Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(10)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/settings/session_manager_operation.cc

Issue 143183007: Update policy signature verification to include policy domain. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Trying again after mysterious chunk-mismatch error on last upload. Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation_unittest.cc » ('j') | components/policy/core/common/cloud/cloud_policy_validator.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/message_loop/message_loop.h" 10 #include "base/message_loop/message_loop.h"
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after
175 // To prevent all of these issues the timestamp is just not verified when 175 // To prevent all of these issues the timestamp is just not verified when
176 // loading the device policy from the cache. Note that the timestamp is still 176 // loading the device policy from the cache. Note that the timestamp is still
177 // verified during enrollment and when a new policy is fetched from the 177 // verified during enrollment and when a new policy is fetched from the
178 // server. 178 // server.
179 validator->ValidateAgainstCurrentPolicy( 179 validator->ValidateAgainstCurrentPolicy(
180 policy_data_.get(), 180 policy_data_.get(),
181 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED, 181 policy::CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED,
182 policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED); 182 policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);
183 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType); 183 validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
184 validator->ValidatePayload(); 184 validator->ValidatePayload();
185 // We don't check the DMServer verification key below, because policy blobs
186 // generated by session manager aren't signed by DMServer.
Mattias Nissler (ping if slow) 2014/02/13 10:52:53 technically, policy blobs _are_ signed. We don't c
Andrew T Wilson (Slow) 2014/02/13 12:15:36 They are signed, but not signed by DMServer, right
Mattias Nissler (ping if slow) 2014/02/13 13:35:55 They are signed by DMServer. We just store the Pol
185 validator->ValidateSignature(owner_key_->public_key_as_string(), 187 validator->ValidateSignature(owner_key_->public_key_as_string(),
186 policy::GetPolicyVerificationKey(), 188 std::string(),
187 std::string(), 189 std::string(),
188 false); 190 false);
189 validator->StartValidation( 191 validator->StartValidation(
190 base::Bind(&SessionManagerOperation::ReportValidatorStatus, 192 base::Bind(&SessionManagerOperation::ReportValidatorStatus,
191 weak_factory_.GetWeakPtr())); 193 weak_factory_.GetWeakPtr()));
192 } 194 }
193 195
194 void SessionManagerOperation::ReportValidatorStatus( 196 void SessionManagerOperation::ReportValidatorStatus(
195 policy::DeviceCloudPolicyValidator* validator) { 197 policy::DeviceCloudPolicyValidator* validator) {
196 DeviceSettingsService::Status status = 198 DeviceSettingsService::Status status =
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after
328 } 330 }
329 331
330 void SignAndStoreSettingsOperation::HandleStoreResult(bool success) { 332 void SignAndStoreSettingsOperation::HandleStoreResult(bool success) {
331 if (!success) 333 if (!success)
332 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); 334 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED);
333 else 335 else
334 StartLoading(); 336 StartLoading();
335 } 337 }
336 338
337 } // namespace chromeos 339 } // namespace chromeos
OLDNEW
« chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation_unittest.cc » ('j') | components/policy/core/common/cloud/cloud_policy_validator.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698