Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(481)

Unified Diff: components/policy/core/common/cloud/cloud_policy_client.cc

Issue 2261763002: Device enterprise registration with a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Initialize pointers to nullptr. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/policy/core/common/cloud/cloud_policy_client.cc
diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc
index eaee73ca991b8d4d96dff2cd4e8f6bbaae3befd4..a71591ef345ccae004ab68e354fcf0790c3a4a37 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -53,19 +53,15 @@ CloudPolicyClient::CloudPolicyClient(
const std::string& machine_model,
const std::string& verification_key_hash,
DeviceManagementService* service,
- scoped_refptr<net::URLRequestContextGetter> request_context)
+ scoped_refptr<net::URLRequestContextGetter> request_context,
+ SigningService* signing_service)
: machine_id_(machine_id),
machine_model_(machine_model),
verification_key_hash_(verification_key_hash),
- device_mode_(DEVICE_MODE_NOT_SET),
- submit_machine_id_(false),
- public_key_version_(-1),
- public_key_version_valid_(false),
- invalidation_version_(0),
- fetched_invalidation_version_(0),
service_(service), // Can be null for unit tests.
- status_(DM_STATUS_SUCCESS),
- request_context_(request_context) {
+ signing_service_(signing_service),
+ request_context_(request_context),
+ weak_ptr_factory_(this) {
}
CloudPolicyClient::~CloudPolicyClient() {
@@ -87,6 +83,14 @@ void CloudPolicyClient::SetupRegistration(const std::string& dm_token,
NotifyRegistrationStateChanged();
}
+// Sets the client ID or generate a new one. A new one is intentionally
+// generated on each new registration request in order to preserve privacy.
+// Reusing IDs would mean the server could track clients by their registration
+// attempts.
+void CloudPolicyClient::SetClientId(const std::string& client_id) {
+ client_id_ = client_id.empty() ? base::GenerateGUID() : client_id;
+}
+
void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
em::DeviceRegisterRequest::Flavor flavor,
const std::string& auth_token,
@@ -97,14 +101,7 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
DCHECK(!auth_token.empty());
DCHECK(!is_registered());
- if (client_id.empty()) {
- // Generate a new client ID. This is intentionally done on each new
- // registration request in order to preserve privacy. Reusing IDs would mean
- // the server could track clients by their registration attempts.
- client_id_ = base::GenerateGUID();
- } else {
- client_id_ = client_id;
- }
+ SetClientId(client_id);
policy_fetch_request_job_.reset(
service_->CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION,
@@ -128,11 +125,76 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
request->set_flavor(flavor);
policy_fetch_request_job_->SetRetryCallback(
- base::Bind(&CloudPolicyClient::OnRetryRegister, base::Unretained(this)));
+ base::Bind(&CloudPolicyClient::OnRetryRegister,
+ weak_ptr_factory_.GetWeakPtr()));
policy_fetch_request_job_->Start(
base::Bind(&CloudPolicyClient::OnRegisterCompleted,
- base::Unretained(this)));
+ weak_ptr_factory_.GetWeakPtr()));
+}
+
+void CloudPolicyClient::RegisterWithCertificate(
+ em::DeviceRegisterRequest::Type type,
+ em::DeviceRegisterRequest::Flavor flavor,
+ const std::string& pem_certificate_chain,
+ const std::string& client_id,
+ const std::string& requisition,
+ const std::string& current_state_key) {
+ DCHECK(signing_service_);
+ DCHECK(service_);
+ DCHECK(!pem_certificate_chain.empty());
+ DCHECK(!is_registered());
+
+ SetClientId(client_id);
+
+ em::CertificateBasedDeviceRegistrationData data;
+ data.set_certificate_type(em::CertificateBasedDeviceRegistrationData::
+ ENTERPRISE_ENROLLMENT_CERTIFICATE);
+ data.set_device_certificate(pem_certificate_chain);
+
+ em::DeviceRegisterRequest* request = data.mutable_device_register_request();
+ if (!client_id.empty())
+ request->set_reregister(true);
+ request->set_type(type);
+ if (!machine_id_.empty())
+ request->set_machine_id(machine_id_);
+ if (!machine_model_.empty())
+ request->set_machine_model(machine_model_);
+ if (!requisition.empty())
+ request->set_requisition(requisition);
+ if (!current_state_key.empty())
+ request->set_server_backed_state_key(current_state_key);
+ request->set_flavor(flavor);
+
+ signing_service_->SignData(data.SerializeAsString(),
+ base::Bind(&CloudPolicyClient::OnRegisterWithCertificateRequestSigned,
+ weak_ptr_factory_.GetWeakPtr()));
+}
+
