1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/policy/device_policy_cache.h"
6
7 #include "chrome/browser/chromeos/cros/cryptohome_library.h"
8 #include "chrome/browser/policy/device_policy_identity_strategy.h"
9 #include "chrome/browser/policy/enterprise_install_attributes.h"
10 #include "policy/configuration_policy_type.h"
11 #include "testing/gmock/include/gmock/gmock.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13
14 namespace policy {
15
16 namespace {
17
18 // Test registration user name.
19 const char kTestUser[] = "test@example.com";
20
21 using ::chromeos::SignedSettings;
22 using ::chromeos::SignedSettingsHelper;
23 using ::testing::_;
24 using ::testing::InSequence;
25
26 class MockSignedSettingsHelper : public SignedSettingsHelper {
27 public:
MockSignedSettingsHelper()28 MockSignedSettingsHelper() {}
~MockSignedSettingsHelper()29 virtual ~MockSignedSettingsHelper() {}
30
31 MOCK_METHOD2(StartStorePolicyOp, void(const em::PolicyFetchResponse&,
32 SignedSettingsHelper::Callback*));
33 MOCK_METHOD1(StartRetrievePolicyOp, void(SignedSettingsHelper::Callback*));
34 MOCK_METHOD1(CancelCallback, void(SignedSettingsHelper::Callback*));
35
36 // This test doesn't need these methods, but since they're pure virtual in
37 // SignedSettingsHelper, they must be implemented:
38 MOCK_METHOD2(StartCheckWhitelistOp, void(const std::string&,
39 SignedSettingsHelper::Callback*));
40 MOCK_METHOD3(StartWhitelistOp, void(const std::string&, bool,
41 SignedSettingsHelper::Callback*));
42 MOCK_METHOD3(StartStorePropertyOp, void(const std::string&,
43 const std::string&,
44 SignedSettingsHelper::Callback*));
45 MOCK_METHOD2(StartRetrieveProperty, void(const std::string&,
46 SignedSettingsHelper::Callback*));
47
48 private:
49 DISALLOW_COPY_AND_ASSIGN(MockSignedSettingsHelper);
50 };
51
ACTION_P(MockSignedSettingsHelperStorePolicy,status_code)52 ACTION_P(MockSignedSettingsHelperStorePolicy, status_code) {
53 arg1->OnStorePolicyCompleted(status_code);
54 }
55
ACTION_P2(MockSignedSettingsHelperRetrievePolicy,status_code,policy)56 ACTION_P2(MockSignedSettingsHelperRetrievePolicy, status_code, policy) {
57 arg0->OnRetrievePolicyCompleted(status_code, policy);
58 }
59
CreateRefreshRatePolicy(em::PolicyFetchResponse * policy,const std::string & user,int refresh_rate)60 void CreateRefreshRatePolicy(em::PolicyFetchResponse* policy,
61 const std::string& user,
62 int refresh_rate) {
63 // This method omits a few fields which currently aren't needed by tests:
64 // timestamp, machine_name, policy_type, public key info.
