Home | History | Annotate | Download | only in server 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #include <string>
     18 
     19 #include <base/bind.h>
     20 #include <base/callback.h>
     21 #include <base/message_loop/message_loop.h>
     22 #include <base/run_loop.h>
     23 #include <brillo/bind_lambda.h>
     24 #include <brillo/data_encoding.h>
     25 #include <brillo/http/http_transport_fake.h>
     26 #include <brillo/mime_utils.h>
     27 #include <gmock/gmock.h>
     28 #include <gtest/gtest.h>
     29 
     30 #include "attestation/common/attestation_ca.pb.h"
     31 #include "attestation/common/mock_crypto_utility.h"
     32 #include "attestation/common/mock_tpm_utility.h"
     33 #include "attestation/server/attestation_service.h"
     34 #include "attestation/server/mock_database.h"
     35 #include "attestation/server/mock_key_store.h"
     36 
     37 using brillo::http::fake::ServerRequest;
     38 using brillo::http::fake::ServerResponse;
     39 using testing::_;
     40 using testing::DoAll;
     41 using testing::NiceMock;
     42 using testing::Return;
     43 using testing::ReturnRef;
     44 using testing::SetArgumentPointee;
     45 
     46 namespace attestation {
     47 
     48 class AttestationServiceTest : public testing::Test {
     49  public:
     50   enum FakeCAState {
     51     kSuccess,         // Valid successful response.
     52     kCommandFailure,  // Valid error response.
     53     kHttpFailure,     // Responds with an HTTP error.
     54     kBadMessageID,    // Valid successful response but a message ID mismatch.
     55   };
     56 
     57   ~AttestationServiceTest() override = default;
     58   void SetUp() override {
     59     service_.reset(new AttestationService);
     60     service_->set_database(&mock_database_);
     61     service_->set_crypto_utility(&mock_crypto_utility_);
     62     fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>();
     63     service_->set_http_transport(fake_http_transport_);
     64     service_->set_key_store(&mock_key_store_);
     65     service_->set_tpm_utility(&mock_tpm_utility_);
     66     // Setup a fake wrapped EK certificate by default.
     67     mock_database_.GetMutableProtobuf()
     68         ->mutable_credentials()
     69         ->mutable_default_encrypted_endorsement_credential()
     70         ->set_wrapping_key_id("default");
     71     // Setup a fake Attestation CA for success by default.
     72     SetupFakeCAEnroll(kSuccess);
     73     SetupFakeCASign(kSuccess);
     74     CHECK(service_->Initialize());
     75   }
     76 
     77  protected:
     78   void SetupFakeCAEnroll(FakeCAState state) {
     79     fake_http_transport_->AddHandler(
     80         service_->attestation_ca_origin() + "/enroll",
     81         brillo::http::request_type::kPost,
     82         base::Bind(&AttestationServiceTest::FakeCAEnroll,
     83                    base::Unretained(this), state));
     84   }
     85 
     86   void SetupFakeCASign(FakeCAState state) {
     87     fake_http_transport_->AddHandler(
     88         service_->attestation_ca_origin() + "/sign",
     89         brillo::http::request_type::kPost,
     90         base::Bind(&AttestationServiceTest::FakeCASign, base::Unretained(this),
     91                    state));
     92   }
     93 
     94   std::string GetFakeCertificateChain() {
     95     const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n";
     96     const std::string kEndCertificate = "-----END CERTIFICATE-----";
     97     std::string pem = kBeginCertificate;
     98     pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert");
     99     pem += kEndCertificate + "\n" + kBeginCertificate;
    100     pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert");
    101     pem += kEndCertificate + "\n" + kBeginCertificate;
    102     pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2");
    103     pem += kEndCertificate;
    104     return pem;
    105   }
    106 
    107   CreateGoogleAttestedKeyRequest GetCreateRequest() {
    108     CreateGoogleAttestedKeyRequest request;
    109     request.set_key_label("label");
    110     request.set_key_type(KEY_TYPE_ECC);
    111     request.set_key_usage(KEY_USAGE_SIGN);
    112     request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE);
    113     request.set_username("user");
    114     request.set_origin("origin");
    115     return request;
    116   }
    117 
    118   void Run() { run_loop_.Run(); }
    119 
    120   void RunUntilIdle() { run_loop_.RunUntilIdle(); }
    121 
    122   void Quit() { run_loop_.Quit(); }
    123 
    124   std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_;
    125   NiceMock<MockCryptoUtility> mock_crypto_utility_;
    126   NiceMock<MockDatabase> mock_database_;
    127   NiceMock<MockKeyStore> mock_key_store_;
    128   NiceMock<MockTpmUtility> mock_tpm_utility_;
    129   std::unique_ptr<AttestationService> service_;
    130 
    131  private:
    132   void FakeCAEnroll(FakeCAState state,
    133                     const ServerRequest& request,
    134                     ServerResponse* response) {
    135     AttestationEnrollmentRequest request_pb;
    136     EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
    137     if (state == kHttpFailure) {
    138       response->ReplyText(brillo::http::status_code::NotFound, std::string(),
    139                           brillo::mime::application::kOctet_stream);
    140       return;
    141     }
    142     AttestationEnrollmentResponse response_pb;
    143     if (state == kCommandFailure) {
    144       response_pb.set_status(SERVER_ERROR);
    145       response_pb.set_detail("fake_enroll_error");
    146     } else if (state == kSuccess) {
    147       response_pb.set_status(OK);
    148       response_pb.set_detail("");
    149       response_pb.mutable_encrypted_identity_credential()->set_asym_ca_contents(
    150           "1234");
    151       response_pb.mutable_encrypted_identity_credential()
    152           ->set_sym_ca_attestation("5678");
    153     } else {
    154       NOTREACHED();
    155     }
    156     std::string tmp;
    157     response_pb.SerializeToString(&tmp);
