| Index: chrome/browser/policy/proto/device_management_backend.proto
|
| diff --git a/chrome/browser/policy/proto/device_management_backend.proto b/chrome/browser/policy/proto/device_management_backend.proto
|
| index a192a254940156e35a73ff28b9592d2d2adf5c85..cf6b76b0dc1ced73f582bee30610feebb15f90f8 100644
|
| --- a/chrome/browser/policy/proto/device_management_backend.proto
|
| +++ b/chrome/browser/policy/proto/device_management_backend.proto
|
| @@ -143,7 +143,7 @@ message PolicyFetchRequest {
|
| // The policy type names are case insensitive.
|
| //
|
| // Possible values for Chrome OS are:
|
| - // google/chromeos/device => ChromeSettingsProto
|
| + // google/chromeos/device => ChromeDeviceSettingsProto
|
| // google/chromeos/user => ChromeSettingsProto
|
| // google/chromeos/unregistered_user => ChromeInitialSettingsProto
|
| optional string policy_type = 1;
|
| @@ -154,9 +154,16 @@ message PolicyFetchRequest {
|
| // Tell server what kind of security signature is required.
|
| enum SignatureType {
|
| NONE = 0;
|
| - X509 = 1;
|
| + SHA1_RSA = 1;
|
| }
|
| optional SignatureType signature_type = 3 [default = NONE];
|
| +
|
| + // The version number of the public key that is currently stored
|
| + // on the client. This should be the last number the server had
|
| + // supplied as new_public_key_version in PolicyData.
|
| + // This field is unspecified if the client does not yet have a
|
| + // public key.
|
| + optional int32 public_key_version = 4;
|
| }
|
|
|
| // This message is included in serialized form in PolicyFetchResponse
|
| @@ -192,6 +199,11 @@ message PolicyData {
|
| // |machine_name| in DeviceRegisterResponse but it might have
|
| // changed since then.
|
| optional string machine_name = 5;
|
| +
|
| + // Version number of the server's current public key. (The key that
|
| + // was used to sign this response. Numbering should start at 1 and be
|
| + // increased by 1 at each key rotation.)
|
| + optional int32 public_key_version = 6;
|
| }
|
|
|
| message PolicyFetchResponse {
|
| @@ -204,20 +216,20 @@ message PolicyFetchResponse {
|
| // Human readable error message for customer support purpose.
|
| optional string error_message = 2;
|
|
|
| - // This is a serialized bytes of PolicyData protobuf above.
|
| + // This is a serialized |PolicyData| protobuf (defined above).
|
| optional bytes policy_data = 3;
|
|
|
| // Signature of the policy data above.
|
| optional bytes policy_data_signature = 4;
|
|
|
| - // The chain of DER-encoded X.509 certificates of the server's
|
| - // signing key. The first element should be the certificate whose
|
| - // private key was used for signing the response, and each of the
|
| - // following certificates signs the previous one.
|
| - //
|
| - // If this field does not exist, it means the policy_data is not
|
| - // signed.
|
| - repeated bytes certificate_chain = 5;
|
| + // If the public key has been rotated on the server, the new public
|
| + // key is sent here. It is already used for |policy_data_signature|
|
| + // above, whereas |new_public_key_signature| is created using the
|
| + // old key (so the client can trust the new key). If this is the
|
| + // first time when the client requests policies (so it doesn't have
|
| + // on old public key), then |new_public_key_signature| is empty.
|
| + optional bytes new_public_key = 5;
|
| + optional bytes new_public_key_signature = 6;
|
| }
|
|
|
| // Request from device to server for reading policies.
|
|
|
Chromium Code Reviews
Issue 6727027:
Update protobuf definitions for ChromeOS device policy support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src