1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "components/policy/core/common/cloud/policy_builder.h" 6 7 #include <vector> 8 9 #include "base/stl_util.h" 10 #include "components/policy/core/common/cloud/cloud_policy_constants.h" 11 #include "crypto/signature_creator.h" 12 13 namespace em = enterprise_management; 14 15 namespace policy { 16 17 namespace { 18 19 // Signing key test data in DER-encoded PKCS8 format. 20 const uint8 kSigningKey[] = { 21 0x30, 0x82, 0x01, 0x55, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 22 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 23 0x01, 0x3f, 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 24 0xd9, 0xcd, 0xca, 0xcd, 0xc3, 0xea, 0xbe, 0x72, 0x79, 0x1c, 0x29, 0x37, 25 0x39, 0x99, 0x1f, 0xd4, 0xb3, 0x0e, 0xf0, 0x7b, 0x78, 0x77, 0x0e, 0x05, 26 0x3b, 0x65, 0x34, 0x12, 0x62, 0xaf, 0xa6, 0x8d, 0x33, 0xce, 0x78, 0xf8, 27 0x47, 0x05, 0x1d, 0x98, 0xaa, 0x1b, 0x1f, 0x50, 0x05, 0x5b, 0x3c, 0x19, 28 0x3f, 0x80, 0x83, 0x63, 0x63, 0x3a, 0xec, 0xcb, 0x2e, 0x90, 0x4f, 0xf5, 29 0x26, 0x76, 0xf1, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x64, 30 0x29, 0xc2, 0xd9, 0x6b, 0xfe, 0xf9, 0x84, 0x75, 0x73, 0xe0, 0xf4, 0x77, 31 0xb5, 0x96, 0xb0, 0xdf, 0x83, 0xc0, 0x4e, 0x57, 0xf1, 0x10, 0x6e, 0x91, 32 0x89, 0x12, 0x30, 0x5e, 0x57, 0xff, 0x14, 0x59, 0x5f, 0x18, 0x86, 0x4e, 33 0x4b, 0x17, 0x56, 0xfc, 0x8d, 0x40, 0xdd, 0x74, 0x65, 0xd3, 0xff, 0x67, 34 0x64, 0xcb, 0x9c, 0xb4, 0x14, 0x8a, 0x06, 0xb7, 0x13, 0x45, 0x94, 0x16, 35 0x7d, 0x3f, 0xe1, 0x02, 0x21, 0x00, 0xf6, 0x0f, 0x31, 0x6d, 0x06, 0xcc, 36 0x3b, 0xa0, 0x44, 0x1f, 0xf5, 0xc2, 0x45, 0x2b, 0x10, 0x6c, 0xf9, 0x6f, 37 0x8f, 0x87, 0x3d, 0xc0, 0x3b, 0x55, 0x13, 0x37, 0x80, 0xcd, 0x9f, 0xe1, 38 0xb7, 0xd9, 0x02, 0x21, 0x00, 0xe2, 0x9a, 0x5f, 0xbf, 0x95, 0x74, 0xb5, 39 0x7a, 0x6a, 0xa6, 0x97, 0xbd, 0x75, 0x8c, 0x97, 0x18, 0x24, 0xd6, 0x09, 40 0xcd, 0xdc, 0xb5, 0x94, 0xbf, 0xe2, 0x78, 0xaa, 0x20, 0x47, 0x9f, 0x68, 41 0x5d, 0x02, 0x21, 0x00, 0xaf, 0x8f, 0x97, 0x8c, 0x5a, 0xd5, 0x4d, 0x95, 42 0xc4, 0x05, 0xa9, 0xab, 0xba, 0xfe, 0x46, 0xf1, 0xf9, 0xe7, 0x07, 0x59, 43 0x4f, 0x4d, 0xe1, 0x07, 0x8a, 0x76, 0x87, 0x88, 0x2f, 0x13, 0x35, 0xc1, 44 0x02, 0x20, 0x24, 0xc3, 0xd9, 0x2f, 0x13, 0x47, 0x99, 0x3e, 0x20, 0x59, 45 0xa1, 0x1a, 0xeb, 0x1c, 0x81, 0x53, 0x38, 0x7e, 0xc5, 0x9e, 0x71, 0xe5, 46 0xc0, 0x19, 0x95, 0xdb, 0xef, 0xf6, 0x46, 0xc8, 0x95, 0x3d, 0x02, 0x21, 47 0x00, 0xaa, 0xb1, 0xff, 0x8a, 0xa2, 0xb2, 0x2b, 0xef, 0x9a, 0x83, 0x3f, 48 0xc5, 0xbc, 0xd4, 0x6a, 0x07, 0xe8, 0xc7, 0x0b, 0x2e, 0xd4, 0x0f, 0xf8, 49 0x98, 0x68, 0xe1, 0x04, 0xa8, 0x92, 0xd0, 0x10, 0xaa, 50 }; 51 52 // SHA256 signature of kSigningKey for "example.com" domain. 