Index: components/policy/core/common/cloud/cloud_policy_client.h |
diff --git a/components/policy/core/common/cloud/cloud_policy_client.h b/components/policy/core/common/cloud/cloud_policy_client.h |
index 2fb9f4bdc5c24a312649adeb212d321c6e072943..cbf1edeb78f9129e02468165fddae65e875efe48 100644 |
--- a/components/policy/core/common/cloud/cloud_policy_client.h |
+++ b/components/policy/core/common/cloud/cloud_policy_client.h |
@@ -24,6 +24,10 @@ |
#include "components/policy/policy_export.h" |
#include "policy/proto/device_management_backend.pb.h" |
+namespace cryptohome { |
+class AsyncMethodCaller; |
+} |
+ |
namespace net { |
class URLRequestContextGetter; |
} |
@@ -79,16 +83,29 @@ class POLICY_EXPORT CloudPolicyClient { |
virtual void OnClientError(CloudPolicyClient* client) = 0; |
}; |
+ // Data signing interface. |
+ class POLICY_EXPORT SigningService { |
+ public: |
+ using SigningCallback = base::Callback<void(bool success, |
+ enterprise_management::SignedData signed_data)>; |
+ |
+ // Signs |data| and calls |callback| with the signed data. |
+ virtual void SignData(const std::string& data, |
+ const SigningCallback& callback) = 0; |
+ }; |
+ |
// |provider| and |service| are weak pointers and it's the caller's |
// responsibility to keep them valid for the lifetime of CloudPolicyClient. |
// |verification_key_hash| contains an identifier telling the DMServer which |
- // verification key to use. |
+ // verification key to use. The |signing_service| is used to sign sensitive |
+ // requests. |
CloudPolicyClient( |
const std::string& machine_id, |
const std::string& machine_model, |
const std::string& verification_key_hash, |
DeviceManagementService* service, |
- scoped_refptr<net::URLRequestContextGetter> request_context); |
+ scoped_refptr<net::URLRequestContextGetter> request_context, |
+ SigningService* signing_service); |
virtual ~CloudPolicyClient(); |
// Sets the DMToken, thereby establishing a registration with the server. A |
@@ -107,6 +124,17 @@ class POLICY_EXPORT CloudPolicyClient { |
const std::string& requisition, |
const std::string& current_state_key); |
+ // Attempts to register with the device management service using a |
+ // registration certificate. Results in a registration change or |
+ // error notification. |
+ virtual void RegisterWithCertificate( |
+ enterprise_management::DeviceRegisterRequest::Type registration_type, |
+ enterprise_management::DeviceRegisterRequest::Flavor flavor, |
+ const std::string& pem_certificate_chain, |
+ const std::string& client_id, |
+ const std::string& requisition, |
+ const std::string& current_state_key); |
+ |
// Sets information about a policy invalidation. Subsequent fetch operations |
// will use the given info, and callers can use fetched_invalidation_version |
// to determine which version of policy was fetched. |
@@ -269,6 +297,10 @@ class POLICY_EXPORT CloudPolicyClient { |
// Callback for retries of registration requests. |
void OnRetryRegister(DeviceManagementRequestJob* job); |
+ // Callback for siganture of requests. |
+ void OnRegisterWithCertificateRequestSigned(bool success, |
+ enterprise_management::SignedData signed_data); |
+ |
// Callback for registration requests. |
void OnRegisterCompleted( |
DeviceManagementStatus status, |
@@ -358,23 +390,26 @@ class POLICY_EXPORT CloudPolicyClient { |
std::vector<std::string> state_keys_to_upload_; |
std::string dm_token_; |
- DeviceMode device_mode_; |
+ DeviceMode device_mode_ = DEVICE_MODE_NOT_SET; |
std::string client_id_; |
- bool submit_machine_id_; |
+ bool submit_machine_id_ = false; |
base::Time last_policy_timestamp_; |
- int public_key_version_; |
- bool public_key_version_valid_; |
+ int public_key_version_ = -1; |
+ bool public_key_version_valid_ = false; |
std::string robot_api_auth_code_; |
// Information for the latest policy invalidation received. |
- int64_t invalidation_version_; |
+ int64_t invalidation_version_ = 0; |
std::string invalidation_payload_; |
// The invalidation version used for the most recent fetch operation. |
- int64_t fetched_invalidation_version_; |
+ int64_t fetched_invalidation_version_ = 0; |
// Used for issuing requests to the cloud. |
- DeviceManagementService* service_; |
+ DeviceManagementService* service_ = nullptr; |
+ |
+ // Used for signing requests. |
+ SigningService* signing_service_ = nullptr; |
// Only one outstanding policy fetch is allowed, so this is tracked in |
// its own member variable. |
@@ -386,12 +421,17 @@ class POLICY_EXPORT CloudPolicyClient { |
// The policy responses returned by the last policy fetch operation. |
ResponseMap responses_; |
- DeviceManagementStatus status_; |
+ DeviceManagementStatus status_ = DM_STATUS_SUCCESS; |
base::ObserverList<Observer, true> observers_; |
scoped_refptr<net::URLRequestContextGetter> request_context_; |
private: |
+ void SetClientId(const std::string& client_id); |
+ |
+ // Used to create tasks which run delayed on the UI thread. |
+ base::WeakPtrFactory<CloudPolicyClient> weak_ptr_factory_; |
+ |
DISALLOW_COPY_AND_ASSIGN(CloudPolicyClient); |
}; |