Update protobuf definitions for ChromeOS device policy support

BUG=chromium-os:11258
TEST=compiles; existing unit tests pass

Review URL: http://codereview.chromium.org/6727027

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79390 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 70 insertions, 22 deletions

diff --git a/chrome/app/policy/cloud_policy_codegen.gyp b/chrome/app/policy/cloud_policy_codegen.gyp
index bbd5e32..ef3bb59 100644
--- a/chrome/app/policy/cloud_policy_codegen.gyp
+++ b/chrome/app/policy/cloud_policy_codegen.gyp
@@ -99,6 +99,7 @@
       'target_name': 'cloud_policy_backend_header_compile',
       'type': 'none',
       'sources': [
+        '<(proto_rel_path)/chrome_device_policy.proto',
         '<(proto_rel_path)/device_management_backend.proto',
         '<(proto_rel_path)/device_management_local.proto',
       ],
diff --git a/chrome/browser/policy/cloud_policy_cache.cc b/chrome/browser/policy/cloud_policy_cache.cc
index 0eda36b..a3e83ae 100644
--- a/chrome/browser/policy/cloud_policy_cache.cc
+++ b/chrome/browser/policy/cloud_policy_cache.cc
@@ -311,12 +311,6 @@ bool CloudPolicyCache::DecodePolicyResponse(
     base::Time* timestamp) {
   std::string data = policy_response.policy_data();
 
-  if (!VerifySignature(policy_response.policy_data_signature(), data,
-                       policy_response.certificate_chain())) {
-    LOG(WARNING) << "Failed to verify signature.";
-    return false;
-  }
-
   em::PolicyData policy_data;
   if (!policy_data.ParseFromString(data)) {
     LOG(WARNING) << "Failed to parse PolicyData protobuf.";
diff --git a/chrome/browser/policy/cloud_policy_cache_unittest.cc b/chrome/browser/policy/cloud_policy_cache_unittest.cc
index 7140ccb..4f3b1c5 100644
--- a/chrome/browser/policy/cloud_policy_cache_unittest.cc
+++ b/chrome/browser/policy/cloud_policy_cache_unittest.cc
@@ -83,10 +83,10 @@ class CloudPolicyCacheTest : public testing::Test {
 
     em::PolicyFetchResponse* response = new em::PolicyFetchResponse;
     response->set_policy_data(serialized_signed_response);
-    // TODO(jkummerow): Set proper certificate_chain and signature (when
+    // TODO(jkummerow): Set proper new_public_key and signature (when
     // implementing support for signature verification).
     response->set_policy_data_signature("TODO");
-    response->add_certificate_chain("TODO");
+    response->set_new_public_key("TODO");
     return response;
   }
 
diff --git a/chrome/browser/policy/cloud_policy_controller.cc b/chrome/browser/policy/cloud_policy_controller.cc
index ffd4f17..5507e31 100644
--- a/chrome/browser/policy/cloud_policy_controller.cc
+++ b/chrome/browser/policy/cloud_policy_controller.cc
@@ -212,7 +212,7 @@ void CloudPolicyController::SendPolicyRequest() {
   DCHECK(!identity_strategy_->GetDeviceToken().empty());
   em::DevicePolicyRequest policy_request;
   em::PolicyFetchRequest* fetch_request = policy_request.add_request();
-  fetch_request->set_signature_type(em::PolicyFetchRequest::X509);
+  fetch_request->set_signature_type(em::PolicyFetchRequest::SHA1_RSA);
   fetch_request->set_policy_type(identity_strategy_->GetPolicyType());
   if (!cache_->is_unmanaged() &&
       !cache_->last_policy_refresh_time().is_null()) {
diff --git a/chrome/browser/policy/mock_device_management_backend.h b/chrome/browser/policy/mock_device_management_backend.h
index d360157..8134e49 100644
--- a/chrome/browser/policy/mock_device_management_backend.h
+++ b/chrome/browser/policy/mock_device_management_backend.h
@@ -92,10 +92,10 @@ ACTION(MockDeviceManagementBackendSucceedSpdyCloudPolicy) {
   em::DevicePolicyResponse response;
   em::PolicyFetchResponse* fetch_response = response.add_response();
   fetch_response->set_policy_data(serialized_signed_response);
-  // TODO(jkummerow): Set proper certificate_chain and signature (when
+  // TODO(jkummerow): Set proper new_public_key and signature (when
   // implementing support for signature verification).
   fetch_response->set_policy_data_signature("TODO");
-  fetch_response->add_certificate_chain("TODO");
+  fetch_response->set_new_public_key("TODO");
   arg3->HandlePolicyResponse(response);
 }
 
