Commit 0cafad62 authored by Pavol Marko's avatar Pavol Marko Committed by Chromium LUCI CQ

Send device DMToken in cert provisioning requests if affiliated

If the Chrome OS user is affiliated, include the device DMToken in the
device_dm_token field of ClientCertificateProvisioningRequest when
creating certificate provisioning requests.

Background on implementation:
CloudPolicyClient already has knowledge of the device DMToken since
https://chromium-review.googlesource.com/c/chromium/src/+/907568/ .
For non-affiliated users or for CloudPolicyClient instances that are not
specific to a Chrome OS user / device-local account, the device DMToken
is empty.
This CL reuses that field and implicitly fills the device_dm_token for
certificate provisioning requests.

Bug: 1143283
Change-Id: Icf93c7d62d96c9e428ac58adfc98e49cd4468de3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2567156
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Reviewed-by: default avatarMichael Ershov <miersh@google.com>
Cr-Commit-Position: refs/heads/master@{#833024}
parent 31268676
...@@ -821,6 +821,9 @@ void CloudPolicyClient::ClientCertProvisioningStartCsr( ...@@ -821,6 +821,9 @@ void CloudPolicyClient::ClientCertProvisioningStartCsr(
request->set_cert_profile_id(cert_profile_id); request->set_cert_profile_id(cert_profile_id);
request->set_policy_version(cert_profile_version); request->set_policy_version(cert_profile_version);
request->set_public_key(public_key); request->set_public_key(public_key);
if (!device_dm_token_.empty()) {
request->set_device_dm_token(device_dm_token_);
}
// Sets the request type, no actual data is required. // Sets the request type, no actual data is required.
request->mutable_start_csr_request(); request->mutable_start_csr_request();
...@@ -855,6 +858,9 @@ void CloudPolicyClient::ClientCertProvisioningFinishCsr( ...@@ -855,6 +858,9 @@ void CloudPolicyClient::ClientCertProvisioningFinishCsr(
request->set_cert_profile_id(cert_profile_id); request->set_cert_profile_id(cert_profile_id);
request->set_policy_version(cert_profile_version); request->set_policy_version(cert_profile_version);
request->set_public_key(public_key); request->set_public_key(public_key);
if (!device_dm_token_.empty()) {
request->set_device_dm_token(device_dm_token_);
}
em::FinishCsrRequest* finish_csr_request = em::FinishCsrRequest* finish_csr_request =
request->mutable_finish_csr_request(); request->mutable_finish_csr_request();
...@@ -892,6 +898,9 @@ void CloudPolicyClient::ClientCertProvisioningDownloadCert( ...@@ -892,6 +898,9 @@ void CloudPolicyClient::ClientCertProvisioningDownloadCert(
request->set_cert_profile_id(cert_profile_id); request->set_cert_profile_id(cert_profile_id);
request->set_policy_version(cert_profile_version); request->set_policy_version(cert_profile_version);
request->set_public_key(public_key); request->set_public_key(public_key);
if (!device_dm_token_.empty()) {
request->set_device_dm_token(device_dm_token_);
}
// Sets the request type, no actual data is required. // Sets the request type, no actual data is required.
request->mutable_download_cert_request(); request->mutable_download_cert_request();
......
