Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(152)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/proto/device_management_backend.proto

Issue 2261763002: Device enterprise registration with a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed more feedback. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/policy/core/common/cloud/cloud_policy_client_unittest.cc ('K') | « components/policy/core/common/cloud/enterprise_metrics.h ('k') | components/policy_strings.grdp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 syntax = "proto2"; 5 syntax = "proto2";
6 6
7 option optimize_for = LITE_RUNTIME; 7 option optimize_for = LITE_RUNTIME;
8 8
9 package enterprise_management; 9 package enterprise_management;
10 10
11 // The wrapper message of any data and its signature. 11 // Data along with a cryptographic signature verifying their authenticity.
12 // Note: this should be compatible with the definition of SignedData in:
13 // "third_party/chromiumos_platform_cryptohome/attestation.proto"
14 message SignedData { 12 message SignedData {
15 // The data to be signed. 13 // The data to be signed.
16 optional bytes data = 1; 14 optional bytes data = 1;
17 // The signature of the data field. 15 // The signature of the data field.
18 optional bytes signature = 2; 16 optional bytes signature = 2;
17 // How many bytes were added to the end of original data before signature
18 // (e.g. a nonce to avoid proxy attacks of the signing service).
19 optional int32 extra_data_bytes = 3;
19 } 20 }
20 21
21 // Request from device to server to register device. 22 // Request from device to server to register device.
22 message DeviceRegisterRequest { 23 message DeviceRegisterRequest {
23 // Reregister device without erasing server state. It can be used 24 // Reregister device without erasing server state. It can be used
24 // to refresh dmtoken etc. Client MUST set this value to true if it 25 // to refresh dmtoken etc. Client MUST set this value to true if it
25 // reuses an existing device id. 26 // reuses an existing device id.
26 optional bool reregister = 1; 27 optional bool reregister = 1;
27 28
28 // Device register type. This field does not exist for TT release. 29 // Device register type. This field does not exist for TT release.
(...skipping 1052 matching lines...) Expand 10 before | Expand all | Expand 10 after
1081 1082
1082 // Response from server to device for check for Android-for-Work service with 1083 // Response from server to device for check for Android-for-Work service with
1083 // DPC enforcement request. 1084 // DPC enforcement request.
1084 // SC_CONFLICT HTTP code is returned if DPC enforcement is required. 1085 // SC_CONFLICT HTTP code is returned if DPC enforcement is required.
1085 message CheckAndroidManagementResponse {} 1086 message CheckAndroidManagementResponse {}
1086 1087
1087 // Request to register a new device (authenticated by enterprise enrollment 1088 // Request to register a new device (authenticated by enterprise enrollment
1088 // certificate). 1089 // certificate).
1089 // The response message will be the DeviceRegisterReponse. 1090 // The response message will be the DeviceRegisterReponse.
1090 message CertificateBasedDeviceRegisterRequest { 1091 message CertificateBasedDeviceRegisterRequest {
1091 // signed_request.data is CertificateBasedDeviceRegistrationData type 1092 // Signed request to register with a certificate. The signed_request.data
1092 // signed_request.signature is a signature generated with device cert's 1093 // field contains a CertificateBasedDeviceRegistrationData with a nonce
1093 // private key 1094 // (as added by the Chrome OS cryptohome client) appended. The
1094 optional SignedData signed_request = 2; 1095 // signed_request.signature field is a signature of the data field signed
1096 // with the enrollment certificate's private key.
1097 optional SignedData signed_request = 1;
1095 } 1098 }
1096 1099
1097 message CertificateBasedDeviceRegistrationData { 1100 message CertificateBasedDeviceRegistrationData {
1098 enum CertificateType { 1101 enum CertificateType {
1099 UNKNOWN = 0; 1102 UNKNOWN = 0;
1100 ENTERPRISE_ENROLLMENT_CERTIFICATE = 1; 1103 ENTERPRISE_ENROLLMENT_CERTIFICATE = 1;
1101 } 1104 }
1102 1105
1103 optional CertificateType certificate_type = 1; 1106 optional CertificateType certificate_type = 1;
1104 // device certificate in X.509 format. 1107 // device certificate in X.509 format.
(...skipping 25 matching lines...) Expand all
1130 // * ping 1133 // * ping
1131 // * policy 1134 // * policy
1132 // * register 1135 // * register
1133 // * status 1136 // * status
1134 // * unregister 1137 // * unregister
1135 // * remote_commands 1138 // * remote_commands
1136 // * attribute_update_permission 1139 // * attribute_update_permission
1137 // * attribute_update 1140 // * attribute_update
1138 // * gcm_id_update 1141 // * gcm_id_update
1139 // * check_android_management 1142 // * check_android_management
1143 // * certificate_based_register
1140 // 1144 //
1141 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. 1145 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
1142 // * apptype: MUST BE Android or Chrome. 1146 // * apptype: MUST BE Android or Chrome.
1143 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. 1147 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
1144 // * agent: MUST BE a string of characters. 1148 // * agent: MUST BE a string of characters.
1145 // * HTTP Authorization header MUST be in the following formats: 1149 // * HTTP Authorization header MUST be in the following formats:
1146 // * For register, ping and check_android_management requests 1150 // * For register, ping and check_android_management requests
1147 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> 1151 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync>
1148 // 1152 //
1149 // * For unregister, policy, status, cert_upload, remote commands requests, 1153 // * For unregister, policy, status, cert_upload, remote commands requests,
1150 // and gcm id update requests 1154 // and gcm id update requests
1151 // Authorization: GoogleDMToken token=<dm token from register> 1155 // Authorization: GoogleDMToken token=<dm token from register>
1152 // 1156 //
1153 // * The Authorization header isn't used for enterprise_check 1157 // * The Authorization header isn't used for enterprise_check or for
1154 // request, nor for register requests using OAuth. In the latter case, 1158 // certificate_based_register requests, nor for register requests
1155 // the OAuth token is passed in the "oauth" parameter. 1159 // using OAuth. In the latter case, the OAuth token is passed in the
1160 // "oauth" parameter.
