DeviceStateMixin: Write owner key file

TBR=xiyuan@chromium.org CQ-DEPEND=CL:1570024 Bug: 952855 Change-Id: I783e41a3c810764d8118dda3643f2a1964186966 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1572405Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Toni Baržić <tbarzic@chromium.org> Commit-Queue: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#652613}

DeviceStateMixin: Write owner key file
TBR=xiyuan@chromium.org CQ-DEPEND=CL:1570024 Bug: 952855 Change-Id: I783e41a3c810764d8118dda3643f2a1964186966 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1572405Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Toni Baržić <tbarzic@chromium.org> Commit-Queue: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#652613}
5a1d77cc · Roman Sorokin · Commit Bot · b4973253 · 5a1d77cc · 5a1d77cc
Commit 5a1d77cc authored Apr 19, 2019 by Roman Sorokin Committed by Commit Bot Apr 19, 2019
12 changed files
--- a/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc
+++ b/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc
@@ -130,7 +130,7 @@ base::FilePath GetKerberosCredentialsCachePath() {

 class ExistingUserControllerTest : public policy::DevicePolicyCrosBrowserTest {
 protected:
-  ExistingUserControllerTest() {}
+  ExistingUserControllerTest() = default;

  ExistingUserController* existing_user_controller() {
    return ExistingUserController::current_controller();
@@ -141,8 +141,6 @@ class ExistingUserControllerTest : public policy::DevicePolicyCrosBrowserTest {
  }

  void SetUpInProcessBrowserTestFixture() override {
-    SetUpSessionManager();
-
    DevicePolicyCrosBrowserTest::SetUpInProcessBrowserTestFixture();

    mock_login_display_host_ = std::make_unique<MockLoginDisplayHost>();
@@ -150,8 +148,6 @@ class ExistingUserControllerTest : public policy::DevicePolicyCrosBrowserTest {
    SetUpLoginDisplay();
  }

-  virtual void SetUpSessionManager() {}
-
  virtual void SetUpLoginDisplay() {
    EXPECT_CALL(*mock_login_display_host_, GetLoginDisplay())
        .Times(AnyNumber())
@@ -164,11 +160,13 @@ class ExistingUserControllerTest : public policy::DevicePolicyCrosBrowserTest {
  }

  void SetUpCommandLine(base::CommandLine* command_line) override {
+    policy::DevicePolicyCrosBrowserTest::SetUpCommandLine(command_line);
    command_line->AppendSwitch(switches::kLoginManager);
    command_line->AppendSwitch(switches::kForceLoginManagerInTests);
  }

  void SetUpOnMainThread() override {
+    policy::DevicePolicyCrosBrowserTest::SetUpOnMainThread();
    existing_user_controller_ = std::make_unique<ExistingUserController>();
    EXPECT_CALL(*mock_login_display_host_, GetExistingUserController())
        .Times(AnyNumber())
@@ -278,28 +276,17 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, DISABLED_ExistingUserLogin) {
 // started.
 class ExistingUserControllerUntrustedTest : public ExistingUserControllerTest {
 public:
-  ExistingUserControllerUntrustedTest();
-
-  void SetUpInProcessBrowserTestFixture() override;
+  ExistingUserControllerUntrustedTest() = default;

-  void SetUpSessionManager() override;
+  void SetUpInProcessBrowserTestFixture() override {
+    ExistingUserControllerTest::SetUpInProcessBrowserTestFixture();
+    ExpectLoginFailure();
+  }

 private:
  DISALLOW_COPY_AND_ASSIGN(ExistingUserControllerUntrustedTest);
 };

