Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(372)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/policy/device_local_account_policy_store.cc

Issue 2488573003: Expose signing key from cloud policy stores (Closed)
Patch Set: Fix tests Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc ('K') | « chrome/browser/chromeos/policy/device_local_account_policy_store.h ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h » ('j') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback.h" 10 #include "base/callback.h"
(...skipping 15 matching lines...) Expand all
26 26
27 DeviceLocalAccountPolicyStore::DeviceLocalAccountPolicyStore( 27 DeviceLocalAccountPolicyStore::DeviceLocalAccountPolicyStore(
28 const std::string& account_id, 28 const std::string& account_id,
29 chromeos::SessionManagerClient* session_manager_client, 29 chromeos::SessionManagerClient* session_manager_client,
30 chromeos::DeviceSettingsService* device_settings_service, 30 chromeos::DeviceSettingsService* device_settings_service,
31 scoped_refptr<base::SequencedTaskRunner> background_task_runner) 31 scoped_refptr<base::SequencedTaskRunner> background_task_runner)
32 : UserCloudPolicyStoreBase(background_task_runner), 32 : UserCloudPolicyStoreBase(background_task_runner),
33 account_id_(account_id), 33 account_id_(account_id),
34 session_manager_client_(session_manager_client), 34 session_manager_client_(session_manager_client),
35 device_settings_service_(device_settings_service), 35 device_settings_service_(device_settings_service),
36 weak_factory_(this) {} 36 weak_factory_(this) {
37 owning_domain_ = g_browser_process->platform_part()
38 ->browser_policy_connector_chromeos()
39 ->GetEnterpriseDomain();
40 device_settings_service_->AddObserver(this);
41 UpdateFromDeviceSettingsService();
42 }
37 43
38 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {} 44 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {
45 device_settings_service_->RemoveObserver(this);
46 }
39 47
40 void DeviceLocalAccountPolicyStore::Load() { 48 void DeviceLocalAccountPolicyStore::Load() {
41 weak_factory_.InvalidateWeakPtrs(); 49 weak_factory_.InvalidateWeakPtrs();
42 session_manager_client_->RetrieveDeviceLocalAccountPolicy( 50 session_manager_client_->RetrieveDeviceLocalAccountPolicy(
43 account_id_, 51 account_id_,
44 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, 52 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob,
45 weak_factory_.GetWeakPtr())); 53 weak_factory_.GetWeakPtr()));
46 } 54 }
47 55
48 void DeviceLocalAccountPolicyStore::Store( 56 void DeviceLocalAccountPolicyStore::Store(
49 const em::PolicyFetchResponse& policy) { 57 const em::PolicyFetchResponse& policy) {
50 weak_factory_.InvalidateWeakPtrs(); 58 weak_factory_.InvalidateWeakPtrs();
51 CheckKeyAndValidate( 59 CheckKeyAndValidate(
52 true, base::MakeUnique<em::PolicyFetchResponse>(policy), 60 true, base::MakeUnique<em::PolicyFetchResponse>(policy),
53 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, 61 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy,
54 weak_factory_.GetWeakPtr())); 62 weak_factory_.GetWeakPtr()));
55 } 63 }
56 64
65 void DeviceLocalAccountPolicyStore::DeviceSettingsUpdated() {
66 UpdateFromDeviceSettingsService();
67 }
68
69 void DeviceLocalAccountPolicyStore::UpdateFromDeviceSettingsService() {
70 scoped_refptr<ownership::PublicKey> key =
71 device_settings_service_->GetPublicKey();
72 public_key_ = key ? key->as_string() : std::string();
73 }
74
57 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( 75 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob(
58 const std::string& policy_blob) { 76 const std::string& policy_blob) {
59 if (policy_blob.empty()) { 77 if (policy_blob.empty()) {
60 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; 78 status_ = CloudPolicyStore::STATUS_LOAD_ERROR;
61 NotifyStoreError(); 79 NotifyStoreError();
62 } else { 80 } else {
63 std::unique_ptr<em::PolicyFetchResponse> policy( 81 std::unique_ptr<em::PolicyFetchResponse> policy(
64 new em::PolicyFetchResponse()); 82 new em::PolicyFetchResponse());
65 if (policy->ParseFromString(policy_blob)) { 83 if (policy->ParseFromString(policy_blob)) {
66 CheckKeyAndValidate( 84 CheckKeyAndValidate(
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 153
136 void DeviceLocalAccountPolicyStore::Validate( 154 void DeviceLocalAccountPolicyStore::Validate(
137 bool valid_timestamp_required, 155 bool valid_timestamp_required,
138 std::unique_ptr<em::PolicyFetchResponse> policy_response, 156 std::unique_ptr<em::PolicyFetchResponse> policy_response,
139 const UserCloudPolicyValidator::CompletionCallback& callback, 157 const UserCloudPolicyValidator::CompletionCallback& callback,
140 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { 158 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) {
141 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, 159 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN,
142 ownership_status); 160 ownership_status);
143 const em::PolicyData* device_policy_data = 161 const em::PolicyData* device_policy_data =
144 device_settings_service_->policy_data(); 162 device_settings_service_->policy_data();
145 scoped_refptr<ownership::PublicKey> key = 163 if (!device_policy_data || public_key_.empty()) {
146 device_settings_service_->GetPublicKey();
147 if (!key.get() || !key->is_loaded() || !device_policy_data) {
148 status_ = CloudPolicyStore::STATUS_BAD_STATE; 164 status_ = CloudPolicyStore::STATUS_BAD_STATE;
149 NotifyStoreLoaded(); 165 NotifyStoreLoaded();
150 return; 166 return;
151 } 167 }
152 168
153 std::unique_ptr<UserCloudPolicyValidator> validator( 169 std::unique_ptr<UserCloudPolicyValidator> validator(
154 UserCloudPolicyValidator::Create(std::move(policy_response), 170 UserCloudPolicyValidator::Create(std::move(policy_response),
155 background_task_runner())); 171 background_task_runner()));
156 validator->ValidateUsername(account_id_, false); 172 validator->ValidateUsername(account_id_, false);
157 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); 173 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType);
(...skipping 12 matching lines...) Expand all
170 validator->ValidateDMToken(device_policy_data->request_token(), 186 validator->ValidateDMToken(device_policy_data->request_token(),
171 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); 187 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED);
172 188
173 // Validate the device id to match what device policy has. 189 // Validate the device id to match what device policy has.
174 validator->ValidateDeviceId(device_policy_data->device_id(), 190 validator->ValidateDeviceId(device_policy_data->device_id(),
175 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); 191 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED);
176 192
177 validator->ValidatePayload(); 193 validator->ValidatePayload();
178 policy::BrowserPolicyConnectorChromeOS* connector = 194 policy::BrowserPolicyConnectorChromeOS* connector =
179 g_browser_process->platform_part()->browser_policy_connector_chromeos(); 195 g_browser_process->platform_part()->browser_policy_connector_chromeos();
180 validator->ValidateSignature(key->as_string(), 196 validator->ValidateSignature(public_key_, GetPolicyVerificationKey(),
181 GetPolicyVerificationKey(), 197 connector->GetEnterpriseDomain(), false);
182 connector->GetEnterpriseDomain(),
183 false);
184 validator.release()->StartValidation(callback); 198 validator.release()->StartValidation(callback);
185 } 199 }
186 200
187 } // namespace policy 201 } // namespace policy
OLDNEW
« chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc ('K') | « chrome/browser/chromeos/policy/device_local_account_policy_store.h ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h » ('j') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698