| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 device_mode_(DEVICE_MODE_NOT_SET), | 69 device_mode_(DEVICE_MODE_NOT_SET), |
| 70 enrollment_step_(STEP_PENDING), | 70 enrollment_step_(STEP_PENDING), |
| 71 lockbox_init_duration_(0), | 71 lockbox_init_duration_(0), |
| 72 weak_ptr_factory_(this) { | 72 weak_ptr_factory_(this) { |
| 73 CHECK(!client_->is_registered()); | 73 CHECK(!client_->is_registered()); |
| 74 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); | 74 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); |
| 75 CHECK(management_mode_ == em::PolicyData::ENTERPRISE_MANAGED || | 75 CHECK(management_mode_ == em::PolicyData::ENTERPRISE_MANAGED || |
| 76 management_mode_ == em::PolicyData::CONSUMER_MANAGED); | 76 management_mode_ == em::PolicyData::CONSUMER_MANAGED); |
| 77 store_->AddObserver(this); | 77 store_->AddObserver(this); |
| 78 client_->AddObserver(this); | 78 client_->AddObserver(this); |
| 79 client_->AddNamespaceToFetch(PolicyNamespaceKey( | 79 client_->AddPolicyTypeToFetch(dm_protocol::kChromeDevicePolicyType, |
| 80 dm_protocol::kChromeDevicePolicyType, std::string())); | 80 std::string()); |
| 81 } | 81 } |
| 82 | 82 |
| 83 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { | 83 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { |
| 84 Stop(); | 84 Stop(); |
| 85 store_->RemoveObserver(this); | 85 store_->RemoveObserver(this); |
| 86 } | 86 } |
| 87 | 87 |
| 88 void EnrollmentHandlerChromeOS::StartEnrollment() { | 88 void EnrollmentHandlerChromeOS::StartEnrollment() { |
| 89 CHECK_EQ(STEP_PENDING, enrollment_step_); | 89 CHECK_EQ(STEP_PENDING, enrollment_step_); |
| 90 enrollment_step_ = STEP_STATE_KEYS; | 90 enrollment_step_ = STEP_STATE_KEYS; |
| 91 state_keys_broker_->RequestStateKeys( | 91 state_keys_broker_->RequestStateKeys( |
| 92 base::Bind(&EnrollmentHandlerChromeOS::HandleStateKeysResult, | 92 base::Bind(&EnrollmentHandlerChromeOS::HandleStateKeysResult, |
| 93 weak_ptr_factory_.GetWeakPtr())); | 93 weak_ptr_factory_.GetWeakPtr())); |
| 94 } | 94 } |
| 95 | 95 |
| 96 scoped_ptr<CloudPolicyClient> EnrollmentHandlerChromeOS::ReleaseClient() { | 96 scoped_ptr<CloudPolicyClient> EnrollmentHandlerChromeOS::ReleaseClient() { |
| 97 Stop(); | 97 Stop(); |
| 98 return client_.Pass(); | 98 return client_.Pass(); |
| 99 } | 99 } |
| 100 | 100 |
| 101 void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) { | 101 void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) { |
| 102 DCHECK_EQ(client_.get(), client); | 102 DCHECK_EQ(client_.get(), client); |
| 103 CHECK_EQ(STEP_POLICY_FETCH, enrollment_step_); | 103 CHECK_EQ(STEP_POLICY_FETCH, enrollment_step_); |
| 104 | 104 |
| 105 enrollment_step_ = STEP_VALIDATION; | 105 enrollment_step_ = STEP_VALIDATION; |
| 106 | 106 |
| 107 // Validate the policy. | 107 // Validate the policy. |
| 108 const em::PolicyFetchResponse* policy = client_->GetPolicyFor( | 108 const em::PolicyFetchResponse* policy = client_->GetPolicyFor( |
| 109 PolicyNamespaceKey(dm_protocol::kChromeDevicePolicyType, std::string())); | 109 dm_protocol::kChromeDevicePolicyType, std::string()); |
| 110 if (!policy) { | 110 if (!policy) { |
| 111 ReportResult(EnrollmentStatus::ForFetchError( | 111 ReportResult(EnrollmentStatus::ForFetchError( |
| 112 DM_STATUS_RESPONSE_DECODING_ERROR)); | 112 DM_STATUS_RESPONSE_DECODING_ERROR)); |
| 113 return; | 113 return; |
| 114 } | 114 } |
| 115 | 115 |
| 116 scoped_ptr<DeviceCloudPolicyValidator> validator( | 116 scoped_ptr<DeviceCloudPolicyValidator> validator( |
| 117 DeviceCloudPolicyValidator::Create( | 117 DeviceCloudPolicyValidator::Create( |
