Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8070)

Unified Diff: chrome/browser/policy/cloud_policy_validator.h

Issue 10828032: Add DeviceSettingsService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/policy/cloud_policy_validator.h
diff --git a/chrome/browser/policy/cloud_policy_validator.h b/chrome/browser/policy/cloud_policy_validator.h
index 9a40505e63960216c356e7adae11734f829a37b8..4fdacd8bc533211c7ca7e7fc286b6500819e374b 100644
--- a/chrome/browser/policy/cloud_policy_validator.h
+++ b/chrome/browser/policy/cloud_policy_validator.h
@@ -77,7 +77,9 @@ class CloudPolicyValidatorBase {
// Instructs the validator to check that the policy timestamp is not before
// |not_before| and not after |now| + grace interval.
- void ValidateTimestamp(base::Time not_before, base::Time now);
+ void ValidateTimestamp(base::Time not_before,
+ base::Time now,
+ bool allow_missing_timestamp);
// Validates the username in the policy blob matches |expected_user|.
void ValidateUsername(const std::string& expected_user);
@@ -95,11 +97,11 @@ class CloudPolicyValidatorBase {
// Validates that the payload can be decoded successfully.
void ValidatePayload();
- // Verifies that the signature on the policy blob verifies against |key|. If
- // there is a key rotation present in the policy blob, this checks the
- // signature on the new key against |key| and the policy blob against the new
- // key.
- void ValidateSignature(const std::string& key);
+ // Verifies that the signature on the policy blob verifies against |key|. If |
+ // |allow_key_rotation| is true and there is a key rotation present in the
+ // policy blob, this checks the signature on the new key against |key| and the
+ // policy blob against the new key.
+ void ValidateSignature(const std::string& key, bool allow_key_rotation);
// Similar to StartSignatureVerification(), this checks the signature on the
// policy blob. However, this variant expects a new policy key set in the
@@ -113,7 +115,8 @@ class CloudPolicyValidatorBase {
// timestamp validation will drop the lower bound and no token validation will
// be configured.
void ValidateAgainstCurrentPolicy(
- const enterprise_management::PolicyData* policy_data);
+ const enterprise_management::PolicyData* policy_data,
+ bool allow_missing_timestamp);
// Kicks off validation. From this point on, the validator manages its own
// lifetime. |completion_callback| is invoked when done.
@@ -176,11 +179,13 @@ class CloudPolicyValidatorBase {
int validation_flags_;
base::Time timestamp_not_before_;
base::Time timestamp_not_after_;
+ bool allow_missing_timestamp_;
std::string user_;
std::string domain_;
std::string token_;
std::string policy_type_;
std::string key_;
+ bool allow_key_rotation_;
DISALLOW_COPY_AND_ASSIGN(CloudPolicyValidatorBase);
};

Powered by Google App Engine
This is Rietveld 408576698