| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_BUILDER_H_ | |
| 6 #define CHROME_BROWSER_POLICY_CLOUD_POLICY_BUILDER_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/compiler_specific.h" | |
| 12 #include "base/logging.h" | |
| 13 #include "base/memory/scoped_ptr.h" | |
| 14 #include "chrome/browser/policy/proto/cloud/chrome_extension_policy.pb.h" | |
| 15 #include "chrome/browser/policy/proto/cloud/device_management_local.pb.h" | |
| 16 #include "crypto/rsa_private_key.h" | |
| 17 #include "policy/proto/cloud_policy.pb.h" | |
| 18 | |
| 19 namespace policy { | |
| 20 | |
| 21 // A helper class for testing that provides a straightforward interface for | |
| 22 // constructing policy blobs for use in testing. NB: This uses fake data and | |
| 23 // hard-coded signing keys by default, so should not be used in production code. | |
| 24 class PolicyBuilder { | |
| 25 public: | |
| 26 // Constants used as dummy data for filling the PolicyData protobuf. | |
| 27 static const char kFakeDeviceId[]; | |
| 28 static const char kFakeDomain[]; | |
| 29 static const char kFakeMachineName[]; | |
| 30 static const char kFakePolicyType[]; | |
| 31 static const int kFakePublicKeyVersion; | |
| 32 static const int64 kFakeTimestamp; | |
| 33 static const char kFakeToken[]; | |
| 34 static const char kFakeUsername[]; | |
| 35 static const char kFakeServiceAccountIdentity[]; | |
| 36 | |
| 37 // Creates a policy builder. The builder will have all PolicyData fields | |
| 38 // initialized to dummy values and use the test signing keys. | |
| 39 PolicyBuilder(); | |
| 40 virtual ~PolicyBuilder(); | |
| 41 | |
| 42 // Use this member to access the PolicyData protobuf. | |
| 43 enterprise_management::PolicyData& policy_data() { | |
| 44 if (!policy_data_.get()) | |
| 45 policy_data_.reset(new enterprise_management::PolicyData()); | |
| 46 return *policy_data_; | |
| 47 } | |
| 48 void clear_policy_data() { | |
| 49 policy_data_.reset(); | |
| 50 } | |
| 51 | |
| 52 enterprise_management::PolicyFetchResponse& policy() { | |
| 53 return policy_; | |
| 54 } | |
| 55 | |
| 56 scoped_ptr<crypto::RSAPrivateKey> GetSigningKey(); | |
| 57 void SetSigningKey(const crypto::RSAPrivateKey& key); | |
| 58 void SetDefaultSigningKey(); | |
| 59 void UnsetSigningKey(); | |
| 60 | |
| 61 scoped_ptr<crypto::RSAPrivateKey> GetNewSigningKey(); | |
| 62 void SetDefaultNewSigningKey(); | |
| 63 void UnsetNewSigningKey(); | |
| 64 | |
| 65 // Assembles the policy components. The resulting policy protobuf is available | |
| 66 // through policy() after this call. | |
| 67 virtual void Build(); | |
| 68 | |
| 69 // Returns a copy of policy(). | |
| 70 scoped_ptr<enterprise_management::PolicyFetchResponse> GetCopy(); | |
| 71 | |
| 72 // Returns a binary policy blob, i.e. an encoded PolicyFetchResponse. | |
| 73 std::string GetBlob(); | |
| 74 | |
| 75 // These return hard-coded testing keys. Don't use in production! | |
| 76 static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey(); | |
| 77 static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey(); | |
| 78 | |
| 79 private: | |
| 80 // Produces |key|'s signature over |data| and stores it in |signature|. | |
| 81 void SignData(const std::string& data, | |
| 82 crypto::RSAPrivateKey* key, | |
| 83 std::string* signature); | |
| 84 | |
| 85 enterprise_management::PolicyFetchResponse policy_; | |
| 86 scoped_ptr<enterprise_management::PolicyData> policy_data_; | |
| 87 std::string payload_data_; | |
| 88 | |
| 89 // The keys cannot be stored in NSS. Temporary keys are not guaranteed to | |
| 90 // remain in the database. Persistent keys require a persistent database, | |
| 91 // which would coincide with the user's database. However, these keys are used | |
| 92 // for signing the policy and don't have to coincide with the user's known | |
| 93 // keys. Instead, we store the private keys as raw bytes. Where needed, a | |
| 94 // temporary RSAPrivateKey is created. | |
| 95 std::vector<uint8> raw_signing_key_; | |
| 96 std::vector<uint8> raw_new_signing_key_; | |
| 97 | |
| 98 DISALLOW_COPY_AND_ASSIGN(PolicyBuilder); | |
| 99 }; | |
| 100 | |
| 101 // Type-parameterized PolicyBuilder extension that allows for building policy | |
| 102 // blobs carrying protobuf payloads. | |
| 103 template<typename PayloadProto> | |
| 104 class TypedPolicyBuilder : public PolicyBuilder { | |
| 105 public: | |
| 106 TypedPolicyBuilder(); | |
| 107 virtual ~TypedPolicyBuilder() {} | |
| 108 | |
| 109 // Returns a reference to the payload protobuf being built. | |
| 110 PayloadProto& payload() { | |
| 111 if (!payload_.get()) | |
| 112 payload_.reset(new PayloadProto()); | |
| 113 return *payload_; | |
| 114 } | |
| 115 void clear_payload() { | |
| 116 payload_.reset(); | |
| 117 } | |
| 118 | |
| 119 // PolicyBuilder: | |
| 120 virtual void Build() OVERRIDE { | |
| 121 if (payload_.get()) | |
| 122 CHECK(payload_->SerializeToString(policy_data().mutable_policy_value())); | |
| 123 | |
| 124 PolicyBuilder::Build(); | |
| 125 } | |
| 126 | |
| 127 private: | |
| 128 scoped_ptr<PayloadProto> payload_; | |
| 129 | |
| 130 DISALLOW_COPY_AND_ASSIGN(TypedPolicyBuilder); | |
| 131 }; | |
| 132 | |
| 133 typedef TypedPolicyBuilder<enterprise_management::CloudPolicySettings> | |
| 134 UserPolicyBuilder; | |
| 135 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData> | |
| 136 ComponentPolicyBuilder; | |
| 137 | |
| 138 } // namespace policy | |
| 139 | |
| 140 #endif // CHROME_BROWSER_POLICY_CLOUD_POLICY_BUILDER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 109743002:
Move policy code into components/policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src