xref: /external/autotest/client/site_tests/login_RemoteOwnership/login_RemoteOwnership.py

# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import logging, random, string, os
from dbus.mainloop.glib import DBusGMainLoop

from autotest_lib.client.bin import test, utils
from autotest_lib.client.common_lib import error
from autotest_lib.client.common_lib.cros import policy, session_manager
from autotest_lib.client.cros import cros_ui, cryptohome, ownership


class login_RemoteOwnership(test.test):
    """Tests to ensure that the Ownership API can be used, as an
       enterprise might, to set device policies.
    """

    version = 1

    def setup(self):
        os.chdir(self.srcdir)
        utils.make('OUT_DIR=.')


    def initialize(self):
        # Start with a clean slate wrt ownership
        ownership.restart_ui_to_clear_ownership_files()
        super(login_RemoteOwnership, self).initialize()

        bus_loop = DBusGMainLoop(set_as_default=True)
        self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
        self._sm = session_manager.connect(bus_loop)


    def run_once(self):
        # Initial policy setup.
        poldata = policy.build_policy_data(self.srcdir)
        priv = ownership.known_privkey()
        pub = ownership.known_pubkey()
        policy.push_policy_and_verify(
            policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)

        # Force re-key the device
        (priv, pub) = ownership.pairgen_as_data()
        policy.push_policy_and_verify(
            policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)

        # Rotate key gracefully.
        self.username = (''.join(random.sample(string.ascii_lowercase,6)) +
                         "@foo.com")
        password = ''.join(random.sample(string.ascii_lowercase,6))
        self._cryptohome_proxy.remove(self.username)
        self._cryptohome_proxy.mount(self.username, password, create=True)

        (new_priv, new_pub) = ownership.pairgen_as_data()

        if not self._sm.StartSession(self.username, ''):
            raise error.TestFail('Could not start session for random user')

        policy.push_policy_and_verify(
            policy.generate_policy(self.srcdir,
                                   key=new_priv,
                                   pubkey=new_pub,
                                   policy=poldata,
                                   old_key=priv),
            self._sm)

        try:
            self._sm.StopSession('')
        except error.TestError as e:
            logging.error(str(e))
            raise error.TestFail('Could not stop session for random user')


    def cleanup(self):
        # Best effort to bounce the UI, which may be up or down.
        cros_ui.stop(allow_fail=True)
        self._cryptohome_proxy.remove(self.username)
        cros_ui.start(allow_fail=True, wait_for_login_prompt=False)
        super(login_RemoteOwnership, self).cleanup()