diff options
author | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-18 11:13:25 +0000 |
---|---|---|
committer | mnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-18 11:13:25 +0000 |
commit | 58a53b5f07f384aa761d4113da7af2b5c9a00c59 (patch) | |
tree | 054547506b7379bd9a92b9265e98cbf78fea8edc | |
parent | f6064f246479f281f863c09f674eb1ad6137900a (diff) | |
download | chromium_src-58a53b5f07f384aa761d4113da7af2b5c9a00c59.zip chromium_src-58a53b5f07f384aa761d4113da7af2b5c9a00c59.tar.gz chromium_src-58a53b5f07f384aa761d4113da7af2b5c9a00c59.tar.bz2 |
Support key rotation in the policy test server.
BUG=none
TEST=compiles and passes tests
Review URL: http://codereview.chromium.org/6849019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81934 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | net/tools/testserver/device_management.py | 29 | ||||
-rwxr-xr-x | net/tools/testserver/testserver.py | 7 |
2 files changed, 24 insertions, 12 deletions
diff --git a/net/tools/testserver/device_management.py b/net/tools/testserver/device_management.py index b62b2c0..6fb9fa5 100644 --- a/net/tools/testserver/device_management.py +++ b/net/tools/testserver/device_management.py @@ -456,12 +456,18 @@ class RequestHandler(object): self._server.policy[msg.policy_type]) policy_value = settings.SerializeToString() - # Figure out the key we want to use. - key = None - if (msg.signature_type == dm.PolicyFetchRequest.SHA1_RSA and - len(self._server.keys)): - key_version = min(max(1, msg.public_key_version), len(self._server.keys)) - key = self._server.keys[key_version - 1] + # Figure out the key we want to use. If multiple keys are configured, the + # server will rotate through them in a round-robin fashion. + signing_key = None + req_key = None + key_version = 1 + nkeys = len(self._server.keys) + if msg.signature_type == dm.PolicyFetchRequest.SHA1_RSA and nkeys > 0: + if msg.public_key_version in range(1, nkeys + 1): + # requested key exists, use for signing and rotate. + req_key = self._server.keys[msg.public_key_version - 1]['private_key'] + key_version = (msg.public_key_version % nkeys) + 1 + signing_key = self._server.keys[key_version - 1] # Fill the policy data protobuf. policy_data = dm.PolicyData() @@ -470,7 +476,7 @@ class RequestHandler(object): policy_data.request_token = token_info['device_token']; policy_data.policy_value = policy_value policy_data.machine_name = token_info['machine_name'] - if key: + if signing_key: policy_data.public_key_version = key_version policy_data.username = self._server.username policy_data.device_id = token_info['device_id'] @@ -480,11 +486,14 @@ class RequestHandler(object): response.error = dm.DeviceManagementResponse.SUCCESS fetch_response = response.policy_response.response.add() fetch_response.policy_data = signed_data - if key: + if signing_key: fetch_response.policy_data_signature = ( - key['private_key'].hashAndSign(signed_data).tostring()) + signing_key['private_key'].hashAndSign(signed_data).tostring()) if msg.public_key_version != key_version: - fetch_response.new_public_key = key['public_key'] + fetch_response.new_public_key = signing_key['public_key'] + if req_key: + fetch_response.new_public_key_signature = ( + req_key.hashAndSign(fetch_response.new_public_key).tostring()) self.DumpMessage('Response', response) diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py index 2d0febd..9e8ffd2 100755 --- a/net/tools/testserver/testserver.py +++ b/net/tools/testserver/testserver.py @@ -1465,8 +1465,11 @@ if __name__ == '__main__': help='Specify a path to a PEM-encoded private key ' 'to use for policy signing. May be specified ' 'multiple times in order to load multipe keys into ' - 'the server. The server will generate a random key ' - 'if none is specified on the command line') + 'the server. If ther server has multiple keys, it ' + 'will rotate through them in at each request a ' + 'round-robin fashion. The server will generate a ' + 'random key if none is specified on the command ' + 'line.') option_parser.add_option('', '--policy-user', default='user@example.com', dest='policy_user', help='Specify the user name the server should ' |