OLD | NEW |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 """A bare-bones test server for testing cloud policy support. | 5 """A bare-bones test server for testing cloud policy support. |
6 | 6 |
7 This implements a simple cloud policy test server that can be used to test | 7 This implements a simple cloud policy test server that can be used to test |
8 chrome's device management service client. The policy information is read from | 8 chrome's device management service client. The policy information is read from |
9 the file named device_management in the server's data directory. It contains | 9 the file named device_management in the server's data directory. It contains |
10 enforced and recommended policies for the device and user scope, and a list | 10 enforced and recommended policies for the device and user scope, and a list |
(...skipping 801 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
812 ids = self.server.ListMatchingComponents('google/chrome/extension') | 812 ids = self.server.ListMatchingComponents('google/chrome/extension') |
813 for settings_entity_id in ids: | 813 for settings_entity_id in ids: |
814 # Reuse the extension policy request, to trigger the same signature | 814 # Reuse the extension policy request, to trigger the same signature |
815 # type in the response. | 815 # type in the response. |
816 request.settings_entity_id = settings_entity_id | 816 request.settings_entity_id = settings_entity_id |
817 fetch_response = response.response.add() | 817 fetch_response = response.response.add() |
818 self.ProcessCloudPolicy(request, token_info, fetch_response, username) | 818 self.ProcessCloudPolicy(request, token_info, fetch_response, username) |
819 # Don't do key rotations for these messages. | 819 # Don't do key rotations for these messages. |
820 fetch_response.ClearField('new_public_key') | 820 fetch_response.ClearField('new_public_key') |
821 fetch_response.ClearField('new_public_key_signature') | 821 fetch_response.ClearField('new_public_key_signature') |
822 fetch_response.ClearField('new_public_key_verification_signature') | 822 fetch_response.ClearField( |
| 823 'new_public_key_verification_signature_deprecated') |
823 | 824 |
824 def ProcessCloudPolicy(self, msg, token_info, response, username=None): | 825 def ProcessCloudPolicy(self, msg, token_info, response, username=None): |
825 """Handles a cloud policy request. (New protocol for policy requests.) | 826 """Handles a cloud policy request. (New protocol for policy requests.) |
826 | 827 |
827 Encodes the policy into protobuf representation, signs it and constructs | 828 Encodes the policy into protobuf representation, signs it and constructs |
828 the response. | 829 the response. |
829 | 830 |
830 Args: | 831 Args: |
831 msg: The CloudPolicyRequest message received from the client. | 832 msg: The CloudPolicyRequest message received from the client. |
832 token_info: The token extracted from the request. | 833 token_info: The token extracted from the request. |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
943 # Set the verification signature appropriate for the policy domain. | 944 # Set the verification signature appropriate for the policy domain. |
944 # TODO(atwilson): Use the enrollment domain for public accounts when | 945 # TODO(atwilson): Use the enrollment domain for public accounts when |
945 # we add key validation for ChromeOS (http://crbug.com/328038). | 946 # we add key validation for ChromeOS (http://crbug.com/328038). |
946 if 'signatures' in signing_key: | 947 if 'signatures' in signing_key: |
947 verification_sig = self.GetSignatureForDomain( | 948 verification_sig = self.GetSignatureForDomain( |
948 signing_key['signatures'], policy_data.username) | 949 signing_key['signatures'], policy_data.username) |
949 | 950 |
950 if verification_sig: | 951 if verification_sig: |
951 assert len(verification_sig) == 256, \ | 952 assert len(verification_sig) == 256, \ |
952 'bad signature size: %d' % len(verification_sig) | 953 'bad signature size: %d' % len(verification_sig) |