+void CloudPolicyClient::OnRegisterWithCertificateRequestSigned(bool success,
+ em::SignedData signed_data) {
+ if (!success) {
+ const em::DeviceManagementResponse response;
+ OnRegisterCompleted(DM_STATUS_CANNOT_SIGN_REQUEST, 0, response);
+ return;
+ }
+
+ policy_fetch_request_job_.reset(
+ service_->CreateJob(
+ DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION,
+ GetRequestContext()));
+ policy_fetch_request_job_->SetClientID(client_id_);
+ em::SignedData* signed_request = policy_fetch_request_job_->GetRequest()->
+ mutable_cert_based_register_request()->mutable_signed_request();
+ signed_request->set_data(signed_data.data());
+ signed_request->set_signature(signed_data.signature());
+ signed_request->set_extra_data_bytes(signed_data.extra_data_bytes());
+ policy_fetch_request_job_->SetRetryCallback(
+ base::Bind(&CloudPolicyClient::OnRetryRegister,
+ weak_ptr_factory_.GetWeakPtr()));
+ policy_fetch_request_job_->Start(
+ base::Bind(&CloudPolicyClient::OnRegisterCompleted,
+ weak_ptr_factory_.GetWeakPtr()));
}
void CloudPolicyClient::SetInvalidationInfo(int64_t version,
@@ -205,7 +267,7 @@ void CloudPolicyClient::FetchPolicy() {
// Fire the job.
policy_fetch_request_job_->Start(
base::Bind(&CloudPolicyClient::OnPolicyFetchCompleted,
- base::Unretained(this)));
+ weak_ptr_factory_.GetWeakPtr()));
}
void CloudPolicyClient::FetchRobotAuthCodes(const std::string& auth_token) {
@@ -230,7 +292,7 @@ void CloudPolicyClient::FetchRobotAuthCodes(const std::string& auth_token) {
policy_fetch_request_job_->Start(
base::Bind(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted,
- base::Unretained(this)));
+ weak_ptr_factory_.GetWeakPtr()));
}
void CloudPolicyClient::Unregister() {
@@ -243,7 +305,7 @@ void CloudPolicyClient::Unregister() {
policy_fetch_request_job_->GetRequest()->mutable_unregister_request();
policy_fetch_request_job_->Start(
base::Bind(&CloudPolicyClient::OnUnregisterCompleted,
- base::Unretained(this)));
+ weak_ptr_factory_.GetWeakPtr()));
}
void CloudPolicyClient::UploadCertificate(
@@ -262,7 +324,7 @@ void CloudPolicyClient::UploadCertificate(
const DeviceManagementRequestJob::Callback job_callback =
base::Bind(&CloudPolicyClient::OnCertificateUploadCompleted,
- base::Unretained(this), request_job.get(), callback);
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
request_jobs_.push_back(std::move(request_job));
request_jobs_.back()->Start(job_callback);
@@ -288,7 +350,7 @@ void CloudPolicyClient::UploadDeviceStatus(
const DeviceManagementRequestJob::Callback job_callback =
base::Bind(&CloudPolicyClient::OnStatusUploadCompleted,
- base::Unretained(this), request_job.get(), callback);
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
request_jobs_.push_back(std::move(request_job));
request_jobs_.back()->Start(job_callback);
@@ -316,7 +378,7 @@ void CloudPolicyClient::FetchRemoteCommands(
const DeviceManagementRequestJob::Callback job_callback =
base::Bind(&CloudPolicyClient::OnRemoteCommandsFetched,
- base::Unretained(this), request_job.get(), callback);
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
request_jobs_.push_back(std::move(request_job));
request_jobs_.back()->Start(job_callback);
@@ -342,7 +404,7 @@ void CloudPolicyClient::GetDeviceAttributeUpdatePermission(
const DeviceManagementRequestJob::Callback job_callback =
base::Bind(&CloudPolicyClient::OnDeviceAttributeUpdatePermissionCompleted,
- base::Unretained(this), request_job.get(), callback);
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
request_jobs_.push_back(std::move(request_job));
request_jobs_.back()->Start(job_callback);
@@ -370,7 +432,7 @@ void CloudPolicyClient::UpdateDeviceAttributes(
const DeviceManagementRequestJob::Callback job_callback =
base::Bind(&CloudPolicyClient::OnDeviceAttributeUpdated,
- base::Unretained(this), request_job.get(), callback);
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
request_jobs_.push_back(std::move(request_job));
request_jobs_.back()->Start(job_callback);
@@ -393,8 +455,8 @@ void CloudPolicyClient::UpdateGcmId(
request->set_gcm_id(gcm_id);
const DeviceManagementRequestJob::Callback job_callback =
- base::Bind(&CloudPolicyClient::OnGcmIdUpdated, base::Unretained(this),
- request_job.get(), callback);
+ base::Bind(&CloudPolicyClient::OnGcmIdUpdated,
+ weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
request_jobs_.push_back(std::move(request_job));
request_jobs_.back()->Start(job_callback);

Powered by Google App Engine
This is Rietveld 408576698