65 em::PolicyData signed_response;
66 em::ChromeDeviceSettingsProto settings;
67 settings.mutable_policy_refresh_rate()->set_policy_refresh_rate(refresh_rate);
68 signed_response.set_username(user);
69 signed_response.set_request_token("dmtoken");
70 signed_response.set_device_id("deviceid");
71 EXPECT_TRUE(
72 settings.SerializeToString(signed_response.mutable_policy_value()));
73 std::string serialized_signed_response;
74 EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response));
75 policy->set_policy_data(serialized_signed_response);
76 }
77
CreateProxyPolicy(em::PolicyFetchResponse * policy,const std::string & user,const std::string & proxy_mode,const std::string & proxy_server,const std::string & proxy_pac_url,const std::string & proxy_bypass_list)78 void CreateProxyPolicy(em::PolicyFetchResponse* policy,
79 const std::string& user,
80 const std::string& proxy_mode,
81 const std::string& proxy_server,
82 const std::string& proxy_pac_url,
83 const std::string& proxy_bypass_list) {
84 em::PolicyData signed_response;
85 em::ChromeDeviceSettingsProto settings;
86 em::DeviceProxySettingsProto* proxy_settings =
87 settings.mutable_device_proxy_settings();
88 proxy_settings->set_proxy_mode(proxy_mode);
89 proxy_settings->set_proxy_server(proxy_server);
90 proxy_settings->set_proxy_pac_url(proxy_pac_url);
91 proxy_settings->set_proxy_bypass_list(proxy_bypass_list);
92 signed_response.set_username(user);
93 signed_response.set_request_token("dmtoken");
94 signed_response.set_device_id("deviceid");
95 EXPECT_TRUE(
96 settings.SerializeToString(signed_response.mutable_policy_value()));
97 std::string serialized_signed_response;
98 EXPECT_TRUE(signed_response.SerializeToString(&serialized_signed_response));
99 policy->set_policy_data(serialized_signed_response);
100 }
101
102 } // namespace
103
104 class DevicePolicyCacheTest : public testing::Test {
105 protected:
DevicePolicyCacheTest()106 DevicePolicyCacheTest()
107 : cryptohome_(chromeos::CryptohomeLibrary::GetImpl(true)),
108 install_attributes_(cryptohome_.get()) {}
109
SetUp()110 virtual void SetUp() {
111 cache_.reset(new DevicePolicyCache(&identity_strategy_,
112 &install_attributes_,
113 &signed_settings_helper_));
114 }
115
TearDown()116 virtual void TearDown() {
117 EXPECT_CALL(signed_settings_helper_, CancelCallback(_));
118 cache_.reset();
119 }
120
MakeEnterpriseDevice(const char * registration_user)121 void MakeEnterpriseDevice(const char* registration_user) {
122 ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
123 install_attributes_.LockDevice(registration_user));
124 }
125
GetMandatoryPolicy(ConfigurationPolicyType policy)126 const Value* GetMandatoryPolicy(ConfigurationPolicyType policy) {
127 return cache_->mandatory_policy_.Get(policy);
128 }
129
GetRecommendedPolicy(ConfigurationPolicyType policy)130 const Value* GetRecommendedPolicy(ConfigurationPolicyType policy) {
131 return cache_->recommended_policy_.Get(policy);
132 }
133
134 scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_;
135 EnterpriseInstallAttributes install_attributes_;
136 DevicePolicyIdentityStrategy identity_strategy_;
137 MockSignedSettingsHelper signed_settings_helper_;
138 scoped_ptr<DevicePolicyCache> cache_;
139
140 private:
141 DISALLOW_COPY_AND_ASSIGN(DevicePolicyCacheTest);
142 };
143
TEST_F(DevicePolicyCacheTest,Startup)144 TEST_F(DevicePolicyCacheTest, Startup) {
145 em::PolicyFetchResponse policy;
146 CreateRefreshRatePolicy(&policy, kTestUser, 120);
147 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
148 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
149 policy));
150 cache_->Load();
151 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
152 FundamentalValue expected(120);
153 EXPECT_TRUE(Value::Equals(&expected,
154 GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
155 }
156
TEST_F(DevicePolicyCacheTest,SetPolicy)157 TEST_F(DevicePolicyCacheTest, SetPolicy) {
158 InSequence s;
159
160 MakeEnterpriseDevice(kTestUser);
161
162 // Startup.
163 em::PolicyFetchResponse policy;
164 CreateRefreshRatePolicy(&policy, kTestUser, 120);
165 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
166 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
167 policy));
168 cache_->Load();
169 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
170 FundamentalValue expected(120);
171 EXPECT_TRUE(Value::Equals(&expected,
172 GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
173
174 // Set new policy information.