953 response.new_public_key_verification_signature = verification_sig | 954 response.new_public_key_verification_signature_deprecated = ( |
| 955 verification_sig) |
954 | 956 |
955 if req_key: | 957 if req_key: |
956 response.new_public_key_signature = ( | 958 response.new_public_key_signature = ( |
957 bytes(req_key.hashAndSign(response.new_public_key))) | 959 bytes(req_key.hashAndSign(response.new_public_key))) |
958 | 960 |
959 return (200, response.SerializeToString()) | 961 return (200, response.SerializeToString()) |
960 | 962 |
961 def GetSignatureForDomain(self, signatures, username): | 963 def GetSignatureForDomain(self, signatures, username): |
962 parsed_username = username.split("@", 1) | 964 parsed_username = username.split("@", 1) |
963 if len(parsed_username) != 2: | 965 if len(parsed_username) != 2: |
(...skipping 432 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1396 'load multiple keys into the server. If the ' | 1398 'load multiple keys into the server. If the ' |
1397 'server has multiple keys, it will rotate ' | 1399 'server has multiple keys, it will rotate ' |
1398 'through them in at each request in a ' | 1400 'through them in at each request in a ' |
1399 'round-robin fashion. The server will ' | 1401 'round-robin fashion. The server will ' |
1400 'use a canned key if none is specified ' | 1402 'use a canned key if none is specified ' |
1401 'on the command line. The test server will ' | 1403 'on the command line. The test server will ' |
1402 'also look for a verification signature file ' | 1404 'also look for a verification signature file ' |
1403 'in the same location: <filename>.sig and if ' | 1405 'in the same location: <filename>.sig and if ' |
1404 'present will add the signature to the ' | 1406 'present will add the signature to the ' |
1405 'policy blob as appropriate via the ' | 1407 'policy blob as appropriate via the ' |
1406 'new_public_key_verification_signature ' | 1408 'new_public_key_verification_signature_deprecated ' |
1407 'field.') | 1409 'field.') |
1408 self.option_parser.add_option('--log-level', dest='log_level', | 1410 self.option_parser.add_option('--log-level', dest='log_level', |
1409 default='WARN', | 1411 default='WARN', |
1410 help='Log level threshold to use.') | 1412 help='Log level threshold to use.') |
1411 self.option_parser.add_option('--config-file', dest='config_file', | 1413 self.option_parser.add_option('--config-file', dest='config_file', |
1412 help='Specify a configuration file to use ' | 1414 help='Specify a configuration file to use ' |
1413 'instead of the default ' | 1415 'instead of the default ' |
1414 '<data_dir>/device_management') | 1416 '<data_dir>/device_management') |
1415 self.option_parser.add_option('--server-base-url', dest='server_base_url', | 1417 self.option_parser.add_option('--server-base-url', dest='server_base_url', |
1416 help='The server base URL to use when ' | 1418 help='The server base URL to use when ' |
1417 'constructing URLs to return to the client.') | 1419 'constructing URLs to return to the client.') |
1418 | 1420 |
1419 def run_server(self): | 1421 def run_server(self): |
1420 logger = logging.getLogger() | 1422 logger = logging.getLogger() |
1421 logger.setLevel(getattr(logging, str(self.options.log_level).upper())) | 1423 logger.setLevel(getattr(logging, str(self.options.log_level).upper())) |
1422 if (self.options.log_to_console): | 1424 if (self.options.log_to_console): |
1423 logger.addHandler(logging.StreamHandler()) | 1425 logger.addHandler(logging.StreamHandler()) |
1424 if (self.options.log_file): | 1426 if (self.options.log_file): |
1425 logger.addHandler(logging.FileHandler(self.options.log_file)) | 1427 logger.addHandler(logging.FileHandler(self.options.log_file)) |
1426 | 1428 |
1427 testserver_base.TestServerRunner.run_server(self) | 1429 testserver_base.TestServerRunner.run_server(self) |
1428 | 1430 |
1429 | 1431 |
1430 if __name__ == '__main__': | 1432 if __name__ == '__main__': |
1431 sys.exit(PolicyServerRunner().main()) | 1433 sys.exit(PolicyServerRunner().main()) |
OLD | NEW |