Update protobuf definitions for ChromeOS device policy support

chrome/browser/policy/proto/device_management_backend.proto

Index: chrome/browser/policy/proto/device_management_backend.proto
diff --git a/chrome/browser/policy/proto/device_management_backend.proto b/chrome/browser/policy/proto/device_management_backend.proto
index a192a254940156e35a73ff28b9592d2d2adf5c85..5eee12e0cd95773c31c692e4683a86a5f5838b9a 100644
--- a/chrome/browser/policy/proto/device_management_backend.proto
+++ b/chrome/browser/policy/proto/device_management_backend.proto
@@ -143,7 +143,7 @@ message PolicyFetchRequest {
   // The policy type names are case insensitive.
   //
   // Possible values for Chrome OS are:
-  //   google/chromeos/device => ChromeSettingsProto
+  //   google/chromeos/device => ChromeDeviceSettingsProto
   //   google/chromeos/user => ChromeSettingsProto
   //   google/chromeos/unregistered_user => ChromeInitialSettingsProto
   optional string policy_type = 1;
@@ -154,9 +154,16 @@ message PolicyFetchRequest {
   // Tell server what kind of security signature is required.
   enum SignatureType {
     NONE = 0;
-    X509 = 1;
+    SHA1_RSA = 1;
   }
   optional SignatureType signature_type = 3 [default = NONE];
+  
+  // The version number of the public key that is currently stored
+  // on the client. This should be the last number the server had
+  // supplied as new_public_key_version in PolicyData.
+  // This field is unspecified if the client does not yet have a
+  // public key.
+  optional int32 public_key_version = 4;
 }
 
 // This message is included in serialized form in PolicyFetchResponse
@@ -192,6 +199,11 @@ message PolicyData {
   // |machine_name| in DeviceRegisterResponse but it might have
   // changed since then.
   optional string machine_name = 5;
+  
+  // Version number of the server's current public key. (The key that
+  // was used to sign this response. Numbering should start at 1 and be
+  // increased by 1 at each key rotation.)
+  optional int32 public_key_version = 6;
 }
 
 message PolicyFetchResponse {
@@ -204,20 +216,18 @@ message PolicyFetchResponse {
   // Human readable error message for customer support purpose.
   optional string error_message = 2;
 
-  // This is a serialized bytes of PolicyData protobuf above.
+  // This is a serialized "PolicyData" protobuf (defined above).

[gfeher, 2011/03/24 12:16:56]

|PolicyData|

[Jakob Kummerow, 2011/03/24 16:09:52]

Done.

   optional bytes policy_data = 3;
 
   // Signature of the policy data above.
   optional bytes policy_data_signature = 4;
 
-  // The chain of DER-encoded X.509 certificates of the server's
-  // signing key.  The first element should be the certificate whose
-  // private key was used for signing the response, and each of the
-  // following certificates signs the previous one.
-  //
-  // If this field does not exist, it means the policy_data is not
-  // signed.
-  repeated bytes certificate_chain = 5;
+  // If the public key has been rotated on the server, the new public
+  // key is sent here. It is already used for |policy_data_signature|
+  // above, whereas |new_public_key_signature| is created using the
+  // old key (so the client can trust the new key).

[gfeher, 2011/03/24 12:16:56]

Please sync comment to the internal dm_api.proto.

[Jakob Kummerow, 2011/03/24 16:09:52]

Done.

+  optional bytes new_public_key = 5;
+  optional bytes new_public_key_signature = 6;
 }
 
 // Request from device to server for reading policies.