManager::Get()->GetCryptohomeClient()));
     53   }
     54 
     55   virtual void TearDown() OVERRIDE {
     56     chromeos::DBusThreadManager::Shutdown();
     57   }
     58 
     59   base::FilePath GetTempPath() const {
     60     base::FilePath temp_path = base::MakeAbsoluteFilePath(temp_dir_.path());
     61     return temp_path.Append("install_attrs_test");
     62   }
     63 
     64   void SetAttribute(
     65       cryptohome::SerializedInstallAttributes* install_attrs_proto,
     66       const std::string& name,
     67       const std::string& value) {
     68     cryptohome::SerializedInstallAttributes::Attribute* attribute;
     69     attribute = install_attrs_proto->add_attributes();
     70     attribute->set_name(name);
     71     attribute->set_value(value);
     72   }
     73 
     74   base::MessageLoopForUI message_loop_;
     75   base::ScopedTempDir temp_dir_;
     76   scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
     77 
     78   EnterpriseInstallAttributes::LockResult LockDeviceAndWaitForResult(
     79       const std::string& user,
     80       DeviceMode device_mode,
     81       const std::string& device_id) {
     82     base::RunLoop loop;
     83     EnterpriseInstallAttributes::LockResult result;
     84     install_attributes_->LockDevice(
     85         user,
     86         device_mode,
     87         device_id,
     88         base::Bind(&CopyLockResult, &loop, &result));
     89     loop.Run();
     90     return result;
     91   }
     92 };
     93 
     94 TEST_F(EnterpriseInstallAttributesTest, Lock) {
     95   EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
     96             LockDeviceAndWaitForResult(
     97                 kTestUser,
     98                 DEVICE_MODE_ENTERPRISE,
     99                 kTestDeviceId));
    100 
    101   EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    102             LockDeviceAndWaitForResult(
    103                 kTestUser,
    104                 DEVICE_MODE_ENTERPRISE,
    105                 kTestDeviceId));
    106   // Another user from the same domain should also succeed.
    107   EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    108             LockDeviceAndWaitForResult(
    109                 "test1 (at) example.com",
    110                 DEVICE_MODE_ENTERPRISE,
    111                 kTestDeviceId));
    112   // But another domain should fail.
    113   EXPECT_EQ(EnterpriseInstallAttributes::LOCK_WRONG_USER,
    114             LockDeviceAndWaitForResult(
    115                 "test (at) bluebears.com",
    116                 DEVICE_MODE_ENTERPRISE,
    117                 kTestDeviceId));
    118 }
    119 
    120 TEST_F(EnterpriseInstallAttributesTest, LockCanonicalize) {
    121   EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    122             LockDeviceAndWaitForResult(
    123                 kTestUserCanonicalize,
    124                 DEVICE_MODE_ENTERPRISE,
    125                 kTestDeviceId));
    126   EXPECT_EQ(gaia::CanonicalizeEmail(kTestUserCanonicalize),
    127             install_attributes_->GetRegistrationUser());
    128 }
    129 
    130 TEST_F(EnterpriseInstallAttributesTest, IsEnterpriseDevice) {
    131   install_attributes_->ReadCacheFile(GetTempPath());
    132   EXPECT_FALSE(install_attributes_->IsEnterpriseDevice());
    133   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    134             LockDeviceAndWaitForResult(
    135                 kTestUser,
    136                 DEVICE_MODE_ENTERPRISE,
    137                 kTestDeviceId));
    138   EXPECT_TRUE(install_attributes_->IsEnterpriseDevice());
    139 }
    140 
    141 TEST_F(EnterpriseInstallAttributesTest, GetDomain) {
    142   install_attributes_->ReadCacheFile(GetTempPath());
    143   EXPECT_EQ(std::string(), install_attributes_->GetDomain());
    144   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    145             LockDeviceAndWaitForResult(
    146                 kTestUser,
    147                 DEVICE_MODE_ENTERPRISE,
    148                 kTestDeviceId));
    149   EXPECT_EQ(kTestDomain, install_attributes_->GetDomain());
    150 }
    151 
    152 TEST_F(EnterpriseInstallAttributesTest, GetRegistrationUser) {
    153   install_attributes_->ReadCacheFile(GetTempPath());
    154   EXPECT_EQ(std::string(), install_attributes_->GetRegistrationUser());
    155   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    156             LockDeviceAndWaitForResult(
    157                 kTestUser,
    158                 DEVICE_MODE_ENTERPRISE,
    159                 kTestDeviceId));
    160   EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
    161 }
    162 
    163 TEST_F(EnterpriseInstallAttributesTest, GetDeviceId) {
    164   install_attributes_->ReadCacheFile(GetTempPath());
    165   EXPECT_EQ(std::string(), install_attributes_->GetDeviceId());
    166   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    167             LockDeviceAndWaitForResult(
    168                 kTestUser,
    169                 DEVICE_MODE_ENTERPRISE,
    170                 kTestDeviceId));
    171   EXPECT_EQ(kTestDeviceId, install_attributes_->GetDeviceId());
    172 }
    173 
    174 TEST_F(EnterpriseInstallAttributesTest, GetMode) {
    175   install_attributes_->ReadCacheFile(GetTempPath());
    176   EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
    177   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    178             LockDeviceAndWaitForResult(
    179                 kTestUser,
    180                 DEVICE_MODE_RETAIL_KIOSK,
    181                 kTestDeviceId));
    182   EXPECT_EQ(DEVICE_MODE_RETAIL_KIOSK,
    183             install_attributes_->GetMode());
    184 }
    185 
    186 TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) {
    187   install_attributes_->ReadCacheFile(GetTempPath());
    188   EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
    189   // Lock the attributes empty.
