Home | History | Annotate | Download | only in server 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #include <string>
     18 
     19 #include <base/bind.h>
     20 #include <base/callback.h>
     21 #include <base/message_loop/message_loop.h>
     22 #include <base/run_loop.h>
     23 #include <brillo/bind_lambda.h>
     24 #include <brillo/data_encoding.h>
     25 #include <brillo/http/http_transport_fake.h>
     26 #include <brillo/mime_utils.h>
     27 #include <gmock/gmock.h>
     28 #include <gtest/gtest.h>
     29 
     30 #include "attestation/common/attestation_ca.pb.h"
     31 #include "attestation/common/mock_crypto_utility.h"
     32 #include "attestation/common/mock_tpm_utility.h"
     33 #include "attestation/server/attestation_service.h"
     34 #include "attestation/server/mock_database.h"
     35 #include "attestation/server/mock_key_store.h"
     36 
     37 using brillo::http::fake::ServerRequest;
     38 using brillo::http::fake::ServerResponse;
     39 using testing::_;
     40 using testing::DoAll;
     41 using testing::NiceMock;
     42 using testing::Return;
     43 using testing::ReturnRef;
     44 using testing::SetArgumentPointee;
     45 
     46 namespace attestation {
     47 
     48 class AttestationServiceTest : public testing::Test {
     49  public:
     50   enum FakeCAState {
     51     kSuccess,         // Valid successful response.
     52     kCommandFailure,  // Valid error response.
     53     kHttpFailure,     // Responds with an HTTP error.
     54     kBadMessageID,    // Valid successful response but a message ID mismatch.
     55   };
     56 
     57   ~AttestationServiceTest() override = default;
     58   void SetUp() override {
     59     service_.reset(new AttestationService);
     60     service_->set_database(&mock_database_);
     61     service_->set_crypto_utility(&mock_crypto_utility_);
     62     fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>();
     63     service_->set_http_transport(fake_http_transport_);
     64     service_->set_key_store(&mock_key_store_);
     65     service_->set_tpm_utility(&mock_tpm_utility_);
     66     // Setup a fake wrapped EK certificate by default.
     67     mock_database_.GetMutableProtobuf()->mutable_credentials()->
     68         mutable_default_encrypted_endorsement_credential()->
     69             set_wrapping_key_id("default");
     70     // Setup a fake Attestation CA for success by default.
     71     SetupFakeCAEnroll(kSuccess);
     72     SetupFakeCASign(kSuccess);
     73     CHECK(service_->Initialize());
     74   }
     75 
     76  protected:
     77   void SetupFakeCAEnroll(FakeCAState state) {
     78     fake_http_transport_->AddHandler(
     79         service_->attestation_ca_origin() + "/enroll",
     80         brillo::http::request_type::kPost,
     81         base::Bind(&AttestationServiceTest::FakeCAEnroll,
     82                    base::Unretained(this),
     83                    state));
     84   }
     85 
     86   void SetupFakeCASign(FakeCAState state) {
     87     fake_http_transport_->AddHandler(
     88         service_->attestation_ca_origin() + "/sign",
     89         brillo::http::request_type::kPost,
     90         base::Bind(&AttestationServiceTest::FakeCASign,
     91                    base::Unretained(this),
     92                    state));
     93   }
     94 
     95   std::string GetFakeCertificateChain() {
     96     const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n";
     97     const std::string kEndCertificate = "-----END CERTIFICATE-----";
     98     std::string pem = kBeginCertificate;
     99     pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert");
    100     pem += kEndCertificate + "\n" + kBeginCertificate;
    101     pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert");
    102     pem += kEndCertificate + "\n" + kBeginCertificate;
    103     pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2");
    104     pem += kEndCertificate;
    105     return pem;
    106   }
    107 
    108   CreateGoogleAttestedKeyRequest GetCreateRequest() {
    109     CreateGoogleAttestedKeyRequest request;
    110     request.set_key_label("label");
    111     request.set_key_type(KEY_TYPE_ECC);
    112     request.set_key_usage(KEY_USAGE_SIGN);
    113     request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE);
    114     request.set_username("user");
    115     request.set_origin("origin");
    116     return request;
    117   }
    118 
    119   void Run() {
    120     run_loop_.Run();
    121   }
    122 
    123   void RunUntilIdle() {
    124     run_loop_.RunUntilIdle();
    125   }
    126 
    127   void Quit() {
    128     run_loop_.Quit();
    129   }
    130 
    131   std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_;
    132   NiceMock<MockCryptoUtility> mock_crypto_utility_;
    133   NiceMock<MockDatabase> mock_database_;
    134   NiceMock<MockKeyStore> mock_key_store_;
    135   NiceMock<MockTpmUtility> mock_tpm_utility_;
    136   std::unique_ptr<AttestationService> service_;
    137 
    138  private:
    139   void FakeCAEnroll(FakeCAState state,
    140                     const ServerRequest& request,
    141                     ServerResponse* response) {
    142     AttestationEnrollmentRequest request_pb;
    143     EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
    144     if (state == kHttpFailure) {
    145       response->ReplyText(brillo::http::status_code::NotFound, std::string(),
    146                           brillo::mime::application::kOctet_stream);
    147       return;
    148     }
    149     AttestationEnrollmentResponse response_pb;
    150     if (state == kCommandFailure) {
    151       response_pb.set_status(SERVER_ERROR);
    152       response_pb.set_detail("fake_enroll_error");
    153     } else if (state == kSuccess) {
    154       response_pb.set_status(OK);
    155       response_pb.set_detail("");
    156       response_pb.mutable_encrypted_identity_credential()->
    157           set_asym_ca_contents("1234");
    158       response_pb.mutable_encrypted_identity_credential()->
    159           set_sym_ca_attestation("5678");
    160     } else {
    161       NOTREACHED();
    162     }
    163     std::string tmp;
