| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <vector> | 5 #include <vector> |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 EXPECT_EQ(expected_status, arg0->status()); | 29 EXPECT_EQ(expected_status, arg0->status()); |
| 30 }; | 30 }; |
| 31 | 31 |
| 32 class CloudPolicyValidatorTest : public testing::Test { | 32 class CloudPolicyValidatorTest : public testing::Test { |
| 33 public: | 33 public: |
| 34 CloudPolicyValidatorTest() | 34 CloudPolicyValidatorTest() |
| 35 : loop_(MessageLoop::TYPE_UI), | 35 : loop_(MessageLoop::TYPE_UI), |
| 36 timestamp_(base::Time::UnixEpoch() + | 36 timestamp_(base::Time::UnixEpoch() + |
| 37 base::TimeDelta::FromMilliseconds( | 37 base::TimeDelta::FromMilliseconds( |
| 38 PolicyBuilder::kFakeTimestamp)), | 38 PolicyBuilder::kFakeTimestamp)), |
| 39 file_thread_(content::BrowserThread::FILE, &loop_) {} | 39 ignore_missing_timestamp_(false), |
| 40 allow_key_rotation_(true), |
| 41 file_thread_(content::BrowserThread::FILE, &loop_) { |
| 42 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); |
| 43 } |
| 40 | 44 |
| 41 void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { | 45 void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { |
| 42 std::vector<uint8> public_key; | 46 std::vector<uint8> public_key; |
| 43 ASSERT_TRUE( | 47 ASSERT_TRUE( |
| 44 PolicyBuilder::CreateTestSigningKey()->ExportPublicKey(&public_key)); | 48 PolicyBuilder::CreateTestSigningKey()->ExportPublicKey(&public_key)); |
| 45 | 49 |
| 46 // Create a validator. | 50 // Create a validator. |
| 47 policy_.Build(); | 51 policy_.Build(); |
| 48 UserCloudPolicyValidator* validator = | 52 UserCloudPolicyValidator* validator = |
| 49 UserCloudPolicyValidator::Create( | 53 UserCloudPolicyValidator::Create( |
| 50 policy_.GetCopy(), | 54 policy_.GetCopy(), |
| 51 base::Bind(&CloudPolicyValidatorTest::ValidationCompletion, | 55 base::Bind(&CloudPolicyValidatorTest::ValidationCompletion, |
| 52 base::Unretained(this))); | 56 base::Unretained(this))); |
| 53 validator->ValidateTimestamp(timestamp_, timestamp_); | 57 validator->ValidateTimestamp(timestamp_, timestamp_, |
| 58 ignore_missing_timestamp_); |
| 54 validator->ValidateUsername(PolicyBuilder::kFakeUsername); | 59 validator->ValidateUsername(PolicyBuilder::kFakeUsername); |
| 55 validator->ValidateDomain(PolicyBuilder::kFakeDomain); | 60 validator->ValidateDomain(PolicyBuilder::kFakeDomain); |
| 56 validator->ValidateDMToken(PolicyBuilder::kFakeToken); | 61 validator->ValidateDMToken(PolicyBuilder::kFakeToken); |
| 57 validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); | 62 validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); |
| 58 validator->ValidatePayload(); | 63 validator->ValidatePayload(); |
| 59 validator->ValidateSignature(std::string(public_key.begin(), | 64 validator->ValidateSignature(public_key, allow_key_rotation_); |
| 60 public_key.end())); | 65 if (allow_key_rotation_) |
| 61 validator->ValidateInitialKey(); | 66 validator->ValidateInitialKey(); |
| 62 | 67 |
| 63 // Run validation and check the result. | 68 // Run validation and check the result. |
| 64 EXPECT_CALL(*this, ValidationCompletion(validator)).WillOnce(check_action); | 69 EXPECT_CALL(*this, ValidationCompletion(validator)).WillOnce(check_action); |
| 65 validator->StartValidation(); | 70 validator->StartValidation(); |
| 66 loop_.RunAllPending(); | 71 loop_.RunAllPending(); |
| 67 Mock::VerifyAndClearExpectations(this); | 72 Mock::VerifyAndClearExpectations(this); |
| 68 } | 73 } |
| 69 | 74 |
| 70 void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { | 75 void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { |
| 71 EXPECT_TRUE(validator->success()); | 76 EXPECT_TRUE(validator->success()); |
| 72 EXPECT_EQ(policy_.policy().SerializeAsString(), | 77 EXPECT_EQ(policy_.policy().SerializeAsString(), |
| 73 validator->policy()->SerializeAsString()); | 78 validator->policy()->SerializeAsString()); |
| 74 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 79 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 75 validator->policy_data()->SerializeAsString()); | 80 validator->policy_data()->SerializeAsString()); |
| 76 EXPECT_EQ(policy_.payload().SerializeAsString(), | 81 EXPECT_EQ(policy_.payload().SerializeAsString(), |
| 77 validator->payload()->SerializeAsString()); | 82 validator->payload()->SerializeAsString()); |
