| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/cloud/cloud_policy_validator.h" | 5 #include "chrome/browser/policy/cloud/cloud_policy_validator.h" |
| 6 | 6 |
| 7 #include "base/bind_helpers.h" | 7 #include "base/bind_helpers.h" |
| 8 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
| 9 #include "base/sequenced_task_runner.h" | 9 #include "base/sequenced_task_runner.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 269 CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckTimestamp() { | 269 CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckTimestamp() { |
| 270 if (!policy_data_->has_timestamp()) { | 270 if (!policy_data_->has_timestamp()) { |
| 271 if (timestamp_option_ == TIMESTAMP_NOT_REQUIRED) { | 271 if (timestamp_option_ == TIMESTAMP_NOT_REQUIRED) { |
| 272 return VALIDATION_OK; | 272 return VALIDATION_OK; |
| 273 } else { | 273 } else { |
| 274 LOG(ERROR) << "Policy timestamp missing"; | 274 LOG(ERROR) << "Policy timestamp missing"; |
| 275 return VALIDATION_BAD_TIMESTAMP; | 275 return VALIDATION_BAD_TIMESTAMP; |
| 276 } | 276 } |
| 277 } | 277 } |
| 278 | 278 |
| 279 if (policy_data_->timestamp() < timestamp_not_before_) { | 279 if (timestamp_option_ != TIMESTAMP_NOT_REQUIRED && |
| 280 policy_data_->timestamp() < timestamp_not_before_) { |
| 281 // If |timestamp_option_| is TIMESTAMP_REQUIRED or TIMESTAMP_NOT_BEFORE |
| 282 // then this is a failure. |
| 280 LOG(ERROR) << "Policy too old: " << policy_data_->timestamp(); | 283 LOG(ERROR) << "Policy too old: " << policy_data_->timestamp(); |
| 281 return VALIDATION_BAD_TIMESTAMP; | 284 return VALIDATION_BAD_TIMESTAMP; |
| 282 } | 285 } |
| 283 if (timestamp_option_ != TIMESTAMP_NOT_BEFORE && | 286 if (timestamp_option_ == TIMESTAMP_REQUIRED && |
| 284 policy_data_->timestamp() > timestamp_not_after_) { | 287 policy_data_->timestamp() > timestamp_not_after_) { |
| 285 LOG(ERROR) << "Policy from the future: " << policy_data_->timestamp(); | 288 LOG(ERROR) << "Policy from the future: " << policy_data_->timestamp(); |
| 286 return VALIDATION_BAD_TIMESTAMP; | 289 return VALIDATION_BAD_TIMESTAMP; |
| 287 } | 290 } |
| 288 | 291 |
| 289 return VALIDATION_OK; | 292 return VALIDATION_OK; |
| 290 } | 293 } |
| 291 | 294 |
| 292 CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckToken() { | 295 CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckToken() { |
| 293 // Make sure the token matches the expected token (if any) and also | 296 // Make sure the token matches the expected token (if any) and also |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 370 } | 373 } |
| 371 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.c_str()), | 374 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.c_str()), |
| 372 data.size()); | 375 data.size()); |
| 373 return verifier.VerifyFinal(); | 376 return verifier.VerifyFinal(); |
| 374 } | 377 } |
| 375 | 378 |
| 376 template class CloudPolicyValidator<em::CloudPolicySettings>; | 379 template class CloudPolicyValidator<em::CloudPolicySettings>; |
| 377 template class CloudPolicyValidator<em::ExternalPolicyData>; | 380 template class CloudPolicyValidator<em::ExternalPolicyData>; |
| 378 | 381 |
| 379 } // namespace policy | 382 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 62453002:
Don't verify the policy timestamp when loading from cache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master