1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/signed_settings.h"
6
7 #include "base/file_util.h"
8 #include "base/logging.h"
9 #include "base/memory/scoped_temp_dir.h"
10 #include "base/stringprintf.h"
11 #include "chrome/browser/chromeos/cros/cros_library.h"
12 #include "chrome/browser/chromeos/cros/mock_library_loader.h"
13 #include "chrome/browser/chromeos/cros/mock_login_library.h"
14 #include "chrome/browser/chromeos/cros_settings_names.h"
15 #include "chrome/browser/chromeos/login/mock_owner_key_utils.h"
16 #include "chrome/browser/chromeos/login/mock_ownership_service.h"
17 #include "chrome/browser/chromeos/login/owner_manager_unittest.h"
18 #include "chrome/browser/policy/proto/chrome_device_policy.pb.h"
19 #include "chrome/browser/policy/proto/device_management_backend.pb.h"
20 #include "chrome/test/thread_test_helper.h"
21 #include "content/browser/browser_thread.h"
22 #include "crypto/rsa_private_key.h"
23 #include "testing/gmock/include/gmock/gmock.h"
24 #include "testing/gtest/include/gtest/gtest.h"
25
26 using ::testing::A;
27 using ::testing::AnyNumber;
28 using ::testing::InvokeArgument;
29 using ::testing::Return;
30 using ::testing::ReturnRef;
31 using ::testing::SaveArg;
32 using ::testing::StrEq;
33 using ::testing::WithArg;
34 using ::testing::_;
35 using google::protobuf::RepeatedPtrField;
36
37 namespace em = enterprise_management;
38 namespace chromeos {
39
40 namespace {
41 template <class T>
42 class DummyDelegate : public SignedSettings::Delegate<T> {
43 public:
DummyDelegate(T to_expect)44 explicit DummyDelegate(T to_expect)
45 : expect_success_(false),
46 expected_failure_(SignedSettings::SUCCESS),
47 expected_(to_expect),
48 run_(false) {}
~DummyDelegate()49 virtual ~DummyDelegate() { EXPECT_TRUE(run_); }
OnSettingsOpCompleted(SignedSettings::ReturnCode code,T value)50 virtual void OnSettingsOpCompleted(SignedSettings::ReturnCode code,
51 T value) {
52 run_ = true;
53 if (expect_success_)
54 compare_expected(value);
55 EXPECT_EQ(expected_failure_, code);
56 }
expect_success()57 virtual void expect_success() {
58 expect_success_ = true;
59 expected_failure_ = SignedSettings::SUCCESS;
60 }
expect_failure(SignedSettings::ReturnCode code)61 virtual void expect_failure(SignedSettings::ReturnCode code) {
62 expect_success_ = false;
63 expected_failure_ = code;
64 }
65
66 protected:
67 bool expect_success_;
68 SignedSettings::ReturnCode expected_failure_;
69 T expected_;
70 bool run_;
71 virtual void compare_expected(T to_compare) = 0;
72 };
73
74 template <class T>
75 class NormalDelegate : public DummyDelegate<T> {
76 public:
NormalDelegate(T to_expect)77 explicit NormalDelegate(T to_expect) : DummyDelegate<T>(to_expect) {}
~NormalDelegate()78 virtual ~NormalDelegate() {}
79 protected:
