Add CloudPolicyService

CloudPolicyService glues together a cloud policy client and a CloudPolicyStore, taking care of pushing policy to the store when new policy from the cloud arrived. It also handles coordination for policy refresh operations.

BUG=chromium:108928
TEST=Unit tests.


Review URL: https://chromiumcodereview.appspot.com/10092010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139014 0039d316-1c4b-4281-b951-d872f2087c98

11 files changed, 715 insertions, 0 deletions

diff --git a/chrome/browser/policy/cloud_policy_service.cc b/chrome/browser/policy/cloud_policy_service.cc
new file mode 100644
index 0000000..d97ff25
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_service.cc
@@ -0,0 +1,131 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/cloud_policy_service.h"
+
+#include "base/callback.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
+
+namespace em = enterprise_management;
+
+namespace policy {
+
+CloudPolicyService::CloudPolicyService(scoped_ptr<CloudPolicyClient> client,
+                                       scoped_ptr<CloudPolicyStore> store)
+    : client_(client.Pass()),
+      store_(store.Pass()),
+      refresh_state_(REFRESH_NONE) {
+  client_->AddObserver(this);
+  store_->AddObserver(this);
+}
+
+CloudPolicyService::~CloudPolicyService() {
+  client_->RemoveObserver(this);
+  store_->RemoveObserver(this);
+}
+
+std::string CloudPolicyService::ManagedBy() const {
+  const em::PolicyData* policy = store_->policy();
+  if (policy) {
+    std::string username = policy->username();
+    std::size_t pos = username.find('@');
+    if (pos != std::string::npos)
+      return username.substr(pos + 1);
+  }
+  return std::string();
+}
+
+void CloudPolicyService::RefreshPolicy(const base::Closure& callback) {
+  // If the client is not registered, bail out.
+  if (!client_->is_registered()) {
+    callback.Run();
+    return;
+  }
+
+  // Else, trigger a refresh.
+  refresh_callbacks_.push_back(callback);
+  refresh_state_ = REFRESH_POLICY_FETCH;
+  client_->FetchPolicy();
+}
+
+void CloudPolicyService::OnPolicyFetched(CloudPolicyClient* client) {
+  if (client_->status() != DM_STATUS_SUCCESS) {
+    RefreshCompleted();
+    return;
+  }
+
+  const em::PolicyFetchResponse* policy = client_->policy();
+  if (policy) {
+    if (refresh_state_ != REFRESH_NONE)
+      refresh_state_ = REFRESH_POLICY_STORE;
+    store_->Store(*policy);
+  } else {
+    RefreshCompleted();
+  }
+}
+
+void CloudPolicyService::OnRegistrationStateChanged(CloudPolicyClient* client) {
+}
+
+void CloudPolicyService::OnClientError(CloudPolicyClient* client) {
+  if (refresh_state_ == REFRESH_POLICY_FETCH)
+    RefreshCompleted();
+}
+
+void CloudPolicyService::OnStoreLoaded(CloudPolicyStore* store) {
+  // Update the client with state from the store.
+  const em::PolicyData* policy(store_->policy());
+
+  // Timestamp.
+  base::Time policy_timestamp;
+  if (policy && policy->has_timestamp()) {
+    policy_timestamp =
+        base::Time::UnixEpoch() +
+        base::TimeDelta::FromMilliseconds(policy->timestamp());
+  }
+  client_->set_last_policy_timestamp(policy_timestamp);
+
+  // Public key version.
+  if (policy && policy->has_public_key_version())
+    client_->set_public_key_version(policy->public_key_version());
+  else
+    client_->clear_public_key_version();
+
+  // Whether to submit the machine ID.
+  bool submit_machine_id = false;
+  if (policy && policy->has_valid_serial_number_missing())
+    submit_machine_id = policy->valid_serial_number_missing();
+  client_->set_submit_machine_id(submit_machine_id);
+
+  // Finally, set up registration if necessary.
