Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(539)

Unified Diff: components/policy/core/common/cloud/user_cloud_policy_store.h

Issue 116273002: Added support for signed policy blobs on desktop. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix for ios. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/policy/core/common/cloud/user_cloud_policy_store.h
diff --git a/components/policy/core/common/cloud/user_cloud_policy_store.h b/components/policy/core/common/cloud/user_cloud_policy_store.h
index 4dc7e248b1f53a304bb567d173f31c6424f1a60d..e7ef91e93cbe1450b0d960221f50027affefd023 100644
--- a/components/policy/core/common/cloud/user_cloud_policy_store.h
+++ b/components/policy/core/common/cloud/user_cloud_policy_store.h
@@ -13,6 +13,7 @@
#include "base/memory/weak_ptr.h"
#include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
#include "components/policy/policy_export.h"
+#include "policy/proto/policy_signing_key.pb.h"
namespace base {
class SequencedTaskRunner;
@@ -29,6 +30,8 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
// it) user.
UserCloudPolicyStore(
const base::FilePath& policy_file,
+ const base::FilePath& key_file,
+ const std::string& verification_key,
scoped_refptr<base::SequencedTaskRunner> background_task_runner);
virtual ~UserCloudPolicyStore();
@@ -36,6 +39,7 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
// |profile_path|.
static scoped_ptr<UserCloudPolicyStore> Create(
const base::FilePath& profile_path,
+ const std::string& verification_key,
scoped_refptr<base::SequencedTaskRunner> background_task_runner);
// Sets the username from signin for validation of the policy.
@@ -53,6 +57,10 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
virtual void Store(
const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
+ // The key used to sign the current policy (empty if there either is no
+ // loaded policy yet, or if the policy is unsigned).
+ const std::string& policy_key() { return policy_key_; }
+
protected:
std::string signin_username_;
@@ -69,12 +77,14 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
// thread).
void Validate(
scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
+ scoped_ptr<enterprise_management::PolicySigningKey> key,
bool validate_in_background,
const UserCloudPolicyValidator::CompletionCallback& callback);
// Callback invoked to install a just-loaded policy after validation has
// finished.
- void InstallLoadedPolicyAfterValidation(UserCloudPolicyValidator* validator);
+ void InstallLoadedPolicyAfterValidation(const std::string& signing_key,
+ UserCloudPolicyValidator* validator);
// Callback invoked to store the policy after validation has finished.
void StorePolicyAfterValidation(UserCloudPolicyValidator* validator);
@@ -82,8 +92,17 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
// WeakPtrFactory used to create callbacks for validating and storing policy.
base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_;
+ // The key used to verify signatures of cached policy.
+ std::string policy_key_;
+
// Path to file where we store persisted policy.
- base::FilePath backing_file_path_;
+ base::FilePath policy_path_;
+
+ // Path to file where we store the signing key for the policy blob.
+ base::FilePath key_path_;
+
+ // The hard-coded key used to verify new signing keys.
+ const std::string verification_key_;
DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore);
};

Powered by Google App Engine
This is Rietveld 408576698