Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: client/cros/cros_ownership_test.py

Issue 6880288: [autotest] Add test for the re-taking of ownership after the owner key is lost (Closed) Base URL: http://git.chromium.org/git/autotest.git@master
Patch Set: improve comment Created 9 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « client/cros/constants.py ('k') | client/cros/cros_ui_test.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be 2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file. 3 # found in the LICENSE file.
4 4
5 import dbus 5 import dbus
6 import logging 6 import logging
7 import sys 7 import sys
8 import common 8 import common
9 import constants 9 import constants
10 import login 10 import login
(...skipping 25 matching lines...) Expand all
36 36
37 def connect_to_session_manager(self): 37 def connect_to_session_manager(self):
38 """Create and return a DBus connection to session_manager. 38 """Create and return a DBus connection to session_manager.
39 39
40 Connects to the session manager over the DBus system bus. Returns 40 Connects to the session manager over the DBus system bus. Returns
41 appropriately configured DBus interface object. 41 appropriately configured DBus interface object.
42 """ 42 """
43 return ownership.connect_to_session_manager() 43 return ownership.connect_to_session_manager()
44 44
45 45
46 def use_known_ownerkeys(self): 46 def compare_policy_response(self, policy_response,
47 """Sets the system up to use a well-known keypair for owner operations. 47 owner=None, guests=None, new_users=None,
48 roaming=None, whitelist=None, proxies=None):
49 """Check the contents of |policy_response| against given args.
48 50
49 Assuming the appropriate cryptohome is already mounted, configures the 51 Deserializes |policy_response| into a PolicyFetchResponse protobuf,
50 device to accept policies signed with the checked-in 'mock' owner key. 52 with an embedded (serialized) PolicyData protobuf that embeds a
53 (serialized) ChromeDeviceSettingsProto, and checks to see if this
54 protobuf turducken contains the information passed in.
55
56 @param policy_response: string serialization of a PolicyData protobuf.
57 @param owner: string representing the owner's name/account.
58 @param guests: boolean indicating whether guests should be allowed.
59 @param new_users: boolean indicating if user pods are on login screen.
60 @param roaming: boolean indicating whether data roaming is enabled.
61 @param whitelist: list of accounts that are allowed to log in.
62 @param proxies: dictionary - { 'proxy_mode': <string> }
63
64 @return True if |policy_response| has all the provided data, else False.
51 """ 65 """
52 dirname = os.path.dirname(__file__) 66 # Pull in protobuf definitions.
53 mock_keyfile = os.path.join(dirname, 'mock_owner_private.key') 67 sys.path.append(self.srcdir)
54 mock_certfile = os.path.join(dirname, 'mock_owner_cert.pem') 68 from device_management_backend_pb2 import PolicyFetchResponse
55 ownership.push_to_nss(mock_keyfile, mock_certfile, ownership.NSSDB) 69 from device_management_backend_pb2 import PolicyData
56 utils.open_write_close(constants.OWNER_KEY_FILE, 70 from chrome_device_policy_pb2 import ChromeDeviceSettingsProto
57 ownership.cert_extract_pubkey_der(mock_certfile)) 71 from chrome_device_policy_pb2 import AllowNewUsersProto
72 from chrome_device_policy_pb2 import GuestModeEnabledProto
73 from chrome_device_policy_pb2 import ShowUserNamesOnSigninProto
74 from chrome_device_policy_pb2 import DataRoamingEnabledProto
75 from chrome_device_policy_pb2 import DeviceProxySettingsProto
58 76
77 response_proto = PolicyFetchResponse()
78 response_proto.ParseFromString(policy_response)
79 ownership.assert_has_policy_data(response_proto)
59 80
60 def known_privkey(self): 81 data_proto = PolicyData()
61 """Returns the mock owner private key in PEM format. 82 data_proto.ParseFromString(response_proto.policy_data)
62 """ 83 ownership.assert_has_device_settings(data_proto)
63 dirname = os.path.dirname(__file__) 84 if owner != None: ownership.assert_username(data_proto, owner)
64 return utils.read_file(os.path.join(dirname, 'mock_owner_private.key'))
65 85
66 86 settings = ChromeDeviceSettingsProto()
67 def known_pubkey(self): 87 settings.ParseFromString(data_proto.policy_value)
68 """Returns the mock owner public key in DER format. 88 if guests != None: ownership.assert_guest_setting(settings, guests)
69 """ 89 if new_users != None: ownership.assert_show_users(settings, new_users)
70 dirname = os.path.dirname(__file__) 90 if roaming != None: ownership.assert_roaming(settings, roaming)
71 return ownership.cert_extract_pubkey_der( 91 if whitelist:
72 os.path.join(dirname, 'mock_owner_cert.pem')) 92 ownership.assert_new_users(settings, False)
93 ownership.assert_users_on_whitelist(settings, whitelist)
94 if proxies != None: ownership.assert_proxy_settings(settings, proxies)
73 95
74 96
75 def build_policy_data(self, owner=None, guests=None, new_users=None, 97 def build_policy_data(self, owner=None, guests=None, new_users=None,
76 roaming=None, whitelist=None, proxies=None): 98 roaming=None, whitelist=None, proxies=None):
77 """Generate and serialize a populated device policy protobuffer. 99 """Generate and serialize a populated device policy protobuffer.
