| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/policy/core/common/cloud/policy_builder.h" | 5 #include "components/policy/core/common/cloud/policy_builder.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
| 10 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 10 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 return scoped_ptr<crypto::RSAPrivateKey>( | 137 return scoped_ptr<crypto::RSAPrivateKey>( |
| 138 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key_)); | 138 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key_)); |
| 139 } | 139 } |
| 140 | 140 |
| 141 void PolicyBuilder::SetDefaultNewSigningKey() { | 141 void PolicyBuilder::SetDefaultNewSigningKey() { |
| 142 std::vector<uint8> key(kNewSigningKey, | 142 std::vector<uint8> key(kNewSigningKey, |
| 143 kNewSigningKey + arraysize(kNewSigningKey)); | 143 kNewSigningKey + arraysize(kNewSigningKey)); |
| 144 raw_new_signing_key_.swap(key); | 144 raw_new_signing_key_.swap(key); |
| 145 } | 145 } |
| 146 | 146 |
| 147 void PolicyBuilder::SetDefaultInitialSigningKey() { |
| 148 std::vector<uint8> key(kSigningKey, |
| 149 kSigningKey + arraysize(kSigningKey)); |
| 150 raw_new_signing_key_.swap(key); |
| 151 UnsetSigningKey(); |
| 152 } |
| 153 |
| 147 void PolicyBuilder::UnsetNewSigningKey() { | 154 void PolicyBuilder::UnsetNewSigningKey() { |
| 148 raw_new_signing_key_.clear(); | 155 raw_new_signing_key_.clear(); |
| 149 } | 156 } |
| 150 | 157 |
| 151 void PolicyBuilder::Build() { | 158 void PolicyBuilder::Build() { |
| 152 if (policy_data_.get()) | 159 if (policy_data_.get()) |
| 153 CHECK(policy_data_->SerializeToString(policy_.mutable_policy_data())); | 160 CHECK(policy_data_->SerializeToString(policy_.mutable_policy_data())); |
| 154 | 161 |
| 155 // Generate signatures if applicable. | 162 // Generate signatures if applicable. |
| 156 scoped_ptr<crypto::RSAPrivateKey> policy_signing_key = GetNewSigningKey(); | 163 scoped_ptr<crypto::RSAPrivateKey> policy_signing_key = GetNewSigningKey(); |
| 157 if (policy_signing_key) { | 164 if (policy_signing_key) { |
| 158 // Add the new public key. | 165 // Add the new public key. |
| 159 std::vector<uint8> raw_new_public_signing_key; | 166 std::vector<uint8> raw_new_public_signing_key; |
| 160 CHECK(policy_signing_key->ExportPublicKey(&raw_new_public_signing_key)); | 167 CHECK(policy_signing_key->ExportPublicKey(&raw_new_public_signing_key)); |
| 161 policy_.set_new_public_key(vector_as_array(&raw_new_public_signing_key), | 168 policy_.set_new_public_key(vector_as_array(&raw_new_public_signing_key), |
| 162 raw_new_public_signing_key.size()); | 169 raw_new_public_signing_key.size()); |
| 163 | 170 |
| 164 // The new public key must be signed by the old key. | 171 // The new public key must be signed by the old key. |
| 165 scoped_ptr<crypto::RSAPrivateKey> old_signing_key = GetSigningKey(); | 172 scoped_ptr<crypto::RSAPrivateKey> old_signing_key = GetSigningKey(); |
| 166 if (old_signing_key) { | 173 if (old_signing_key) { |
| 167 SignData(policy_.new_public_key(), | 174 SignData(policy_.new_public_key(), |
| 168 old_signing_key.get(), | 175 old_signing_key.get(), |
| 169 policy_.mutable_new_public_key_signature()); | 176 policy_.mutable_new_public_key_signature()); |
| 170 } | 177 } |
| 171 } else { | 178 } else { |
| 179 // No new signing key, so clear the old public key (this allows us to |
| 180 // reuse the same PolicyBuilder to build multiple policy blobs). |
| 181 policy_.clear_new_public_key(); |
| 182 policy_.clear_new_public_key_signature(); |
