OLD | NEW |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 """A bare-bones test server for testing cloud policy support. | 5 """A bare-bones test server for testing cloud policy support. |
6 | 6 |
7 This implements a simple cloud policy test server that can be used to test | 7 This implements a simple cloud policy test server that can be used to test |
8 chrome's device management service client. The policy information is read from | 8 chrome's device management service client. The policy information is read from |
9 the file named device_management in the server's data directory. It contains | 9 the file named device_management in the server's data directory. It contains |
10 enforced and recommended policies for the device and user scope, and a list | 10 enforced and recommended policies for the device and user scope, and a list |
(...skipping 717 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
728 # know the user name belonging to the GAIA auth token we received (short | 728 # know the user name belonging to the GAIA auth token we received (short |
729 # of actually talking to GAIA). To address this, we read the username from | 729 # of actually talking to GAIA). To address this, we read the username from |
730 # the policy configuration dictionary, or use a default. | 730 # the policy configuration dictionary, or use a default. |
731 policy_data.username = policy.get('policy_user', 'user@example.com') | 731 policy_data.username = policy.get('policy_user', 'user@example.com') |
732 policy_data.device_id = token_info['device_id'] | 732 policy_data.device_id = token_info['device_id'] |
733 signed_data = policy_data.SerializeToString() | 733 signed_data = policy_data.SerializeToString() |
734 | 734 |
735 response.policy_data = signed_data | 735 response.policy_data = signed_data |
736 if signing_key: | 736 if signing_key: |
737 response.policy_data_signature = ( | 737 response.policy_data_signature = ( |
738 signing_key['private_key'].hashAndSign(signed_data).tostring()) | 738 bytes(signing_key['private_key'].hashAndSign(signed_data))) |
739 if msg.public_key_version != current_key_index + 1: | 739 if msg.public_key_version != current_key_index + 1: |
740 response.new_public_key = signing_key['public_key'] | 740 response.new_public_key = signing_key['public_key'] |
741 | 741 |
742 # Set the verification signature appropriate for the policy domain. | 742 # Set the verification signature appropriate for the policy domain. |
743 # TODO(atwilson): Use the enrollment domain for public accounts when | 743 # TODO(atwilson): Use the enrollment domain for public accounts when |
744 # we add key validation for ChromeOS (http://crbug.com/328038). | 744 # we add key validation for ChromeOS (http://crbug.com/328038). |
745 if 'signatures' in signing_key: | 745 if 'signatures' in signing_key: |
746 verification_sig = self.GetSignatureForDomain( | 746 verification_sig = self.GetSignatureForDomain( |
747 signing_key['signatures'], policy_data.username) | 747 signing_key['signatures'], policy_data.username) |
748 | 748 |
749 if verification_sig: | 749 if verification_sig: |
750 assert len(verification_sig) == 256, \ | 750 assert len(verification_sig) == 256, \ |
751 'bad signature size: %d' % len(verification_sig) | 751 'bad signature size: %d' % len(verification_sig) |
752 response.new_public_key_verification_signature = verification_sig | 752 response.new_public_key_verification_signature = verification_sig |
753 | 753 |
754 if req_key: | 754 if req_key: |
755 response.new_public_key_signature = ( | 755 response.new_public_key_signature = ( |
756 req_key.hashAndSign(response.new_public_key).tostring()) | 756 bytes(req_key.hashAndSign(response.new_public_key))) |
757 | 757 |
758 return (200, response.SerializeToString()) | 758 return (200, response.SerializeToString()) |
759 | 759 |
760 def GetSignatureForDomain(self, signatures, username): | 760 def GetSignatureForDomain(self, signatures, username): |
761 parsed_username = username.split("@", 1) | 761 parsed_username = username.split("@", 1) |
762 if len(parsed_username) != 2: | 762 if len(parsed_username) != 2: |
