Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 2494843002: Don't pass domain and verification key to validation when not required (Closed)
Patch Set: Rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after
271 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( 271 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
272 std::unique_ptr<em::PolicyFetchResponse> policy) { 272 std::unique_ptr<em::PolicyFetchResponse> policy) {
273 // Create and configure a validator. 273 // Create and configure a validator.
274 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( 274 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
275 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED); 275 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);
276 validator->ValidateUsername(account_id_.GetUserEmail(), true); 276 validator->ValidateUsername(account_id_.GetUserEmail(), true);
277 if (policy_key_.empty()) { 277 if (policy_key_.empty()) {
278 validator->ValidateInitialKey(GetPolicyVerificationKey(), 278 validator->ValidateInitialKey(GetPolicyVerificationKey(),
279 ExtractDomain(account_id_.GetUserEmail())); 279 ExtractDomain(account_id_.GetUserEmail()));
280 } else { 280 } else {
281 const bool allow_rotation = true; 281 validator->ValidateSignatureAllowingRotation(
282 validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(), 282 policy_key_, GetPolicyVerificationKey(),
283 ExtractDomain(account_id_.GetUserEmail()), 283 ExtractDomain(account_id_.GetUserEmail()));
284 allow_rotation);
285 } 284 }
286 285
287 // Start validation. The Validator will delete itself once validation is 286 // Start validation. The Validator will delete itself once validation is
288 // complete. 287 // complete.
289 validator.release()->StartValidation( 288 validator.release()->StartValidation(
290 base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, 289 base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
291 weak_factory_.GetWeakPtr())); 290 weak_factory_.GetWeakPtr()));
292 } 291 }
293 292
294 void UserCloudPolicyStoreChromeOS::OnPolicyToStoreValidated( 293 void UserCloudPolicyStoreChromeOS::OnPolicyToStoreValidated(
(...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after
557 } 556 }
558 ReloadPolicyKey(callback); 557 ReloadPolicyKey(callback);
559 } 558 }
560 559
561 std::unique_ptr<UserCloudPolicyValidator> 560 std::unique_ptr<UserCloudPolicyValidator>
562 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( 561 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
563 std::unique_ptr<em::PolicyFetchResponse> policy) { 562 std::unique_ptr<em::PolicyFetchResponse> policy) {
564 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( 563 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
565 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); 564 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
566 validator->ValidateUsername(account_id_.GetUserEmail(), true); 565 validator->ValidateUsername(account_id_.GetUserEmail(), true);
567 const bool allow_rotation = false;
568 const std::string empty_key = std::string();
569 // The policy loaded from session manager need not be validated using the 566 // The policy loaded from session manager need not be validated using the
570 // verification key since it is secure, and since there may be legacy policy 567 // verification key since it is secure, and since there may be legacy policy
571 // data that was stored without a verification key. Hence passing an empty 568 // data that was stored without a verification key.
572 // value for the verification key. 569 validator->ValidateSignature(policy_key_);
573 validator->ValidateSignature(policy_key_, empty_key,
574 ExtractDomain(account_id_.GetUserEmail()),
575 allow_rotation);
576 return validator; 570 return validator;
577 } 571 }
578 } // namespace policy 572 } // namespace policy
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698