Chromium Code Reviews Chromium Code Reviews
Issue 143183007:
Update policy signature verification to include policy domain. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ | 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ |
| 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ | 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 82 | 82 |
| 83 // These return hard-coded testing keys. Don't use in production! | 83 // These return hard-coded testing keys. Don't use in production! |
| 84 static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey(); | 84 static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey(); |
| 85 static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey(); | 85 static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey(); |
| 86 | 86 |
| 87 // Verification signatures for the two hard-coded testing keys above. These | 87 // Verification signatures for the two hard-coded testing keys above. These |
| 88 // signatures are valid only for the kFakeDomain domain. | 88 // signatures are valid only for the kFakeDomain domain. |
| 89 static std::string GetTestSigningKeySignature(); | 89 static std::string GetTestSigningKeySignature(); |
| 90 static std::string GetTestOtherSigningKeySignature(); | 90 static std::string GetTestOtherSigningKeySignature(); |
| 91 | 91 |
| 92 std::vector<uint8> raw_signing_key() { return raw_signing_key_; } | |
| 93 std::vector<uint8> raw_new_signing_key() { return raw_new_signing_key_; } | |
|
Mattias Nissler (ping if slow)
2014/02/13 10:52:53
nit: newline
Andrew T Wilson (Slow)
2014/02/13 12:15:36
Done.
| |
| 92 private: | 94 private: |
| 93 // Produces |key|'s signature over |data| and stores it in |signature|. | 95 // Produces |key|'s signature over |data| and stores it in |signature|. |
| 94 void SignData(const std::string& data, | 96 void SignData(const std::string& data, |
| 95 crypto::RSAPrivateKey* key, | 97 crypto::RSAPrivateKey* key, |
| 96 std::string* signature); | 98 std::string* signature); |
| 97 | 99 |
| 98 enterprise_management::PolicyFetchResponse policy_; | 100 enterprise_management::PolicyFetchResponse policy_; |
| 99 scoped_ptr<enterprise_management::PolicyData> policy_data_; | 101 scoped_ptr<enterprise_management::PolicyData> policy_data_; |
| 100 std::string payload_data_; | 102 std::string payload_data_; |
| 101 | 103 |
| 102 // The keys cannot be stored in NSS. Temporary keys are not guaranteed to | 104 // The keys cannot be stored in NSS. Temporary keys are not guaranteed to |
| 103 // remain in the database. Persistent keys require a persistent database, | 105 // remain in the database. Persistent keys require a persistent database, |
| 104 // which would coincide with the user's database. However, these keys are used | 106 // which would coincide with the user's database. However, these keys are used |
| 105 // for signing the policy and don't have to coincide with the user's known | 107 // for signing the policy and don't have to coincide with the user's known |
| 106 // keys. Instead, we store the private keys as raw bytes. Where needed, a | 108 // keys. Instead, we store the private keys as raw bytes. Where needed, a |
| 107 // temporary RSAPrivateKey is created. | 109 // temporary RSAPrivateKey is created. |
| 108 std::vector<uint8> raw_signing_key_; | 110 std::vector<uint8> raw_signing_key_; |
| 109 std::vector<uint8> raw_new_signing_key_; | 111 std::vector<uint8> raw_new_signing_key_; |
| 112 std::string raw_new_signing_key_signature_; | |
| 110 | 113 |
| 111 DISALLOW_COPY_AND_ASSIGN(PolicyBuilder); | 114 DISALLOW_COPY_AND_ASSIGN(PolicyBuilder); |
| 112 }; | 115 }; |
| 113 | 116 |
| 114 // Type-parameterized PolicyBuilder extension that allows for building policy | 117 // Type-parameterized PolicyBuilder extension that allows for building policy |
| 115 // blobs carrying protobuf payloads. | 118 // blobs carrying protobuf payloads. |
| 116 template<typename PayloadProto> | 119 template<typename PayloadProto> |
| 117 class TypedPolicyBuilder : public PolicyBuilder { | 120 class TypedPolicyBuilder : public PolicyBuilder { |
| 118 public: | 121 public: |
| 119 TypedPolicyBuilder(); | 122 TypedPolicyBuilder(); |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 147 UserPolicyBuilder; | 150 UserPolicyBuilder; |
| 148 | 151 |
| 149 #if !defined(OS_ANDROID) && !defined(OS_IOS) | 152 #if !defined(OS_ANDROID) && !defined(OS_IOS) |
| 150 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData> | 153 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData> |
| 151 ComponentPolicyBuilder; | 154 ComponentPolicyBuilder; |
| 152 #endif | 155 #endif |
| 153 | 156 |
| 154 } // namespace policy | 157 } // namespace policy |
| 155 | 158 |
| 156 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ | 159 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ |
| OLD | NEW |