    158     response->ReplyText(brillo::http::status_code::Ok, tmp,
    159                         brillo::mime::application::kOctet_stream);
    160   }
    161 
    162   void FakeCASign(FakeCAState state,
    163                   const ServerRequest& request,
    164                   ServerResponse* response) {
    165     AttestationCertificateRequest request_pb;
    166     EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
    167     if (state == kHttpFailure) {
    168       response->ReplyText(brillo::http::status_code::NotFound, std::string(),
    169                           brillo::mime::application::kOctet_stream);
    170       return;
    171     }
    172     AttestationCertificateResponse response_pb;
    173     if (state == kCommandFailure) {
    174       response_pb.set_status(SERVER_ERROR);
    175       response_pb.set_detail("fake_sign_error");
    176     } else if (state == kSuccess || state == kBadMessageID) {
    177       response_pb.set_status(OK);
    178       response_pb.set_detail("");
    179       if (state == kSuccess) {
    180         response_pb.set_message_id(request_pb.message_id());
    181       }
    182       response_pb.set_certified_key_credential("fake_cert");
    183       response_pb.set_intermediate_ca_cert("fake_ca_cert");
    184       *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
    185     }
    186     std::string tmp;
    187     response_pb.SerializeToString(&tmp);
    188     response->ReplyText(brillo::http::status_code::Ok, tmp,
    189                         brillo::mime::application::kOctet_stream);
    190   }
    191 
    192   base::MessageLoop message_loop_;
    193   base::RunLoop run_loop_;
    194 };
    195 
    196 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) {
    197   // Set expectations on the outputs.
    198   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    199     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    200     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
    201     EXPECT_FALSE(reply.has_server_error());
    202     Quit();
    203   };
    204   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    205   Run();
    206 }
    207 
    208 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) {
    209   // Set expectations on the outputs.
    210   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    211     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    212     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
    213     EXPECT_FALSE(reply.has_server_error());
    214     Quit();
    215   };
    216   CreateGoogleAttestedKeyRequest request = GetCreateRequest();
    217   request.clear_username();
    218   service_->CreateGoogleAttestedKey(request, base::Bind(callback));
    219   Run();
    220 }
    221 
    222 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) {
    223   SetupFakeCAEnroll(kHttpFailure);
    224   // Set expectations on the outputs.
    225   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    226     EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
    227     EXPECT_FALSE(reply.has_certificate_chain());
    228     EXPECT_EQ("", reply.server_error());
    229     Quit();
    230   };
    231   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    232   Run();
    233 }
    234 
    235 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) {
    236   SetupFakeCASign(kHttpFailure);
    237   // Set expectations on the outputs.
    238   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    239     EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
    240     EXPECT_FALSE(reply.has_certificate_chain());
    241     EXPECT_EQ("", reply.server_error());
    242     Quit();
    243   };
    244   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    245   Run();
    246 }
    247 
    248 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) {
    249   SetupFakeCAEnroll(kCommandFailure);
    250   // Set expectations on the outputs.
    251   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    252     EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
    253     EXPECT_FALSE(reply.has_certificate_chain());
    254     EXPECT_EQ("fake_enroll_error", reply.server_error());
    255     Quit();
    256   };
    257   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    258   Run();
    259 }
    260 
    261 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) {
    262   SetupFakeCASign(kCommandFailure);
    263   // Set expectations on the outputs.
    264   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    265     EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
    266     EXPECT_FALSE(reply.has_certificate_chain());
    267     EXPECT_EQ("fake_sign_error", reply.server_error());
    268     Quit();
    269   };
    270   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    271   Run();
    272 }
    273 
    274 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) {
    275   SetupFakeCASign(kBadMessageID);
    276   // Set expectations on the outputs.
    277   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    278     EXPECT_NE(STATUS_SUCCESS, reply.status());
    279     EXPECT_FALSE(reply.has_certificate_chain());
    280     EXPECT_EQ("", reply.server_error());
    281     Quit();
    282   };
    283   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    284   Run();
    285 }
    286 
    287 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) {
    288   // Remove the default credential setup.
    289   mock_database_.GetMutableProtobuf()->clear_credentials();
    290   // Set expectations on the outputs.
    291   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    292     EXPECT_NE(STATUS_SUCCESS, reply.status());
    293     EXPECT_FALSE(reply.has_certificate_chain());
    294     EXPECT_EQ("", reply.server_error());
    295     Quit();
    296   };
    297   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    298   Run();
    299 }
    300 
    301 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) {
    302   EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
    303       .WillRepeatedly(Return(false));
    304   // Set expectations on the outputs.