1156 // 1161 //
1157 // DeviceManagementRequest should only contain one request which matches the 1162 // DeviceManagementRequest should only contain one request which matches the
1158 // HTTP query parameter - request, as listed below. Other requests within the 1163 // HTTP query parameter - request, as listed below. Other requests within the
1159 // container will be ignored. 1164 // container will be ignored.
1160 // cert_upload: cert_upload_request 1165 // cert_upload: cert_upload_request
1161 // check_device_pairing: check_device_pairing_request 1166 // check_device_pairing: check_device_pairing_request
1162 // device_pairing: device_pairing_request 1167 // device_pairing: device_pairing_request
1163 // device_state_retrieval: device_state_retrieval_request 1168 // device_state_retrieval: device_state_retrieval_request
1164 // enterprise_check: auto_enrollment_request 1169 // enterprise_check: auto_enrollment_request
1165 // ping: policy_request 1170 // ping: policy_request
1166 // policy: policy_request 1171 // policy: policy_request
1167 // register: register_request 1172 // register: register_request
1168 // status: device_status_report_request or session_status_report_request 1173 // status: device_status_report_request or session_status_report_request
1169 // unregister: unregister_request 1174 // unregister: unregister_request
1170 // remote_commands: remote_command_request 1175 // remote_commands: remote_command_request
1171 // attribute_update_permission: device_attribute_update_permission_request 1176 // attribute_update_permission: device_attribute_update_permission_request
1172 // attribute_update: device_attribute_update_request 1177 // attribute_update: device_attribute_update_request
1173 // gcm_id_update: gcm_id_update_request 1178 // gcm_id_update: gcm_id_update_request
1174 // check_android_management: check_android_management_request 1179 // check_android_management: check_android_management_request
1180 // certificate_based_register: cert_based_register_request
1175 // 1181 //
1176 message DeviceManagementRequest { 1182 message DeviceManagementRequest {
1177 // Register request. 1183 // Register request.
1178 optional DeviceRegisterRequest register_request = 1; 1184 optional DeviceRegisterRequest register_request = 1;
1179 1185
1180 // Unregister request. 1186 // Unregister request.
1181 optional DeviceUnregisterRequest unregister_request = 2; 1187 optional DeviceUnregisterRequest unregister_request = 2;
1182 1188
1183 // Policy request. 1189 // Policy request.
1184 optional DevicePolicyRequest policy_request = 3; 1190 optional DevicePolicyRequest policy_request = 3;
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
1217 1223
1218 // Update device attribute. 1224 // Update device attribute.
1219 optional DeviceAttributeUpdateRequest device_attribute_update_request 1225 optional DeviceAttributeUpdateRequest device_attribute_update_request
1220 = 15; 1226 = 15;
1221 1227
1222 // Update the GCM id to device_id mapping. 1228 // Update the GCM id to device_id mapping.
1223 optional GcmIdUpdateRequest gcm_id_update_request = 16; 1229 optional GcmIdUpdateRequest gcm_id_update_request = 16;
1224 1230
1225 // Check if user is a managed Android-for-Work user with DPC enforcement. 1231 // Check if user is a managed Android-for-Work user with DPC enforcement.
1226 optional CheckAndroidManagementRequest check_android_management_request = 17; 1232 optional CheckAndroidManagementRequest check_android_management_request = 17;
1233
1234 // Request to register with a registration certificate.
1235 optional CertificateBasedDeviceRegisterRequest
1236 cert_based_register_request = 18;
1237
1227 } 1238 }
1228 1239
1229 // Response from server to device. 1240 // Response from server to device.
1230 // 1241 //
1231 // The server uses the following numbers as HTTP status codes 1242 // The server uses the following numbers as HTTP status codes
1232 // to report top-level errors. 1243 // to report top-level errors.
1233 // 1244 //
1234 // 200 OK: valid response is returned to client. 1245 // 200 OK: valid response is returned to client.
1235 // 400 Bad Request: invalid argument. 1246 // 400 Bad Request: invalid argument.
1236 // 401 Unauthorized: invalid auth cookie or DM token. 1247 // 401 Unauthorized: invalid auth cookie or DM token.
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
1289 // Response to update device attribute. 1300 // Response to update device attribute.
1290 optional DeviceAttributeUpdateResponse device_attribute_update_response = 16; 1301 optional DeviceAttributeUpdateResponse device_attribute_update_response = 16;
1291 1302
1292 // Response to GCM id update request. 1303 // Response to GCM id update request.
1293 optional GcmIdUpdateResponse gcm_id_update_response = 17; 1304 optional GcmIdUpdateResponse gcm_id_update_response = 17;
1294 1305
1295 // Response to check Android management request. 1306 // Response to check Android management request.
1296 optional CheckAndroidManagementResponse 1307 optional CheckAndroidManagementResponse
1297 check_android_management_response = 18; 1308 check_android_management_response = 18;
1298 } 1309 }
OLDNEW
« components/policy/core/common/cloud/cloud_policy_client_unittest.cc ('K') | « components/policy/core/common/cloud/enterprise_metrics.h ('k') | components/policy_strings.grdp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698