1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_invalidator.h" 6 7 #include <string> 8 9 #include "base/memory/ref_counted.h" 10 #include "base/message_loop/message_loop_proxy.h" 11 #include "base/run_loop.h" 12 #include "chrome/browser/browser_process_platform_part.h" 13 #include "chrome/browser/chrome_notification_types.h" 14 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" 15 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 17 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 19 #include "chrome/browser/chromeos/policy/device_policy_builder.h" 20 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" 21 #include "chrome/browser/chromeos/settings/cros_settings.h" 22 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h" 23 #include "chrome/browser/chromeos/settings/device_settings_service.h" 24 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 25 #include "chrome/browser/invalidation/fake_invalidation_service.h" 26 #include "chrome/browser/invalidation/profile_invalidation_provider_factory.h" 27 #include "chrome/browser/policy/cloud/cloud_policy_invalidator.h" 28 #include "chrome/browser/profiles/profile.h" 29 #include "chrome/test/base/testing_browser_process.h" 30 #include "chrome/test/base/testing_profile_manager.h" 31 #include "chromeos/cryptohome/system_salt_getter.h" 32 #include "chromeos/dbus/dbus_thread_manager.h" 33 #include "components/invalidation/invalidation_service.h" 34 #include "components/invalidation/invalidator_state.h" 35 #include "components/invalidation/profile_invalidation_provider.h" 36 #include "components/invalidation/ticl_invalidation_service.h" 37 #include "components/keyed_service/core/keyed_service.h" 38 #include "components/ownership/mock_owner_key_util.h" 39 #include "components/policy/core/common/cloud/cloud_policy_client.h" 40 #include "components/policy/core/common/cloud/cloud_policy_constants.h" 41 #include "components/policy/core/common/cloud/cloud_policy_core.h" 42 #include "components/policy/core/common/cloud/mock_cloud_policy_client.h" 43 #include "content/public/browser/browser_context.h" 44 #include "content/public/browser/notification_details.h" 45 #include "content/public/browser/notification_service.h" 46 #include "content/public/test/test_browser_thread_bundle.h" 47 #include "net/url_request/url_request_context_getter.h" 48 #include "net/url_request/url_request_test_util.h" 49 #include "policy/proto/device_management_backend.pb.h" 50 #include "testing/gmock/include/gmock/gmock.h" 51 #include "testing/gtest/include/gtest/gtest.h" 52 53 namespace policy { 54 55 namespace { 56 57 const char kAffiliatedUserID1[] = "test_1 (at) example.com"; 58 const char kAffiliatedUserID2[] = "test_2 (at) example.com"; 59 const char kUnaffiliatedUserID[] = "test_2 (at) other_domain.test"; 60 61 KeyedService* BuildProfileInvalidationProvider( 62 content::BrowserContext* context) { 63 scoped_ptr<invalidation::FakeInvalidationService> invalidation_service( 64 new invalidation::FakeInvalidationService); 65 invalidation_service->SetInvalidatorState( 66 syncer::TRANSIENT_INVALIDATION_ERROR); 67 return new invalidation::ProfileInvalidationProvider( 68 invalidation_service.PassAs<invalidation::InvalidationService>()); 69 } 70 71 } // namespace 72 73 class DeviceCloudPolicyInvalidatorTest : public testing::Test { 74 public: 75 DeviceCloudPolicyInvalidatorTest(); 76 virtual ~DeviceCloudPolicyInvalidatorTest(); 77 78 // testing::Test: 79 virtual void SetUp() OVERRIDE; 80 virtual void TearDown() OVERRIDE; 81 82 // Ownership is not passed. The Profile is owned by the global ProfileManager. 