OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/policy/cloud_policy_cache.h" | 5 #include "chrome/browser/policy/cloud_policy_cache.h" |
6 | 6 |
7 #include <limits> | 7 #include <limits> |
8 | 8 |
9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
75 // Policy level this provider will handle. | 75 // Policy level this provider will handle. |
76 CloudPolicyCache::PolicyLevel level_; | 76 CloudPolicyCache::PolicyLevel level_; |
77 | 77 |
78 DISALLOW_COPY_AND_ASSIGN(CloudPolicyProvider); | 78 DISALLOW_COPY_AND_ASSIGN(CloudPolicyProvider); |
79 }; | 79 }; |
80 | 80 |
81 // Saves policy information to a file. | 81 // Saves policy information to a file. |
82 class PersistPolicyTask : public Task { | 82 class PersistPolicyTask : public Task { |
83 public: | 83 public: |
84 PersistPolicyTask(const FilePath& path, | 84 PersistPolicyTask(const FilePath& path, |
85 const em::CloudPolicyResponse* cloud_policy_response, | 85 const em::PolicyFetchResponse* cloud_policy_response, |
86 const em::DevicePolicyResponse* device_policy_response, | 86 const em::DevicePolicyResponse* device_policy_response, |
87 const bool is_unmanaged) | 87 const bool is_unmanaged) |
88 : path_(path), | 88 : path_(path), |
89 cloud_policy_response_(cloud_policy_response), | 89 cloud_policy_response_(cloud_policy_response), |
90 device_policy_response_(device_policy_response), | 90 device_policy_response_(device_policy_response), |
91 is_unmanaged_(is_unmanaged) {} | 91 is_unmanaged_(is_unmanaged) {} |
92 | 92 |
93 private: | 93 private: |
94 // Task override. | 94 // Task override. |
95 virtual void Run(); | 95 virtual void Run(); |
96 | 96 |
97 const FilePath path_; | 97 const FilePath path_; |
98 scoped_ptr<const em::CloudPolicyResponse> cloud_policy_response_; | 98 scoped_ptr<const em::PolicyFetchResponse> cloud_policy_response_; |
99 scoped_ptr<const em::DevicePolicyResponse> device_policy_response_; | 99 scoped_ptr<const em::DevicePolicyResponse> device_policy_response_; |
100 const bool is_unmanaged_; | 100 const bool is_unmanaged_; |
101 }; | 101 }; |
102 | 102 |
103 void PersistPolicyTask::Run() { | 103 void PersistPolicyTask::Run() { |
104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
105 std::string data; | 105 std::string data; |
106 em::CachedCloudPolicyResponse cached_policy; | 106 em::CachedCloudPolicyResponse cached_policy; |
107 if (cloud_policy_response_.get()) { | 107 if (cloud_policy_response_.get()) { |
108 cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_); | 108 cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_); |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
204 device_policy_.reset(value.release()); | 204 device_policy_.reset(value.release()); |
205 has_device_policy_ = true; | 205 has_device_policy_ = true; |
206 } | 206 } |
207 last_policy_refresh_time_ = timestamp; | 207 last_policy_refresh_time_ = timestamp; |
208 initialization_complete_ = true; | 208 initialization_complete_ = true; |
209 | 209 |
210 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | 210 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, |
211 observer_list_, OnUpdatePolicy()); | 211 observer_list_, OnUpdatePolicy()); |
212 } | 212 } |
213 | 213 |
214 void CloudPolicyCache::SetPolicy(const em::CloudPolicyResponse& policy) { | 214 void CloudPolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { |
215 DCHECK(CalledOnValidThread()); | 215 DCHECK(CalledOnValidThread()); |
216 bool initialization_was_not_complete = !initialization_complete_; | 216 bool initialization_was_not_complete = !initialization_complete_; |
217 is_unmanaged_ = false; | 217 is_unmanaged_ = false; |
218 base::Time timestamp; | 218 base::Time timestamp; |
219 PolicyMap mandatory_policy; | 219 PolicyMap mandatory_policy; |
220 PolicyMap recommended_policy; | 220 PolicyMap recommended_policy; |
221 bool ok = DecodePolicyResponse(policy, &mandatory_policy, &recommended_policy, | 221 bool ok = DecodePolicyResponse(policy, &mandatory_policy, &recommended_policy, |
222 ×tamp); | 222 ×tamp); |
223 if (!ok) | 223 if (!ok) |
224 return; | 224 return; |
(...skipping 10 matching lines...) Expand all Loading... |
235 if (new_policy_differs || initialization_was_not_complete) { | 235 if (new_policy_differs || initialization_was_not_complete) { |
236 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | 236 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, |
237 observer_list_, OnUpdatePolicy()); | 237 observer_list_, OnUpdatePolicy()); |
238 } | 238 } |
239 | 239 |
240 if (timestamp > base::Time::NowFromSystemTime() + | 240 if (timestamp > base::Time::NowFromSystemTime() + |
241 base::TimeDelta::FromMinutes(1)) { | 241 base::TimeDelta::FromMinutes(1)) { |
242 LOG(WARNING) << "Server returned policy with timestamp from the future, " | 242 LOG(WARNING) << "Server returned policy with timestamp from the future, " |
243 "not persisting to disk."; | 243 "not persisting to disk."; |
244 } else { | 244 } else { |