compare_expected(T to_compare)80 virtual void compare_expected(T to_compare) {
81 EXPECT_EQ(this->expected_, to_compare); // without this-> this won't build.
82 }
83 };
84
85 class ProtoDelegate : public DummyDelegate<const em::PolicyFetchResponse&> {
86 public:
ProtoDelegate(const em::PolicyFetchResponse & e)87 explicit ProtoDelegate(const em::PolicyFetchResponse& e)
88 : DummyDelegate<const em::PolicyFetchResponse&>(e) {
89 }
~ProtoDelegate()90 virtual ~ProtoDelegate() {}
91 protected:
compare_expected(const em::PolicyFetchResponse & to_compare)92 virtual void compare_expected(const em::PolicyFetchResponse& to_compare) {
93 std::string ex_string, comp_string;
94 EXPECT_TRUE(expected_.SerializeToString(&ex_string));
95 EXPECT_TRUE(to_compare.SerializeToString(&comp_string));
96 EXPECT_EQ(ex_string, comp_string);
97 }
98 };
99
100 } // anonymous namespace
101
102 class SignedSettingsTest : public ::testing::Test {
103 public:
SignedSettingsTest()104 SignedSettingsTest()
105 : fake_email_("fakey@example.com"),
106 fake_domain_("*@example.com"),
107 fake_prop_(kAccountsPrefAllowGuest),
108 fake_value_("false"),
109 message_loop_(MessageLoop::TYPE_UI),
110 ui_thread_(BrowserThread::UI, &message_loop_),
111 file_thread_(BrowserThread::FILE),
112 mock_(new MockKeyUtils),
113 injector_(mock_) /* injector_ takes ownership of mock_ */ {
114 }
115
~SignedSettingsTest()116 virtual ~SignedSettingsTest() {}
117
SetUp()118 virtual void SetUp() {
119 file_thread_.Start();
120 }
121
TearDown()122 virtual void TearDown() {
123 OwnerKeyUtils::set_factory(NULL);
124 }
125
mock_service(SignedSettings * s,MockOwnershipService * m)126 void mock_service(SignedSettings* s, MockOwnershipService* m) {
127 s->set_service(m);
128 }
129
BuildPolicyData(std::vector<std::string> whitelist)130 em::PolicyData BuildPolicyData(std::vector<std::string> whitelist) {
131 em::PolicyData to_return;
132 em::ChromeDeviceSettingsProto pol;
133 em::GuestModeEnabledProto* allow = pol.mutable_guest_mode_enabled();
134 allow->set_guest_mode_enabled(false);
135 pol.mutable_device_proxy_settings()->set_proxy_mode("direct");
136
137 if (!whitelist.empty()) {
138 em::UserWhitelistProto* whitelist_proto = pol.mutable_user_whitelist();
139 for (std::vector<std::string>::const_iterator it = whitelist.begin();
140 it != whitelist.end();
141 ++it) {
142 whitelist_proto->add_user_whitelist(*it);
143 }
144 }
145
146 to_return.set_policy_type(SignedSettings::kDevicePolicyType);
147 to_return.set_policy_value(pol.SerializeAsString());
148 return to_return;
149 }
150
SetAllowNewUsers(bool desired,em::PolicyData * poldata)151 void SetAllowNewUsers(bool desired, em::PolicyData* poldata) {
152 em::ChromeDeviceSettingsProto pol;
153 pol.ParseFromString(poldata->policy_value());
154 em::AllowNewUsersProto* allow = pol.mutable_allow_new_users();
155 allow->set_allow_new_users(desired);
156 poldata->set_policy_value(pol.SerializeAsString());
157 }
158
CheckWhitelist(const std::string & email,const em::PolicyData & poldata)159 bool CheckWhitelist(const std::string& email, const em::PolicyData& poldata) {
160 if (!poldata.has_policy_value())
161 return false;
162 em::ChromeDeviceSettingsProto pol;
163 pol.ParseFromString(poldata.policy_value());
164 if (!pol.has_user_whitelist())
165 return false;
166
167 const RepeatedPtrField<std::string>& whitelist =
168 pol.user_whitelist().user_whitelist();
169 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin();
170 it != whitelist.end();
171 ++it) {
172 if (email == *it)
173 return true;
174 }
175 return false;
176 }
177
ExpectWhitelistOp(SignedSettings * s,em::PolicyData * fake_pol,em::PolicyData * out_pol)178 void ExpectWhitelistOp(SignedSettings* s,
179 em::PolicyData* fake_pol,
180 em::PolicyData* out_pol) {
181 mock_service(s, &m_);
182 EXPECT_CALL(m_, StartSigningAttempt(_, _))
183 .Times(1);
184 EXPECT_CALL(m_, has_cached_policy())
185 .WillOnce(Return(true));
186 EXPECT_CALL(m_, cached_policy())
187 .WillOnce(ReturnRef(*fake_pol));
188 EXPECT_CALL(m_, set_cached_policy(A<const em::PolicyData&>()))
189 .WillOnce(SaveArg<0>(out_pol));
190 }
191
FailingStorePropertyOp(const OwnerManager::KeyOpCode return_code)192 void FailingStorePropertyOp(const OwnerManager::KeyOpCode return_code) {
193 NormalDelegate<bool> d(false);
194 scoped_refptr<SignedSettings> s(
195 SignedSettings::CreateStorePropertyOp(fake_prop_, fake_value_, &d));
196 d.expect_failure(SignedSettings::MapKeyOpCode(return_code));
197
198 mock_service(s.get(), &m_);
199 EXPECT_CALL(m_, StartSigningAttempt(_, _))
200 .Times(1);
201 EXPECT_CALL(m_, GetStatus(_))
202 .WillOnce(Return(OwnershipService::OWNERSHIP_TAKEN));
203 EXPECT_CALL(m_, has_cached_policy())
204 .WillOnce(Return(true));
205 em::PolicyData fake_pol;
206 EXPECT_CALL(m_, cached_policy())
207 .WillOnce(ReturnRef(fake_pol));
208
209 s->Execute();
210 s->OnKeyOpComplete(return_code, std::vector<uint8>());
211 message_loop_.RunAllPending();
212 }
213
FailingStorePolicyOp(const OwnerManager::KeyOpCode return_code)214 void FailingStorePolicyOp(const OwnerManager::KeyOpCode return_code) {
215 NormalDelegate<bool> d(false);
216 d.expect_failure(SignedSettings::MapKeyOpCode(return_code));
217
218 em::PolicyFetchResponse fake_policy;
219 fake_policy.set_policy_data(fake_prop_);
220 std::string serialized;
221 ASSERT_TRUE(fake_policy.SerializeToString(&serialized));
222
223 scoped_refptr<SignedSettings> s(
224 SignedSettings::CreateStorePolicyOp(&fake_policy, &d));
225
226 mock_service(s.get(), &m_);
227 EXPECT_CALL(m_, StartSigningAttempt(StrEq(fake_prop_), _))
228 .Times(1);
229
230 s->Execute();
231 s->OnKeyOpComplete(return_code, std::vector<uint8>());
232 message_loop_.RunAllPending();
233 }
234
MockLoginLib()235 MockLoginLibrary* MockLoginLib() {
236 chromeos::CrosLibrary::TestApi* test_api =
237 chromeos::CrosLibrary::Get()->GetTestApi();
238
239 // Mocks, ownership transferred to CrosLibrary class on creation.
