components/policy/core/common/cloud/component_cloud_policy_store.cc - Issue 2820063005: Remove the "not_after" validation of policy timestamps

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/policy/core/common/cloud/component_cloud_policy_store.cc

Issue 2820063005: Remove the "not_after" validation of policy timestamps (Closed)

Patch Set: Rebase Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « components/policy/core/common/cloud/cloud_policy_validator_unittest.cc ('k') | components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/policy/core/common/cloud/component_cloud_policy_store.cc

diff --git a/components/policy/core/common/cloud/component_cloud_policy_store.cc b/components/policy/core/common/cloud/component_cloud_policy_store.cc

index 29c8dd418b8fc9c4f12b11ca9cfc628cb8f134f6..b6a62ea75b728021e9821835d589c7cb11796bdc 100644

--- a/components/policy/core/common/cloud/component_cloud_policy_store.cc

+++ b/components/policy/core/common/cloud/component_cloud_policy_store.cc

@@ -300,23 +300,18 @@ bool ComponentCloudPolicyStore::ValidatePolicy(

return false;

}

- // Calculate the bounds for the timestamp validation: a valid policy should be

- // not older than the currently stored policy, and also the timestamp should

- // not point too far in the future. This allows to prevent the rollback of the

- // policy, together with some protection against incorrectly large timestamps

- // that could be generated by the server due to some bug.

+ // A valid policy should be not older than the currently stored policy, which

+ // allows to prevent the rollback of the policy.

base::Time time_not_before;

const auto stored_policy_times_iter = stored_policy_times_.find(ns);

if (stored_policy_times_iter != stored_policy_times_.end())

time_not_before = stored_policy_times_iter->second;

- const base::Time time_not_after = base::Time::NowFromSystemTime();

std::unique_ptr<ComponentCloudPolicyValidator> validator(

ComponentCloudPolicyValidator::Create(

std::move(proto), scoped_refptr<base::SequencedTaskRunner>()));

- validator->ValidateTimestamp(

- time_not_before, time_not_after,

- CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);

+ validator->ValidateTimestamp(time_not_before,

+ CloudPolicyValidatorBase::TIMESTAMP_VALIDATED);

validator->ValidateUsername(username_, true);

validator->ValidateDMToken(dm_token_,

ComponentCloudPolicyValidator::DM_TOKEN_REQUIRED);