    164     response_pb.SerializeToString(&tmp);
    165     response->ReplyText(brillo::http::status_code::Ok, tmp,
    166                         brillo::mime::application::kOctet_stream);
    167   }
    168 
    169   void FakeCASign(FakeCAState state,
    170                   const ServerRequest& request,
    171                   ServerResponse* response) {
    172     AttestationCertificateRequest request_pb;
    173     EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
    174     if (state == kHttpFailure) {
    175       response->ReplyText(brillo::http::status_code::NotFound, std::string(),
    176                           brillo::mime::application::kOctet_stream);
    177       return;
    178     }
    179     AttestationCertificateResponse response_pb;
    180     if (state == kCommandFailure) {
    181       response_pb.set_status(SERVER_ERROR);
    182       response_pb.set_detail("fake_sign_error");
    183     } else if (state == kSuccess || state == kBadMessageID) {
    184       response_pb.set_status(OK);
    185       response_pb.set_detail("");
    186       if (state == kSuccess) {
    187         response_pb.set_message_id(request_pb.message_id());
    188       }
    189       response_pb.set_certified_key_credential("fake_cert");
    190       response_pb.set_intermediate_ca_cert("fake_ca_cert");
    191       *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
    192     }
    193     std::string tmp;
    194     response_pb.SerializeToString(&tmp);
    195     response->ReplyText(brillo::http::status_code::Ok, tmp,
    196                         brillo::mime::application::kOctet_stream);
    197   }
    198 
    199   base::MessageLoop message_loop_;
    200   base::RunLoop run_loop_;
    201 };
    202 
    203 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) {
    204   // Set expectations on the outputs.
    205   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    206     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    207     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
    208     EXPECT_FALSE(reply.has_server_error());
    209     Quit();
    210   };
    211   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    212   Run();
    213 }
    214 
    215 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) {
    216   // Set expectations on the outputs.
    217   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    218     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    219     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
    220     EXPECT_FALSE(reply.has_server_error());
    221     Quit();
    222   };
    223   CreateGoogleAttestedKeyRequest request = GetCreateRequest();
    224   request.clear_username();
    225   service_->CreateGoogleAttestedKey(request, base::Bind(callback));
    226   Run();
    227 }
    228 
    229 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) {
    230   SetupFakeCAEnroll(kHttpFailure);
    231   // Set expectations on the outputs.
    232   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    233     EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
    234     EXPECT_FALSE(reply.has_certificate_chain());
    235     EXPECT_EQ("", reply.server_error());
    236     Quit();
    237   };
    238   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    239   Run();
    240 }
    241 
    242 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) {
    243   SetupFakeCASign(kHttpFailure);
    244   // Set expectations on the outputs.
    245   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    246     EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
    247     EXPECT_FALSE(reply.has_certificate_chain());
    248     EXPECT_EQ("", reply.server_error());
    249     Quit();
    250   };
    251   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    252   Run();
    253 }
    254 
    255 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) {
    256   SetupFakeCAEnroll(kCommandFailure);
    257   // Set expectations on the outputs.
    258   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    259     EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
    260     EXPECT_FALSE(reply.has_certificate_chain());
    261     EXPECT_EQ("fake_enroll_error", reply.server_error());
    262     Quit();
    263   };
    264   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    265   Run();
    266 }
    267 
    268 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) {
    269   SetupFakeCASign(kCommandFailure);
    270   // Set expectations on the outputs.
    271   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    272     EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
    273     EXPECT_FALSE(reply.has_certificate_chain());
    274     EXPECT_EQ("fake_sign_error", reply.server_error());
    275     Quit();
    276   };
    277   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    278   Run();
    279 }
    280 
    281 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) {
    282   SetupFakeCASign(kBadMessageID);
    283   // Set expectations on the outputs.
    284   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    285     EXPECT_NE(STATUS_SUCCESS, reply.status());
    286     EXPECT_FALSE(reply.has_certificate_chain());
    287     EXPECT_EQ("", reply.server_error());
    288     Quit();
    289   };
    290   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    291   Run();
    292 }
    293 
    294 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) {
    295   // Remove the default credential setup.
    296   mock_database_.GetMutableProtobuf()->clear_credentials();
    297   // Set expectations on the outputs.
    298   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    299     EXPECT_NE(STATUS_SUCCESS, reply.status());
    300     EXPECT_FALSE(reply.has_certificate_chain());
    301     EXPECT_EQ("", reply.server_error());
    302     Quit();
    303   };
    304   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    305   Run();
    306 }
    307 
    308 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) {
    309   EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
    310       .WillRepeatedly(Return(false));
    311   // Set expectations on the outputs.
