[autotest] Add test for the re-taking of ownership after the owner key is lost

client/cros/cros_ui_test.py

 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 import dbus, logging, os, re, shutil, socket, sys
 import common
 import auth_server, constants, cryptohome, dns_server
 import cros_logging, cros_ui, login, ownership
 from autotest_lib.client.bin import test, utils
 from autotest_lib.client.common_lib import error
@@ skipping 184 matching lines @@
         if self.auto_login:
             self.login(self.username, self.password)
             if is_creating_owner:
                 login.wait_for_ownership()
 
     def __fake_ownership(self):
         """Fake ownership by generating the necessary magic files."""
         # Determine the module directory.
         dirname = os.path.dirname(__file__)
         mock_certfile = os.path.join(dirname, 'mock_owner_cert.pem')
-        mock_signedprefsfile = os.path.join(dirname, 'mock_owner.preferences')
         mock_signedpolicyfile = os.path.join(dirname, 'mock_owner.policy')
         utils.open_write_close(
             constants.OWNER_KEY_FILE,
             ownership.cert_extract_pubkey_der(mock_certfile))
-        shutil.copy(mock_signedprefsfile,
-                    constants.SIGNED_PREFERENCES_FILE)
         shutil.copy(mock_signedpolicyfile,
                     constants.SIGNED_POLICY_FILE)
 
 
     def __canonicalize(self, credential):
         """Perform basic canonicalization of |email_address|
 
         Perform basic canonicalization of |email_address|, taking
         into account that gmail does not consider '.' or caps inside a
         username to matter.  It also ignores everything after a '+'.
@@ skipping 82 matching lines @@
     def get_autox(self):
         """Return a new autox instance.
 
         Explicitly cache this in your testcase if you want to reuse the
         object, but beware that logging out will invalidate any existing
         sessions.
         """
         return cros_ui.get_autox()
 
 
+    def validate_basic_policy(self, basic_policy):
+        # Pull in protobuf definitions.
+        sys.path.append(self.srcdir)
+        from device_management_backend_pb2 import PolicyFetchResponse
+        from device_management_backend_pb2 import PolicyData
+        from chrome_device_policy_pb2 import ChromeDeviceSettingsProto
+        from chrome_device_policy_pb2 import UserWhitelistProto
+
+        policy_proto = PolicyFetchResponse()
+        policy_proto.ParseFromString(basic_policy)
+        poldata = PolicyData()
+        poldata.ParseFromString(policy_proto.policy_data)
+        if (not poldata.HasField('username') or
+            poldata.username != self.username):
+          raise error.TestFail('Username not appropriately set in policy')
+
+        polval = ChromeDeviceSettingsProto()
+        polval.ParseFromString(poldata.policy_value)
+        if (not polval.HasField('allow_new_users') or
+            not polval.allow_new_users.HasField('allow_new_users') or
+            not polval.allow_new_users):
+            raise error.TestFail('Whitelisting not disabled in policy')
+
+        if (not polval.HasField('user_whitelist') or
+            not self.username in polval.user_whitelist.user_whitelist):
+            raise error.TestFail('Owner not whitelisted')
+
+
     def stop_authserver(self):
         """Tears down fake dns and fake Google Accounts server.  If your
         subclass does not create these objects, you will want to override this
         method as well.
         """
         if hasattr(self, '_authServer'):
             self.revert_dns()
             self._authServer.stop()
             self._dnsServer.stop()
 
@@ skipping 68 matching lines @@
 
         self.stop_authserver()
         self.__log_crashed_processes(self.crash_blacklist)
 
 
     def get_auth_endpoint_misses(self):
         if hasattr(self, '_authServer'):
             return self._authServer.get_endpoint_misses()
         else:
             return {}