| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ | 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ |
| 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ | 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 | 82 |
| 83 // These return hard-coded testing keys. Don't use in production! | 83 // These return hard-coded testing keys. Don't use in production! |
| 84 static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey(); | 84 static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey(); |
| 85 static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey(); | 85 static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey(); |
| 86 | 86 |
| 87 // Verification signatures for the two hard-coded testing keys above. These | 87 // Verification signatures for the two hard-coded testing keys above. These |
| 88 // signatures are valid only for the kFakeDomain domain. | 88 // signatures are valid only for the kFakeDomain domain. |
| 89 static std::string GetTestSigningKeySignature(); | 89 static std::string GetTestSigningKeySignature(); |
| 90 static std::string GetTestOtherSigningKeySignature(); | 90 static std::string GetTestOtherSigningKeySignature(); |
| 91 | 91 |
| 92 std::vector<uint8> raw_signing_key() { return raw_signing_key_; } |
| 93 std::vector<uint8> raw_new_signing_key() { return raw_new_signing_key_; } |
| 94 |
| 92 private: | 95 private: |
| 93 // Produces |key|'s signature over |data| and stores it in |signature|. | 96 // Produces |key|'s signature over |data| and stores it in |signature|. |
| 94 void SignData(const std::string& data, | 97 void SignData(const std::string& data, |
| 95 crypto::RSAPrivateKey* key, | 98 crypto::RSAPrivateKey* key, |
| 96 std::string* signature); | 99 std::string* signature); |
| 97 | 100 |
| 98 enterprise_management::PolicyFetchResponse policy_; | 101 enterprise_management::PolicyFetchResponse policy_; |
| 99 scoped_ptr<enterprise_management::PolicyData> policy_data_; | 102 scoped_ptr<enterprise_management::PolicyData> policy_data_; |
| 100 std::string payload_data_; | 103 std::string payload_data_; |
| 101 | 104 |
| 102 // The keys cannot be stored in NSS. Temporary keys are not guaranteed to | 105 // The keys cannot be stored in NSS. Temporary keys are not guaranteed to |
| 103 // remain in the database. Persistent keys require a persistent database, | 106 // remain in the database. Persistent keys require a persistent database, |
| 104 // which would coincide with the user's database. However, these keys are used | 107 // which would coincide with the user's database. However, these keys are used |
| 105 // for signing the policy and don't have to coincide with the user's known | 108 // for signing the policy and don't have to coincide with the user's known |
| 106 // keys. Instead, we store the private keys as raw bytes. Where needed, a | 109 // keys. Instead, we store the private keys as raw bytes. Where needed, a |
| 107 // temporary RSAPrivateKey is created. | 110 // temporary RSAPrivateKey is created. |
| 108 std::vector<uint8> raw_signing_key_; | 111 std::vector<uint8> raw_signing_key_; |
| 109 std::vector<uint8> raw_new_signing_key_; | 112 std::vector<uint8> raw_new_signing_key_; |
| 113 std::string raw_new_signing_key_signature_; |
| 110 | 114 |
| 111 DISALLOW_COPY_AND_ASSIGN(PolicyBuilder); | 115 DISALLOW_COPY_AND_ASSIGN(PolicyBuilder); |
| 112 }; | 116 }; |
| 113 | 117 |
| 114 // Type-parameterized PolicyBuilder extension that allows for building policy | 118 // Type-parameterized PolicyBuilder extension that allows for building policy |
| 115 // blobs carrying protobuf payloads. | 119 // blobs carrying protobuf payloads. |
| 116 template<typename PayloadProto> | 120 template<typename PayloadProto> |
| 117 class TypedPolicyBuilder : public PolicyBuilder { | 121 class TypedPolicyBuilder : public PolicyBuilder { |
| 118 public: | 122 public: |
| 119 TypedPolicyBuilder(); | 123 TypedPolicyBuilder(); |
| (...skipping 27 matching lines...) Expand all Loading... |
| 147 UserPolicyBuilder; | 151 UserPolicyBuilder; |
| 148 | 152 |
| 149 #if !defined(OS_ANDROID) && !defined(OS_IOS) | 153 #if !defined(OS_ANDROID) && !defined(OS_IOS) |
| 150 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData> | 154 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData> |
| 151 ComponentPolicyBuilder; | 155 ComponentPolicyBuilder; |
| 152 #endif | 156 #endif |
| 153 | 157 |
| 154 } // namespace policy | 158 } // namespace policy |
| 155 | 159 |
| 156 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ | 160 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 143183007:
Update policy signature verification to include policy domain. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src