def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
poldata = policy.build_policy_data(owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
policy_string = policy.generate_policy(pkey, pubkey, poldata)
policy.push_policy_and_verify(policy_string, sm)
retrieved_policy = policy.get_policy(sm)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'))
try:
# Sanity check against an incorrect policy
policy.compare_policy_response(retrieved_policy,
owner=ownership.TESTUSER,
guests=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
except ownership.OwnershipError:
pass
else:
raise error.TestFail('Did not detect bad policy')
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
sm = session_manager.connect(self._bus_loop)
if not sm.StartSession(ownership.TESTUSER, ''):
raise error.TestFail('Could not start session for owner')
poldata = policy.build_policy_data(self.srcdir,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'),
proxies={'proxy_mode': 'direct'})
policy_string = policy.generate_policy(self.srcdir, pkey, pubkey,
poldata)
policy.push_policy_and_verify(policy_string, sm)
retrieved_policy = policy.get_policy(sm)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'),
proxies={'proxy_mode': 'direct'})
try:
# Sanity check against an incorrect policy
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=True,
whitelist=(ownership.TESTUSER,
'[email protected]'),
proxies={'proxy_mode': 'direct'})
except ownership.OwnershipError:
pass
else:
raise error.TestFail('Did not detect bad policy')
try:
sm.StopSession('')
except error.TestError as e:
logging.error(str(e))
raise error.TestFail('Could not stop session for owner')
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
# Pre-configure some owner settings, including initial key.
poldata = policy.build_policy_data(self.srcdir,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
policy_string = policy.generate_policy(self.srcdir,
pkey,
pubkey,
poldata)
policy.push_policy_and_verify(policy_string, self._sm)
# grab key, ensure that it's the same as the known key.
if (utils.read_file(constants.OWNER_KEY_FILE) != pubkey):
raise error.TestFail('Owner key should not have changed!')
# Start a new session, which will trigger the re-taking of ownership.
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
if not self._sm.StartSession(ownership.TESTUSER, ''):
raise error.TestError('Could not start session for owner')
listener.wait_for_signals(desc='Re-taking of ownership complete.')
# grab key, ensure that it's different than known key
if (utils.read_file(constants.OWNER_KEY_FILE) == pubkey):
raise error.TestFail('Owner key should have changed!')
# RetrievePolicy, check sig against new key, check properties
retrieved_policy = self._sm.RetrievePolicy(byte_arrays=True)
if retrieved_policy is None:
raise error.TestError('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'))
def run_once(self):
# Initial policy setup.
poldata = policy.build_policy_data(self.srcdir)
priv = ownership.known_privkey()
pub = ownership.known_pubkey()
policy.push_policy_and_verify(
policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
# Force re-key the device
(priv, pub) = ownership.pairgen_as_data()
policy.push_policy_and_verify(
policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
# Rotate key gracefully.
self.username = (''.join(random.sample(string.ascii_lowercase, 6)) +
"@foo.com")
password = ''.join(random.sample(string.ascii_lowercase, 6))
self._cryptohome_proxy.remove(self.username)
self._cryptohome_proxy.mount(self.username, password, create=True)
(new_priv, new_pub) = ownership.pairgen_as_data()
if not self._sm.StartSession(self.username, ''):
raise error.TestFail('Could not start session for random user')
policy.push_policy_and_verify(
policy.generate_policy(self.srcdir,
key=new_priv,
pubkey=new_pub,
policy=poldata,
old_key=priv), self._sm)
try:
self._sm.StopSession('')
except error.TestError as e:
logging.error(str(e))
raise error.TestFail('Could not stop session for random user')