// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/policy/core/common/cloud/cloud_policy_validator.h" #include <stdint.h> #include <memory> #include <string> #include <utility> #include "base/command_line.h" #include "base/functional/bind.h" #include "base/run_loop.h" #include "base/strings/string_util.h" #include "base/task/single_thread_task_runner.h" #include "base/test/task_environment.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "cloud_policy_constants.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" #include "components/policy/core/common/cloud/test/policy_builder.h" #include "components/policy/core/common/policy_switches.h" #include "components/policy/proto/device_management_backend.pb.h" #include "crypto/rsa_private_key.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #if BUILDFLAG(IS_CHROMEOS_ASH) #include "base/system/sys_info.h" #include "base/test/scoped_chromeos_version_info.h" #include "base/time/time.h" #include "testing/gtest/include/gtest/gtest-death-test.h" #endif // BUILDFLAG(IS_CHROMEOS_ASH) em; Invoke; Mock; namespace policy { namespace { ACTION_P(CheckStatus, expected_status) { … } const char kPolicyName[] = …; const ValueValidationIssue::Severity kSeverity = …; const char kMessage[] = …; class FakeUserPolicyValueValidator : public PolicyValueValidator<em::CloudPolicySettings> { … }; class CloudPolicyValidatorTest : public testing::Test { … }; #if BUILDFLAG(IS_CHROMEOS_ASH) TEST_F(CloudPolicyValidatorTest, SuccessfulValidationWithDisableKeyVerificationOnTestImage) { base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); command_line->AppendSwitch(switches::kDisablePolicyKeyVerification); const char kLsbRelease[] = "CHROMEOS_RELEASE_NAME=Chrome OS\n" "CHROMEOS_RELEASE_VERSION=1.2.3.4\n" "CHROMEOS_RELEASE_TRACK=testimage-channel\n"; base::test::ScopedChromeOSVersionInfo version(kLsbRelease, base::Time()); EXPECT_TRUE(base::SysInfo::IsRunningOnChromeOS()); // Should not crash when creating a CloudPolicyValidator. Runs validation // successfully. Validate(Invoke(this, &CloudPolicyValidatorTest::CheckSuccessfulValidation)); } TEST_F(CloudPolicyValidatorTest, CrashIfDisableKeyVerificationWithoutTestImage) { base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); command_line->AppendSwitch(switches::kDisablePolicyKeyVerification); const char kLsbRelease[] = "CHROMEOS_RELEASE_NAME=Chrome OS\n" "CHROMEOS_RELEASE_VERSION=1.2.3.4\n" "CHROMEOS_RELEASE_TRACK=stable-channel\n"; base::test::ScopedChromeOSVersionInfo version(kLsbRelease, base::Time()); EXPECT_TRUE(base::SysInfo::IsRunningOnChromeOS()); // Should crash when creating a CloudPolicyValidator. EXPECT_DEATH_IF_SUPPORTED( { policy_.Build(); std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(policy_.GetCopy()); }, ""); } #endif // BUILDFLAG(IS_CHROMEOS_ASH) TEST_F(CloudPolicyValidatorTest, SuccessfulValidation) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidation) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithNoExistingDMToken) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithNoDMTokens) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithNoExistingDeviceId) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithNoDeviceId) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulRunValidationWithTimestampFromTheFuture) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulValidationWithSignatureTypeSHA1) { … } // Assume that if a policy blob does not have `policy_data_signature_type` set, // the blob is signed with SHA1_RSA. TEST_F(CloudPolicyValidatorTest, SuccessfulValidationWithMissingSignatureType) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulValidationWithSignatureTypeSHA256) { … } // Treat `em::PolicyFetchRequest::NONE` in `policy_data_signature_type` // as unsigned, which is not supported. TEST_F(CloudPolicyValidatorTest, FailedValidationWithSignatureTypeNONE) { … } TEST_F(CloudPolicyValidatorTest, UsernameCanonicalization) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoPolicyType) { … } TEST_F(CloudPolicyValidatorTest, ErrorWrongPolicyType) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoTimestamp) { … } TEST_F(CloudPolicyValidatorTest, IgnoreMissingTimestamp) { … } TEST_F(CloudPolicyValidatorTest, ErrorOldTimestamp) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoDMToken) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoDMTokenNotRequired) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoDMTokenNoTokenPassed) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidDMToken) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoDeviceId) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoDeviceIdNotRequired) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoDeviceIdNoDeviceIdPassed) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidDeviceId) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoPolicyValue) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidPolicyValue) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoUsername) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidUsername) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulByUsername) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoGaiaId) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidGaiaId) { … } TEST_F(CloudPolicyValidatorTest, ErrorErrorMessage) { … } TEST_F(CloudPolicyValidatorTest, ErrorErrorCode) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoSignature) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidSignature) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoPublicKey) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKey) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoPublicKeySignature) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeySignature) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidPublicKeyVerificationSignature) { … } TEST_F(CloudPolicyValidatorTest, GoodNewSignatureEmptyDeprecatedSignature) { … } TEST_F(CloudPolicyValidatorTest, ErrorDomainMismatchForKeyVerification) { … } TEST_F(CloudPolicyValidatorTest, ErrorDomainExtractedFromUsernameMismatch) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoCachedKeySignature) { … } TEST_F(CloudPolicyValidatorTest, ErrorInvalidCachedKeySignature) { … } TEST_F(CloudPolicyValidatorTest, SuccessfulNoDomainValidation) { … } TEST_F(CloudPolicyValidatorTest, SuccessWhenDeprecatedKeySignatureInvalid) { … } // This test is expected to fail when the deprecated signature will be removed. TEST_F(CloudPolicyValidatorTest, SuccessWhenNewKeySignatureInvalid) { … } TEST_F(CloudPolicyValidatorTest, ErrorNoRotationAllowed) { … } TEST_F(CloudPolicyValidatorTest, NoRotation) { … } TEST_F(CloudPolicyValidatorTest, ValueValidation) { … } } // namespace } // namespace policy
Codebase Browser
chromium