...@@ -330,14 +330,16 @@ class CloudPolicyClientTest : public testing::Test { ...@@ -330,14 +330,16 @@ class CloudPolicyClientTest : public testing::Test {
client_->RemoveObserver(&observer_); client_->RemoveObserver(&observer_);
} }
void RegisterClient() { void RegisterClient(const std::string& device_dm_token) {
EXPECT_CALL(observer_, OnRegistrationStateChanged(_)); EXPECT_CALL(observer_, OnRegistrationStateChanged(_));
EXPECT_CALL(device_dmtoken_callback_observer_, OnDeviceDMTokenRequested(_)) EXPECT_CALL(device_dmtoken_callback_observer_, OnDeviceDMTokenRequested(_))
.WillOnce(Return(kDeviceDMToken)); .WillOnce(Return(device_dm_token));
client_->SetupRegistration(kDMToken, client_id_, client_->SetupRegistration(kDMToken, client_id_,
std::vector<std::string>()); std::vector<std::string>());
} }
void RegisterClient() { RegisterClient(kDeviceDMToken); }
void CreateClient() { void CreateClient() {
service_.ScheduleInitialization(0); service_.ScheduleInitialization(0);
base::RunLoop().RunUntilIdle(); base::RunLoop().RunUntilIdle();
...@@ -2289,11 +2291,16 @@ class MockClientCertProvisioningStartCsrCallbackObserver { ...@@ -2289,11 +2291,16 @@ class MockClientCertProvisioningStartCsrCallbackObserver {
}; };
class CloudPolicyClientCertProvisioningStartCsrTest class CloudPolicyClientCertProvisioningStartCsrTest
: public CloudPolicyClientTest { : public CloudPolicyClientTest,
public ::testing::WithParamInterface<bool> {
public: public:
void RunTest(const em::DeviceManagementResponse& fake_response, void RunTest(const em::DeviceManagementResponse& fake_response,
const MockClientCertProvisioningStartCsrCallbackObserver& const MockClientCertProvisioningStartCsrCallbackObserver&
callback_observer); callback_observer);
// Wraps the test parameter - returns true if in this test run
// CloudPolicyClient has knowledge of the device DMToken.
bool HasDeviceDMToken() { return GetParam(); }
}; };
void CloudPolicyClientCertProvisioningStartCsrTest::RunTest( void CloudPolicyClientCertProvisioningStartCsrTest::RunTest(
...@@ -2313,11 +2320,18 @@ void CloudPolicyClientCertProvisioningStartCsrTest::RunTest( ...@@ -2313,11 +2320,18 @@ void CloudPolicyClientCertProvisioningStartCsrTest::RunTest(
inner_request->set_cert_profile_id(cert_profile_id); inner_request->set_cert_profile_id(cert_profile_id);
inner_request->set_policy_version(cert_profile_version); inner_request->set_policy_version(cert_profile_version);
inner_request->set_public_key(public_key); inner_request->set_public_key(public_key);
if (HasDeviceDMToken()) {
inner_request->set_device_dm_token(kDeviceDMToken);
}
// Sets the request type, no actual data is required. // Sets the request type, no actual data is required.
inner_request->mutable_start_csr_request(); inner_request->mutable_start_csr_request();
} }
RegisterClient(); if (HasDeviceDMToken()) {
RegisterClient(kDeviceDMToken);
} else {
RegisterClient(/*device_dm_token=*/std::string());
}
EXPECT_CALL(service_, StartJob(_)) EXPECT_CALL(service_, StartJob(_))
.WillOnce(DoAll(service_.CaptureJobType(&job_type_), .WillOnce(DoAll(service_.CaptureJobType(&job_type_),
...@@ -2342,7 +2356,7 @@ void CloudPolicyClientCertProvisioningStartCsrTest::RunTest( ...@@ -2342,7 +2356,7 @@ void CloudPolicyClientCertProvisioningStartCsrTest::RunTest(
// 1. Checks that |ClientCertProvisioningStartCsr| generates a correct request. // 1. Checks that |ClientCertProvisioningStartCsr| generates a correct request.
// 2. Checks that |OnClientCertProvisioningStartCsrResponse| correctly extracts // 2. Checks that |OnClientCertProvisioningStartCsrResponse| correctly extracts
// data from a response that contains data. // data from a response that contains data.
TEST_F(CloudPolicyClientCertProvisioningStartCsrTest, TEST_P(CloudPolicyClientCertProvisioningStartCsrTest,
RequestClientCertProvisioningStartCsrSuccess) { RequestClientCertProvisioningStartCsrSuccess) {
const std::string invalidation_topic = "fake_invalidation_topic_1"; const std::string invalidation_topic = "fake_invalidation_topic_1";
const std::string va_challenge = "fake_va_challenge_1"; const std::string va_challenge = "fake_va_challenge_1";
...@@ -2377,7 +2391,7 @@ TEST_F(CloudPolicyClientCertProvisioningStartCsrTest, ...@@ -2377,7 +2391,7 @@ TEST_F(CloudPolicyClientCertProvisioningStartCsrTest,
// 1. Checks that |ClientCertProvisioningStartCsr| generates a correct request. // 1. Checks that |ClientCertProvisioningStartCsr| generates a correct request.