+  if (policy && policy->has_request_token() && policy->has_device_id() &&
+      !client_->is_registered()) {
+    client_->SetupRegistration(policy->request_token(),
+                               policy->device_id());
+  }
+
+  if (refresh_state_ == REFRESH_POLICY_STORE)
+    RefreshCompleted();
+}
+
+void CloudPolicyService::OnStoreError(CloudPolicyStore* store) {
+  if (refresh_state_ == REFRESH_POLICY_STORE)
+    RefreshCompleted();
+}
+
+void CloudPolicyService::RefreshCompleted() {
+  // Clear state and |refresh_callbacks_| before actually invoking them, s.t.
+  // triggering new policy fetches behaves as expected.
+  std::vector<base::Closure> callbacks;
+  callbacks.swap(refresh_callbacks_);
+  refresh_state_ = REFRESH_NONE;
+
+  for (std::vector<base::Closure>::iterator callback(callbacks.begin());
+       callback != callbacks.end();
+       ++callback) {
+    callback->Run();
+  }
+}
+
+}  // namespace policy
diff --git a/chrome/browser/policy/cloud_policy_service.h b/chrome/browser/policy/cloud_policy_service.h
new file mode 100644
index 0000000..fe5cc34
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_service.h
@@ -0,0 +1,80 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_SERVICE_H_
+#define CHROME_BROWSER_POLICY_CLOUD_POLICY_SERVICE_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/callback_forward.h"
+#include "base/compiler_specific.h"
+#include "base/memory/scoped_ptr.h"
+#include "chrome/browser/policy/cloud_policy_client.h"
+#include "chrome/browser/policy/cloud_policy_constants.h"
+#include "chrome/browser/policy/cloud_policy_store.h"
+
+namespace policy {
+
+// Coordinates cloud policy handling, hosting the cloud policy client, fetching
+// new policy, and updating the local policy cache when new policy becomes
+// available.
+class CloudPolicyService : public CloudPolicyClient::Observer,
+                           public CloudPolicyStore::Observer {
+ public:
+  CloudPolicyService(scoped_ptr<CloudPolicyClient> client,
+                     scoped_ptr<CloudPolicyStore> store);
+  virtual ~CloudPolicyService();
+
+  // Returns the domain that manages this user/device, according to the current
+  // policy blob. Empty if not managed/not available.
+  std::string ManagedBy() const;
+
+  // Refreshes policy. |callback| will be invoked after the operation completes
+  // or aborts because of errors.
+  void RefreshPolicy(const base::Closure& callback);
+
+  CloudPolicyClient* client() { return client_.get(); }
+  CloudPolicyStore* store() { return store_.get(); }
+
+  // CloudPolicyClient::Observer:
+  virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE;
+  virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE;
+  virtual void OnClientError(CloudPolicyClient* client) OVERRIDE;
+
+  // CloudPolicyStore::Observer:
+  virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
+  virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
+
+ private:
+  // Invokes the refresh callbacks and clears refresh state.
+  void RefreshCompleted();
+
+  // The client used to talk to the cloud.
+  scoped_ptr<CloudPolicyClient> client_;
+
+  // Takes care of persisting and decoding cloud policy.
+  scoped_ptr<CloudPolicyStore> store_;
+
+  // Tracks the state of a pending refresh operation, if any.
+  enum {
+    // No refresh pending.
+    REFRESH_NONE,
+    // Policy fetch is pending.
+    REFRESH_POLICY_FETCH,
+    // Policy store is pending.
+    REFRESH_POLICY_STORE,
+  } refresh_state_;
+
+  // Callbacks to invoke upon policy refresh.