240 MockLoginLibrary* mock_library;
241 MockLibraryLoader* loader;
242
243 loader = new MockLibraryLoader();
244 ON_CALL(*loader, Load(_))
245 .WillByDefault(Return(true));
246 EXPECT_CALL(*loader, Load(_))
247 .Times(AnyNumber());
248
249 test_api->SetLibraryLoader(loader, true);
250
251 mock_library = new MockLoginLibrary();
252 test_api->SetLoginLibrary(mock_library, true);
253 return mock_library;
254 }
255
UnMockLoginLib()256 void UnMockLoginLib() {
257 // Prevent bogus gMock leak check from firing.
258 chromeos::CrosLibrary::TestApi* test_api =
259 chromeos::CrosLibrary::Get()->GetTestApi();
260 test_api->SetLibraryLoader(NULL, false);
261 test_api->SetLoginLibrary(NULL, false);
262 }
263
BuildProto(const std::string & data,const std::string & sig,std::string * out_serialized)264 em::PolicyFetchResponse BuildProto(const std::string& data,
265 const std::string& sig,
266 std::string* out_serialized) {
267 em::PolicyFetchResponse fake_policy;
268 if (!data.empty())
269 fake_policy.set_policy_data(data);
270 if (!sig.empty())
271 fake_policy.set_policy_data_signature(sig);
272 EXPECT_TRUE(fake_policy.SerializeToString(out_serialized));
273 return fake_policy;
274 }
275
DoRetrieveProperty(const std::string & name,const std::string & value,em::PolicyData * fake_pol)276 void DoRetrieveProperty(const std::string& name,
277 const std::string& value,
278 em::PolicyData* fake_pol) {
279 NormalDelegate<std::string> d(value);
280 d.expect_success();
281 scoped_refptr<SignedSettings> s(
282 SignedSettings::CreateRetrievePropertyOp(name, &d));
283 mock_service(s.get(), &m_);
284 EXPECT_CALL(m_, GetStatus(_))
285 .WillOnce(Return(OwnershipService::OWNERSHIP_TAKEN));
286 EXPECT_CALL(m_, has_cached_policy())
287 .WillOnce(Return(true));
288
289 EXPECT_CALL(m_, cached_policy())
290 .WillOnce(ReturnRef(*fake_pol));
291
292 s->Execute();
293 message_loop_.RunAllPending();
294 }
295
296 const std::string fake_email_;
297 const std::string fake_domain_;
298 const std::string fake_prop_;
299 const std::string fake_value_;
300 MockOwnershipService m_;
301
302 ScopedTempDir tmpdir_;
303 FilePath tmpfile_;
304
305 MessageLoop message_loop_;
306 BrowserThread ui_thread_;
307 BrowserThread file_thread_;
308
309 std::vector<uint8> fake_public_key_;
310 scoped_ptr<crypto::RSAPrivateKey> fake_private_key_;
311
312 MockKeyUtils* mock_;
313 MockInjector injector_;
314
315 ScopedStubCrosEnabler stub_cros_enabler_;
316 };
317
TEST_F(SignedSettingsTest,CheckWhitelist)318 TEST_F(SignedSettingsTest, CheckWhitelist) {
319 NormalDelegate<bool> d(true);
320 d.expect_success();
321 scoped_refptr<SignedSettings> s(
322 SignedSettings::CreateCheckWhitelistOp(fake_email_, &d));
323
324 mock_service(s.get(), &m_);
325 EXPECT_CALL(m_, has_cached_policy())
326 .WillOnce(Return(true));
327
328 std::vector<std::string> whitelist(1, fake_email_);
329 whitelist.push_back(fake_email_ + "m");
330 em::PolicyData fake_pol = BuildPolicyData(whitelist);
331 EXPECT_CALL(m_, cached_policy())
332 .WillOnce(ReturnRef(fake_pol));
333
334 s->Execute();
335 message_loop_.RunAllPending();
336 }
337
TEST_F(SignedSettingsTest,CheckWhitelistWildcards)338 TEST_F(SignedSettingsTest, CheckWhitelistWildcards) {
339 NormalDelegate<bool> d(true);
340 d.expect_success();
341 scoped_refptr<SignedSettings> s(
342 SignedSettings::CreateCheckWhitelistOp(fake_email_, &d));
343
344 mock_service(s.get(), &m_);
345 EXPECT_CALL(m_, has_cached_policy())
