components/policy/core/common/cloud/policy_builder.cc - Issue 116273002: Added support for signed policy blobs on desktop.

Unified Diff: components/policy/core/common/cloud/policy_builder.cc

Issue 116273002: Added support for signed policy blobs on desktop. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Cleanup from self-review + cros clang fix. Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« components/policy/core/common/cloud/policy_builder.h ('K') | « components/policy/core/common/cloud/policy_builder.h ('k') | components/policy/core/common/cloud/policy_header_service.h » ('j') | components/policy/core/common/cloud/user_cloud_policy_store.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/policy/core/common/cloud/policy_builder.cc

diff --git a/components/policy/core/common/cloud/policy_builder.cc b/components/policy/core/common/cloud/policy_builder.cc

index 3d000678188c46400bfaf4095c499184edec9d8e..552cedb6e95bb6a037c5f126e236f174f32190d4 100644

--- a/components/policy/core/common/cloud/policy_builder.cc

+++ b/components/policy/core/common/cloud/policy_builder.cc

@@ -144,6 +144,13 @@ void PolicyBuilder::SetDefaultNewSigningKey() {

raw_new_signing_key_.swap(key);

}

+void PolicyBuilder::SetDefaultInitialSigningKey() {

+ std::vector<uint8> key(kSigningKey,

+ kSigningKey + arraysize(kSigningKey));

+ raw_new_signing_key_.swap(key);

+ UnsetSigningKey();

void PolicyBuilder::UnsetNewSigningKey() {

raw_new_signing_key_.clear();

}

@@ -169,6 +176,10 @@ void PolicyBuilder::Build() {

policy_.mutable_new_public_key_signature());

}

} else {

+ // No new signing key, so clear the old public key (this allows us to

+ // reuse the same PolicyBuilder to build multiple policy blobs).

+ policy_.clear_new_public_key();

+ policy_.clear_new_public_key_signature();

Mattias Nissler (ping if slow) 2014/01/27 13:52:13 The problem with this code is that it makes the bu

Andrew T Wilson (Slow) 2014/01/30 17:10:31 Yes it can - it can just inject them after calling

Mattias Nissler (ping if slow) 2014/01/31 21:00:34 Note that this will even fail for the code you hav

Andrew T Wilson (Slow) 2014/02/02 11:31:58 Done.

On 2014/01/31 21:00:34, Mattias Nissler wrote: > On 2014/01/30 17:10:31, Andrew T Wilson wrote: > > On 2014/01/27 13:52:13, Mattias Nissler wrote: > > > The problem with this code is that it makes the builder unusable for testing > > > error scenarios. Say you want to write a test case that needs to set up > > > new_public_key values manually. If you clear() here, the test case can't > > create > > > the situation it needs. > > > > Yes it can - it can just inject them after calling PolicyBuilder::Build(). > > > > > That's why I have generally opted to move this kind of > > > code into the caller. That also generally makes it easier to read the test > > case, > > > because PolicyBuilder does less magic when preparing the policy blob. > > > > I disagree - you ought to be able to do this: > > > > PolicyBuilder::SetDefaultSigningKey(); > > PolicyBuilder::Build(); <- Build blob with new_public_key > > ...tweak policy payload for second policy blob... > > PolicyBuilder::Build(); <- Build blob without new_public_key > > > > Having to manually clear the new_public_key and new_public_key_signature seems > > like it's exposing too much about the internals. This is doubly true since > > PolicyBuilder by default calls SetDefaultSigningKey() in its constructor. This > > means that by default, if you just do this: > > > > PolicyBuilder::Build(); > > ...pass policy to Store for validation... > > PolicyBuilder::Build(); > > ...pass second policy to same Store for validation... > > > > ...the second policy will fail validation since it's trying to do an invalid > key > > rotation (set the public key twice). > > Note that this will even fail for the code you have, unless you > SetSigningKey(GetNewSigningKey()) and UnsetNewSigningKey(). > > However, that's actually the behavior to I prefer - Build() should deliver > stable results if you call it multiple times in a row without modifying > PolicyBuilder state. I had not realized that you're not clearing builder state, > but build result state. What you have is great.

Done.

policy_signing_key = GetSigningKey();

}

@@ -205,6 +216,18 @@ scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::CreateTestOtherSigningKey() {

crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key));

}

+// static

+std::string PolicyBuilder::CreateTestSigningKeySignature() {

Mattias Nissler (ping if slow) 2014/01/27 13:52:13 These should probably be named GetXXX(), given tha

Andrew T Wilson (Slow) 2014/01/30 17:10:31 Done. I named this as CreateXXXX to match CreateTe

+ // TODO(atwilson): Return a real verification signature when one is available.

+ return std::string();

+// static

+std::string PolicyBuilder::CreateTestOtherSigningKeySignature() {

+ // TODO(atwilson): Return a real verification signature when one is available.

+ return std::string();

void PolicyBuilder::SignData(const std::string& data,

crypto::RSAPrivateKey* key,

std::string* signature) {