diff --git a/chrome/browser/policy/proto/chrome_device_policy.proto b/chrome/browser/policy/proto/chrome_device_policy.proto
new file mode 100644
index 0000000..07864f6
--- /dev/null
+++ b/chrome/browser/policy/proto/chrome_device_policy.proto
@@ -0,0 +1,38 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package enterprise_management;
+
+message DevicePolicyRefreshRateProto {
+  // In milliseconds.
+  optional int64 policy_refresh_rate = 1;
+}
+
+message UserWhitelistProto {
+  repeated string user_whitelist = 1;
+}
+
+message GuestModeEnabledProto {
+  // Determines if guests are allowed to log in to the device.
+  optional bool guest_mode_enabled = 1;
+}
+
+message DeviceProxySettingsProto {
+  // One of "direct", "auto_detect", "pac_script", "fixed_servers", "system"
+  optional string proxy_mode = 1;
+  optional string proxy_server = 2;
+  optional string proxy_pac_url = 3;
+  optional string proxy_bypass_list = 4;
+}
+
+message ChromeDeviceSettingsProto {
+  optional DevicePolicyRefreshRateProto policy_refresh_rate = 1;
+  optional UserWhitelistProto user_whitelist = 2;
+  optional GuestModeEnabledProto guest_mode_enabled = 3;
+  optional DeviceProxySettingsProto device_proxy_settings = 4;
+}
\ No newline at end of file
diff --git a/chrome/browser/policy/proto/device_management_backend.proto b/chrome/browser/policy/proto/device_management_backend.proto
index a192a25..cf6b76b 100644
--- a/chrome/browser/policy/proto/device_management_backend.proto
+++ b/chrome/browser/policy/proto/device_management_backend.proto
@@ -143,7 +143,7 @@ message PolicyFetchRequest {
   // The policy type names are case insensitive.
   //
   // Possible values for Chrome OS are:
-  //   google/chromeos/device => ChromeSettingsProto
+  //   google/chromeos/device => ChromeDeviceSettingsProto
   //   google/chromeos/user => ChromeSettingsProto
   //   google/chromeos/unregistered_user => ChromeInitialSettingsProto
   optional string policy_type = 1;
@@ -154,9 +154,16 @@ message PolicyFetchRequest {
   // Tell server what kind of security signature is required.
   enum SignatureType {
     NONE = 0;
-    X509 = 1;
+    SHA1_RSA = 1;
   }
   optional SignatureType signature_type = 3 [default = NONE];
+  
+  // The version number of the public key that is currently stored
+  // on the client. This should be the last number the server had
+  // supplied as new_public_key_version in PolicyData.
+  // This field is unspecified if the client does not yet have a
+  // public key.
+  optional int32 public_key_version = 4;
 }
 
 // This message is included in serialized form in PolicyFetchResponse
@@ -192,6 +199,11 @@ message PolicyData {
   // |machine_name| in DeviceRegisterResponse but it might have
   // changed since then.
   optional string machine_name = 5;
+  
+  // Version number of the server's current public key. (The key that
+  // was used to sign this response. Numbering should start at 1 and be
+  // increased by 1 at each key rotation.)
+  optional int32 public_key_version = 6;
 }
 
 message PolicyFetchResponse {
@@ -204,20 +216,20 @@ message PolicyFetchResponse {
   // Human readable error message for customer support purpose.
   optional string error_message = 2;
 
-  // This is a serialized bytes of PolicyData protobuf above.
+  // This is a serialized |PolicyData| protobuf (defined above).
   optional bytes policy_data = 3;
 
   // Signature of the policy data above.
   optional bytes policy_data_signature = 4;
 
-  // The chain of DER-encoded X.509 certificates of the server's
-  // signing key.  The first element should be the certificate whose
-  // private key was used for signing the response, and each of the
-  // following certificates signs the previous one.
-  //
-  // If this field does not exist, it means the policy_data is not
-  // signed.
-  repeated bytes certificate_chain = 5;
+  // If the public key has been rotated on the server, the new public
+  // key is sent here. It is already used for |policy_data_signature|
+  // above, whereas |new_public_key_signature| is created using the
+  // old key (so the client can trust the new key). If this is the
+  // first time when the client requests policies (so it doesn't have
+  // on old public key), then |new_public_key_signature| is empty.
+  optional bytes new_public_key = 5;
+  optional bytes new_public_key_signature = 6;
 }
 
 // Request from device to server for reading policies.
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 5535580..f771b5f 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -1546,6 +1546,8 @@
         'browser/policy/user_policy_identity_strategy.cc',
         'browser/policy/user_policy_identity_strategy.h',
         # TODO(danno): Find a better way to include these files
+        '<(protoc_out_dir)/chrome/browser/policy/proto/chrome_device_policy.pb.cc',
+        '<(protoc_out_dir)/chrome/browser/policy/proto/chrome_device_policy.pb.h',
         '<(protoc_out_dir)/chrome/browser/policy/proto/device_management_backend.pb.cc',
         '<(protoc_out_dir)/chrome/browser/policy/proto/device_management_backend.pb.h',
         'browser/policy/proto/device_management_constants.cc',
@@ -3303,6 +3305,7 @@
             ['exclude', 'browser/oom_priority_manager.h'],
             ['exclude', 'browser/policy/device_policy_identity_strategy.cc'],
             ['exclude', 'browser/policy/device_policy_identity_strategy.h'],
+            ['exclude', 'browser/policy/proto/chrome_device_policy\\.pb\\.(h|cc)'],
             ['exclude', 'browser/renderer_host/offline_resource_handler.cc'],
             ['exclude', 'browser/renderer_host/offline_resource_handler.h'],
             ['exclude', 'browser/ui/webui/chrome_about_ui.cc'],