| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 | 61 |
| 62 } // namespace | 62 } // namespace |
| 63 | 63 |
| 64 // Helper class for loading legacy policy caches. | 64 // Helper class for loading legacy policy caches. |
| 65 class LegacyPolicyCacheLoader : public UserPolicyTokenLoader::Delegate, | 65 class LegacyPolicyCacheLoader : public UserPolicyTokenLoader::Delegate, |
| 66 public UserPolicyDiskCache::Delegate { | 66 public UserPolicyDiskCache::Delegate { |
| 67 public: | 67 public: |
| 68 typedef base::Callback<void(const std::string&, | 68 typedef base::Callback<void(const std::string&, |
| 69 const std::string&, | 69 const std::string&, |
| 70 CloudPolicyStore::Status, | 70 CloudPolicyStore::Status, |
| 71 scoped_ptr<em::PolicyFetchResponse>)> Callback; | 71 std::unique_ptr<em::PolicyFetchResponse>)> |
| 72 Callback; |
| 72 | 73 |
| 73 LegacyPolicyCacheLoader( | 74 LegacyPolicyCacheLoader( |
| 74 const base::FilePath& token_cache_file, | 75 const base::FilePath& token_cache_file, |
| 75 const base::FilePath& policy_cache_file, | 76 const base::FilePath& policy_cache_file, |
| 76 scoped_refptr<base::SequencedTaskRunner> background_task_runner); | 77 scoped_refptr<base::SequencedTaskRunner> background_task_runner); |
| 77 ~LegacyPolicyCacheLoader() override; | 78 ~LegacyPolicyCacheLoader() override; |
| 78 | 79 |
| 79 // Starts loading, and reports the result to |callback| when done. | 80 // Starts loading, and reports the result to |callback| when done. |
| 80 void Load(const Callback& callback); | 81 void Load(const Callback& callback); |
| 81 | 82 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 94 | 95 |
| 95 // Maps a disk cache LoadResult to a CloudPolicyStore::Status. | 96 // Maps a disk cache LoadResult to a CloudPolicyStore::Status. |
| 96 static CloudPolicyStore::Status TranslateLoadResult( | 97 static CloudPolicyStore::Status TranslateLoadResult( |
| 97 UserPolicyDiskCache::LoadResult result); | 98 UserPolicyDiskCache::LoadResult result); |
| 98 | 99 |
| 99 scoped_refptr<UserPolicyTokenLoader> token_loader_; | 100 scoped_refptr<UserPolicyTokenLoader> token_loader_; |
| 100 scoped_refptr<UserPolicyDiskCache> policy_cache_; | 101 scoped_refptr<UserPolicyDiskCache> policy_cache_; |
| 101 | 102 |
| 102 std::string dm_token_; | 103 std::string dm_token_; |
| 103 std::string device_id_; | 104 std::string device_id_; |
| 104 scoped_ptr<em::PolicyFetchResponse> policy_; | 105 std::unique_ptr<em::PolicyFetchResponse> policy_; |
| 105 CloudPolicyStore::Status status_; | 106 CloudPolicyStore::Status status_; |
| 106 | 107 |
| 107 Callback callback_; | 108 Callback callback_; |
| 108 | 109 |
| 109 base::WeakPtrFactory<LegacyPolicyCacheLoader> weak_factory_; | 110 base::WeakPtrFactory<LegacyPolicyCacheLoader> weak_factory_; |
| 110 | 111 |
| 111 DISALLOW_COPY_AND_ASSIGN(LegacyPolicyCacheLoader); | 112 DISALLOW_COPY_AND_ASSIGN(LegacyPolicyCacheLoader); |
| 112 }; | 113 }; |
| 113 | 114 |
| 114 LegacyPolicyCacheLoader::LegacyPolicyCacheLoader( | 115 LegacyPolicyCacheLoader::LegacyPolicyCacheLoader( |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 195 legacy_caches_loaded_(false), | 196 legacy_caches_loaded_(false), |
| 196 policy_key_loaded_(false), | 197 policy_key_loaded_(false), |
| 197 weak_factory_(this) {} | 198 weak_factory_(this) {} |
| 198 | 199 |
| 199 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {} | 200 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {} |
| 200 | 201 |
| 201 void UserCloudPolicyStoreChromeOS::Store( | 202 void UserCloudPolicyStoreChromeOS::Store( |
| 202 const em::PolicyFetchResponse& policy) { | 203 const em::PolicyFetchResponse& policy) { |
| 203 // Cancel all pending requests. | 204 // Cancel all pending requests. |
| 204 weak_factory_.InvalidateWeakPtrs(); | 205 weak_factory_.InvalidateWeakPtrs(); |
| 205 scoped_ptr<em::PolicyFetchResponse> response( | 206 std::unique_ptr<em::PolicyFetchResponse> response( |
| 206 new em::PolicyFetchResponse(policy)); | 207 new em::PolicyFetchResponse(policy)); |
| 207 EnsurePolicyKeyLoaded( | 208 EnsurePolicyKeyLoaded( |