    312   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    313     EXPECT_NE(STATUS_SUCCESS, reply.status());
    314     EXPECT_FALSE(reply.has_certificate_chain());
    315     EXPECT_EQ("", reply.server_error());
    316     Quit();
    317   };
    318   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    319   Run();
    320 }
    321 
    322 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) {
    323   EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
    324       .WillOnce(Return(true))
    325       .WillRepeatedly(Return(false));
    326   // Set expectations on the outputs.
    327   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    328     EXPECT_NE(STATUS_SUCCESS, reply.status());
    329     EXPECT_FALSE(reply.has_certificate_chain());
    330     EXPECT_EQ("", reply.server_error());
    331     Quit();
    332   };
    333   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    334   Run();
    335 }
    336 
    337 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) {
    338   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    339   // Set expectations on the outputs.
    340   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    341     EXPECT_NE(STATUS_SUCCESS, reply.status());
    342     EXPECT_FALSE(reply.has_certificate_chain());
    343     EXPECT_EQ("", reply.server_error());
    344     Quit();
    345   };
    346   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    347   Run();
    348 }
    349 
    350 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) {
    351   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    352   // Set expectations on the outputs.
    353   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    354     EXPECT_NE(STATUS_SUCCESS, reply.status());
    355     EXPECT_FALSE(reply.has_certificate_chain());
    356     EXPECT_EQ("", reply.server_error());
    357     Quit();
    358   };
    359   CreateGoogleAttestedKeyRequest request = GetCreateRequest();
    360   request.clear_username();
    361   service_->CreateGoogleAttestedKey(request, base::Bind(callback));
    362   Run();
    363 }
    364 
    365 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) {
    366   EXPECT_CALL(mock_key_store_, Write(_, _, _))
    367       .WillRepeatedly(Return(false));
    368   // Set expectations on the outputs.
    369   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    370     EXPECT_NE(STATUS_SUCCESS, reply.status());
    371     EXPECT_FALSE(reply.has_certificate_chain());
    372     EXPECT_EQ("", reply.server_error());
    373     Quit();
    374   };
    375   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    376   Run();
    377 }
    378 
    379 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) {
    380   EXPECT_CALL(mock_tpm_utility_, IsTpmReady())
    381       .WillRepeatedly(Return(false));
    382   // Set expectations on the outputs.
    383   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    384     EXPECT_NE(STATUS_SUCCESS, reply.status());
    385     EXPECT_FALSE(reply.has_certificate_chain());
    386     EXPECT_EQ("", reply.server_error());
    387     Quit();
    388   };
    389   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    390   Run();
    391 }
    392 
    393 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) {
    394   EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _))
    395       .WillRepeatedly(Return(false));
    396   // Set expectations on the outputs.
    397   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    398     EXPECT_NE(STATUS_SUCCESS, reply.status());
    399     EXPECT_FALSE(reply.has_certificate_chain());
    400     EXPECT_EQ("", reply.server_error());
    401     Quit();
    402   };
    403   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    404   Run();
    405 }
    406 
    407 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) {
    408   EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
    409       .WillRepeatedly(Return(false));
    410   // Set expectations on the outputs.
    411   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    412     EXPECT_NE(STATUS_SUCCESS, reply.status());
    413     EXPECT_FALSE(reply.has_certificate_chain());
    414     EXPECT_EQ("", reply.server_error());
    415     Quit();
    416   };
    417   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    418   Run();
    419 }
    420 
    421 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) {
    422   // Set expectations on the outputs.
    423   int callback_count = 0;
    424   auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
    425     callback_count++;
    426   };
    427   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    428   // Bring down the service, which should cancel any callbacks.
    429   service_.reset();
    430   EXPECT_EQ(0, callback_count);
    431 }
    432 
    433 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) {
    434   // Set expectations on the outputs.
    435   int callback_count = 0;
    436   auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
    437     callback_count++;
    438   };
    439   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    440   // Give threads a chance to run.
    441   base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10));
    442   // Bring down the service, which should cancel any callbacks.
    443   service_.reset();
    444   // Pump the loop to make sure no callbacks were posted.
    445   RunUntilIdle();
    446   EXPECT_EQ(0, callback_count);
    447 }
    448 
    449 TEST_F(AttestationServiceTest, GetKeyInfoSuccess) {
    450   // Setup a certified key in the key store.
    451   CertifiedKey key;
    452   key.set_public_key("public_key");
    453   key.set_certified_key_credential("fake_cert");
    454   key.set_intermediate_ca_cert("fake_ca_cert");
    455   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
    456   key.set_key_name("label");
    457   key.set_certified_key_info("certify_info");
    458   key.set_certified_key_proof("signature");
    459   key.set_key_type(KEY_TYPE_RSA);
    460   key.set_key_usage(KEY_USAGE_SIGN);
    461   std::string key_bytes;
    462   key.SerializeToString(&key_bytes);
    463   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    464       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
    465 
    466   // Set expectations on the outputs.
