OLD | NEW |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
4 | 4 |
5 """A bare-bones test server for testing cloud policy support. | 5 """A bare-bones test server for testing cloud policy support. |
6 | 6 |
7 This implements a simple cloud policy test server that can be used to test | 7 This implements a simple cloud policy test server that can be used to test |
8 chrome's device management service client. The policy information is read from | 8 chrome's device management service client. The policy information is read from |
9 the file named device_management in the server's data directory. It contains | 9 the file named device_management in the server's data directory. It contains |
10 enforced and recommended policies for the device and user scope, and a list | 10 enforced and recommended policies for the device and user scope, and a list |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
89 | 89 |
90 # Device policy is only available on Chrome OS builds. | 90 # Device policy is only available on Chrome OS builds. |
91 try: | 91 try: |
92 import chrome_device_policy_pb2 as dp | 92 import chrome_device_policy_pb2 as dp |
93 except ImportError: | 93 except ImportError: |
94 dp = None | 94 dp = None |
95 | 95 |
96 # ASN.1 object identifier for PKCS#1/RSA. | 96 # ASN.1 object identifier for PKCS#1/RSA. |
97 PKCS1_RSA_OID = '\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01' | 97 PKCS1_RSA_OID = '\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01' |
98 | 98 |
99 # List of bad machine identifiers that trigger the |valid_serial_number_missing| | |
100 # flag to be set set in the policy fetch response. | |
101 BAD_MACHINE_IDS = [ '123490EN400015' ] | |
102 | |
103 # List of machines that trigger the server to send kiosk enrollment response | 99 # List of machines that trigger the server to send kiosk enrollment response |
104 # for the register request. | 100 # for the register request. |
105 KIOSK_MACHINE_IDS = [ 'KIOSK' ] | 101 KIOSK_MACHINE_IDS = [ 'KIOSK' ] |
106 | 102 |
107 # Dictionary containing base64-encoded policy signing keys plus per-domain | 103 # Dictionary containing base64-encoded policy signing keys plus per-domain |
108 # signatures. Format is: | 104 # signatures. Format is: |
109 # { | 105 # { |
110 # 'key': <base64-encoded PKCS8-format private key>, | 106 # 'key': <base64-encoded PKCS8-format private key>, |
111 # 'signatures': { | 107 # 'signatures': { |
112 # <domain1>: <base64-encdoded SHA256 signature for key + domain1> | 108 # <domain1>: <base64-encdoded SHA256 signature for key + domain1> |
(...skipping 718 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
831 the response. | 827 the response. |
832 | 828 |
833 Args: | 829 Args: |
834 msg: The CloudPolicyRequest message received from the client. | 830 msg: The CloudPolicyRequest message received from the client. |
835 token_info: The token extracted from the request. | 831 token_info: The token extracted from the request. |
836 response: A PolicyFetchResponse message that should be filled with the | 832 response: A PolicyFetchResponse message that should be filled with the |
837 response data. | 833 response data. |
838 username: The username for the response. May be None. | 834 username: The username for the response. May be None. |
839 """ | 835 """ |
840 | 836 |
841 if msg.machine_id: | |
842 self.server.UpdateMachineId(token_info['device_token'], msg.machine_id) | |
843 | |
844 # Response is only given if the scope is specified in the config file. | 837 # Response is only given if the scope is specified in the config file. |
845 # Normally 'google/chromeos/device', 'google/chromeos/user' and | 838 # Normally 'google/chromeos/device', 'google/chromeos/user' and |
846 # 'google/chromeos/publicaccount' should be accepted. | 839 # 'google/chromeos/publicaccount' should be accepted. |
847 policy = self.server.GetPolicies() | 840 policy = self.server.GetPolicies() |
848 policy_value = '' | 841 policy_value = '' |
849 policy_key = msg.policy_type | 842 policy_key = msg.policy_type |
850 if msg.settings_entity_id: | 843 if msg.settings_entity_id: |
851 policy_key += '/' + msg.settings_entity_id | 844 policy_key += '/' + msg.settings_entity_id |
852 if msg.policy_type in token_info['allowed_policy_types']: | 845 if msg.policy_type in token_info['allowed_policy_types']: |
853 if msg.policy_type in ('google/android/user', | 846 if msg.policy_type in ('google/android/user', |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
898 signing_key = self.server.GetKeyByVersion(signing_key_version) | 891 signing_key = self.server.GetKeyByVersion(signing_key_version) |
899 assert signing_key is not None | 892 assert signing_key is not None |
900 | 893 |