+  std::vector<base::Closure> refresh_callbacks_;
+
+  DISALLOW_COPY_AND_ASSIGN(CloudPolicyService);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_SERVICE_H_
diff --git a/chrome/browser/policy/cloud_policy_service_unittest.cc b/chrome/browser/policy/cloud_policy_service_unittest.cc
new file mode 100644
index 0000000..14e53df
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_service_unittest.cc
@@ -0,0 +1,200 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/cloud_policy_service.h"
+
+#include "base/bind.h"
+#include "base/callback.h"
+#include "chrome/browser/policy/mock_cloud_policy_client.h"
+#include "chrome/browser/policy/mock_cloud_policy_store.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace em = enterprise_management;
+
+using testing::_;
+
+namespace policy {
+
+class CloudPolicyServiceTest : public testing::Test {
+ public:
+  CloudPolicyServiceTest()
+      : client_(new MockCloudPolicyClient),
+        store_(new MockCloudPolicyStore),
+        service_(scoped_ptr<CloudPolicyClient>(client_),
+                 scoped_ptr<CloudPolicyStore>(store_)) {}
+
+  MOCK_METHOD0(OnPolicyRefresh, void(void));
+
+ protected:
+  MockCloudPolicyClient* client_;
+  MockCloudPolicyStore* store_;
+  CloudPolicyService service_;
+};
+
+MATCHER_P(ProtoMatches, proto, "") {
+  return arg.SerializePartialAsString() == proto.SerializePartialAsString();
+}
+
+TEST_F(CloudPolicyServiceTest, ManagedByEmptyPolicy) {
+  EXPECT_EQ("", service_.ManagedBy());
+}
+
+TEST_F(CloudPolicyServiceTest, ManagedByValidPolicy) {
+  store_->policy_.reset(new em::PolicyData());
+  store_->policy_->set_username("user@example.com");
+  EXPECT_EQ("example.com", service_.ManagedBy());
+}
+
+TEST_F(CloudPolicyServiceTest, PolicyUpdateSuccess) {
+  em::PolicyFetchResponse policy;
+  policy.set_policy_data("fake policy");
+  client_->SetPolicy(policy);
+  EXPECT_CALL(*store_, Store(ProtoMatches(policy))).Times(1);
+  client_->NotifyPolicyFetched();
+
+  // After |store_| initializes, credentials and other meta data should be
+  // transferred to |client_|.
+  store_->policy_.reset(new em::PolicyData());
+  store_->policy_->set_request_token("fake token");
+  store_->policy_->set_device_id("fake client id");
+  store_->policy_->set_timestamp(32);
+  store_->policy_->set_valid_serial_number_missing(true);
+  store_->policy_->set_public_key_version(17);
+  EXPECT_CALL(*client_,
+              SetupRegistration(store_->policy_->request_token(),
+                                store_->policy_->device_id())).Times(1);
+  store_->NotifyStoreLoaded();
+  EXPECT_EQ(base::Time::UnixEpoch() + base::TimeDelta::FromMilliseconds(32),
+            client_->last_policy_timestamp_);
+  EXPECT_TRUE(client_->submit_machine_id_);
+  EXPECT_TRUE(client_->public_key_version_valid_);
+  EXPECT_EQ(17, client_->public_key_version_);
+}
+
+TEST_F(CloudPolicyServiceTest, PolicyUpdateClientFailure) {
+  client_->SetStatus(DM_STATUS_REQUEST_FAILED);
+  EXPECT_CALL(*store_, Store(_)).Times(0);
+  client_->NotifyPolicyFetched();
+}
+
+TEST_F(CloudPolicyServiceTest, RefreshPolicySuccess) {
+  testing::InSequence seq;
+
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
+  client_->SetDMToken("fake token");
+
+  // Trigger a fetch on the client.
+  EXPECT_CALL(*client_, FetchPolicy()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+
+  // Client responds, push policy to store.
+  em::PolicyFetchResponse policy;
+  policy.set_policy_data("fake policy");
+  client_->SetPolicy(policy);
+  EXPECT_CALL(*store_, Store(ProtoMatches(policy))).Times(1);
+  client_->NotifyPolicyFetched();
+
+  // Store reloads policy, callback gets triggered.
+  store_->policy_.reset(new em::PolicyData());
+  store_->policy_->set_request_token("token");
+  store_->policy_->set_device_id("device-id");
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(1);
+  store_->NotifyStoreLoaded();
+}
+
+TEST_F(CloudPolicyServiceTest, RefreshPolicyNotRegistered) {
+  // Clear the token so the client is not registered.
