Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(954)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/proto/device_management_backend.proto

Issue 2261763002: Device enterprise registration with a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Initialize pointers to nullptr. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/policy/core/common/remote_commands/remote_commands_service_unittest.cc ('k') | components/policy_strings.grdp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 syntax = "proto2"; 5 syntax = "proto2";
6 6
7 option optimize_for = LITE_RUNTIME; 7 option optimize_for = LITE_RUNTIME;
8 8
9 package enterprise_management; 9 package enterprise_management;
10 10
11 // The wrapper message of any data and its signature. 11 // Data along with a cryptographic signature verifying their authenticity.
12 // Note: this should be compatible with the definition of SignedData in:
13 // "third_party/chromiumos_platform_cryptohome/attestation.proto"
14 message SignedData { 12 message SignedData {
15 // The data to be signed. 13 // The data to be signed.
16 optional bytes data = 1; 14 optional bytes data = 1;
17 // The signature of the data field. 15 // The signature of the data field.
18 optional bytes signature = 2; 16 optional bytes signature = 2;
17 // How many bytes were added to the end of original data before signature
18 // (e.g. a nonce to avoid proxy attacks of the signing service).
19 optional int32 extra_data_bytes = 3;
19 } 20 }
20 21
21 // Request from device to server to register device. 22 // Request from device to server to register device.
22 message DeviceRegisterRequest { 23 message DeviceRegisterRequest {
23 // Reregister device without erasing server state. It can be used 24 // Reregister device without erasing server state. It can be used
24 // to refresh dmtoken etc. Client MUST set this value to true if it 25 // to refresh dmtoken etc. Client MUST set this value to true if it
25 // reuses an existing device id. 26 // reuses an existing device id.
26 optional bool reregister = 1; 27 optional bool reregister = 1;
27 28
28 // Device register type. This field does not exist for TT release. 29 // Device register type. This field does not exist for TT release.
(...skipping 1057 matching lines...) Expand 10 before | Expand all | Expand 10 after
1086 1087
1087 // Response from server to device for check for Android-for-Work service with 1088 // Response from server to device for check for Android-for-Work service with
1088 // DPC enforcement request. 1089 // DPC enforcement request.
1089 // SC_CONFLICT HTTP code is returned if DPC enforcement is required. 1090 // SC_CONFLICT HTTP code is returned if DPC enforcement is required.
1090 message CheckAndroidManagementResponse {} 1091 message CheckAndroidManagementResponse {}
1091 1092
1092 // Request to register a new device (authenticated by enterprise enrollment 1093 // Request to register a new device (authenticated by enterprise enrollment
1093 // certificate). 1094 // certificate).
1094 // The response message will be the DeviceRegisterReponse. 1095 // The response message will be the DeviceRegisterReponse.
1095 message CertificateBasedDeviceRegisterRequest { 1096 message CertificateBasedDeviceRegisterRequest {
1096 // signed_request.data is CertificateBasedDeviceRegistrationData type 1097 // Signed request to register with a certificate. The signed_request.data
1097 // signed_request.signature is a signature generated with device cert's 1098 // field contains a CertificateBasedDeviceRegistrationData with a nonce
1098 // private key 1099 // (as added by the Chrome OS cryptohome client) appended. The
1099 optional SignedData signed_request = 2; 1100 // signed_request.signature field is a signature of the data field signed
1101 // with the enrollment certificate's private key.
1102 optional SignedData signed_request = 1;
1100 } 1103 }
1101 1104
1102 message CertificateBasedDeviceRegistrationData { 1105 message CertificateBasedDeviceRegistrationData {
1103 enum CertificateType { 1106 enum CertificateType {
1104 UNKNOWN = 0; 1107 UNKNOWN = 0;
1105 ENTERPRISE_ENROLLMENT_CERTIFICATE = 1; 1108 ENTERPRISE_ENROLLMENT_CERTIFICATE = 1;
1106 } 1109 }
1107 1110
1108 optional CertificateType certificate_type = 1; 1111 optional CertificateType certificate_type = 1;
1109 // device certificate in X.509 format. 1112 // device certificate in X.509 format.
(...skipping 25 matching lines...) Expand all
1135 // * ping 1138 // * ping
1136 // * policy 1139 // * policy
1137 // * register 1140 // * register
1138 // * status 1141 // * status
1139 // * unregister 1142 // * unregister
1140 // * remote_commands 1143 // * remote_commands
1141 // * attribute_update_permission 1144 // * attribute_update_permission
1142 // * attribute_update 1145 // * attribute_update
1143 // * gcm_id_update 1146 // * gcm_id_update
1144 // * check_android_management 1147 // * check_android_management
1148 // * certificate_based_register
1145 // 1149 //
1146 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. 1150 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
1147 // * apptype: MUST BE Android or Chrome. 1151 // * apptype: MUST BE Android or Chrome.
1148 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. 1152 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
1149 // * agent: MUST BE a string of characters. 1153 // * agent: MUST BE a string of characters.
1150 // * HTTP Authorization header MUST be in the following formats: 1154 // * HTTP Authorization header MUST be in the following formats:
1151 // * For register, ping and check_android_management requests 1155 // * For register, ping and check_android_management requests
1152 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> 1156 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync>
1153 // 1157 //
1154 // * For unregister, policy, status, cert_upload, remote commands requests, 1158 // * For unregister, policy, status, cert_upload, remote commands requests,
1155 // and gcm id update requests 1159 // and gcm id update requests
1156 // Authorization: GoogleDMToken token=<dm token from register> 1160 // Authorization: GoogleDMToken token=<dm token from register>
1157 // 1161 //
1158 // * The Authorization header isn't used for enterprise_check 1162 // * The Authorization header isn't used for enterprise_check or for
1159 // request, nor for register requests using OAuth. In the latter case, 1163 // certificate_based_register requests, nor for register requests
1160 // the OAuth token is passed in the "oauth" parameter. 1164 // using OAuth. In the latter case, the OAuth token is passed in the
1165 // "oauth" parameter.
