Chromium Code Reviews Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 #include "base/callback.h" | |
| 11 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
| 12 #include "base/macros.h" | 13 #include "base/macros.h" |
| 13 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 14 #include "base/memory/weak_ptr.h" | 15 #include "base/memory/weak_ptr.h" |
| 15 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 16 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 16 #include "components/policy/core/common/cloud/cloud_policy_validator.h" | 17 #include "components/policy/core/common/cloud/cloud_policy_validator.h" |
| 17 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" | 18 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" |
| 18 | 19 |
| 19 namespace base { | 20 namespace base { |
| 20 class SequencedTaskRunner; | 21 class SequencedTaskRunner; |
| 21 } | 22 } |
| 22 | 23 |
| 23 namespace chromeos { | 24 namespace chromeos { |
| 24 class DeviceSettingsService; | |
| 25 class SessionManagerClient; | 25 class SessionManagerClient; |
| 26 } | 26 } |
| 27 | 27 |
| 28 namespace enterprise_management { | 28 namespace enterprise_management { |
| 29 class PolicyFetchResponse; | 29 class PolicyFetchResponse; |
| 30 } | 30 } |
| 31 | 31 |
| 32 namespace policy { | 32 namespace policy { |
| 33 | 33 |
| 34 class DeviceLocalAccountPolicyBroker; | 34 class DeviceLocalAccountPolicyBroker; |
| 35 | 35 |
| 36 // CloudPolicyStore implementation for device-local account policy. Stores/loads | 36 // CloudPolicyStore implementation for device-local account policy. Stores/loads |
| 37 // policy to/from session_manager. | 37 // policy to/from session_manager. |
| 38 class DeviceLocalAccountPolicyStore | 38 class DeviceLocalAccountPolicyStore : public UserCloudPolicyStoreBase { |
| 39 : public UserCloudPolicyStoreBase { | |
| 40 public: | 39 public: |
| 41 DeviceLocalAccountPolicyStore( | 40 DeviceLocalAccountPolicyStore( |
| 42 const std::string& account_id, | 41 const std::string& account_id, |
| 43 chromeos::SessionManagerClient* client, | 42 chromeos::SessionManagerClient* client, |
| 44 chromeos::DeviceSettingsService* device_settings_service, | 43 chromeos::DeviceSettingsService* device_settings_service, |
| 45 scoped_refptr<base::SequencedTaskRunner> background_task_runner); | 44 scoped_refptr<base::SequencedTaskRunner> background_task_runner); |
| 46 ~DeviceLocalAccountPolicyStore() override; | 45 ~DeviceLocalAccountPolicyStore() override; |
| 47 | 46 |
| 48 const std::string& account_id() const { return account_id_; } | 47 const std::string& account_id() const { return account_id_; } |
| 49 | 48 |
| 50 // CloudPolicyStore: | 49 // CloudPolicyStore: |
| 51 void Store(const enterprise_management::PolicyFetchResponse& policy) override; | 50 void Store(const enterprise_management::PolicyFetchResponse& policy) override; |
| 52 void Load() override; | 51 void Load() override; |
| 53 | 52 |
| 54 private: | 53 private: |
| 54 // The callback invoked once policy validation is complete. Passed are the | |
| 55 // used public key and the validator. | |
| 56 using ValidateCompletionCallback = | |
| 57 base::Callback<void(const std::string&, UserCloudPolicyValidator*)>; | |
| 58 | |
| 55 // Called back by |session_manager_client_| after policy retrieval. Checks for | 59 // Called back by |session_manager_client_| after policy retrieval. Checks for |
| 56 // success and triggers policy validation. | 60 // success and triggers policy validation. |
| 57 void ValidateLoadedPolicyBlob(const std::string& policy_blob); | 61 void ValidateLoadedPolicyBlob(const std::string& policy_blob); |
| 58 | 62 |
| 59 // Updates state after validation and notifies observers. | 63 // Updates state after validation and notifies observers. |
| 60 void UpdatePolicy(UserCloudPolicyValidator* validator); | 64 void UpdatePolicy(const std::string& used_public_key, |
|
Thiemo Nagel
2016/11/21 17:45:33
Nit: "used" doesn't seem to convey meaningful info
emaxx
2016/11/21 20:04:58
Good point.
Replaced this now with "signature_vali
| |
| 65 UserCloudPolicyValidator* validator); | |
| 61 | 66 |
| 62 // Sends the policy blob to session_manager for storing after validation. | 67 // Sends the policy blob to session_manager for storing after validation. |
| 63 void StoreValidatedPolicy(UserCloudPolicyValidator* validator); | 68 void StoreValidatedPolicy(const std::string& used_public_key, |
| 69 UserCloudPolicyValidator* validator); | |
| 64 | 70 |
| 65 // Called back when a store operation completes, updates state and reloads the | 71 // Called back when a store operation completes, updates state and reloads the |
| 66 // policy if applicable. | 72 // policy if applicable. |
| 67 void HandleStoreResult(bool result); | 73 void HandleStoreResult(bool result); |
| 68 | 74 |
| 69 // Gets the owner key and triggers policy validation. | 75 // Gets the owner key and triggers policy validation. |
| 70 void CheckKeyAndValidate( | 76 void CheckKeyAndValidate( |
| 71 bool valid_timestamp_required, | 77 bool valid_timestamp_required, |
| 72 std::unique_ptr<enterprise_management::PolicyFetchResponse> policy, | 78 std::unique_ptr<enterprise_management::PolicyFetchResponse> policy, |
| 73 const UserCloudPolicyValidator::CompletionCallback& callback); | 79 const ValidateCompletionCallback& callback); |
| 74 | 80 |
| 75 // Triggers policy validation. | 81 // Triggers policy validation. |
| 76 void Validate( | 82 void Validate( |
| 77 bool valid_timestamp_required, | 83 bool valid_timestamp_required, |
| 78 std::unique_ptr<enterprise_management::PolicyFetchResponse> policy, | 84 std::unique_ptr<enterprise_management::PolicyFetchResponse> policy, |
| 79 const UserCloudPolicyValidator::CompletionCallback& callback, | 85 const ValidateCompletionCallback& callback, |
| 80 chromeos::DeviceSettingsService::OwnershipStatus ownership_status); | 86 chromeos::DeviceSettingsService::OwnershipStatus ownership_status); |
| 81 | 87 |
| 82 const std::string account_id_; | 88 const std::string account_id_; |
| 83 chromeos::SessionManagerClient* session_manager_client_; | 89 chromeos::SessionManagerClient* session_manager_client_; |
| 84 chromeos::DeviceSettingsService* device_settings_service_; | 90 chromeos::DeviceSettingsService* device_settings_service_; |
| 85 | 91 |
| 86 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; | 92 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; |
| 87 | 93 |
| 88 base::WeakPtrFactory<DeviceLocalAccountPolicyStore> weak_factory_; | 94 base::WeakPtrFactory<DeviceLocalAccountPolicyStore> weak_factory_; |
| 89 | 95 |
| 90 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyStore); | 96 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyStore); |
| 91 }; | 97 }; |
| 92 | 98 |
| 93 } // namespace policy | 99 } // namespace policy |
| 94 | 100 |
| 95 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_ | 101 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_ |
| OLD | NEW |