+  client_->SetDMToken("");
+
+  EXPECT_CALL(*client_, FetchPolicy()).Times(0);
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+}
+
+TEST_F(CloudPolicyServiceTest, RefreshPolicyClientError) {
+  testing::InSequence seq;
+
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
+  client_->SetDMToken("fake token");
+
+  // Trigger a fetch on the client.
+  EXPECT_CALL(*client_, FetchPolicy()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+
+  // Client responds with an error, which should trigger the callback.
+  client_->SetStatus(DM_STATUS_REQUEST_FAILED);
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(1);
+  client_->NotifyClientError();
+}
+
+TEST_F(CloudPolicyServiceTest, RefreshPolicyStoreError) {
+  testing::InSequence seq;
+
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
+  client_->SetDMToken("fake token");
+
+  // Trigger a fetch on the client.
+  EXPECT_CALL(*client_, FetchPolicy()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+
+  // Client responds, push policy to store.
+  em::PolicyFetchResponse policy;
+  policy.set_policy_data("fake policy");
+  client_->SetPolicy(policy);
+  EXPECT_CALL(*store_, Store(ProtoMatches(policy))).Times(1);
+  client_->NotifyPolicyFetched();
+
+  // Store fails, which should trigger the callback.
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(1);
+  store_->NotifyStoreError();
+}
+
+TEST_F(CloudPolicyServiceTest, RefreshPolicyConcurrent) {
+  testing::InSequence seq;
+
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
+  client_->SetDMToken("fake token");
+
+  // Trigger a fetch on the client.
+  EXPECT_CALL(*client_, FetchPolicy()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+
+  // Triggering another policy refresh should generate a new fetch request.
+  EXPECT_CALL(*client_, FetchPolicy()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+
+  // Client responds, push policy to store.
+  em::PolicyFetchResponse policy;
+  policy.set_policy_data("fake policy");
+  client_->SetPolicy(policy);
+  EXPECT_CALL(*store_, Store(ProtoMatches(policy))).Times(1);
+  client_->NotifyPolicyFetched();
+
+  // Trigger another policy fetch.
+  EXPECT_CALL(*client_, FetchPolicy()).Times(1);
+  service_.RefreshPolicy(base::Bind(&CloudPolicyServiceTest::OnPolicyRefresh,
+                                    base::Unretained(this)));
+
+  // The store finishing the first load should not generate callbacks.
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
+  store_->NotifyStoreLoaded();
+
+  // Second policy fetch finishes.
+  EXPECT_CALL(*store_, Store(ProtoMatches(policy))).Times(1);
+  client_->NotifyPolicyFetched();
+
+  // Corresponding store operation finishes, all _three_ callbacks fire.
+  EXPECT_CALL(*this, OnPolicyRefresh()).Times(3);
+  store_->NotifyStoreLoaded();
+}
+
+}  // namespace policy
diff --git a/chrome/browser/policy/cloud_policy_store.cc b/chrome/browser/policy/cloud_policy_store.cc
new file mode 100644
index 0000000..b4eb819
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_store.cc
@@ -0,0 +1,35 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/cloud_policy_store.h"
+
+namespace policy {
+
+CloudPolicyStore::Observer::~Observer() {}
+
+CloudPolicyStore::CloudPolicyStore()
+    : status_(STATUS_OK),
+      is_initialized_(false) {}
+
+CloudPolicyStore::~CloudPolicyStore() {}
+
+void CloudPolicyStore::AddObserver(CloudPolicyStore::Observer* observer) {
+  observers_.AddObserver(observer);
+}
+
+void CloudPolicyStore::RemoveObserver(CloudPolicyStore::Observer* observer) {
+  observers_.RemoveObserver(observer);
+}
+
+void CloudPolicyStore::NotifyStoreLoaded() {
+  is_initialized_ = true;
+  FOR_EACH_OBSERVER(Observer, observers_, OnStoreLoaded(this));
+}
+
+void CloudPolicyStore::NotifyStoreError() {
+  is_initialized_ = true;
+  FOR_EACH_OBSERVER(Observer, observers_, OnStoreError(this));
+}
+
+}  // namespace
diff --git a/chrome/browser/policy/cloud_policy_store.h b/chrome/browser/policy/cloud_policy_store.h
new file mode 100644
index 0000000..0c02f3f
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_store.h
@@ -0,0 +1,131 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_STORE_H_
+#define CHROME_BROWSER_POLICY_CLOUD_POLICY_STORE_H_
+#pragma once
+
+#include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/observer_list.h"
+#include "chrome/browser/policy/policy_map.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
+
+namespace policy {
+
+// Defines the low-level interface used by the cloud policy code to:
+//   1. Validate policy blobs that should be applied locally
+//   2. Persist policy blobs
+//   3. Decode policy blobs to PolicyMap representation
+class CloudPolicyStore {
+ public:
+  // Status codes.