| 118 scoped_ptr<em::PolicyFetchResponse>( | 118 scoped_ptr<em::PolicyFetchResponse>( |
| 119 new em::PolicyFetchResponse(*policy)), | 119 new em::PolicyFetchResponse(*policy)), |
| (...skipping 14 matching lines...) Expand all Loading... |
| 134 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); | 134 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); |
| 135 validator->ValidatePayload(); | 135 validator->ValidatePayload(); |
| 136 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { | 136 if (management_mode_ == em::PolicyData::CONSUMER_MANAGED) { |
| 137 // For consumer-managed devices, although we don't store the policy, we | 137 // For consumer-managed devices, although we don't store the policy, we |
| 138 // still need to verify its integrity since we use the request token in it. | 138 // still need to verify its integrity since we use the request token in it. |
| 139 // The consumer device management server does not have the verification | 139 // The consumer device management server does not have the verification |
| 140 // key, and we need to skip checking on that by passing an empty key to | 140 // key, and we need to skip checking on that by passing an empty key to |
| 141 // ValidateInitialKey(). ValidateInitialKey() still checks that the policy | 141 // ValidateInitialKey(). ValidateInitialKey() still checks that the policy |
| 142 // data is correctly signed by the new public key when the verification key | 142 // data is correctly signed by the new public key when the verification key |
| 143 // is empty. | 143 // is empty. |
| 144 validator->ValidateInitialKey("", ""); | 144 validator->ValidateInitialKey(std::string(), std::string()); |
| 145 } else { | 145 } else { |
| 146 // If |domain| is empty here, the policy validation code will just use the | 146 // If |domain| is empty here, the policy validation code will just use the |
| 147 // domain from the username field in the policy itself to do key validation. | 147 // domain from the username field in the policy itself to do key validation. |
| 148 // TODO(mnissler): Plumb the enrolling user's username into this object so | 148 // TODO(mnissler): Plumb the enrolling user's username into this object so |
| 149 // we can validate the username on the resulting policy, and use the domain | 149 // we can validate the username on the resulting policy, and use the domain |
| 150 // from that username to validate the key below (http://crbug.com/343074). | 150 // from that username to validate the key below (http://crbug.com/343074). |
| 151 validator->ValidateInitialKey(GetPolicyVerificationKey(), domain); | 151 validator->ValidateInitialKey(GetPolicyVerificationKey(), domain); |
| 152 } | 152 } |
| 153 validator.release()->StartValidation( | 153 validator.release()->StartValidation( |
| 154 base::Bind(&EnrollmentHandlerChromeOS::HandlePolicyValidationResult, | 154 base::Bind(&EnrollmentHandlerChromeOS::HandlePolicyValidationResult, |
| (...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 << ", validation: " << status.validation_status() | 454 << ", validation: " << status.validation_status() |
| 455 << ", store: " << status.store_status() | 455 << ", store: " << status.store_status() |
| 456 << ", lock: " << status.lock_status(); | 456 << ", lock: " << status.lock_status(); |
| 457 } | 457 } |
| 458 | 458 |
| 459 if (!callback.is_null()) | 459 if (!callback.is_null()) |
| 460 callback.Run(status); | 460 callback.Run(status); |
| 461 } | 461 } |
| 462 | 462 |
| 463 } // namespace policy | 463 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 762863002:
Removed policy::PolicyNamespaceKey. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master