901 # Fill the policy data protobuf. | 894 # Fill the policy data protobuf. |
902 policy_data = dm.PolicyData() | 895 policy_data = dm.PolicyData() |
903 policy_data.policy_type = msg.policy_type | 896 policy_data.policy_type = msg.policy_type |
904 policy_data.timestamp = int(time.time() * 1000) | 897 policy_data.timestamp = int(time.time() * 1000) |
905 policy_data.request_token = token_info['device_token'] | 898 policy_data.request_token = token_info['device_token'] |
906 policy_data.policy_value = payload | 899 policy_data.policy_value = payload |
907 policy_data.machine_name = token_info['machine_name'] | 900 policy_data.machine_name = token_info['machine_name'] |
908 policy_data.valid_serial_number_missing = ( | |
909 token_info['machine_id'] in BAD_MACHINE_IDS) | |
910 policy_data.settings_entity_id = msg.settings_entity_id | 901 policy_data.settings_entity_id = msg.settings_entity_id |
911 policy_data.service_account_identity = policy.get( | 902 policy_data.service_account_identity = policy.get( |
912 'service_account_identity', | 903 'service_account_identity', |
913 'policy_testserver.py-service_account_identity') | 904 'policy_testserver.py-service_account_identity') |
914 invalidation_source = policy.get('invalidation_source') | 905 invalidation_source = policy.get('invalidation_source') |
915 if invalidation_source is not None: | 906 if invalidation_source is not None: |
916 policy_data.invalidation_source = invalidation_source | 907 policy_data.invalidation_source = invalidation_source |
917 # Since invalidation_name is type bytes in the proto, the Unicode name | 908 # Since invalidation_name is type bytes in the proto, the Unicode name |
918 # provided needs to be encoded as ASCII to set the correct byte pattern. | 909 # provided needs to be encoded as ASCII to set the correct byte pattern. |
919 invalidation_name = policy.get('invalidation_name') | 910 invalidation_name = policy.get('invalidation_name') |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1234 'device_token': dmtoken, | 1225 'device_token': dmtoken, |
1235 'allowed_policy_types': allowed_policy_types[type], | 1226 'allowed_policy_types': allowed_policy_types[type], |
1236 'machine_name': 'chromeos-' + machine_id, | 1227 'machine_name': 'chromeos-' + machine_id, |
1237 'machine_id': machine_id, | 1228 'machine_id': machine_id, |
1238 'enrollment_mode': enrollment_mode, | 1229 'enrollment_mode': enrollment_mode, |
1239 'username': username, | 1230 'username': username, |
1240 } | 1231 } |
1241 self.WriteClientState() | 1232 self.WriteClientState() |
1242 return self._registered_tokens[dmtoken] | 1233 return self._registered_tokens[dmtoken] |
1243 | 1234 |
1244 def UpdateMachineId(self, dmtoken, machine_id): | |
1245 """Updates the machine identifier for a registered device. | |
1246 | |
1247 Args: | |
1248 dmtoken: The device management token provided by the client. | |
1249 machine_id: Updated hardware identifier value. | |
1250 """ | |
1251 if dmtoken in self._registered_tokens: | |
1252 self._registered_tokens[dmtoken]['machine_id'] = machine_id | |
1253 self.WriteClientState() | |
1254 | |
1255 def UpdateStateKeys(self, dmtoken, state_keys): | 1235 def UpdateStateKeys(self, dmtoken, state_keys): |
1256 """Updates the state keys for a given client. | 1236 """Updates the state keys for a given client. |
1257 | 1237 |
1258 Args: | 1238 Args: |
1259 dmtoken: The device management token provided by the client. | 1239 dmtoken: The device management token provided by the client. |
1260 state_keys: The state keys to set. | 1240 state_keys: The state keys to set. |
1261 """ | 1241 """ |
1262 if dmtoken in self._registered_tokens: | 1242 if dmtoken in self._registered_tokens: |
1263 self._registered_tokens[dmtoken]['state_keys'] = map( | 1243 self._registered_tokens[dmtoken]['state_keys'] = map( |
1264 lambda key : key.encode('hex'), state_keys) | 1244 lambda key : key.encode('hex'), state_keys) |
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1487 if (self.options.log_to_console): | 1467 if (self.options.log_to_console): |
1488 logger.addHandler(logging.StreamHandler()) | 1468 logger.addHandler(logging.StreamHandler()) |
1489 if (self.options.log_file): | 1469 if (self.options.log_file): |
1490 logger.addHandler(logging.FileHandler(self.options.log_file)) | 1470 logger.addHandler(logging.FileHandler(self.options.log_file)) |
1491 | 1471 |
1492 testserver_base.TestServerRunner.run_server(self) | 1472 testserver_base.TestServerRunner.run_server(self) |
1493 | 1473 |
1494 | 1474 |
1495 if __name__ == '__main__': | 1475 if __name__ == '__main__': |
1496 sys.exit(PolicyServerRunner().main()) | 1476 sys.exit(PolicyServerRunner().main()) |
OLD | NEW |