// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" #include "base/bind.h" #include "base/bind_helpers.h" #include "base/file_util.h" #include "base/files/scoped_temp_dir.h" #include "base/memory/scoped_ptr.h" #include "base/path_service.h" #include "base/run_loop.h" #include "base/threading/worker_pool.h" #include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h" #include "chromeos/chromeos_paths.h" #include "chromeos/cryptohome/cryptohome_util.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "google_apis/gaia/gaia_auth_util.h" #include "testing/gtest/include/gtest/gtest.h" namespace policy { namespace cryptohome_util = chromeos::cryptohome_util; namespace { void CopyLockResult(base::RunLoop* loop, EnterpriseInstallAttributes::LockResult* out, EnterpriseInstallAttributes::LockResult result) { *out = result; loop->Quit(); } } // namespace static const char kTestUser[] = "test@example.com"; static const char kTestUserCanonicalize[] = "UPPER.CASE@example.com"; static const char kTestDomain[] = "example.com"; static const char kTestDeviceId[] = "133750519"; class EnterpriseInstallAttributesTest : public testing::Test { protected: EnterpriseInstallAttributesTest() {} virtual void SetUp() OVERRIDE { ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded( chromeos::FILE_INSTALL_ATTRIBUTES, GetTempPath(), true, false)); chromeos::DBusThreadManager::InitializeWithStub(); install_attributes_.reset(new EnterpriseInstallAttributes( chromeos::DBusThreadManager::Get()->GetCryptohomeClient())); } virtual void TearDown() OVERRIDE { chromeos::DBusThreadManager::Shutdown(); } base::FilePath GetTempPath() const { base::FilePath temp_path = base::MakeAbsoluteFilePath(temp_dir_.path()); return temp_path.Append("install_attrs_test"); } void SetAttribute( cryptohome::SerializedInstallAttributes* install_attrs_proto, const std::string& name, const std::string& value) { cryptohome::SerializedInstallAttributes::Attribute* attribute; attribute = install_attrs_proto->add_attributes(); attribute->set_name(name); attribute->set_value(value); } base::MessageLoopForUI message_loop_; base::ScopedTempDir temp_dir_; scoped_ptr install_attributes_; EnterpriseInstallAttributes::LockResult LockDeviceAndWaitForResult( const std::string& user, DeviceMode device_mode, const std::string& device_id) { base::RunLoop loop; EnterpriseInstallAttributes::LockResult result; install_attributes_->LockDevice( user, device_mode, device_id, base::Bind(&CopyLockResult, &loop, &result)); loop.Run(); return result; } }; TEST_F(EnterpriseInstallAttributesTest, Lock) { EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); // Another user from the same domain should also succeed. EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( "test1@example.com", DEVICE_MODE_ENTERPRISE, kTestDeviceId)); // But another domain should fail. EXPECT_EQ(EnterpriseInstallAttributes::LOCK_WRONG_USER, LockDeviceAndWaitForResult( "test@bluebears.com", DEVICE_MODE_ENTERPRISE, kTestDeviceId)); } TEST_F(EnterpriseInstallAttributesTest, LockCanonicalize) { EXPECT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUserCanonicalize, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); EXPECT_EQ(gaia::CanonicalizeEmail(kTestUserCanonicalize), install_attributes_->GetRegistrationUser()); } TEST_F(EnterpriseInstallAttributesTest, IsEnterpriseDevice) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_FALSE(install_attributes_->IsEnterpriseDevice()); ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); EXPECT_TRUE(install_attributes_->IsEnterpriseDevice()); } TEST_F(EnterpriseInstallAttributesTest, GetDomain) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(std::string(), install_attributes_->GetDomain()); ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); } TEST_F(EnterpriseInstallAttributesTest, GetRegistrationUser) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(std::string(), install_attributes_->GetRegistrationUser()); ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); } TEST_F(EnterpriseInstallAttributesTest, GetDeviceId) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(std::string(), install_attributes_->GetDeviceId()); ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_ENTERPRISE, kTestDeviceId)); EXPECT_EQ(kTestDeviceId, install_attributes_->GetDeviceId()); } TEST_F(EnterpriseInstallAttributesTest, GetMode) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( kTestUser, DEVICE_MODE_RETAIL_KIOSK, kTestDeviceId)); EXPECT_EQ(DEVICE_MODE_RETAIL_KIOSK, install_attributes_->GetMode()); } TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); // Lock the attributes empty. ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); base::RunLoop loop; install_attributes_->ReadImmutableAttributes(loop.QuitClosure()); loop.Run(); ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); EXPECT_EQ(DEVICE_MODE_CONSUMER, install_attributes_->GetMode()); } TEST_F(EnterpriseInstallAttributesTest, ConsumerKioskDevice) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); // Lock the attributes for consumer kiosk. ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS, LockDeviceAndWaitForResult( std::string(), DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, std::string())); ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, install_attributes_->GetMode()); ASSERT_TRUE(install_attributes_->IsConsumerKioskDeviceWithAutoLaunch()); } TEST_F(EnterpriseInstallAttributesTest, DeviceLockedFromOlderVersion) { install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(DEVICE_MODE_PENDING, install_attributes_->GetMode()); // Lock the attributes as if it was done from older Chrome version. ASSERT_TRUE(cryptohome_util::InstallAttributesSet( EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true")); ASSERT_TRUE(cryptohome_util::InstallAttributesSet( EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser)); ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); base::RunLoop loop; install_attributes_->ReadImmutableAttributes(loop.QuitClosure()); loop.Run(); ASSERT_FALSE(cryptohome_util::InstallAttributesIsFirstInstall()); EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); EXPECT_EQ("", install_attributes_->GetDeviceId()); } TEST_F(EnterpriseInstallAttributesTest, ReadCacheFile) { cryptohome::SerializedInstallAttributes install_attrs_proto; SetAttribute(&install_attrs_proto, EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true"); SetAttribute(&install_attrs_proto, EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser); const std::string blob(install_attrs_proto.SerializeAsString()); ASSERT_EQ(static_cast(blob.size()), base::WriteFile(GetTempPath(), blob.c_str(), blob.size())); install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(DEVICE_MODE_ENTERPRISE, install_attributes_->GetMode()); EXPECT_EQ(kTestDomain, install_attributes_->GetDomain()); EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); EXPECT_EQ("", install_attributes_->GetDeviceId()); } TEST_F(EnterpriseInstallAttributesTest, ReadCacheFileForConsumerKiosk) { cryptohome::SerializedInstallAttributes install_attrs_proto; SetAttribute(&install_attrs_proto, EnterpriseInstallAttributes::kAttrConsumerKioskEnabled, "true"); const std::string blob(install_attrs_proto.SerializeAsString()); ASSERT_EQ(static_cast(blob.size()), base::WriteFile(GetTempPath(), blob.c_str(), blob.size())); install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, install_attributes_->GetMode()); EXPECT_EQ("", install_attributes_->GetDomain()); EXPECT_EQ("", install_attributes_->GetRegistrationUser()); EXPECT_EQ("", install_attributes_->GetDeviceId()); } TEST_F(EnterpriseInstallAttributesTest, VerifyFakeInstallAttributesCache) { // This test verifies that FakeCryptohomeClient::InstallAttributesFinalize // writes a cache that EnterpriseInstallAttributes::ReadCacheFile accepts. // Verify that no attributes are initially set. install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ("", install_attributes_->GetRegistrationUser()); // Write test values. ASSERT_TRUE(cryptohome_util::InstallAttributesSet( EnterpriseInstallAttributes::kAttrEnterpriseOwned, "true")); ASSERT_TRUE(cryptohome_util::InstallAttributesSet( EnterpriseInstallAttributes::kAttrEnterpriseUser, kTestUser)); ASSERT_TRUE(cryptohome_util::InstallAttributesFinalize()); // Wait for the async write. base::RunLoop loop; base::WorkerPool::PostTaskAndReply( FROM_HERE, base::Bind(&base::DoNothing), loop.QuitClosure(), false); loop.Run(); // Verify that EnterpriseInstallAttributes correctly decodes the stub // cache file. install_attributes_->ReadCacheFile(GetTempPath()); EXPECT_EQ(kTestUser, install_attributes_->GetRegistrationUser()); } } // namespace policy