Chromium Code Reviews Chromium Code Reviews
Issue 116273002:
Added support for signed policy blobs on desktop. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/sequenced_task_runner.h" | 8 #include "base/sequenced_task_runner.h" |
| 9 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h" | 9 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h" |
| 10 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 10 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 39 device_settings_service_->GetOwnerKey()); | 39 device_settings_service_->GetOwnerKey()); |
| 40 if (!install_attributes_->IsEnterpriseDevice() || | 40 if (!install_attributes_->IsEnterpriseDevice() || |
| 41 !device_settings_service_->policy_data() || !owner_key.get() || | 41 !device_settings_service_->policy_data() || !owner_key.get() || |
| 42 !owner_key->public_key()) { | 42 !owner_key->public_key()) { |
| 43 status_ = STATUS_BAD_STATE; | 43 status_ = STATUS_BAD_STATE; |
| 44 NotifyStoreError(); | 44 NotifyStoreError(); |
| 45 return; | 45 return; |
| 46 } | 46 } |
| 47 | 47 |
| 48 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); | 48 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); |
| 49 validator->ValidateSignature(*owner_key->public_key(), true); | 49 |
| 50 validator->ValidateSignature(owner_key->public_key_as_string(), | |
| 51 GetPolicyVerificationKey(), | |
|
Mattias Nissler (ping if slow)
2014/01/27 13:52:13
So we actually do verification for Chrome OS? Didn
Andrew T Wilson (Slow)
2014/01/30 17:10:31
The plumbing is in place, but GetPolicyVerificatio
| |
| 52 std::string(), | |
| 53 true); | |
| 50 validator->ValidateAgainstCurrentPolicy( | 54 validator->ValidateAgainstCurrentPolicy( |
| 51 device_settings_service_->policy_data(), | 55 device_settings_service_->policy_data(), |
| 52 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, | 56 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, |
| 53 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 57 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 54 validator.release()->StartValidation( | 58 validator.release()->StartValidation( |
| 55 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, | 59 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, |
| 56 weak_factory_.GetWeakPtr())); | 60 weak_factory_.GetWeakPtr())); |
| 57 } | 61 } |
| 58 | 62 |
| 59 void DeviceCloudPolicyStoreChromeOS::Load() { | 63 void DeviceCloudPolicyStoreChromeOS::Load() { |
| 60 device_settings_service_->Load(); | 64 device_settings_service_->Load(); |
| 61 } | 65 } |
| 62 | 66 |
| 63 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( | 67 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( |
| 64 const em::PolicyFetchResponse& policy) { | 68 const em::PolicyFetchResponse& policy) { |
| 65 // Cancel all pending requests. | 69 // Cancel all pending requests. |
| 66 weak_factory_.InvalidateWeakPtrs(); | 70 weak_factory_.InvalidateWeakPtrs(); |
| 67 | 71 |
| 68 if (!install_attributes_->IsEnterpriseDevice() && | 72 if (!install_attributes_->IsEnterpriseDevice() && |
| 69 device_settings_service_->status() != | 73 device_settings_service_->status() != |
| 70 chromeos::DeviceSettingsService::STORE_NO_POLICY) { | 74 chromeos::DeviceSettingsService::STORE_NO_POLICY) { |
| 71 status_ = STATUS_BAD_STATE; | 75 status_ = STATUS_BAD_STATE; |
| 72 NotifyStoreError(); | 76 NotifyStoreError(); |
| 73 return; | 77 return; |
| 74 } | 78 } |
| 75 | 79 |
| 76 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); | 80 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); |
| 77 validator->ValidateInitialKey(); | 81 validator->ValidateInitialKey(GetPolicyVerificationKey()); |
| 78 validator.release()->StartValidation( | 82 validator.release()->StartValidation( |
| 79 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, | 83 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, |
| 80 weak_factory_.GetWeakPtr())); | 84 weak_factory_.GetWeakPtr())); |
| 81 } | 85 } |
| 82 | 86 |
| 83 void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() { | 87 void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() { |
| 84 // Nothing to do. | 88 // Nothing to do. |
| 85 } | 89 } |
| 86 | 90 |
| 87 void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() { | 91 void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() { |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 158 case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: | 162 case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: |
| 159 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: | 163 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: |
| 160 status_ = STATUS_LOAD_ERROR; | 164 status_ = STATUS_LOAD_ERROR; |
| 161 break; | 165 break; |
| 162 } | 166 } |
| 163 | 167 |
| 164 NotifyStoreError(); | 168 NotifyStoreError(); |
| 165 } | 169 } |
| 166 | 170 |
| 167 } // namespace policy | 171 } // namespace policy |
| OLD | NEW |
