def __init__(self, server_address, data_dir, policy_path, client_state_file,
private_key_paths):
"""Initializes the server.
Args:
server_address: Server host and port.
policy_path: Names the file to read JSON-formatted policy from.
private_key_paths: List of paths to read private keys from.
"""
testserver_base.StoppableHTTPServer.__init__(self, server_address,
PolicyRequestHandler)
self._registered_tokens = {}
self.data_dir = data_dir
self.policy_path = policy_path
self.client_state_file = client_state_file
self.keys = []
if private_key_paths:
# Load specified keys from the filesystem.
for key_path in private_key_paths:
try:
key_str = open(key_path).read()
except IOError:
print 'Failed to load private key from %s' % key_path
continue
try:
key = tlslite.api.parsePEMKey(key_str, private=True)
except SyntaxError:
key = tlslite.utils.Python_RSAKey.Python_RSAKey._parsePKCS8(
tlslite.utils.cryptomath.stringToBytes(key_str))
assert key is not None
self.keys.append({ 'private_key' : key })
else:
# Generate 2 private keys if none were passed from the command line.
for i in range(2):
key = tlslite.api.generateRSAKey(512)
assert key is not None
self.keys.append({ 'private_key' : key })
# Derive the public keys from the private keys.
for entry in self.keys:
key = entry['private_key']
algorithm = asn1der.Sequence(
[ asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
asn1der.Data(asn1der.NULL, '') ])
rsa_pubkey = asn1der.Sequence([ asn1der.Integer(key.n),
asn1der.Integer(key.e) ])
pubkey = asn1der.Sequence([ algorithm, asn1der.Bitstring(rsa_pubkey) ])
entry['public_key'] = pubkey;
# Load client state.
if self.client_state_file is not None:
try:
file_contents = open(self.client_state_file).read()
self._registered_tokens = json.loads(file_contents)
except IOError:
pass
def __init__(self, policy_path, private_key_paths, policy_user):
"""Initializes the server.
Args:
policy_path: Names the file to read JSON-formatted policy from.
private_key_paths: List of paths to read private keys from.
"""
self._registered_tokens = {}
self.policy = {}
# There is no way to for the testserver to know the user name belonging to
# the GAIA auth token we received (short of actually talking to GAIA). To
# address this, we have a command line parameter to set the username that
# the server should report to the client.
self.username = policy_user
if json is None:
print 'No JSON module, cannot parse policy information'
else:
try:
self.policy = json.loads(open(policy_path).read())
except IOError:
print 'Failed to load policy from %s' % policy_path
self.keys = []
if private_key_paths:
# Load specified keys from the filesystem.
for key_path in private_key_paths:
try:
key = tlslite.api.parsePEMKey(open(key_path).read(),
private=True)
except IOError:
print 'Failed to load private key from %s' % key_path
continue
assert key != None
self.keys.append({'private_key': key})
else:
# Generate a key if none were specified.
key = tlslite.api.generateRSAKey(1024)
assert key != None
self.keys.append({'private_key': key})
# Derive the public keys from the loaded private keys.
for entry in self.keys:
key = entry['private_key']
algorithm = asn1der.Sequence([
asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
asn1der.Data(asn1der.NULL, '')
])
rsa_pubkey = asn1der.Sequence(
[asn1der.Integer(key.n),
asn1der.Integer(key.e)])
pubkey = asn1der.Sequence(
[algorithm, asn1der.Bitstring(rsa_pubkey)])
entry['public_key'] = pubkey
def __init__(self, policy_path, private_key_paths):
"""Initializes the server.
Args:
policy_path: Names the file to read JSON-formatted policy from.
private_key_paths: List of paths to read private keys from.
"""
self._registered_tokens = {}
self.policy_path = policy_path
self.keys = []
if private_key_paths:
# Load specified keys from the filesystem.
for key_path in private_key_paths:
try:
key = tlslite.api.parsePEMKey(open(key_path).read(), private=True)
except IOError:
print 'Failed to load private key from %s' % key_path
continue
assert key is not None
self.keys.append({ 'private_key' : key })
else:
# Generate a key if none were specified.
key = tlslite.api.generateRSAKey(1024)
assert key is not None
self.keys.append({ 'private_key' : key })
# Derive the public keys from the loaded private keys.
for entry in self.keys:
key = entry['private_key']
algorithm = asn1der.Sequence(
[ asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
asn1der.Data(asn1der.NULL, '') ])
rsa_pubkey = asn1der.Sequence([ asn1der.Integer(key.n),
asn1der.Integer(key.e) ])
pubkey = asn1der.Sequence([ algorithm, asn1der.Bitstring(rsa_pubkey) ])
entry['public_key'] = pubkey;
def setUp(self):
"""Sets up the platform for policy testing.