    305   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    306     EXPECT_NE(STATUS_SUCCESS, reply.status());
    307     EXPECT_FALSE(reply.has_certificate_chain());
    308     EXPECT_EQ("", reply.server_error());
    309     Quit();
    310   };
    311   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    312   Run();
    313 }
    314 
    315 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) {
    316   EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
    317       .WillOnce(Return(true))
    318       .WillRepeatedly(Return(false));
    319   // Set expectations on the outputs.
    320   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    321     EXPECT_NE(STATUS_SUCCESS, reply.status());
    322     EXPECT_FALSE(reply.has_certificate_chain());
    323     EXPECT_EQ("", reply.server_error());
    324     Quit();
    325   };
    326   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    327   Run();
    328 }
    329 
    330 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) {
    331   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    332   // Set expectations on the outputs.
    333   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    334     EXPECT_NE(STATUS_SUCCESS, reply.status());
    335     EXPECT_FALSE(reply.has_certificate_chain());
    336     EXPECT_EQ("", reply.server_error());
    337     Quit();
    338   };
    339   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    340   Run();
    341 }
    342 
    343 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) {
    344   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    345   // Set expectations on the outputs.
    346   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    347     EXPECT_NE(STATUS_SUCCESS, reply.status());
    348     EXPECT_FALSE(reply.has_certificate_chain());
    349     EXPECT_EQ("", reply.server_error());
    350     Quit();
    351   };
    352   CreateGoogleAttestedKeyRequest request = GetCreateRequest();
    353   request.clear_username();
    354   service_->CreateGoogleAttestedKey(request, base::Bind(callback));
    355   Run();
    356 }
    357 
    358 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) {
    359   EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false));
    360   // Set expectations on the outputs.
    361   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    362     EXPECT_NE(STATUS_SUCCESS, reply.status());
    363     EXPECT_FALSE(reply.has_certificate_chain());
    364     EXPECT_EQ("", reply.server_error());
    365     Quit();
    366   };
    367   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    368   Run();
    369 }
    370 
    371 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) {
    372   EXPECT_CALL(mock_tpm_utility_, IsTpmReady()).WillRepeatedly(Return(false));
    373   // Set expectations on the outputs.
    374   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    375     EXPECT_NE(STATUS_SUCCESS, reply.status());
    376     EXPECT_FALSE(reply.has_certificate_chain());
    377     EXPECT_EQ("", reply.server_error());
    378     Quit();
    379   };
    380   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    381   Run();
    382 }
    383 
    384 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) {
    385   EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _))
    386       .WillRepeatedly(Return(false));
    387   // Set expectations on the outputs.
    388   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    389     EXPECT_NE(STATUS_SUCCESS, reply.status());
    390     EXPECT_FALSE(reply.has_certificate_chain());
    391     EXPECT_EQ("", reply.server_error());
    392     Quit();
    393   };
    394   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    395   Run();
    396 }
    397 
    398 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) {
    399   EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
    400       .WillRepeatedly(Return(false));
    401   // Set expectations on the outputs.
    402   auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
    403     EXPECT_NE(STATUS_SUCCESS, reply.status());
    404     EXPECT_FALSE(reply.has_certificate_chain());
    405     EXPECT_EQ("", reply.server_error());
    406     Quit();
    407   };
    408   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    409   Run();
    410 }
    411 
    412 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) {
    413   // Set expectations on the outputs.
    414   int callback_count = 0;
    415   auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
    416     callback_count++;
    417   };
    418   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    419   // Bring down the service, which should cancel any callbacks.
    420   service_.reset();
    421   EXPECT_EQ(0, callback_count);
    422 }
    423 
    424 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) {
    425   // Set expectations on the outputs.
    426   int callback_count = 0;
    427   auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
    428     callback_count++;
    429   };
    430   service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
    431   // Give threads a chance to run.
    432   base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10));
    433   // Bring down the service, which should cancel any callbacks.
    434   service_.reset();
    435   // Pump the loop to make sure no callbacks were posted.
    436   RunUntilIdle();
    437   EXPECT_EQ(0, callback_count);
    438 }
    439 
    440 TEST_F(AttestationServiceTest, GetKeyInfoSuccess) {
    441   // Setup a certified key in the key store.
    442   CertifiedKey key;
    443   key.set_public_key("public_key");
    444   key.set_certified_key_credential("fake_cert");
    445   key.set_intermediate_ca_cert("fake_ca_cert");
    446   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
    447   key.set_key_name("label");
    448   key.set_certified_key_info("certify_info");
    449   key.set_certified_key_proof("signature");
    450   key.set_key_type(KEY_TYPE_RSA);
    451   key.set_key_usage(KEY_USAGE_SIGN);
    452   std::string key_bytes;
    453   key.SerializeToString(&key_bytes);
    454   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    455       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
    456 
    457   // Set expectations on the outputs.
    458   auto callback = [this](const GetKeyInfoReply& reply) {
    459     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    460     EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
    461     EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
    462     EXPECT_EQ("public_key", reply.public_key());
    463     EXPECT_EQ("certify_info", reply.certify_info());
    464     EXPECT_EQ("signature", reply.certify_info_signature());
    465     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
    466     Quit();
    467   };
    468   GetKeyInfoRequest request;
    469   request.set_key_label("label");
    470   request.set_username("user");
    471   service_->GetKeyInfo(request, base::Bind(callback));
    472   Run();
    473 }
    474 
    475 TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) {
    476   // Setup a certified key in the device key store.