| 172 policy_signing_key = GetSigningKey(); | 183 policy_signing_key = GetSigningKey(); |
| 173 } | 184 } |
| 174 | 185 |
| 175 // PolicyData signature. | 186 // PolicyData signature. |
| 176 if (policy_signing_key) { | 187 if (policy_signing_key) { |
| 177 SignData(policy_.policy_data(), policy_signing_key.get(), | 188 SignData(policy_.policy_data(), policy_signing_key.get(), |
| 178 policy_.mutable_policy_data_signature()); | 189 policy_.mutable_policy_data_signature()); |
| 179 } | 190 } |
| 180 } | 191 } |
| 181 | 192 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 198 } | 209 } |
| 199 | 210 |
| 200 // static | 211 // static |
| 201 scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::CreateTestOtherSigningKey() { | 212 scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::CreateTestOtherSigningKey() { |
| 202 std::vector<uint8> raw_new_signing_key( | 213 std::vector<uint8> raw_new_signing_key( |
| 203 kNewSigningKey, kNewSigningKey + arraysize(kNewSigningKey)); | 214 kNewSigningKey, kNewSigningKey + arraysize(kNewSigningKey)); |
| 204 return scoped_ptr<crypto::RSAPrivateKey>( | 215 return scoped_ptr<crypto::RSAPrivateKey>( |
| 205 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key)); | 216 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key)); |
| 206 } | 217 } |
| 207 | 218 |
| 219 // static |
| 220 std::string PolicyBuilder::GetTestSigningKeySignature() { |
| 221 // TODO(atwilson): Return a real verification signature when one is available. |
| 222 return std::string(); |
| 223 } |
| 224 |
| 225 // static |
| 226 std::string PolicyBuilder::GetTestOtherSigningKeySignature() { |
| 227 // TODO(atwilson): Return a real verification signature when one is available. |
| 228 return std::string(); |
| 229 } |
| 230 |
| 208 void PolicyBuilder::SignData(const std::string& data, | 231 void PolicyBuilder::SignData(const std::string& data, |
| 209 crypto::RSAPrivateKey* key, | 232 crypto::RSAPrivateKey* key, |
| 210 std::string* signature) { | 233 std::string* signature) { |
| 211 scoped_ptr<crypto::SignatureCreator> signature_creator( | 234 scoped_ptr<crypto::SignatureCreator> signature_creator( |
| 212 crypto::SignatureCreator::Create(key)); | 235 crypto::SignatureCreator::Create(key)); |
| 213 signature_creator->Update(reinterpret_cast<const uint8*>(data.c_str()), | 236 signature_creator->Update(reinterpret_cast<const uint8*>(data.c_str()), |
| 214 data.size()); | 237 data.size()); |
| 215 std::vector<uint8> signature_bytes; | 238 std::vector<uint8> signature_bytes; |
| 216 CHECK(signature_creator->Final(&signature_bytes)); | 239 CHECK(signature_creator->Final(&signature_bytes)); |
| 217 signature->assign( | 240 signature->assign( |
| (...skipping 14 matching lines...) Expand all Loading... |
| 232 template<> | 255 template<> |
| 233 TypedPolicyBuilder<em::ExternalPolicyData>::TypedPolicyBuilder() | 256 TypedPolicyBuilder<em::ExternalPolicyData>::TypedPolicyBuilder() |
| 234 : payload_(new em::ExternalPolicyData()) { | 257 : payload_(new em::ExternalPolicyData()) { |
| 235 policy_data().set_policy_type(dm_protocol::kChromeExtensionPolicyType); | 258 policy_data().set_policy_type(dm_protocol::kChromeExtensionPolicyType); |
| 236 } | 259 } |
| 237 | 260 |
| 238 template class TypedPolicyBuilder<em::ExternalPolicyData>; | 261 template class TypedPolicyBuilder<em::ExternalPolicyData>; |
| 239 #endif | 262 #endif |
| 240 | 263 |
| 241 } // namespace policy | 264 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 116273002:
Added support for signed policy blobs on desktop. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src