OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 syntax = "proto2"; | 5 syntax = "proto2"; |
6 | 6 |
7 option optimize_for = LITE_RUNTIME; | 7 option optimize_for = LITE_RUNTIME; |
8 | 8 |
9 package enterprise_management; | 9 package enterprise_management; |
10 | 10 |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
136 // watermark last read from server if available. | 136 // watermark last read from server if available. |
137 optional string watermark = 2; | 137 optional string watermark = 2; |
138 } | 138 } |
139 | 139 |
140 message PolicyFetchRequest { | 140 message PolicyFetchRequest { |
141 // This is the policy type, which maps to D3 policy type internally. | 141 // This is the policy type, which maps to D3 policy type internally. |
142 // By convention, we use "/" as separator to create policy namespace. | 142 // By convention, we use "/" as separator to create policy namespace. |
143 // The policy type names are case insensitive. | 143 // The policy type names are case insensitive. |
144 // | 144 // |
145 // Possible values for Chrome OS are: | 145 // Possible values for Chrome OS are: |
146 // google/chromeos/device => ChromeSettingsProto | 146 // google/chromeos/device => ChromeDeviceSettingsProto |
147 // google/chromeos/user => ChromeSettingsProto | 147 // google/chromeos/user => ChromeSettingsProto |
148 // google/chromeos/unregistered_user => ChromeInitialSettingsProto | 148 // google/chromeos/unregistered_user => ChromeInitialSettingsProto |
149 optional string policy_type = 1; | 149 optional string policy_type = 1; |
150 | 150 |
151 // This is the last policy timestamp that client received from server. | 151 // This is the last policy timestamp that client received from server. |
152 optional int64 timestamp = 2; | 152 optional int64 timestamp = 2; |
153 | 153 |
154 // Tell server what kind of security signature is required. | 154 // Tell server what kind of security signature is required. |
155 enum SignatureType { | 155 enum SignatureType { |
156 NONE = 0; | 156 NONE = 0; |
157 X509 = 1; | 157 SHA1_RSA = 1; |
158 } | 158 } |
159 optional SignatureType signature_type = 3 [default = NONE]; | 159 optional SignatureType signature_type = 3 [default = NONE]; |
| 160 |
| 161 // The version number of the public key that is currently stored |
| 162 // on the client. This should be the last number the server had |
| 163 // supplied as new_public_key_version in PolicyData. |
| 164 // This field is unspecified if the client does not yet have a |
| 165 // public key. |
| 166 optional int32 public_key_version = 4; |
160 } | 167 } |
161 | 168 |
162 // This message is included in serialized form in PolicyFetchResponse | 169 // This message is included in serialized form in PolicyFetchResponse |
163 // below. It may also be signed, with the signature being created for | 170 // below. It may also be signed, with the signature being created for |
164 // the serialized form. | 171 // the serialized form. |
165 message PolicyData { | 172 message PolicyData { |
166 // See PolicyFetchRequest.policy_type. | 173 // See PolicyFetchRequest.policy_type. |
167 optional string policy_type = 1; | 174 optional string policy_type = 1; |
168 | 175 |
169 // [timestamp] is milli seconds since Epoch in UTC timezone. It is | 176 // [timestamp] is milli seconds since Epoch in UTC timezone. It is |
(...skipping 15 matching lines...) Expand all Loading... |
185 optional bytes policy_value = 4; | 192 optional bytes policy_value = 4; |
186 | 193 |
187 // The device display name assigned by the server. It is only | 194 // The device display name assigned by the server. It is only |
188 // filled if the display name is available. | 195 // filled if the display name is available. |
189 // | 196 // |
190 // The display name of the machine as generated by the server or set | 197 // The display name of the machine as generated by the server or set |
191 // by the Administrator in the CPanel GUI. This is the same thing as | 198 // by the Administrator in the CPanel GUI. This is the same thing as |
192 // |machine_name| in DeviceRegisterResponse but it might have | 199 // |machine_name| in DeviceRegisterResponse but it might have |