    190   ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize());
    191   base::RunLoop loop;
    192   install_attributes_->ReadImmutableAttributes(loop.QuitClosure());
    193   loop.Run();
    194 
    195   ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall());
    196   EXPECT_EQ(DEVICE_MODE_CONSUMER, install_attributes_->GetMode());
    197 }
    198 
    199 TEST_F(EnterpriseInstallAttributesTest, ConsumerKioskDevice) {
    200   install_attributes_->ReadCacheFile(GetTempPath());
    201   EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
    202   // Lock the attributes for consumer kiosk.
    203   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
    204             LockDeviceAndWaitForResult(
    205                 std::string(),
    206                 DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,
    207                 std::string()));
    208 
    209   ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall());
    210   EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,
    211             install_attributes_->GetMode());
    212   ASSERT_TRUE(install_attributes_->IsConsumerKioskDeviceWithAutoLaunch());
    213 }
    214 
    215 TEST_F(EnterpriseInstallAttributesTest, DeviceLockedFromOlderVersion) {
    216   install_attributes_->ReadCacheFile(GetTempPath());
    217   EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode());
    218   // Lock the attributes as if it was done from older Chrome version.
    219   ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
    220       EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"));
    221   ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
    222       EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser));
    223   ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize());
    224   base::RunLoop loop;
    225   install_attributes_->ReadImmutableAttributes(loop.QuitClosure());
    226   loop.Run();
    227 
    228   ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall());
    229   EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
    230   EXPECT_EQ(kTestDomain, install_attributes_->GetDomain());
    231   EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
    232   EXPECT_EQ("", install_attributes_->GetDeviceId());
    233 }
    234 
    235 TEST_F(EnterpriseInstallAttributesTest, ReadCacheFile) {
    236   cryptohome::SerializedInstallAttributes install_attrs_proto;
    237   SetAttribute(&install_attrs_proto,
    238                EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true");
    239   SetAttribute(&install_attrs_proto,
    240                EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser);
    241   const std::string blob(install_attrs_proto.SerializeAsString());
    242   ASSERT_EQ(static_cast<int>(blob.size()),
    243             base::WriteFile(GetTempPath(), blob.c_str(), blob.size()));
    244   install_attributes_->ReadCacheFile(GetTempPath());
    245   EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode());
    246   EXPECT_EQ(kTestDomain, install_attributes_->GetDomain());
    247   EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
    248   EXPECT_EQ("", install_attributes_->GetDeviceId());
    249 }
    250 
    251 TEST_F(EnterpriseInstallAttributesTest, ReadCacheFileForConsumerKiosk) {
    252   cryptohome::SerializedInstallAttributes install_attrs_proto;
    253   SetAttribute(&install_attrs_proto,
    254                EnterpriseInstallAttributes::kAttrConsumerKioskEnabled, "true");
    255   const std::string blob(install_attrs_proto.SerializeAsString());
    256   ASSERT_EQ(static_cast<int>(blob.size()),
    257             base::WriteFile(GetTempPath(), blob.c_str(), blob.size()));
    258   install_attributes_->ReadCacheFile(GetTempPath());
    259   EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,
    260             install_attributes_->GetMode());
    261   EXPECT_EQ("", install_attributes_->GetDomain());
    262   EXPECT_EQ("", install_attributes_->GetRegistrationUser());
    263   EXPECT_EQ("", install_attributes_->GetDeviceId());
    264 }
    265 
    266 TEST_F(EnterpriseInstallAttributesTest, VerifyFakeInstallAttributesCache) {
    267   // This test verifies that FakeCryptohomeClient::InstallAttributesFinalize
    268   // writes a cache that EnterpriseInstallAttributes::ReadCacheFile accepts.
    269 
    270   // Verify that no attributes are initially set.
    271   install_attributes_->ReadCacheFile(GetTempPath());
    272   EXPECT_EQ("", install_attributes_->GetRegistrationUser());
    273 
    274   // Write test values.
    275   ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
    276       EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"));
    277   ASSERT_TRUE(cryptohome_util::InstallAttributesSet(
    278       EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser));
    279   ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize());
    280 
    281   // Verify that EnterpriseInstallAttributes correctly decodes the stub
    282   // cache file.
    283   install_attributes_->ReadCacheFile(GetTempPath());
    284   EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser());
    285 }
    286 
    287 }  // namespace policy
    288