| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback.h" | 9 #include "base/callback.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 NotifyStoreError(); | 236 NotifyStoreError(); |
| 237 return; | 237 return; |
| 238 } | 238 } |
| 239 | 239 |
| 240 policy_key_path_ = user_policy_key_dir_.Append( | 240 policy_key_path_ = user_policy_key_dir_.Append( |
| 241 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); | 241 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); |
| 242 LoadPolicyKey(policy_key_path_, &policy_key_); | 242 LoadPolicyKey(policy_key_path_, &policy_key_); |
| 243 policy_key_loaded_ = true; | 243 policy_key_loaded_ = true; |
| 244 | 244 |
| 245 scoped_ptr<UserCloudPolicyValidator> validator = | 245 scoped_ptr<UserCloudPolicyValidator> validator = |
| 246 CreateValidator(policy.Pass()); | 246 CreateValidator(policy.Pass(), |
| 247 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
| 247 validator->ValidateUsername(username_); | 248 validator->ValidateUsername(username_); |
| 248 const bool allow_rotation = false; | 249 const bool allow_rotation = false; |
| 249 validator->ValidateSignature(policy_key_, allow_rotation); | 250 validator->ValidateSignature(policy_key_, allow_rotation); |
| 250 validator->RunValidation(); | 251 validator->RunValidation(); |
| 251 OnRetrievedPolicyValidated(validator.get()); | 252 OnRetrievedPolicyValidated(validator.get()); |
| 252 } | 253 } |
| 253 | 254 |
| 254 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( | 255 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( |
| 255 scoped_ptr<em::PolicyFetchResponse> policy) { | 256 scoped_ptr<em::PolicyFetchResponse> policy) { |
| 256 // Create and configure a validator. | 257 // Create and configure a validator. |
| 257 scoped_ptr<UserCloudPolicyValidator> validator = | 258 scoped_ptr<UserCloudPolicyValidator> validator = |
| 258 CreateValidator(policy.Pass()); | 259 CreateValidator(policy.Pass(), |
| 260 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
| 259 validator->ValidateUsername(username_); | 261 validator->ValidateUsername(username_); |
| 260 if (policy_key_.empty()) { | 262 if (policy_key_.empty()) { |
| 261 validator->ValidateInitialKey(); | 263 validator->ValidateInitialKey(); |
| 262 } else { | 264 } else { |
| 263 const bool allow_rotation = true; | 265 const bool allow_rotation = true; |
| 264 validator->ValidateSignature(policy_key_, allow_rotation); | 266 validator->ValidateSignature(policy_key_, allow_rotation); |
| 265 } | 267 } |
| 266 | 268 |
| 267 // Start validation. The Validator will delete itself once validation is | 269 // Start validation. The Validator will delete itself once validation is |
| 268 // complete. | 270 // complete. |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 346 EnsurePolicyKeyLoaded( | 348 EnsurePolicyKeyLoaded( |
| 347 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, | 349 base::Bind(&UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy, |
| 348 weak_factory_.GetWeakPtr(), | 350 weak_factory_.GetWeakPtr(), |
| 349 base::Passed(&policy))); | 351 base::Passed(&policy))); |
| 350 } | 352 } |
| 351 | 353 |
| 352 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( | 354 void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy( |
| 353 scoped_ptr<em::PolicyFetchResponse> policy) { | 355 scoped_ptr<em::PolicyFetchResponse> policy) { |
| 354 // Create and configure a validator for the loaded policy. | 356 // Create and configure a validator for the loaded policy. |
| 355 scoped_ptr<UserCloudPolicyValidator> validator = | 357 scoped_ptr<UserCloudPolicyValidator> validator = |
| 356 CreateValidator(policy.Pass()); | 358 CreateValidator(policy.Pass(), |
| 359 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
| 357 validator->ValidateUsername(username_); | 360 validator->ValidateUsername(username_); |
| 358 const bool allow_rotation = false; | 361 const bool allow_rotation = false; |
| 359 validator->ValidateSignature(policy_key_, allow_rotation); | 362 validator->ValidateSignature(policy_key_, allow_rotation); |
| 360 // Start validation. The Validator will delete itself once validation is | 363 // Start validation. The Validator will delete itself once validation is |
| 361 // complete. | 364 // complete. |
| 362 validator.release()->StartValidation( | 365 validator.release()->StartValidation( |
| 363 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, | 366 base::Bind(&UserCloudPolicyStoreChromeOS::OnRetrievedPolicyValidated, |
| 364 weak_factory_.GetWeakPtr())); | 367 weak_factory_.GetWeakPtr())); |
| 365 } | 368 } |
| 366 | 369 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 397 void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( | 400 void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( |
| 398 const std::string& dm_token, | 401 const std::string& dm_token, |
| 399 const std::string& device_id, | 402 const std::string& device_id, |
| 400 Status status, | 403 Status status, |
| 401 scoped_ptr<em::PolicyFetchResponse> policy) { | 404 scoped_ptr<em::PolicyFetchResponse> policy) { |
| 402 status_ = status; | 405 status_ = status; |
| 403 if (policy.get()) { | 406 if (policy.get()) { |
| 404 // Create and configure a validator for the loaded legacy policy. Note that | 407 // Create and configure a validator for the loaded legacy policy. Note that |
| 405 // the signature on this policy is not verified. | 408 // the signature on this policy is not verified. |
| 406 scoped_ptr<UserCloudPolicyValidator> validator = | 409 scoped_ptr<UserCloudPolicyValidator> validator = |
| 407 CreateValidator(policy.Pass()); | 410 CreateValidator(policy.Pass(), |
| 411 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); |
| 408 validator->ValidateUsername(username_); | 412 validator->ValidateUsername(username_); |
| 409 validator.release()->StartValidation( | 413 validator.release()->StartValidation( |
| 410 base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, | 414 base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, |
| 411 weak_factory_.GetWeakPtr(), | 415 weak_factory_.GetWeakPtr(), |
| 412 dm_token, | 416 dm_token, |
| 413 device_id)); | 417 device_id)); |
| 414 } else { | 418 } else { |
| 415 InstallLegacyTokens(dm_token, device_id); | 419 InstallLegacyTokens(dm_token, device_id); |
| 416 } | 420 } |
| 417 } | 421 } |
| (...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 536 !sanitized_username.empty()) { | 540 !sanitized_username.empty()) { |
| 537 policy_key_path_ = user_policy_key_dir_.Append( | 541 policy_key_path_ = user_policy_key_dir_.Append( |
| 538 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); | 542 base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str())); |
| 539 } else { | 543 } else { |
| 540 SampleValidationFailure(VALIDATION_FAILURE_DBUS); | 544 SampleValidationFailure(VALIDATION_FAILURE_DBUS); |
| 541 } | 545 } |
| 542 ReloadPolicyKey(callback); | 546 ReloadPolicyKey(callback); |
| 543 } | 547 } |
| 544 | 548 |
| 545 } // namespace policy | 549 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24041002:
Turn off future-timestamp cloud policy checks on desktop (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src