346 .WillOnce(Return(true));
347
348 std::vector<std::string> whitelist(1, fake_domain_);
349 whitelist.push_back(fake_email_ + "m");
350 em::PolicyData fake_pol = BuildPolicyData(whitelist);
351 EXPECT_CALL(m_, cached_policy())
352 .WillOnce(ReturnRef(fake_pol))
353 .WillOnce(ReturnRef(fake_pol));
354
355 s->Execute();
356 message_loop_.RunAllPending();
357 }
358
TEST_F(SignedSettingsTest,CheckWhitelistNotFound)359 TEST_F(SignedSettingsTest, CheckWhitelistNotFound) {
360 NormalDelegate<bool> d(true);
361 scoped_refptr<SignedSettings> s(
362 SignedSettings::CreateCheckWhitelistOp(fake_email_, &d));
363 d.expect_failure(SignedSettings::NOT_FOUND);
364
365 mock_service(s.get(), &m_);
366 EXPECT_CALL(m_, has_cached_policy())
367 .WillOnce(Return(true));
368
369 std::vector<std::string> whitelist(1, fake_email_ + "m");
370 em::PolicyData fake_pol = BuildPolicyData(whitelist);
371 EXPECT_CALL(m_, cached_policy())
372 .WillOnce(ReturnRef(fake_pol))
373 .WillOnce(ReturnRef(fake_pol));
374
375 s->Execute();
376 message_loop_.RunAllPending();
377 }
378
TEST_F(SignedSettingsTest,Whitelist)379 TEST_F(SignedSettingsTest, Whitelist) {
380 NormalDelegate<bool> d(true);
381 d.expect_success();
382 scoped_refptr<SignedSettings> s(
383 SignedSettings::CreateWhitelistOp(fake_email_, true, &d));
384 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>());
385 em::PolicyData out_pol;
386 ExpectWhitelistOp(s.get(), &in_pol, &out_pol);
387
388 s->Execute();
389 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>());
390 message_loop_.RunAllPending();
391
392 ASSERT_TRUE(CheckWhitelist(fake_email_, out_pol));
393 }
394
TEST_F(SignedSettingsTest,AddToExistingWhitelist)395 TEST_F(SignedSettingsTest, AddToExistingWhitelist) {
396 NormalDelegate<bool> d(true);
397 d.expect_success();
398 scoped_refptr<SignedSettings> s(
399 SignedSettings::CreateWhitelistOp(fake_email_, true, &d));
400 em::PolicyData in_pol =
401 BuildPolicyData(std::vector<std::string>(1, fake_domain_));
402 em::PolicyData out_pol;
403 ExpectWhitelistOp(s.get(), &in_pol, &out_pol);
404
405 s->Execute();
406 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>());
407 message_loop_.RunAllPending();
408
409 ASSERT_TRUE(CheckWhitelist(fake_email_, out_pol));
410 }
411
TEST_F(SignedSettingsTest,Unwhitelist)412 TEST_F(SignedSettingsTest, Unwhitelist) {
413 NormalDelegate<bool> d(true);
414 d.expect_success();
415 scoped_refptr<SignedSettings> s(
416 SignedSettings::CreateWhitelistOp(fake_email_, false, &d));
417 em::PolicyData in_pol =
418 BuildPolicyData(std::vector<std::string>(1, fake_email_));
419 em::PolicyData out_pol;
420 ExpectWhitelistOp(s.get(), &in_pol, &out_pol);
421
422 s->Execute();
423 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>());
424 message_loop_.RunAllPending();
425
426 ASSERT_FALSE(CheckWhitelist(fake_email_, out_pol));
427 }
428
TEST_F(SignedSettingsTest,RemoveFromExistingWhitelist)429 TEST_F(SignedSettingsTest, RemoveFromExistingWhitelist) {
430 NormalDelegate<bool> d(true);
431 d.expect_success();
432 scoped_refptr<SignedSettings> s(
433 SignedSettings::CreateWhitelistOp(fake_email_, false, &d));
434 std::vector<std::string> whitelist(1, fake_domain_);
435 whitelist.push_back(fake_email_);
436 whitelist.push_back(fake_email_ + "m");
437 em::PolicyData in_pol = BuildPolicyData(whitelist);
438 em::PolicyData out_pol;
439 ExpectWhitelistOp(s.get(), &in_pol, &out_pol);
440
441 s->Execute();