763 logging.error('Could not extract domain from username: %s' % username) | 763 logging.error('Could not extract domain from username: %s' % username) |
764 return None | 764 return None |
765 domain = parsed_username[1] | 765 domain = parsed_username[1] |
766 | 766 |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
841 for key_path in private_key_paths: | 841 for key_path in private_key_paths: |
842 try: | 842 try: |
843 key_str = open(key_path).read() | 843 key_str = open(key_path).read() |
844 except IOError: | 844 except IOError: |
845 print 'Failed to load private key from %s' % key_path | 845 print 'Failed to load private key from %s' % key_path |
846 continue | 846 continue |
847 try: | 847 try: |
848 key = tlslite.api.parsePEMKey(key_str, private=True) | 848 key = tlslite.api.parsePEMKey(key_str, private=True) |
849 except SyntaxError: | 849 except SyntaxError: |
850 key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8( | 850 key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8( |
851 tlslite.utils.cryptomath.stringToBytes(key_str)) | 851 bytearray(key_str)) |
852 | 852 |
853 assert key is not None | 853 assert key is not None |
854 key_info = { 'private_key' : key } | 854 key_info = { 'private_key' : key } |
855 | 855 |
856 # Now try to read in a signature, if one exists. | 856 # Now try to read in a signature, if one exists. |
857 try: | 857 try: |
858 key_sig = open(key_path + '.sig').read() | 858 key_sig = open(key_path + '.sig').read() |
859 # Create a dictionary with the wildcard domain + signature | 859 # Create a dictionary with the wildcard domain + signature |
860 key_info['signatures'] = {'*': key_sig} | 860 key_info['signatures'] = {'*': key_sig} |
861 except IOError: | 861 except IOError: |
862 print 'Failed to read validation signature from %s.sig' % key_path | 862 print 'Failed to read validation signature from %s.sig' % key_path |
863 self.keys.append(key_info) | 863 self.keys.append(key_info) |
864 else: | 864 else: |
865 # Use the canned private keys if none were passed from the command line. | 865 # Use the canned private keys if none were passed from the command line. |
866 for signing_key in SIGNING_KEYS: | 866 for signing_key in SIGNING_KEYS: |
867 decoded_key = base64.b64decode(signing_key['key']); | 867 decoded_key = base64.b64decode(signing_key['key']); |
868 key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8( | 868 key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8( |
869 tlslite.utils.cryptomath.stringToBytes(decoded_key)) | 869 bytearray(decoded_key)) |
870 assert key is not None | 870 assert key is not None |
871 # Grab the signature dictionary for this key and decode all of the | 871 # Grab the signature dictionary for this key and decode all of the |
872 # signatures. | 872 # signatures. |
873 signature_dict = signing_key['signatures'] | 873 signature_dict = signing_key['signatures'] |
874 decoded_signatures = {} | 874 decoded_signatures = {} |
875 for domain in signature_dict: | 875 for domain in signature_dict: |
876 decoded_signatures[domain] = base64.b64decode(signature_dict[domain]) | 876 decoded_signatures[domain] = base64.b64decode(signature_dict[domain]) |
877 self.keys.append({'private_key': key, | 877 self.keys.append({'private_key': key, |
878 'signatures': decoded_signatures}) | 878 'signatures': decoded_signatures}) |
879 | 879 |
(...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1184 if (self.options.log_to_console): | 1184 if (self.options.log_to_console): |
1185 logger.addHandler(logging.StreamHandler()) | 1185 logger.addHandler(logging.StreamHandler()) |
1186 if (self.options.log_file): | 1186 if (self.options.log_file): |
1187 logger.addHandler(logging.FileHandler(self.options.log_file)) | 1187 logger.addHandler(logging.FileHandler(self.options.log_file)) |
1188 | 1188 |
1189 testserver_base.TestServerRunner.run_server(self) | 1189 testserver_base.TestServerRunner.run_server(self) |
1190 | 1190 |
1191 | 1191 |
1192 if __name__ == '__main__': | 1192 if __name__ == '__main__': |
1193 sys.exit(PolicyServerRunner().main()) | 1193 sys.exit(PolicyServerRunner().main()) |
OLD | NEW |