175 em::PolicyFetchResponse new_policy;
176 CreateRefreshRatePolicy(&new_policy, kTestUser, 300);
177 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).WillOnce(
178 MockSignedSettingsHelperStorePolicy(chromeos::SignedSettings::SUCCESS));
179 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
180 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
181 new_policy));
182 cache_->SetPolicy(new_policy);
183 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
184 FundamentalValue updated_expected(300);
185 EXPECT_TRUE(Value::Equals(&updated_expected,
186 GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
187 }
188
TEST_F(DevicePolicyCacheTest,SetPolicyWrongUser)189 TEST_F(DevicePolicyCacheTest, SetPolicyWrongUser) {
190 InSequence s;
191
192 MakeEnterpriseDevice(kTestUser);
193
194 // Startup.
195 em::PolicyFetchResponse policy;
196 CreateRefreshRatePolicy(&policy, kTestUser, 120);
197 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
198 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
199 policy));
200 cache_->Load();
201 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
202
203 // Set new policy information. This should fail due to invalid user.
204 em::PolicyFetchResponse new_policy;
205 CreateRefreshRatePolicy(&new_policy, "foreign_user@example.com", 300);
206 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0);
207 cache_->SetPolicy(new_policy);
208 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
209
210 FundamentalValue expected(120);
211 EXPECT_TRUE(Value::Equals(&expected,
212 GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
213 }
214
TEST_F(DevicePolicyCacheTest,SetPolicyNonEnterpriseDevice)215 TEST_F(DevicePolicyCacheTest, SetPolicyNonEnterpriseDevice) {
216 InSequence s;
217
218 // Startup.
219 em::PolicyFetchResponse policy;
220 CreateRefreshRatePolicy(&policy, kTestUser, 120);
221 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
222 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
223 policy));
224 cache_->Load();
225 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
226
227 // Set new policy information. This should fail due to invalid user.
228 em::PolicyFetchResponse new_policy;
229 CreateRefreshRatePolicy(&new_policy, kTestUser, 120);
230 EXPECT_CALL(signed_settings_helper_, StartStorePolicyOp(_, _)).Times(0);
231 cache_->SetPolicy(new_policy);
232 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
233
234 FundamentalValue expected(120);
235 EXPECT_TRUE(Value::Equals(&expected,
236 GetMandatoryPolicy(kPolicyPolicyRefreshRate)));
237 }
238
TEST_F(DevicePolicyCacheTest,SetProxyPolicy)239 TEST_F(DevicePolicyCacheTest, SetProxyPolicy) {
240 InSequence s;
241
242 MakeEnterpriseDevice(kTestUser);
243
244 // Startup.
245 em::PolicyFetchResponse policy;
246 CreateProxyPolicy(&policy, kTestUser, "direct", "http://proxy:8080",
247 "http://proxy:8080/pac.js", "127.0.0.1,example.com");
248 EXPECT_CALL(signed_settings_helper_, StartRetrievePolicyOp(_)).WillOnce(
249 MockSignedSettingsHelperRetrievePolicy(SignedSettings::SUCCESS,
250 policy));
251 cache_->Load();
252 testing::Mock::VerifyAndClearExpectations(&signed_settings_helper_);
253 StringValue expected_proxy_mode("direct");
254 StringValue expected_proxy_server("http://proxy:8080");
255 StringValue expected_proxy_pac_url("http://proxy:8080/pac.js");
256 StringValue expected_proxy_bypass_list("127.0.0.1,example.com");
257 EXPECT_TRUE(Value::Equals(&expected_proxy_mode,
258 GetRecommendedPolicy(kPolicyProxyMode)));
259 EXPECT_TRUE(Value::Equals(&expected_proxy_server,
260 GetRecommendedPolicy(kPolicyProxyServer)));
261 EXPECT_TRUE(Value::Equals(&expected_proxy_pac_url,
262 GetRecommendedPolicy(kPolicyProxyPacUrl)));
263 EXPECT_TRUE(Value::Equals(&expected_proxy_bypass_list,
264 GetRecommendedPolicy(kPolicyProxyBypassList)));
265 }
266
267 } // namespace policy
268