Chromium Code Reviews Chromium Code Reviews
Issue 2558543003:
Fix handling of device cloud signing policy key rotation (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" | 5 #include "chrome/browser/chromeos/settings/session_manager_operation.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 39 scoped_refptr<OwnerKeyUtil> owner_key_util, | 39 scoped_refptr<OwnerKeyUtil> owner_key_util, |
| 40 scoped_refptr<PublicKey> public_key) { | 40 scoped_refptr<PublicKey> public_key) { |
| 41 session_manager_client_ = session_manager_client; | 41 session_manager_client_ = session_manager_client; |
| 42 owner_key_util_ = owner_key_util; | 42 owner_key_util_ = owner_key_util; |
| 43 public_key_ = public_key; | 43 public_key_ = public_key; |
| 44 Run(); | 44 Run(); |
| 45 } | 45 } |
| 46 | 46 |
| 47 void SessionManagerOperation::RestartLoad(bool key_changed) { | 47 void SessionManagerOperation::RestartLoad(bool key_changed) { |
| 48 if (key_changed) | 48 if (key_changed) |
| 49 public_key_ = NULL; | 49 public_key_ = nullptr; |
| 50 | 50 |
| 51 if (!is_loading_) | 51 if (!is_loading_) |
| 52 return; | 52 return; |
| 53 | 53 |
| 54 // Abort previous load operations. | 54 // Abort previous load operations. |
| 55 weak_factory_.InvalidateWeakPtrs(); | 55 weak_factory_.InvalidateWeakPtrs(); |
| 56 // Mark as not loading to start loading again. | 56 // Mark as not loading to start loading again. |
| 57 is_loading_ = false; | 57 is_loading_ = false; |
| 58 StartLoading(); | 58 StartLoading(); |
| 59 } | 59 } |
| 60 | 60 |
| 61 void SessionManagerOperation::StartLoading() { | 61 void SessionManagerOperation::StartLoading() { |
| 62 if (is_loading_) | 62 if (is_loading_) |
| 63 return; | 63 return; |
| 64 is_loading_ = true; | 64 is_loading_ = true; |
| 65 if (cloud_validations_) { | 65 if (cloud_validations_) { |
| 66 EnsurePublicKey(base::Bind(&SessionManagerOperation::RetrieveDeviceSettings, | 66 EnsurePublicKey(base::Bind(&SessionManagerOperation::RetrieveDeviceSettings, |
| 67 weak_factory_.GetWeakPtr())); | 67 weak_factory_.GetWeakPtr())); |
| 68 } else { | 68 } else { |
| 69 RetrieveDeviceSettings(); | 69 RetrieveDeviceSettings(); |
| 70 } | 70 } |
| 71 } | 71 } |
| 72 | 72 |
| 73 void SessionManagerOperation::ReportResult( | 73 void SessionManagerOperation::ReportResult( |
| 74 DeviceSettingsService::Status status) { | 74 DeviceSettingsService::Status status) { |
| 75 callback_.Run(this, status); | 75 callback_.Run(this, status); |
| 76 } | 76 } |
| 77 | 77 |
| 78 void SessionManagerOperation::EnsurePublicKey(const base::Closure& callback) { | 78 void SessionManagerOperation::EnsurePublicKey(const base::Closure& callback) { |
| 79 if (force_key_load_ || !public_key_.get() || !public_key_->is_loaded()) { | 79 if (force_key_load_ || !public_key_ || !public_key_->is_loaded()) { |
| 80 scoped_refptr<base::TaskRunner> task_runner = | 80 scoped_refptr<base::TaskRunner> task_runner = |
| 81 content::BrowserThread::GetBlockingPool() | 81 content::BrowserThread::GetBlockingPool() |
| 82 ->GetTaskRunnerWithShutdownBehavior( | 82 ->GetTaskRunnerWithShutdownBehavior( |
| 83 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); | 83 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); |
| 84 base::PostTaskAndReplyWithResult( | 84 base::PostTaskAndReplyWithResult( |
| 85 task_runner.get(), | 85 task_runner.get(), FROM_HERE, |
| 86 FROM_HERE, | 86 base::Bind(&SessionManagerOperation::LoadPublicKey, owner_key_util_, |
| 87 base::Bind(&SessionManagerOperation::LoadPublicKey, | 87 force_key_load_ ? nullptr : public_key_), |
| 88 owner_key_util_, | |
| 89 public_key_), | |
| 90 base::Bind(&SessionManagerOperation::StorePublicKey, | 88 base::Bind(&SessionManagerOperation::StorePublicKey, |
| 91 weak_factory_.GetWeakPtr(), | 89 weak_factory_.GetWeakPtr(), callback)); |
| 92 callback)); | |
| 93 } else { | 90 } else { |
| 94 callback.Run(); | 91 callback.Run(); |
| 95 } | 92 } |
| 96 } | 93 } |
| 97 | 94 |
| 98 // static | 95 // static |
| 99 scoped_refptr<PublicKey> SessionManagerOperation::LoadPublicKey( | 96 scoped_refptr<PublicKey> SessionManagerOperation::LoadPublicKey( |
| 100 scoped_refptr<OwnerKeyUtil> util, | 97 scoped_refptr<OwnerKeyUtil> util, |