1161 // 1166 //
1162 // DeviceManagementRequest should only contain one request which matches the 1167 // DeviceManagementRequest should only contain one request which matches the
1163 // HTTP query parameter - request, as listed below. Other requests within the 1168 // HTTP query parameter - request, as listed below. Other requests within the
1164 // container will be ignored. 1169 // container will be ignored.
1165 // cert_upload: cert_upload_request 1170 // cert_upload: cert_upload_request
1166 // check_device_pairing: check_device_pairing_request 1171 // check_device_pairing: check_device_pairing_request
1167 // device_pairing: device_pairing_request 1172 // device_pairing: device_pairing_request
1168 // device_state_retrieval: device_state_retrieval_request 1173 // device_state_retrieval: device_state_retrieval_request
1169 // enterprise_check: auto_enrollment_request 1174 // enterprise_check: auto_enrollment_request
1170 // ping: policy_request 1175 // ping: policy_request
1171 // policy: policy_request 1176 // policy: policy_request
1172 // register: register_request 1177 // register: register_request
1173 // status: device_status_report_request or session_status_report_request 1178 // status: device_status_report_request or session_status_report_request
1174 // unregister: unregister_request 1179 // unregister: unregister_request
1175 // remote_commands: remote_command_request 1180 // remote_commands: remote_command_request
1176 // attribute_update_permission: device_attribute_update_permission_request 1181 // attribute_update_permission: device_attribute_update_permission_request
1177 // attribute_update: device_attribute_update_request 1182 // attribute_update: device_attribute_update_request
1178 // gcm_id_update: gcm_id_update_request 1183 // gcm_id_update: gcm_id_update_request
1179 // check_android_management: check_android_management_request 1184 // check_android_management: check_android_management_request
1185 // certificate_based_register: cert_based_register_request
1180 // 1186 //
1181 message DeviceManagementRequest { 1187 message DeviceManagementRequest {
1182 // Register request. 1188 // Register request.
1183 optional DeviceRegisterRequest register_request = 1; 1189 optional DeviceRegisterRequest register_request = 1;
1184 1190
1185 // Unregister request. 1191 // Unregister request.
1186 optional DeviceUnregisterRequest unregister_request = 2; 1192 optional DeviceUnregisterRequest unregister_request = 2;
1187 1193
1188 // Policy request. 1194 // Policy request.
1189 optional DevicePolicyRequest policy_request = 3; 1195 optional DevicePolicyRequest policy_request = 3;
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
1222 1228
1223 // Update device attribute. 1229 // Update device attribute.
1224 optional DeviceAttributeUpdateRequest device_attribute_update_request 1230 optional DeviceAttributeUpdateRequest device_attribute_update_request
1225 = 15; 1231 = 15;
1226 1232
1227 // Update the GCM id to device_id mapping. 1233 // Update the GCM id to device_id mapping.
1228 optional GcmIdUpdateRequest gcm_id_update_request = 16; 1234 optional GcmIdUpdateRequest gcm_id_update_request = 16;
1229 1235
1230 // Check if user is a managed Android-for-Work user with DPC enforcement. 1236 // Check if user is a managed Android-for-Work user with DPC enforcement.
1231 optional CheckAndroidManagementRequest check_android_management_request = 17; 1237 optional CheckAndroidManagementRequest check_android_management_request = 17;
1238
1239 // Request to register with a registration certificate.
1240 optional CertificateBasedDeviceRegisterRequest
1241 cert_based_register_request = 18;
1242
1232 } 1243 }
1233 1244
1234 // Response from server to device. 1245 // Response from server to device.
1235 // 1246 //
1236 // The server uses the following numbers as HTTP status codes 1247 // The server uses the following numbers as HTTP status codes
1237 // to report top-level errors. 1248 // to report top-level errors.
1238 // 1249 //
1239 // 200 OK: valid response is returned to client. 1250 // 200 OK: valid response is returned to client.
1240 // 400 Bad Request: invalid argument. 1251 // 400 Bad Request: invalid argument.
1241 // 401 Unauthorized: invalid auth cookie or DM token. 1252 // 401 Unauthorized: invalid auth cookie or DM token.
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
1294 // Response to update device attribute. 1305 // Response to update device attribute.
1295 optional DeviceAttributeUpdateResponse device_attribute_update_response = 16; 1306 optional DeviceAttributeUpdateResponse device_attribute_update_response = 16;
1296 1307
1297 // Response to GCM id update request. 1308 // Response to GCM id update request.
1298 optional GcmIdUpdateResponse gcm_id_update_response = 17; 1309 optional GcmIdUpdateResponse gcm_id_update_response = 17;
1299 1310
1300 // Response to check Android management request. 1311 // Response to check Android management request.
1301 optional CheckAndroidManagementResponse 1312 optional CheckAndroidManagementResponse
1302 check_android_management_response = 18; 1313 check_android_management_response = 18;
1303 } 1314 }
OLDNEW
« no previous file with comments | « components/policy/core/common/remote_commands/remote_commands_service_unittest.cc ('k') | components/policy_strings.grdp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698