Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(261)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 184373002: Skip timestamp validation for cached Chrome OS user policy. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/callback.h" 9 #include "base/callback.h"
10 #include "base/file_util.h" 10 #include "base/file_util.h"
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after
251 return; 251 return;
252 } 252 }
253 253
254 policy_key_path_ = user_policy_key_dir_.Append( 254 policy_key_path_ = user_policy_key_dir_.Append(
255 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); 255 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str()));
256 LoadPolicyKey(policy_key_path_, &policy_key_); 256 LoadPolicyKey(policy_key_path_, &policy_key_);
257 policy_key_loaded_ = true; 257 policy_key_loaded_ = true;
258 258
259 scoped_ptr<UserCloudPolicyValidator> validator = 259 scoped_ptr<UserCloudPolicyValidator> validator =
260 CreateValidator(policy.Pass(), 260 CreateValidator(policy.Pass(),
261 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 261 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
Joao da Silva 2014/02/28 10:04:55 Here too? This would trigger if there is an immedi
Mattias Nissler (ping if slow) 2014/02/28 10:25:16 Yes, good point. I've verified that it indeed repr
262 validator->ValidateUsername(username_); 262 validator->ValidateUsername(username_);
263 const bool allow_rotation = false; 263 const bool allow_rotation = false;
264 validator->ValidateSignature( 264 validator->ValidateSignature(
265 policy_key_, 265 policy_key_,
266 GetPolicyVerificationKey(), 266 GetPolicyVerificationKey(),
267 ExtractDomain(sanitized_username), 267 ExtractDomain(sanitized_username),
268 allow_rotation); 268 allow_rotation);
269 validator->RunValidation(); 269 validator->RunValidation();
270 OnRetrievedPolicyValidated(validator.get()); 270 OnRetrievedPolicyValidated(validator.get());
271 } 271 }
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
371 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, 371 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy,
372 weak_factory_.GetWeakPtr(), 372 weak_factory_.GetWeakPtr(),
373 base::Passed(&policy))); 373 base::Passed(&policy)));
374 } 374 }
375 375
376 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( 376 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy(
377 scoped_ptr<em::PolicyFetchResponse> policy) { 377 scoped_ptr<em::PolicyFetchResponse> policy) {
378 // Create and configure a validator for the loaded policy. 378 // Create and configure a validator for the loaded policy.
379 scoped_ptr<UserCloudPolicyValidator> validator = 379 scoped_ptr<UserCloudPolicyValidator> validator =
380 CreateValidator(policy.Pass(), 380 CreateValidator(policy.Pass(),
381 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 381 CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
382 validator->ValidateUsername(username_); 382 validator->ValidateUsername(username_);
383 const bool allow_rotation = false; 383 const bool allow_rotation = false;
384 validator->ValidateSignature(policy_key_, 384 validator->ValidateSignature(policy_key_,
385 GetPolicyVerificationKey(), 385 GetPolicyVerificationKey(),
386 ExtractDomain(username_), 386 ExtractDomain(username_),
387 allow_rotation); 387 allow_rotation);
388 // Start validation. The Validator will delete itself once validation is 388 // Start validation. The Validator will delete itself once validation is
389 // complete. 389 // complete.
390 validator.release()->StartValidation( 390 validator.release()->StartValidation(
391 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, 391 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated,
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
562 !sanitized_username.empty()) { 562 !sanitized_username.empty()) {
563 policy_key_path_ = user_policy_key_dir_.Append( 563 policy_key_path_ = user_policy_key_dir_.Append(
564 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); 564 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str()));
565 } else { 565 } else {
566 SampleValidationFailure(VALIDATION_FAILURE_DBUS); 566 SampleValidationFailure(VALIDATION_FAILURE_DBUS);
567 } 567 }
568 ReloadPolicyKey(callback); 568 ReloadPolicyKey(callback);
569 } 569 }
570 570
571 } // namespace policy 571 } // namespace policy
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698