    477   CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
    478   key.set_public_key("public_key");
    479   key.set_certified_key_credential("fake_cert");
    480   key.set_intermediate_ca_cert("fake_ca_cert");
    481   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
    482   key.set_key_name("label");
    483   key.set_certified_key_info("certify_info");
    484   key.set_certified_key_proof("signature");
    485   key.set_key_type(KEY_TYPE_RSA);
    486   key.set_key_usage(KEY_USAGE_SIGN);
    487 
    488   // Set expectations on the outputs.
    489   auto callback = [this](const GetKeyInfoReply& reply) {
    490     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    491     EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
    492     EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
    493     EXPECT_EQ("public_key", reply.public_key());
    494     EXPECT_EQ("certify_info", reply.certify_info());
    495     EXPECT_EQ("signature", reply.certify_info_signature());
    496     EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
    497     Quit();
    498   };
    499   GetKeyInfoRequest request;
    500   request.set_key_label("label");
    501   service_->GetKeyInfo(request, base::Bind(callback));
    502   Run();
    503 }
    504 
    505 TEST_F(AttestationServiceTest, GetKeyInfoNoKey) {
    506   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    507       .WillRepeatedly(Return(false));
    508 
    509   // Set expectations on the outputs.
    510   auto callback = [this](const GetKeyInfoReply& reply) {
    511     EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status());
    512     Quit();
    513   };
    514   GetKeyInfoRequest request;
    515   request.set_key_label("label");
    516   request.set_username("user");
    517   service_->GetKeyInfo(request, base::Bind(callback));
    518   Run();
    519 }
    520 
    521 TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) {
    522   EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _))
    523       .WillRepeatedly(Return(false));
    524 
    525   // Set expectations on the outputs.
    526   auto callback = [this](const GetKeyInfoReply& reply) {
    527     EXPECT_NE(STATUS_SUCCESS, reply.status());
    528     Quit();
    529   };
    530   GetKeyInfoRequest request;
    531   request.set_key_label("label");
    532   request.set_username("user");
    533   service_->GetKeyInfo(request, base::Bind(callback));
    534   Run();
    535 }
    536 
    537 TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) {
    538   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    539   database->mutable_credentials()->set_endorsement_public_key("public_key");
    540   database->mutable_credentials()->set_endorsement_credential("certificate");
    541   // Set expectations on the outputs.
    542   auto callback = [this](const GetEndorsementInfoReply& reply) {
    543     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    544     EXPECT_EQ("public_key", reply.ek_public_key());
    545     EXPECT_EQ("certificate", reply.ek_certificate());
    546     Quit();
    547   };
    548   GetEndorsementInfoRequest request;
    549   request.set_key_type(KEY_TYPE_RSA);
    550   service_->GetEndorsementInfo(request, base::Bind(callback));
    551   Run();
    552 }
    553 
    554 TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) {
    555   // Set expectations on the outputs.
    556   auto callback = [this](const GetEndorsementInfoReply& reply) {
    557     EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
    558     EXPECT_FALSE(reply.has_ek_public_key());
    559     EXPECT_FALSE(reply.has_ek_certificate());
    560     Quit();
    561   };
    562   GetEndorsementInfoRequest request;
    563   request.set_key_type(KEY_TYPE_RSA);
    564   service_->GetEndorsementInfo(request, base::Bind(callback));
    565   Run();
    566 }
    567 
    568 TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) {
    569   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    570   database->mutable_credentials()->set_endorsement_public_key("public_key");
    571   // Set expectations on the outputs.
    572   auto callback = [this](const GetEndorsementInfoReply& reply) {
    573     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    574     EXPECT_EQ("public_key", reply.ek_public_key());
    575     EXPECT_FALSE(reply.has_ek_certificate());
    576     Quit();
    577   };
    578   GetEndorsementInfoRequest request;
    579   request.set_key_type(KEY_TYPE_RSA);
    580   service_->GetEndorsementInfo(request, base::Bind(callback));
    581   Run();
    582 }
    583 
    584 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) {
    585   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    586   database->mutable_identity_key()->set_identity_public_key("public_key");
    587   database->mutable_identity_key()->set_identity_credential("certificate");
    588   database->mutable_pcr0_quote()->set_quote("pcr0");
    589   database->mutable_pcr1_quote()->set_quote("pcr1");
    590   database->mutable_identity_binding()->set_identity_public_key("public_key2");
    591   // Set expectations on the outputs.
    592   auto callback = [this](const GetAttestationKeyInfoReply& reply) {
    593     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    594     EXPECT_EQ("public_key", reply.public_key());
    595     EXPECT_EQ("public_key2", reply.public_key_tpm_format());
    596     EXPECT_EQ("certificate", reply.certificate());
    597     EXPECT_EQ("pcr0", reply.pcr0_quote().quote());
    598     EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
    599     Quit();
    600   };
    601   GetAttestationKeyInfoRequest request;
    602   request.set_key_type(KEY_TYPE_RSA);
    603   service_->GetAttestationKeyInfo(request, base::Bind(callback));
    604   Run();
    605 }
    606 
    607 TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) {
    608   // Set expectations on the outputs.
