| Index: components/policy/core/common/cloud/user_cloud_policy_store.h
|
| diff --git a/components/policy/core/common/cloud/user_cloud_policy_store.h b/components/policy/core/common/cloud/user_cloud_policy_store.h
|
| index 4dc7e248b1f53a304bb567d173f31c6424f1a60d..e7ef91e93cbe1450b0d960221f50027affefd023 100644
|
| --- a/components/policy/core/common/cloud/user_cloud_policy_store.h
|
| +++ b/components/policy/core/common/cloud/user_cloud_policy_store.h
|
| @@ -13,6 +13,7 @@
|
| #include "base/memory/weak_ptr.h"
|
| #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
|
| #include "components/policy/policy_export.h"
|
| +#include "policy/proto/policy_signing_key.pb.h"
|
|
|
| namespace base {
|
| class SequencedTaskRunner;
|
| @@ -29,6 +30,8 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
|
| // it) user.
|
| UserCloudPolicyStore(
|
| const base::FilePath& policy_file,
|
| + const base::FilePath& key_file,
|
| + const std::string& verification_key,
|
| scoped_refptr<base::SequencedTaskRunner> background_task_runner);
|
| virtual ~UserCloudPolicyStore();
|
|
|
| @@ -36,6 +39,7 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
|
| // |profile_path|.
|
| static scoped_ptr<UserCloudPolicyStore> Create(
|
| const base::FilePath& profile_path,
|
| + const std::string& verification_key,
|
| scoped_refptr<base::SequencedTaskRunner> background_task_runner);
|
|
|
| // Sets the username from signin for validation of the policy.
|
| @@ -53,6 +57,10 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
|
| virtual void Store(
|
| const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
|
|
|
| + // The key used to sign the current policy (empty if there either is no
|
| + // loaded policy yet, or if the policy is unsigned).
|
| + const std::string& policy_key() { return policy_key_; }
|
| +
|
| protected:
|
| std::string signin_username_;
|
|
|
| @@ -69,12 +77,14 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
|
| // thread).
|
| void Validate(
|
| scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
|
| + scoped_ptr<enterprise_management::PolicySigningKey> key,
|
| bool validate_in_background,
|
| const UserCloudPolicyValidator::CompletionCallback& callback);
|
|
|
| // Callback invoked to install a just-loaded policy after validation has
|
| // finished.
|
| - void InstallLoadedPolicyAfterValidation(UserCloudPolicyValidator* validator);
|
| + void InstallLoadedPolicyAfterValidation(const std::string& signing_key,
|
| + UserCloudPolicyValidator* validator);
|
|
|
| // Callback invoked to store the policy after validation has finished.
|
| void StorePolicyAfterValidation(UserCloudPolicyValidator* validator);
|
| @@ -82,8 +92,17 @@ class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
|
| // WeakPtrFactory used to create callbacks for validating and storing policy.
|
| base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_;
|
|
|
| + // The key used to verify signatures of cached policy.
|
| + std::string policy_key_;
|
| +
|
| // Path to file where we store persisted policy.
|
| - base::FilePath backing_file_path_;
|
| + base::FilePath policy_path_;
|
| +
|
| + // Path to file where we store the signing key for the policy blob.
|
| + base::FilePath key_path_;
|
| +
|
| + // The hard-coded key used to verify new signing keys.
|
| + const std::string verification_key_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore);
|
| };
|
|
|
Chromium Code Reviews
Issue 116273002:
Added support for signed policy blobs on desktop. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src