442 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>());
443 message_loop_.RunAllPending();
444
445 ASSERT_FALSE(CheckWhitelist(fake_email_, out_pol));
446 }
447
TEST_F(SignedSettingsTest,StoreProperty)448 TEST_F(SignedSettingsTest, StoreProperty) {
449 NormalDelegate<bool> d(true);
450 d.expect_success();
451 scoped_refptr<SignedSettings> s(
452 SignedSettings::CreateStorePropertyOp(fake_prop_, fake_value_, &d));
453
454 mock_service(s.get(), &m_);
455 EXPECT_CALL(m_, StartSigningAttempt(_, _))
456 .Times(1);
457 EXPECT_CALL(m_, GetStatus(_))
458 .WillOnce(Return(OwnershipService::OWNERSHIP_TAKEN));
459 EXPECT_CALL(m_, has_cached_policy())
460 .WillOnce(Return(true));
461 em::PolicyData in_pol =
462 BuildPolicyData(std::vector<std::string>(1, fake_email_));
463 EXPECT_CALL(m_, cached_policy())
464 .WillOnce(ReturnRef(in_pol));
465 em::PolicyData out_pol;
466 EXPECT_CALL(m_, set_cached_policy(A<const em::PolicyData&>()))
467 .WillOnce(SaveArg<0>(&out_pol));
468
469 s->Execute();
470 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>());
471 message_loop_.RunAllPending();
472
473 ASSERT_TRUE(out_pol.has_policy_value());
474 em::ChromeDeviceSettingsProto pol;
475 pol.ParseFromString(out_pol.policy_value());
476 ASSERT_TRUE(pol.has_guest_mode_enabled());
477 ASSERT_TRUE(pol.guest_mode_enabled().has_guest_mode_enabled());
478 ASSERT_FALSE(pol.guest_mode_enabled().guest_mode_enabled());
479 }
480
TEST_F(SignedSettingsTest,StorePropertyNoKey)481 TEST_F(SignedSettingsTest, StorePropertyNoKey) {
482 FailingStorePropertyOp(OwnerManager::KEY_UNAVAILABLE);
483 }
484
TEST_F(SignedSettingsTest,StorePropertyFailed)485 TEST_F(SignedSettingsTest, StorePropertyFailed) {
486 FailingStorePropertyOp(OwnerManager::OPERATION_FAILED);
487 }
488
TEST_F(SignedSettingsTest,RetrieveProperty)489 TEST_F(SignedSettingsTest, RetrieveProperty) {
490 em::PolicyData fake_pol = BuildPolicyData(std::vector<std::string>());
491 DoRetrieveProperty(fake_prop_, fake_value_, &fake_pol);
492 }
493
TEST_F(SignedSettingsTest,RetrieveOwnerProperty)494 TEST_F(SignedSettingsTest, RetrieveOwnerProperty) {
495 em::PolicyData fake_pol = BuildPolicyData(std::vector<std::string>());
496 fake_pol.set_username(fake_email_);
497 DoRetrieveProperty(kDeviceOwner, fake_email_, &fake_pol);
498 }
499
TEST_F(SignedSettingsTest,ExplicitlyAllowNewUsers)500 TEST_F(SignedSettingsTest, ExplicitlyAllowNewUsers) {
501 em::PolicyData fake_pol = BuildPolicyData(std::vector<std::string>());
502 SetAllowNewUsers(true, &fake_pol);
503 DoRetrieveProperty(kAccountsPrefAllowNewUser, "true", &fake_pol);
504 }
505
TEST_F(SignedSettingsTest,ExplicitlyDisallowNewUsers)506 TEST_F(SignedSettingsTest, ExplicitlyDisallowNewUsers) {
507 std::vector<std::string> whitelist(1, fake_email_ + "m");
508 em::PolicyData fake_pol = BuildPolicyData(whitelist);
509 SetAllowNewUsers(false, &fake_pol);
510 DoRetrieveProperty(kAccountsPrefAllowNewUser, "false", &fake_pol);
511 }
512
TEST_F(SignedSettingsTest,ImplicitlyDisallowNewUsers)513 TEST_F(SignedSettingsTest, ImplicitlyDisallowNewUsers) {
514 std::vector<std::string> whitelist(1, fake_email_ + "m");
515 em::PolicyData fake_pol = BuildPolicyData(whitelist);
516 DoRetrieveProperty(kAccountsPrefAllowNewUser, "false", &fake_pol);
517 }
518
TEST_F(SignedSettingsTest,AccidentallyDisallowNewUsers)519 TEST_F(SignedSettingsTest, AccidentallyDisallowNewUsers) {
520 em::PolicyData fake_pol = BuildPolicyData(std::vector<std::string>());