193 // changed since then. | 200 // changed since then. |
194 optional string machine_name = 5; | 201 optional string machine_name = 5; |
| 202 |
| 203 // Version number of the server's current public key. (The key that |
| 204 // was used to sign this response. Numbering should start at 1 and be |
| 205 // increased by 1 at each key rotation.) |
| 206 optional int32 public_key_version = 6; |
195 } | 207 } |
196 | 208 |
197 message PolicyFetchResponse { | 209 message PolicyFetchResponse { |
198 // Since a single policy request may ask for multiple policies, we | 210 // Since a single policy request may ask for multiple policies, we |
199 // provide separate error code for each individual policy fetch. | 211 // provide separate error code for each individual policy fetch. |
200 | 212 |
201 // We will use standard HTTP Status Code as error code. | 213 // We will use standard HTTP Status Code as error code. |
202 optional int32 error_code = 1; | 214 optional int32 error_code = 1; |
203 | 215 |
204 // Human readable error message for customer support purpose. | 216 // Human readable error message for customer support purpose. |
205 optional string error_message = 2; | 217 optional string error_message = 2; |
206 | 218 |
207 // This is a serialized bytes of PolicyData protobuf above. | 219 // This is a serialized |PolicyData| protobuf (defined above). |
208 optional bytes policy_data = 3; | 220 optional bytes policy_data = 3; |
209 | 221 |
210 // Signature of the policy data above. | 222 // Signature of the policy data above. |
211 optional bytes policy_data_signature = 4; | 223 optional bytes policy_data_signature = 4; |
212 | 224 |
213 // The chain of DER-encoded X.509 certificates of the server's | 225 // If the public key has been rotated on the server, the new public |
214 // signing key. The first element should be the certificate whose | 226 // key is sent here. It is already used for |policy_data_signature| |
215 // private key was used for signing the response, and each of the | 227 // above, whereas |new_public_key_signature| is created using the |
216 // following certificates signs the previous one. | 228 // old key (so the client can trust the new key). If this is the |
217 // | 229 // first time when the client requests policies (so it doesn't have |
218 // If this field does not exist, it means the policy_data is not | 230 // on old public key), then |new_public_key_signature| is empty. |
219 // signed. | 231 optional bytes new_public_key = 5; |
220 repeated bytes certificate_chain = 5; | 232 optional bytes new_public_key_signature = 6; |
221 } | 233 } |
222 | 234 |
223 // Request from device to server for reading policies. | 235 // Request from device to server for reading policies. |
224 message DevicePolicyRequest { | 236 message DevicePolicyRequest { |
225 // identify request scope: CrOS settings or other type of settings. | 237 // identify request scope: CrOS settings or other type of settings. |
226 // TODO(gfeher): remove this after Chrome OS TT is over. | 238 // TODO(gfeher): remove this after Chrome OS TT is over. |
227 optional string policy_scope = 1; | 239 optional string policy_scope = 1; |
228 // identify key to the settings: proxy etc. | 240 // identify key to the settings: proxy etc. |
229 // TODO(gfeher): remove this after Chrome OS TT is over. | 241 // TODO(gfeher): remove this after Chrome OS TT is over. |
230 repeated DevicePolicySettingRequest setting_request = 2; | 242 repeated DevicePolicySettingRequest setting_request = 2; |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
303 | 315 |
304 // Register response | 316 // Register response |
305 optional DeviceRegisterResponse register_response = 3; | 317 optional DeviceRegisterResponse register_response = 3; |
306 | 318 |
307 // Unregister response | 319 // Unregister response |
308 optional DeviceUnregisterResponse unregister_response = 4; | 320 optional DeviceUnregisterResponse unregister_response = 4; |
309 | 321 |
310 // Policy response. | 322 // Policy response. |
311 optional DevicePolicyResponse policy_response = 5; | 323 optional DevicePolicyResponse policy_response = 5; |
312 } | 324 } |
OLD | NEW |