| OLD | NEW |
|---|
| 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 """A bare-bones test server for testing cloud policy support. | 5 """A bare-bones test server for testing cloud policy support. |
| 6 | 6 |
| 7 This implements a simple cloud policy test server that can be used to test | 7 This implements a simple cloud policy test server that can be used to test |
| 8 chrome's device management service client. The policy information is read from | 8 chrome's device management service client. The policy information is read from |
| 9 the file named device_management in the server's data directory. It contains | 9 the file named device_management in the server's data directory. It contains |
| 10 enforced and recommended policies for the device and user scope, and a list | 10 enforced and recommended policies for the device and user scope, and a list |
| (...skipping 801 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 812 ids = self.server.ListMatchingComponents('google/chrome/extension') | 812 ids = self.server.ListMatchingComponents('google/chrome/extension') |
| 813 for settings_entity_id in ids: | 813 for settings_entity_id in ids: |
| 814 # Reuse the extension policy request, to trigger the same signature | 814 # Reuse the extension policy request, to trigger the same signature |
| 815 # type in the response. | 815 # type in the response. |
| 816 request.settings_entity_id = settings_entity_id | 816 request.settings_entity_id = settings_entity_id |
| 817 fetch_response = response.response.add() | 817 fetch_response = response.response.add() |
| 818 self.ProcessCloudPolicy(request, token_info, fetch_response, username) | 818 self.ProcessCloudPolicy(request, token_info, fetch_response, username) |
| 819 # Don't do key rotations for these messages. | 819 # Don't do key rotations for these messages. |
| 820 fetch_response.ClearField('new_public_key') | 820 fetch_response.ClearField('new_public_key') |
| 821 fetch_response.ClearField('new_public_key_signature') | 821 fetch_response.ClearField('new_public_key_signature') |
| 822 fetch_response.ClearField('new_public_key_verification_signature') | 822 fetch_response.ClearField( |
| 823 'new_public_key_verification_signature_deprecated') |
| 823 | 824 |
| 824 def ProcessCloudPolicy(self, msg, token_info, response, username=None): | 825 def ProcessCloudPolicy(self, msg, token_info, response, username=None): |
| 825 """Handles a cloud policy request. (New protocol for policy requests.) | 826 """Handles a cloud policy request. (New protocol for policy requests.) |
| 826 | 827 |
| 827 Encodes the policy into protobuf representation, signs it and constructs | 828 Encodes the policy into protobuf representation, signs it and constructs |
| 828 the response. | 829 the response. |
| 829 | 830 |
| 830 Args: | 831 Args: |
| 831 msg: The CloudPolicyRequest message received from the client. | 832 msg: The CloudPolicyRequest message received from the client. |
| 832 token_info: The token extracted from the request. | 833 token_info: The token extracted from the request. |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 943 # Set the verification signature appropriate for the policy domain. | 944 # Set the verification signature appropriate for the policy domain. |
| 944 # TODO(atwilson): Use the enrollment domain for public accounts when | 945 # TODO(atwilson): Use the enrollment domain for public accounts when |
| 945 # we add key validation for ChromeOS (http://crbug.com/328038). | 946 # we add key validation for ChromeOS (http://crbug.com/328038). |
| 946 if 'signatures' in signing_key: | 947 if 'signatures' in signing_key: |
| 947 verification_sig = self.GetSignatureForDomain( | 948 verification_sig = self.GetSignatureForDomain( |
| 948 signing_key['signatures'], policy_data.username) | 949 signing_key['signatures'], policy_data.username) |
| 949 | 950 |
| 950 if verification_sig: | 951 if verification_sig: |
| 951 assert len(verification_sig) == 256, \ | 952 assert len(verification_sig) == 256, \ |
| 952 'bad signature size: %d' % len(verification_sig) | 953 'bad signature size: %d' % len(verification_sig) |
