Run enterprise.platformKeys tests in background script

Before this CL, enterprise.platformKeys API tests were run by the C++ side of the test opening a web page (basic.html) which runs the javascript code (basic.js). This CL is implemented with the following two goals. 1- Moving the JS tests to a background script which will run automatically after the extension is force-installed. This is a first step towards extending this background script to test the API behavior on the loginscreen. 2- Extending the tests to allow the C++ side to control which tests will run. Bug: 1148294 Change-Id: Iac04b0fbfd8951b1095fa3e93c24366c7c0aa338 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2560301 Commit-Queue: Omar Morsi <omorsi@google.com> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Alexander Hendrich <hendrich@chromium.org> Cr-Commit-Position: refs/heads/master@{#832326}

Run enterprise.platformKeys tests in background script
Before this CL, enterprise.platformKeys API tests were run by the C++ side of the test opening a web page (basic.html) which runs the javascript code (basic.js). This CL is implemented with the following two goals. 1- Moving the JS tests to a background script which will run automatically after the extension is force-installed. This is a first step towards extending this background script to test the API behavior on the loginscreen. 2- Extending the tests to allow the C++ side to control which tests will run. Bug: 1148294 Change-Id: Iac04b0fbfd8951b1095fa3e93c24366c7c0aa338 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2560301 Commit-Queue: Omar Morsi <omorsi@google.com> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Alexander Hendrich <hendrich@chromium.org> Cr-Commit-Position: refs/heads/master@{#832326}
e9cab3f8 · Omar Morsi · Chromium LUCI CQ · b9881f64 · e9cab3f8 · e9cab3f8
Commit e9cab3f8 authored Dec 01, 2020 by Omar Morsi Committed by Chromium LUCI CQ Dec 01, 2020
4 changed files
--- a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc
+++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc
@@ -28,6 +28,8 @@
 #include "crypto/scoped_nss_types.h"
 #include "crypto/scoped_test_system_nss_key_slot.h"
 #include "extensions/browser/extension_registry.h"
+#include "extensions/test/extension_test_message_listener.h"
+#include "extensions/test/result_catcher.h"
 #include "net/cert/nss_cert_database.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "testing/gmock/include/gmock/gmock.h"
@@ -37,6 +39,17 @@ namespace extensions {

 namespace {

+// The test extension will query for the state of the system token.
+constexpr char kWaitingForSystemTokenStateMessage[] =
+    "Waiting for system token state message";
+
+// The message sent from a browsertest to the background script in case the
+// system token is enabled.
+constexpr char kSystemTokenEnabledMessage[] = "System token enabled.";
+// The message sent from a browsertest to the background script in case the
+// system token is disabled.
+constexpr char kSystemTokenDisabledMessage[] = "System token disabled.";
+
 // The test extension has a certificate referencing this private key which will
 // be stored in the user's token in the test setup.
 //
@@ -106,8 +119,7 @@ const unsigned char privateKeyPkcs8System[] = {
    0xbb, 0xc2, 0x63, 0x8a, 0xaa, 0x28, 0xd5, 0x37, 0x72, 0xed, 0x02, 0x20,
    0x16, 0xde, 0x3d, 0x57, 0xc5, 0xd5, 0x3d, 0x90, 0x8b, 0xfd, 0x90, 0x3b,
    0xd8, 0x71, 0x69, 0x5e, 0x8d, 0xb4, 0x48, 0x1c, 0xa4, 0x01, 0xce, 0xc1,
-    0xb5, 0x6f, 0xe9, 0x1b, 0x32, 0x91, 0x34, 0x38
-};
+    0xb5, 0x6f, 0xe9, 0x1b, 0x32, 0x91, 0x34, 0x38};

 void ImportPrivateKeyPKCS8ToSlot(const unsigned char* pkcs8_der,
                                 size_t pkcs8_der_size,
@@ -115,8 +127,7 @@ void ImportPrivateKeyPKCS8ToSlot(const unsigned char* pkcs8_der,
  SECItem pki_der_user = {
      siBuffer,
      // NSS requires non-const data even though it is just for input.
-      const_cast<unsigned char*>(pkcs8_der),
-      pkcs8_der_size};
+      const_cast<unsigned char*>(pkcs8_der), pkcs8_der_size};

  SECKEYPrivateKey* seckey_raw = nullptr;
  ASSERT_EQ(SECSuccess, PK11_ImportDERPrivateKeyInfoAndReturnKey(
@@ -208,6 +219,16 @@ class EnterprisePlatformKeysTest
  const std::string kUpdateManifestFileName =
      "enterprise_platform_keys_update_manifest.xml";

+  void SetUpTestListeners() {
+    catcher_ = std::make_unique<extensions::ResultCatcher>();
+    listener_ = std::make_unique<ExtensionTestMessageListener>(
+        kWaitingForSystemTokenStateMessage,
+        /*will_reply=*/true);
+  }
+
+  std::unique_ptr<extensions::ResultCatcher> catcher_;
+  std::unique_ptr<ExtensionTestMessageListener> listener_;
+
 private:
  void PrepareTestSystemSlotOnIO(
      crypto::ScopedTestSystemNSSKeySlot* system_slot) override {
@@ -252,20 +273,20 @@ IN_PROC_BROWSER_TEST_P(EnterprisePlatformKeysTest, PRE_Basic) {