    467   auto callback = [this](const GetKeyInfoReply& reply) {
    468     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    469     EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
    470     EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
    471     EXPECT_EQ("public_key", reply.public_key());
    472     EXPECT_EQ("certify_info", reply.certify_info());
    473     EXPECT_EQ("signature", reply.certify_info_signature());
    474     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
    475     Quit();
    476   };
    477   GetKeyInfoRequest request;
    478   request.set_key_label("label");
    479   request.set_username("user");
    480   service_->GetKeyInfo(request, base::Bind(callback));
    481   Run();
    482 }
    483 
    484 TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) {
    485   // Setup a certified key in the device key store.
    486   CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
    487   key.set_public_key("public_key");
    488   key.set_certified_key_credential("fake_cert");
    489   key.set_intermediate_ca_cert("fake_ca_cert");
    490   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
    491   key.set_key_name("label");
    492   key.set_certified_key_info("certify_info");
    493   key.set_certified_key_proof("signature");
    494   key.set_key_type(KEY_TYPE_RSA);
    495   key.set_key_usage(KEY_USAGE_SIGN);
    496 
    497   // Set expectations on the outputs.
    498   auto callback = [this](const GetKeyInfoReply& reply) {
    499     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    500     EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
    501     EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
    502     EXPECT_EQ("public_key", reply.public_key());
    503     EXPECT_EQ("certify_info", reply.certify_info());
    504     EXPECT_EQ("signature", reply.certify_info_signature());
    505     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
    506     Quit();
    507   };
    508   GetKeyInfoRequest request;
    509   request.set_key_label("label");
    510   service_->GetKeyInfo(request, base::Bind(callback));
    511   Run();
    512 }
    513 
    514 TEST_F(AttestationServiceTest, GetKeyInfoNoKey) {
    515   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    516       .WillRepeatedly(Return(false));
    517 
    518   // Set expectations on the outputs.
    519   auto callback = [this](const GetKeyInfoReply& reply) {
    520     EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status());
    521     Quit();
    522   };
    523   GetKeyInfoRequest request;
    524   request.set_key_label("label");
    525   request.set_username("user");
    526   service_->GetKeyInfo(request, base::Bind(callback));
    527   Run();
    528 }
    529 
    530 TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) {
    531   EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _))
    532       .WillRepeatedly(Return(false));
    533 
    534   // Set expectations on the outputs.
    535   auto callback = [this](const GetKeyInfoReply& reply) {
    536     EXPECT_NE(STATUS_SUCCESS, reply.status());
    537     Quit();
    538   };
    539   GetKeyInfoRequest request;
    540   request.set_key_label("label");
    541   request.set_username("user");
    542   service_->GetKeyInfo(request, base::Bind(callback));
    543   Run();
    544 }
    545 
    546 TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) {
    547   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    548   database->mutable_credentials()->set_endorsement_public_key("public_key");
    549   database->mutable_credentials()->set_endorsement_credential("certificate");
    550   // Set expectations on the outputs.
    551   auto callback = [this](const GetEndorsementInfoReply& reply) {
    552     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    553     EXPECT_EQ("public_key", reply.ek_public_key());
    554     EXPECT_EQ("certificate", reply.ek_certificate());
    555     Quit();
    556   };
    557   GetEndorsementInfoRequest request;
    558   request.set_key_type(KEY_TYPE_RSA);
    559   service_->GetEndorsementInfo(request, base::Bind(callback));
    560   Run();
    561 }
    562 
    563 TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) {
    564   // Set expectations on the outputs.
    565   auto callback = [this](const GetEndorsementInfoReply& reply) {
    566     EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
    567     EXPECT_FALSE(reply.has_ek_public_key());
    568     EXPECT_FALSE(reply.has_ek_certificate());
    569     Quit();
    570   };
    571   GetEndorsementInfoRequest request;
    572   request.set_key_type(KEY_TYPE_RSA);
    573   service_->GetEndorsementInfo(request, base::Bind(callback));
    574   Run();
    575 }
    576 
    577 TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) {
    578   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    579   database->mutable_credentials()->set_endorsement_public_key("public_key");
    580   // Set expectations on the outputs.
    581   auto callback = [this](const GetEndorsementInfoReply& reply) {
    582     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    583     EXPECT_EQ("public_key", reply.ek_public_key());
    584     EXPECT_FALSE(reply.has_ek_certificate());
    585     Quit();
    586   };
    587   GetEndorsementInfoRequest request;
    588   request.set_key_type(KEY_TYPE_RSA);
    589   service_->GetEndorsementInfo(request, base::Bind(callback));
    590   Run();
    591 }
    592 
    593 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) {
    594   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    595   database->mutable_identity_key()->set_identity_public_key("public_key");
    596   database->mutable_identity_key()->set_identity_credential("certificate");
    597   database->mutable_pcr0_quote()->set_quote("pcr0");
    598   database->mutable_pcr1_quote()->set_quote("pcr1");
    599   database->mutable_identity_binding()->set_identity_public_key("public_key2");
    600   // Set expectations on the outputs.