+  enum Status {
+    // Everything is in good order.
+    STATUS_OK,
+    // Loading policy from the underlying data store failed.
+    STATUS_PERSIST_LOAD_ERROR,
+    // Failed to store policy to the data store.
+    STATUS_PERSIST_STORE_ERROR,
+    // Failed to parse the policy read from the data store.
+    STATUS_PERSIST_PARSE_ERROR,
+    // Failed to serialize policy for storage.
+    STATUS_PERSIST_SERIALIZE_ERROR,
+    // Validation failure: Bad signature.
+    STATUS_VALIDATION_BAD_SIGNATURE,
+    // Validation failure: Policy blob contains error code.
+    STATUS_VALIDATION_ERROR_CODE_PRESENT,
+    // Validation failure: Policy payload failed to decode.
+    STATUS_VALIDATION_PAYLOAD_PARSE_ERROR,
+    // Validation failure: Unexpected policy type.
+    STATUS_VALIDATION_POLICY_TYPE,
+    // Validation failure: Time stamp from the future.
+    STATUS_VALIDATION_TIMESTAMP,
+    // Validation failure: Token doesn't match.
+    STATUS_VALIDATION_TOKEN,
+    // Validation failure: Username doesn't match.
+    STATUS_VALIDATION_USERNAME,
+    // Policy protobuf parse error.
+    STATUS_VALIDATION_POLICY_PARSE_ERROR,
+  };
+
+  // Callbacks for policy store events. Most importantly, policy updates.
+  class Observer {
+   public:
+    virtual ~Observer();
+
+    // Called on changes to store->policy() and/or store->policy_map().
+    virtual void OnStoreLoaded(CloudPolicyStore* store) = 0;
+
+    // Called upon encountering errors.
+    virtual void OnStoreError(CloudPolicyStore* store) = 0;
+  };
+
+  CloudPolicyStore();
+  virtual ~CloudPolicyStore();
+
+  // Indicates whether the store has been fully initialized. This is
+  // accomplished by calling Load() after startup.
+  bool is_initialized() const { return is_initialized_; }
+
+  const PolicyMap& policy_map() const { return policy_map_; }
+  bool has_policy() const {
+    return policy_.get() != NULL;
+  }
+  const enterprise_management::PolicyData* policy() const {
+    return policy_.get();
+  }
+  bool is_managed() const {
+    return policy_.get() &&
+           policy_->state() == enterprise_management::PolicyData::ACTIVE;
+  }
+  Status status() const { return status_; }
+
+  // Store a new policy blob. Pending store operations will be canceled. The
+  // store operation may proceed asynchronously and observers are notified once
+  // the operation finishes. If successful, OnStoreLoaded() will be invoked on
+  // the observers and the updated policy can be read through policy(). Errors
+  // generate OnStoreError() notifications.
+  virtual void Store(
+      const enterprise_management::PolicyFetchResponse& policy) = 0;
+
+  // Load the current policy blob from persistent storage. This may trigger
+  // asynchronous operations. Upon success, OnStoreLoaded() will be called on
+  // the registered observers. Otherwise, OnStoreError() reports the reason for
+  // failure.
