Index: components/policy/core/common/cloud/cloud_policy_client.cc |
diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc |
index eaee73ca991b8d4d96dff2cd4e8f6bbaae3befd4..a71591ef345ccae004ab68e354fcf0790c3a4a37 100644 |
--- a/components/policy/core/common/cloud/cloud_policy_client.cc |
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc |
@@ -53,19 +53,15 @@ CloudPolicyClient::CloudPolicyClient( |
const std::string& machine_model, |
const std::string& verification_key_hash, |
DeviceManagementService* service, |
- scoped_refptr<net::URLRequestContextGetter> request_context) |
+ scoped_refptr<net::URLRequestContextGetter> request_context, |
+ SigningService* signing_service) |
: machine_id_(machine_id), |
machine_model_(machine_model), |
verification_key_hash_(verification_key_hash), |
- device_mode_(DEVICE_MODE_NOT_SET), |
- submit_machine_id_(false), |
- public_key_version_(-1), |
- public_key_version_valid_(false), |
- invalidation_version_(0), |
- fetched_invalidation_version_(0), |
service_(service), // Can be null for unit tests. |
- status_(DM_STATUS_SUCCESS), |
- request_context_(request_context) { |
+ signing_service_(signing_service), |
+ request_context_(request_context), |
+ weak_ptr_factory_(this) { |
} |
CloudPolicyClient::~CloudPolicyClient() { |
@@ -87,6 +83,14 @@ void CloudPolicyClient::SetupRegistration(const std::string& dm_token, |
NotifyRegistrationStateChanged(); |
} |
+// Sets the client ID or generate a new one. A new one is intentionally |
+// generated on each new registration request in order to preserve privacy. |
+// Reusing IDs would mean the server could track clients by their registration |
+// attempts. |
+void CloudPolicyClient::SetClientId(const std::string& client_id) { |
+ client_id_ = client_id.empty() ? base::GenerateGUID() : client_id; |
+} |
+ |
void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type, |
em::DeviceRegisterRequest::Flavor flavor, |
const std::string& auth_token, |
@@ -97,14 +101,7 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type, |
DCHECK(!auth_token.empty()); |
DCHECK(!is_registered()); |
- if (client_id.empty()) { |
- // Generate a new client ID. This is intentionally done on each new |
- // registration request in order to preserve privacy. Reusing IDs would mean |
- // the server could track clients by their registration attempts. |
- client_id_ = base::GenerateGUID(); |
- } else { |
- client_id_ = client_id; |
- } |
+ SetClientId(client_id); |
policy_fetch_request_job_.reset( |
service_->CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION, |
@@ -128,11 +125,76 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type, |
request->set_flavor(flavor); |
policy_fetch_request_job_->SetRetryCallback( |
- base::Bind(&CloudPolicyClient::OnRetryRegister, base::Unretained(this))); |
+ base::Bind(&CloudPolicyClient::OnRetryRegister, |
+ weak_ptr_factory_.GetWeakPtr())); |
policy_fetch_request_job_->Start( |
base::Bind(&CloudPolicyClient::OnRegisterCompleted, |
- base::Unretained(this))); |
+ weak_ptr_factory_.GetWeakPtr())); |
+} |
+ |
+void CloudPolicyClient::RegisterWithCertificate( |
+ em::DeviceRegisterRequest::Type type, |
+ em::DeviceRegisterRequest::Flavor flavor, |
+ const std::string& pem_certificate_chain, |
+ const std::string& client_id, |
+ const std::string& requisition, |
+ const std::string& current_state_key) { |
+ DCHECK(signing_service_); |
+ DCHECK(service_); |
+ DCHECK(!pem_certificate_chain.empty()); |
+ DCHECK(!is_registered()); |
+ |
+ SetClientId(client_id); |
+ |
+ em::CertificateBasedDeviceRegistrationData data; |
+ data.set_certificate_type(em::CertificateBasedDeviceRegistrationData:: |
+ ENTERPRISE_ENROLLMENT_CERTIFICATE); |
+ data.set_device_certificate(pem_certificate_chain); |
+ |
+ em::DeviceRegisterRequest* request = data.mutable_device_register_request(); |
+ if (!client_id.empty()) |
+ request->set_reregister(true); |
+ request->set_type(type); |
+ if (!machine_id_.empty()) |
+ request->set_machine_id(machine_id_); |
+ if (!machine_model_.empty()) |
+ request->set_machine_model(machine_model_); |
+ if (!requisition.empty()) |
+ request->set_requisition(requisition); |
+ if (!current_state_key.empty()) |
+ request->set_server_backed_state_key(current_state_key); |
+ request->set_flavor(flavor); |
+ |
+ signing_service_->SignData(data.SerializeAsString(), |
+ base::Bind(&CloudPolicyClient::OnRegisterWithCertificateRequestSigned, |
+ weak_ptr_factory_.GetWeakPtr())); |
+} |
+ |
+void CloudPolicyClient::OnRegisterWithCertificateRequestSigned(bool success, |
