| Index: components/policy/core/common/cloud/cloud_policy_validator.cc
|
| diff --git a/components/policy/core/common/cloud/cloud_policy_validator.cc b/components/policy/core/common/cloud/cloud_policy_validator.cc
|
| index 2bcdbc60c1a7ca1b5db126c046228f55d1e894c1..d824ba2396c51f547e4aae7fe2e30de5f8740e3e 100644
|
| --- a/components/policy/core/common/cloud/cloud_policy_validator.cc
|
| +++ b/components/policy/core/common/cloud/cloud_policy_validator.cc
|
| @@ -114,10 +114,9 @@ void CloudPolicyValidatorBase::ValidatePayload() {
|
| void CloudPolicyValidatorBase::ValidateCachedKey(
|
| const std::string& cached_key,
|
| const std::string& cached_key_signature,
|
| - const std::string& verification_key,
|
| const std::string& owning_domain) {
|
| validation_flags_ |= VALIDATE_CACHED_KEY;
|
| - set_verification_key_and_domain(verification_key, owning_domain);
|
| + set_owning_domain(owning_domain);
|
| cached_key_ = cached_key;
|
| cached_key_signature_ = cached_key_signature;
|
| }
|
| @@ -130,20 +129,18 @@ void CloudPolicyValidatorBase::ValidateSignature(const std::string& key) {
|
|
|
| void CloudPolicyValidatorBase::ValidateSignatureAllowingRotation(
|
| const std::string& key,
|
| - const std::string& verification_key,
|
| const std::string& owning_domain) {
|
| validation_flags_ |= VALIDATE_SIGNATURE;
|
| DCHECK(key_.empty() || key_ == key);
|
| key_ = key;
|
| - set_verification_key_and_domain(verification_key, owning_domain);
|
| + set_owning_domain(owning_domain);
|
| allow_key_rotation_ = true;
|
| }
|
|
|
| void CloudPolicyValidatorBase::ValidateInitialKey(
|
| - const std::string& verification_key,
|
| const std::string& owning_domain) {
|
| validation_flags_ |= VALIDATE_INITIAL_KEY;
|
| - set_verification_key_and_domain(verification_key, owning_domain);
|
| + set_owning_domain(owning_domain);
|
| }
|
|
|
| void CloudPolicyValidatorBase::ValidateAgainstCurrentPolicy(
|
| @@ -181,6 +178,7 @@ CloudPolicyValidatorBase::CloudPolicyValidatorBase(
|
| dm_token_option_(DM_TOKEN_REQUIRED),
|
| device_id_option_(DEVICE_ID_REQUIRED),
|
| canonicalize_user_(false),
|
| + verification_key_(GetPolicyVerificationKey()),
|
| allow_key_rotation_(false),
|
| background_task_runner_(background_task_runner) {}
|
|
|
| @@ -271,8 +269,7 @@ void CloudPolicyValidatorBase::RunChecks() {
|
| // Verifies the |new_public_key_verification_signature_deprecated| for the
|
| // |new_public_key| in the policy blob.
|
| bool CloudPolicyValidatorBase::CheckNewPublicKeyVerificationSignature() {
|
| - // If there's no local verification key, then just return true (no
|
| - // validation possible).
|
| + // Skip verification if the key is empty (disabled via command line).
|
| if (verification_key_.empty()) {
|
| UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification,
|
| METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING,
|
| @@ -344,12 +341,10 @@ std::string CloudPolicyValidatorBase::ExtractDomainFromPolicy() {
|
| return domain;
|
| }
|
|
|
| -void CloudPolicyValidatorBase::set_verification_key_and_domain(
|
| - const std::string& verification_key, const std::string& owning_domain) {
|
| - // Make sure we aren't overwriting the verification key with a different key.
|
| - DCHECK(verification_key_.empty() || verification_key_ == verification_key);
|
| +void CloudPolicyValidatorBase::set_owning_domain(
|
| + const std::string& owning_domain) {
|
| + // Make sure we aren't overwriting the owning domain with a different one.
|
| DCHECK(owning_domain_.empty() || owning_domain_ == owning_domain);
|
| - verification_key_ = verification_key;
|
| owning_domain_ = owning_domain;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2507423002:
Remove unnecessary plumbing for policy verification key (Closed)
