| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 if (!install_attributes_->IsEnterpriseDevice() || | 52 if (!install_attributes_->IsEnterpriseDevice() || |
| 53 !device_settings_service_->policy_data() || !public_key.get() || | 53 !device_settings_service_->policy_data() || !public_key.get() || |
| 54 !public_key->is_loaded()) { | 54 !public_key->is_loaded()) { |
| 55 status_ = STATUS_BAD_STATE; | 55 status_ = STATUS_BAD_STATE; |
| 56 NotifyStoreError(); | 56 NotifyStoreError(); |
| 57 return; | 57 return; |
| 58 } | 58 } |
| 59 | 59 |
| 60 std::unique_ptr<DeviceCloudPolicyValidator> validator( | 60 std::unique_ptr<DeviceCloudPolicyValidator> validator( |
| 61 CreateValidator(policy)); | 61 CreateValidator(policy)); |
| 62 validator->ValidateSignature(public_key->as_string(), | 62 validator->ValidateSignatureAllowingRotation( |
| 63 GetPolicyVerificationKey(), | 63 public_key->as_string(), GetPolicyVerificationKey(), |
| 64 install_attributes_->GetDomain(), | 64 install_attributes_->GetDomain()); |
| 65 true); | |
| 66 validator->ValidateAgainstCurrentPolicy( | 65 validator->ValidateAgainstCurrentPolicy( |
| 67 device_settings_service_->policy_data(), | 66 device_settings_service_->policy_data(), |
| 68 CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED, | 67 CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED, |
| 69 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED, | 68 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED, |
| 70 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); | 69 CloudPolicyValidatorBase::DEVICE_ID_REQUIRED); |
| 71 validator.release()->StartValidation( | 70 validator.release()->StartValidation( |
| 72 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, | 71 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, |
| 73 weak_factory_.GetWeakPtr())); | 72 weak_factory_.GetWeakPtr())); |
| 74 } | 73 } |
| 75 | 74 |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, true); | 224 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, true); |
| 226 } else { | 225 } else { |
| 227 LOG(ERROR) << "Device policy read on enrolled device yields " | 226 LOG(ERROR) << "Device policy read on enrolled device yields " |
| 228 << "no DM token! Status: " << service_status << "."; | 227 << "no DM token! Status: " << service_status << "."; |
| 229 chromeos::StartupUtils::MarkEnrollmentRecoveryRequired(); | 228 chromeos::StartupUtils::MarkEnrollmentRecoveryRequired(); |
| 230 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, false); | 229 UMA_HISTOGRAM_BOOLEAN(kDMTokenCheckHistogram, false); |
| 231 } | 230 } |
| 232 } | 231 } |
| 233 | 232 |
| 234 } // namespace policy | 233 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2494843002:
Don't pass domain and verification key to validation when not required (Closed)
