chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc - Issue 2820063005: Remove the "not_after" validation of policy timestamps

Side by Side Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 2820063005: Remove the "not_after" validation of policy timestamps (Closed)

Patch Set: Fix test Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('K') | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | components/policy/core/common/cloud/cloud_policy_validator_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"	5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8 #include <utility>	8 #include <utility>

9	9

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 134 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
145 validator->RunValidation();	145 validator->RunValidation();

146 OnRetrievedPolicyValidated(validator.get());	146 OnRetrievedPolicyValidated(validator.get());

147 }	147 }

148	148

149 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(	149 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(

150 std::unique_ptr<em::PolicyFetchResponse> policy) {	150 std::unique_ptr<em::PolicyFetchResponse> policy) {

151 DCHECK(!is_active_directory_);	151 DCHECK(!is_active_directory_);

152	152

153 // Create and configure a validator.	153 // Create and configure a validator.

154 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(	154 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(

155 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);	155 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_VALIDATED);

156 validator->ValidateUsername(account_id_.GetUserEmail(), true);	156 validator->ValidateUsername(account_id_.GetUserEmail(), true);

157 if (cached_policy_key_.empty()) {	157 if (cached_policy_key_.empty()) {

158 validator->ValidateInitialKey(ExtractDomain(account_id_.GetUserEmail()));	158 validator->ValidateInitialKey(ExtractDomain(account_id_.GetUserEmail()));

159 } else {	159 } else {

160 validator->ValidateSignatureAllowingRotation(	160 validator->ValidateSignatureAllowingRotation(

161 cached_policy_key_, ExtractDomain(account_id_.GetUserEmail()));	161 cached_policy_key_, ExtractDomain(account_id_.GetUserEmail()));

162 }	162 }

163	163

164 // Start validation. The Validator will delete itself once validation is	164 // Start validation. The Validator will delete itself once validation is

165 // complete.	165 // complete.

(...skipping 189 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
355 } else {	355 } else {

356 SampleValidationFailure(VALIDATION_FAILURE_DBUS);	356 SampleValidationFailure(VALIDATION_FAILURE_DBUS);

357 }	357 }

358 ReloadPolicyKey(callback);	358 ReloadPolicyKey(callback);

359 }	359 }

360	360

361 std::unique_ptr<UserCloudPolicyValidator>	361 std::unique_ptr<UserCloudPolicyValidator>

362 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(	362 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(

363 std::unique_ptr<em::PolicyFetchResponse> policy) {	363 std::unique_ptr<em::PolicyFetchResponse> policy) {

364 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(	364 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(

365 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);	365 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_VALIDATED);

366 if (is_active_directory_) {	366 if (is_active_directory_) {

367 validator->ValidateTimestamp(	367 validator->ValidateTimestamp(

368 base::Time(), base::Time(),	368 base::Time(), CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED);

369 CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED);

370 validator->ValidateDMToken(std::string(),	369 validator->ValidateDMToken(std::string(),

371 CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);	370 CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);

372 validator->ValidateDeviceId(	371 validator->ValidateDeviceId(

373 std::string(), CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED);	372 std::string(), CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED);

374 } else {	373 } else {

375 validator->ValidateUsername(account_id_.GetUserEmail(), true);	374 validator->ValidateUsername(account_id_.GetUserEmail(), true);

376 // The policy loaded from session manager need not be validated using the	375 // The policy loaded from session manager need not be validated using the

377 // verification key since it is secure, and since there may be legacy policy	376 // verification key since it is secure, and since there may be legacy policy

378 // data that was stored without a verification key.	377 // data that was stored without a verification key.

379 validator->ValidateSignature(cached_policy_key_);	378 validator->ValidateSignature(cached_policy_key_);

380 }	379 }

381 return validator;	380 return validator;

382 }	381 }

383	382

384 } // namespace policy	383 } // namespace policy

OLD	NEW