83 Profile *LogInAndReturnProfile(const std::string& user_id); 84 85 invalidation::TiclInvalidationService* GetDeviceInvalidationService(); 86 bool HasDeviceInvalidationServiceObserver() const; 87 88 invalidation::FakeInvalidationService* GetProfileInvalidationService( 89 Profile* profile); 90 int GetProfileInvalidationServiceObserverCount() const; 91 92 const invalidation::InvalidationService* GetInvalidationService() const; 93 CloudPolicyInvalidator* GetCloudPolicyInvalidator() const; 94 95 void ConnectDeviceInvalidationService(); 96 97 protected: 98 DevicePolicyBuilder device_policy_; 99 100 private: 101 content::TestBrowserThreadBundle thread_bundle_; 102 scoped_refptr<net::URLRequestContextGetter> system_request_context_; 103 TestingProfileManager profile_manager_; 104 chromeos::FakeUserManager* fake_user_manager_; 105 chromeos::ScopedUserManagerEnabler user_manager_enabler_; 106 ScopedStubEnterpriseInstallAttributes install_attributes_; 107 scoped_ptr<chromeos::ScopedTestDeviceSettingsService> 108 test_device_settings_service_; 109 scoped_ptr<chromeos::ScopedTestCrosSettings> test_cros_settings_; 110 chromeos::DeviceSettingsTestHelper device_settings_test_helper_; 111 112 scoped_ptr<DeviceCloudPolicyInvalidator> invalidator_; 113 }; 114 115 DeviceCloudPolicyInvalidatorTest::DeviceCloudPolicyInvalidatorTest() 116 : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP), 117 system_request_context_(new net::TestURLRequestContextGetter( 118 base::MessageLoopProxy::current())), 119 profile_manager_(TestingBrowserProcess::GetGlobal()), 120 fake_user_manager_(new chromeos::FakeUserManager), 121 user_manager_enabler_(fake_user_manager_), 122 install_attributes_("example.com", 123 "user (at) example.com", 124 "device_id", 125 DEVICE_MODE_ENTERPRISE) { 126 } 127 128 DeviceCloudPolicyInvalidatorTest::~DeviceCloudPolicyInvalidatorTest() { 129 } 130 131 void DeviceCloudPolicyInvalidatorTest::SetUp() { 132 chromeos::SystemSaltGetter::Initialize(); 133 chromeos::DBusThreadManager::Initialize(); 134 chromeos::DeviceOAuth2TokenServiceFactory::Initialize(); 135 TestingBrowserProcess::GetGlobal()->SetSystemRequestContext( 136 system_request_context_.get()); 137 ASSERT_TRUE(profile_manager_.SetUp()); 138 139 test_device_settings_service_.reset(new 140 chromeos::ScopedTestDeviceSettingsService); 141 test_cros_settings_.reset(new chromeos::ScopedTestCrosSettings); 142 scoped_refptr<ownership::MockOwnerKeyUtil> owner_key_util( 143 new ownership::MockOwnerKeyUtil); 144 owner_key_util->SetPublicKeyFromPrivateKey( 145 *device_policy_.GetSigningKey()); 146 chromeos::DeviceSettingsService::Get()->SetSessionManager( 147 &device_settings_test_helper_, 148 owner_key_util); 149 150 device_policy_.policy_data().set_invalidation_source(123); 151 device_policy_.policy_data().set_invalidation_name("invalidation"); 152 device_policy_.Build(); 153 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 154 device_settings_test_helper_.Flush(); 155 156 scoped_ptr<MockCloudPolicyClient> policy_client(new MockCloudPolicyClient); 157 EXPECT_CALL(*policy_client, SetupRegistration("token", "device-id")); 158 CloudPolicyCore* core = TestingBrowserProcess::GetGlobal()->platform_part()-> 159 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()-> 160 core(); 161 core->Connect(policy_client.PassAs<CloudPolicyClient>()); 162 core->StartRefreshScheduler(); 163 164 invalidation::ProfileInvalidationProviderFactory::GetInstance()-> 165 RegisterTestingFactory(BuildProfileInvalidationProvider); 166 167 invalidator_.reset(new DeviceCloudPolicyInvalidator); 168 } 169 170 void DeviceCloudPolicyInvalidatorTest::TearDown() { 171 invalidator_.reset(); 172 base::RunLoop().RunUntilIdle(); 173 174 invalidation::ProfileInvalidationProviderFactory::GetInstance()-> 175 RegisterTestingFactory(NULL); 176 chromeos::DeviceSettingsService::Get()->UnsetSessionManager(); 177 TestingBrowserProcess::GetGlobal()->SetBrowserPolicyConnector(NULL); 178 chromeos::DeviceOAuth2TokenServiceFactory::Shutdown(); 179 chromeos::DBusThreadManager::Shutdown(); 180 chromeos::SystemSaltGetter::Shutdown(); 181 } 182 183 Profile *DeviceCloudPolicyInvalidatorTest::LogInAndReturnProfile( 184 const std::string& user_id) { 185 fake_user_manager_->AddUser(user_id); 186 Profile* profile = profile_manager_.CreateTestingProfile(user_id); 187 content::NotificationService::current()->Notify( 188 chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED, 189 content::NotificationService::AllSources(), 190 content::Details<Profile>(profile)); 191 return profile; 192 } 193 194 invalidation::TiclInvalidationService* 195 DeviceCloudPolicyInvalidatorTest::GetDeviceInvalidationService() { 196 return invalidator_->device_invalidation_service_.get(); 