 IN_PROC_BROWSER_TEST_P(EnterprisePlatformKeysTest, Basic) {
  {
-   base::RunLoop loop;
-   GetNSSCertDatabaseForProfile(
-       profile(),
-       base::BindOnce(&EnterprisePlatformKeysTest::DidGetCertDatabase,
-                      base::Unretained(this), loop.QuitClosure()));
-   loop.Run();
+    base::RunLoop loop;
+    GetNSSCertDatabaseForProfile(
+        profile(),
+        base::BindOnce(&EnterprisePlatformKeysTest::DidGetCertDatabase,
+                       base::Unretained(this), loop.QuitClosure()));
+    loop.Run();
  }
  policy_test_utils::SetExtensionInstallForcelistPolicy(
      kTestExtensionID,
      embedded_test_server()->GetURL("/" + kUpdateManifestFileName), profile(),
      mock_policy_provider());

-  // By default, the system token is disabled.
-  std::string system_token_availability;
+  SetUpTestListeners();
+  ASSERT_TRUE(listener_->WaitUntilSatisfied());

  // Only if the system token exists, and the current user is of the same domain
  // as the device is enrolled to, the system token is available to the
@@ -273,13 +294,12 @@ IN_PROC_BROWSER_TEST_P(EnterprisePlatformKeysTest, Basic) {
  if (system_token_status() == SystemTokenStatus::EXISTS &&
      enrollment_status() == EnrollmentStatus::ENROLLED &&
      user_status() == UserStatus::MANAGED_AFFILIATED_DOMAIN) {
-    system_token_availability = "systemTokenEnabled";
+    listener_->Reply(kSystemTokenEnabledMessage);
+  } else {
+    listener_->Reply(kSystemTokenDisabledMessage);
  }

-  ASSERT_TRUE(TestExtension(
-      base::StringPrintf("chrome-extension://%s/basic.html?%s",
-                         kTestExtensionID, system_token_availability.c_str())))
-      << message_;
+  ASSERT_TRUE(catcher_->GetNextResult());
 }

 INSTANTIATE_TEST_SUITE_P(

--- a/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js
+++ b/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js
@@ -4,7 +4,12 @@

 'use strict';

-var systemTokenEnabled = (location.href.indexOf("systemTokenEnabled") != -1);
+// The message sent from a browsertest to the background script in case the
+// system token is enabled.
+const SYSTEM_TOKEN_ENABLED_MESSAGE = 'System token enabled.';
+// The message sent from a browsertest to the background script in case the
+// system token is disabled.
+const SYSTEM_TOKEN_DISABLED_MESSAGE = 'System token disabled.';

 var assertEq = chrome.test.assertEq;
 var assertTrue = chrome.test.assertTrue;
@@ -292,7 +297,7 @@ function getTokens(callback) {
 /**
 * Runs preparations before the actual tests. Calls |callback| with |userToken|.
 */
-function beforeTests(callback) {
+function beforeTests(systemTokenEnabled, callback) {
  assertTrue(!!chrome.enterprise, "No enterprise namespace.");
  assertTrue(!!chrome.enterprise.platformKeys, "No platformKeys namespace.");
  assertTrue(!!chrome.enterprise.platformKeys.getTokens,
@@ -876,4 +881,20 @@ function runTests(userToken, systemToken) {
  chrome.test.runTests(testsIndependentOfKeys.concat(testsNotParameterized));
 }

-beforeTests(runTests);
+// |waitForSystemTokenStateMessage()| waits for the browser test to send a
+// message with the state of the system token to run tests accordingly. The
+// browser test logic can be found at:
+// c/b/e/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc
+function waitForSystemTokenStateMessage(systemTokenStateMessage) {
+  if (systemTokenStateMessage == SYSTEM_TOKEN_ENABLED_MESSAGE) {
+    beforeTests(/*systemTokenEnabled=*/ true, runTests);
+  } else if (systemTokenStateMessage == SYSTEM_TOKEN_DISABLED_MESSAGE) {
+    beforeTests(/*systemTokenEnabled=*/ false, runTests);
+  } else {
+    // No background script tests should run.
+    succeed();
+  }
+}
+
+chrome.test.sendMessage(
+    'Waiting for system token state message', waitForSystemTokenStateMessage);
--- a/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.html
+++ b/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.html
-<!--
- * Copyright 2014 The Chromium Authors. All rights reserved.  Use of this
- * source code is governed by a BSD-style license that can be found in the
- * LICENSE file.
-->
-<script src="basic.js"></script>
--- a/chrome/test/data/extensions/api_test/enterprise_platform_keys/manifest.json
+++ b/chrome/test/data/extensions/api_test/enterprise_platform_keys/manifest.json
@@ -4,6 +4,9 @@
  "name": "Basic tests",
  "version": "0.1",
  "manifest_version": 2,
+  "background": {
+    "scripts": ["background.js"]
+  },
  "permissions": [
    "enterprise.platformKeys"
  ]