| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <vector> | 5 #include <vector> |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 EXPECT_EQ(expected_status, arg0->status()); | 29 EXPECT_EQ(expected_status, arg0->status()); |
| 30 }; | 30 }; |
| 31 | 31 |
| 32 class CloudPolicyValidatorTest : public testing::Test { | 32 class CloudPolicyValidatorTest : public testing::Test { |
| 33 public: | 33 public: |
| 34 CloudPolicyValidatorTest() | 34 CloudPolicyValidatorTest() |
| 35 : loop_(base::MessageLoop::TYPE_UI), | 35 : loop_(base::MessageLoop::TYPE_UI), |
| 36 timestamp_(base::Time::UnixEpoch() + | 36 timestamp_(base::Time::UnixEpoch() + |
| 37 base::TimeDelta::FromMilliseconds( | 37 base::TimeDelta::FromMilliseconds( |
| 38 PolicyBuilder::kFakeTimestamp)), | 38 PolicyBuilder::kFakeTimestamp)), |
| 39 ignore_missing_timestamp_(CloudPolicyValidatorBase::TIMESTAMP_REQUIRED), | 39 timestamp_option_(CloudPolicyValidatorBase::TIMESTAMP_REQUIRED), |
| 40 ignore_missing_dm_token_(CloudPolicyValidatorBase::DM_TOKEN_REQUIRED), | 40 ignore_missing_dm_token_(CloudPolicyValidatorBase::DM_TOKEN_REQUIRED), |
| 41 allow_key_rotation_(true), | 41 allow_key_rotation_(true), |
| 42 existing_dm_token_(PolicyBuilder::kFakeToken), | 42 existing_dm_token_(PolicyBuilder::kFakeToken), |
| 43 file_thread_(content::BrowserThread::FILE, &loop_) { | 43 file_thread_(content::BrowserThread::FILE, &loop_) { |
| 44 policy_.SetDefaultNewSigningKey(); | 44 policy_.SetDefaultNewSigningKey(); |
| 45 } | 45 } |
| 46 | 46 |
| 47 void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { | 47 void Validate(testing::Action<void(UserCloudPolicyValidator*)> check_action) { |
| 48 // Create a validator. | 48 // Create a validator. |
| 49 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); | 49 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 60 | 60 |
| 61 scoped_ptr<UserCloudPolicyValidator> CreateValidator() { | 61 scoped_ptr<UserCloudPolicyValidator> CreateValidator() { |
| 62 std::vector<uint8> public_key; | 62 std::vector<uint8> public_key; |
| 63 EXPECT_TRUE( | 63 EXPECT_TRUE( |
| 64 PolicyBuilder::CreateTestSigningKey()->ExportPublicKey(&public_key)); | 64 PolicyBuilder::CreateTestSigningKey()->ExportPublicKey(&public_key)); |
| 65 policy_.Build(); | 65 policy_.Build(); |
| 66 | 66 |
| 67 UserCloudPolicyValidator* validator = | 67 UserCloudPolicyValidator* validator = |
| 68 UserCloudPolicyValidator::Create(policy_.GetCopy()); | 68 UserCloudPolicyValidator::Create(policy_.GetCopy()); |
| 69 validator->ValidateTimestamp(timestamp_, timestamp_, | 69 validator->ValidateTimestamp(timestamp_, timestamp_, |
| 70 ignore_missing_timestamp_); | 70 timestamp_option_); |
| 71 validator->ValidateUsername(PolicyBuilder::kFakeUsername); | 71 validator->ValidateUsername(PolicyBuilder::kFakeUsername); |
| 72 validator->ValidateDomain(PolicyBuilder::kFakeDomain); | 72 validator->ValidateDomain(PolicyBuilder::kFakeDomain); |
| 73 validator->ValidateDMToken(existing_dm_token_, ignore_missing_dm_token_); | 73 validator->ValidateDMToken(existing_dm_token_, ignore_missing_dm_token_); |
| 74 validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); | 74 validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType); |
| 75 validator->ValidatePayload(); | 75 validator->ValidatePayload(); |
| 76 validator->ValidateSignature(public_key, allow_key_rotation_); | 76 validator->ValidateSignature(public_key, allow_key_rotation_); |
| 77 if (allow_key_rotation_) | 77 if (allow_key_rotation_) |
| 78 validator->ValidateInitialKey(); | 78 validator->ValidateInitialKey(); |
| 79 return make_scoped_ptr(validator); | 79 return make_scoped_ptr(validator); |
| 80 } | 80 } |
| 81 | 81 |
| 82 | 82 |
| 83 void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { | 83 void CheckSuccessfulValidation(UserCloudPolicyValidator* validator) { |
| 84 EXPECT_TRUE(validator->success()); | 84 EXPECT_TRUE(validator->success()); |
| 85 EXPECT_EQ(policy_.policy().SerializeAsString(), | 85 EXPECT_EQ(policy_.policy().SerializeAsString(), |
| 86 validator->policy()->SerializeAsString()); | 86 validator->policy()->SerializeAsString()); |
| 87 EXPECT_EQ(policy_.policy_data().SerializeAsString(), | 87 EXPECT_EQ(policy_.policy_data().SerializeAsString(), |
| 88 validator->policy_data()->SerializeAsString()); | 88 validator->policy_data()->SerializeAsString()); |
| 89 EXPECT_EQ(policy_.payload().SerializeAsString(), | 89 EXPECT_EQ(policy_.payload().SerializeAsString(), |
| 90 validator->payload()->SerializeAsString()); | 90 validator->payload()->SerializeAsString()); |
| 91 } | 91 } |
| 92 | 92 |
| 93 base::MessageLoop loop_; | 93 base::MessageLoop loop_; |
| 94 base::Time timestamp_; | 94 base::Time timestamp_; |
| 95 CloudPolicyValidatorBase::ValidateTimestampOption ignore_missing_timestamp_; | 95 CloudPolicyValidatorBase::ValidateTimestampOption timestamp_option_; |
| 96 CloudPolicyValidatorBase::ValidateDMTokenOption ignore_missing_dm_token_; | 96 CloudPolicyValidatorBase::ValidateDMTokenOption ignore_missing_dm_token_; |
| 97 std::string signing_key_; | 97 std::string signing_key_; |
| 98 bool allow_key_rotation_; | 98 bool allow_key_rotation_; |