-ExistingUserControllerUntrustedTest::ExistingUserControllerUntrustedTest() {}
-
-void ExistingUserControllerUntrustedTest::SetUpInProcessBrowserTestFixture() {
-  ExistingUserControllerTest::SetUpInProcessBrowserTestFixture();
-
-  ExpectLoginFailure();
-}
-
-void ExistingUserControllerUntrustedTest::SetUpSessionManager() {
-  InstallOwnerKey();
-}
-
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest,
                       ExistingUserLoginForbidden) {
  UserContext user_context(user_manager::UserType::USER_TYPE_REGULAR,
@@ -385,9 +372,8 @@ class ExistingUserControllerPublicSessionTest
    }
  }

-  void SetUpSessionManager() override {
-    InstallOwnerKey();
-
+  void SetUpInProcessBrowserTestFixture() override {
+    ExistingUserControllerTest::SetUpInProcessBrowserTestFixture();
    // Setup the device policy.
    em::ChromeDeviceSettingsProto& proto(device_policy()->payload());
    em::DeviceLocalAccountInfoProto* account =
@@ -1034,9 +1020,10 @@ class ExistingUserControllerSavePasswordHashTest
    : public ExistingUserControllerTest {
 public:
  ExistingUserControllerSavePasswordHashTest() = default;
+  ~ExistingUserControllerSavePasswordHashTest() override = default;

-  void SetUpSessionManager() override {
-    InstallOwnerKey();
+  void SetUpInProcessBrowserTestFixture() override {
+    ExistingUserControllerTest::SetUpInProcessBrowserTestFixture();
    RefreshDevicePolicy();
  }
 };

--- a/chrome/browser/chromeos/login/test/device_state_mixin.cc
+++ b/chrome/browser/chromeos/login/test/device_state_mixin.cc
@@ -4,11 +4,13 @@

 #include "chrome/browser/chromeos/login/test/device_state_mixin.h"

+#include "base/numerics/safe_conversions.h"
 #include "base/path_service.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/constants/chromeos_paths.h"
+#include "components/policy/core/common/cloud/policy_builder.h"
 #include "components/policy/proto/install_attributes.pb.h"
 #include "components/prefs/pref_service.h"

@@ -66,6 +68,7 @@ void DeviceStateMixin::SetDeviceState() {
  is_setup_ = true;

  WriteInstallAttrFile();
+  WriteOwnerKey();
 }

 void DeviceStateMixin::WriteInstallAttrFile() {
@@ -102,8 +105,31 @@ void DeviceStateMixin::WriteInstallAttrFile() {
  std::string blob;
  CHECK(BuildInstallAttributes(device_mode, domain, realm, kFakeDeviceId)
            .SerializeToString(&blob));
-  CHECK_EQ(static_cast<int>(blob.size()),
-           base::WriteFile(install_attrs_file, blob.data(), blob.size()));
+  CHECK_EQ(base::checked_cast<int>(blob.length()),
+           base::WriteFile(install_attrs_file, blob.data(), blob.length()));
+}
+
+void DeviceStateMixin::WriteOwnerKey() {
+  switch (state_) {
+    case DeviceStateMixin::State::BEFORE_OOBE:
+    case DeviceStateMixin::State::OOBE_COMPLETED_UNOWNED:
+    case DeviceStateMixin::State::OOBE_COMPLETED_ACTIVE_DIRECTORY_ENROLLED:
+      return;
+    case DeviceStateMixin::State::OOBE_COMPLETED_CLOUD_ENROLLED:
+    case DeviceStateMixin::State::OOBE_COMPLETED_CONSUMER_OWNED:
+    case DeviceStateMixin::State::OOBE_COMPLETED_DEMO_MODE:
+      base::FilePath user_data_dir;
+      base::FilePath owner_key_file;
+      CHECK(base::PathService::Get(chrome::DIR_USER_DATA, &user_data_dir));
+      owner_key_file = user_data_dir.Append("stub_owner.key");
+      const std::string owner_key_bits =
+          policy::PolicyBuilder::GetPublicTestKeyAsString();
+      CHECK(!owner_key_bits.empty());
+      CHECK_EQ(base::checked_cast<int>(owner_key_bits.length()),
+               base::WriteFile(owner_key_file, owner_key_bits.data(),
+                               owner_key_bits.length()));
+      break;
+  }
 }