    601   auto callback = [this](const GetAttestationKeyInfoReply& reply) {
    602     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    603     EXPECT_EQ("public_key", reply.public_key());
    604     EXPECT_EQ("public_key2", reply.public_key_tpm_format());
    605     EXPECT_EQ("certificate", reply.certificate());
    606     EXPECT_EQ("pcr0", reply.pcr0_quote().quote());
    607     EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
    608     Quit();
    609   };
    610   GetAttestationKeyInfoRequest request;
    611   request.set_key_type(KEY_TYPE_RSA);
    612   service_->GetAttestationKeyInfo(request, base::Bind(callback));
    613   Run();
    614 }
    615 
    616 TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) {
    617   // Set expectations on the outputs.
    618   auto callback = [this](const GetAttestationKeyInfoReply& reply) {
    619     EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
    620     EXPECT_FALSE(reply.has_public_key());
    621     EXPECT_FALSE(reply.has_public_key_tpm_format());
    622     EXPECT_FALSE(reply.has_certificate());
    623     EXPECT_FALSE(reply.has_pcr0_quote());
    624     EXPECT_FALSE(reply.has_pcr1_quote());
    625     Quit();
    626   };
    627   GetAttestationKeyInfoRequest request;
    628   request.set_key_type(KEY_TYPE_RSA);
    629   service_->GetAttestationKeyInfo(request, base::Bind(callback));
    630   Run();
    631 }
    632 
    633 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) {
    634   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    635   database->mutable_identity_key()->set_identity_credential("certificate");
    636   database->mutable_pcr1_quote()->set_quote("pcr1");
    637   // Set expectations on the outputs.
    638   auto callback = [this](const GetAttestationKeyInfoReply& reply) {
    639     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    640     EXPECT_FALSE(reply.has_public_key());
    641     EXPECT_FALSE(reply.has_public_key_tpm_format());
    642     EXPECT_EQ("certificate", reply.certificate());
    643     EXPECT_FALSE(reply.has_pcr0_quote());
    644     EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
    645     Quit();
    646   };
    647   GetAttestationKeyInfoRequest request;
    648   request.set_key_type(KEY_TYPE_RSA);
    649   service_->GetAttestationKeyInfo(request, base::Bind(callback));
    650   Run();
    651 }
    652 
    653 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) {
    654   EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
    655   EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1",
    656                                                   "encrypted2", _))
    657       .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
    658                       Return(true)));
    659   // Set expectations on the outputs.
    660   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    661     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    662     EXPECT_EQ("certificate", reply.certificate());
    663     Quit();
    664   };
    665   ActivateAttestationKeyRequest request;
    666   request.set_key_type(KEY_TYPE_RSA);
    667   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    668   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    669   request.set_save_certificate(true);
    670   service_->ActivateAttestationKey(request, base::Bind(callback));
    671   Run();
    672 }
    673 
    674 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) {
    675   EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0);
    676   EXPECT_CALL(mock_database_, SaveChanges()).Times(0);
    677   EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1",
    678                                                   "encrypted2", _))
    679       .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
    680                       Return(true)));
    681   // Set expectations on the outputs.
    682   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    683     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    684     EXPECT_EQ("certificate", reply.certificate());
    685     Quit();
    686   };
    687   ActivateAttestationKeyRequest request;
    688   request.set_key_type(KEY_TYPE_RSA);
    689   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    690   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    691   request.set_save_certificate(false);
    692   service_->ActivateAttestationKey(request, base::Bind(callback));
    693   Run();
    694 }
    695 
    696 TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) {
    697   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    698   // Set expectations on the outputs.
    699   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    700     EXPECT_NE(STATUS_SUCCESS, reply.status());
    701     Quit();
    702   };
    703   ActivateAttestationKeyRequest request;
    704   request.set_key_type(KEY_TYPE_RSA);
    705   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    706   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    707   request.set_save_certificate(true);
    708   service_->ActivateAttestationKey(request, base::Bind(callback));
    709   Run();
    710 }
    711 
    712 TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) {
    713   EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1",
    714                                                   "encrypted2", _))
    715       .WillRepeatedly(Return(false));
    716   // Set expectations on the outputs.
    717   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    718     EXPECT_NE(STATUS_SUCCESS, reply.status());
    719     Quit();
    720   };
    721   ActivateAttestationKeyRequest request;
    722   request.set_key_type(KEY_TYPE_RSA);
    723   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    724   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    725   request.set_save_certificate(true);
    726   service_->ActivateAttestationKey(request, base::Bind(callback));
    727   Run();
    728 }
    729 
    730 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) {
    731   // Configure a fake TPM response.
    732   EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC,
    733                                                     KEY_USAGE_SIGN,
    734                                                     _, _, _, _, _, _, _))
    735       .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")),
    736                       SetArgumentPointee<7>(std::string("certify_info")),
    737                       SetArgumentPointee<8>(
    738                           std::string("certify_info_signature")),
    739                       Return(true)));
    740   // Expect the key to be written exactly once.
    741   EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1);
    742   // Set expectations on the outputs.
