summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-18 11:13:25 +0000
committermnissler@chromium.org <mnissler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-18 11:13:25 +0000
commit58a53b5f07f384aa761d4113da7af2b5c9a00c59 (patch)
tree054547506b7379bd9a92b9265e98cbf78fea8edc
parentf6064f246479f281f863c09f674eb1ad6137900a (diff)
downloadchromium_src-58a53b5f07f384aa761d4113da7af2b5c9a00c59.zip
chromium_src-58a53b5f07f384aa761d4113da7af2b5c9a00c59.tar.gz
chromium_src-58a53b5f07f384aa761d4113da7af2b5c9a00c59.tar.bz2
Support key rotation in the policy test server.
BUG=none TEST=compiles and passes tests Review URL: http://codereview.chromium.org/6849019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81934 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--net/tools/testserver/device_management.py29
-rwxr-xr-xnet/tools/testserver/testserver.py7
2 files changed, 24 insertions, 12 deletions
diff --git a/net/tools/testserver/device_management.py b/net/tools/testserver/device_management.py
index b62b2c0..6fb9fa5 100644
--- a/net/tools/testserver/device_management.py
+++ b/net/tools/testserver/device_management.py
@@ -456,12 +456,18 @@ class RequestHandler(object):
self._server.policy[msg.policy_type])
policy_value = settings.SerializeToString()
- # Figure out the key we want to use.
- key = None
- if (msg.signature_type == dm.PolicyFetchRequest.SHA1_RSA and
- len(self._server.keys)):
- key_version = min(max(1, msg.public_key_version), len(self._server.keys))
- key = self._server.keys[key_version - 1]
+ # Figure out the key we want to use. If multiple keys are configured, the
+ # server will rotate through them in a round-robin fashion.
+ signing_key = None
+ req_key = None
+ key_version = 1
+ nkeys = len(self._server.keys)
+ if msg.signature_type == dm.PolicyFetchRequest.SHA1_RSA and nkeys > 0:
+ if msg.public_key_version in range(1, nkeys + 1):
+ # requested key exists, use for signing and rotate.
+ req_key = self._server.keys[msg.public_key_version - 1]['private_key']
+ key_version = (msg.public_key_version % nkeys) + 1
+ signing_key = self._server.keys[key_version - 1]
# Fill the policy data protobuf.
policy_data = dm.PolicyData()
@@ -470,7 +476,7 @@ class RequestHandler(object):
policy_data.request_token = token_info['device_token'];
policy_data.policy_value = policy_value
policy_data.machine_name = token_info['machine_name']
- if key:
+ if signing_key:
policy_data.public_key_version = key_version
policy_data.username = self._server.username
policy_data.device_id = token_info['device_id']
@@ -480,11 +486,14 @@ class RequestHandler(object):
response.error = dm.DeviceManagementResponse.SUCCESS
fetch_response = response.policy_response.response.add()
fetch_response.policy_data = signed_data
- if key:
+ if signing_key:
fetch_response.policy_data_signature = (
- key['private_key'].hashAndSign(signed_data).tostring())
+ signing_key['private_key'].hashAndSign(signed_data).tostring())
if msg.public_key_version != key_version:
- fetch_response.new_public_key = key['public_key']
+ fetch_response.new_public_key = signing_key['public_key']
+ if req_key:
+ fetch_response.new_public_key_signature = (
+ req_key.hashAndSign(fetch_response.new_public_key).tostring())
self.DumpMessage('Response', response)
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 2d0febd..9e8ffd2 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -1465,8 +1465,11 @@ if __name__ == '__main__':
help='Specify a path to a PEM-encoded private key '
'to use for policy signing. May be specified '
'multiple times in order to load multipe keys into '
- 'the server. The server will generate a random key '
- 'if none is specified on the command line')
+ 'the server. If ther server has multiple keys, it '
+ 'will rotate through them in at each request a '
+ 'round-robin fashion. The server will generate a '
+ 'random key if none is specified on the command '
+ 'line.')
option_parser.add_option('', '--policy-user', default='user@example.com',
dest='policy_user',
help='Specify the user name the server should '