1# Copyright 2018 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import hashlib
6import logging
7import os
8
9from autotest_lib.client.common_lib import error
10from autotest_lib.client.cros.enterprise import enterprise_policy_base
11
12
13class policy_ExtensionPolicy(enterprise_policy_base.EnterprisePolicyTest):
14    version = 1
15
16
17    def initialize(self, **kwargs):
18        """
19        Start webserver and set the extension policy file's path and checksum.
20
21        """
22        super(policy_ExtensionPolicy, self).initialize(**kwargs)
23        self.start_webserver()
24
25        # Location of the extension policy on the server.
26        POLICY_FILE = 'extension_policy.json'
27        policy_path = os.path.join(self.enterprise_dir, POLICY_FILE)
28        self.EXTENSION_POLICY_URL = '%s/%s' % (self.WEB_HOST, POLICY_FILE)
29        self.CHECKSUM = self.sha256sum(policy_path)
30
31
32    def sha256sum(self, filepath):
33        """
34        Generate the SHA256 checksum of |filepath|.
35
36        @param filepath: Path to file.
37
38        @returns: SHA256 checksum as a hex string.
39
40        """
41        with open(filepath, 'rb') as f:
42            return hashlib.sha256(f.read()).hexdigest()
43
44
45    def run_once(self):
46        """
47        Setup and run the test configured for the specified test case.
48
49        """
50        extension_path = os.path.join(os.path.dirname(__file__),
51                                      'policy_test_extension')
52
53        self.setup_case(extension_paths=[extension_path])
54
55        # The extension ID is required for setting the extension policy. But
56        # the extension ID is assigned randomly, so we need to force install
57        # the policy test extension first and then read its ID.
58        extension_id = self.cr.get_extension(extension_path).extension_id
59        extension_policies = {
60            extension_id: {
61                'download_url': self.EXTENSION_POLICY_URL,
62                'secure_hash': self.CHECKSUM
63            }
64        }
65
66        if self.dms_is_fake:
67            # Update the server policies with the extension policies.
68            self.fake_dm_server.setup_policy(self._make_json_blob(
69                extension_policies=extension_policies))
70            self.reload_policies()
71
72        # Ensure fields marked sensitive are censored in the policy tab.
73        sensitive_fields = ['SensitiveStringPolicy', 'SensitiveDictPolicy']
74        self.verify_extension_stats(extension_policies,
75                                    sensitive_fields=sensitive_fields)
76