// 2. Checks that |OnClientCertProvisioningStartCsrResponse| correctly extracts // 2. Checks that |OnClientCertProvisioningStartCsrResponse| correctly extracts
// data from a response that contains the try_later field. // data from a response that contains the try_later field.
TEST_F(CloudPolicyClientCertProvisioningStartCsrTest, TEST_P(CloudPolicyClientCertProvisioningStartCsrTest,
RequestClientCertProvisioningStartCsrTryLater) { RequestClientCertProvisioningStartCsrTryLater) {
const int64_t try_later = 60000; const int64_t try_later = 60000;
em::DeviceManagementResponse fake_response; em::DeviceManagementResponse fake_response;
...@@ -2402,7 +2416,7 @@ TEST_F(CloudPolicyClientCertProvisioningStartCsrTest, ...@@ -2402,7 +2416,7 @@ TEST_F(CloudPolicyClientCertProvisioningStartCsrTest,
// 1. Checks that |ClientCertProvisioningStartCsr| generates a correct request. // 1. Checks that |ClientCertProvisioningStartCsr| generates a correct request.
// 2. Checks that |OnClientCertProvisioningStartCsrResponse| correctly extracts // 2. Checks that |OnClientCertProvisioningStartCsrResponse| correctly extracts
// data from a response that contains the error field. // data from a response that contains the error field.
TEST_F(CloudPolicyClientCertProvisioningStartCsrTest, TEST_P(CloudPolicyClientCertProvisioningStartCsrTest,
RequestClientCertProvisioningStartCsrError) { RequestClientCertProvisioningStartCsrError) {
const CertProvisioningResponseErrorType error = const CertProvisioningResponseErrorType error =
CertProvisioningResponseError::CA_ERROR; CertProvisioningResponseError::CA_ERROR;
...@@ -2425,6 +2439,10 @@ TEST_F(CloudPolicyClientCertProvisioningStartCsrTest, ...@@ -2425,6 +2439,10 @@ TEST_F(CloudPolicyClientCertProvisioningStartCsrTest,
RunTest(fake_response, callback_observer); RunTest(fake_response, callback_observer);
} }
INSTANTIATE_TEST_SUITE_P(,
CloudPolicyClientCertProvisioningStartCsrTest,
::testing::Values(false, true));
class MockClientCertProvisioningFinishCsrCallbackObserver { class MockClientCertProvisioningFinishCsrCallbackObserver {
public: public:
MockClientCertProvisioningFinishCsrCallbackObserver() = default; MockClientCertProvisioningFinishCsrCallbackObserver() = default;
...@@ -2438,11 +2456,16 @@ class MockClientCertProvisioningFinishCsrCallbackObserver { ...@@ -2438,11 +2456,16 @@ class MockClientCertProvisioningFinishCsrCallbackObserver {
}; };
class CloudPolicyClientCertProvisioningFinishCsrTest class CloudPolicyClientCertProvisioningFinishCsrTest
: public CloudPolicyClientTest { : public CloudPolicyClientTest,
public ::testing::WithParamInterface<bool> {
public: public:
void RunTest(const em::DeviceManagementResponse& fake_response, void RunTest(const em::DeviceManagementResponse& fake_response,
const MockClientCertProvisioningFinishCsrCallbackObserver& const MockClientCertProvisioningFinishCsrCallbackObserver&
callback_observer); callback_observer);
// Wraps the test parameter - returns true if in this test run
// CloudPolicyClient has knowledge of the device DMToken.
