| Index: chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc
|
| diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc
|
| index 728b1e822cc98f60be6b3b7cf60be466b1851b15..fe319dc5773572cd139a15ab16678def3a71b44e 100644
|
| --- a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc
|
| +++ b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc
|
| @@ -15,6 +15,7 @@
|
| #include "chrome/browser/chromeos/settings/cros_settings.h"
|
| #include "chrome/browser/chromeos/settings/device_settings_service.h"
|
| #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h"
|
| +#include "chrome/browser/prefs/scoped_user_pref_update.h"
|
| #include "chrome/common/pref_names.h"
|
| #include "chromeos/attestation/mock_attestation_flow.h"
|
| #include "chromeos/cryptohome/mock_async_method_caller.h"
|
| @@ -43,7 +44,8 @@ const char kTestSignature[] = "test_signature";
|
| const char kTestCertificate[] = "test_certificate";
|
| const char kTestEmail[] = "test_email@chromium.org";
|
| const char kTestURL[] = "http://mytestdomain/test";
|
| -const char kTestDomain[] = "mytestdomain";
|
| +const char kTestURLSecure[] = "https://mytestdomain/test";
|
| +const char kTestDomain[] = "http://mytestdomain/";
|
|
|
| class FakeDelegate : public PlatformVerificationFlow::Delegate {
|
| public:
|
| @@ -52,7 +54,6 @@ class FakeDelegate : public PlatformVerificationFlow::Delegate {
|
| virtual ~FakeDelegate() {}
|
|
|
| virtual void ShowConsentPrompt(
|
| - PlatformVerificationFlow::ConsentType type,
|
| content::WebContents* web_contents,
|
| const PlatformVerificationFlow::Delegate::ConsentCallback& callback)
|
| OVERRIDE {
|
| @@ -144,8 +145,6 @@ class PlatformVerificationFlowTest : public ::testing::Test {
|
| pref_service_.registry()->RegisterBooleanPref(prefs::kEnableDRM, true);
|
| pref_service_.registry()->RegisterBooleanPref(prefs::kRAConsentFirstTime,
|
| true);
|
| - pref_service_.registry()->RegisterBooleanPref(prefs::kRAConsentAlways,
|
| - false);
|
| pref_service_.registry()->RegisterDictionaryPref(prefs::kRAConsentDomains);
|
| verifier_->set_testing_prefs(&pref_service_);
|
|
|
| @@ -192,6 +191,11 @@ class PlatformVerificationFlowTest : public ::testing::Test {
|
| this, &PlatformVerificationFlowTest::FakeSignChallenge)));
|
| }
|
|
|
| + void SetUserConsent(const std::string& domain, bool allow) {
|
| + DictionaryPrefUpdate updater(&pref_service_, prefs::kRAConsentDomains);
|
| + updater->SetBoolean(domain, allow);
|
| + }
|
| +
|
| void FakeGetCertificate(
|
| const AttestationFlow::CertificateCallback& callback) {
|
| base::MessageLoop::current()->PostTask(FROM_HERE,
|
| @@ -258,6 +262,7 @@ class PlatformVerificationFlowTest : public ::testing::Test {
|
| };
|
|
|
| TEST_F(PlatformVerificationFlowTest, SuccessNoConsent) {
|
| + SetUserConsent(kTestDomain, true);
|
| // Make sure the call will fail if consent is requested.
|
| fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
|
| ExpectAttestationFlow();
|
| @@ -270,20 +275,8 @@ TEST_F(PlatformVerificationFlowTest, SuccessNoConsent) {
|
| EXPECT_EQ(0, fake_delegate_.num_consent_calls());
|
| }
|
|
|
| -TEST_F(PlatformVerificationFlowTest, SuccessWithAlwaysAskConsent) {
|
| - pref_service_.SetUserPref(prefs::kRAConsentAlways,
|
| - new base::FundamentalValue(true));
|
| - ExpectAttestationFlow();
|
| - verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| - base::RunLoop().RunUntilIdle();
|
| - EXPECT_EQ(PlatformVerificationFlow::SUCCESS, result_);
|
| - EXPECT_EQ(kTestSignedData, challenge_salt_);
|
| - EXPECT_EQ(kTestSignature, challenge_signature_);
|
| - EXPECT_EQ(kTestCertificate, certificate_);
|
| - EXPECT_EQ(1, fake_delegate_.num_consent_calls());
|
| -}
|
| -
|
| TEST_F(PlatformVerificationFlowTest, SuccessWithAttestationConsent) {
|
| + SetUserConsent(kTestDomain, true);
|
| fake_cryptohome_client_.set_attestation_enrolled(false);
|
| ExpectAttestationFlow();
|
| verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| @@ -296,6 +289,7 @@ TEST_F(PlatformVerificationFlowTest, SuccessWithAttestationConsent) {
|
| }
|
|
|
| TEST_F(PlatformVerificationFlowTest, SuccessWithFirstTimeConsent) {
|
| + SetUserConsent(kTestDomain, true);
|
| pref_service_.SetUserPref(prefs::kRAConsentFirstTime,
|
| new base::FundamentalValue(false));
|
| ExpectAttestationFlow();
|
| @@ -309,8 +303,6 @@ TEST_F(PlatformVerificationFlowTest, SuccessWithFirstTimeConsent) {
|
| }
|
|
|
| TEST_F(PlatformVerificationFlowTest, ConsentRejected) {
|
| - pref_service_.SetUserPref(prefs::kRAConsentAlways,
|
| - new base::FundamentalValue(true));
|
| fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
|
| verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| base::RunLoop().RunUntilIdle();
|
| @@ -337,9 +329,7 @@ TEST_F(PlatformVerificationFlowTest, FeatureDisabledByUser) {
|
| }
|
|
|
| TEST_F(PlatformVerificationFlowTest, FeatureDisabledByUserForDomain) {
|
| - base::DictionaryValue* domains = new base::DictionaryValue();
|
| - domains->SetBoolean(kTestDomain, false);
|
| - pref_service_.SetUserPref(prefs::kRAConsentDomains, domains);
|
| + SetUserConsent(kTestDomain, false);
|
| verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| base::RunLoop().RunUntilIdle();
|
| EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
|
| @@ -371,12 +361,27 @@ TEST_F(PlatformVerificationFlowTest, DBusFailure) {
|
|
|
| TEST_F(PlatformVerificationFlowTest, ConsentNoResponse) {
|
| fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_NONE);
|
| - pref_service_.SetUserPref(prefs::kRAConsentAlways,
|
| - new base::FundamentalValue(true));
|
| verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| base::RunLoop().RunUntilIdle();
|
| EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
|
| }
|
|
|
| +TEST_F(PlatformVerificationFlowTest, ConsentPerScheme) {
|
| + fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY);
|
| + verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| + base::RunLoop().RunUntilIdle();
|
| + EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
|
| + // Call again and expect denial based on previous response.
|
| + verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| + base::RunLoop().RunUntilIdle();
|
| + EXPECT_EQ(PlatformVerificationFlow::POLICY_REJECTED, result_);
|
| + // Call with a different scheme and expect another consent prompt.
|
| + verifier_->set_testing_url(GURL(kTestURLSecure));
|
| + verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_);
|
| + base::RunLoop().RunUntilIdle();
|
| + EXPECT_EQ(PlatformVerificationFlow::USER_REJECTED, result_);
|
| + EXPECT_EQ(2, fake_delegate_.num_consent_calls());
|
| +}
|
| +
|
| } // namespace attestation
|
| } // namespace chromeos
|
|
|
Chromium Code Reviews
Issue 31043008:
Changed platform verification user consent logic to be per-domain. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src