197 } 198 199 bool DeviceCloudPolicyInvalidatorTest::HasDeviceInvalidationServiceObserver( 200 ) const { 201 return invalidator_->device_invalidation_service_observer_.get(); 202 } 203 204 invalidation::FakeInvalidationService* 205 DeviceCloudPolicyInvalidatorTest::GetProfileInvalidationService( 206 Profile* profile) { 207 invalidation::ProfileInvalidationProvider* invalidation_provider = 208 static_cast<invalidation::ProfileInvalidationProvider*>( 209 invalidation::ProfileInvalidationProviderFactory::GetInstance()-> 210 GetServiceForBrowserContext(profile, false)); 211 if (!invalidation_provider) 212 return NULL; 213 return static_cast<invalidation::FakeInvalidationService*>( 214 invalidation_provider->GetInvalidationService()); 215 } 216 217 int DeviceCloudPolicyInvalidatorTest:: 218 GetProfileInvalidationServiceObserverCount() const { 219 return invalidator_->profile_invalidation_service_observers_.size(); 220 } 221 222 const invalidation::InvalidationService* 223 DeviceCloudPolicyInvalidatorTest::GetInvalidationService() const { 224 return invalidator_->invalidation_service_; 225 } 226 227 CloudPolicyInvalidator* 228 DeviceCloudPolicyInvalidatorTest::GetCloudPolicyInvalidator() const { 229 return invalidator_->invalidator_.get(); 230 } 231 232 void DeviceCloudPolicyInvalidatorTest::ConnectDeviceInvalidationService() { 233 const int per_profile_invalidation_service_observer_count = 234 GetProfileInvalidationServiceObserverCount(); 235 236 // Verify that a device-global invalidation service has been created. 237 ASSERT_TRUE(GetDeviceInvalidationService()); 238 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 239 240 // Verify that no new per-profile invalidation service observers have been 241 // created. 242 EXPECT_EQ(per_profile_invalidation_service_observer_count, 243 GetProfileInvalidationServiceObserverCount()); 244 245 // Verify that no invalidator exists yet 246 EXPECT_FALSE(GetCloudPolicyInvalidator()); 247 EXPECT_FALSE(GetInvalidationService()); 248 249 // Indicate that the device-global invalidation service has connected. 250 GetDeviceInvalidationService()->OnInvalidatorStateChange( 251 syncer::INVALIDATIONS_ENABLED); 252 base::RunLoop().RunUntilIdle(); 253 254 // Verify that the device-global invalidation service still exists. 255 EXPECT_TRUE(GetDeviceInvalidationService()); 256 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 257 258 // Verify that an invalidator backed by the device-global invalidation service 259 // has been created. 260 EXPECT_TRUE(GetCloudPolicyInvalidator()); 261 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 262 } 263 264 // Verifies that a DeviceCloudPolicyInvalidator backed by a device-global 265 // invalidation service is created/destroyed as the service 266 // connects/disconnects. 267 TEST_F(DeviceCloudPolicyInvalidatorTest, UseDeviceInvalidationService) { 268 // Verify that an invalidator backed by the device-global invalidation service 269 // is created when the service connects. 270 ConnectDeviceInvalidationService(); 271 ASSERT_TRUE(GetDeviceInvalidationService()); 272 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 273 274 // Indicate that the device-global invalidation service has disconnected. 275 GetDeviceInvalidationService()->OnInvalidatorStateChange( 276 syncer::INVALIDATION_CREDENTIALS_REJECTED); 277 base::RunLoop().RunUntilIdle(); 278 279 // Verify that the device-global invalidation service still exists. 280 EXPECT_TRUE(GetDeviceInvalidationService()); 281 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 282 283 // Verify that the invalidator has been destroyed. 284 EXPECT_FALSE(GetCloudPolicyInvalidator()); 285 EXPECT_FALSE(GetInvalidationService()); 286 } 287 288 // Verifies that when the per-profile invalidation service for an affiliated 289 // user connect/disconnects, a DeviceCloudPolicyInvalidator backed by it is 290 // created/destroyed. 291 TEST_F(DeviceCloudPolicyInvalidatorTest, 292 UseAffiliatedProfileInvalidationService) { 293 // Log in as an affiliated user. 294 Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1); 295 ASSERT_TRUE(profile); 296 297 // Verify that a device-global invalidation service has been created. 