| 78 } | 83 } |
| 79 | 84 |
| 80 MessageLoop loop_; | 85 MessageLoop loop_; |
| 81 base::Time timestamp_; | 86 base::Time timestamp_; |
| 87 bool ignore_missing_timestamp_; |
| 82 std::string signing_key_; | 88 std::string signing_key_; |
| 89 bool allow_key_rotation_; |
| 83 | 90 |
| 84 UserPolicyBuilder policy_; | 91 UserPolicyBuilder policy_; |
| 85 | 92 |
| 86 private: | 93 private: |
| 87 MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); | 94 MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); |
| 88 | 95 |
| 89 content::TestBrowserThread file_thread_; | 96 content::TestBrowserThread file_thread_; |
| 90 | 97 |
| 91 DISALLOW_COPY_AND_ASSIGN(CloudPolicyValidatorTest); | 98 DISALLOW_COPY_AND_ASSIGN(CloudPolicyValidatorTest); |
| 92 }; | 99 }; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 109 TEST_F(CloudPolicyValidatorTest, ErrorWrongPolicyType) { | 116 TEST_F(CloudPolicyValidatorTest, ErrorWrongPolicyType) { |
| 110 policy_.policy_data().set_policy_type("invalid"); | 117 policy_.policy_data().set_policy_type("invalid"); |
| 111 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE)); | 118 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE)); |
| 112 } | 119 } |
| 113 | 120 |
| 114 TEST_F(CloudPolicyValidatorTest, ErrorNoTimestamp) { | 121 TEST_F(CloudPolicyValidatorTest, ErrorNoTimestamp) { |
| 115 policy_.policy_data().clear_timestamp(); | 122 policy_.policy_data().clear_timestamp(); |
| 116 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); | 123 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); |
| 117 } | 124 } |
| 118 | 125 |
| 126 TEST_F(CloudPolicyValidatorTest, IgnoreMissingTimestamp) { |
| 127 ignore_missing_timestamp_ = true; |
| 128 policy_.policy_data().clear_timestamp(); |
| 129 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); |
| 130 } |
| 131 |
| 119 TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) { | 132 TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) { |
| 120 base::Time timestamp(timestamp_ - base::TimeDelta::FromMinutes(5)); | 133 base::Time timestamp(timestamp_ - base::TimeDelta::FromMinutes(5)); |
| 121 policy_.policy_data().set_timestamp( | 134 policy_.policy_data().set_timestamp( |
| 122 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); | 135 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); |
| 123 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); | 136 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); |
| 124 } | 137 } |
| 125 | 138 |
| 126 TEST_F(CloudPolicyValidatorTest, ErrorTimestampFromTheFuture) { | 139 TEST_F(CloudPolicyValidatorTest, ErrorTimestampFromTheFuture) { |
| 127 base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); | 140 base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); |
| 128 policy_.policy_data().set_timestamp( | 141 policy_.policy_data().set_timestamp( |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); | 223 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); |
| 211 } | 224 } |
| 212 | 225 |
| 213 TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeySignature) { | 226 TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeySignature) { |
| 214 policy_.set_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); | 227 policy_.set_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); |
| 215 policy_.set_new_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); | 228 policy_.set_new_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); |
| 216 policy_.policy().set_new_public_key_signature("invalid"); | 229 policy_.policy().set_new_public_key_signature("invalid"); |
| 217 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); | 230 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); |
| 218 } | 231 } |
| 219 | 232 |
| 233 TEST_F(CloudPolicyValidatorTest, ErrorNoRotationAllowed) { |
| 234 allow_key_rotation_ = false; |
| 235 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_SIGNATURE)); |
| 236 } |
| 237 |
| 238 TEST_F(CloudPolicyValidatorTest, NoRotation) { |
| 239 allow_key_rotation_ = false; |
| 240 policy_.set_new_signing_key(scoped_ptr<crypto::RSAPrivateKey>()); |
| 241 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); |
| 242 } |
| 243 |
| 220 } // namespace | 244 } // namespace |
| 221 | 245 |
| 222 } // namespace policy | 246 } // namespace policy |
| OLD | NEW |