| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/cloud_policy_cache.h" | 5 #include "chrome/browser/policy/cloud_policy_cache.h" |
| 6 | 6 |
| 7 #include <limits> | 7 #include <limits> |
| 8 | 8 |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 // Policy level this provider will handle. | 75 // Policy level this provider will handle. |
| 76 CloudPolicyCache::PolicyLevel level_; | 76 CloudPolicyCache::PolicyLevel level_; |
| 77 | 77 |
| 78 DISALLOW_COPY_AND_ASSIGN(CloudPolicyProvider); | 78 DISALLOW_COPY_AND_ASSIGN(CloudPolicyProvider); |
| 79 }; | 79 }; |
| 80 | 80 |
| 81 // Saves policy information to a file. | 81 // Saves policy information to a file. |
| 82 class PersistPolicyTask : public Task { | 82 class PersistPolicyTask : public Task { |
| 83 public: | 83 public: |
| 84 PersistPolicyTask(const FilePath& path, | 84 PersistPolicyTask(const FilePath& path, |
| 85 const em::CloudPolicyResponse* cloud_policy_response, | 85 const em::PolicyFetchResponse* cloud_policy_response, |
| 86 const em::DevicePolicyResponse* device_policy_response, | 86 const em::DevicePolicyResponse* device_policy_response, |
| 87 const bool is_unmanaged) | 87 const bool is_unmanaged) |
| 88 : path_(path), | 88 : path_(path), |
| 89 cloud_policy_response_(cloud_policy_response), | 89 cloud_policy_response_(cloud_policy_response), |
| 90 device_policy_response_(device_policy_response), | 90 device_policy_response_(device_policy_response), |
| 91 is_unmanaged_(is_unmanaged) {} | 91 is_unmanaged_(is_unmanaged) {} |
| 92 | 92 |
| 93 private: | 93 private: |
| 94 // Task override. | 94 // Task override. |
| 95 virtual void Run(); | 95 virtual void Run(); |
| 96 | 96 |
| 97 const FilePath path_; | 97 const FilePath path_; |
| 98 scoped_ptr<const em::CloudPolicyResponse> cloud_policy_response_; | 98 scoped_ptr<const em::PolicyFetchResponse> cloud_policy_response_; |
| 99 scoped_ptr<const em::DevicePolicyResponse> device_policy_response_; | 99 scoped_ptr<const em::DevicePolicyResponse> device_policy_response_; |
| 100 const bool is_unmanaged_; | 100 const bool is_unmanaged_; |
| 101 }; | 101 }; |
| 102 | 102 |
| 103 void PersistPolicyTask::Run() { | 103 void PersistPolicyTask::Run() { |
| 104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 104 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| 105 std::string data; | 105 std::string data; |
| 106 em::CachedCloudPolicyResponse cached_policy; | 106 em::CachedCloudPolicyResponse cached_policy; |
| 107 if (cloud_policy_response_.get()) { | 107 if (cloud_policy_response_.get()) { |
| 108 cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_); | 108 cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_); |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 204 device_policy_.reset(value.release()); | 204 device_policy_.reset(value.release()); |
| 205 has_device_policy_ = true; | 205 has_device_policy_ = true; |
| 206 } | 206 } |
| 207 last_policy_refresh_time_ = timestamp; | 207 last_policy_refresh_time_ = timestamp; |
| 208 initialization_complete_ = true; | 208 initialization_complete_ = true; |
| 209 | 209 |
| 210 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | 210 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, |
| 211 observer_list_, OnUpdatePolicy()); | 211 observer_list_, OnUpdatePolicy()); |
| 212 } | 212 } |
| 213 | 213 |
| 214 void CloudPolicyCache::SetPolicy(const em::CloudPolicyResponse& policy) { | 214 void CloudPolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { |
| 215 DCHECK(CalledOnValidThread()); | 215 DCHECK(CalledOnValidThread()); |
| 216 bool initialization_was_not_complete = !initialization_complete_; | 216 bool initialization_was_not_complete = !initialization_complete_; |
| 217 is_unmanaged_ = false; | 217 is_unmanaged_ = false; |
| 218 base::Time timestamp; | 218 base::Time timestamp; |
| 219 PolicyMap mandatory_policy; | 219 PolicyMap mandatory_policy; |
| 220 PolicyMap recommended_policy; | 220 PolicyMap recommended_policy; |
| 221 bool ok = DecodePolicyResponse(policy, &mandatory_policy, &recommended_policy, | 221 bool ok = DecodePolicyResponse(policy, &mandatory_policy, &recommended_policy, |
| 222 ×tamp); | 222 ×tamp); |
| 223 if (!ok) | 223 if (!ok) |
| 224 return; | 224 return; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 235 if (new_policy_differs || initialization_was_not_complete) { | 235 if (new_policy_differs || initialization_was_not_complete) { |
| 236 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, | 236 FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer, |
| 237 observer_list_, OnUpdatePolicy()); | 237 observer_list_, OnUpdatePolicy()); |
| 238 } | 238 } |
| 239 | 239 |
| 240 if (timestamp > base::Time::NowFromSystemTime() + | 240 if (timestamp > base::Time::NowFromSystemTime() + |
| 241 base::TimeDelta::FromMinutes(1)) { | 241 base::TimeDelta::FromMinutes(1)) { |
| 242 LOG(WARNING) << "Server returned policy with timestamp from the future, " | 242 LOG(WARNING) << "Server returned policy with timestamp from the future, " |
| 243 "not persisting to disk."; | 243 "not persisting to disk."; |
| 244 } else { | 244 } else { |
| 245 em::CloudPolicyResponse* policy_copy = new em::CloudPolicyResponse; | 245 em::PolicyFetchResponse* policy_copy = new em::PolicyFetchResponse; |
| 246 policy_copy->CopyFrom(policy); | 246 policy_copy->CopyFrom(policy); |
| 247 BrowserThread::PostTask( | 247 BrowserThread::PostTask( |
| 248 BrowserThread::FILE, | 248 BrowserThread::FILE, |
| 249 FROM_HERE, | 249 FROM_HERE, |
| 250 new PersistPolicyTask(backing_file_path_, policy_copy, NULL, false)); | 250 new PersistPolicyTask(backing_file_path_, policy_copy, NULL, false)); |
| 251 } | 251 } |
| 252 } | 252 } |
| 253 | 253 |
| 254 void CloudPolicyCache::SetDevicePolicy(const em::DevicePolicyResponse& policy) { | 254 void CloudPolicyCache::SetDevicePolicy(const em::DevicePolicyResponse& policy) { |
| 255 DCHECK(CalledOnValidThread()); | 255 DCHECK(CalledOnValidThread()); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 298 observer_list_, OnUpdatePolicy()); | 298 observer_list_, OnUpdatePolicy()); |
| 299 | 299 |
| 300 BrowserThread::PostTask( | 300 BrowserThread::PostTask( |
| 301 BrowserThread::FILE, | 301 BrowserThread::FILE, |
| 302 FROM_HERE, | 302 FROM_HERE, |
| 303 new PersistPolicyTask(backing_file_path_, NULL, NULL, true)); | 303 new PersistPolicyTask(backing_file_path_, NULL, NULL, true)); |
| 304 } | 304 } |
| 305 | 305 |
| 306 // static | 306 // static |
| 307 bool CloudPolicyCache::DecodePolicyResponse( | 307 bool CloudPolicyCache::DecodePolicyResponse( |
| 308 const em::CloudPolicyResponse& policy_response, | 308 const em::PolicyFetchResponse& policy_response, |
| 309 PolicyMap* mandatory, | 309 PolicyMap* mandatory, |
| 310 PolicyMap* recommended, | 310 PolicyMap* recommended, |
| 311 base::Time* timestamp) { | 311 base::Time* timestamp) { |
| 312 std::string data = policy_response.signed_response(); | 312 std::string data = policy_response.policy_data(); |