    609   auto callback = [this](const GetAttestationKeyInfoReply& reply) {
    610     EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
    611     EXPECT_FALSE(reply.has_public_key());
    612     EXPECT_FALSE(reply.has_public_key_tpm_format());
    613     EXPECT_FALSE(reply.has_certificate());
    614     EXPECT_FALSE(reply.has_pcr0_quote());
    615     EXPECT_FALSE(reply.has_pcr1_quote());
    616     Quit();
    617   };
    618   GetAttestationKeyInfoRequest request;
    619   request.set_key_type(KEY_TYPE_RSA);
    620   service_->GetAttestationKeyInfo(request, base::Bind(callback));
    621   Run();
    622 }
    623 
    624 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) {
    625   AttestationDatabase* database = mock_database_.GetMutableProtobuf();
    626   database->mutable_identity_key()->set_identity_credential("certificate");
    627   database->mutable_pcr1_quote()->set_quote("pcr1");
    628   // Set expectations on the outputs.
    629   auto callback = [this](const GetAttestationKeyInfoReply& reply) {
    630     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    631     EXPECT_FALSE(reply.has_public_key());
    632     EXPECT_FALSE(reply.has_public_key_tpm_format());
    633     EXPECT_EQ("certificate", reply.certificate());
    634     EXPECT_FALSE(reply.has_pcr0_quote());
    635     EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
    636     Quit();
    637   };
    638   GetAttestationKeyInfoRequest request;
    639   request.set_key_type(KEY_TYPE_RSA);
    640   service_->GetAttestationKeyInfo(request, base::Bind(callback));
    641   Run();
    642 }
    643 
    644 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) {
    645   EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
    646   EXPECT_CALL(mock_tpm_utility_,
    647               ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _))
    648       .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
    649                       Return(true)));
    650   // Set expectations on the outputs.
    651   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    652     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    653     EXPECT_EQ("certificate", reply.certificate());
    654     Quit();
    655   };
    656   ActivateAttestationKeyRequest request;
    657   request.set_key_type(KEY_TYPE_RSA);
    658   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    659   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    660   request.set_save_certificate(true);
    661   service_->ActivateAttestationKey(request, base::Bind(callback));
    662   Run();
    663 }
    664 
    665 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) {
    666   EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0);
    667   EXPECT_CALL(mock_database_, SaveChanges()).Times(0);
    668   EXPECT_CALL(mock_tpm_utility_,
    669               ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _))
    670       .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
    671                       Return(true)));
    672   // Set expectations on the outputs.
    673   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    674     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    675     EXPECT_EQ("certificate", reply.certificate());
    676     Quit();
    677   };
    678   ActivateAttestationKeyRequest request;
    679   request.set_key_type(KEY_TYPE_RSA);
    680   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    681   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    682   request.set_save_certificate(false);
    683   service_->ActivateAttestationKey(request, base::Bind(callback));
    684   Run();
    685 }
    686 
    687 TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) {
    688   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    689   // Set expectations on the outputs.
    690   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    691     EXPECT_NE(STATUS_SUCCESS, reply.status());
    692     Quit();
    693   };
    694   ActivateAttestationKeyRequest request;
    695   request.set_key_type(KEY_TYPE_RSA);
    696   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    697   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    698   request.set_save_certificate(true);
    699   service_->ActivateAttestationKey(request, base::Bind(callback));
    700   Run();
    701 }
    702 
    703 TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) {
    704   EXPECT_CALL(mock_tpm_utility_,
    705               ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _))
    706       .WillRepeatedly(Return(false));
    707   // Set expectations on the outputs.
    708   auto callback = [this](const ActivateAttestationKeyReply& reply) {
    709     EXPECT_NE(STATUS_SUCCESS, reply.status());
    710     Quit();
    711   };
    712   ActivateAttestationKeyRequest request;
    713   request.set_key_type(KEY_TYPE_RSA);
    714   request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
    715   request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
    716   request.set_save_certificate(true);
    717   service_->ActivateAttestationKey(request, base::Bind(callback));
    718   Run();
    719 }
    720 
    721 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) {
    722   // Configure a fake TPM response.
    723   EXPECT_CALL(
    724       mock_tpm_utility_,
    725       CreateCertifiedKey(KEY_TYPE_ECC, KEY_USAGE_SIGN, _, _, _, _, _, _, _))
    726       .WillOnce(
    727           DoAll(SetArgumentPointee<5>(std::string("public_key")),
    728                 SetArgumentPointee<7>(std::string("certify_info")),
    729                 SetArgumentPointee<8>(std::string("certify_info_signature")),
    730                 Return(true)));
    731   // Expect the key to be written exactly once.
    732   EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1);
    733   // Set expectations on the outputs.
    734   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    735     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    736     EXPECT_EQ("public_key", reply.public_key());
    737     EXPECT_EQ("certify_info", reply.certify_info());
    738     EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
    739     Quit();
    740   };
    741   CreateCertifiableKeyRequest request;
    742   request.set_key_label("label");
    743   request.set_key_type(KEY_TYPE_ECC);
    744   request.set_key_usage(KEY_USAGE_SIGN);
    745   request.set_username("user");
    746   service_->CreateCertifiableKey(request, base::Bind(callback));
    747   Run();
    748 }
    749 
    750 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) {
    751   // Configure a fake TPM response.
