| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/sequenced_task_runner.h" | 8 #include "base/sequenced_task_runner.h" |
| 9 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h" | 9 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h" |
| 10 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 10 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 !device_settings_service_->policy_data() || !owner_key.get() || | 41 !device_settings_service_->policy_data() || !owner_key.get() || |
| 42 !owner_key->public_key()) { | 42 !owner_key->public_key()) { |
| 43 status_ = STATUS_BAD_STATE; | 43 status_ = STATUS_BAD_STATE; |
| 44 NotifyStoreError(); | 44 NotifyStoreError(); |
| 45 return; | 45 return; |
| 46 } | 46 } |
| 47 | 47 |
| 48 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); | 48 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); |
| 49 validator->ValidateSignature(owner_key->public_key_as_string(), | 49 validator->ValidateSignature(owner_key->public_key_as_string(), |
| 50 GetPolicyVerificationKey(), | 50 GetPolicyVerificationKey(), |
| 51 std::string(), | 51 install_attributes_->GetDomain(), |
| 52 true); | 52 true); |
| 53 validator->ValidateAgainstCurrentPolicy( | 53 validator->ValidateAgainstCurrentPolicy( |
| 54 device_settings_service_->policy_data(), | 54 device_settings_service_->policy_data(), |
| 55 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, | 55 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, |
| 56 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 56 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 57 validator.release()->StartValidation( | 57 validator.release()->StartValidation( |
| 58 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, | 58 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, |
| 59 weak_factory_.GetWeakPtr())); | 59 weak_factory_.GetWeakPtr())); |
| 60 } | 60 } |
| 61 | 61 |
| 62 void DeviceCloudPolicyStoreChromeOS::Load() { | 62 void DeviceCloudPolicyStoreChromeOS::Load() { |
| 63 device_settings_service_->Load(); | 63 device_settings_service_->Load(); |
| 64 } | 64 } |
| 65 | 65 |
| 66 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( | 66 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( |
| 67 const em::PolicyFetchResponse& policy) { | 67 const em::PolicyFetchResponse& policy) { |
| 68 // Cancel all pending requests. | 68 // Cancel all pending requests. |
| 69 weak_factory_.InvalidateWeakPtrs(); | 69 weak_factory_.InvalidateWeakPtrs(); |
| 70 | 70 |
| 71 if (!install_attributes_->IsEnterpriseDevice() && | 71 if (!install_attributes_->IsEnterpriseDevice() && |
| 72 device_settings_service_->status() != | 72 device_settings_service_->status() != |
| 73 chromeos::DeviceSettingsService::STORE_NO_POLICY) { | 73 chromeos::DeviceSettingsService::STORE_NO_POLICY) { |
| 74 status_ = STATUS_BAD_STATE; | 74 status_ = STATUS_BAD_STATE; |
| 75 NotifyStoreError(); | 75 NotifyStoreError(); |
| 76 return; | 76 return; |
| 77 } | 77 } |
| 78 | 78 |
| 79 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); | 79 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); |
| 80 validator->ValidateInitialKey(GetPolicyVerificationKey()); | 80 validator->ValidateInitialKey(GetPolicyVerificationKey(), |
| 81 install_attributes_->GetDomain()); |
| 81 validator.release()->StartValidation( | 82 validator.release()->StartValidation( |
| 82 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, | 83 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, |
| 83 weak_factory_.GetWeakPtr())); | 84 weak_factory_.GetWeakPtr())); |
| 84 } | 85 } |
| 85 | 86 |
| 86 void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() { | 87 void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() { |
| 87 // Nothing to do. | 88 // Nothing to do. |
| 88 } | 89 } |
| 89 | 90 |
| 90 void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() { | 91 void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() { |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: | 162 case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: |
| 162 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: | 163 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: |
| 163 status_ = STATUS_LOAD_ERROR; | 164 status_ = STATUS_LOAD_ERROR; |
| 164 break; | 165 break; |
| 165 } | 166 } |
| 166 | 167 |
| 167 NotifyStoreError(); | 168 NotifyStoreError(); |
| 168 } | 169 } |
| 169 | 170 |
| 170 } // namespace policy | 171 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 143183007:
Update policy signature verification to include policy domain. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src