245 em::CloudPolicyResponse* policy_copy = new em::CloudPolicyResponse; | 245 em::PolicyFetchResponse* policy_copy = new em::PolicyFetchResponse; |
246 policy_copy->CopyFrom(policy); | 246 policy_copy->CopyFrom(policy); |
247 BrowserThread::PostTask( | 247 BrowserThread::PostTask( |
248 BrowserThread::FILE, | 248 BrowserThread::FILE, |
249 FROM_HERE, | 249 FROM_HERE, |
250 new PersistPolicyTask(backing_file_path_, policy_copy, NULL, false)); | 250 new PersistPolicyTask(backing_file_path_, policy_copy, NULL, false)); |
251 } | 251 } |
252 } | 252 } |
253 | 253 |
254 void CloudPolicyCache::SetDevicePolicy(const em::DevicePolicyResponse& policy) { | 254 void CloudPolicyCache::SetDevicePolicy(const em::DevicePolicyResponse& policy) { |
255 DCHECK(CalledOnValidThread()); | 255 DCHECK(CalledOnValidThread()); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
298 observer_list_, OnUpdatePolicy()); | 298 observer_list_, OnUpdatePolicy()); |
299 | 299 |
300 BrowserThread::PostTask( | 300 BrowserThread::PostTask( |
301 BrowserThread::FILE, | 301 BrowserThread::FILE, |
302 FROM_HERE, | 302 FROM_HERE, |
303 new PersistPolicyTask(backing_file_path_, NULL, NULL, true)); | 303 new PersistPolicyTask(backing_file_path_, NULL, NULL, true)); |
304 } | 304 } |
305 | 305 |
306 // static | 306 // static |
307 bool CloudPolicyCache::DecodePolicyResponse( | 307 bool CloudPolicyCache::DecodePolicyResponse( |
308 const em::CloudPolicyResponse& policy_response, | 308 const em::PolicyFetchResponse& policy_response, |
309 PolicyMap* mandatory, | 309 PolicyMap* mandatory, |
310 PolicyMap* recommended, | 310 PolicyMap* recommended, |
311 base::Time* timestamp) { | 311 base::Time* timestamp) { |
312 std::string data = policy_response.signed_response(); | 312 std::string data = policy_response.policy_data(); |
313 | 313 |
314 if (!VerifySignature(policy_response.signature(), data, | 314 if (!VerifySignature(policy_response.policy_data_signature(), data, |
315 policy_response.certificate_chain())) { | 315 policy_response.certificate_chain())) { |
316 LOG(WARNING) << "Failed to verify signature."; | 316 LOG(WARNING) << "Failed to verify signature."; |
317 return false; | 317 return false; |
318 } | 318 } |
319 | 319 |
320 em::SignedCloudPolicyResponse response; | 320 em::PolicyData policy_data; |
321 if (!response.ParseFromArray(data.c_str(), data.size())) { | 321 if (!policy_data.ParseFromString(data)) { |
322 LOG(WARNING) << "Failed to parse SignedCloudPolicyResponse protobuf."; | 322 LOG(WARNING) << "Failed to parse PolicyData protobuf."; |
323 return false; | 323 return false; |
324 } | 324 } |
325 | 325 |
326 // TODO(jkummerow): Verify response.device_token(). Needs final specification | 326 // TODO(jkummerow): Verify policy_data.device_token(). Needs final |
327 // which token we're actually sending / expecting to get back. | 327 // specification which token we're actually sending / expecting to get back. |
328 | 328 |
329 // TODO(jkummerow): Store response.device_name(), if we decide to transfer | 329 // TODO(jkummerow): Store policy_data.device_name(), if we decide to transfer |
330 // it from the server to the client. | 330 // it from the server to the client. |
331 | 331 |
332 DCHECK(timestamp); | 332 *timestamp = base::Time::UnixEpoch() + |
333 *timestamp = base::Time::FromTimeT(response.timestamp()); | 333 base::TimeDelta::FromMilliseconds(policy_data.timestamp()); |
334 DecodePolicy(response.settings(), mandatory, recommended); | 334 em::CloudPolicySettings policy; |
| 335 if (!policy.ParseFromString(policy_data.policy_value())) { |
| 336 LOG(WARNING) << "Failed to parse CloudPolicySettings protobuf."; |
| 337 return false; |
| 338 } |
| 339 DecodePolicy(policy, mandatory, recommended); |
335 return true; | 340 return true; |
336 } | 341 } |
337 | 342 |
338 // static | 343 // static |
339 bool CloudPolicyCache::VerifySignature( | 344 bool CloudPolicyCache::VerifySignature( |
340 const std::string& signature, | 345 const std::string& signature, |
341 const std::string& data, | 346 const std::string& data, |
342 const RepeatedPtrField<std::string>& certificate_chain) { | 347 const RepeatedPtrField<std::string>& certificate_chain) { |
343 // TODO(jkummerow): Implement this. Non-trivial because we want to do it | 348 // TODO(jkummerow): Implement this. Non-trivial because we want to do it |
344 // for all platforms -> it's enough work to deserve its own CL. | 349 // for all platforms -> it's enough work to deserve its own CL. |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
454 CloudPolicyCache::DecodeValue(named_value->value()); | 459 CloudPolicyCache::DecodeValue(named_value->value()); |
455 if (decoded_value) | 460 if (decoded_value) |
456 result->Set(named_value->name(), decoded_value); | 461 result->Set(named_value->name(), decoded_value); |
457 } | 462 } |
458 } | 463 } |
459 } | 464 } |
460 return result; | 465 return result; |
461 } | 466 } |
462 | 467 |
463 } // namespace policy | 468 } // namespace policy |
OLD | NEW |