298 EXPECT_TRUE(GetDeviceInvalidationService()); 299 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 300 301 // Verify that a per-profile invalidation service has been created. 302 invalidation::FakeInvalidationService* profile_invalidation_service = 303 GetProfileInvalidationService(profile); 304 ASSERT_TRUE(profile_invalidation_service); 305 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 306 307 // Verify that no invalidator exists yet. 308 EXPECT_FALSE(GetCloudPolicyInvalidator()); 309 EXPECT_FALSE(GetInvalidationService()); 310 311 // Indicate that the per-profile invalidation service has connected. 312 profile_invalidation_service->SetInvalidatorState( 313 syncer::INVALIDATIONS_ENABLED); 314 315 // Verify that the device-global invalidator has been destroyed. 316 EXPECT_FALSE(GetDeviceInvalidationService()); 317 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 318 319 // Verify that a per-profile invalidation service still exists. 320 profile_invalidation_service = GetProfileInvalidationService(profile); 321 ASSERT_TRUE(profile_invalidation_service); 322 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 323 324 // Verify that an invalidator backed by the per-profile invalidation service 325 // has been created. 326 EXPECT_TRUE(GetCloudPolicyInvalidator()); 327 EXPECT_EQ(profile_invalidation_service, GetInvalidationService()); 328 329 // Indicate that the per-profile invalidation service has disconnected. 330 profile_invalidation_service->SetInvalidatorState( 331 syncer::INVALIDATION_CREDENTIALS_REJECTED); 332 333 // Verify that a device-global invalidation service has been created. 334 EXPECT_TRUE(GetDeviceInvalidationService()); 335 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 336 337 // Verify that a per-profile invalidation service still exists. 338 profile_invalidation_service = GetProfileInvalidationService(profile); 339 EXPECT_TRUE(profile_invalidation_service); 340 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 341 342 // Verify that the invalidator has been destroyed. 343 EXPECT_FALSE(GetCloudPolicyInvalidator()); 344 EXPECT_FALSE(GetInvalidationService()); 345 } 346 347 // Verifies that even if the per-profile invalidation service for an 348 // unaffiliated user connects, no DeviceCloudPolicyInvalidator backed by it is 349 // created. 350 TEST_F(DeviceCloudPolicyInvalidatorTest, 351 DoNotUseUnaffiliatedProfileInvalidationService) { 352 // Log in as an unaffiliated user. 353 Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID); 354 ASSERT_TRUE(profile); 355 356 // Verify that a device-global invalidation service has been created. 357 EXPECT_TRUE(GetDeviceInvalidationService()); 358 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 359 360 // Verify that a per-profile invalidation service has been created. 361 invalidation::FakeInvalidationService* profile_invalidation_service = 362 GetProfileInvalidationService(profile); 363 ASSERT_TRUE(profile_invalidation_service); 364 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount()); 365 366 // Verify that no invalidator exists yet. 367 EXPECT_FALSE(GetCloudPolicyInvalidator()); 368 EXPECT_FALSE(GetInvalidationService()); 369 370 // Indicate that the per-profile invalidation service has connected. 371 profile_invalidation_service->SetInvalidatorState( 372 syncer::INVALIDATIONS_ENABLED); 373 374 // Verify that the device-global invalidator still exists. 375 EXPECT_TRUE(GetDeviceInvalidationService()); 376 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 377 378 // Verify that a per-profile invalidation service still exists. 379 profile_invalidation_service = GetProfileInvalidationService(profile); 380 EXPECT_TRUE(profile_invalidation_service); 381 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount()); 382 383 // Verify that no invalidator has been created. 