Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(526)

Unified Diff: components/policy/core/common/cloud/cloud_policy_client.cc

Issue 116273002: Added support for signed policy blobs on desktop. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix for ios. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/policy/core/common/cloud/cloud_policy_client.cc
diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc
index efd95f24505623b5e938a589de2f4cf667621a44..c090d50c3acc28e0fea4b0960e01f009950ff7a2 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -50,12 +50,14 @@ CloudPolicyClient::StatusProvider::~StatusProvider() {}
CloudPolicyClient::CloudPolicyClient(
const std::string& machine_id,
const std::string& machine_model,
+ const std::string& verification_key_hash,
UserAffiliation user_affiliation,
StatusProvider* status_provider,
DeviceManagementService* service,
scoped_refptr<net::URLRequestContextGetter> request_context)
: machine_id_(machine_id),
machine_model_(machine_model),
+ verification_key_hash_(verification_key_hash),
user_affiliation_(user_affiliation),
device_mode_(DEVICE_MODE_NOT_SET),
submit_machine_id_(false),
@@ -161,16 +163,14 @@ void CloudPolicyClient::FetchPolicy() {
if (!it->second.empty())
fetch_request->set_settings_entity_id(it->second);
-#if defined(OS_CHROMEOS)
- // All policy types on ChromeOS ask for a signed policy blob.
+ // Request signed policy blobs to help prevent tampering on the client.
fetch_request->set_signature_type(em::PolicyFetchRequest::SHA1_RSA);
-#else
- // Don't request signed blobs for desktop policy.
- fetch_request->set_signature_type(em::PolicyFetchRequest::NONE);
-#endif
if (public_key_version_valid_)
fetch_request->set_public_key_version(public_key_version_);
+ if (!verification_key_hash_.empty())
+ fetch_request->set_verification_key_hash(verification_key_hash_);
+
// These fields are included only in requests for chrome policy.
if (IsChromePolicy(it->first)) {
if (submit_machine_id_ && !machine_id_.empty())

Powered by Google App Engine
This is Rietveld 408576698