bool HasDeviceDMToken() { return GetParam(); }
}; };
void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest( void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest(
...@@ -2464,6 +2487,9 @@ void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest( ...@@ -2464,6 +2487,9 @@ void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest(
inner_request->set_cert_profile_id(cert_profile_id); inner_request->set_cert_profile_id(cert_profile_id);
inner_request->set_policy_version(cert_profile_version); inner_request->set_policy_version(cert_profile_version);
inner_request->set_public_key(public_key); inner_request->set_public_key(public_key);
if (HasDeviceDMToken()) {
inner_request->set_device_dm_token(kDeviceDMToken);
}
em::FinishCsrRequest* finish_csr_request = em::FinishCsrRequest* finish_csr_request =
inner_request->mutable_finish_csr_request(); inner_request->mutable_finish_csr_request();
...@@ -2471,7 +2497,11 @@ void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest( ...@@ -2471,7 +2497,11 @@ void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest(
finish_csr_request->set_signature(signature); finish_csr_request->set_signature(signature);
} }
RegisterClient(); if (HasDeviceDMToken()) {
RegisterClient(kDeviceDMToken);
} else {
RegisterClient(/*device_dm_token=*/std::string());
}
EXPECT_CALL(service_, StartJob(_)) EXPECT_CALL(service_, StartJob(_))
.WillOnce(DoAll(service_.CaptureJobType(&job_type_), .WillOnce(DoAll(service_.CaptureJobType(&job_type_),
...@@ -2497,7 +2527,7 @@ void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest( ...@@ -2497,7 +2527,7 @@ void CloudPolicyClientCertProvisioningFinishCsrTest::RunTest(
// 1. Checks that |ClientCertProvisioningFinishCsr| generates a correct request. // 1. Checks that |ClientCertProvisioningFinishCsr| generates a correct request.
// 2. Checks that |OnClientCertProvisioningFinishCsrResponse| correctly extracts // 2. Checks that |OnClientCertProvisioningFinishCsrResponse| correctly extracts
// data from a response that contains success status code. // data from a response that contains success status code.
TEST_F(CloudPolicyClientCertProvisioningFinishCsrTest, TEST_P(CloudPolicyClientCertProvisioningFinishCsrTest,
RequestClientCertProvisioningFinishCsrSuccess) { RequestClientCertProvisioningFinishCsrSuccess) {
em::DeviceManagementResponse fake_response; em::DeviceManagementResponse fake_response;
{ {
...@@ -2519,7 +2549,7 @@ TEST_F(CloudPolicyClientCertProvisioningFinishCsrTest, ...@@ -2519,7 +2549,7 @@ TEST_F(CloudPolicyClientCertProvisioningFinishCsrTest,
// 1. Checks that |ClientCertProvisioningFinishCsr| generates a correct request. // 1. Checks that |ClientCertProvisioningFinishCsr| generates a correct request.
// 2. Checks that |OnClientCertProvisioningFinishCsrResponse| correctly extracts // 2. Checks that |OnClientCertProvisioningFinishCsrResponse| correctly extracts
// data from a response that contains the error field. // data from a response that contains the error field.
TEST_F(CloudPolicyClientCertProvisioningFinishCsrTest, TEST_P(CloudPolicyClientCertProvisioningFinishCsrTest,
RequestClientCertProvisioningFinishCsrError) { RequestClientCertProvisioningFinishCsrError) {
const CertProvisioningResponseErrorType error = const CertProvisioningResponseErrorType error =
CertProvisioningResponseError::CA_ERROR; CertProvisioningResponseError::CA_ERROR;
...@@ -2539,6 +2569,10 @@ TEST_F(CloudPolicyClientCertProvisioningFinishCsrTest, ...@@ -2539,6 +2569,10 @@ TEST_F(CloudPolicyClientCertProvisioningFinishCsrTest,
RunTest(fake_response, callback_observer); RunTest(fake_response, callback_observer);
} }
INSTANTIATE_TEST_SUITE_P(,
CloudPolicyClientCertProvisioningFinishCsrTest,
::testing::Values(false, true));
class MockClientCertProvisioningDownloadCertCallbackObserver { class MockClientCertProvisioningDownloadCertCallbackObserver {
public: public:
MockClientCertProvisioningDownloadCertCallbackObserver() = default; MockClientCertProvisioningDownloadCertCallbackObserver() = default;
...@@ -2553,11 +2587,16 @@ class MockClientCertProvisioningDownloadCertCallbackObserver { ...@@ -2553,11 +2587,16 @@ class MockClientCertProvisioningDownloadCertCallbackObserver {
}; };
class CloudPolicyClientCertProvisioningDownloadCertTest class CloudPolicyClientCertProvisioningDownloadCertTest
: public CloudPolicyClientTest { : public CloudPolicyClientTest,
public ::testing::WithParamInterface<bool> {
public: public:
void RunTest(const em::DeviceManagementResponse& fake_response, void RunTest(const em::DeviceManagementResponse& fake_response,
const MockClientCertProvisioningDownloadCertCallbackObserver& const MockClientCertProvisioningDownloadCertCallbackObserver&
callback_observer); callback_observer);
// Wraps the test parameter - returns true if in this test run
// CloudPolicyClient has knowledge of the device DMToken.
