Update policy backend and testserver for the newest policy protocol

chrome/browser/policy/cloud_policy_cache.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/cloud_policy_cache.h"
 
 #include <limits>
 
 #include "base/file_util.h"
 #include "base/logging.h"
@@ skipping 63 matching lines @@
   CloudPolicyCache* cache_;
   // Policy level this provider will handle.
   CloudPolicyCache::PolicyLevel level_;
 
   DISALLOW_COPY_AND_ASSIGN(CloudPolicyProvider);
 };
 
 // Saves policy information to a file.
 class PersistPolicyTask : public Task {
  public:
-  PersistPolicyTask(const FilePath& path,
-                    const em::CloudPolicyResponse* cloud_policy_response,
-                    const em::DevicePolicyResponse* device_policy_response,
-                    const bool is_unmanaged)
-      : path_(path),
-        cloud_policy_response_(cloud_policy_response),
-        device_policy_response_(device_policy_response),
-        is_unmanaged_(is_unmanaged) {}
+  PersistPolicyTask(

[Mattias Nissler (ping if slow), 2011/02/21 14:55:27]

Any reason for the changed indentation?

[gfeher, 2011/02/22 15:57:29]

There must have been, but now I am not seeing it.

+      const FilePath& path,
+      const em::PolicyFetchResponse* cloud_policy_response,
+      const em::DevicePolicyResponse* device_policy_response,
+      const bool is_unmanaged)
+          : path_(path),

[Mattias Nissler (ping if slow), 2011/02/21 14:55:27]

AFAIK, you don't need to increase indentation here.

[Jakob Kummerow, 2011/02/21 16:15:00]

nit: indentation (":" should be 4 spaces deeper than "PersistPolicyTask(")

[gfeher, 2011/02/22 15:57:29]

Done.

+            cloud_policy_response_(cloud_policy_response),
+            device_policy_response_(device_policy_response),
+            is_unmanaged_(is_unmanaged) {}
 
  private:
   // Task override.
   virtual void Run();
 
   const FilePath path_;
-  scoped_ptr<const em::CloudPolicyResponse> cloud_policy_response_;
+  scoped_ptr<const em::PolicyFetchResponse> cloud_policy_response_;
   scoped_ptr<const em::DevicePolicyResponse> device_policy_response_;
   const bool is_unmanaged_;
 };
 
 void PersistPolicyTask::Run() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
   std::string data;
   em::CachedCloudPolicyResponse cached_policy;
   if (cloud_policy_response_.get()) {
     cached_policy.mutable_cloud_policy()->CopyFrom(*cloud_policy_response_);
@@ skipping 95 matching lines @@
     device_policy_.reset(value.release());
     has_device_policy_ = true;
   }
   last_policy_refresh_time_ = timestamp;
   initialization_complete_ = true;
 
   FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer,
                     observer_list_, OnUpdatePolicy());
 }
 
-bool CloudPolicyCache::SetPolicy(const em::CloudPolicyResponse& policy) {
+bool CloudPolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) {
   DCHECK(CalledOnValidThread());
   is_unmanaged_ = false;
   base::Time timestamp;
   PolicyMap mandatory_policy;
   PolicyMap recommended_policy;
   bool ok = DecodePolicyResponse(policy, &mandatory_policy, &recommended_policy,
                                  &timestamp);
   if (!ok) {
     // TODO(jkummerow): Signal error to CloudPolicyController.
     return false;
   }
   const bool new_policy_differs =
       !mandatory_policy_.Equals(mandatory_policy) ||
       !recommended_policy_.Equals(recommended_policy);
   mandatory_policy_.Swap(&mandatory_policy);
   recommended_policy_.Swap(&recommended_policy);
   initialization_complete_ = true;
   last_policy_refresh_time_ = timestamp;
   has_device_policy_ = false;
 
   FOR_EACH_OBSERVER(ConfigurationPolicyProvider::Observer,
                     observer_list_, OnUpdatePolicy());
 
   if (timestamp > base::Time::NowFromSystemTime() +
                   base::TimeDelta::FromMinutes(1)) {
     LOG(WARNING) << "Server returned policy with timestamp from the future, "
                     "not persisting to disk.";
   } else {
-    em::CloudPolicyResponse* policy_copy = new em::CloudPolicyResponse;
+    em::PolicyFetchResponse* policy_copy = new em::PolicyFetchResponse;
     policy_copy->CopyFrom(policy);
     BrowserThread::PostTask(
         BrowserThread::FILE,
         FROM_HERE,
         new PersistPolicyTask(backing_file_path_, policy_copy, NULL, false));
   }
   return new_policy_differs;
 }
 
 bool CloudPolicyCache::SetDevicePolicy(const em::DevicePolicyResponse& policy) {
@@ skipping 41 matching lines @@
                     observer_list_, OnUpdatePolicy());
 