    743   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    744     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    745     EXPECT_EQ("public_key", reply.public_key());
    746     EXPECT_EQ("certify_info", reply.certify_info());
    747     EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
    748     Quit();
    749   };
    750   CreateCertifiableKeyRequest request;
    751   request.set_key_label("label");
    752   request.set_key_type(KEY_TYPE_ECC);
    753   request.set_key_usage(KEY_USAGE_SIGN);
    754   request.set_username("user");
    755   service_->CreateCertifiableKey(request, base::Bind(callback));
    756   Run();
    757 }
    758 
    759 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) {
    760   // Configure a fake TPM response.
    761   EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC,
    762                                                     KEY_USAGE_SIGN,
    763                                                     _, _, _, _, _, _, _))
    764       .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")),
    765                       SetArgumentPointee<7>(std::string("certify_info")),
    766                       SetArgumentPointee<8>(
    767                           std::string("certify_info_signature")),
    768                       Return(true)));
    769   // Expect the key to be written exactly once.
    770   EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
    771   // Set expectations on the outputs.
    772   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    773     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    774     EXPECT_EQ("public_key", reply.public_key());
    775     EXPECT_EQ("certify_info", reply.certify_info());
    776     EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
    777     Quit();
    778   };
    779   CreateCertifiableKeyRequest request;
    780   request.set_key_label("label");
    781   request.set_key_type(KEY_TYPE_ECC);
    782   request.set_key_usage(KEY_USAGE_SIGN);
    783   service_->CreateCertifiableKey(request, base::Bind(callback));
    784   Run();
    785 }
    786 
    787 TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) {
    788   EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
    789       .WillRepeatedly(Return(false));
    790   // Set expectations on the outputs.
    791   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    792     EXPECT_NE(STATUS_SUCCESS, reply.status());
    793     EXPECT_FALSE(reply.has_public_key());
    794     EXPECT_FALSE(reply.has_certify_info());
    795     EXPECT_FALSE(reply.has_certify_info_signature());
    796     Quit();
    797   };
    798   CreateCertifiableKeyRequest request;
    799   request.set_key_label("label");
    800   request.set_key_type(KEY_TYPE_ECC);
    801   request.set_key_usage(KEY_USAGE_SIGN);
    802   service_->CreateCertifiableKey(request, base::Bind(callback));
    803   Run();
    804 }
    805 
    806 TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) {
    807   EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
    808       .WillRepeatedly(Return(false));
    809   // Set expectations on the outputs.
    810   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    811     EXPECT_NE(STATUS_SUCCESS, reply.status());
    812     EXPECT_FALSE(reply.has_public_key());
    813     EXPECT_FALSE(reply.has_certify_info());
    814     EXPECT_FALSE(reply.has_certify_info_signature());
    815     Quit();
    816   };
    817   CreateCertifiableKeyRequest request;
    818   request.set_key_label("label");
    819   request.set_key_type(KEY_TYPE_ECC);
    820   request.set_key_usage(KEY_USAGE_SIGN);
    821   service_->CreateCertifiableKey(request, base::Bind(callback));
    822   Run();
    823 }
    824 
    825 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) {
    826   EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false));
    827   // Set expectations on the outputs.
    828   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    829     EXPECT_NE(STATUS_SUCCESS, reply.status());
    830     EXPECT_FALSE(reply.has_public_key());
    831     EXPECT_FALSE(reply.has_certify_info());
    832     EXPECT_FALSE(reply.has_certify_info_signature());
    833     Quit();
    834   };
    835   CreateCertifiableKeyRequest request;
    836   request.set_key_label("label");
    837   request.set_key_type(KEY_TYPE_ECC);
    838   request.set_key_usage(KEY_USAGE_SIGN);
    839   request.set_username("username");
    840   service_->CreateCertifiableKey(request, base::Bind(callback));
    841   Run();
    842 }
    843 
    844 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) {
    845   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    846   // Set expectations on the outputs.
    847   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    848     EXPECT_NE(STATUS_SUCCESS, reply.status());
    849     EXPECT_FALSE(reply.has_public_key());
    850     EXPECT_FALSE(reply.has_certify_info());
    851     EXPECT_FALSE(reply.has_certify_info_signature());
    852     Quit();
    853   };
    854   CreateCertifiableKeyRequest request;
    855   request.set_key_label("label");
    856   request.set_key_type(KEY_TYPE_ECC);
    857   request.set_key_usage(KEY_USAGE_SIGN);
    858   service_->CreateCertifiableKey(request, base::Bind(callback));
    859   Run();
    860 }
    861 
    862 TEST_F(AttestationServiceTest, DecryptSuccess) {
    863   // Set expectations on the outputs.
    864   auto callback = [this](const DecryptReply& reply) {
    865     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    866     EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
    867               reply.decrypted_data());
    868     Quit();
    869   };
    870   DecryptRequest request;
    871   request.set_key_label("label");
    872   request.set_username("user");
    873   request.set_encrypted_data("data");
    874   service_->Decrypt(request, base::Bind(callback));
    875   Run();
    876 }
    877 
    878 TEST_F(AttestationServiceTest, DecryptSuccessNoUser) {
    879   mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
    880   // Set expectations on the outputs.
