Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(679)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/policy/core/common/cloud/cloud_policy_client.cc

Issue 2261763002: Device enterprise registration with a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed review feedback. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chromeos/attestation/attestation_flow.h ('K') | « components/policy/core/common/cloud/cloud_policy_client.h ('k') | components/policy/core/common/cloud/cloud_policy_client_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/policy/core/common/cloud/cloud_policy_client.cc
diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc
index eaee73ca991b8d4d96dff2cd4e8f6bbaae3befd4..eb32893bc46cf88c82f3f396bb8fd6697ba3b421 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -53,7 +53,8 @@ CloudPolicyClient::CloudPolicyClient(
const std::string& machine_model,
const std::string& verification_key_hash,
DeviceManagementService* service,
- scoped_refptr<net::URLRequestContextGetter> request_context)
+ scoped_refptr<net::URLRequestContextGetter> request_context,
+ SigningService* signing_service)
: machine_id_(machine_id),
machine_model_(machine_model),
verification_key_hash_(verification_key_hash),
@@ -64,10 +65,25 @@ CloudPolicyClient::CloudPolicyClient(
invalidation_version_(0),
fetched_invalidation_version_(0),
service_(service), // Can be null for unit tests.
+ signing_service_(signing_service),
status_(DM_STATUS_SUCCESS),
request_context_(request_context) {
}
+CloudPolicyClient::CloudPolicyClient(
+ const std::string& machine_id,
+ const std::string& machine_model,
+ const std::string& verification_key_hash,
+ DeviceManagementService* service,
+ scoped_refptr<net::URLRequestContextGetter> request_context) :
+ CloudPolicyClient(machine_id,
+ machine_model,
+ verification_key_hash,
+ service,
+ request_context,
+ nullptr /* signing_service */) {
+}
+
CloudPolicyClient::~CloudPolicyClient() {
base::STLDeleteValues(&responses_);
}
@@ -87,6 +103,17 @@ void CloudPolicyClient::SetupRegistration(const std::string& dm_token,
NotifyRegistrationStateChanged();
}
+void CloudPolicyClient::SetClientId(const std::string& client_id) {
+ if (client_id.empty()) {
+ // Generate a new client ID. This is intentionally done on each new
+ // registration request in order to preserve privacy. Reusing IDs would
+ // mean the server could track clients by their registration attempts.
+ client_id_ = base::GenerateGUID();
+ } else {
+ client_id_ = client_id;
+ }
+}
+
void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
em::DeviceRegisterRequest::Flavor flavor,
const std::string& auth_token,
@@ -97,14 +124,7 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
DCHECK(!auth_token.empty());
DCHECK(!is_registered());
- if (client_id.empty()) {
- // Generate a new client ID. This is intentionally done on each new
- // registration request in order to preserve privacy. Reusing IDs would mean
- // the server could track clients by their registration attempts.
- client_id_ = base::GenerateGUID();
- } else {
- client_id_ = client_id;
- }
+ SetClientId(client_id);
policy_fetch_request_job_.reset(
service_->CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION,
@@ -135,6 +155,75 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
base::Unretained(this)));
}
+void CloudPolicyClient::RegisterWithCertificate(
+ em::DeviceRegisterRequest::Type type,
+ em::DeviceRegisterRequest::Flavor flavor,
+ const std::string& pem_certificate_chain,
+ const std::string& client_id,
+ const std::string& requisition,
+ const std::string& current_state_key) {
+ DCHECK(service_);
+ DCHECK(!pem_certificate_chain.empty());
+ DCHECK(!is_registered());
+
+ if (!signing_service_) {
+ LOG(ERROR) << "Cryptographic misconfiguration. Cannot sign request.";
+ em::DeviceManagementResponse response;
+ OnRegisterCompleted(DM_STATUS_CANNOT_SIGN_REQUEST, 0, response);
+ return;
+ }
+
+ SetClientId(client_id);
+
+ em::CertificateBasedDeviceRegistrationData data;
+ data.set_certificate_type(em::CertificateBasedDeviceRegistrationData::
+ ENTERPRISE_ENROLLMENT_CERTIFICATE);
+ data.set_device_certificate(pem_certificate_chain);
+
+ em::DeviceRegisterRequest* request = data.mutable_device_register_request();
+ if (!client_id.empty())
+ request->set_reregister(true);
+ request->set_type(type);
+ if (!machine_id_.empty())
+ request->set_machine_id(machine_id_);
+ if (!machine_model_.empty())
+ request->set_machine_model(machine_model_);
+ if (!requisition.empty())
+ request->set_requisition(requisition);
+ if (!current_state_key.empty())
+ request->set_server_backed_state_key(current_state_key);
+ request->set_flavor(flavor);
+
+ signing_service_->SignData(data.SerializeAsString(),
+ base::Bind(&CloudPolicyClient::OnRegisterWithCertificateRequestSigned,
+ base::Unretained(this)));
+}
+
+void CloudPolicyClient::OnRegisterWithCertificateRequestSigned(bool success,
+ em::SignedData signed_data) {
+ if (!success) {
+ em::DeviceManagementResponse response;
+ OnRegisterCompleted(DM_STATUS_CANNOT_SIGN_REQUEST, 0, response);
+ return;
+ }
+ policy_fetch_request_job_.reset(
+ service_->CreateJob(
+ DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION,
+ GetRequestContext()));
+ policy_fetch_request_job_->SetClientID(client_id_);
+ em::SignedData* signed_request = policy_fetch_request_job_->GetRequest()->
+ mutable_cert_based_register_request()->mutable_signed_request();
+ signed_request->set_data(signed_data.data());
+ signed_request->set_signature(signed_data.signature());
+ signed_request->set_extra_data_bytes(signed_data.extra_data_bytes());
+ policy_fetch_request_job_->SetRetryCallback(
+ base::Bind(&CloudPolicyClient::OnRetryRegister,
+ base::Unretained(this)));
+ policy_fetch_request_job_->Start(
+ base::Bind(&CloudPolicyClient::OnRegisterCompleted,
+ base::Unretained(this)));
+}
+
void CloudPolicyClient::SetInvalidationInfo(int64_t version,
const std::string& payload) {
invalidation_version_ = version;
« chromeos/attestation/attestation_flow.h ('K') | « components/policy/core/common/cloud/cloud_policy_client.h ('k') | components/policy/core/common/cloud/cloud_policy_client_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698