521 SetAllowNewUsers(false, &fake_pol);
522 DoRetrieveProperty(kAccountsPrefAllowNewUser, "true", &fake_pol);
523 }
524
TEST_F(SignedSettingsTest,RetrievePropertyNotFound)525 TEST_F(SignedSettingsTest, RetrievePropertyNotFound) {
526 NormalDelegate<std::string> d(fake_value_);
527 d.expect_failure(SignedSettings::NOT_FOUND);
528 scoped_refptr<SignedSettings> s(
529 SignedSettings::CreateRetrievePropertyOp("unknown_prop", &d));
530 mock_service(s.get(), &m_);
531 EXPECT_CALL(m_, GetStatus(_))
532 .WillOnce(Return(OwnershipService::OWNERSHIP_TAKEN));
533 EXPECT_CALL(m_, has_cached_policy())
534 .WillOnce(Return(true));
535
536 em::PolicyData fake_pol = BuildPolicyData(std::vector<std::string>());
537 EXPECT_CALL(m_, cached_policy())
538 .WillOnce(ReturnRef(fake_pol));
539
540 s->Execute();
541 message_loop_.RunAllPending();
542 }
543
ACTION_P(Retrieve,s)544 ACTION_P(Retrieve, s) { (*arg0)((void*)arg1, s.c_str(), s.length()); }
ACTION_P(FinishKeyOp,s)545 ACTION_P(FinishKeyOp, s) { arg2->OnKeyOpComplete(OwnerManager::SUCCESS, s); }
546
TEST_F(SignedSettingsTest,RetrievePolicyToRetrieveProperty)547 TEST_F(SignedSettingsTest, RetrievePolicyToRetrieveProperty) {
548 NormalDelegate<std::string> d(fake_value_);
549 d.expect_success();
550 scoped_refptr<SignedSettings> s(
551 SignedSettings::CreateRetrievePropertyOp(fake_prop_, &d));
552
553 em::PolicyData fake_pol = BuildPolicyData(std::vector<std::string>());
554 std::string data = fake_pol.SerializeAsString();
555 std::string signed_serialized;
556 em::PolicyFetchResponse signed_policy = BuildProto(data,
557 fake_value_,
558 &signed_serialized);
559 MockLoginLibrary* lib = MockLoginLib();
560 EXPECT_CALL(*lib, RequestRetrievePolicy(_, _))
561 .WillOnce(Retrieve(signed_serialized))
562 .RetiresOnSaturation();
563
564 mock_service(s.get(), &m_);
565
566 EXPECT_CALL(m_, GetStatus(_))
567 .WillOnce(Return(OwnershipService::OWNERSHIP_TAKEN))
568 .WillOnce(Return(OwnershipService::OWNERSHIP_TAKEN));
569 EXPECT_CALL(m_, has_cached_policy())
570 .WillOnce(Return(false))
571 .WillOnce(Return(true));
572 em::PolicyData out_pol;
573 EXPECT_CALL(m_, set_cached_policy(A<const em::PolicyData&>()))
574 .WillOnce(SaveArg<0>(&out_pol));
575 EXPECT_CALL(m_, cached_policy())
576 .WillOnce(ReturnRef(out_pol));
577
578 std::vector<uint8> fake_sig(fake_value_.c_str(),
579 fake_value_.c_str() + fake_value_.length());
580 EXPECT_CALL(m_, StartVerifyAttempt(data, fake_sig, _))
581 .WillOnce(FinishKeyOp(fake_sig))
582 .RetiresOnSaturation();
583
584 s->Execute();
585 message_loop_.RunAllPending();
586 UnMockLoginLib();
587 }
588
TEST_F(SignedSettingsTest,SignAndStorePolicy)589 TEST_F(SignedSettingsTest, SignAndStorePolicy) {
590 NormalDelegate<bool> d(true);
591 d.expect_success();
592
593 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>());
594 std::string data_serialized = in_pol.SerializeAsString();
595 std::string serialized;
596 em::PolicyFetchResponse fake_policy = BuildProto(data_serialized,
597 std::string(),
598 &serialized);
599 scoped_refptr<SignedSettings> s(
600 SignedSettings::CreateStorePolicyOp(&fake_policy, &d));
601
602 mock_service(s.get(), &m_);
603 EXPECT_CALL(m_, StartSigningAttempt(StrEq(data_serialized), _))
604 .Times(1);
605 em::PolicyData out_pol;
606 EXPECT_CALL(m_, set_cached_policy(A<const em::PolicyData&>()))
607 .WillOnce(SaveArg<0>(&out_pol));
608
609 // Ask for signature over unsigned policy.