+  virtual void Load() = 0;
+
+  // Registers an observer to be notified when policy changes.
+  void AddObserver(Observer* observer);
+
+  // Removes the specified observer.
+  void RemoveObserver(Observer* observer);
+
+ protected:
+  // Invokes the corresponding callback on all registered observers.
+  void NotifyStoreLoaded();
+  void NotifyStoreError();
+
+  // Decoded version of the currently effective policy.
+  PolicyMap policy_map_;
+
+  // Currently effective policy.
+  scoped_ptr<enterprise_management::PolicyData> policy_;
+
+  // Latest status code.
+  Status status_;
+
+ private:
+  // Whether the store has completed asynchronous initialization, which is
+  // triggered by calling Load().
+  bool is_initialized_;
+
+  ObserverList<Observer, true> observers_;
+
+  DISALLOW_COPY_AND_ASSIGN(CloudPolicyStore);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_STORE_H_
diff --git a/chrome/browser/policy/mock_cloud_policy_client.cc b/chrome/browser/policy/mock_cloud_policy_client.cc
new file mode 100644
index 0000000..496745e
--- /dev/null
+++ b/chrome/browser/policy/mock_cloud_policy_client.cc
@@ -0,0 +1,30 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/mock_cloud_policy_client.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
+
+namespace em = enterprise_management;
+
+namespace policy {
+
+MockCloudPolicyClient::MockCloudPolicyClient()
+    : CloudPolicyClient("", "", USER_AFFILIATION_NONE, POLICY_SCOPE_USER, NULL,
+                        NULL) {}
+
+MockCloudPolicyClient::~MockCloudPolicyClient() {}
+
+void MockCloudPolicyClient::SetDMToken(const std::string& token) {
+  dm_token_ = token;
+}
+
+void MockCloudPolicyClient::SetPolicy(const em::PolicyFetchResponse& policy) {
+  policy_.reset(new enterprise_management::PolicyFetchResponse(policy));
+}
+
+void MockCloudPolicyClient::SetStatus(DeviceManagementStatus status) {
+  status_ = status;
+}
+
+}  // namespace policy
diff --git a/chrome/browser/policy/mock_cloud_policy_client.h b/chrome/browser/policy/mock_cloud_policy_client.h
new file mode 100644
index 0000000..2ebe94f
--- /dev/null
+++ b/chrome/browser/policy/mock_cloud_policy_client.h
@@ -0,0 +1,50 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_MOCK_CLOUD_POLICY_CLIENT_H_
+#define CHROME_BROWSER_POLICY_MOCK_CLOUD_POLICY_CLIENT_H_
+#pragma once
+
+#include "base/basictypes.h"
+#include "chrome/browser/policy/cloud_policy_client.h"
+#include "testing/gmock/include/gmock/gmock.h"
+
+namespace policy {
+
+class MockCloudPolicyClient : public CloudPolicyClient {
+ public:
+  MockCloudPolicyClient();
+  virtual ~MockCloudPolicyClient();
+
+  MOCK_METHOD2(SetupRegistration, void(const std::string&, const std::string&));
+  MOCK_METHOD1(Register, void(const std::string&));
+  MOCK_METHOD0(FetchPolicy, void(void));
+  MOCK_METHOD0(Unregister, void(void));
+
+  // Sets the DMToken.
+  void SetDMToken(const std::string& token);
+
+  // Injects policy.
+  void SetPolicy(const enterprise_management::PolicyFetchResponse& policy);
+
+  // Sets the status field.
+  void SetStatus(DeviceManagementStatus status);
+
+  // Make the notification helpers public.
