New protocol and testserver for the Chrome-DMServer protocol

net/tools/testserver/device_management.py

 #!/usr/bin/python2.5
 # Copyright (c) 2010 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """A bare-bones test server for testing cloud policy support.
 
 This implements a simple cloud policy test server that can be used to test
 chrome's device management service client. The policy information is read from
 from files in a directory. The files should contain policy definitions in JSON
 format, using the top-level dictionary as a key/value store. The format is
 identical to what the Linux implementation reads from /etc. Here is an example:
 
 {
   "HomepageLocation" : "http://www.chromium.org"
 }
 
 """
 
+import calendar
 import cgi
 import logging
 import random
 import re
 import sys
+import time
 
 # The name and availability of the json module varies in python versions.
 try:
   import simplejson as json
 except ImportError:
   try:
     import json
   except ImportError:
     json = None
 
 import device_management_backend_pb2 as dm
+import cloud_policy_pb2 as cp
+
+LOG_FILENAME = '/dev/stdout'
+logging.basicConfig(filename=LOG_FILENAME,level=logging.DEBUG)

[Mattias Nissler (ping if slow), 2011/01/25 11:05:57]

I guess these two lines are not meant for committing?

 
 class RequestHandler(object):
   """Decodes and handles device management requests from clients.
 
   The handler implements all the request parsing and protobuf message decoding
   and encoding. It calls back into the server to lookup, register, and
   unregister clients.
   """
 
   def __init__(self, server, path, headers, request):
@@ skipping 42 matching lines @@
 
     self.DumpMessage('Request', rmsg)
 
     request_type = self.GetUniqueParam('request')
     if request_type == 'register':
       return self.ProcessRegister(rmsg.register_request)
     elif request_type == 'unregister':
       return self.ProcessUnregister(rmsg.unregister_request)
     elif request_type == 'policy':
       return self.ProcessPolicy(rmsg.policy_request)
+    elif request_type == 'cloud_policy':
+      return self.ProcessCloudPolicyRequest(rmsg.cloud_policy_request)
     else:
       return (400, 'Invalid request parameter')
 
   def ProcessRegister(self, msg):
     """Handles a register request.
 
     Checks the query for authorization and device identifier, registers the
     device with the server and constructs a response.
 
     Args:
@@ skipping 99 matching lines @@
           entry_value.value_type = dm.GenericValue.VALUE_TYPE_STRING_ARRAY
           for list_entry in value:
             entry_value.string_array.append(str(list_entry))
         entry.value.CopyFrom(entry_value)
       setting.policy_value.CopyFrom(policy_value)
 
     self.DumpMessage('Response', response)
 
     return (200, response.SerializeToString())
 
+  def _SetProtobufMessageField(self, group_message, field, field_value):
+    '''Sets a field in a protobuf message.
+    
+    Args:
+      group_message: The protobuf message.
+      field: The field of the message to set, it shuold be a member of
+          group_message.DESCRIPTOR.fields.
+      field_value: The value to set. 
+    '''
+    if field.type == field.TYPE_BYTES:
+      assert type(field_value) == list
+      string_list = cp.StringList()
+      for list_item in field_value:
+        string_list.entry.append(list_item)
+      serialized_string_list = string_list.SerializeToString()
+      group_message.__setattr__(field.name, serialized_string_list)
+    else:
+      # Simple cases:
+      if field.type == field.TYPE_BOOL:
+        assert type(field_value) == bool
+      elif field.type == field.TYPE_STRING:
+        assert type(field_value) == str
+      elif field.type == field.TYPE_INT64:
+        assert type(field_value) == int
+      else:
+        raise Exception('Unknown field type %s' % field.type_name)
+      group_message.__setattr__(field.name, field_value)
+
+  def ProcessCloudPolicyRequest(self, msg):
+    token, response = self.CheckToken()
+    if not token:
+      return response
+    
+    settings = cp.CloudPolicySettings()
+        
+    if msg.policy_scope == 'chromeos/device':
+      pass
+    
+    for group in settings.DESCRIPTOR.fields:
+      # Create protobuf message for group.
+      group_message = eval('cp.' + group.message_type.name + '()')
+      # Indiactes if at least one field was set in |group_message|.
+      got_fields = False
+      # Iterate over fields of the message and feed them from the
+      # policy config file.
+      for field in group_message.DESCRIPTOR.fields:
+        if field.name in self._server.policy:
+          got_fields = True
+          field_value = self._server.policy[field.name]
+          self._SetProtobufMessageField(group_message, field, field_value)
+      if got_fields:
+        settings.__getattribute__(group.name).CopyFrom(group_message)
+
+    # Construct response
+    signed_response = dm.SignedCloudPolicyResponse()
+    signed_response.settings.CopyFrom(settings)
+    signed_response.timestamp = calendar.timegm(time.gmtime())
+    signed_response.device_token = token;
+    signed_response.device_name = 'TODO';
+
+    cloud_response = dm.CloudPolicyResponse()
+    cloud_response.signed_response = signed_response.SerializeToString()
+    cloud_response.signature = 'TODO'

[Mattias Nissler (ping if slow), 2011/01/25 11:05:57]

should have some actual signing here :) Maybe pass the certificate in via a
command line option? Also, we need pass the certificate back to the client.

+
+    response = dm.DeviceManagementResponse()
+    response.error = dm.DeviceManagementResponse.SUCCESS
+    response.cloud_policy_response.CopyFrom(cloud_response)
+
+    self.DumpMessage('Response', response)
+
+    return (200, response.SerializeToString())
+
   def CheckToken(self):
     """Helper for checking whether the client supplied a valid DM token.
 
     Extracts the token from the request and passed to the server in order to
     look up the client. Returns a pair of token and error response. If the token
     is None, the error response is a pair of status code and error message.
 
     Returns:
       A pair of DM token and error response. If the token is None, the message
       will contain the error response to send back.
@@ skipping 84 matching lines @@
     return self._registered_devices.get(dmtoken, None)
 
   def UnregisterDevice(self, dmtoken):
     """Unregisters a device identified by the given DM token.
 
     Args:
       dmtoken: The device management token provided by the client.
     """
     if dmtoken in self._registered_devices:
       del self._registered_devices[dmtoken]