| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "chrome/browser/policy/cloud/device_management_service.h" | 10 #include "chrome/browser/policy/cloud/device_management_service.h" |
| (...skipping 27 matching lines...) Expand all Loading... |
| 38 session_manager_client_->RetrieveDeviceLocalAccountPolicy( | 38 session_manager_client_->RetrieveDeviceLocalAccountPolicy( |
| 39 account_id_, | 39 account_id_, |
| 40 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, | 40 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, |
| 41 weak_factory_.GetWeakPtr())); | 41 weak_factory_.GetWeakPtr())); |
| 42 } | 42 } |
| 43 | 43 |
| 44 void DeviceLocalAccountPolicyStore::Store( | 44 void DeviceLocalAccountPolicyStore::Store( |
| 45 const em::PolicyFetchResponse& policy) { | 45 const em::PolicyFetchResponse& policy) { |
| 46 weak_factory_.InvalidateWeakPtrs(); | 46 weak_factory_.InvalidateWeakPtrs(); |
| 47 CheckKeyAndValidate( | 47 CheckKeyAndValidate( |
| 48 true, |
| 48 make_scoped_ptr(new em::PolicyFetchResponse(policy)), | 49 make_scoped_ptr(new em::PolicyFetchResponse(policy)), |
| 49 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, | 50 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, |
| 50 weak_factory_.GetWeakPtr())); | 51 weak_factory_.GetWeakPtr())); |
| 51 } | 52 } |
| 52 | 53 |
| 53 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( | 54 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( |
| 54 const std::string& policy_blob) { | 55 const std::string& policy_blob) { |
| 55 if (policy_blob.empty()) { | 56 if (policy_blob.empty()) { |
| 56 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; | 57 status_ = CloudPolicyStore::STATUS_LOAD_ERROR; |
| 57 NotifyStoreError(); | 58 NotifyStoreError(); |
| 58 } else { | 59 } else { |
| 59 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); | 60 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); |
| 60 if (policy->ParseFromString(policy_blob)) { | 61 if (policy->ParseFromString(policy_blob)) { |
| 61 CheckKeyAndValidate( | 62 CheckKeyAndValidate( |
| 63 false, |
| 62 policy.Pass(), | 64 policy.Pass(), |
| 63 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, | 65 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, |
| 64 weak_factory_.GetWeakPtr())); | 66 weak_factory_.GetWeakPtr())); |
| 65 } else { | 67 } else { |
| 66 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; | 68 status_ = CloudPolicyStore::STATUS_PARSE_ERROR; |
| 67 NotifyStoreError(); | 69 NotifyStoreError(); |
| 68 } | 70 } |
| 69 } | 71 } |
| 70 } | 72 } |
| 71 | 73 |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 140 void DeviceLocalAccountPolicyStore::HandleStoreResult(bool success) { | 142 void DeviceLocalAccountPolicyStore::HandleStoreResult(bool success) { |
| 141 if (!success) { | 143 if (!success) { |
| 142 status_ = CloudPolicyStore::STATUS_STORE_ERROR; | 144 status_ = CloudPolicyStore::STATUS_STORE_ERROR; |
| 143 NotifyStoreError(); | 145 NotifyStoreError(); |
| 144 } else { | 146 } else { |
| 145 Load(); | 147 Load(); |
| 146 } | 148 } |
| 147 } | 149 } |
| 148 | 150 |
| 149 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( | 151 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( |
| 152 bool valid_timestamp_required, |
| 150 scoped_ptr<em::PolicyFetchResponse> policy, | 153 scoped_ptr<em::PolicyFetchResponse> policy, |
| 151 const UserCloudPolicyValidator::CompletionCallback& callback) { | 154 const UserCloudPolicyValidator::CompletionCallback& callback) { |
| 152 device_settings_service_->GetOwnershipStatusAsync( | 155 device_settings_service_->GetOwnershipStatusAsync( |
| 153 base::Bind(&DeviceLocalAccountPolicyStore::Validate, | 156 base::Bind(&DeviceLocalAccountPolicyStore::Validate, |
| 154 weak_factory_.GetWeakPtr(), | 157 weak_factory_.GetWeakPtr(), |
| 158 valid_timestamp_required, |
| 155 base::Passed(&policy), | 159 base::Passed(&policy), |
| 156 callback)); | 160 callback)); |
| 157 } | 161 } |
| 158 | 162 |
| 159 void DeviceLocalAccountPolicyStore::Validate( | 163 void DeviceLocalAccountPolicyStore::Validate( |
| 164 bool valid_timestamp_required, |
| 160 scoped_ptr<em::PolicyFetchResponse> policy_response, | 165 scoped_ptr<em::PolicyFetchResponse> policy_response, |
| 161 const UserCloudPolicyValidator::CompletionCallback& callback, | 166 const UserCloudPolicyValidator::CompletionCallback& callback, |
| 162 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { | 167 chromeos::DeviceSettingsService::OwnershipStatus ownership_status) { |
| 163 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, | 168 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, |
| 164 ownership_status); | 169 ownership_status); |
| 165 scoped_refptr<chromeos::OwnerKey> key = | 170 scoped_refptr<chromeos::OwnerKey> key = |
| 166 device_settings_service_->GetOwnerKey(); | 171 device_settings_service_->GetOwnerKey(); |
| 167 if (!key.get() || !key->public_key()) { | 172 if (!key.get() || !key->public_key()) { |
| 168 status_ = CloudPolicyStore::STATUS_BAD_STATE; | 173 status_ = CloudPolicyStore::STATUS_BAD_STATE; |
| 169 NotifyStoreLoaded(); | 174 NotifyStoreLoaded(); |
| 170 return; | 175 return; |
| 171 } | 176 } |
| 172 | 177 |
| 173 scoped_ptr<UserCloudPolicyValidator> validator( | 178 scoped_ptr<UserCloudPolicyValidator> validator( |
| 174 UserCloudPolicyValidator::Create(policy_response.Pass(), | 179 UserCloudPolicyValidator::Create(policy_response.Pass(), |
| 175 background_task_runner())); | 180 background_task_runner())); |
| 176 validator->ValidateUsername(account_id_); | 181 validator->ValidateUsername(account_id_); |
| 177 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); | 182 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); |
| 183 // The timestamp is verified when storing a new policy downloaded from the |
| 184 // server but not when loading a cached policy from disk. |
| 185 // See SessionManagerOperation::ValidateDeviceSettings for the rationale. |
| 178 validator->ValidateAgainstCurrentPolicy( | 186 validator->ValidateAgainstCurrentPolicy( |
| 179 policy(), | 187 policy(), |
| 180 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, | 188 valid_timestamp_required |
| 189 ? CloudPolicyValidatorBase::TIMESTAMP_REQUIRED |
| 190 : CloudPolicyValidatorBase::TIMESTAMP_NOT_REQUIRED, |
| 181 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); | 191 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
| 182 validator->ValidatePayload(); | 192 validator->ValidatePayload(); |
| 183 validator->ValidateSignature(*key->public_key(), false); | 193 validator->ValidateSignature(*key->public_key(), false); |
| 184 validator.release()->StartValidation(callback); | 194 validator.release()->StartValidation(callback); |
| 185 } | 195 } |
| 186 | 196 |
| 187 } // namespace policy | 197 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 62453002:
Don't verify the policy timestamp when loading from cache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master