chrome/browser/chromeos/settings/session_manager_operation.cc - Issue 143183007: Update policy signature verification to include policy domain.

Unified Diff: chrome/browser/chromeos/settings/session_manager_operation.cc

Issue 143183007: Update policy signature verification to include policy domain. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Trying again after mysterious chunk-mismatch error on last upload. Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: chrome/browser/chromeos/settings/session_manager_operation.cc

diff --git a/chrome/browser/chromeos/settings/session_manager_operation.cc b/chrome/browser/chromeos/settings/session_manager_operation.cc

index d7f994c83f80f52730311eb322fb77ed8f20f761..ebaecf367d0198faa2c9d03013dcba01a5067013 100644

--- a/chrome/browser/chromeos/settings/session_manager_operation.cc

+++ b/chrome/browser/chromeos/settings/session_manager_operation.cc

@@ -182,8 +182,10 @@ void SessionManagerOperation::ValidateDeviceSettings(

policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);

validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);

validator->ValidatePayload();

+ // We don't check the DMServer verification key below, because policy blobs

+ // generated by session manager aren't signed by DMServer.

Mattias Nissler (ping if slow) 2014/02/13 10:52:53 technically, policy blobs _are_ signed. We don't c

Andrew T Wilson (Slow) 2014/02/13 12:15:36 They are signed, but not signed by DMServer, right

Mattias Nissler (ping if slow) 2014/02/13 13:35:55 They are signed by DMServer. We just store the Pol

validator->ValidateSignature(owner_key_->public_key_as_string(),

- policy::GetPolicyVerificationKey(),

+ std::string(),

std::string(),

false);

validator->StartValidation(