384 EXPECT_FALSE(GetCloudPolicyInvalidator()); 385 EXPECT_FALSE(GetInvalidationService()); 386 } 387 388 // Verifies that when the per-profile invalidation service for an affiliated 389 // user connects, a DeviceCloudPolicyInvalidator backed by it replaces the 390 // current DeviceCloudPolicyInvalidator backed by a device-global invalidation 391 // service. Also verifies that the device-global invalidation service is 392 // destroyed at this point and the highest handled invalidation version is 393 // preserved when switching invalidation services. 394 TEST_F(DeviceCloudPolicyInvalidatorTest, 395 SwitchToAffiliatedProfileInvalidationService) { 396 CloudPolicyStore* store = static_cast<CloudPolicyStore*>( 397 TestingBrowserProcess::GetGlobal()->platform_part()-> 398 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()-> 399 device_store()); 400 ASSERT_TRUE(store); 401 402 // Verify that an invalidator backed by the device-global invalidation service 403 // is created when the service connects. 404 ConnectDeviceInvalidationService(); 405 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator(); 406 ASSERT_TRUE(invalidator); 407 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 408 409 // Verify that the invalidator's highest handled invalidation version starts 410 // out as zero. 411 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version()); 412 413 // Handle an invalidation with version 1. Verify that the invalidator's 414 // highest handled invalidation version is updated accordingly. 415 store->Store(device_policy_.policy(), 1); 416 invalidator->OnStoreLoaded(store); 417 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version()); 418 419 // Log in as an affiliated user. 420 Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1); 421 ASSERT_TRUE(profile); 422 423 // Verify that the device-global invalidation service still exists. 424 EXPECT_TRUE(GetDeviceInvalidationService()); 425 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 426 427 // Verify that a per-profile invalidation service has been created. 428 invalidation::FakeInvalidationService* profile_invalidation_service = 429 GetProfileInvalidationService(profile); 430 ASSERT_TRUE(profile_invalidation_service); 431 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 432 433 // Verify that an invalidator backed by the device-global invalidation service 434 // still exists. 435 EXPECT_TRUE(GetCloudPolicyInvalidator()); 436 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 437 438 // Indicate that the per-profile invalidation service has connected. 439 profile_invalidation_service->SetInvalidatorState( 440 syncer::INVALIDATIONS_ENABLED); 441 442 // Verify that the device-global invalidator has been destroyed. 443 EXPECT_FALSE(GetDeviceInvalidationService()); 444 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 445 446 // Verify that a per-profile invalidation service still exists. 447 profile_invalidation_service = GetProfileInvalidationService(profile); 448 EXPECT_TRUE(profile_invalidation_service); 449 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 450 451 // Verify that an invalidator backed by the per-profile invalidation service 452 // has been created. 453 invalidator = GetCloudPolicyInvalidator(); 454 ASSERT_TRUE(invalidator); 455 EXPECT_EQ(profile_invalidation_service, GetInvalidationService()); 456 457 // Verify that the invalidator's highest handled invalidation version starts 458 // out as one. 459 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version()); 460 } 461 462 // Verifies that when the per-profile invalidation service for an unaffiliated 463 // user connects, the current DeviceCloudPolicyInvalidator backed by a 464 // device-global invalidation service is not destroyed and replaced. 465 TEST_F(DeviceCloudPolicyInvalidatorTest, 466 DoNotSwitchToUnaffiliatedProfileInvalidationService) { 467 // Verify that an invalidator backed by the device-global invalidation service 468 // is created when the service connects. 469 ConnectDeviceInvalidationService(); 470 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator(); 471 ASSERT_TRUE(invalidator); 472 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 473 474 // Verify that the invalidator's highest handled invalidation version starts 475 // out as zero. 476 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version()); 477 478 // Log in as an unaffiliated user. 479 Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID); 480 ASSERT_TRUE(profile); 481 482 // Verify that the device-global invalidation service still exists. 