78 100
79 Creates a PolicyData protobuf, with an embedded 101 Creates a PolicyData protobuf, with an embedded
80 ChromeDeviceSettingsProto, containing the information passed in. 102 ChromeDeviceSettingsProto, containing the information passed in.
81 103
82 @param owner: string representing the owner's name/account. 104 @param owner: string representing the owner's name/account.
83 @param guests: boolean indicating whether guests should be allowed. 105 @param guests: boolean indicating whether guests should be allowed.
84 @param new_users: boolean indicating if user pods are on login screen. 106 @param new_users: boolean indicating if user pods are on login screen.
85 @param roaming: boolean indicating whether data roaming is enabled. 107 @param roaming: boolean indicating whether data roaming is enabled.
86 @param whitelist: list of accounts that are allowed to log in. 108 @param whitelist: list of accounts that are allowed to log in.
87 @param proxies: dictionary - { 'proxy_mode': <string> } 109 @param proxies: dictionary - { 'proxy_mode': <string> }
88 110
89 @return serialization of the PolicyData proto that we build. 111 @return serialization of the PolicyData proto that we build.
90 """ 112 """
91 # Pull in protobuf definitions. 113 # Pull in protobuf definitions.
92 sys.path.append(self.srcdir) 114 sys.path.append(self.srcdir)
93 from device_management_backend_pb2 import PolicyData 115 from device_management_backend_pb2 import PolicyData
94 from chrome_device_policy_pb2 import ChromeDeviceSettingsProto 116 from chrome_device_policy_pb2 import ChromeDeviceSettingsProto
95 from chrome_device_policy_pb2 import AllowNewUsersProto 117 from chrome_device_policy_pb2 import AllowNewUsersProto
96 from chrome_device_policy_pb2 import GuestModeEnabledProto 118 from chrome_device_policy_pb2 import GuestModeEnabledProto
97 from chrome_device_policy_pb2 import ShowUserNamesOnSigninProto 119 from chrome_device_policy_pb2 import ShowUserNamesOnSigninProto
98 from chrome_device_policy_pb2 import DataRoamingEnabledProto 120 from chrome_device_policy_pb2 import DataRoamingEnabledProto
99 from chrome_device_policy_pb2 import DeviceProxySettingsProto 121 from chrome_device_policy_pb2 import DeviceProxySettingsProto
100 122
101 data_proto = PolicyData() 123 data_proto = PolicyData()
102 data_proto.policy_type = 'google/chromeos/device' 124 data_proto.policy_type = ownership.POLICY_TYPE
103 if owner != None: data_proto.username = owner 125 if owner != None: data_proto.username = owner
104 126
105 settings = ChromeDeviceSettingsProto() 127 settings = ChromeDeviceSettingsProto()
106 if guests != None: 128 if guests != None:
107 settings.guest_mode_enabled.guest_mode_enabled = guests 129 settings.guest_mode_enabled.guest_mode_enabled = guests
108 if new_users != None: 130 if new_users != None:
109 settings.show_user_names.show_user_names = new_users 131 settings.show_user_names.show_user_names = new_users
110 if roaming != None: 132 if roaming != None:
111 settings.data_roaming_enabled.data_roaming_enabled = roaming 133 settings.data_roaming_enabled.data_roaming_enabled = roaming
134 if whitelist:
135 settings.allow_new_users.allow_new_users = False
112 for user in whitelist: 136 for user in whitelist:
113 settings.user_whitelist.user_whitelist.append(user) 137 settings.user_whitelist.user_whitelist.append(user)
114 if proxies != None: 138 if proxies != None:
115 settings.device_proxy_settings.proxy_mode = proxies['proxy_mode'] 139 settings.device_proxy_settings.proxy_mode = proxies['proxy_mode']
116 140
117 data_proto.policy_value = settings.SerializeToString() 141 data_proto.policy_value = settings.SerializeToString()
118 return data_proto.SerializeToString() 142 return data_proto.SerializeToString()
119 143
120 144
121 def generate_policy(self, key, pubkey, policy, old_key=None): 145 def generate_policy(self, key, pubkey, policy, old_key=None):
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
156 180
157 181
158 def get_policy(self, sm): 182 def get_policy(self, sm):
159 return sm.RetrievePolicy(byte_arrays=True) 183 return sm.RetrievePolicy(byte_arrays=True)
160 184
161 185
162 def cleanup(self): 186 def cleanup(self):
163 login.wait_for_browser() # Ensure login manager is there before nuking. 187 login.wait_for_browser() # Ensure login manager is there before nuking.
164 login.nuke_login_manager() 188 login.nuke_login_manager()
165 super(OwnershipTest, self).cleanup() 189 super(OwnershipTest, self).cleanup()
OLDNEW
« no previous file with comments | « client/cros/constants.py ('k') | client/cros/cros_ui_test.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698