| 953 response.new_public_key_verification_signature = verification_sig | 954 response.new_public_key_verification_signature_deprecated = ( |
| 955 verification_sig) |
| 954 | 956 |
| 955 if req_key: | 957 if req_key: |
| 956 response.new_public_key_signature = ( | 958 response.new_public_key_signature = ( |
| 957 bytes(req_key.hashAndSign(response.new_public_key))) | 959 bytes(req_key.hashAndSign(response.new_public_key))) |
| 958 | 960 |
| 959 return (200, response.SerializeToString()) | 961 return (200, response.SerializeToString()) |
| 960 | 962 |
| 961 def GetSignatureForDomain(self, signatures, username): | 963 def GetSignatureForDomain(self, signatures, username): |
| 962 parsed_username = username.split("@", 1) | 964 parsed_username = username.split("@", 1) |
| 963 if len(parsed_username) != 2: | 965 if len(parsed_username) != 2: |
| (...skipping 432 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1396 'load multiple keys into the server. If the ' | 1398 'load multiple keys into the server. If the ' |
| 1397 'server has multiple keys, it will rotate ' | 1399 'server has multiple keys, it will rotate ' |
| 1398 'through them in at each request in a ' | 1400 'through them in at each request in a ' |
| 1399 'round-robin fashion. The server will ' | 1401 'round-robin fashion. The server will ' |
| 1400 'use a canned key if none is specified ' | 1402 'use a canned key if none is specified ' |
| 1401 'on the command line. The test server will ' | 1403 'on the command line. The test server will ' |
| 1402 'also look for a verification signature file ' | 1404 'also look for a verification signature file ' |
| 1403 'in the same location: <filename>.sig and if ' | 1405 'in the same location: <filename>.sig and if ' |
| 1404 'present will add the signature to the ' | 1406 'present will add the signature to the ' |
| 1405 'policy blob as appropriate via the ' | 1407 'policy blob as appropriate via the ' |
| 1406 'new_public_key_verification_signature ' | 1408 'new_public_key_verification_signature_deprecated ' |
| 1407 'field.') | 1409 'field.') |
| 1408 self.option_parser.add_option('--log-level', dest='log_level', | 1410 self.option_parser.add_option('--log-level', dest='log_level', |
| 1409 default='WARN', | 1411 default='WARN', |
| 1410 help='Log level threshold to use.') | 1412 help='Log level threshold to use.') |
| 1411 self.option_parser.add_option('--config-file', dest='config_file', | 1413 self.option_parser.add_option('--config-file', dest='config_file', |
| 1412 help='Specify a configuration file to use ' | 1414 help='Specify a configuration file to use ' |
| 1413 'instead of the default ' | 1415 'instead of the default ' |
| 1414 '<data_dir>/device_management') | 1416 '<data_dir>/device_management') |
| 1415 self.option_parser.add_option('--server-base-url', dest='server_base_url', | 1417 self.option_parser.add_option('--server-base-url', dest='server_base_url', |
| 1416 help='The server base URL to use when ' | 1418 help='The server base URL to use when ' |
| 1417 'constructing URLs to return to the client.') | 1419 'constructing URLs to return to the client.') |
| 1418 | 1420 |
| 1419 def run_server(self): | 1421 def run_server(self): |
| 1420 logger = logging.getLogger() | 1422 logger = logging.getLogger() |
| 1421 logger.setLevel(getattr(logging, str(self.options.log_level).upper())) | 1423 logger.setLevel(getattr(logging, str(self.options.log_level).upper())) |
| 1422 if (self.options.log_to_console): | 1424 if (self.options.log_to_console): |
| 1423 logger.addHandler(logging.StreamHandler()) | 1425 logger.addHandler(logging.StreamHandler()) |
| 1424 if (self.options.log_file): | 1426 if (self.options.log_file): |
| 1425 logger.addHandler(logging.FileHandler(self.options.log_file)) | 1427 logger.addHandler(logging.FileHandler(self.options.log_file)) |
| 1426 | 1428 |
| 1427 testserver_base.TestServerRunner.run_server(self) | 1429 testserver_base.TestServerRunner.run_server(self) |
| 1428 | 1430 |
| 1429 | 1431 |
| 1430 if __name__ == '__main__': | 1432 if __name__ == '__main__': |
| 1431 sys.exit(PolicyServerRunner().main()) | 1433 sys.exit(PolicyServerRunner().main()) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2453993004:
Match server version of DM API proto. (Closed)
