| Index: components/policy/core/common/cloud/cloud_policy_client.h
|
| diff --git a/components/policy/core/common/cloud/cloud_policy_client.h b/components/policy/core/common/cloud/cloud_policy_client.h
|
| index 2fb9f4bdc5c24a312649adeb212d321c6e072943..cbf1edeb78f9129e02468165fddae65e875efe48 100644
|
| --- a/components/policy/core/common/cloud/cloud_policy_client.h
|
| +++ b/components/policy/core/common/cloud/cloud_policy_client.h
|
| @@ -24,6 +24,10 @@
|
| #include "components/policy/policy_export.h"
|
| #include "policy/proto/device_management_backend.pb.h"
|
|
|
| +namespace cryptohome {
|
| +class AsyncMethodCaller;
|
| +}
|
| +
|
| namespace net {
|
| class URLRequestContextGetter;
|
| }
|
| @@ -79,16 +83,29 @@ class POLICY_EXPORT CloudPolicyClient {
|
| virtual void OnClientError(CloudPolicyClient* client) = 0;
|
| };
|
|
|
| + // Data signing interface.
|
| + class POLICY_EXPORT SigningService {
|
| + public:
|
| + using SigningCallback = base::Callback<void(bool success,
|
| + enterprise_management::SignedData signed_data)>;
|
| +
|
| + // Signs |data| and calls |callback| with the signed data.
|
| + virtual void SignData(const std::string& data,
|
| + const SigningCallback& callback) = 0;
|
| + };
|
| +
|
| // |provider| and |service| are weak pointers and it's the caller's
|
| // responsibility to keep them valid for the lifetime of CloudPolicyClient.
|
| // |verification_key_hash| contains an identifier telling the DMServer which
|
| - // verification key to use.
|
| + // verification key to use. The |signing_service| is used to sign sensitive
|
| + // requests.
|
| CloudPolicyClient(
|
| const std::string& machine_id,
|
| const std::string& machine_model,
|
| const std::string& verification_key_hash,
|
| DeviceManagementService* service,
|
| - scoped_refptr<net::URLRequestContextGetter> request_context);
|
| + scoped_refptr<net::URLRequestContextGetter> request_context,
|
| + SigningService* signing_service);
|
| virtual ~CloudPolicyClient();
|
|
|
| // Sets the DMToken, thereby establishing a registration with the server. A
|
| @@ -107,6 +124,17 @@ class POLICY_EXPORT CloudPolicyClient {
|
| const std::string& requisition,
|
| const std::string& current_state_key);
|
|
|
| + // Attempts to register with the device management service using a
|
| + // registration certificate. Results in a registration change or
|
| + // error notification.
|
| + virtual void RegisterWithCertificate(
|
| + enterprise_management::DeviceRegisterRequest::Type registration_type,
|
| + enterprise_management::DeviceRegisterRequest::Flavor flavor,
|
| + const std::string& pem_certificate_chain,
|
| + const std::string& client_id,
|
| + const std::string& requisition,
|
| + const std::string& current_state_key);
|
| +
|
| // Sets information about a policy invalidation. Subsequent fetch operations
|
| // will use the given info, and callers can use fetched_invalidation_version
|
| // to determine which version of policy was fetched.
|
| @@ -269,6 +297,10 @@ class POLICY_EXPORT CloudPolicyClient {
|
| // Callback for retries of registration requests.
|
| void OnRetryRegister(DeviceManagementRequestJob* job);
|
|
|
| + // Callback for siganture of requests.
|
| + void OnRegisterWithCertificateRequestSigned(bool success,
|
| + enterprise_management::SignedData signed_data);
|
| +
|
| // Callback for registration requests.
|
| void OnRegisterCompleted(
|
| DeviceManagementStatus status,
|
| @@ -358,23 +390,26 @@ class POLICY_EXPORT CloudPolicyClient {
|
| std::vector<std::string> state_keys_to_upload_;
|
|
|
| std::string dm_token_;
|
| - DeviceMode device_mode_;
|
| + DeviceMode device_mode_ = DEVICE_MODE_NOT_SET;
|
| std::string client_id_;
|
| - bool submit_machine_id_;
|
| + bool submit_machine_id_ = false;
|
| base::Time last_policy_timestamp_;
|
| - int public_key_version_;
|
| - bool public_key_version_valid_;
|
| + int public_key_version_ = -1;
|
| + bool public_key_version_valid_ = false;
|
| std::string robot_api_auth_code_;
|
|
|
| // Information for the latest policy invalidation received.
|
| - int64_t invalidation_version_;
|
| + int64_t invalidation_version_ = 0;
|
| std::string invalidation_payload_;
|
|
|
| // The invalidation version used for the most recent fetch operation.
|
| - int64_t fetched_invalidation_version_;
|
| + int64_t fetched_invalidation_version_ = 0;
|
|
|
| // Used for issuing requests to the cloud.
|
| - DeviceManagementService* service_;
|
| + DeviceManagementService* service_ = nullptr;
|
| +
|
| + // Used for signing requests.
|
| + SigningService* signing_service_ = nullptr;
|
|
|
| // Only one outstanding policy fetch is allowed, so this is tracked in
|
| // its own member variable.
|
| @@ -386,12 +421,17 @@ class POLICY_EXPORT CloudPolicyClient {
|
|
|
| // The policy responses returned by the last policy fetch operation.
|
| ResponseMap responses_;
|
| - DeviceManagementStatus status_;
|
| + DeviceManagementStatus status_ = DM_STATUS_SUCCESS;
|
|
|
| base::ObserverList<Observer, true> observers_;
|
| scoped_refptr<net::URLRequestContextGetter> request_context_;
|
|
|
| private:
|
| + void SetClientId(const std::string& client_id);
|
| +
|
| + // Used to create tasks which run delayed on the UI thread.
|
| + base::WeakPtrFactory<CloudPolicyClient> weak_ptr_factory_;
|
| +
|
| DISALLOW_COPY_AND_ASSIGN(CloudPolicyClient);
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 2261763002:
Device enterprise registration with a certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master