    881   auto callback = [this](const DecryptReply& reply) {
    882     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    883     EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
    884               reply.decrypted_data());
    885     Quit();
    886   };
    887   DecryptRequest request;
    888   request.set_key_label("label");
    889   request.set_encrypted_data("data");
    890   service_->Decrypt(request, base::Bind(callback));
    891   Run();
    892 }
    893 
    894 TEST_F(AttestationServiceTest, DecryptKeyNotFound) {
    895   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    896       .WillRepeatedly(Return(false));
    897   // Set expectations on the outputs.
    898   auto callback = [this](const DecryptReply& reply) {
    899     EXPECT_NE(STATUS_SUCCESS, reply.status());
    900     EXPECT_FALSE(reply.has_decrypted_data());
    901     Quit();
    902   };
    903   DecryptRequest request;
    904   request.set_key_label("label");
    905   request.set_username("user");
    906   request.set_encrypted_data("data");
    907   service_->Decrypt(request, base::Bind(callback));
    908   Run();
    909 }
    910 
    911 TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) {
    912   // Set expectations on the outputs.
    913   auto callback = [this](const DecryptReply& reply) {
    914     EXPECT_NE(STATUS_SUCCESS, reply.status());
    915     EXPECT_FALSE(reply.has_decrypted_data());
    916     Quit();
    917   };
    918   DecryptRequest request;
    919   request.set_key_label("label");
    920   request.set_encrypted_data("data");
    921   service_->Decrypt(request, base::Bind(callback));
    922   Run();
    923 }
    924 
    925 TEST_F(AttestationServiceTest, DecryptUnbindFailure) {
    926   EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false));
    927   // Set expectations on the outputs.
    928   auto callback = [this](const DecryptReply& reply) {
    929     EXPECT_NE(STATUS_SUCCESS, reply.status());
    930     EXPECT_FALSE(reply.has_decrypted_data());
    931     Quit();
    932   };
    933   DecryptRequest request;
    934   request.set_key_label("label");
    935   request.set_username("user");
    936   request.set_encrypted_data("data");
    937   service_->Decrypt(request, base::Bind(callback));
    938   Run();
    939 }
    940 
    941 TEST_F(AttestationServiceTest, SignSuccess) {
    942   // Set expectations on the outputs.
    943   auto callback = [this](const SignReply& reply) {
    944     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    945     EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
    946     Quit();
    947   };
    948   SignRequest request;
    949   request.set_key_label("label");
    950   request.set_username("user");
    951   request.set_data_to_sign("data");
    952   service_->Sign(request, base::Bind(callback));
    953   Run();
    954 }
    955 
    956 TEST_F(AttestationServiceTest, SignSuccessNoUser) {
    957   mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
    958   // Set expectations on the outputs.
    959   auto callback = [this](const SignReply& reply) {
    960     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    961     EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
    962     Quit();
    963   };
    964   SignRequest request;
    965   request.set_key_label("label");
    966   request.set_data_to_sign("data");
    967   service_->Sign(request, base::Bind(callback));
    968   Run();
    969 }
    970 
    971 TEST_F(AttestationServiceTest, SignKeyNotFound) {
    972   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    973       .WillRepeatedly(Return(false));
    974   // Set expectations on the outputs.
    975   auto callback = [this](const SignReply& reply) {
    976     EXPECT_NE(STATUS_SUCCESS, reply.status());
    977     EXPECT_FALSE(reply.has_signature());
    978     Quit();
    979   };
    980   SignRequest request;
    981   request.set_key_label("label");
    982   request.set_username("user");
    983   request.set_data_to_sign("data");
    984   service_->Sign(request, base::Bind(callback));
    985   Run();
    986 }
    987 
    988 TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) {
    989   // Set expectations on the outputs.
    990   auto callback = [this](const SignReply& reply) {
    991     EXPECT_NE(STATUS_SUCCESS, reply.status());
    992     EXPECT_FALSE(reply.has_signature());
    993     Quit();
    994   };
    995   SignRequest request;
    996   request.set_key_label("label");
    997   request.set_data_to_sign("data");
    998   service_->Sign(request, base::Bind(callback));
    999   Run();
   1000 }
   1001 
   1002 TEST_F(AttestationServiceTest, SignUnbindFailure) {
   1003   EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false));
   1004   // Set expectations on the outputs.
   1005   auto callback = [this](const SignReply& reply) {
   1006     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1007     EXPECT_FALSE(reply.has_signature());
   1008     Quit();
   1009   };
   1010   SignRequest request;
   1011   request.set_key_label("label");
   1012   request.set_username("user");
   1013   request.set_data_to_sign("data");
   1014   service_->Sign(request, base::Bind(callback));
   1015   Run();
   1016 }
   1017 
   1018 TEST_F(AttestationServiceTest, RegisterSuccess) {
   1019   // Setup a key in the user key store.
   1020   CertifiedKey key;
   1021   key.set_key_blob("key_blob");
   1022   key.set_public_key("public_key");
   1023   key.set_certified_key_credential("fake_cert");
   1024   key.set_intermediate_ca_cert("fake_ca_cert");
   1025   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
   1026   key.set_key_name("label");
   1027   key.set_key_type(KEY_TYPE_RSA);
   1028   key.set_key_usage(KEY_USAGE_SIGN);
   1029   std::string key_bytes;
   1030   key.SerializeToString(&key_bytes);
   1031   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1032       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1033   // Cardinality is verified here to verify various steps are performed and to
   1034   // catch performance regressions.
