Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(56)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 2820063005: Remove the "not_after" validation of policy timestamps (Closed)
Patch Set: Rebase Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
146 validator->RunValidation(); 146 validator->RunValidation();
147 OnRetrievedPolicyValidated(validator.get()); 147 OnRetrievedPolicyValidated(validator.get());
148 } 148 }
149 149
150 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( 150 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
151 std::unique_ptr<em::PolicyFetchResponse> policy) { 151 std::unique_ptr<em::PolicyFetchResponse> policy) {
152 DCHECK(!is_active_directory_); 152 DCHECK(!is_active_directory_);
153 153
154 // Create and configure a validator. 154 // Create and configure a validator.
155 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( 155 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
156 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED); 156 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_VALIDATED);
157 validator->ValidateUsername(account_id_.GetUserEmail(), true); 157 validator->ValidateUsername(account_id_.GetUserEmail(), true);
158 if (cached_policy_key_.empty()) { 158 if (cached_policy_key_.empty()) {
159 validator->ValidateInitialKey(ExtractDomain(account_id_.GetUserEmail())); 159 validator->ValidateInitialKey(ExtractDomain(account_id_.GetUserEmail()));
160 } else { 160 } else {
161 validator->ValidateSignatureAllowingRotation( 161 validator->ValidateSignatureAllowingRotation(
162 cached_policy_key_, ExtractDomain(account_id_.GetUserEmail())); 162 cached_policy_key_, ExtractDomain(account_id_.GetUserEmail()));
163 } 163 }
164 164
165 // Start validation. 165 // Start validation.
166 UserCloudPolicyValidator::StartValidation( 166 UserCloudPolicyValidator::StartValidation(
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 } else { 352 } else {
353 SampleValidationFailure(VALIDATION_FAILURE_DBUS); 353 SampleValidationFailure(VALIDATION_FAILURE_DBUS);
354 } 354 }
355 ReloadPolicyKey(callback); 355 ReloadPolicyKey(callback);
356 } 356 }
357 357
358 std::unique_ptr<UserCloudPolicyValidator> 358 std::unique_ptr<UserCloudPolicyValidator>
359 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( 359 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
360 std::unique_ptr<em::PolicyFetchResponse> policy) { 360 std::unique_ptr<em::PolicyFetchResponse> policy) {
361 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator( 361 std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
362 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); 362 std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_VALIDATED);
363 if (is_active_directory_) { 363 if (is_active_directory_) {
364 validator->ValidateTimestamp( 364 validator->ValidateTimestamp(
365 base::Time(), base::Time(), 365 base::Time(), CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED);
366 CloudPolicyValidatorBase::TIMESTAMP_NOT_VALIDATED);
367 validator->ValidateDMToken(std::string(), 366 validator->ValidateDMToken(std::string(),
368 CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED); 367 CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);
369 validator->ValidateDeviceId( 368 validator->ValidateDeviceId(
370 std::string(), CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED); 369 std::string(), CloudPolicyValidatorBase::DEVICE_ID_NOT_REQUIRED);
371 } else { 370 } else {
372 validator->ValidateUsername(account_id_.GetUserEmail(), true); 371 validator->ValidateUsername(account_id_.GetUserEmail(), true);
373 // The policy loaded from session manager need not be validated using the 372 // The policy loaded from session manager need not be validated using the
374 // verification key since it is secure, and since there may be legacy policy 373 // verification key since it is secure, and since there may be legacy policy
375 // data that was stored without a verification key. 374 // data that was stored without a verification key.
376 validator->ValidateSignature(cached_policy_key_); 375 validator->ValidateSignature(cached_policy_key_);
377 } 376 }
378 return validator; 377 return validator;
379 } 378 }
380 379
381 } // namespace policy 380 } // namespace policy
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('k') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698