483 EXPECT_TRUE(GetDeviceInvalidationService()); 484 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 485 486 // Verify that a per-profile invalidation service has been created. 487 invalidation::FakeInvalidationService* profile_invalidation_service = 488 GetProfileInvalidationService(profile); 489 ASSERT_TRUE(profile_invalidation_service); 490 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount()); 491 492 // Verify that an invalidator backed by the device-global invalidation service 493 // still exists. 494 EXPECT_TRUE(GetCloudPolicyInvalidator()); 495 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 496 497 // Indicate that the per-profile invalidation service has connected. 498 profile_invalidation_service->SetInvalidatorState( 499 syncer::INVALIDATIONS_ENABLED); 500 501 // Verify that the device-global invalidator still exists. 502 EXPECT_TRUE(GetDeviceInvalidationService()); 503 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 504 505 // Verify that a per-profile invalidation service still exists. 506 profile_invalidation_service = GetProfileInvalidationService(profile); 507 EXPECT_TRUE(profile_invalidation_service); 508 EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount()); 509 510 // Verify that an invalidator backed by the device-global invalidation service 511 // still exists. 512 EXPECT_TRUE(GetCloudPolicyInvalidator()); 513 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 514 } 515 516 // Verifies that when the per-profile invalidation service backing the current 517 // DeviceCloudPolicyInvalidator disconnects and no other connected invalidation 518 // service is available for use, a device-global invalidation service is 519 // created. Also verifies that when this service connects, a 520 // DeviceCloudPolicyInvalidator backed by it is created and the highest handled 521 // invalidation version is preserved when switching invalidation services. 522 TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchToDeviceInvalidationService) { 523 CloudPolicyStore* store = static_cast<CloudPolicyStore*>( 524 TestingBrowserProcess::GetGlobal()->platform_part()-> 525 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()-> 526 device_store()); 527 ASSERT_TRUE(store); 528 529 // Log in as an affiliated user. 530 Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1); 531 ASSERT_TRUE(profile); 532 533 // Verify that a device-global invalidation service has been created. 534 EXPECT_TRUE(GetDeviceInvalidationService()); 535 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 536 537 // Verify that a per-profile invalidation service has been created. 538 invalidation::FakeInvalidationService* profile_invalidation_service = 539 GetProfileInvalidationService(profile); 540 ASSERT_TRUE(profile_invalidation_service); 541 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 542 543 // Verify that no invalidator exists yet. 544 EXPECT_FALSE(GetCloudPolicyInvalidator()); 545 EXPECT_FALSE(GetInvalidationService()); 546 547 // Indicate that the per-profile invalidation service has connected. 548 profile_invalidation_service->SetInvalidatorState( 549 syncer::INVALIDATIONS_ENABLED); 550 551 // Verify that the device-global invalidator has been destroyed. 552 EXPECT_FALSE(GetDeviceInvalidationService()); 553 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 554 555 // Verify that a per-profile invalidation service still exists. 556 profile_invalidation_service = GetProfileInvalidationService(profile); 557 ASSERT_TRUE(profile_invalidation_service); 558 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 559 560 // Verify that an invalidator backed by the per-profile invalidation service 561 // has been created. 562 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator(); 563 ASSERT_TRUE(invalidator); 564 EXPECT_EQ(profile_invalidation_service, GetInvalidationService()); 565 566 // Verify that the invalidator's highest handled invalidation version starts 567 // out as zero. 568 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version()); 569 570 // Handle an invalidation with version 1. Verify that the invalidator's 571 // highest handled invalidation version is updated accordingly. 