| 313 | 313 |
| 314 if (!VerifySignature(policy_response.signature(), data, | 314 if (!VerifySignature(policy_response.policy_data_signature(), data, |
| 315 policy_response.certificate_chain())) { | 315 policy_response.certificate_chain())) { |
| 316 LOG(WARNING) << "Failed to verify signature."; | 316 LOG(WARNING) << "Failed to verify signature."; |
| 317 return false; | 317 return false; |
| 318 } | 318 } |
| 319 | 319 |
| 320 em::SignedCloudPolicyResponse response; | 320 em::PolicyData policy_data; |
| 321 if (!response.ParseFromArray(data.c_str(), data.size())) { | 321 if (!policy_data.ParseFromString(data)) { |
| 322 LOG(WARNING) << "Failed to parse SignedCloudPolicyResponse protobuf."; | 322 LOG(WARNING) << "Failed to parse PolicyData protobuf."; |
| 323 return false; | 323 return false; |
| 324 } | 324 } |
| 325 | 325 |
| 326 // TODO(jkummerow): Verify response.device_token(). Needs final specification | 326 // TODO(jkummerow): Verify policy_data.device_token(). Needs final |
| 327 // which token we're actually sending / expecting to get back. | 327 // specification which token we're actually sending / expecting to get back. |
| 328 | 328 |
| 329 // TODO(jkummerow): Store response.device_name(), if we decide to transfer | 329 // TODO(jkummerow): Store policy_data.device_name(), if we decide to transfer |
| 330 // it from the server to the client. | 330 // it from the server to the client. |
| 331 | 331 |
| 332 DCHECK(timestamp); | 332 *timestamp = base::Time::UnixEpoch() + |
| 333 *timestamp = base::Time::FromTimeT(response.timestamp()); | 333 base::TimeDelta::FromMilliseconds(policy_data.timestamp()); |
| 334 DecodePolicy(response.settings(), mandatory, recommended); | 334 em::CloudPolicySettings policy; |
| 335 if (!policy.ParseFromString(policy_data.policy_value())) { |
| 336 LOG(WARNING) << "Failed to parse CloudPolicySettings protobuf."; |
| 337 return false; |
| 338 } |
| 339 DecodePolicy(policy, mandatory, recommended); |
| 335 return true; | 340 return true; |
| 336 } | 341 } |
| 337 | 342 |
| 338 // static | 343 // static |
| 339 bool CloudPolicyCache::VerifySignature( | 344 bool CloudPolicyCache::VerifySignature( |
| 340 const std::string& signature, | 345 const std::string& signature, |
| 341 const std::string& data, | 346 const std::string& data, |
| 342 const RepeatedPtrField<std::string>& certificate_chain) { | 347 const RepeatedPtrField<std::string>& certificate_chain) { |
| 343 // TODO(jkummerow): Implement this. Non-trivial because we want to do it | 348 // TODO(jkummerow): Implement this. Non-trivial because we want to do it |
| 344 // for all platforms -> it's enough work to deserve its own CL. | 349 // for all platforms -> it's enough work to deserve its own CL. |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 CloudPolicyCache::DecodeValue(named_value->value()); | 459 CloudPolicyCache::DecodeValue(named_value->value()); |
| 455 if (decoded_value) | 460 if (decoded_value) |
| 456 result->Set(named_value->name(), decoded_value); | 461 result->Set(named_value->name(), decoded_value); |
| 457 } | 462 } |
| 458 } | 463 } |
| 459 } | 464 } |
| 460 return result; | 465 return result; |
| 461 } | 466 } |
| 462 | 467 |
| 463 } // namespace policy | 468 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6537020:
Update policy backend and testserver for the newest policy protocol (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src