| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 66 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, | 66 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, |
| 67 weak_factory_.GetWeakPtr())); | 67 weak_factory_.GetWeakPtr())); |
| 68 } else { | 68 } else { |
| 69 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; | 69 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; |
| 70 NotifyStoreError(); | 70 NotifyStoreError(); |
| 71 } | 71 } |
| 72 } | 72 } |
| 73 } | 73 } |
| 74 | 74 |
| 75 void DeviceLocalAccountPolicyStore::UpdatePolicy( | 75 void DeviceLocalAccountPolicyStore::UpdatePolicy( |
| 76 const std::string& signature_validation_public_key, |
| 76 UserCloudPolicyValidator* validator) { | 77 UserCloudPolicyValidator* validator) { |
| 78 DCHECK(!signature_validation_public_key.empty()); |
| 79 |
| 77 validation_status_ = validator->status(); | 80 validation_status_ = validator->status(); |
| 78 if (!validator->success()) { | 81 if (!validator->success()) { |
| 79 status_ = STATUS_VALIDATION_ERROR; | 82 status_ = STATUS_VALIDATION_ERROR; |
| 80 NotifyStoreError(); | 83 NotifyStoreError(); |
| 81 return; | 84 return; |
| 82 } | 85 } |
| 83 | 86 |
| 84 InstallPolicy(std::move(validator->policy_data()), | 87 InstallPolicy(std::move(validator->policy_data()), |
| 85 std::move(validator->payload())); | 88 std::move(validator->payload()), |
| 89 signature_validation_public_key); |
| 86 status_ = STATUS_OK; | 90 status_ = STATUS_OK; |
| 87 NotifyStoreLoaded(); | 91 NotifyStoreLoaded(); |
| 88 } | 92 } |
| 89 | 93 |
| 90 void DeviceLocalAccountPolicyStore::StoreValidatedPolicy( | 94 void DeviceLocalAccountPolicyStore::StoreValidatedPolicy( |
| 95 const std::string& signature_validation_public_key_unused, |
| 91 UserCloudPolicyValidator* validator) { | 96 UserCloudPolicyValidator* validator) { |
| 92 if (!validator->success()) { | 97 if (!validator->success()) { |
| 93 status_ = CloudPolicyStore::STATUS_VALIDATION_ERROR; | 98 status_ = CloudPolicyStore::STATUS_VALIDATION_ERROR; |
| 94 validation_status_ = validator->status(); | 99 validation_status_ = validator->status(); |
| 95 NotifyStoreError(); | 100 NotifyStoreError(); |
| 96 return; | 101 return; |
| 97 } | 102 } |
| 98 | 103 |
| 99 std::string policy_blob; | 104 std::string policy_blob; |
| 100 if (!validator->policy()->SerializeToString(&policy_blob)) { | 105 if (!validator->policy()->SerializeToString(&policy_blob)) { |
| (...skipping 14 matching lines...) Expand all Loading... |
| 115 status_ = CloudPolicyStore::STATUS_STORE_ERROR; | 120 status_ = CloudPolicyStore::STATUS_STORE_ERROR; |
| 116 NotifyStoreError(); | 121 NotifyStoreError(); |
| 117 } else { | 122 } else { |
| 118 Load(); | 123 Load(); |
| 119 } | 124 } |
| 120 } | 125 } |
| 121 | 126 |
| 122 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( | 127 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( |
| 123 bool valid_timestamp_required, | 128 bool valid_timestamp_required, |
| 124 std::unique_ptr<em::PolicyFetchResponse> policy, | 129 std::unique_ptr<em::PolicyFetchResponse> policy, |
| 125 const UserCloudPolicyValidator::CompletionCallback& callback) { | 130 const ValidateCompletionCallback& callback) { |
| 126 device_settings_service_->GetOwnershipStatusAsync( | 131 device_settings_service_->GetOwnershipStatusAsync( |
| 127 base::Bind(&DeviceLocalAccountPolicyStore::Validate, | 132 base::Bind(&DeviceLocalAccountPolicyStore::Validate, |
| 128 weak_factory_.GetWeakPtr(), | 133 weak_factory_.GetWeakPtr(), |
| 129 valid_timestamp_required, | 134 valid_timestamp_required, |
| 130 base::Passed(&policy), | 135 base::Passed(&policy), |
| 131 callback)); | 136 callback)); |
| 132 } | 137 } |
| 133 | 138 |
| 134 void DeviceLocalAccountPolicyStore::Validate( | 139 void DeviceLocalAccountPolicyStore::Validate( |
| 135 bool valid_timestamp_required, | 140 bool valid_timestamp_required, |
| 136 std::unique_ptr<em::PolicyFetchResponse> policy_response, | 141 std::unique_ptr<em::PolicyFetchResponse> policy_response, |
| 137 const UserCloudPolicyValidator::CompletionCallback& callback, | 142 const ValidateCompletionCallback& callback, |
| 138 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { | 143 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { |
| 139 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, | 144 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, |
| 140 ownership_status); | 145 ownership_status); |
| 141 const em::PolicyData* device_policy_data = | 146 const em::PolicyData* device_policy_data = |
| 142 device_settings_service_->policy_data(); | 147 device_settings_service_->policy_data(); |
| 148 // Note that the key is obtained through the device settings service instead |
| 149 // of using |policy_signature_public_key_| member, as the latter one is |
| 150 // updated only after the successful installation of the policy. |
| 143 scoped_refptr<ownership::PublicKey> key = | 151 scoped_refptr<ownership::PublicKey> key = |
| 144 device_settings_service_->GetPublicKey(); | 152 device_settings_service_->GetPublicKey(); |
| 145 if (!key.get() || !key->is_loaded() || !device_policy_data) { | 153 if (!key.get() || !key->is_loaded() || !device_policy_data) { |
| 146 status_ = CloudPolicyStore::STATUS_BAD_STATE; | 154 status_ = CloudPolicyStore::STATUS_BAD_STATE; |
| 147 NotifyStoreLoaded(); | 155 NotifyStoreLoaded(); |
| 148 return; | 156 return; |
| 149 } | 157 } |
| 150 | 158 |
| 151 std::unique_ptr<UserCloudPolicyValidator> validator( | 159 std::unique_ptr<UserCloudPolicyValidator> validator( |
| 152 UserCloudPolicyValidator::Create(std::move(policy_response), | 160 UserCloudPolicyValidator::Create(std::move(policy_response), |
| (...skipping 14 matching lines...) Expand all Loading... |
| 167 // Validate the DMToken to match what device policy has. | 175 // Validate the DMToken to match what device policy has. |
| 168 validator->ValidateDMToken(device_policy_data->request_token(), | 176 validator->ValidateDMToken(device_policy_data->request_token(), |
| 169 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 177 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 170 | 178 |
| 171 // Validate the device id to match what device policy has. | 179 // Validate the device id to match what device policy has. |
| 172 validator->ValidateDeviceId(device_policy_data->device_id(), | 180 validator->ValidateDeviceId(device_policy_data->device_id(), |
| 173 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); | 181 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); |
| 174 | 182 |
| 175 validator->ValidatePayload(); | 183 validator->ValidatePayload(); |
| 176 validator->ValidateSignature(key->as_string()); | 184 validator->ValidateSignature(key->as_string()); |
| 177 validator.release()->StartValidation(callback); | 185 validator.release()->StartValidation(base::Bind(callback, key->as_string())); |
| 178 } | 186 } |
| 179 | 187 |
| 180 } // namespace policy | 188 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
