Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(541)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/core/common/cloud/user_cloud_policy_store.h

Issue 116273002: Added support for signed policy blobs on desktop. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix for ios. Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« components/policy/core/common/cloud/cloud_policy_validator.cc ('K') | « components/policy/core/common/cloud/user_cloud_policy_manager.cc ('k') | components/policy/core/common/cloud/user_cloud_policy_store.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h" 11 #include "base/compiler_specific.h"
12 #include "base/files/file_path.h" 12 #include "base/files/file_path.h"
13 #include "base/memory/weak_ptr.h" 13 #include "base/memory/weak_ptr.h"
14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" 14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
15 #include "components/policy/policy_export.h" 15 #include "components/policy/policy_export.h"
16 #include "policy/proto/policy_signing_key.pb.h"
16 17
17 namespace base { 18 namespace base {
18 class SequencedTaskRunner; 19 class SequencedTaskRunner;
19 } 20 }
20 21
21 namespace policy { 22 namespace policy {
22 23
23 // Implements a cloud policy store that is stored in a simple file in the user's 24 // Implements a cloud policy store that is stored in a simple file in the user's
24 // profile directory. This is used on (non-chromeos) platforms that do not have 25 // profile directory. This is used on (non-chromeos) platforms that do not have
25 // a secure storage implementation. 26 // a secure storage implementation.
26 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase { 27 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
27 public: 28 public:
28 // Creates a policy store associated with a signed-in (or in the progress of 29 // Creates a policy store associated with a signed-in (or in the progress of
29 // it) user. 30 // it) user.
30 UserCloudPolicyStore( 31 UserCloudPolicyStore(
31 const base::FilePath& policy_file, 32 const base::FilePath& policy_file,
33 const base::FilePath& key_file,
34 const std::string& verification_key,
32 scoped_refptr<base::SequencedTaskRunner> background_task_runner); 35 scoped_refptr<base::SequencedTaskRunner> background_task_runner);
33 virtual ~UserCloudPolicyStore(); 36 virtual ~UserCloudPolicyStore();
34 37
35 // Factory method for creating a UserCloudPolicyStore for a profile with path 38 // Factory method for creating a UserCloudPolicyStore for a profile with path
36 // |profile_path|. 39 // |profile_path|.
37 static scoped_ptr<UserCloudPolicyStore> Create( 40 static scoped_ptr<UserCloudPolicyStore> Create(
38 const base::FilePath& profile_path, 41 const base::FilePath& profile_path,
42 const std::string& verification_key,
39 scoped_refptr<base::SequencedTaskRunner> background_task_runner); 43 scoped_refptr<base::SequencedTaskRunner> background_task_runner);
40 44
41 // Sets the username from signin for validation of the policy. 45 // Sets the username from signin for validation of the policy.
42 void SetSigninUsername(const std::string& username); 46 void SetSigninUsername(const std::string& username);
43 47
44 // Loads policy immediately on the current thread. Virtual for mocks. 48 // Loads policy immediately on the current thread. Virtual for mocks.
45 virtual void LoadImmediately(); 49 virtual void LoadImmediately();
46 50
47 // Deletes any existing policy blob and notifies observers via OnStoreLoaded() 51 // Deletes any existing policy blob and notifies observers via OnStoreLoaded()
48 // that the blob has changed. Virtual for mocks. 52 // that the blob has changed. Virtual for mocks.
49 virtual void Clear(); 53 virtual void Clear();
50 54
51 // CloudPolicyStore implementation. 55 // CloudPolicyStore implementation.
52 virtual void Load() OVERRIDE; 56 virtual void Load() OVERRIDE;
53 virtual void Store( 57 virtual void Store(
54 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; 58 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
55 59
60 // The key used to sign the current policy (empty if there either is no
61 // loaded policy yet, or if the policy is unsigned).
62 const std::string& policy_key() { return policy_key_; }
63
56 protected: 64 protected:
57 std::string signin_username_; 65 std::string signin_username_;
58 66
59 private: 67 private:
60 // Callback invoked when a new policy has been loaded from disk. If 68 // Callback invoked when a new policy has been loaded from disk. If
61 // |validate_in_background| is true, then policy is validated via a background 69 // |validate_in_background| is true, then policy is validated via a background
62 // thread. 70 // thread.
63 void PolicyLoaded(bool validate_in_background, 71 void PolicyLoaded(bool validate_in_background,
64 struct PolicyLoadResult policy_load_result); 72 struct PolicyLoadResult policy_load_result);
65 73
66 // Starts policy blob validation. |callback| is invoked once validation is 74 // Starts policy blob validation. |callback| is invoked once validation is
67 // complete. If |validate_in_background| is true, then the validation work 75 // complete. If |validate_in_background| is true, then the validation work
68 // occurs on a background thread (results are sent back to the calling 76 // occurs on a background thread (results are sent back to the calling
69 // thread). 77 // thread).
70 void Validate( 78 void Validate(
71 scoped_ptr<enterprise_management::PolicyFetchResponse> policy, 79 scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
80 scoped_ptr<enterprise_management::PolicySigningKey> key,
72 bool validate_in_background, 81 bool validate_in_background,
73 const UserCloudPolicyValidator::CompletionCallback& callback); 82 const UserCloudPolicyValidator::CompletionCallback& callback);
74 83
75 // Callback invoked to install a just-loaded policy after validation has 84 // Callback invoked to install a just-loaded policy after validation has
76 // finished. 85 // finished.
77 void InstallLoadedPolicyAfterValidation(UserCloudPolicyValidator* validator); 86 void InstallLoadedPolicyAfterValidation(const std::string& signing_key,
87 UserCloudPolicyValidator* validator);
78 88
79 // Callback invoked to store the policy after validation has finished. 89 // Callback invoked to store the policy after validation has finished.
80 void StorePolicyAfterValidation(UserCloudPolicyValidator* validator); 90 void StorePolicyAfterValidation(UserCloudPolicyValidator* validator);
81 91
82 // WeakPtrFactory used to create callbacks for validating and storing policy. 92 // WeakPtrFactory used to create callbacks for validating and storing policy.
83 base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_; 93 base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_;
84 94
95 // The key used to verify signatures of cached policy.
96 std::string policy_key_;
97
85 // Path to file where we store persisted policy. 98 // Path to file where we store persisted policy.
86 base::FilePath backing_file_path_; 99 base::FilePath policy_path_;
100
101 // Path to file where we store the signing key for the policy blob.
102 base::FilePath key_path_;
103
104 // The hard-coded key used to verify new signing keys.
105 const std::string verification_key_;
87 106
88 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore); 107 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore);
89 }; 108 };
90 109
91 } // namespace policy 110 } // namespace policy
92 111
93 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ 112 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
OLDNEW
« components/policy/core/common/cloud/cloud_policy_validator.cc ('K') | « components/policy/core/common/cloud/user_cloud_policy_manager.cc ('k') | components/policy/core/common/cloud/user_cloud_policy_store.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698