610 s->Execute();
611 message_loop_.RunAllPending();
612
613 // Fake out a successful signing.
614 std::string signed_serialized;
615 em::PolicyFetchResponse signed_policy = BuildProto(data_serialized,
616 fake_value_,
617 &signed_serialized);
618 std::vector<uint8> fake_sig(fake_value_.c_str(),
619 fake_value_.c_str() + fake_value_.length());
620
621 MockLoginLibrary* lib = MockLoginLib();
622 EXPECT_CALL(*lib, RequestStorePolicy(StrEq(signed_serialized), _, s.get()))
623 .WillOnce(InvokeArgument<1>(static_cast<void*>(s.get()), true))
624 .RetiresOnSaturation();
625 s->OnKeyOpComplete(OwnerManager::SUCCESS, fake_sig);
626 message_loop_.RunAllPending();
627 UnMockLoginLib();
628 }
629
TEST_F(SignedSettingsTest,StoreSignedPolicy)630 TEST_F(SignedSettingsTest, StoreSignedPolicy) {
631 NormalDelegate<bool> d(true);
632 d.expect_success();
633
634 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>());
635 std::string serialized = in_pol.SerializeAsString();
636 std::string signed_serialized;
637 em::PolicyFetchResponse signed_policy = BuildProto(serialized,
638 fake_value_,
639 &signed_serialized);
640 scoped_refptr<SignedSettings> s(
641 SignedSettings::CreateStorePolicyOp(&signed_policy, &d));
642 MockLoginLibrary* lib = MockLoginLib();
643 EXPECT_CALL(*lib, RequestStorePolicy(StrEq(signed_serialized), _, s.get()))
644 .WillOnce(InvokeArgument<1>(static_cast<void*>(s.get()), true))
645 .RetiresOnSaturation();
646
647 mock_service(s.get(), &m_);
648 em::PolicyData out_pol;
649 EXPECT_CALL(m_, set_cached_policy(A<const em::PolicyData&>()))
650 .WillOnce(SaveArg<0>(&out_pol));
651
652 s->Execute();
653 message_loop_.RunAllPending();
654 UnMockLoginLib();
655 }
656
TEST_F(SignedSettingsTest,StorePolicyNoKey)657 TEST_F(SignedSettingsTest, StorePolicyNoKey) {
658 FailingStorePolicyOp(OwnerManager::KEY_UNAVAILABLE);
659 }
660
TEST_F(SignedSettingsTest,StorePolicyFailed)661 TEST_F(SignedSettingsTest, StorePolicyFailed) {
662 FailingStorePolicyOp(OwnerManager::OPERATION_FAILED);
663 }
664
TEST_F(SignedSettingsTest,StorePolicyNoPolicyData)665 TEST_F(SignedSettingsTest, StorePolicyNoPolicyData) {
666 NormalDelegate<bool> d(false);
667 d.expect_failure(SignedSettings::OPERATION_FAILED);
668
669 std::string serialized;
670 em::PolicyFetchResponse fake_policy = BuildProto(std::string(),
671 std::string(),
672 &serialized);
673 scoped_refptr<SignedSettings> s(
674 SignedSettings::CreateStorePolicyOp(&fake_policy, &d));
675
676 s->Execute();
677 message_loop_.RunAllPending();
678 }
679
TEST_F(SignedSettingsTest,RetrievePolicy)680 TEST_F(SignedSettingsTest, RetrievePolicy) {
681 em::PolicyData in_pol = BuildPolicyData(std::vector<std::string>());
682 std::string serialized = in_pol.SerializeAsString();
683 std::string signed_serialized;
684 em::PolicyFetchResponse signed_policy = BuildProto(serialized,
685 fake_value_,
686 &signed_serialized);
687 ProtoDelegate d(signed_policy);
688 d.expect_success();
689 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d));
690
691 MockLoginLibrary* lib = MockLoginLib();
692 EXPECT_CALL(*lib, RequestRetrievePolicy(_, s.get()))
693 .WillOnce(InvokeArgument<0>(static_cast<void*>(s.get()),
694 signed_serialized.c_str(),
695 signed_serialized.length()))
696 .RetiresOnSaturation();
697
698 mock_service(s.get(), &m_);
699 std::vector<uint8> fake_sig(fake_value_.c_str(),
700 fake_value_.c_str() + fake_value_.length());
701 EXPECT_CALL(m_, StartVerifyAttempt(serialized, fake_sig, _))