| 99 std::string existing_dm_token_; | 99 std::string existing_dm_token_; |
| 100 | 100 |
| 101 UserPolicyBuilder policy_; | 101 UserPolicyBuilder policy_; |
| 102 | 102 |
| 103 private: | 103 private: |
| 104 MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); | 104 MOCK_METHOD1(ValidationCompletion, void(UserCloudPolicyValidator* validator)); |
| 105 | 105 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 146 policy_.policy_data().set_policy_type("invalid"); | 146 policy_.policy_data().set_policy_type("invalid"); |
| 147 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE)); | 147 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE)); |
| 148 } | 148 } |
| 149 | 149 |
| 150 TEST_F(CloudPolicyValidatorTest, ErrorNoTimestamp) { | 150 TEST_F(CloudPolicyValidatorTest, ErrorNoTimestamp) { |
| 151 policy_.policy_data().clear_timestamp(); | 151 policy_.policy_data().clear_timestamp(); |
| 152 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); | 152 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); |
| 153 } | 153 } |
| 154 | 154 |
| 155 TEST_F(CloudPolicyValidatorTest, IgnoreMissingTimestamp) { | 155 TEST_F(CloudPolicyValidatorTest, IgnoreMissingTimestamp) { |
| 156 ignore_missing_timestamp_ = CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED; | 156 timestamp_option_ = CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED; |
| 157 policy_.policy_data().clear_timestamp(); | 157 policy_.policy_data().clear_timestamp(); |
| 158 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); | 158 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); |
| 159 } | 159 } |
| 160 | 160 |
| 161 TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) { | 161 TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) { |
| 162 base::Time timestamp(timestamp_ - base::TimeDelta::FromMinutes(5)); | 162 base::Time timestamp(timestamp_ - base::TimeDelta::FromMinutes(5)); |
| 163 policy_.policy_data().set_timestamp( | 163 policy_.policy_data().set_timestamp( |
| 164 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); | 164 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); |
| 165 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); | 165 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); |
| 166 } | 166 } |
| 167 | 167 |
| 168 TEST_F(CloudPolicyValidatorTest, ErrorTimestampFromTheFuture) { | 168 TEST_F(CloudPolicyValidatorTest, ErrorTimestampFromTheFuture) { |
| 169 base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); | 169 base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); |
| 170 policy_.policy_data().set_timestamp( | 170 policy_.policy_data().set_timestamp( |
| 171 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); | 171 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); |
| 172 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); | 172 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_BAD_TIMESTAMP)); |
| 173 } | 173 } |
| 174 | 174 |
| 175 TEST_F(CloudPolicyValidatorTest, IgnoreErrorTimestampFromTheFuture) { |
| 176 base::Time timestamp(timestamp_ + base::TimeDelta::FromMinutes(5)); |
| 177 timestamp_option_ = |
| 178 CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE; |
| 179 policy_.policy_data().set_timestamp( |
| 180 (timestamp - base::Time::UnixEpoch()).InMilliseconds()); |
| 181 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); |
| 182 } |
| 183 |
| 175 TEST_F(CloudPolicyValidatorTest, ErrorNoRequestToken) { | 184 TEST_F(CloudPolicyValidatorTest, ErrorNoRequestToken) { |
| 176 policy_.policy_data().clear_request_token(); | 185 policy_.policy_data().clear_request_token(); |
| 177 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_TOKEN)); | 186 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_WRONG_TOKEN)); |
| 178 } | 187 } |
| 179 | 188 |
| 180 TEST_F(CloudPolicyValidatorTest, ErrorNoRequestTokenNotRequired) { | 189 TEST_F(CloudPolicyValidatorTest, ErrorNoRequestTokenNotRequired) { |
| 181 // Even though DMTokens are not required, if the existing policy has a token, | 190 // Even though DMTokens are not required, if the existing policy has a token, |
| 182 // we should still generate an error if the new policy has none. | 191 // we should still generate an error if the new policy has none. |
| 183 policy_.policy_data().clear_request_token(); | 192 policy_.policy_data().clear_request_token(); |
| 184 ignore_missing_dm_token_ = CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED; | 193 ignore_missing_dm_token_ = CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 282 | 291 |
| 283 TEST_F(CloudPolicyValidatorTest, NoRotation) { | 292 TEST_F(CloudPolicyValidatorTest, NoRotation) { |
| 284 allow_key_rotation_ = false; | 293 allow_key_rotation_ = false; |
| 285 policy_.UnsetNewSigningKey(); | 294 policy_.UnsetNewSigningKey(); |
| 286 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); | 295 Validate(CheckStatus(CloudPolicyValidatorBase::VALIDATION_OK)); |
| 287 } | 296 } |
| 288 | 297 |
| 289 } // namespace | 298 } // namespace |
| 290 | 299 |
| 291 } // namespace policy | 300 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24041002:
Turn off future-timestamp cloud policy checks on desktop (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src