Beispiel #1
0
  def __init__(self, server_address, data_dir, policy_path, client_state_file,
               private_key_paths):
    """Initializes the server.

    Args:
      server_address: Server host and port.
      policy_path: Names the file to read JSON-formatted policy from.
      private_key_paths: List of paths to read private keys from.
    """
    testserver_base.StoppableHTTPServer.__init__(self, server_address,
                                                 PolicyRequestHandler)
    self._registered_tokens = {}
    self.data_dir = data_dir
    self.policy_path = policy_path
    self.client_state_file = client_state_file

    self.keys = []
    if private_key_paths:
      # Load specified keys from the filesystem.
      for key_path in private_key_paths:
        try:
          key_str = open(key_path).read()
        except IOError:
          print 'Failed to load private key from %s' % key_path
          continue

        try:
          key = tlslite.api.parsePEMKey(key_str, private=True)
        except SyntaxError:
          key = tlslite.utils.Python_RSAKey.Python_RSAKey._parsePKCS8(
              tlslite.utils.cryptomath.stringToBytes(key_str))

        assert key is not None
        self.keys.append({ 'private_key' : key })
    else:
      # Generate 2 private keys if none were passed from the command line.
      for i in range(2):
        key = tlslite.api.generateRSAKey(512)
        assert key is not None
        self.keys.append({ 'private_key' : key })

    # Derive the public keys from the private keys.
    for entry in self.keys:
      key = entry['private_key']

      algorithm = asn1der.Sequence(
          [ asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
            asn1der.Data(asn1der.NULL, '') ])
      rsa_pubkey = asn1der.Sequence([ asn1der.Integer(key.n),
                                      asn1der.Integer(key.e) ])
      pubkey = asn1der.Sequence([ algorithm, asn1der.Bitstring(rsa_pubkey) ])
      entry['public_key'] = pubkey;

    # Load client state.
    if self.client_state_file is not None:
      try:
        file_contents = open(self.client_state_file).read()
        self._registered_tokens = json.loads(file_contents)
      except IOError:
        pass
    def __init__(self, policy_path, private_key_paths, policy_user):
        """Initializes the server.

    Args:
      policy_path: Names the file to read JSON-formatted policy from.
      private_key_paths: List of paths to read private keys from.
    """
        self._registered_tokens = {}
        self.policy = {}

        # There is no way to for the testserver to know the user name belonging to
        # the GAIA auth token we received (short of actually talking to GAIA). To
        # address this, we have a command line parameter to set the username that
        # the server should report to the client.
        self.username = policy_user

        if json is None:
            print 'No JSON module, cannot parse policy information'
        else:
            try:
                self.policy = json.loads(open(policy_path).read())
            except IOError:
                print 'Failed to load policy from %s' % policy_path

        self.keys = []
        if private_key_paths:
            # Load specified keys from the filesystem.
            for key_path in private_key_paths:
                try:
                    key = tlslite.api.parsePEMKey(open(key_path).read(),
                                                  private=True)
                except IOError:
                    print 'Failed to load private key from %s' % key_path
                    continue

                assert key != None
                self.keys.append({'private_key': key})
        else:
            # Generate a key if none were specified.
            key = tlslite.api.generateRSAKey(1024)
            assert key != None
            self.keys.append({'private_key': key})

        # Derive the public keys from the loaded private keys.
        for entry in self.keys:
            key = entry['private_key']

            algorithm = asn1der.Sequence([
                asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
                asn1der.Data(asn1der.NULL, '')
            ])
            rsa_pubkey = asn1der.Sequence(
                [asn1der.Integer(key.n),
                 asn1der.Integer(key.e)])
            pubkey = asn1der.Sequence(
                [algorithm, asn1der.Bitstring(rsa_pubkey)])
            entry['public_key'] = pubkey
  def __init__(self, policy_path, private_key_paths):
    """Initializes the server.

    Args:
      policy_path: Names the file to read JSON-formatted policy from.
      private_key_paths: List of paths to read private keys from.
    """
    self._registered_tokens = {}
    self.policy_path = policy_path

    self.keys = []
    if private_key_paths:
      # Load specified keys from the filesystem.
      for key_path in private_key_paths:
        try:
          key = tlslite.api.parsePEMKey(open(key_path).read(), private=True)
        except IOError:
          print 'Failed to load private key from %s' % key_path
          continue

        assert key is not None
        self.keys.append({ 'private_key' : key })
    else:
      # Generate a key if none were specified.
      key = tlslite.api.generateRSAKey(1024)
      assert key is not None
      self.keys.append({ 'private_key' : key })

    # Derive the public keys from the loaded private keys.
    for entry in self.keys:
      key = entry['private_key']

      algorithm = asn1der.Sequence(
          [ asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
            asn1der.Data(asn1der.NULL, '') ])
      rsa_pubkey = asn1der.Sequence([ asn1der.Integer(key.n),
                                      asn1der.Integer(key.e) ])
      pubkey = asn1der.Sequence([ algorithm, asn1der.Bitstring(rsa_pubkey) ])
      entry['public_key'] = pubkey;
Beispiel #4
0
    def setUp(self):
        """Sets up the platform for policy testing.