702 .Times(1);
703 em::PolicyData out_pol;
704 EXPECT_CALL(m_, set_cached_policy(A<const em::PolicyData&>()))
705 .WillOnce(SaveArg<0>(&out_pol));
706
707 s->Execute();
708 message_loop_.RunAllPending();
709 UnMockLoginLib();
710
711 s->OnKeyOpComplete(OwnerManager::SUCCESS, std::vector<uint8>());
712 message_loop_.RunAllPending();
713 }
714
TEST_F(SignedSettingsTest,RetrieveNullPolicy)715 TEST_F(SignedSettingsTest, RetrieveNullPolicy) {
716 em::PolicyFetchResponse policy;
717 ProtoDelegate d(policy);
718 d.expect_failure(SignedSettings::NOT_FOUND);
719 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d));
720
721 MockLoginLibrary* lib = MockLoginLib();
722 EXPECT_CALL(*lib, RequestRetrievePolicy(_, s.get()))
723 .WillOnce(InvokeArgument<0>(static_cast<void*>(s.get()),
724 static_cast<const char*>(NULL),
725 0))
726 .RetiresOnSaturation();
727
728 s->Execute();
729 message_loop_.RunAllPending();
730 UnMockLoginLib();
731 }
732
TEST_F(SignedSettingsTest,RetrieveEmptyPolicy)733 TEST_F(SignedSettingsTest, RetrieveEmptyPolicy) {
734 std::string serialized;
735 em::PolicyFetchResponse policy = BuildProto("", "", &serialized);
736 ProtoDelegate d(policy);
737 d.expect_failure(SignedSettings::NOT_FOUND);
738 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d));
739
740 MockLoginLibrary* lib = MockLoginLib();
741 EXPECT_CALL(*lib, RequestRetrievePolicy(_, s.get()))
742 .WillOnce(InvokeArgument<0>(static_cast<void*>(s.get()), "", 0))
743 .RetiresOnSaturation();
744
745 s->Execute();
746 message_loop_.RunAllPending();
747 UnMockLoginLib();
748 }
749
TEST_F(SignedSettingsTest,RetrieveUnsignedPolicy)750 TEST_F(SignedSettingsTest, RetrieveUnsignedPolicy) {
751 std::string serialized;
752 em::PolicyFetchResponse policy = BuildProto(fake_prop_,
753 std::string(),
754 &serialized);
755 ProtoDelegate d(policy);
756 d.expect_failure(SignedSettings::BAD_SIGNATURE);
757 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d));
758
759 MockLoginLibrary* lib = MockLoginLib();
760 EXPECT_CALL(*lib, RequestRetrievePolicy(_, s.get()))
761 .WillOnce(InvokeArgument<0>(static_cast<void*>(s.get()),
762 serialized.c_str(),
763 serialized.length()))
764 .RetiresOnSaturation();
765
766 s->Execute();
767 message_loop_.RunAllPending();
768 UnMockLoginLib();
769 }
770
TEST_F(SignedSettingsTest,RetrieveMalsignedPolicy)771 TEST_F(SignedSettingsTest, RetrieveMalsignedPolicy) {
772 std::string signed_serialized;
773 em::PolicyFetchResponse signed_policy = BuildProto(fake_prop_,
774 fake_value_,
775 &signed_serialized);
776 ProtoDelegate d(signed_policy);
777 d.expect_failure(SignedSettings::BAD_SIGNATURE);
778 scoped_refptr<SignedSettings> s(SignedSettings::CreateRetrievePolicyOp(&d));
779
780 MockLoginLibrary* lib = MockLoginLib();
781 EXPECT_CALL(*lib, RequestRetrievePolicy(_, s.get()))
782 .WillOnce(InvokeArgument<0>(static_cast<void*>(s.get()),
783 signed_serialized.c_str(),
784 signed_serialized.length()))
785 .RetiresOnSaturation();
786
787 mock_service(s.get(), &m_);
788 std::vector<uint8> fake_sig(fake_value_.c_str(),
789 fake_value_.c_str() + fake_value_.length());
790 EXPECT_CALL(m_, StartVerifyAttempt(fake_prop_, fake_sig, _))
791 .Times(1);
792
793 s->Execute();
794 message_loop_.RunAllPending();
795 UnMockLoginLib();
796
797 s->OnKeyOpComplete(OwnerManager::OPERATION_FAILED, std::vector<uint8>());
798 message_loop_.RunAllPending();
799 }
800
801 } // namespace chromeos
802