1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 6 7 #include "base/bind.h" 8 #include "base/bind_helpers.h" 9 #include "base/files/file_util.h" 10 #include "base/files/scoped_temp_dir.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/path_service.h" 13 #include "base/run_loop.h" 14 #include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h" 15 #include "chromeos/chromeos_paths.h" 16 #include "chromeos/cryptohome/cryptohome_util.h" 17 #include "chromeos/dbus/cryptohome_client.h" 18 #include "chromeos/dbus/dbus_thread_manager.h" 19 #include "google_apis/gaia/gaia_auth_util.h" 20 #include "testing/gtest/include/gtest/gtest.h" 21 22 namespace policy { 23 24 namespace cryptohome_util = chromeos::cryptohome_util; 25 26 namespace { 27 28 void CopyLockResult(base::RunLoop* loop, 29 EnterpriseInstallAttributes::LockResult* out, 30 EnterpriseInstallAttributes::LockResult result) { 31 *out = result; 32 loop->Quit(); 33 } 34 35 } // namespace 36 37 static const char kTestUser[] = "test (at) example.com"; 38 static const char kTestUserCanonicalize[] = "UPPER.CASE (at) example.com"; 39 static const char kTestDomain[] = "example.com"; 40 static const char kTestDeviceId[] = "133750519"; 41 42 class EnterpriseInstallAttributesTest : public testing::Test { 43 protected: 44 EnterpriseInstallAttributesTest() {} 45 46 virtual void SetUp() OVERRIDE { 47 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); 48 ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded( 49 chromeos::FILE_INSTALL_ATTRIBUTES, GetTempPath(), true, false)); 50 chromeos::DBusThreadManager::Initialize(); 51 install_attributes_.reset(new EnterpriseInstallAttributes( 52 chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); 53 } 54 55 virtual void TearDown() OVERRIDE { 56 chromeos::DBusThreadManager::Shutdown(); 57 } 58 59 base::FilePath GetTempPath() const { 60 base::FilePath temp_path = base::MakeAbsoluteFilePath(temp_dir_.path()); 61 return temp_path.Append("install_attrs_test"); 62 } 63 64 void SetAttribute( 65 cryptohome::SerializedInstallAttributes* install_attrs_proto, 66 const std::string& name, 67 const std::string& value) { 68 cryptohome::SerializedInstallAttributes::Attribute* attribute; 69 attribute = install_attrs_proto->add_attributes(); 70 attribute->set_name(name); 71 attribute->set_value(value); 72 } 73 74 base::MessageLoopForUI message_loop_; 75 base::ScopedTempDir temp_dir_; 76 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 77 78 EnterpriseInstallAttributes::LockResult LockDeviceAndWaitForResult( 79 const std::string& user, 80 DeviceMode device_mode, 81 const std::string& device_id) { 82 base::RunLoop loop; 83 EnterpriseInstallAttributes::LockResult result; 84 install_attributes_->LockDevice( 85 user, 86 device_mode, 87 device_id, 88 base::Bind(&CopyLockResult, &loop, &result)); 89 loop.Run(); 90 return result; 91 } 92 }; 93 94 TEST_F(EnterpriseInstallAttributesTest, Lock) { 95 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 96 LockDeviceAndWaitForResult( 97 kTestUser, 98 DEVICE_MODE_ENTERPRISE, 99 kTestDeviceId)); 100 101 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 102 LockDeviceAndWaitForResult( 103 kTestUser, 104 DEVICE_MODE_ENTERPRISE, 105 kTestDeviceId)); 106 // Another user from the same domain should also succeed. 107 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 108 LockDeviceAndWaitForResult( 109 "test1 (at) example.com", 110 DEVICE_MODE_ENTERPRISE, 111 kTestDeviceId)); 112 // But another domain should fail. 113 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_WRONG_USER, 114 LockDeviceAndWaitForResult( 115 "test (at) bluebears.com", 116 DEVICE_MODE_ENTERPRISE, 117 kTestDeviceId)); 118 } 119 120 TEST_F(EnterpriseInstallAttributesTest, LockCanonicalize) { 121 EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 122 LockDeviceAndWaitForResult( 123 kTestUserCanonicalize, 124 DEVICE_MODE_ENTERPRISE, 125 kTestDeviceId)); 126 EXPECT_EQ(gaia::CanonicalizeEmail(kTestUserCanonicalize), 127 install_attributes_->GetRegistrationUser()); 128 } 129 130 TEST_F(EnterpriseInstallAttributesTest, IsEnterpriseDevice) { 131 install_attributes_->ReadCacheFile(GetTempPath()); 132 EXPECT_FALSE(install_attributes_->IsEnterpriseDevice()); 133 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 134 LockDeviceAndWaitForResult( 135 kTestUser, 136 DEVICE_MODE_ENTERPRISE, 137 kTestDeviceId)); 138 EXPECT_TRUE(install_attributes_->IsEnterpriseDevice()); 139 } 140 141 TEST_F(EnterpriseInstallAttributesTest, GetDomain) { 142 install_attributes_->ReadCacheFile(GetTempPath()); 143 EXPECT_EQ(std::string(), install_attributes_->GetDomain()); 144 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 145 LockDeviceAndWaitForResult( 146 kTestUser, 147 DEVICE_MODE_ENTERPRISE, 148 kTestDeviceId)); 149 EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); 150 } 151 152 TEST_F(EnterpriseInstallAttributesTest, GetRegistrationUser) { 153 install_attributes_->ReadCacheFile(GetTempPath()); 154 EXPECT_EQ(std::string(), install_attributes_->GetRegistrationUser()); 155 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 156 LockDeviceAndWaitForResult( 157 kTestUser, 158 DEVICE_MODE_ENTERPRISE, 159 kTestDeviceId)); 160 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); 161 } 162 163 TEST_F(EnterpriseInstallAttributesTest, GetDeviceId) { 164 install_attributes_->ReadCacheFile(GetTempPath()); 165 EXPECT_EQ(std::string(), install_attributes_->GetDeviceId()); 