Chromium Code Reviews Chromium Code Reviews
Issue 2494843002:
Don't pass domain and verification key to validation when not required (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "chrome/browser/browser_process.h" | |
| 13 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
| 14 #include "chromeos/dbus/session_manager_client.h" | 12 #include "chromeos/dbus/session_manager_client.h" |
| 15 #include "components/ownership/owner_key_util.h" | 13 #include "components/ownership/owner_key_util.h" |
| 16 #include "components/policy/core/common/cloud/device_management_service.h" | 14 #include "components/policy/core/common/cloud/device_management_service.h" |
| 17 #include "components/policy/core/common/external_data_fetcher.h" | 15 #include "components/policy/core/common/external_data_fetcher.h" |
| 18 #include "components/policy/core/common/policy_map.h" | 16 #include "components/policy/core/common/policy_map.h" |
| 19 #include "components/policy/core/common/policy_types.h" | 17 #include "components/policy/core/common/policy_types.h" |
| 20 #include "components/policy/proto/cloud_policy.pb.h" | 18 #include "components/policy/proto/cloud_policy.pb.h" |
| 21 #include "components/policy/proto/device_management_backend.pb.h" | 19 #include "components/policy/proto/device_management_backend.pb.h" |
| 22 | 20 |
| 23 namespace em = enterprise_management; | 21 namespace em = enterprise_management; |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 137 bool valid_timestamp_required, | 135 bool valid_timestamp_required, |
| 138 std::unique_ptr<em::PolicyFetchResponse> policy_response, | 136 std::unique_ptr<em::PolicyFetchResponse> policy_response, |
| 139 const UserCloudPolicyValidator::CompletionCallback& callback, | 137 const UserCloudPolicyValidator::CompletionCallback& callback, |
| 140 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { | 138 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { |
| 141 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, | 139 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, |
| 142 ownership_status); | 140 ownership_status); |
| 143 const em::PolicyData* device_policy_data = | 141 const em::PolicyData* device_policy_data = |
| 144 device_settings_service_->policy_data(); | 142 device_settings_service_->policy_data(); |
| 145 scoped_refptr<ownership::PublicKey> key = | 143 scoped_refptr<ownership::PublicKey> key = |
| 146 device_settings_service_->GetPublicKey(); | 144 device_settings_service_->GetPublicKey(); |
| 147 if (!key.get() || !key->is_loaded() || !device_policy_data) { | 145 if (!key.get() || !key->is_loaded() || !device_policy_data) { |
|
Andrew T Wilson (Slow)
2016/11/14 09:29:37
Just to be clear, when is ValidateCachedKey() invo
emaxx
2016/11/14 16:27:07
I don't think that the keys from DeviceSettingsSer
| |
| 148 status_ = CloudPolicyStore::STATUS_BAD_STATE; | 146 status_ = CloudPolicyStore::STATUS_BAD_STATE; |
| 149 NotifyStoreLoaded(); | 147 NotifyStoreLoaded(); |
| 150 return; | 148 return; |
| 151 } | 149 } |
| 152 | 150 |
| 153 std::unique_ptr<UserCloudPolicyValidator> validator( | 151 std::unique_ptr<UserCloudPolicyValidator> validator( |
| 154 UserCloudPolicyValidator::Create(std::move(policy_response), | 152 UserCloudPolicyValidator::Create(std::move(policy_response), |
| 155 background_task_runner())); | 153 background_task_runner())); |
| 156 validator->ValidateUsername(account_id_, false); | 154 validator->ValidateUsername(account_id_, false); |
| 157 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); | 155 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 168 | 166 |
| 169 // Validate the DMToken to match what device policy has. | 167 // Validate the DMToken to match what device policy has. |
| 170 validator->ValidateDMToken(device_policy_data->request_token(), | 168 validator->ValidateDMToken(device_policy_data->request_token(), |
| 171 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 169 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 172 | 170 |
| 173 // Validate the device id to match what device policy has. | 171 // Validate the device id to match what device policy has. |
| 174 validator->ValidateDeviceId(device_policy_data->device_id(), | 172 validator->ValidateDeviceId(device_policy_data->device_id(), |
| 175 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); | 173 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); |
| 176 | 174 |
| 177 validator->ValidatePayload(); | 175 validator->ValidatePayload(); |
| 178 policy::BrowserPolicyConnectorChromeOS* connector = | 176 validator->ValidateSignature(key->as_string()); |
| 179 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
| 180 validator->ValidateSignature(key->as_string(), | |
| 181 GetPolicyVerificationKey(), | |
| 182 connector->GetEnterpriseDomain(), | |
| 183 false); | |
| 184 validator.release()->StartValidation(callback); | 177 validator.release()->StartValidation(callback); |
| 185 } | 178 } |
| 186 | 179 |
| 187 } // namespace policy | 180 } // namespace policy |
| OLD | NEW |