   BrowserThread::PostTask(
       BrowserThread::FILE,
       FROM_HERE,
       new PersistPolicyTask(backing_file_path_, NULL, NULL, true));
 }
 
 // static
 bool CloudPolicyCache::DecodePolicyResponse(
-    const em::CloudPolicyResponse& policy_response,
+    const em::PolicyFetchResponse& policy_response,
     PolicyMap* mandatory,
     PolicyMap* recommended,
     base::Time* timestamp) {
-  std::string data = policy_response.signed_response();
+  std::string data = policy_response.policy_data();
 
-  if (!VerifySignature(policy_response.signature(), data,
+  if (!VerifySignature(policy_response.policy_data_signature(), data,
                        policy_response.certificate_chain())) {
     LOG(WARNING) << "Failed to verify signature.";
     return false;
   }
 
-  em::SignedCloudPolicyResponse response;
-  if (!response.ParseFromArray(data.c_str(), data.size())) {
-    LOG(WARNING) << "Failed to parse SignedCloudPolicyResponse protobuf.";
+  em::PolicyData policy_data;
+  if (!policy_data.ParseFromString(data)) {
+    LOG(WARNING) << "Failed to parse PolicyData protobuf.";
     return false;
   }
 
-  // TODO(jkummerow): Verify response.device_token(). Needs final specification
-  // which token we're actually sending / expecting to get back.
+  // TODO(jkummerow): Verify policy_data.device_token(). Needs final
+  // specification which token we're actually sending / expecting to get back.
 
-  // TODO(jkummerow): Store response.device_name(), if we decide to transfer
+  // TODO(jkummerow): Store policy_data.device_name(), if we decide to transfer
   // it from the server to the client.
 
   DCHECK(timestamp);
-  *timestamp = base::Time::FromTimeT(response.timestamp());
-  DecodePolicy(response.settings(), mandatory, recommended);
+  *timestamp = base::Time::FromTimeT(
+      policy_data.timestamp() / kPolicyResponseTimestampResolution);

[Mattias Nissler (ping if slow), 2011/02/21 14:55:27]

I'd recommend base::Time::UnixEpoch() + base::TimeDelta::FromXXX()

[Jakob Kummerow, 2011/02/21 16:15:00]

What? We're not doing any additions here. But we need to convert "milliseconds
since 1970" to "seconds since 1970".

[gfeher, 2011/02/22 15:57:29]

Yep. This is converting seconds to milliseconds.

My note in my first message was about this issue: if it's okay to do so and send
back always milliseconds divisible by 1000 to dmserver or not. I should probably
ask them.

[Mattias Nissler (ping if slow), 2011/02/22 16:20:50]

What I proposed is just a way of converting from your milliseconds value to a
base::Time value that doesn't require magic constants and knowledge about the
exact definition of time_t. What it does is getting the epoch value (which is 1
Jan 1970 by definition) and adding a TimeDelta, which we initialize using
FromMilliseconds. I find that pretty intuitive.

+  em::CloudPolicySettings policy;
+  if (!policy.ParseFromString(policy_data.policy_value())) {
+    LOG(WARNING) << "Failed to parse CloudPolicySettingsj protobuf.";
+    return false;
+  }
+  DecodePolicy(policy, mandatory, recommended);
   return true;
 }
 
 // static
 bool CloudPolicyCache::VerifySignature(
     const std::string& signature,
     const std::string& data,
     const RepeatedPtrField<std::string>& certificate_chain) {
   // TODO(jkummerow): Implement this. Non-trivial because we want to do it
   // for all platforms -> it's enough work to deserve its own CL.
@@ skipping 109 matching lines @@
             CloudPolicyCache::DecodeValue(named_value->value());
         if (decoded_value)
           result->Set(named_value->name(), decoded_value);
       }
     }
   }
   return result;
 }
 
 }  // namespace policy