1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import logging, random, string, os
6from dbus.mainloop.glib import DBusGMainLoop
7
8from autotest_lib.client.bin import test, utils
9from autotest_lib.client.common_lib import error
10from autotest_lib.client.common_lib.cros import policy, session_manager
11from autotest_lib.client.cros import cros_ui, cryptohome, ownership
12
13
14class login_RemoteOwnership(test.test):
15    """Tests to ensure that the Ownership API can be used, as an
16       enterprise might, to set device policies.
17    """
18
19    version = 1
20
21    def setup(self):
22        os.chdir(self.srcdir)
23        utils.make('OUT_DIR=.')
24
25
26    def initialize(self):
27        # Start with a clean slate wrt ownership
28        ownership.restart_ui_to_clear_ownership_files()
29        super(login_RemoteOwnership, self).initialize()
30
31        bus_loop = DBusGMainLoop(set_as_default=True)
32        self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
33        self._sm = session_manager.connect(bus_loop)
34
35
36    def run_once(self):
37        # Initial policy setup.
38        poldata = policy.build_policy_data(self.srcdir)
39        priv = ownership.known_privkey()
40        pub = ownership.known_pubkey()
41        policy.push_policy_and_verify(
42            policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
43
44        # Force re-key the device
45        (priv, pub) = ownership.pairgen_as_data()
46        policy.push_policy_and_verify(
47            policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
48
49        # Rotate key gracefully.
50        self.username = (''.join(random.sample(string.ascii_lowercase,6)) +
51                         "@foo.com")
52        password = ''.join(random.sample(string.ascii_lowercase,6))
53        self._cryptohome_proxy.remove(self.username)
54        self._cryptohome_proxy.mount(self.username, password, create=True)
55
56        (new_priv, new_pub) = ownership.pairgen_as_data()
57
58        if not self._sm.StartSession(self.username, ''):
59            raise error.TestFail('Could not start session for random user')
60
61        policy.push_policy_and_verify(
62            policy.generate_policy(self.srcdir,
63                                   key=new_priv,
64                                   pubkey=new_pub,
65                                   policy=poldata,
66                                   old_key=priv),
67            self._sm)
68
69        try:
70            self._sm.StopSession('')
71        except error.TestError as e:
72            logging.error(str(e))
73            raise error.TestFail('Could not stop session for random user')
74
75
76    def cleanup(self):
77        # Best effort to bounce the UI, which may be up or down.
78        cros_ui.stop(allow_fail=True)
79        self._cryptohome_proxy.remove(self.username)
80        cros_ui.start(allow_fail=True, wait_for_login_prompt=False)
81        super(login_RemoteOwnership, self).cleanup()
82