 DeviceStateMixin::~DeviceStateMixin() = default;

--- a/chrome/browser/chromeos/login/test/device_state_mixin.h
+++ b/chrome/browser/chromeos/login/test/device_state_mixin.h
@@ -38,6 +38,7 @@ class DeviceStateMixin : public InProcessBrowserTestMixin {
 private:
  void SetDeviceState();
  void WriteInstallAttrFile();
+  void WriteOwnerKey();

  State state_;
  std::string domain_;

--- a/chrome/browser/chromeos/login/webview_login_browsertest.cc
+++ b/chrome/browser/chromeos/login/webview_login_browsertest.cc
@@ -542,8 +542,6 @@ class WebviewClientCertsLoginTest : public WebviewLoginTest {
  }

  void SetUpInProcessBrowserTestFixture() override {
-    device_policy_test_helper_.InstallOwnerKey();
-
    // Override FakeSessionManagerClient. This will be shut down by the browser.
    chromeos::SessionManagerClient::InitializeFakeInMemory();
    FakeSessionManagerClient::Get()->set_device_policy(
@@ -899,8 +897,6 @@ class WebviewProxyAuthLoginTest : public WebviewLoginTest {
  void SetUpInProcessBrowserTestFixture() override {
    WebviewLoginTest::SetUpInProcessBrowserTestFixture();

-    device_policy_test_helper_.InstallOwnerKey();
-
    FakeSessionManagerClient::Get()->set_device_policy(
        device_policy_builder()->GetBlob());


--- a/chrome/browser/chromeos/policy/affiliation_test_helper.cc
+++ b/chrome/browser/chromeos/policy/affiliation_test_helper.cc
@@ -20,6 +20,7 @@
 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_policy_builder.h"
 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h"
+#include "chrome/common/chrome_paths.h"
 #include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/auth_policy/fake_auth_policy_client.h"
@@ -48,6 +49,10 @@ namespace {

 // Creates policy key file for the user specified in |user_policy|.
 void SetUserKeys(const policy::UserPolicyBuilder& user_policy) {
+  base::FilePath user_data_dir;
+  if (base::PathService::Get(chrome::DIR_USER_DATA, &user_data_dir))
+    chromeos::dbus_paths::RegisterStubPathOverrides(user_data_dir);
+
  const AccountId account_id =
      AccountId::FromUserEmail(user_policy.policy_data().username());
  base::FilePath user_keys_dir;
@@ -123,7 +128,6 @@ void AffiliationTestHelper::SetDeviceAffiliationIDs(
  if (management_type_ != ManagementType::kActiveDirectory) {
    // Create keys and sign policy. Note that Active Directory policy is
    // unsigned.
-    test_helper->InstallOwnerKey();
    device_policy->SetDefaultSigningKey();
  }
  device_policy->Build();

--- a/chrome/browser/chromeos/policy/device_policy_cros_browser_test.cc
+++ b/chrome/browser/chromeos/policy/device_policy_cros_browser_test.cc
@@ -71,15 +71,6 @@ void DevicePolicyCrosBrowserTest::SetUp() {
  chromeos::MixinBasedInProcessBrowserTest::SetUp();
 }

-void DevicePolicyCrosBrowserTest::SetUpInProcessBrowserTestFixture() {
-  InstallOwnerKey();
-  chromeos::MixinBasedInProcessBrowserTest::SetUpInProcessBrowserTestFixture();
-}
-
-void DevicePolicyCrosBrowserTest::InstallOwnerKey() {
-  test_helper_.InstallOwnerKey();
-}
-
 void DevicePolicyCrosBrowserTest::RefreshDevicePolicy() {
  // Reset the key to its original state.
  device_policy()->SetDefaultSigningKey();

--- a/chrome/browser/chromeos/policy/device_policy_cros_browser_test.h
+++ b/chrome/browser/chromeos/policy/device_policy_cros_browser_test.h
@@ -48,10 +48,6 @@ class DevicePolicyCrosBrowserTest

  // MixinBasedInProcessBrowserTest:
  void SetUp() override;
-  void SetUpInProcessBrowserTestFixture() override;
-
-  // Writes the owner key to disk. To be called before installing a policy.
-  void InstallOwnerKey();

  // Reinstalls |device_policy_| as the policy (to be used when it was
  // recently changed).

