| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 syntax = "proto2"; | 5 syntax = "proto2"; |
| 6 | 6 |
| 7 option optimize_for = LITE_RUNTIME; | 7 option optimize_for = LITE_RUNTIME; |
| 8 | 8 |
| 9 package enterprise_management; | 9 package enterprise_management; |
| 10 | 10 |
| (...skipping 465 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 476 // is supplied. | 476 // is supplied. |
| 477 // Or, client might not have verification public key (legacy Chrome build | 477 // Or, client might not have verification public key (legacy Chrome build |
| 478 // before verification key was introduced, or outdated build which has | 478 // before verification key was introduced, or outdated build which has |
| 479 // old/compromised verification key). In that case, verification signature | 479 // old/compromised verification key). In that case, verification signature |
| 480 // cannot be provided. | 480 // cannot be provided. |
| 481 // If client is missing both public keys (old signing key and verification | 481 // If client is missing both public keys (old signing key and verification |
| 482 // key), then we are unable to produce any valid signature and client must | 482 // key), then we are unable to produce any valid signature and client must |
| 483 // drop such PolicyFetchResponse. | 483 // drop such PolicyFetchResponse. |
| 484 optional bytes new_public_key_verification_data = 8; | 484 optional bytes new_public_key_verification_data = 8; |
| 485 | 485 |
| 486 // If new_public_key is specified, this field contains a signature | 486 // If new_public_key is specified, this field contains the signature of a |
| 487 // of a PolicyPublicKeyAndDomain protobuf, signed using a key only | 487 // PublicKeyVerificationData protobuf, signed using a key only available to |
| 488 // available to DMServer. The public key portion of this well-known key is | 488 // DMServer. The public key portion of this well-known key is embedded into |
| 489 // embedded into the Chrome binary. The hash of that embedded key is passed | 489 // the Chrome binary. The hash of that embedded key is passed to DMServer as |
| 490 // to DMServer as verification_key_hash field in PolicyFetchRequest. DMServer | 490 // verification_key_hash field in PolicyFetchRequest. DMServer picks a private |
| 491 // will pick a private key on the server which matches the hash (matches | 491 // key on the server which matches the hash (matches public key on the |
| 492 // public key on the client). If DMServer is unable to find matching key, it | 492 // client). If DMServer is unable to find matching key, it returns an error |
| 493 // will return an error instead of policy data. | 493 // instead of policy data. In case a hash was not specified, DMServer leaves |
| 494 // In case hash was not specified, DMServer will leave verification signature | 494 // the verification signature field empty (legacy behavior). |
| 495 // field empty (legacy behavior). | 495 // This signature is provided to better protect first key delivery (since the |
| 496 // In addition to the checks between new_public_key | 496 // browser does not possess the previous signing key, DMServer cannot compute |
| 497 // and new_public_key_signature described above, Chrome also verifies | 497 // new_public_key_signature). |
| 498 // new_public_key with the embedded public key and | 498 // See http://go/chrome-nac-server-design for more information. |
| 499 // new_public_key_verification_signature. | |
| 500 optional bytes new_public_key_verification_data_signature = 9; | 499 optional bytes new_public_key_verification_data_signature = 9; |
| 501 } | 500 } |
| 502 | 501 |
| 503 // DEPRECATED ON THE SERVER: Protobuf used to generate the deprecated | 502 // DEPRECATED ON THE SERVER: Protobuf used to generate the deprecated |
| 504 // new_public_key_verification_signature field. | 503 // new_public_key_verification_signature field. |
| 505 message PolicyPublicKeyAndDomain { | 504 message PolicyPublicKeyAndDomain { |
| 506 // The public key to sign (taken from the |new_public_key| field in | 505 // The public key to sign (taken from the |new_public_key| field in |
| 507 // PolicyFetchResponse). | 506 // PolicyFetchResponse). |
| 508 optional bytes new_public_key = 1; | 507 optional bytes new_public_key = 1; |
| 509 | 508 |
| (...skipping 792 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1302 optional CheckAndroidManagementRequest check_android_management_request = 17; | 1301 optional CheckAndroidManagementRequest check_android_management_request = 17; |
| 1303 | 1302 |
| 1304 // Request to register with a registration certificate. | 1303 // Request to register with a registration certificate. |
| 1305 optional CertificateBasedDeviceRegisterRequest | 1304 optional CertificateBasedDeviceRegisterRequest |
| 1306 certificate_based_register_request = 18; | 1305 certificate_based_register_request = 18; |
| 1307 | 1306 |
| 1308 } | 1307 } |
| 1309 | 1308 |
| 1310 // Response from server to device. | 1309 // Response from server to device. |
| 1311 // | 1310 // |
| 1312 // The server uses the following numbers as HTTP status codes | 1311 // For release clients, DMServer returns errors using HTTP Status Code, so that |
| 1313 // to report top-level errors. | 1312 // clients only need to check one place for all error codes. It is also easier |
| 1313 // to perform log analysis and customer support since HTTP Status Code is easily |
| 1314 // visible in the logs. |
| 1315 // |
| 1316 // The following list defines the error code returned by this API: |
| 1314 // | 1317 // |
| 1315 // 200 OK: valid response is returned to client. | 1318 // 200 OK: valid response is returned to client. |
| 1316 // 400 Bad Request: invalid argument. | 1319 // 400 Bad Request: invalid argument. |
| 1317 // 401 Unauthorized: invalid auth cookie or DM token. | 1320 // 401 Unauthorized: invalid auth cookie or DM token. |
| 1318 // 403 Forbidden: device management is not allowed. | 1321 // 403 Forbidden: device management is not allowed. |
| 1319 // 404 Not Found: the request URL is invalid. | 1322 // 404 Not Found: the request URL is invalid. |
| 1320 // 410 Device Not Found: the device id is not found. | 1323 // 410 Device Not Found: the device id is not found. |
| 1321 // 491 Request Pending: the request is pending approval. | 1324 // 491 Request Pending: the request is pending approval. |
| 1322 // 500 Internal Server Error: most likely a bug in DM server. | 1325 // 500 Internal Server Error: most likely a bug in DM server. |
| 1323 // 503 Service Unavailable: most likely a backend error. | 1326 // 503 Service Unavailable: most likely a backend error. |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1398 // Response to update device attribute. | 1401 // Response to update device attribute. |
| 1399 optional DeviceAttributeUpdateResponse device_attribute_update_response = 16; | 1402 optional DeviceAttributeUpdateResponse device_attribute_update_response = 16; |
| 1400 | 1403 |
| 1401 // Response to GCM id update request. | 1404 // Response to GCM id update request. |
| 1402 optional GcmIdUpdateResponse gcm_id_update_response = 17; | 1405 optional GcmIdUpdateResponse gcm_id_update_response = 17; |
| 1403 | 1406 |
| 1404 // Response to check Android management request. | 1407 // Response to check Android management request. |
| 1405 optional CheckAndroidManagementResponse | 1408 optional CheckAndroidManagementResponse |
| 1406 check_android_management_response = 18; | 1409 check_android_management_response = 18; |
| 1407 } | 1410 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2424003003:
Sync more DMServer proto comments to the client. (Closed)