    752   EXPECT_CALL(
    753       mock_tpm_utility_,
    754       CreateCertifiedKey(KEY_TYPE_ECC, KEY_USAGE_SIGN, _, _, _, _, _, _, _))
    755       .WillOnce(
    756           DoAll(SetArgumentPointee<5>(std::string("public_key")),
    757                 SetArgumentPointee<7>(std::string("certify_info")),
    758                 SetArgumentPointee<8>(std::string("certify_info_signature")),
    759                 Return(true)));
    760   // Expect the key to be written exactly once.
    761   EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
    762   // Set expectations on the outputs.
    763   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    764     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    765     EXPECT_EQ("public_key", reply.public_key());
    766     EXPECT_EQ("certify_info", reply.certify_info());
    767     EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
    768     Quit();
    769   };
    770   CreateCertifiableKeyRequest request;
    771   request.set_key_label("label");
    772   request.set_key_type(KEY_TYPE_ECC);
    773   request.set_key_usage(KEY_USAGE_SIGN);
    774   service_->CreateCertifiableKey(request, base::Bind(callback));
    775   Run();
    776 }
    777 
    778 TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) {
    779   EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
    780       .WillRepeatedly(Return(false));
    781   // Set expectations on the outputs.
    782   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    783     EXPECT_NE(STATUS_SUCCESS, reply.status());
    784     EXPECT_FALSE(reply.has_public_key());
    785     EXPECT_FALSE(reply.has_certify_info());
    786     EXPECT_FALSE(reply.has_certify_info_signature());
    787     Quit();
    788   };
    789   CreateCertifiableKeyRequest request;
    790   request.set_key_label("label");
    791   request.set_key_type(KEY_TYPE_ECC);
    792   request.set_key_usage(KEY_USAGE_SIGN);
    793   service_->CreateCertifiableKey(request, base::Bind(callback));
    794   Run();
    795 }
    796 
    797 TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) {
    798   EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
    799       .WillRepeatedly(Return(false));
    800   // Set expectations on the outputs.
    801   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    802     EXPECT_NE(STATUS_SUCCESS, reply.status());
    803     EXPECT_FALSE(reply.has_public_key());
    804     EXPECT_FALSE(reply.has_certify_info());
    805     EXPECT_FALSE(reply.has_certify_info_signature());
    806     Quit();
    807   };
    808   CreateCertifiableKeyRequest request;
    809   request.set_key_label("label");
    810   request.set_key_type(KEY_TYPE_ECC);
    811   request.set_key_usage(KEY_USAGE_SIGN);
    812   service_->CreateCertifiableKey(request, base::Bind(callback));
    813   Run();
    814 }
    815 
    816 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) {
    817   EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false));
    818   // Set expectations on the outputs.
    819   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    820     EXPECT_NE(STATUS_SUCCESS, reply.status());
    821     EXPECT_FALSE(reply.has_public_key());
    822     EXPECT_FALSE(reply.has_certify_info());
    823     EXPECT_FALSE(reply.has_certify_info_signature());
    824     Quit();
    825   };
    826   CreateCertifiableKeyRequest request;
    827   request.set_key_label("label");
    828   request.set_key_type(KEY_TYPE_ECC);
    829   request.set_key_usage(KEY_USAGE_SIGN);
    830   request.set_username("username");
    831   service_->CreateCertifiableKey(request, base::Bind(callback));
    832   Run();
    833 }
    834 
    835 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) {
    836   EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
    837   // Set expectations on the outputs.
    838   auto callback = [this](const CreateCertifiableKeyReply& reply) {
    839     EXPECT_NE(STATUS_SUCCESS, reply.status());
    840     EXPECT_FALSE(reply.has_public_key());
    841     EXPECT_FALSE(reply.has_certify_info());
    842     EXPECT_FALSE(reply.has_certify_info_signature());
    843     Quit();
    844   };
    845   CreateCertifiableKeyRequest request;
    846   request.set_key_label("label");
    847   request.set_key_type(KEY_TYPE_ECC);
    848   request.set_key_usage(KEY_USAGE_SIGN);
    849   service_->CreateCertifiableKey(request, base::Bind(callback));
    850   Run();
    851 }
    852 
    853 TEST_F(AttestationServiceTest, DecryptSuccess) {
    854   // Set expectations on the outputs.
    855   auto callback = [this](const DecryptReply& reply) {
    856     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    857     EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
    858               reply.decrypted_data());
    859     Quit();
    860   };
    861   DecryptRequest request;
    862   request.set_key_label("label");
    863   request.set_username("user");
    864   request.set_encrypted_data("data");
    865   service_->Decrypt(request, base::Bind(callback));
    866   Run();
    867 }
    868 
    869 TEST_F(AttestationServiceTest, DecryptSuccessNoUser) {
    870   mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
    871   // Set expectations on the outputs.