| 208 base::Bind(&UserCloudPolicyStoreChromeOS::ValidatePolicyForStore, | 209 base::Bind(&UserCloudPolicyStoreChromeOS::ValidatePolicyForStore, |
| 209 weak_factory_.GetWeakPtr(), | 210 weak_factory_.GetWeakPtr(), |
| 210 base::Passed(&response))); | 211 base::Passed(&response))); |
| 211 } | 212 } |
| 212 | 213 |
| 213 void UserCloudPolicyStoreChromeOS::Load() { | 214 void UserCloudPolicyStoreChromeOS::Load() { |
| 214 // Cancel all pending requests. | 215 // Cancel all pending requests. |
| 215 weak_factory_.InvalidateWeakPtrs(); | 216 weak_factory_.InvalidateWeakPtrs(); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 232 session_manager_client_->BlockingRetrievePolicyForUser( | 233 session_manager_client_->BlockingRetrievePolicyForUser( |
| 233 cryptohome::Identification(account_id_)); | 234 cryptohome::Identification(account_id_)); |
| 234 if (policy_blob.empty()) { | 235 if (policy_blob.empty()) { |
| 235 // The session manager doesn't have policy, or the call failed. | 236 // The session manager doesn't have policy, or the call failed. |
| 236 // Just notify that the load is done, and don't bother with the legacy | 237 // Just notify that the load is done, and don't bother with the legacy |
| 237 // caches in this case. | 238 // caches in this case. |
| 238 NotifyStoreLoaded(); | 239 NotifyStoreLoaded(); |
| 239 return; | 240 return; |
| 240 } | 241 } |
| 241 | 242 |
| 242 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); | 243 std::unique_ptr<em::PolicyFetchResponse> policy( |
| 244 new em::PolicyFetchResponse()); |
| 243 if (!policy->ParseFromString(policy_blob)) { | 245 if (!policy->ParseFromString(policy_blob)) { |
| 244 status_ = STATUS_PARSE_ERROR; | 246 status_ = STATUS_PARSE_ERROR; |
| 245 NotifyStoreError(); | 247 NotifyStoreError(); |
| 246 return; | 248 return; |
| 247 } | 249 } |
| 248 | 250 |
| 249 std::string sanitized_username = | 251 std::string sanitized_username = |
| 250 cryptohome_client_->BlockingGetSanitizedUsername( | 252 cryptohome_client_->BlockingGetSanitizedUsername( |
| 251 cryptohome::Identification(account_id_)); | 253 cryptohome::Identification(account_id_)); |
| 252 if (sanitized_username.empty()) { | 254 if (sanitized_username.empty()) { |
| 253 status_ = STATUS_LOAD_ERROR; | 255 status_ = STATUS_LOAD_ERROR; |
| 254 NotifyStoreError(); | 256 NotifyStoreError(); |
| 255 return; | 257 return; |
| 256 } | 258 } |
| 257 | 259 |
| 258 policy_key_path_ = user_policy_key_dir_.Append( | 260 policy_key_path_ = user_policy_key_dir_.Append( |
| 259 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); | 261 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); |
| 260 LoadPolicyKey(policy_key_path_, &policy_key_); | 262 LoadPolicyKey(policy_key_path_, &policy_key_); |
| 261 policy_key_loaded_ = true; | 263 policy_key_loaded_ = true; |
| 262 | 264 |
| 263 scoped_ptr<UserCloudPolicyValidator> validator = | 265 std::unique_ptr<UserCloudPolicyValidator> validator = |
| 264 CreateValidatorForLoad(std::move(policy)); | 266 CreateValidatorForLoad(std::move(policy)); |
| 265 validator->RunValidation(); | 267 validator->RunValidation(); |
| 266 OnRetrievedPolicyValidated(validator.get()); | 268 OnRetrievedPolicyValidated(validator.get()); |
| 267 } | 269 } |
| 268 | 270 |
| 269 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( | 271 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( |
| 270 scoped_ptr<em::PolicyFetchResponse> policy) { | 272 std::unique_ptr<em::PolicyFetchResponse> policy) { |
| 271 // Create and configure a validator. | 273 // Create and configure a validator. |
| 272 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( | 274 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
| 273 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); | 275 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
| 274 validator->ValidateUsername(account_id_.GetUserEmail(), true); | 276 validator->ValidateUsername(account_id_.GetUserEmail(), true); |
| 275 if (policy_key_.empty()) { | 277 if (policy_key_.empty()) { |
| 276 validator->ValidateInitialKey(GetPolicyVerificationKey(), | 278 validator->ValidateInitialKey(GetPolicyVerificationKey(), |