--- a/chrome/browser/chromeos/policy/display_resolution_handler_browsertest.cc
+++ b/chrome/browser/chromeos/policy/display_resolution_handler_browsertest.cc
@@ -392,7 +392,6 @@ class DisplayResolutionBootTest
  void SetUpInProcessBrowserTestFixture() override {
    // Override FakeSessionManagerClient. This will be shut down by the browser.
    chromeos::SessionManagerClient::InitializeFakeInMemory();
-    test_helper_.InstallOwnerKey();
    ash::DisplayConfigurationController::DisableAnimatorForTest();
    chromeos::MixinBasedInProcessBrowserTest::
        SetUpInProcessBrowserTestFixture();

--- a/chrome/browser/chromeos/policy/display_rotation_default_handler_browsertest.cc
+++ b/chrome/browser/chromeos/policy/display_rotation_default_handler_browsertest.cc
@@ -265,7 +265,6 @@ class DisplayRotationBootTest
  void SetUpInProcessBrowserTestFixture() override {
    // Override FakeSessionManagerClient. This will be shut down by the browser.
    chromeos::SessionManagerClient::InitializeFakeInMemory();
-    test_helper_.InstallOwnerKey();
    ash::DisplayConfigurationController::DisableAnimatorForTest();
    chromeos::MixinBasedInProcessBrowserTest::
        SetUpInProcessBrowserTestFixture();

--- a/chrome/browser/chromeos/system/device_disabling_browsertest.cc
+++ b/chrome/browser/chromeos/system/device_disabling_browsertest.cc
@@ -131,8 +131,6 @@ void DeviceDisablingTest::SetUpInProcessBrowserTestFixture() {
  chromeos::SessionManagerClient::InitializeFakeInMemory();

  OobeBaseTest::SetUpInProcessBrowserTestFixture();
-
-  test_helper_.InstallOwnerKey();
 }

 void DeviceDisablingTest::SetUpOnMainThread() {

--- a/chrome/browser/extensions/api/enterprise_device_attributes/enterprise_device_attributes_apitest.cc
+++ b/chrome/browser/extensions/api/enterprise_device_attributes/enterprise_device_attributes_apitest.cc
@@ -147,6 +147,7 @@ class EnterpriseDeviceAttributesTest
    device_affiliation_ids.insert(kAffiliationID);
    ASSERT_NO_FATAL_FAILURE(affiliation_helper.SetDeviceAffiliationIDs(
        &test_helper_, device_affiliation_ids));
+    test_helper_.InstallOwnerKey();

    std::set<std::string> user_affiliation_ids;
    if (GetParam().affiliated) {

--- a/chrome/browser/extensions/api/platform_keys/platform_keys_test_base.cc
+++ b/chrome/browser/extensions/api/platform_keys/platform_keys_test_base.cc
@@ -104,6 +104,7 @@ void PlatformKeysTestBase::SetUpInProcessBrowserTestFixture() {
    device_affiliation_ids.insert(kAffiliationID);
    ASSERT_NO_FATAL_FAILURE(affiliation_helper.SetDeviceAffiliationIDs(
        &device_policy_test_helper_, device_affiliation_ids));
+    device_policy_test_helper_.InstallOwnerKey();
    install_attributes_.Get()->SetCloudManaged(
        policy::PolicyBuilder::kFakeDomain,
        policy::PolicyBuilder::kFakeDeviceId);