On ChromeOS, part of the setup involves restarting the session manager to
inject a device policy blob.
"""
if self.IsChromeOS():
# Set up a temporary data dir and a TestServer serving files from there.
# The TestServer makes its document root relative to the src dir.
source_dir = os.path.normpath(pyauto_paths.GetSourceDir())
self._temp_data_dir = tempfile.mkdtemp(dir=source_dir)
relative_temp_data_dir = os.path.basename(self._temp_data_dir)
self._http_server = self.StartHTTPServer(relative_temp_data_dir)
# Set up an empty user policy so that the TestServer can start replying.
self._SetUserPolicyChromeOS()
# Generate a key pair for signing device policy.
self._private_key = tlslite.api.generateRSAKey(1024)
algorithm = asn1der.Sequence([
asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
asn1der.Data(asn1der.NULL, '')
])
rsa_pubkey = asn1der.Sequence([
asn1der.Integer(self._private_key.n),
asn1der.Integer(self._private_key.e)
])
self._public_key = asn1der.Sequence(
[algorithm, asn1der.Bitstring(rsa_pubkey)])
# Clear device policy. This also invokes pyauto.PyUITest.setUp(self).
self.SetDevicePolicy()
# Remove any existing vaults.
self.RemoveAllCryptohomeVaultsOnChromeOS()
else:
pyauto.PyUITest.setUp(self)
def __init__(self, server_address, data_dir, policy_path,
client_state_file, private_key_paths, server_base_url):
"""Initializes the server.
Args:
server_address: Server host and port.
policy_path: Names the file to read JSON-formatted policy from.
private_key_paths: List of paths to read private keys from.
"""
testserver_base.StoppableHTTPServer.__init__(self, server_address,
PolicyRequestHandler)
self._registered_tokens = {}
self.data_dir = data_dir
self.policy_path = policy_path
self.client_state_file = client_state_file
self.server_base_url = server_base_url
self.keys = []
if private_key_paths:
# Load specified keys from the filesystem.
for key_path in private_key_paths:
try:
key_str = open(key_path).read()
except IOError:
print 'Failed to load private key from %s' % key_path
continue
try:
key = tlslite.api.parsePEMKey(key_str, private=True)
except SyntaxError:
key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8(
tlslite.utils.cryptomath.stringToBytes(key_str))
assert key is not None
key_info = {'private_key': key}
# Now try to read in a signature, if one exists.
try:
key_sig = open(key_path + '.sig').read()
# Create a dictionary with the wildcard domain + signature
key_info['signatures'] = {'*': key_sig}
except IOError:
print 'Failed to read validation signature from %s.sig' % key_path
self.keys.append(key_info)
else:
# Use the canned private keys if none were passed from the command line.
for signing_key in SIGNING_KEYS:
decoded_key = base64.b64decode(signing_key['key'])
key = tlslite.utils.python_rsakey.Python_RSAKey._parsePKCS8(
tlslite.utils.cryptomath.stringToBytes(decoded_key))
assert key is not None
# Grab the signature dictionary for this key and decode all of the
# signatures.
signature_dict = signing_key['signatures']
decoded_signatures = {}
for domain in signature_dict:
decoded_signatures[domain] = base64.b64decode(
signature_dict[domain])
self.keys.append({
'private_key': key,
'signatures': decoded_signatures
})
# Derive the public keys from the private keys.
for entry in self.keys:
key = entry['private_key']
algorithm = asn1der.Sequence([
asn1der.Data(asn1der.OBJECT_IDENTIFIER, PKCS1_RSA_OID),
asn1der.Data(asn1der.NULL, '')
])
rsa_pubkey = asn1der.Sequence(
[asn1der.Integer(key.n),
asn1der.Integer(key.e)])
pubkey = asn1der.Sequence(
[algorithm, asn1der.Bitstring(rsa_pubkey)])
entry['public_key'] = pubkey
# Load client state.
if self.client_state_file is not None:
try:
file_contents = open(self.client_state_file).read()
self._registered_tokens = json.loads(file_contents,
strict=False)
except IOError:
pass
