| Index: components/policy/core/common/cloud/user_cloud_policy_store.cc
|
| diff --git a/components/policy/core/common/cloud/user_cloud_policy_store.cc b/components/policy/core/common/cloud/user_cloud_policy_store.cc
|
| index 615d9a69def649b863e35fb0765eba58e2943afc..2bd075803c8857df303917e7b9562a2ae6886717 100644
|
| --- a/components/policy/core/common/cloud/user_cloud_policy_store.cc
|
| +++ b/components/policy/core/common/cloud/user_cloud_policy_store.cc
|
| @@ -217,7 +217,7 @@ void UserCloudPolicyStore::Clear() {
|
| base::Bind(base::IgnoreResult(&base::DeleteFile), key_path_, false));
|
| policy_.reset();
|
| policy_map_.Clear();
|
| - policy_key_.clear();
|
| + public_key_.clear();
|
| NotifyStoreLoaded();
|
| }
|
|
|
| @@ -312,10 +312,10 @@ void UserCloudPolicyStore::InstallLoadedPolicyAfterValidation(
|
| // policy fetch will force regeneration of the keys.
|
| if (doing_key_rotation) {
|
| validator->policy_data()->clear_public_key_version();
|
| - policy_key_.clear();
|
| + public_key_.clear();
|
| } else {
|
| // Policy validation succeeded, so we know the signing key is good.
|
| - policy_key_ = signing_key;
|
| + public_key_ = signing_key;
|
| }
|
|
|
| InstallPolicy(std::move(validator->policy_data()),
|
| @@ -385,7 +385,7 @@ void UserCloudPolicyStore::Validate(
|
| // validation using the cached key.
|
|
|
| // Loading from cache should not change the cached keys.
|
| - DCHECK(policy_key_.empty() || policy_key_ == cached_key->signing_key());
|
| + DCHECK(public_key_.empty() || public_key_ == cached_key->signing_key());
|
| DLOG_IF(WARNING, !cached_key->has_signing_key()) <<
|
| "Unsigned policy blob detected";
|
|
|
| @@ -402,7 +402,7 @@ void UserCloudPolicyStore::Validate(
|
| } else {
|
| // No passed cached_key - this is not validating the initial policy load
|
| // from cache, but rather an update from the server.
|
| - if (policy_key_.empty()) {
|
| + if (public_key_.empty()) {
|
| // Case #3 - no valid existing policy key (either this is the initial
|
| // policy fetch, or we're doing a key rotation), so this new policy fetch
|
| // should include an initial key provision.
|
| @@ -410,11 +410,11 @@ void UserCloudPolicyStore::Validate(
|
| } else {
|
| // Case #4 - verify new policy with existing key. We always allow key
|
| // rotation - the verification key will prevent invalid policy from being
|
| - // injected. |policy_key_| is already known to be valid, so no need to
|
| + // injected. |public_key_| is already known to be valid, so no need to
|
| // verify via ValidateCachedKey().
|
| const bool allow_rotation = true;
|
| validator->ValidateSignature(
|
| - policy_key_, verification_key, owning_domain, allow_rotation);
|
| + public_key_, verification_key, owning_domain, allow_rotation);
|
| }
|
| }
|
|
|
| @@ -455,7 +455,7 @@ void UserCloudPolicyStore::StorePolicyAfterValidation(
|
|
|
| // If the key was rotated, update our local cache of the key.
|
| if (validator->policy()->has_new_public_key())
|
| - policy_key_ = validator->policy()->new_public_key();
|
| + public_key_ = validator->policy()->new_public_key();
|
| status_ = STATUS_OK;
|
| NotifyStoreLoaded();
|
| }
|
|
|
Chromium Code Reviews
Issue 2488573003:
Expose signing key from cloud policy stores (Closed)