572 store->Store(device_policy_.policy(), 1); 573 invalidator->OnStoreLoaded(store); 574 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version()); 575 576 // Indicate that the per-profile invalidation service has disconnected. 577 profile_invalidation_service->SetInvalidatorState( 578 syncer::INVALIDATION_CREDENTIALS_REJECTED); 579 580 // Verify that a device-global invalidation service has been created. 581 EXPECT_TRUE(GetDeviceInvalidationService()); 582 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 583 584 // Verify that a per-profile invalidation service still exists. 585 profile_invalidation_service = GetProfileInvalidationService(profile); 586 EXPECT_TRUE(profile_invalidation_service); 587 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 588 589 // Verify that the invalidator has been destroyed. 590 EXPECT_FALSE(GetCloudPolicyInvalidator()); 591 EXPECT_FALSE(GetInvalidationService()); 592 593 // Verify that an invalidator backed by the device-global invalidation service 594 // is created when the service connects. 595 ConnectDeviceInvalidationService(); 596 invalidator = GetCloudPolicyInvalidator(); 597 ASSERT_TRUE(invalidator); 598 EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService()); 599 600 // Verify that the invalidator's highest handled invalidation version starts 601 // out as one. 602 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version()); 603 } 604 605 // Verifies that when the per-profile invalidation service backing the current 606 // DeviceCloudPolicyInvalidator disconnects and another connected per-profile 607 // invalidation service is available for use, a DeviceCloudPolicyInvalidator 608 // backed by that service is created. Also verifies that the highest handled 609 // invalidation version is preserved when switching invalidation services. 610 TEST_F(DeviceCloudPolicyInvalidatorTest, 611 SwitchBetweenAffiliatedProfileInvalidationServices) { 612 CloudPolicyStore* store = static_cast<CloudPolicyStore*>( 613 TestingBrowserProcess::GetGlobal()->platform_part()-> 614 browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()-> 615 device_store()); 616 ASSERT_TRUE(store); 617 618 // Verify that a device-global invalidation service has been created. 619 EXPECT_TRUE(GetDeviceInvalidationService()); 620 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 621 622 // Verify that no invalidator exists yet. 623 EXPECT_FALSE(GetCloudPolicyInvalidator()); 624 EXPECT_FALSE(GetInvalidationService()); 625 626 // Log in as a first affiliated user. 627 Profile* profile_1 = LogInAndReturnProfile(kAffiliatedUserID1); 628 ASSERT_TRUE(profile_1); 629 630 // Verify that the device-global invalidation service still exists. 631 EXPECT_TRUE(GetDeviceInvalidationService()); 632 EXPECT_TRUE(HasDeviceInvalidationServiceObserver()); 633 634 // Verify that a per-profile invalidation service has been created for the 635 // first user. 636 invalidation::FakeInvalidationService* profile_1_invalidation_service = 637 GetProfileInvalidationService(profile_1); 638 ASSERT_TRUE(profile_1_invalidation_service); 639 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 640 641 // Verify that no invalidator has been created. 642 EXPECT_FALSE(GetCloudPolicyInvalidator()); 643 EXPECT_FALSE(GetInvalidationService()); 644 645 // Indicate that the first user's per-profile invalidation service has 646 // connected. 647 profile_1_invalidation_service->SetInvalidatorState( 648 syncer::INVALIDATIONS_ENABLED); 649 650 // Verify that the device-global invalidator has been destroyed. 651 EXPECT_FALSE(GetDeviceInvalidationService()); 652 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 653 654 // Verify that a per-profile invalidation service still exists for the first 655 // user. 656 profile_1_invalidation_service = GetProfileInvalidationService(profile_1); 657 EXPECT_TRUE(profile_1_invalidation_service); 658 EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount()); 659 660 // Verify that an invalidator backed by the first user's per-profile 661 // invalidation service has been created. 