| Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| index 245ed810c231954a2092e7fa4a080863a496fd84..58cd6307fd133a855c514ca6cb30e4ce4406228c 100644
|
| --- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| +++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
|
| @@ -194,6 +194,7 @@ UserCloudPolicyStoreChromeOS::UserCloudPolicyStoreChromeOS(
|
| legacy_policy_cache_file,
|
| background_task_runner)),
|
| legacy_caches_loaded_(false),
|
| + owning_domain_(ExtractDomain(account_id_.GetUserEmail())),
|
| policy_key_loaded_(false),
|
| weak_factory_(this) {}
|
|
|
| @@ -259,7 +260,7 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() {
|
|
|
| policy_key_path_ = user_policy_key_dir_.Append(
|
| base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str()));
|
| - LoadPolicyKey(policy_key_path_, &policy_key_);
|
| + LoadPolicyKey(policy_key_path_, &public_key_);
|
| policy_key_loaded_ = true;
|
|
|
| std::unique_ptr<UserCloudPolicyValidator> validator =
|
| @@ -274,14 +275,12 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
|
| std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
|
| std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);
|
| validator->ValidateUsername(account_id_.GetUserEmail(), true);
|
| - if (policy_key_.empty()) {
|
| - validator->ValidateInitialKey(GetPolicyVerificationKey(),
|
| - ExtractDomain(account_id_.GetUserEmail()));
|
| + if (public_key_.empty()) {
|
| + validator->ValidateInitialKey(GetPolicyVerificationKey(), owning_domain_);
|
| } else {
|
| const bool allow_rotation = true;
|
| - validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(),
|
| - ExtractDomain(account_id_.GetUserEmail()),
|
| - allow_rotation);
|
| + validator->ValidateSignature(public_key_, GetPolicyVerificationKey(),
|
| + owning_domain_, allow_rotation);
|
| }
|
|
|
| // Start validation. The Validator will delete itself once validation is
|
| @@ -361,7 +360,7 @@ void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
|
| return;
|
| }
|
|
|
| - // Load |policy_key_| to verify the loaded policy.
|
| + // Load |public_key_| to verify the loaded policy.
|
| EnsurePolicyKeyLoaded(
|
| base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy,
|
| weak_factory_.GetWeakPtr(),
|
| @@ -524,7 +523,7 @@ void UserCloudPolicyStoreChromeOS::LoadPolicyKey(const base::FilePath& path,
|
| void UserCloudPolicyStoreChromeOS::OnPolicyKeyReloaded(
|
| std::string* key,
|
| const base::Closure& callback) {
|
| - policy_key_ = *key;
|
| + public_key_ = *key;
|
| policy_key_loaded_ = true;
|
| callback.Run();
|
| }
|
| @@ -570,8 +569,7 @@ UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
|
| // verification key since it is secure, and since there may be legacy policy
|
| // data that was stored without a verification key. Hence passing an empty
|
| // value for the verification key.
|
| - validator->ValidateSignature(policy_key_, empty_key,
|
| - ExtractDomain(account_id_.GetUserEmail()),
|
| + validator->ValidateSignature(public_key_, empty_key, owning_domain_,
|
| allow_rotation);
|
| return validator;
|
| }
|
|
|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
