| Index: components/policy/core/common/cloud/cloud_policy_client.cc
|
| diff --git a/components/policy/core/common/cloud/cloud_policy_client.cc b/components/policy/core/common/cloud/cloud_policy_client.cc
|
| index eaee73ca991b8d4d96dff2cd4e8f6bbaae3befd4..a71591ef345ccae004ab68e354fcf0790c3a4a37 100644
|
| --- a/components/policy/core/common/cloud/cloud_policy_client.cc
|
| +++ b/components/policy/core/common/cloud/cloud_policy_client.cc
|
| @@ -53,19 +53,15 @@ CloudPolicyClient::CloudPolicyClient(
|
| const std::string& machine_model,
|
| const std::string& verification_key_hash,
|
| DeviceManagementService* service,
|
| - scoped_refptr<net::URLRequestContextGetter> request_context)
|
| + scoped_refptr<net::URLRequestContextGetter> request_context,
|
| + SigningService* signing_service)
|
| : machine_id_(machine_id),
|
| machine_model_(machine_model),
|
| verification_key_hash_(verification_key_hash),
|
| - device_mode_(DEVICE_MODE_NOT_SET),
|
| - submit_machine_id_(false),
|
| - public_key_version_(-1),
|
| - public_key_version_valid_(false),
|
| - invalidation_version_(0),
|
| - fetched_invalidation_version_(0),
|
| service_(service), // Can be null for unit tests.
|
| - status_(DM_STATUS_SUCCESS),
|
| - request_context_(request_context) {
|
| + signing_service_(signing_service),
|
| + request_context_(request_context),
|
| + weak_ptr_factory_(this) {
|
| }
|
|
|
| CloudPolicyClient::~CloudPolicyClient() {
|
| @@ -87,6 +83,14 @@ void CloudPolicyClient::SetupRegistration(const std::string& dm_token,
|
| NotifyRegistrationStateChanged();
|
| }
|
|
|
| +// Sets the client ID or generate a new one. A new one is intentionally
|
| +// generated on each new registration request in order to preserve privacy.
|
| +// Reusing IDs would mean the server could track clients by their registration
|
| +// attempts.
|
| +void CloudPolicyClient::SetClientId(const std::string& client_id) {
|
| + client_id_ = client_id.empty() ? base::GenerateGUID() : client_id;
|
| +}
|
| +
|
| void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
|
| em::DeviceRegisterRequest::Flavor flavor,
|
| const std::string& auth_token,
|
| @@ -97,14 +101,7 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
|
| DCHECK(!auth_token.empty());
|
| DCHECK(!is_registered());
|
|
|
| - if (client_id.empty()) {
|
| - // Generate a new client ID. This is intentionally done on each new
|
| - // registration request in order to preserve privacy. Reusing IDs would mean
|
| - // the server could track clients by their registration attempts.
|
| - client_id_ = base::GenerateGUID();
|
| - } else {
|
| - client_id_ = client_id;
|
| - }
|
| + SetClientId(client_id);
|
|
|
| policy_fetch_request_job_.reset(
|
| service_->CreateJob(DeviceManagementRequestJob::TYPE_REGISTRATION,
|
| @@ -128,11 +125,76 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
|
| request->set_flavor(flavor);
|
|
|
| policy_fetch_request_job_->SetRetryCallback(
|
| - base::Bind(&CloudPolicyClient::OnRetryRegister, base::Unretained(this)));
|
| + base::Bind(&CloudPolicyClient::OnRetryRegister,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
|
|
| policy_fetch_request_job_->Start(
|
| base::Bind(&CloudPolicyClient::OnRegisterCompleted,
|
| - base::Unretained(this)));
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| +}
|
| +
|
| +void CloudPolicyClient::RegisterWithCertificate(
|
| + em::DeviceRegisterRequest::Type type,
|
| + em::DeviceRegisterRequest::Flavor flavor,
|
| + const std::string& pem_certificate_chain,
|
| + const std::string& client_id,
|
| + const std::string& requisition,
|
| + const std::string& current_state_key) {
|
| + DCHECK(signing_service_);
|
| + DCHECK(service_);
|
| + DCHECK(!pem_certificate_chain.empty());
|
| + DCHECK(!is_registered());
|
| +
|
| + SetClientId(client_id);
|
| +
|
| + em::CertificateBasedDeviceRegistrationData data;
|
| + data.set_certificate_type(em::CertificateBasedDeviceRegistrationData::
|
| + ENTERPRISE_ENROLLMENT_CERTIFICATE);
|
| + data.set_device_certificate(pem_certificate_chain);
|
| +
|
| + em::DeviceRegisterRequest* request = data.mutable_device_register_request();
|
| + if (!client_id.empty())
|
| + request->set_reregister(true);
|
| + request->set_type(type);
|
| + if (!machine_id_.empty())
|
| + request->set_machine_id(machine_id_);
|
| + if (!machine_model_.empty())
|
| + request->set_machine_model(machine_model_);
|
| + if (!requisition.empty())
|
| + request->set_requisition(requisition);
|
| + if (!current_state_key.empty())
|
| + request->set_server_backed_state_key(current_state_key);
|
| + request->set_flavor(flavor);
|
| +
|
| + signing_service_->SignData(data.SerializeAsString(),
|
| + base::Bind(&CloudPolicyClient::OnRegisterWithCertificateRequestSigned,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| +}
|
| +
|
| +void CloudPolicyClient::OnRegisterWithCertificateRequestSigned(bool success,
|
| + em::SignedData signed_data) {
|
| + if (!success) {
|
| + const em::DeviceManagementResponse response;
|
| + OnRegisterCompleted(DM_STATUS_CANNOT_SIGN_REQUEST, 0, response);
|
| + return;
|
| + }
|
| +
|
| + policy_fetch_request_job_.reset(
|
| + service_->CreateJob(
|
| + DeviceManagementRequestJob::TYPE_CERT_BASED_REGISTRATION,
|
| + GetRequestContext()));
|
| + policy_fetch_request_job_->SetClientID(client_id_);
|
| + em::SignedData* signed_request = policy_fetch_request_job_->GetRequest()->
|
| + mutable_cert_based_register_request()->mutable_signed_request();
|
| + signed_request->set_data(signed_data.data());
|
| + signed_request->set_signature(signed_data.signature());
|
| + signed_request->set_extra_data_bytes(signed_data.extra_data_bytes());
|
| + policy_fetch_request_job_->SetRetryCallback(
|
| + base::Bind(&CloudPolicyClient::OnRetryRegister,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| + policy_fetch_request_job_->Start(
|
| + base::Bind(&CloudPolicyClient::OnRegisterCompleted,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| }
|
|
|
| void CloudPolicyClient::SetInvalidationInfo(int64_t version,
|
| @@ -205,7 +267,7 @@ void CloudPolicyClient::FetchPolicy() {
|
| // Fire the job.