166 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 167 LockDeviceAndWaitForResult( 168 kTestUser, 169 DEVICE_MODE_ENTERPRISE, 170 kTestDeviceId)); 171 EXPECT_EQ(kTestDeviceId, install_attributes_->GetDeviceId()); 172 } 173 174 TEST_F(EnterpriseInstallAttributesTest, GetMode) { 175 install_attributes_->ReadCacheFile(GetTempPath()); 176 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); 177 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 178 LockDeviceAndWaitForResult( 179 kTestUser, 180 DEVICE_MODE_RETAIL_KIOSK, 181 kTestDeviceId)); 182 EXPECT_EQ(DEVICE_MODE_RETAIL_KIOSK, 183 install_attributes_->GetMode()); 184 } 185 186 TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) { 187 install_attributes_->ReadCacheFile(GetTempPath()); 188 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); 189 // Lock the attributes empty. 190 ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); 191 base::RunLoop loop; 192 install_attributes_->ReadImmutableAttributes(loop.QuitClosure()); 193 loop.Run(); 194 195 ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); 196 EXPECT_EQ(DEVICE_MODE_CONSUMER, install_attributes_->GetMode()); 197 } 198 199 TEST_F(EnterpriseInstallAttributesTest, ConsumerKioskDevice) { 200 install_attributes_->ReadCacheFile(GetTempPath()); 201 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); 202 // Lock the attributes for consumer kiosk. 203 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, 204 LockDeviceAndWaitForResult( 205 std::string(), 206 DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, 207 std::string())); 208 209 ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); 210 EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, 211 install_attributes_->GetMode()); 212 ASSERT_TRUE(install_attributes_->IsConsumerKioskDeviceWithAutoLaunch()); 213 } 214 215 TEST_F(EnterpriseInstallAttributesTest, DeviceLockedFromOlderVersion) { 216 install_attributes_->ReadCacheFile(GetTempPath()); 217 EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); 218 // Lock the attributes as if it was done from older Chrome version. 219 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( 220 EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true")); 221 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( 222 EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser)); 223 ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); 224 base::RunLoop loop; 225 install_attributes_->ReadImmutableAttributes(loop.QuitClosure()); 226 loop.Run(); 227 228 ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); 229 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); 230 EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); 231 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); 232 EXPECT_EQ("", install_attributes_->GetDeviceId()); 233 } 234 235 TEST_F(EnterpriseInstallAttributesTest, ReadCacheFile) { 236 cryptohome::SerializedInstallAttributes install_attrs_proto; 237 SetAttribute(&install_attrs_proto, 238 EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"); 239 SetAttribute(&install_attrs_proto, 240 EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser); 241 const std::string blob(install_attrs_proto.SerializeAsString()); 242 ASSERT_EQ(static_cast<int>(blob.size()), 243 base::WriteFile(GetTempPath(), blob.c_str(), blob.size())); 244 install_attributes_->ReadCacheFile(GetTempPath()); 245 EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); 246 EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); 247 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); 248 EXPECT_EQ("", install_attributes_->GetDeviceId()); 249 } 250 251 TEST_F(EnterpriseInstallAttributesTest, ReadCacheFileForConsumerKiosk) { 252 cryptohome::SerializedInstallAttributes install_attrs_proto; 253 SetAttribute(&install_attrs_proto, 254 EnterpriseInstallAttributes::kAttrConsumerKioskEnabled, "true"); 255 const std::string blob(install_attrs_proto.SerializeAsString()); 256 ASSERT_EQ(static_cast<int>(blob.size()), 257 base::WriteFile(GetTempPath(), blob.c_str(), blob.size())); 258 install_attributes_->ReadCacheFile(GetTempPath()); 259 EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, 260 install_attributes_->GetMode()); 261 EXPECT_EQ("", install_attributes_->GetDomain()); 262 EXPECT_EQ("", install_attributes_->GetRegistrationUser()); 263 EXPECT_EQ("", install_attributes_->GetDeviceId()); 264 } 265 266 TEST_F(EnterpriseInstallAttributesTest, VerifyFakeInstallAttributesCache) { 267 // This test verifies that FakeCryptohomeClient::InstallAttributesFinalize 268 // writes a cache that EnterpriseInstallAttributes::ReadCacheFile accepts. 269 270 // Verify that no attributes are initially set. 271 install_attributes_->ReadCacheFile(GetTempPath()); 272 EXPECT_EQ("", install_attributes_->GetRegistrationUser()); 273 274 // Write test values. 275 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( 276 EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true")); 277 ASSERT_TRUE(cryptohome_util::InstallAttributesSet( 278 EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser)); 279 ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); 280 281 // Verify that EnterpriseInstallAttributes correctly decodes the stub 282 // cache file. 283 install_attributes_->ReadCacheFile(GetTempPath()); 284 EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); 285 } 286 287 } // namespace policy 288