+  using CloudPolicyClient::NotifyPolicyFetched;
+  using CloudPolicyClient::NotifyRegistrationStateChanged;
+  using CloudPolicyClient::NotifyClientError;
+
+  using CloudPolicyClient::submit_machine_id_;
+  using CloudPolicyClient::last_policy_timestamp_;
+  using CloudPolicyClient::public_key_version_;
+  using CloudPolicyClient::public_key_version_valid_;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockCloudPolicyClient);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_MOCK_CLOUD_POLICY_CLIENT_H_
diff --git a/chrome/browser/policy/mock_cloud_policy_store.cc b/chrome/browser/policy/mock_cloud_policy_store.cc
new file mode 100644
index 0000000..a9449d7
--- /dev/null
+++ b/chrome/browser/policy/mock_cloud_policy_store.cc
@@ -0,0 +1,13 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/mock_cloud_policy_store.h"
+
+namespace policy {
+
+MockCloudPolicyStore::MockCloudPolicyStore() {}
+
+MockCloudPolicyStore::~MockCloudPolicyStore() {}
+
+}  // namespace policy
diff --git a/chrome/browser/policy/mock_cloud_policy_store.h b/chrome/browser/policy/mock_cloud_policy_store.h
new file mode 100644
index 0000000..cef3f55
--- /dev/null
+++ b/chrome/browser/policy/mock_cloud_policy_store.h
@@ -0,0 +1,36 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_MOCK_CLOUD_POLICY_STORE_H_
+#define CHROME_BROWSER_POLICY_MOCK_CLOUD_POLICY_STORE_H_
+#pragma once
+
+#include "chrome/browser/policy/cloud_policy_store.h"
+#include "testing/gmock/include/gmock/gmock.h"
+
+namespace policy {
+
+class MockCloudPolicyStore : public CloudPolicyStore {
+ public:
+  MockCloudPolicyStore();
+  virtual ~MockCloudPolicyStore();
+
+  MOCK_METHOD1(Store, void(const enterprise_management::PolicyFetchResponse&));
+  MOCK_METHOD0(Load, void(void));
+
+  // Publish the protected members.
+  using CloudPolicyStore::NotifyStoreLoaded;
+  using CloudPolicyStore::NotifyStoreError;
+
+  using CloudPolicyStore::policy_map_;
+  using CloudPolicyStore::policy_;
+  using CloudPolicyStore::status_;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockCloudPolicyStore);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_MOCK_CLOUD_POLICY_STORE_H_
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 80a14a1..a568e59 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -1573,6 +1573,10 @@
         'browser/policy/cloud_policy_data_store.h',
         'browser/policy/cloud_policy_provider.cc',
         'browser/policy/cloud_policy_provider.h',
+        'browser/policy/cloud_policy_service.cc',
+        'browser/policy/cloud_policy_service.h',
+        'browser/policy/cloud_policy_store.cc',
+        'browser/policy/cloud_policy_store.h',
         'browser/policy/cloud_policy_subsystem.cc',
         'browser/policy/cloud_policy_subsystem.h',
         'browser/policy/config_dir_policy_provider.cc',
diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi
index 491ccc9..2d74094 100644
--- a/chrome/chrome_tests.gypi
+++ b/chrome/chrome_tests.gypi
@@ -1348,6 +1348,7 @@
         'browser/policy/cloud_policy_client_unittest.cc',
         'browser/policy/cloud_policy_controller_unittest.cc',
         'browser/policy/cloud_policy_provider_unittest.cc',
+        'browser/policy/cloud_policy_service_unittest.cc',
         'browser/policy/cloud_policy_subsystem_unittest.cc',
         'browser/policy/config_dir_policy_provider_unittest.cc',
         'browser/policy/configuration_policy_handler_chromeos_unittest.cc',
@@ -1367,6 +1368,10 @@
         'browser/policy/logging_work_scheduler.cc',
         'browser/policy/logging_work_scheduler.h',
         'browser/policy/logging_work_scheduler_unittest.cc',
+        'browser/policy/mock_cloud_policy_client.cc',
+        'browser/policy/mock_cloud_policy_client.h',
+        'browser/policy/mock_cloud_policy_store.cc',
+        'browser/policy/mock_cloud_policy_store.h',
         'browser/policy/mock_configuration_policy_provider.cc',
         'browser/policy/mock_configuration_policy_provider.h',
         'browser/policy/mock_device_management_service.cc',