New protocol and testserver for the Chrome-DMServer protocol

chrome/browser/policy/proto/device_management_backend.proto

-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 syntax = "proto2";
 
 option optimize_for = LITE_RUNTIME;
 
 package enterprise_management;
 
+import "cloud_policy.proto";
+
 // Generic value container.
 message GenericValue {
   enum ValueType {
     VALUE_TYPE_BOOL = 1;
     VALUE_TYPE_INT64 = 2;
     VALUE_TYPE_STRING = 3;
     VALUE_TYPE_DOUBLE = 4;
     VALUE_TYPE_BYTES = 5;
     VALUE_TYPE_BOOL_ARRAY = 6;
     VALUE_TYPE_INT64_ARRAY = 7;
@@ skipping 34 matching lines @@
   optional GenericSetting policy_value = 2;
   // watermark for setting value.
   optional string watermark = 3;
 }
 
 // Request from device to server to register device.
 message DeviceRegisterRequest {
   // reregister device without erasing server state.
   // it can be used to refresh dmtoken etc.
   optional bool reregister = 1;
+
+  // This should be the uniqe id of the device, e.g. serial number
+  optional string device_id = 2;
+
+  // username? (currently this is also sent as an HTTP POST parameter)
 }
 
 // Response from server to device register request.
 message DeviceRegisterResponse {
   // device mangement toke for this registration.
   required string device_management_token = 1;
+
+  // Name assigned to the device.
+  optional string device_name = 2;
 }
 
 // Request from device to server to unregister device.
 message DeviceUnregisterRequest {
 }
 
 // Response from server to device unregister request.
 message DeviceUnregisterResponse {
 }
 
@@ skipping 12 matching lines @@
   // identify key to the settings: proxy etc.
   repeated DevicePolicySettingRequest setting_request = 2;
 }
 
 // Response from server to agent for reading policies.
 message DevicePolicyResponse {
   // the result of the settings.
   repeated DevicePolicySetting setting = 1;
 }
 
+// Request from device to server to read device policies.
+// The use of this message instead of DevicePolicyRequest indicates
+// that the client is expecting a response of type
+// CloudPolicyResponse.
+message CloudPolicyRequest {
+  // identify request scope: CrOS device setting, CrOS user setting
+  // or other type of settings.
+  optional string policy_scope = 1;
+}
+
+// Response from server to device for reading policies.
+message CloudPolicyResponse {
+  // Serialized SignedCloudPolicyResponse.
+  optional bytes signed_response = 1;
+  // Signature of the above data.
+  optional bytes signature = 2;
+}
+
+// this is used only for the DMServer -> ChromeOS response
+message SignedCloudPolicyResponse {
+  // The following two are necessary agains replay attacks.
+  optional int64 timestamp = 1;
+  optional string device_token = 2;
+  optional string device_name = 3;
+  // CloudPolicySettings is defined in cloud_policy.proto.
+  optional CloudPolicySettings settings = 4;
+}
+
 // Request from the DMAgent on the device to the DMServer.
 // This is container for all requests from client.
 //
 // Authorization:
 // 1. If request is register_request, client must pass in GoogleLogin auth
 //    cookie in Authorization header:
 //      Authorization: GoogleLogin auth=<auth cookie>
 //    The response will contain an unique DMToken for future requests.
 //    Depending on domain policy, the request may need admin approval before
 //    DMToken is issued.
 // 2. For other requests, client must pass in DMToken in Authorization header:
 //    Authorization: GoogleDMToken token=<google dm token>
 //
 // Http Query parameters:
 // Query parameters contain the following information in each request:
-//   request: register/unregister/policy etc.
+//   request: register/unregister/policy/cloud_policy etc.
 //   devicetype: CrOS/Android/Iphone etc.
 //   apptype: CrOS/AndroidDM etc.
 //   deviceid: unique id that identify the device.
 //   agent: identify agent on device.
 message DeviceManagementRequest {
   // Register request.
   optional DeviceRegisterRequest register_request = 1;
 
   // Unregister request.
   optional DeviceUnregisterRequest unregister_request = 2;
 
   // Data request.
   optional DevicePolicyRequest policy_request = 3;
+
+  // Data request (new protocol).
+  optional CloudPolicyRequest cloud_policy_request = 4;
 }
 
 // Response from server to device.
 message DeviceManagementResponse {
   // Error code to client.
   enum ErrorCode {
     SUCCESS = 0;
     // Returned for register request when device management is not supported
     // for the domain.
     DEVICE_MANAGEMENT_NOT_SUPPORTED = 1;
@@ skipping 15 matching lines @@
   optional string error_message = 2;
 
   // Register response
   optional DeviceRegisterResponse register_response = 3;
 
   // Unregister response
   optional DeviceUnregisterResponse unregister_response = 4;
 
   // Policy response.
   optional DevicePolicyResponse policy_response = 5;
-}
+
+  // Policy response (new protocol).
+  optional CloudPolicyResponse cloud_policy_response  = 6;
+}