+ em::SignedData signed_data) { |
+ if (!success) { |
+ const em::DeviceManagementResponse response; |
+ OnRegisterCompleted(DM_STATUS_CANNOT_SIGN_REQUEST, 0, response); |
+ return; |
+ } |
+ |
+ policy_fetch_request_job_.reset( |
+ service_->CreateJob( |
+ DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION, |
+ GetRequestContext())); |
+ policy_fetch_request_job_->SetClientID(client_id_); |
+ em::SignedData* signed_request = policy_fetch_request_job_->GetRequest()-> |
+ mutable_cert_based_register_request()->mutable_signed_request(); |
+ signed_request->set_data(signed_data.data()); |
+ signed_request->set_signature(signed_data.signature()); |
+ signed_request->set_extra_data_bytes(signed_data.extra_data_bytes()); |
+ policy_fetch_request_job_->SetRetryCallback( |
+ base::Bind(&CloudPolicyClient::OnRetryRegister, |
+ weak_ptr_factory_.GetWeakPtr())); |
+ policy_fetch_request_job_->Start( |
+ base::Bind(&CloudPolicyClient::OnRegisterCompleted, |
+ weak_ptr_factory_.GetWeakPtr())); |
} |
void CloudPolicyClient::SetInvalidationInfo(int64_t version, |
@@ -205,7 +267,7 @@ void CloudPolicyClient::FetchPolicy() { |
// Fire the job. |
policy_fetch_request_job_->Start( |
base::Bind(&CloudPolicyClient::OnPolicyFetchCompleted, |
- base::Unretained(this))); |
+ weak_ptr_factory_.GetWeakPtr())); |
} |
void CloudPolicyClient::FetchRobotAuthCodes(const std::string& auth_token) { |
@@ -230,7 +292,7 @@ void CloudPolicyClient::FetchRobotAuthCodes(const std::string& auth_token) { |
policy_fetch_request_job_->Start( |
base::Bind(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted, |
- base::Unretained(this))); |
+ weak_ptr_factory_.GetWeakPtr())); |
} |
void CloudPolicyClient::Unregister() { |
@@ -243,7 +305,7 @@ void CloudPolicyClient::Unregister() { |
policy_fetch_request_job_->GetRequest()->mutable_unregister_request(); |
policy_fetch_request_job_->Start( |
base::Bind(&CloudPolicyClient::OnUnregisterCompleted, |
- base::Unretained(this))); |
+ weak_ptr_factory_.GetWeakPtr())); |
} |
void CloudPolicyClient::UploadCertificate( |
@@ -262,7 +324,7 @@ void CloudPolicyClient::UploadCertificate( |
const DeviceManagementRequestJob::Callback job_callback = |
base::Bind(&CloudPolicyClient::OnCertificateUploadCompleted, |
- base::Unretained(this), request_job.get(), callback); |
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback); |
request_jobs_.push_back(std::move(request_job)); |
request_jobs_.back()->Start(job_callback); |
@@ -288,7 +350,7 @@ void CloudPolicyClient::UploadDeviceStatus( |
const DeviceManagementRequestJob::Callback job_callback = |
base::Bind(&CloudPolicyClient::OnStatusUploadCompleted, |
- base::Unretained(this), request_job.get(), callback); |
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback); |
request_jobs_.push_back(std::move(request_job)); |
request_jobs_.back()->Start(job_callback); |
@@ -316,7 +378,7 @@ void CloudPolicyClient::FetchRemoteCommands( |
const DeviceManagementRequestJob::Callback job_callback = |
base::Bind(&CloudPolicyClient::OnRemoteCommandsFetched, |
- base::Unretained(this), request_job.get(), callback); |
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback); |
request_jobs_.push_back(std::move(request_job)); |
request_jobs_.back()->Start(job_callback); |
@@ -342,7 +404,7 @@ void CloudPolicyClient::GetDeviceAttributeUpdatePermission( |
const DeviceManagementRequestJob::Callback job_callback = |
base::Bind(&CloudPolicyClient::OnDeviceAttributeUpdatePermissionCompleted, |
- base::Unretained(this), request_job.get(), callback); |
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback); |
request_jobs_.push_back(std::move(request_job)); |
request_jobs_.back()->Start(job_callback); |
@@ -370,7 +432,7 @@ void CloudPolicyClient::UpdateDeviceAttributes( |
const DeviceManagementRequestJob::Callback job_callback = |
base::Bind(&CloudPolicyClient::OnDeviceAttributeUpdated, |
- base::Unretained(this), request_job.get(), callback); |
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback); |
request_jobs_.push_back(std::move(request_job)); |
request_jobs_.back()->Start(job_callback); |
@@ -393,8 +455,8 @@ void CloudPolicyClient::UpdateGcmId( |
request->set_gcm_id(gcm_id); |
const DeviceManagementRequestJob::Callback job_callback = |
- base::Bind(&CloudPolicyClient::OnGcmIdUpdated, base::Unretained(this), |
- request_job.get(), callback); |
+ base::Bind(&CloudPolicyClient::OnGcmIdUpdated, |
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback); |
request_jobs_.push_back(std::move(request_job)); |
request_jobs_.back()->Start(job_callback); |