| 277 ExtractDomain(account_id_.GetUserEmail())); | 279 ExtractDomain(account_id_.GetUserEmail())); |
| 278 } else { | 280 } else { |
| 279 const bool allow_rotation = true; | 281 const bool allow_rotation = true; |
| 280 validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(), | 282 validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(), |
| 281 ExtractDomain(account_id_.GetUserEmail()), | 283 ExtractDomain(account_id_.GetUserEmail()), |
| 282 allow_rotation); | 284 allow_rotation); |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 344 // the world about the policy update. | 346 // the world about the policy update. |
| 345 policy_.reset(); | 347 policy_.reset(); |
| 346 NotifyStoreLoaded(); | 348 NotifyStoreLoaded(); |
| 347 } | 349 } |
| 348 return; | 350 return; |
| 349 } | 351 } |
| 350 | 352 |
| 351 // Policy is supplied by session_manager. Disregard legacy data from now on. | 353 // Policy is supplied by session_manager. Disregard legacy data from now on. |
| 352 legacy_loader_.reset(); | 354 legacy_loader_.reset(); |
| 353 | 355 |
| 354 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); | 356 std::unique_ptr<em::PolicyFetchResponse> policy( |
| 357 new em::PolicyFetchResponse()); |
| 355 if (!policy->ParseFromString(policy_blob)) { | 358 if (!policy->ParseFromString(policy_blob)) { |
| 356 status_ = STATUS_PARSE_ERROR; | 359 status_ = STATUS_PARSE_ERROR; |
| 357 NotifyStoreError(); | 360 NotifyStoreError(); |
| 358 return; | 361 return; |
| 359 } | 362 } |
| 360 | 363 |
| 361 // Load |policy_key_| to verify the loaded policy. | 364 // Load |policy_key_| to verify the loaded policy. |
| 362 EnsurePolicyKeyLoaded( | 365 EnsurePolicyKeyLoaded( |
| 363 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, | 366 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, |
| 364 weak_factory_.GetWeakPtr(), | 367 weak_factory_.GetWeakPtr(), |
| 365 base::Passed(&policy))); | 368 base::Passed(&policy))); |
| 366 } | 369 } |
| 367 | 370 |
| 368 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( | 371 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( |
| 369 scoped_ptr<em::PolicyFetchResponse> policy) { | 372 std::unique_ptr<em::PolicyFetchResponse> policy) { |
| 370 // Create and configure a validator for the loaded policy. | 373 // Create and configure a validator for the loaded policy. |
| 371 scoped_ptr<UserCloudPolicyValidator> validator = | 374 std::unique_ptr<UserCloudPolicyValidator> validator = |
| 372 CreateValidatorForLoad(std::move(policy)); | 375 CreateValidatorForLoad(std::move(policy)); |
| 373 // Start validation. The Validator will delete itself once validation is | 376 // Start validation. The Validator will delete itself once validation is |
| 374 // complete. | 377 // complete. |
| 375 validator.release()->StartValidation( | 378 validator.release()->StartValidation( |
| 376 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, | 379 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, |
| 377 weak_factory_.GetWeakPtr())); | 380 weak_factory_.GetWeakPtr())); |
| 378 } | 381 } |
| 379 | 382 |
| 380 void UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated( | 383 void UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated( |
| 381 UserCloudPolicyValidator* validator) { | 384 UserCloudPolicyValidator* validator) { |
| (...skipping 23 matching lines...) Expand all Loading... |
| 405 legacy_cache_dir_)); | 408 legacy_cache_dir_)); |
| 406 legacy_cache_dir_.clear(); | 409 legacy_cache_dir_.clear(); |
| 407 } | 410 } |
| 408 NotifyStoreLoaded(); | 411 NotifyStoreLoaded(); |
| 409 } | 412 } |
| 410 | 413 |
| 411 void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( | 414 void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( |
| 412 const std::string& dm_token, | 415 const std::string& dm_token, |
| 413 const std::string& device_id, | 416 const std::string& device_id, |
| 414 Status status, | 417 Status status, |
| 415 scoped_ptr<em::PolicyFetchResponse> policy) { | 418 std::unique_ptr<em::PolicyFetchResponse> policy) { |