   1035   EXPECT_CALL(mock_key_store_, Register("user",
   1036                                         "label",
   1037                                         KEY_TYPE_RSA,
   1038                                         KEY_USAGE_SIGN,
   1039                                         "key_blob",
   1040                                         "public_key",
   1041                                         "fake_cert")).Times(1);
   1042   EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert"))
   1043       .Times(1);
   1044   EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2"))
   1045       .Times(1);
   1046   EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1);
   1047   // Set expectations on the outputs.
   1048   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1049     EXPECT_EQ(STATUS_SUCCESS, reply.status());
   1050     Quit();
   1051   };
   1052   RegisterKeyWithChapsTokenRequest request;
   1053   request.set_key_label("label");
   1054   request.set_username("user");
   1055   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1056   Run();
   1057 }
   1058 
   1059 TEST_F(AttestationServiceTest, RegisterSuccessNoUser) {
   1060   // Setup a key in the device_keys field.
   1061   CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
   1062   key.set_key_blob("key_blob");
   1063   key.set_public_key("public_key");
   1064   key.set_certified_key_credential("fake_cert");
   1065   key.set_intermediate_ca_cert("fake_ca_cert");
   1066   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
   1067   key.set_key_name("label");
   1068   key.set_key_type(KEY_TYPE_RSA);
   1069   key.set_key_usage(KEY_USAGE_SIGN);
   1070   // Cardinality is verified here to verify various steps are performed and to
   1071   // catch performance regressions.
   1072   EXPECT_CALL(mock_key_store_, Register("",
   1073                                         "label",
   1074                                         KEY_TYPE_RSA,
   1075                                         KEY_USAGE_SIGN,
   1076                                         "key_blob",
   1077                                         "public_key",
   1078                                         "fake_cert")).Times(1);
   1079   EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert"))
   1080       .Times(1);
   1081   EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2"))
   1082       .Times(1);
   1083   // Set expectations on the outputs.
   1084   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1085     EXPECT_EQ(STATUS_SUCCESS, reply.status());
   1086     EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size());
   1087     Quit();
   1088   };
   1089   RegisterKeyWithChapsTokenRequest request;
   1090   request.set_key_label("label");
   1091   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1092   Run();
   1093 }
   1094 
   1095 TEST_F(AttestationServiceTest, RegisterNoKey) {
   1096   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1097       .WillRepeatedly(Return(false));
   1098   // Set expectations on the outputs.
   1099   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1100     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1101     Quit();
   1102   };
   1103   RegisterKeyWithChapsTokenRequest request;
   1104   request.set_key_label("label");
   1105   request.set_username("user");
   1106   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1107   Run();
   1108 }
   1109 
   1110 TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) {
   1111   // Set expectations on the outputs.
   1112   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1113     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1114     Quit();
   1115   };
   1116   RegisterKeyWithChapsTokenRequest request;
   1117   request.set_key_label("label");
   1118   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1119   Run();
   1120 }
   1121 
   1122 TEST_F(AttestationServiceTest, RegisterFailure) {
   1123   // Setup a key in the user key store.
   1124   CertifiedKey key;
   1125   key.set_key_name("label");
   1126   std::string key_bytes;
   1127   key.SerializeToString(&key_bytes);
   1128   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1129       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1130   EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _))
   1131       .WillRepeatedly(Return(false));
   1132   // Set expectations on the outputs.
   1133   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1134     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1135     Quit();
   1136   };
   1137   RegisterKeyWithChapsTokenRequest request;
   1138   request.set_key_label("label");
   1139   request.set_username("user");
   1140   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1141   Run();
   1142 }
   1143 
   1144 TEST_F(AttestationServiceTest, RegisterIntermediateFailure) {
   1145   // Setup a key in the user key store.
   1146   CertifiedKey key;
   1147   key.set_key_name("label");
   1148   key.set_intermediate_ca_cert("fake_ca_cert");
   1149   std::string key_bytes;
   1150   key.SerializeToString(&key_bytes);
   1151   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1152       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1153   EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
   1154       .WillRepeatedly(Return(false));
   1155   // Set expectations on the outputs.
   1156   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1157     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1158     Quit();
   1159   };
   1160   RegisterKeyWithChapsTokenRequest request;
   1161   request.set_key_label("label");
   1162   request.set_username("user");
   1163   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1164   Run();
   1165 }
   1166 
   1167 TEST_F(AttestationServiceTest, RegisterAdditionalFailure) {
   1168   // Setup a key in the user key store.
   1169   CertifiedKey key;
   1170   key.set_key_name("label");
   1171   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
   1172   std::string key_bytes;
   1173   key.SerializeToString(&key_bytes);
   1174   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1175       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1176   EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
   1177       .WillRepeatedly(Return(false));
   1178   // Set expectations on the outputs.
   1179   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1180     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1181     Quit();
   1182   };
   1183   RegisterKeyWithChapsTokenRequest request;
   1184   request.set_key_label("label");
   1185   request.set_username("user");
   1186   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1187   Run();
   1188 }
   1189 
   1190 }  // namespace attestation
   1191