bool HasDeviceDMToken() { return GetParam(); }
}; };
void CloudPolicyClientCertProvisioningDownloadCertTest::RunTest( void CloudPolicyClientCertProvisioningDownloadCertTest::RunTest(
...@@ -2577,11 +2616,18 @@ void CloudPolicyClientCertProvisioningDownloadCertTest::RunTest( ...@@ -2577,11 +2616,18 @@ void CloudPolicyClientCertProvisioningDownloadCertTest::RunTest(
inner_request->set_cert_profile_id(cert_profile_id); inner_request->set_cert_profile_id(cert_profile_id);
inner_request->set_policy_version(cert_profile_version); inner_request->set_policy_version(cert_profile_version);
inner_request->set_public_key(public_key); inner_request->set_public_key(public_key);
if (HasDeviceDMToken()) {
inner_request->set_device_dm_token(kDeviceDMToken);
}
// Sets the request type, no actual data is required. // Sets the request type, no actual data is required.
inner_request->mutable_download_cert_request(); inner_request->mutable_download_cert_request();
} }
RegisterClient(); if (HasDeviceDMToken()) {
RegisterClient(kDeviceDMToken);
} else {
RegisterClient(/*device_dm_token=*/std::string());
}
EXPECT_CALL(service_, StartJob(_)) EXPECT_CALL(service_, StartJob(_))
.WillOnce(DoAll(service_.CaptureJobType(&job_type_), .WillOnce(DoAll(service_.CaptureJobType(&job_type_),
...@@ -2607,7 +2653,7 @@ void CloudPolicyClientCertProvisioningDownloadCertTest::RunTest( ...@@ -2607,7 +2653,7 @@ void CloudPolicyClientCertProvisioningDownloadCertTest::RunTest(
// request. // request.
// 2. Checks that |OnClientCertProvisioningDownloadCertResponse| correctly // 2. Checks that |OnClientCertProvisioningDownloadCertResponse| correctly
// extracts data from a response that contains success status code. // extracts data from a response that contains success status code.
TEST_F(CloudPolicyClientCertProvisioningDownloadCertTest, TEST_P(CloudPolicyClientCertProvisioningDownloadCertTest,
RequestClientCertProvisioningDownloadCertSuccess) { RequestClientCertProvisioningDownloadCertSuccess) {
const std::string pem_encoded_cert = "fake_pem_encoded_cert_1"; const std::string pem_encoded_cert = "fake_pem_encoded_cert_1";
em::DeviceManagementResponse fake_response; em::DeviceManagementResponse fake_response;
...@@ -2634,7 +2680,7 @@ TEST_F(CloudPolicyClientCertProvisioningDownloadCertTest, ...@@ -2634,7 +2680,7 @@ TEST_F(CloudPolicyClientCertProvisioningDownloadCertTest,
// request. // request.
// 2. Checks that |OnClientCertProvisioningDownloadCertResponse| correctly // 2. Checks that |OnClientCertProvisioningDownloadCertResponse| correctly
// extracts data from a response that contains the error field. // extracts data from a response that contains the error field.
TEST_F(CloudPolicyClientCertProvisioningDownloadCertTest, TEST_P(CloudPolicyClientCertProvisioningDownloadCertTest,
RequestClientCertProvisioningDownloadCertError) { RequestClientCertProvisioningDownloadCertError) {
const CertProvisioningResponseErrorType error = const CertProvisioningResponseErrorType error =
CertProvisioningResponseError::CA_ERROR; CertProvisioningResponseError::CA_ERROR;
...@@ -2655,4 +2701,8 @@ TEST_F(CloudPolicyClientCertProvisioningDownloadCertTest, ...@@ -2655,4 +2701,8 @@ TEST_F(CloudPolicyClientCertProvisioningDownloadCertTest,
RunTest(fake_response, callback_observer); RunTest(fake_response, callback_observer);
} }
INSTANTIATE_TEST_SUITE_P(,
CloudPolicyClientCertProvisioningDownloadCertTest,
::testing::Values(false, true));
} // namespace policy } // namespace policy
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment