Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(675)

Unified Diff: components/policy/core/common/cloud/cloud_policy_client.h

Issue 2261763002: Device enterprise registration with a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Initialize pointers to nullptr. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/policy/core/common/cloud/cloud_policy_client.h
diff --git a/components/policy/core/common/cloud/cloud_policy_client.h b/components/policy/core/common/cloud/cloud_policy_client.h
index 2fb9f4bdc5c24a312649adeb212d321c6e072943..cbf1edeb78f9129e02468165fddae65e875efe48 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.h
+++ b/components/policy/core/common/cloud/cloud_policy_client.h
@@ -24,6 +24,10 @@
#include "components/policy/policy_export.h"
#include "policy/proto/device_management_backend.pb.h"
+namespace cryptohome {
+class AsyncMethodCaller;
+}
+
namespace net {
class URLRequestContextGetter;
}
@@ -79,16 +83,29 @@ class POLICY_EXPORT CloudPolicyClient {
virtual void OnClientError(CloudPolicyClient* client) = 0;
};
+ // Data signing interface.
+ class POLICY_EXPORT SigningService {
+ public:
+ using SigningCallback = base::Callback<void(bool success,
+ enterprise_management::SignedData signed_data)>;
+
+ // Signs |data| and calls |callback| with the signed data.
+ virtual void SignData(const std::string& data,
+ const SigningCallback& callback) = 0;
+ };
+
// |provider| and |service| are weak pointers and it's the caller's
// responsibility to keep them valid for the lifetime of CloudPolicyClient.
// |verification_key_hash| contains an identifier telling the DMServer which
- // verification key to use.
+ // verification key to use. The |signing_service| is used to sign sensitive
+ // requests.
CloudPolicyClient(
const std::string& machine_id,
const std::string& machine_model,
const std::string& verification_key_hash,
DeviceManagementService* service,
- scoped_refptr<net::URLRequestContextGetter> request_context);
+ scoped_refptr<net::URLRequestContextGetter> request_context,
+ SigningService* signing_service);
virtual ~CloudPolicyClient();
// Sets the DMToken, thereby establishing a registration with the server. A
@@ -107,6 +124,17 @@ class POLICY_EXPORT CloudPolicyClient {
const std::string& requisition,
const std::string& current_state_key);
+ // Attempts to register with the device management service using a
+ // registration certificate. Results in a registration change or
+ // error notification.
+ virtual void RegisterWithCertificate(
+ enterprise_management::DeviceRegisterRequest::Type registration_type,
+ enterprise_management::DeviceRegisterRequest::Flavor flavor,
+ const std::string& pem_certificate_chain,
+ const std::string& client_id,
+ const std::string& requisition,
+ const std::string& current_state_key);
+
// Sets information about a policy invalidation. Subsequent fetch operations
// will use the given info, and callers can use fetched_invalidation_version
// to determine which version of policy was fetched.
@@ -269,6 +297,10 @@ class POLICY_EXPORT CloudPolicyClient {
// Callback for retries of registration requests.
void OnRetryRegister(DeviceManagementRequestJob* job);
+ // Callback for siganture of requests.
+ void OnRegisterWithCertificateRequestSigned(bool success,
+ enterprise_management::SignedData signed_data);
+
// Callback for registration requests.
void OnRegisterCompleted(
DeviceManagementStatus status,
@@ -358,23 +390,26 @@ class POLICY_EXPORT CloudPolicyClient {
std::vector<std::string> state_keys_to_upload_;
std::string dm_token_;
- DeviceMode device_mode_;
+ DeviceMode device_mode_ = DEVICE_MODE_NOT_SET;
std::string client_id_;
- bool submit_machine_id_;
+ bool submit_machine_id_ = false;
base::Time last_policy_timestamp_;
- int public_key_version_;
- bool public_key_version_valid_;
+ int public_key_version_ = -1;
+ bool public_key_version_valid_ = false;
std::string robot_api_auth_code_;
// Information for the latest policy invalidation received.
- int64_t invalidation_version_;
+ int64_t invalidation_version_ = 0;
std::string invalidation_payload_;
// The invalidation version used for the most recent fetch operation.
- int64_t fetched_invalidation_version_;
+ int64_t fetched_invalidation_version_ = 0;
// Used for issuing requests to the cloud.
- DeviceManagementService* service_;
+ DeviceManagementService* service_ = nullptr;
+
+ // Used for signing requests.
+ SigningService* signing_service_ = nullptr;
// Only one outstanding policy fetch is allowed, so this is tracked in
// its own member variable.
@@ -386,12 +421,17 @@ class POLICY_EXPORT CloudPolicyClient {
// The policy responses returned by the last policy fetch operation.
ResponseMap responses_;
- DeviceManagementStatus status_;
+ DeviceManagementStatus status_ = DM_STATUS_SUCCESS;
base::ObserverList<Observer, true> observers_;
scoped_refptr<net::URLRequestContextGetter> request_context_;
private:
+ void SetClientId(const std::string& client_id);
+
+ // Used to create tasks which run delayed on the UI thread.
+ base::WeakPtrFactory<CloudPolicyClient> weak_ptr_factory_;
+
DISALLOW_COPY_AND_ASSIGN(CloudPolicyClient);
};
« no previous file with comments | « components/policy/core/browser/cloud/message_util.cc ('k') | components/policy/core/common/cloud/cloud_policy_client.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698