| 416 status_ = status; | 419 status_ = status; |
| 417 if (policy.get()) { | 420 if (policy.get()) { |
| 418 // Create and configure a validator for the loaded legacy policy. Note that | 421 // Create and configure a validator for the loaded legacy policy. Note that |
| 419 // the signature on this policy is not verified. | 422 // the signature on this policy is not verified. |
| 420 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( | 423 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
| 421 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); | 424 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
| 422 validator->ValidateUsername(account_id_.GetUserEmail(), true); | 425 validator->ValidateUsername(account_id_.GetUserEmail(), true); |
| 423 validator.release()->StartValidation( | 426 validator.release()->StartValidation( |
| 424 base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, | 427 base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, |
| 425 weak_factory_.GetWeakPtr(), | 428 weak_factory_.GetWeakPtr(), |
| 426 dm_token, | 429 dm_token, |
| 427 device_id)); | 430 device_id)); |
| 428 } else { | 431 } else { |
| 429 InstallLegacyTokens(dm_token, device_id); | 432 InstallLegacyTokens(dm_token, device_id); |
| 430 } | 433 } |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 548 if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS && | 551 if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS && |
| 549 !sanitized_username.empty()) { | 552 !sanitized_username.empty()) { |
| 550 policy_key_path_ = user_policy_key_dir_.Append( | 553 policy_key_path_ = user_policy_key_dir_.Append( |
| 551 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); | 554 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); |
| 552 } else { | 555 } else { |
| 553 SampleValidationFailure(VALIDATION_FAILURE_DBUS); | 556 SampleValidationFailure(VALIDATION_FAILURE_DBUS); |
| 554 } | 557 } |
| 555 ReloadPolicyKey(callback); | 558 ReloadPolicyKey(callback); |
| 556 } | 559 } |
| 557 | 560 |
| 558 scoped_ptr<UserCloudPolicyValidator> | 561 std::unique_ptr<UserCloudPolicyValidator> |
| 559 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( | 562 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( |
| 560 scoped_ptr<em::PolicyFetchResponse> policy) { | 563 std::unique_ptr<em::PolicyFetchResponse> policy) { |
| 561 scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( | 564 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( |
| 562 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); | 565 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); |
| 563 validator->ValidateUsername(account_id_.GetUserEmail(), true); | 566 validator->ValidateUsername(account_id_.GetUserEmail(), true); |
| 564 const bool allow_rotation = false; | 567 const bool allow_rotation = false; |
| 565 const std::string empty_key = std::string(); | 568 const std::string empty_key = std::string(); |
| 566 // The policy loaded from session manager need not be validated using the | 569 // The policy loaded from session manager need not be validated using the |
| 567 // verification key since it is secure, and since there may be legacy policy | 570 // verification key since it is secure, and since there may be legacy policy |
| 568 // data that was stored without a verification key. Hence passing an empty | 571 // data that was stored without a verification key. Hence passing an empty |
| 569 // value for the verification key. | 572 // value for the verification key. |
| 570 validator->ValidateSignature(policy_key_, empty_key, | 573 validator->ValidateSignature(policy_key_, empty_key, |
| 571 ExtractDomain(account_id_.GetUserEmail()), | 574 ExtractDomain(account_id_.GetUserEmail()), |
| 572 allow_rotation); | 575 allow_rotation); |
| 573 return validator; | 576 return validator; |
| 574 } | 577 } |
| 575 } // namespace policy | 578 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1870793002:
Convert //chrome/browser/chromeos from scoped_ptr to std::unique_ptr (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master