| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 ownership_status); | 142 ownership_status); |
| 143 const em::PolicyData* device_policy_data = | 143 const em::PolicyData* device_policy_data = |
| 144 device_settings_service_->policy_data(); | 144 device_settings_service_->policy_data(); |
| 145 scoped_refptr<ownership::PublicKey> key = | 145 scoped_refptr<ownership::PublicKey> key = |
| 146 device_settings_service_->GetPublicKey(); | 146 device_settings_service_->GetPublicKey(); |
| 147 if (!key.get() || !key->is_loaded() || !device_policy_data) { | 147 if (!key.get() || !key->is_loaded() || !device_policy_data) { |
| 148 status_ = CloudPolicyStore::STATUS_BAD_STATE; | 148 status_ = CloudPolicyStore::STATUS_BAD_STATE; |
| 149 NotifyStoreLoaded(); | 149 NotifyStoreLoaded(); |
| 150 return; | 150 return; |
| 151 } | 151 } |
| 152 public_key_ = key->as_string(); |
| 152 | 153 |
| 153 std::unique_ptr<UserCloudPolicyValidator> validator( | 154 std::unique_ptr<UserCloudPolicyValidator> validator( |
| 154 UserCloudPolicyValidator::Create(std::move(policy_response), | 155 UserCloudPolicyValidator::Create(std::move(policy_response), |
| 155 background_task_runner())); | 156 background_task_runner())); |
| 156 validator->ValidateUsername(account_id_, false); | 157 validator->ValidateUsername(account_id_, false); |
| 157 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); | 158 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); |
| 158 // The timestamp is verified when storing a new policy downloaded from the | 159 // The timestamp is verified when storing a new policy downloaded from the |
| 159 // server but not when loading a cached policy from disk. | 160 // server but not when loading a cached policy from disk. |
| 160 // See SessionManagerOperation::ValidateDeviceSettings for the rationale. | 161 // See SessionManagerOperation::ValidateDeviceSettings for the rationale. |
| 161 validator->ValidateAgainstCurrentPolicy( | 162 validator->ValidateAgainstCurrentPolicy( |
| 162 policy(), | 163 policy(), |
| 163 valid_timestamp_required | 164 valid_timestamp_required |
| 164 ? CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED | 165 ? CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED |
| 165 : CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED, | 166 : CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED, |
| 166 CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED, | 167 CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED, |
| 167 CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED); | 168 CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED); |
| 168 | 169 |
| 169 // Validate the DMToken to match what device policy has. | 170 // Validate the DMToken to match what device policy has. |
| 170 validator->ValidateDMToken(device_policy_data->request_token(), | 171 validator->ValidateDMToken(device_policy_data->request_token(), |
| 171 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 172 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 172 | 173 |
| 173 // Validate the device id to match what device policy has. | 174 // Validate the device id to match what device policy has. |
| 174 validator->ValidateDeviceId(device_policy_data->device_id(), | 175 validator->ValidateDeviceId(device_policy_data->device_id(), |
| 175 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); | 176 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); |
| 176 | 177 |
| 177 validator->ValidatePayload(); | 178 validator->ValidatePayload(); |
| 178 policy::BrowserPolicyConnectorChromeOS* connector = | 179 policy::BrowserPolicyConnectorChromeOS* connector = |
| 179 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | 180 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 180 validator->ValidateSignature(key->as_string(), | 181 validator->ValidateSignature(public_key_, GetPolicyVerificationKey(), |
| 181 GetPolicyVerificationKey(), | 182 connector->GetEnterpriseDomain(), false); |
| 182 connector->GetEnterpriseDomain(), | |
| 183 false); | |
| 184 validator.release()->StartValidation(callback); | 183 validator.release()->StartValidation(callback); |
| 185 } | 184 } |
| 186 | 185 |
| 187 } // namespace policy | 186 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