662 CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator(); 663 ASSERT_TRUE(invalidator); 664 EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService()); 665 666 // Verify that the invalidator's highest handled invalidation version starts 667 // out as zero. 668 EXPECT_EQ(0, invalidator->highest_handled_invalidation_version()); 669 670 // Handle an invalidation with version 1. Verify that the invalidator's 671 // highest handled invalidation version is updated accordingly. 672 store->Store(device_policy_.policy(), 1); 673 invalidator->OnStoreLoaded(store); 674 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version()); 675 676 // Log in as a second affiliated user. 677 Profile* profile_2 = LogInAndReturnProfile(kAffiliatedUserID2); 678 ASSERT_TRUE(profile_2); 679 680 // Verify that the device-global invalidator still does not exist. 681 EXPECT_FALSE(GetDeviceInvalidationService()); 682 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 683 684 // Verify that a per-profile invalidation service still exists for the first 685 // user and one has been created for the second user. 686 profile_1_invalidation_service = GetProfileInvalidationService(profile_1); 687 EXPECT_TRUE(profile_1_invalidation_service); 688 invalidation::FakeInvalidationService* profile_2_invalidation_service = 689 GetProfileInvalidationService(profile_2); 690 ASSERT_TRUE(profile_2_invalidation_service); 691 EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount()); 692 693 // Verify that an invalidator backed by the first user's per-profile 694 // invalidation service still exists. 695 EXPECT_TRUE(GetCloudPolicyInvalidator()); 696 EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService()); 697 698 // Indicate that the second user's per-profile invalidation service has 699 // connected. 700 profile_2_invalidation_service->SetInvalidatorState( 701 syncer::INVALIDATIONS_ENABLED); 702 703 // Verify that the device-global invalidator still does not exist. 704 EXPECT_FALSE(GetDeviceInvalidationService()); 705 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 706 707 // Verify that per-profile invalidation services still exist for both users. 708 profile_1_invalidation_service = GetProfileInvalidationService(profile_1); 709 ASSERT_TRUE(profile_1_invalidation_service); 710 profile_2_invalidation_service = GetProfileInvalidationService(profile_2); 711 EXPECT_TRUE(profile_2_invalidation_service); 712 EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount()); 713 714 // Verify that an invalidator backed by the first user's per-profile 715 // invalidation service still exists. 716 EXPECT_TRUE(GetCloudPolicyInvalidator()); 717 EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService()); 718 719 // Indicate that the first user's per-profile invalidation service has 720 // disconnected. 721 profile_1_invalidation_service->SetInvalidatorState( 722 syncer::INVALIDATION_CREDENTIALS_REJECTED); 723 724 // Verify that the device-global invalidator still does not exist. 725 EXPECT_FALSE(GetDeviceInvalidationService()); 726 EXPECT_FALSE(HasDeviceInvalidationServiceObserver()); 727 728 // Verify that per-profile invalidation services still exist for both users. 729 profile_1_invalidation_service = GetProfileInvalidationService(profile_1); 730 EXPECT_TRUE(profile_1_invalidation_service); 731 profile_2_invalidation_service = GetProfileInvalidationService(profile_2); 732 ASSERT_TRUE(profile_2_invalidation_service); 733 EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount()); 734 735 // Verify that an invalidator backed by the second user's per-profile 736 // invalidation service has been created. 737 invalidator = GetCloudPolicyInvalidator(); 738 ASSERT_TRUE(invalidator); 739 EXPECT_EQ(profile_2_invalidation_service, GetInvalidationService()); 740 741 // Verify that the invalidator's highest handled invalidation version starts 742 // out as one. 743 EXPECT_EQ(1, invalidator->highest_handled_invalidation_version()); 744 } 745 746 } // namespace policy 747