chrome/browser/chromeos/policy/device_local_account_policy_store.cc - Issue 2488573003: Expose signing key from cloud policy stores

Unified Diff: chrome/browser/chromeos/policy/device_local_account_policy_store.cc

Issue 2488573003: Expose signing key from cloud policy stores (Closed)

Patch Set: Fix tests Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc ('K') | « chrome/browser/chromeos/policy/device_local_account_policy_store.h ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h » ('j') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/chromeos/policy/device_local_account_policy_store.cc

diff --git a/chrome/browser/chromeos/policy/device_local_account_policy_store.cc b/chrome/browser/chromeos/policy/device_local_account_policy_store.cc

index ab474719445c5a6235b07478cd85d2e39446f6c0..fcc7f9f2e93c2051f69a4036df7d743e2f2ab78b 100644

--- a/chrome/browser/chromeos/policy/device_local_account_policy_store.cc

+++ b/chrome/browser/chromeos/policy/device_local_account_policy_store.cc

@@ -33,9 +33,17 @@ DeviceLocalAccountPolicyStore::DeviceLocalAccountPolicyStore(

account_id_(account_id),

session_manager_client_(session_manager_client),

device_settings_service_(device_settings_service),

- weak_factory_(this) {}

+ weak_factory_(this) {

+ owning_domain_ = g_browser_process->platform_part()

+ ->browser_policy_connector_chromeos()

+ ->GetEnterpriseDomain();

+ device_settings_service_->AddObserver(this);

+ UpdateFromDeviceSettingsService();

-DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {}

+DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {

+ device_settings_service_->RemoveObserver(this);

void DeviceLocalAccountPolicyStore::Load() {

weak_factory_.InvalidateWeakPtrs();

@@ -54,6 +62,16 @@ void DeviceLocalAccountPolicyStore::Store(

weak_factory_.GetWeakPtr()));

}

+void DeviceLocalAccountPolicyStore::DeviceSettingsUpdated() {

+ UpdateFromDeviceSettingsService();

+void DeviceLocalAccountPolicyStore::UpdateFromDeviceSettingsService() {

+ scoped_refptr<ownership::PublicKey> key =

+ device_settings_service_->GetPublicKey();

+ public_key_ = key ? key->as_string() : std::string();

void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob(

const std::string& policy_blob) {

if (policy_blob.empty()) {

@@ -142,9 +160,7 @@ void DeviceLocalAccountPolicyStore::Validate(

ownership_status);

const em::PolicyData* device_policy_data =

device_settings_service_->policy_data();

- scoped_refptr<ownership::PublicKey> key =

- device_settings_service_->GetPublicKey();

- if (!key.get() || !key->is_loaded() || !device_policy_data) {

+ if (!device_policy_data || public_key_.empty()) {

status_ = CloudPolicyStore::STATUS_BAD_STATE;

NotifyStoreLoaded();

return;

@@ -177,10 +193,8 @@ void DeviceLocalAccountPolicyStore::Validate(

validator->ValidatePayload();

policy::BrowserPolicyConnectorChromeOS* connector =

g_browser_process->platform_part()->browser_policy_connector_chromeos();

- validator->ValidateSignature(key->as_string(),

- GetPolicyVerificationKey(),

- connector->GetEnterpriseDomain(),

- false);

+ validator->ValidateSignature(public_key_, GetPolicyVerificationKey(),

+ connector->GetEnterpriseDomain(), false);

validator.release()->StartValidation(callback);

}