    872   auto callback = [this](const DecryptReply& reply) {
    873     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    874     EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
    875               reply.decrypted_data());
    876     Quit();
    877   };
    878   DecryptRequest request;
    879   request.set_key_label("label");
    880   request.set_encrypted_data("data");
    881   service_->Decrypt(request, base::Bind(callback));
    882   Run();
    883 }
    884 
    885 TEST_F(AttestationServiceTest, DecryptKeyNotFound) {
    886   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    887       .WillRepeatedly(Return(false));
    888   // Set expectations on the outputs.
    889   auto callback = [this](const DecryptReply& reply) {
    890     EXPECT_NE(STATUS_SUCCESS, reply.status());
    891     EXPECT_FALSE(reply.has_decrypted_data());
    892     Quit();
    893   };
    894   DecryptRequest request;
    895   request.set_key_label("label");
    896   request.set_username("user");
    897   request.set_encrypted_data("data");
    898   service_->Decrypt(request, base::Bind(callback));
    899   Run();
    900 }
    901 
    902 TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) {
    903   // Set expectations on the outputs.
    904   auto callback = [this](const DecryptReply& reply) {
    905     EXPECT_NE(STATUS_SUCCESS, reply.status());
    906     EXPECT_FALSE(reply.has_decrypted_data());
    907     Quit();
    908   };
    909   DecryptRequest request;
    910   request.set_key_label("label");
    911   request.set_encrypted_data("data");
    912   service_->Decrypt(request, base::Bind(callback));
    913   Run();
    914 }
    915 
    916 TEST_F(AttestationServiceTest, DecryptUnbindFailure) {
    917   EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false));
    918   // Set expectations on the outputs.
    919   auto callback = [this](const DecryptReply& reply) {
    920     EXPECT_NE(STATUS_SUCCESS, reply.status());
    921     EXPECT_FALSE(reply.has_decrypted_data());
    922     Quit();
    923   };
    924   DecryptRequest request;
    925   request.set_key_label("label");
    926   request.set_username("user");
    927   request.set_encrypted_data("data");
    928   service_->Decrypt(request, base::Bind(callback));
    929   Run();
    930 }
    931 
    932 TEST_F(AttestationServiceTest, SignSuccess) {
    933   // Set expectations on the outputs.
    934   auto callback = [this](const SignReply& reply) {
    935     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    936     EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
    937     Quit();
    938   };
    939   SignRequest request;
    940   request.set_key_label("label");
    941   request.set_username("user");
    942   request.set_data_to_sign("data");
    943   service_->Sign(request, base::Bind(callback));
    944   Run();
    945 }
    946 
    947 TEST_F(AttestationServiceTest, SignSuccessNoUser) {
    948   mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
    949   // Set expectations on the outputs.
    950   auto callback = [this](const SignReply& reply) {
    951     EXPECT_EQ(STATUS_SUCCESS, reply.status());
    952     EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
    953     Quit();
    954   };
    955   SignRequest request;
    956   request.set_key_label("label");
    957   request.set_data_to_sign("data");
    958   service_->Sign(request, base::Bind(callback));
    959   Run();
    960 }
    961 
    962 TEST_F(AttestationServiceTest, SignKeyNotFound) {
    963   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
    964       .WillRepeatedly(Return(false));
    965   // Set expectations on the outputs.
    966   auto callback = [this](const SignReply& reply) {
    967     EXPECT_NE(STATUS_SUCCESS, reply.status());
    968     EXPECT_FALSE(reply.has_signature());
    969     Quit();
    970   };
    971   SignRequest request;
    972   request.set_key_label("label");
    973   request.set_username("user");
    974   request.set_data_to_sign("data");
    975   service_->Sign(request, base::Bind(callback));
    976   Run();
    977 }
    978 
    979 TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) {
    980   // Set expectations on the outputs.
    981   auto callback = [this](const SignReply& reply) {
    982     EXPECT_NE(STATUS_SUCCESS, reply.status());
    983     EXPECT_FALSE(reply.has_signature());
    984     Quit();
    985   };
    986   SignRequest request;
    987   request.set_key_label("label");
    988   request.set_data_to_sign("data");
    989   service_->Sign(request, base::Bind(callback));
    990   Run();
    991 }
    992 
    993 TEST_F(AttestationServiceTest, SignUnbindFailure) {
    994   EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false));
    995   // Set expectations on the outputs.
    996   auto callback = [this](const SignReply& reply) {
    997     EXPECT_NE(STATUS_SUCCESS, reply.status());
    998     EXPECT_FALSE(reply.has_signature());
    999     Quit();
   1000   };
   1001   SignRequest request;
   1002   request.set_key_label("label");
   1003   request.set_username("user");
   1004   request.set_data_to_sign("data");
   1005   service_->Sign(request, base::Bind(callback));
   1006   Run();
   1007 }
   1008 
   1009 TEST_F(AttestationServiceTest, RegisterSuccess) {
   1010   // Setup a key in the user key store.
   1011   CertifiedKey key;
   1012   key.set_key_blob("key_blob");
   1013   key.set_public_key("public_key");
   1014   key.set_certified_key_credential("fake_cert");
   1015   key.set_intermediate_ca_cert("fake_ca_cert");
   1016   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
   1017   key.set_key_name("label");
   1018   key.set_key_type(KEY_TYPE_RSA);
   1019   key.set_key_usage(KEY_USAGE_SIGN);
   1020   std::string key_bytes;
   1021   key.SerializeToString(&key_bytes);
   1022   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1023       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1024   // Cardinality is verified here to verify various steps are performed and to
   1025   // catch performance regressions.