| 101 scoped_refptr<PublicKey> current_key) { | 98 scoped_refptr<PublicKey> current_key) { |
| 102 scoped_refptr<PublicKey> public_key(new PublicKey()); | 99 scoped_refptr<PublicKey> public_key(new PublicKey()); |
| 103 | 100 |
| 104 // Keep already-existing public key. | 101 // Keep already-existing public key. |
| 105 if (current_key.get() && current_key->is_loaded()) { | 102 if (current_key && current_key->is_loaded()) { |
| 106 public_key->data() = current_key->data(); | 103 public_key->data() = current_key->data(); |
| 107 } | 104 } |
| 108 if (!public_key->is_loaded() && util->IsPublicKeyPresent()) { | 105 if (!public_key->is_loaded() && util->IsPublicKeyPresent()) { |
| 109 if (!util->ImportPublicKey(&public_key->data())) | 106 if (!util->ImportPublicKey(&public_key->data())) |
| 110 LOG(ERROR) << "Failed to load public owner key."; | 107 LOG(ERROR) << "Failed to load public owner key."; |
| 111 } | 108 } |
| 112 | 109 |
| 113 return public_key; | 110 return public_key; |
| 114 } | 111 } |
| 115 | 112 |
| 116 void SessionManagerOperation::StorePublicKey(const base::Closure& callback, | 113 void SessionManagerOperation::StorePublicKey(const base::Closure& callback, |
| 117 scoped_refptr<PublicKey> new_key) { | 114 scoped_refptr<PublicKey> new_key) { |
| 118 force_key_load_ = false; | 115 force_key_load_ = false; |
| 119 public_key_ = new_key; | 116 public_key_ = new_key; |
| 120 | 117 |
| 121 if (!public_key_.get() || !public_key_->is_loaded()) { | 118 if (!public_key_ || !public_key_->is_loaded()) { |
| 122 ReportResult(DeviceSettingsService::STORE_KEY_UNAVAILABLE); | 119 ReportResult(DeviceSettingsService::STORE_KEY_UNAVAILABLE); |
| 123 return; | 120 return; |
| 124 } | 121 } |
| 125 | 122 |
| 126 callback.Run(); | 123 callback.Run(); |
| 127 } | 124 } |
| 128 | 125 |
| 129 void SessionManagerOperation::RetrieveDeviceSettings() { | 126 void SessionManagerOperation::RetrieveDeviceSettings() { |
| 130 session_manager_client()->RetrieveDevicePolicy( | 127 session_manager_client()->RetrieveDevicePolicy( |
| 131 base::Bind(&SessionManagerOperation::ValidateDeviceSettings, | 128 base::Bind(&SessionManagerOperation::ValidateDeviceSettings, |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 229 | 226 |
| 230 void LoadSettingsOperation::Run() { | 227 void LoadSettingsOperation::Run() { |
| 231 StartLoading(); | 228 StartLoading(); |
| 232 } | 229 } |
| 233 | 230 |
| 234 StoreSettingsOperation::StoreSettingsOperation( | 231 StoreSettingsOperation::StoreSettingsOperation( |
| 235 const Callback& callback, | 232 const Callback& callback, |
| 236 std::unique_ptr<em::PolicyFetchResponse> policy) | 233 std::unique_ptr<em::PolicyFetchResponse> policy) |
| 237 : SessionManagerOperation(callback), | 234 : SessionManagerOperation(callback), |
| 238 policy_(std::move(policy)), | 235 policy_(std::move(policy)), |
| 239 weak_factory_(this) {} | 236 weak_factory_(this) { |
| 237 if (policy_->has_new_public_key()) | |
| 238 force_key_load_ = true; | |
|
Mattias Nissler (ping if slow)
2016/12/08 12:32:21
This change is good as it'll make sure won't race.
| |
| 239 } | |
| 240 | 240 |
| 241 StoreSettingsOperation::~StoreSettingsOperation() {} | 241 StoreSettingsOperation::~StoreSettingsOperation() {} |
| 242 | 242 |
| 243 void StoreSettingsOperation::Run() { | 243 void StoreSettingsOperation::Run() { |
| 244 session_manager_client()->StoreDevicePolicy( | 244 session_manager_client()->StoreDevicePolicy( |
| 245 policy_->SerializeAsString(), | 245 policy_->SerializeAsString(), |
| 246 base::Bind(&StoreSettingsOperation::HandleStoreResult, | 246 base::Bind(&StoreSettingsOperation::HandleStoreResult, |
| 247 weak_factory_.GetWeakPtr())); | 247 weak_factory_.GetWeakPtr())); |
| 248 } | 248 } |
| 249 | 249 |
| 250 void StoreSettingsOperation::HandleStoreResult(bool success) { | 250 void StoreSettingsOperation::HandleStoreResult(bool success) { |
| 251 if (!success) | 251 if (!success) |
| 252 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); | 252 ReportResult(DeviceSettingsService::STORE_OPERATION_FAILED); |
| 253 else | 253 else |
| 254 StartLoading(); | 254 StartLoading(); |
| 255 } | 255 } |
| 256 | 256 |
| 257 } // namespace chromeos | 257 } // namespace chromeos |
| OLD | NEW |
