#include "base/strings/stringprintf.h"
#include "chrome/browser/chromeos/policy/user_policy_disk_cache.h"
#include "chrome/browser/chromeos/policy/user_policy_token_loader.h"
-#include "chrome/browser/policy/proto/cloud/device_management_local.pb.h"
#include "chromeos/dbus/cryptohome_client.h"
#include "chromeos/dbus/session_manager_client.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
#include "google_apis/gaia/gaia_auth_util.h"
#include "policy/proto/cloud_policy.pb.h"
+#include "policy/proto/device_management_local.pb.h"
namespace em = enterprise_management;
VALIDATION_FAILURE_SIZE);
}
+// Extracts the domain name from the passed username.
+std::string ExtractDomain(const std::string& username) {
+ return gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));
+}
+
} // namespace
// Helper class for loading legacy policy caches.
CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
validator->ValidateUsername(username_);
const bool allow_rotation = false;
- validator->ValidateSignature(policy_key_, allow_rotation);
+ validator->ValidateSignature(
+ policy_key_,
+ GetPolicyVerificationKey(),
+ ExtractDomain(sanitized_username),
+ allow_rotation);
validator->RunValidation();
OnRetrievedPolicyValidated(validator.get());
}
CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
validator->ValidateUsername(username_);
if (policy_key_.empty()) {
- validator->ValidateInitialKey();
+ validator->ValidateInitialKey(GetPolicyVerificationKey(),
+ ExtractDomain(username_));
} else {
const bool allow_rotation = true;
- validator->ValidateSignature(policy_key_, allow_rotation);
+ validator->ValidateSignature(policy_key_,
+ GetPolicyVerificationKey(),
+ ExtractDomain(username_),
+ allow_rotation);
}
// Start validation. The Validator will delete itself once validation is
UMA_HISTOGRAM_ENUMERATION(
"Enterprise.UserPolicyValidationStoreStatus",
validation_status_,
- UserCloudPolicyValidator::VALIDATION_POLICY_PARSE_ERROR + 1);
+ UserCloudPolicyValidator::VALIDATION_STATUS_SIZE);
if (!validator->success()) {
status_ = STATUS_VALIDATION_ERROR;
CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
validator->ValidateUsername(username_);
const bool allow_rotation = false;
- validator->ValidateSignature(policy_key_, allow_rotation);
+ validator->ValidateSignature(policy_key_,
+ GetPolicyVerificationKey(),
+ ExtractDomain(username_),
+ allow_rotation);
// Start validation. The Validator will delete itself once validation is
// complete.
validator.release()->StartValidation(
UMA_HISTOGRAM_ENUMERATION(
"Enterprise.UserPolicyValidationLoadStatus",
validation_status_,
- UserCloudPolicyValidator::VALIDATION_POLICY_PARSE_ERROR + 1);
+ UserCloudPolicyValidator::VALIDATION_STATUS_SIZE);
if (!validator->success()) {
status_ = STATUS_VALIDATION_ERROR;
void UserCloudPolicyStoreChromeOS::ReloadPolicyKey(
const base::Closure& callback) {
- std::vector<uint8>* key = new std::vector<uint8>();
+ std::string* key = new std::string();
background_task_runner()->PostTaskAndReply(
FROM_HERE,
base::Bind(&UserCloudPolicyStoreChromeOS::LoadPolicyKey,
// static
void UserCloudPolicyStoreChromeOS::LoadPolicyKey(const base::FilePath& path,
- std::vector<uint8>* key) {
+ std::string* key) {
if (!base::PathExists(path)) {
// There is no policy key the first time that a user fetches policy. If
// |path| does not exist then that is the most likely scenario, so there's
}
int64 size;
- if (!file_util::GetFileSize(path, &size)) {
+ key->clear();
+ if (!base::GetFileSize(path, &size)) {
LOG(ERROR) << "Could not get size of " << path.value();
} else if (size == 0 || size > kKeySizeLimit) {
LOG(ERROR) << "Key at " << path.value() << " has bad size " << size;
} else {
- key->resize(size);
- int read_size = file_util::ReadFile(
- path, reinterpret_cast<char*>(vector_as_array(key)), size);
+ char buf[size];
+ int read_size = base::ReadFile(path, buf, size);
if (read_size != size) {
LOG(ERROR) << "Failed to read key at " << path.value();
- key->clear();
+ } else {
+ key->append(buf, size);
}
}
}
void UserCloudPolicyStoreChromeOS::OnPolicyKeyReloaded(
- std::vector<uint8>* key,
+ std::string* key,
const base::Closure& callback) {
- policy_key_.swap(*key);
+ policy_key_ = *key;
policy_key_loaded_ = true;
callback.Run();
}