Chromium Code Reviews Chromium Code Reviews
Issue 6880288:
[autotest] Add test for the re-taking of ownership after the owner key is lost (Closed)
Base URL: http://git.chromium.org/git/autotest.git@master| OLD | NEW |
|---|---|
| 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 import common | 5 import common |
| 6 import constants | 6 import constants |
| 7 import cryptohome | 7 import cryptohome |
| 8 import dbus | 8 import dbus |
| 9 import logging | 9 import logging |
| 10 import login | 10 import login |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 70 | 70 |
| 71 Connects to the session manager over the DBus system bus. Returns | 71 Connects to the session manager over the DBus system bus. Returns |
| 72 appropriately configured DBus interface object. | 72 appropriately configured DBus interface object. |
| 73 """ | 73 """ |
| 74 bus = dbus.SystemBus() | 74 bus = dbus.SystemBus() |
| 75 proxy = bus.get_object('org.chromium.SessionManager', | 75 proxy = bus.get_object('org.chromium.SessionManager', |
| 76 '/org/chromium/SessionManager') | 76 '/org/chromium/SessionManager') |
| 77 return dbus.Interface(proxy, 'org.chromium.SessionManagerInterface') | 77 return dbus.Interface(proxy, 'org.chromium.SessionManagerInterface') |
| 78 | 78 |
| 79 | 79 |
| 80 def listen_to_session_manager_signal(callback, signal): | |
| 81 """Create and return a DBus connection to session_manager. | |
| 82 | |
| 83 Connects to the session manager over the DBus system bus. Returns | |
| 84 appropriately configured DBus interface object. | |
| 85 """ | |
| 86 bus = dbus.SystemBus() | |
| 87 bus.add_signal_receiver( | |
| 88 handler_function=callback, | |
| 89 signal_name=signal, | |
| 90 dbus_interface='org.chromium.Chromium', | |
| 91 bus_name=None, | |
| 92 path='/') | |
| 93 | |
| 94 | |
| 80 NSSDB = constants.CRYPTOHOME_MOUNT_PT + '/.pki/nssdb' | 95 NSSDB = constants.CRYPTOHOME_MOUNT_PT + '/.pki/nssdb' |
| 81 PK12UTIL = 'nsspk12util' | 96 PK12UTIL = 'nsspk12util' |
| 82 OPENSSLP12 = 'openssl pkcs12' | 97 OPENSSLP12 = 'openssl pkcs12' |
| 83 OPENSSLX509 = 'openssl x509' | 98 OPENSSLX509 = 'openssl x509' |
| 84 OPENSSLRSA = 'openssl rsa' | 99 OPENSSLRSA = 'openssl rsa' |
| 85 OPENSSLREQ = 'openssl req' | 100 OPENSSLREQ = 'openssl req' |
| 86 OPENSSLCRYPTO = 'openssl sha1' | 101 OPENSSLCRYPTO = 'openssl sha1' |
| 87 | 102 |
| 88 | 103 |
| 104 def use_known_ownerkeys(): | |
|
petkov
2011/04/28 22:16:25
where is this routine used?
Chris Masone
2011/04/28 22:43:51
login_OwnershipApi.py
petkov
2011/04/28 22:48:47
So you rely on these test running in a specific se
| |
| 105 """Sets the system up to use a well-known keypair for owner operations. | |
| 106 | |
| 107 Assuming the appropriate cryptohome is already mounted, configures the | |
| 108 device to accept policies signed with the checked-in 'mock' owner key. | |
| 109 """ | |
| 110 dirname = os.path.dirname(__file__) | |
| 111 mock_keyfile = os.path.join(dirname, 'mock_owner_private.key') | |
| 112 mock_certfile = os.path.join(dirname, 'mock_owner_cert.pem') | |
| 113 push_to_nss(mock_keyfile, mock_certfile, NSSDB) | |
| 114 utils.open_write_close(constants.OWNER_KEY_FILE, | |
| 115 cert_extract_pubkey_der(mock_certfile)) | |
| 116 | |
| 117 | |
| 118 def known_privkey(): | |
| 119 """Returns the mock owner private key in PEM format. | |
| 120 """ | |
| 121 dirname = os.path.dirname(__file__) | |
| 122 return utils.read_file(os.path.join(dirname, 'mock_owner_private.key')) | |
|
petkov
2011/04/28 22:16:25
mock_owner_private.key used in a couple of place -
Chris Masone
2011/04/28 22:43:51
Done.
| |
| 123 | |
| 124 | |
| 125 def known_pubkey(): | |
| 126 """Returns the mock owner public key in DER format. | |
| 127 """ | |
| 128 dirname = os.path.dirname(__file__) | |
| 129 return cert_extract_pubkey_der(os.path.join(dirname, 'mock_owner_cert.pem')) | |
|
petkov
2011/04/28 22:16:25
mock_owner_cert.pem in a constant?
Chris Masone
2011/04/28 22:43:51
Done.
| |
| 130 | |
| 131 | |
| 89 def pairgen(): | 132 def pairgen(): |
| 90 """Generate a self-signed cert and associated private key. | 133 """Generate a self-signed cert and associated private key. |
| 91 | 134 |
| 92 Generates a self-signed X509 certificate and the associated private key. | 135 Generates a self-signed X509 certificate and the associated private key. |
| 93 The key is 2048 bits. The generated material is stored in PEM format | 136 The key is 2048 bits. The generated material is stored in PEM format |
| 94 and the paths to the two files are returned. | 137 and the paths to the two files are returned. |
| 95 | 138 |
| 96 The caller is responsible for cleaning up these files. | 139 The caller is responsible for cleaning up these files. |
| 97 """ | 140 """ |
| 98 keyfile = scoped_tempfile.tempdir.name + '/private.key' | 141 keyfile = scoped_tempfile.tempdir.name + '/private.key' |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 207 except: | 250 except: |
| 208 err.fo.seek(0) | 251 err.fo.seek(0) |
| 209 logging.error(err.fo.read()) | 252 logging.error(err.fo.read()) |
| 210 raise | 253 raise |
| 211 | 254 |
| 212 sig.fo.seek(0) | 255 sig.fo.seek(0) |
| 213 sig_data = sig.fo.read() | 256 sig_data = sig.fo.read() |
| 214 if not sig_data: | 257 if not sig_data: |
| 215 raise error.TestFail('Empty signature!') | 258 raise error.TestFail('Empty signature!') |
| 216 return sig_data | 259 return sig_data |
| OLD | NEW |
