Update policy signature verification to include policy domain.

CloudPolicyValidator now accpets a "domain" parameter which is used to generate verification signatures for public keys. Broke out CloudPolicyValidator cached-key verification code into a separate validation function: ValidateCachedKey(). Added new hard-coded signatures for our PolicyBuilder test keys for the example.com domain. BUG=275291 TBR=rogerta@chromium.org Review URL: https://codereview.chromium.org/143183007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251292 0039d316-1c4b-4281-b951-d872f2087c98
author: atwilson@chromium.org <atwilson@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-02-14 13:50:55 +0000
committer: atwilson@chromium.org <atwilson@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-02-14 13:50:55 +0000
commit: 4f4b60e62182af2a42940475aaa328b785a514db (patch)
tree: d94418c271c094f1f7ad9d270e1a7566ae1c2da3 /chrome/browser/chromeos/settings
parent: d9a4c376df0f469a1053b2ae16465f729338708d (diff)
download: chromium_src-4f4b60e62182af2a42940475aaa328b785a514db.zip
chromium_src-4f4b60e62182af2a42940475aaa328b785a514db.tar.gz
chromium_src-4f4b60e62182af2a42940475aaa328b785a514db.tar.bz2
2 files changed, 4 insertions, 2 deletions
diff --git a/chrome/browser/chromeos/settings/session_manager_operation.cc b/chrome/browser/chromeos/settings/session_manager_operation.cc
index d7f994c..74efda9 100644
--- a/chrome/browser/chromeos/settings/session_manager_operation.cc
+++ b/chrome/browser/chromeos/settings/session_manager_operation.cc
@@ -182,8 +182,10 @@ void SessionManagerOperation::ValidateDeviceSettings(
       policy::CloudPolicyValidatorBase::DM_TOKEN_NOT_REQUIRED);
   validator->ValidatePolicyType(policy::dm_protocol::kChromeDevicePolicyType);
   validator->ValidatePayload();
+  // We don't check the DMServer verification key below, because the signing
+  // key is validated when it is installed.
   validator->ValidateSignature(owner_key_->public_key_as_string(),
-                               policy::GetPolicyVerificationKey(),
+                               std::string(),  // No key validation check.
                                std::string(),
                                false);
   validator->StartValidation(
diff --git a/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc b/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc
index 40a434b..6c9a6f7 100644
--- a/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc
+++ b/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc
@@ -271,7 +271,7 @@ TEST_F(SessionManagerOperationTest, SignAndStoreSettings) {
   validator->ValidateSignature(
       public_key_as_string,
       policy::GetPolicyVerificationKey(),
-      policy::PolicyBuilder::GetTestSigningKeySignature(),
+      policy::PolicyBuilder::kFakeDomain,
       false);
   validator->StartValidation(
       base::Bind(&SessionManagerOperationTest::CheckSuccessfulValidation,
author	atwilson@chromium.org <atwilson@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-02-14 13:50:55 +0000
committer	atwilson@chromium.org <atwilson@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-02-14 13:50:55 +0000
commit	4f4b60e62182af2a42940475aaa328b785a514db (patch)
tree	d94418c271c094f1f7ad9d270e1a7566ae1c2da3 /chrome/browser/chromeos/settings
parent	d9a4c376df0f469a1053b2ae16465f729338708d (diff)
download	chromium_src-4f4b60e62182af2a42940475aaa328b785a514db.zip chromium_src-4f4b60e62182af2a42940475aaa328b785a514db.tar.gz chromium_src-4f4b60e62182af2a42940475aaa328b785a514db.tar.bz2