|
| policy_fetch_request_job_->Start(
|
| base::Bind(&CloudPolicyClient::OnPolicyFetchCompleted,
|
| - base::Unretained(this)));
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| }
|
|
|
| void CloudPolicyClient::FetchRobotAuthCodes(const std::string& auth_token) {
|
| @@ -230,7 +292,7 @@ void CloudPolicyClient::FetchRobotAuthCodes(const std::string& auth_token) {
|
|
|
| policy_fetch_request_job_->Start(
|
| base::Bind(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted,
|
| - base::Unretained(this)));
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| }
|
|
|
| void CloudPolicyClient::Unregister() {
|
| @@ -243,7 +305,7 @@ void CloudPolicyClient::Unregister() {
|
| policy_fetch_request_job_->GetRequest()->mutable_unregister_request();
|
| policy_fetch_request_job_->Start(
|
| base::Bind(&CloudPolicyClient::OnUnregisterCompleted,
|
| - base::Unretained(this)));
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| }
|
|
|
| void CloudPolicyClient::UploadCertificate(
|
| @@ -262,7 +324,7 @@ void CloudPolicyClient::UploadCertificate(
|
|
|
| const DeviceManagementRequestJob::Callback job_callback =
|
| base::Bind(&CloudPolicyClient::OnCertificateUploadCompleted,
|
| - base::Unretained(this), request_job.get(), callback);
|
| + weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
|
|
|
| request_jobs_.push_back(std::move(request_job));
|
| request_jobs_.back()->Start(job_callback);
|
| @@ -288,7 +350,7 @@ void CloudPolicyClient::UploadDeviceStatus(
|
|
|
| const DeviceManagementRequestJob::Callback job_callback =
|
| base::Bind(&CloudPolicyClient::OnStatusUploadCompleted,
|
| - base::Unretained(this), request_job.get(), callback);
|
| + weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
|
|
|
| request_jobs_.push_back(std::move(request_job));
|
| request_jobs_.back()->Start(job_callback);
|
| @@ -316,7 +378,7 @@ void CloudPolicyClient::FetchRemoteCommands(
|
|
|
| const DeviceManagementRequestJob::Callback job_callback =
|
| base::Bind(&CloudPolicyClient::OnRemoteCommandsFetched,
|
| - base::Unretained(this), request_job.get(), callback);
|
| + weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
|
|
|
| request_jobs_.push_back(std::move(request_job));
|
| request_jobs_.back()->Start(job_callback);
|
| @@ -342,7 +404,7 @@ void CloudPolicyClient::GetDeviceAttributeUpdatePermission(
|
|
|
| const DeviceManagementRequestJob::Callback job_callback =
|
| base::Bind(&CloudPolicyClient::OnDeviceAttributeUpdatePermissionCompleted,
|
| - base::Unretained(this), request_job.get(), callback);
|
| + weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
|
|
|
| request_jobs_.push_back(std::move(request_job));
|
| request_jobs_.back()->Start(job_callback);
|
| @@ -370,7 +432,7 @@ void CloudPolicyClient::UpdateDeviceAttributes(
|
|
|
| const DeviceManagementRequestJob::Callback job_callback =
|
| base::Bind(&CloudPolicyClient::OnDeviceAttributeUpdated,
|
| - base::Unretained(this), request_job.get(), callback);
|
| + weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
|
|
|
| request_jobs_.push_back(std::move(request_job));
|
| request_jobs_.back()->Start(job_callback);
|
| @@ -393,8 +455,8 @@ void CloudPolicyClient::UpdateGcmId(
|
| request->set_gcm_id(gcm_id);
|
|
|
| const DeviceManagementRequestJob::Callback job_callback =
|
| - base::Bind(&CloudPolicyClient::OnGcmIdUpdated, base::Unretained(this),
|
| - request_job.get(), callback);
|
| + base::Bind(&CloudPolicyClient::OnGcmIdUpdated,
|
| + weak_ptr_factory_.GetWeakPtr(), request_job.get(), callback);
|
|
|
| request_jobs_.push_back(std::move(request_job));
|
| request_jobs_.back()->Start(job_callback);
|
|
|
Chromium Code Reviews
Issue 2261763002:
Device enterprise registration with a certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master