Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(948)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 2494843002: Don't pass domain and verification key to validation when not required (Closed)
Patch Set: Rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
index 245ed810c231954a2092e7fa4a080863a496fd84..1f98da2ba9a6f1990ba8cc5be4fcaf014ef7b900 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
@@ -278,10 +278,9 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
validator->ValidateInitialKey(GetPolicyVerificationKey(),
ExtractDomain(account_id_.GetUserEmail()));
} else {
- const bool allow_rotation = true;
- validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(),
- ExtractDomain(account_id_.GetUserEmail()),
- allow_rotation);
+ validator->ValidateSignatureAllowingRotation(
+ policy_key_, GetPolicyVerificationKey(),
+ ExtractDomain(account_id_.GetUserEmail()));
}
// Start validation. The Validator will delete itself once validation is
@@ -564,15 +563,10 @@ UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
validator->ValidateUsername(account_id_.GetUserEmail(), true);
- const bool allow_rotation = false;
- const std::string empty_key = std::string();
// The policy loaded from session manager need not be validated using the
// verification key since it is secure, and since there may be legacy policy
- // data that was stored without a verification key. Hence passing an empty
- // value for the verification key.
- validator->ValidateSignature(policy_key_, empty_key,
- ExtractDomain(account_id_.GetUserEmail()),
- allow_rotation);
+ // data that was stored without a verification key.
+ validator->ValidateSignature(policy_key_);
return validator;
}
} // namespace policy
« no previous file with comments | « chrome/browser/chromeos/policy/device_local_account_policy_store.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698