| Index: components/policy/core/common/cloud/cloud_policy_client.cc
|
| diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc
|
| index efd95f24505623b5e938a589de2f4cf667621a44..c090d50c3acc28e0fea4b0960e01f009950ff7a2 100644
|
| --- a/components/policy/core/common/cloud/cloud_policy_client.cc
|
| +++ b/components/policy/core/common/cloud/cloud_policy_client.cc
|
| @@ -50,12 +50,14 @@ CloudPolicyClient::StatusProvider::~StatusProvider() {}
|
| CloudPolicyClient::CloudPolicyClient(
|
| const std::string& machine_id,
|
| const std::string& machine_model,
|
| + const std::string& verification_key_hash,
|
| UserAffiliation user_affiliation,
|
| StatusProvider* status_provider,
|
| DeviceManagementService* service,
|
| scoped_refptr<net::URLRequestContextGetter> request_context)
|
| : machine_id_(machine_id),
|
| machine_model_(machine_model),
|
| + verification_key_hash_(verification_key_hash),
|
| user_affiliation_(user_affiliation),
|
| device_mode_(DEVICE_MODE_NOT_SET),
|
| submit_machine_id_(false),
|
| @@ -161,16 +163,14 @@ void CloudPolicyClient::FetchPolicy() {
|
| if (!it->second.empty())
|
| fetch_request->set_settings_entity_id(it->second);
|
|
|
| -#if defined(OS_CHROMEOS)
|
| - // All policy types on ChromeOS ask for a signed policy blob.
|
| + // Request signed policy blobs to help prevent tampering on the client.
|
| fetch_request->set_signature_type(em::PolicyFetchRequest::SHA1_RSA);
|
| -#else
|
| - // Don't request signed blobs for desktop policy.
|
| - fetch_request->set_signature_type(em::PolicyFetchRequest::NONE);
|
| -#endif
|
| if (public_key_version_valid_)
|
| fetch_request->set_public_key_version(public_key_version_);
|
|
|
| + if (!verification_key_hash_.empty())
|
| + fetch_request->set_verification_key_hash(verification_key_hash_);
|
| +
|
| // These fields are included only in requests for chrome policy.
|
| if (IsChromePolicy(it->first)) {
|
| if (submit_machine_id_ && !machine_id_.empty())
|
|
|
Chromium Code Reviews
Issue 116273002:
Added support for signed policy blobs on desktop. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src