    On ChromeOS, part of the setup involves restarting the session manager to
    inject a device policy blob.
    """
        if self.IsChromeOS():
            # Set up a temporary data dir and a TestServer serving files from there.
            # The TestServer makes its document root relative to the src dir.
            source_dir = os.path.normpath(pyauto_paths.GetSourceDir())
            self._temp_data_dir = tempfile.mkdtemp(dir=source_dir)
            relative_temp_data_dir = os.path.basename(self._temp_data_dir)
            self._http_server = self.StartHTTPServer(relative_temp_data_dir)

            # Set up an empty user policy so that the TestServer can start replying.
            self._SetUserPolicyChromeOS()

            # Generate a key pair for signing device policy.
            self._private_key = tlslite.api.generateRSAKey(1024)
            algorithm = asn1der.Sequence([
                asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
                asn1der.Data(asn1der.NULL, '')
            ])
            rsa_pubkey = asn1der.Sequence([
                asn1der.Integer(self._private_key.n),
                asn1der.Integer(self._private_key.e)
            ])
            self._public_key = asn1der.Sequence(
                [algorithm, asn1der.Bitstring(rsa_pubkey)])

            # Clear device policy. This also invokes pyauto.PyUITest.setUp(self).
            self.SetDevicePolicy()

            # Remove any existing vaults.
            self.RemoveAllCryptohomeVaultsOnChromeOS()
        else:
            pyauto.PyUITest.setUp(self)
    def __init__(self, server_address, data_dir, policy_path,
                 client_state_file, private_key_paths, server_base_url):
        """Initializes the server.

    Args:
      server_address: Server host and port.
      policy_path: Names the file to read JSON-formatted policy from.
      private_key_paths: List of paths to read private keys from.
    """
        testserver_base.StoppableHTTPServer.__init__(self, server_address,
                                                     PolicyRequestHandler)
        self._registered_tokens = {}
        self.data_dir = data_dir
        self.policy_path = policy_path
        self.client_state_file = client_state_file
        self.server_base_url = server_base_url

        self.keys = []
        if private_key_paths:
            # Load specified keys from the filesystem.
            for key_path in private_key_paths:
                try:
                    key_str = open(key_path).read()
                except IOError:
                    print 'Failed to load private key from %s' % key_path
                    continue
                try:
                    key = tlslite.api.parsePEMKey(key_str, private=True)
                except SyntaxError:
                    key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8(
                        tlslite.utils.cryptomath.stringToBytes(key_str))

                assert key is not None
                key_info = {'private_key': key}

                # Now try to read in a signature, if one exists.
                try:
                    key_sig = open(key_path + '.sig').read()
                    # Create a dictionary with the wildcard domain + signature
                    key_info['signatures'] = {'*': key_sig}
                except IOError:
                    print 'Failed to read validation signature from %s.sig' % key_path
                self.keys.append(key_info)
        else:
            # Use the canned private keys if none were passed from the command line.
            for signing_key in SIGNING_KEYS:
                decoded_key = base64.b64decode(signing_key['key'])
                key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8(
                    tlslite.utils.cryptomath.stringToBytes(decoded_key))
                assert key is not None
                # Grab the signature dictionary for this key and decode all of the
                # signatures.
                signature_dict = signing_key['signatures']
                decoded_signatures = {}
                for domain in signature_dict:
                    decoded_signatures[domain] = base64.b64decode(
                        signature_dict[domain])
                self.keys.append({
                    'private_key': key,
                    'signatures': decoded_signatures
                })

        # Derive the public keys from the private keys.
        for entry in self.keys:
            key = entry['private_key']

            algorithm = asn1der.Sequence([
                asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
                asn1der.Data(asn1der.NULL, '')
            ])
            rsa_pubkey = asn1der.Sequence(
                [asn1der.Integer(key.n),
                 asn1der.Integer(key.e)])
            pubkey = asn1der.Sequence(
                [algorithm, asn1der.Bitstring(rsa_pubkey)])
            entry['public_key'] = pubkey

        # Load client state.
        if self.client_state_file is not None:
            try:
                file_contents = open(self.client_state_file).read()
                self._registered_tokens = json.loads(file_contents,
                                                     strict=False)
            except IOError:
                pass