   1026   EXPECT_CALL(mock_key_store_,
   1027               Register("user", "label", KEY_TYPE_RSA, KEY_USAGE_SIGN,
   1028                        "key_blob", "public_key", "fake_cert"))
   1029       .Times(1);
   1030   EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert"))
   1031       .Times(1);
   1032   EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2"))
   1033       .Times(1);
   1034   EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1);
   1035   // Set expectations on the outputs.
   1036   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1037     EXPECT_EQ(STATUS_SUCCESS, reply.status());
   1038     Quit();
   1039   };
   1040   RegisterKeyWithChapsTokenRequest request;
   1041   request.set_key_label("label");
   1042   request.set_username("user");
   1043   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1044   Run();
   1045 }
   1046 
   1047 TEST_F(AttestationServiceTest, RegisterSuccessNoUser) {
   1048   // Setup a key in the device_keys field.
   1049   CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
   1050   key.set_key_blob("key_blob");
   1051   key.set_public_key("public_key");
   1052   key.set_certified_key_credential("fake_cert");
   1053   key.set_intermediate_ca_cert("fake_ca_cert");
   1054   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
   1055   key.set_key_name("label");
   1056   key.set_key_type(KEY_TYPE_RSA);
   1057   key.set_key_usage(KEY_USAGE_SIGN);
   1058   // Cardinality is verified here to verify various steps are performed and to
   1059   // catch performance regressions.
   1060   EXPECT_CALL(mock_key_store_,
   1061               Register("", "label", KEY_TYPE_RSA, KEY_USAGE_SIGN, "key_blob",
   1062                        "public_key", "fake_cert"))
   1063       .Times(1);
   1064   EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert"))
   1065       .Times(1);
   1066   EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2"))
   1067       .Times(1);
   1068   // Set expectations on the outputs.
   1069   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1070     EXPECT_EQ(STATUS_SUCCESS, reply.status());
   1071     EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size());
   1072     Quit();
   1073   };
   1074   RegisterKeyWithChapsTokenRequest request;
   1075   request.set_key_label("label");
   1076   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1077   Run();
   1078 }
   1079 
   1080 TEST_F(AttestationServiceTest, RegisterNoKey) {
   1081   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1082       .WillRepeatedly(Return(false));
   1083   // Set expectations on the outputs.
   1084   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1085     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1086     Quit();
   1087   };
   1088   RegisterKeyWithChapsTokenRequest request;
   1089   request.set_key_label("label");
   1090   request.set_username("user");
   1091   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1092   Run();
   1093 }
   1094 
   1095 TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) {
   1096   // Set expectations on the outputs.
   1097   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1098     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1099     Quit();
   1100   };
   1101   RegisterKeyWithChapsTokenRequest request;
   1102   request.set_key_label("label");
   1103   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1104   Run();
   1105 }
   1106 
   1107 TEST_F(AttestationServiceTest, RegisterFailure) {
   1108   // Setup a key in the user key store.
   1109   CertifiedKey key;
   1110   key.set_key_name("label");
   1111   std::string key_bytes;
   1112   key.SerializeToString(&key_bytes);
   1113   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1114       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1115   EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _))
   1116       .WillRepeatedly(Return(false));
   1117   // Set expectations on the outputs.
   1118   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1119     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1120     Quit();
   1121   };
   1122   RegisterKeyWithChapsTokenRequest request;
   1123   request.set_key_label("label");
   1124   request.set_username("user");
   1125   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1126   Run();
   1127 }
   1128 
   1129 TEST_F(AttestationServiceTest, RegisterIntermediateFailure) {
   1130   // Setup a key in the user key store.
   1131   CertifiedKey key;
   1132   key.set_key_name("label");
   1133   key.set_intermediate_ca_cert("fake_ca_cert");
   1134   std::string key_bytes;
   1135   key.SerializeToString(&key_bytes);
   1136   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1137       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1138   EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
   1139       .WillRepeatedly(Return(false));
   1140   // Set expectations on the outputs.
   1141   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1142     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1143     Quit();
   1144   };
   1145   RegisterKeyWithChapsTokenRequest request;
   1146   request.set_key_label("label");
   1147   request.set_username("user");
   1148   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1149   Run();
   1150 }
   1151 
   1152 TEST_F(AttestationServiceTest, RegisterAdditionalFailure) {
   1153   // Setup a key in the user key store.
   1154   CertifiedKey key;
   1155   key.set_key_name("label");
   1156   *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
   1157   std::string key_bytes;
   1158   key.SerializeToString(&key_bytes);
   1159   EXPECT_CALL(mock_key_store_, Read("user", "label", _))
   1160       .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
   1161   EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
   1162       .WillRepeatedly(Return(false));
   1163   // Set expectations on the outputs.
   1164   auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
   1165     EXPECT_NE(STATUS_SUCCESS, reply.status());
   1166     Quit();
   1167   };
   1168   RegisterKeyWithChapsTokenRequest request;
   1169   request.set_key_label("label");
   1170   request.set_username("user");
   1171   service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
   1172   Run();
   1173 }
   1174 
   1175 }  // namespace attestation
   1176