53 const uint8 kSigningKeySignature[] = { 54 0x97, 0xEB, 0x13, 0xE6, 0x6C, 0xE2, 0x7A, 0x2F, 0xC6, 0x6E, 0x68, 0x8F, 55 0xED, 0x5B, 0x51, 0x08, 0x27, 0xF0, 0xA5, 0x97, 0x20, 0xEE, 0xE2, 0x9B, 56 0x5B, 0x63, 0xA5, 0x9C, 0xAE, 0x41, 0xFD, 0x34, 0xC4, 0x2E, 0xEB, 0x63, 57 0x10, 0x80, 0x0C, 0x74, 0x77, 0x6E, 0x34, 0x1C, 0x1B, 0x3B, 0x8E, 0x2A, 58 0x3A, 0x7F, 0xF9, 0x73, 0xB6, 0x2B, 0xB6, 0x45, 0xDB, 0x05, 0xE8, 0x5A, 59 0x68, 0x36, 0x05, 0x3C, 0x62, 0x3A, 0x6C, 0x64, 0xDB, 0x0E, 0x61, 0xBD, 60 0x29, 0x1C, 0x61, 0x4B, 0xE0, 0xDA, 0x07, 0xBA, 0x29, 0x81, 0xF0, 0x90, 61 0x58, 0xB8, 0xBB, 0xF4, 0x69, 0xFF, 0x8F, 0x2B, 0x4A, 0x2D, 0x98, 0x51, 62 0x37, 0xF5, 0x52, 0xCB, 0xE3, 0xC4, 0x6D, 0xEC, 0xEA, 0x32, 0x2D, 0xDD, 63 0xD7, 0xFC, 0x43, 0xC6, 0x54, 0xE1, 0xC1, 0x66, 0x43, 0x37, 0x09, 0xE1, 64 0xBF, 0xD1, 0x11, 0xFC, 0xDB, 0xBF, 0xDF, 0x66, 0x53, 0x8F, 0x38, 0x2D, 65 0xAA, 0x89, 0xD2, 0x9F, 0x60, 0x90, 0xB7, 0x05, 0xC2, 0x20, 0x82, 0xE6, 66 0xE0, 0x57, 0x55, 0xFF, 0x5F, 0xC1, 0x76, 0x66, 0x46, 0xF8, 0x67, 0xB8, 67 0x8B, 0x81, 0x53, 0xA9, 0x8B, 0x48, 0x9E, 0x2A, 0xF9, 0x60, 0x57, 0xBA, 68 0xD7, 0x52, 0x97, 0x53, 0xF0, 0x2F, 0x78, 0x68, 0x50, 0x18, 0x12, 0x00, 69 0x5E, 0x8E, 0x2A, 0x62, 0x0D, 0x48, 0xA9, 0xB5, 0x6B, 0xBC, 0xA0, 0x52, 70 0x53, 0xD7, 0x65, 0x23, 0xA4, 0xA5, 0xF5, 0x32, 0x49, 0x2D, 0xB2, 0x77, 71 0x2C, 0x66, 0x97, 0xBA, 0x58, 0xE0, 0x16, 0x1C, 0x8C, 0x02, 0x5D, 0xE0, 72 0x73, 0x2E, 0xDF, 0xB4, 0x2F, 0x4C, 0xA2, 0x11, 0x26, 0xC1, 0xAF, 0xAC, 73 0x73, 0xBC, 0xB6, 0x98, 0xE0, 0x20, 0x61, 0x0E, 0x52, 0x4A, 0x6C, 0x80, 74 0xB5, 0x0C, 0x10, 0x80, 0x09, 0x17, 0xF4, 0x9D, 0xFE, 0xB5, 0xFC, 0x63, 75 0x9A, 0x80, 0x3F, 0x76, 76 }; 77 78 // New signing key test data in DER-encoded PKCS8 format. 79 const uint8 kNewSigningKey[] = { 80 0x30, 0x82, 0x01, 0x54, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 81 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 82 0x01, 0x3e, 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 83 0x99, 0x98, 0x6b, 0x79, 0x5d, 0x38, 0x33, 0x79, 0x27, 0x0a, 0x2e, 0xb0, 84 0x89, 0xba, 0xf8, 0xf6, 0x80, 0xde, 0xb0, 0x79, 0xf2, 0xd4, 0x6d, 0xf7, 85 0x3c, 0xa3, 0x97, 0xf6, 0x4a, 0x3c, 0xa5, 0xcc, 0x40, 0x8a, 0xef, 0x59, 86 0xaa, 0xc2, 0x82, 0x8f, 0xbc, 0x0d, 0x5b, 0x63, 0xc6, 0xaa, 0x72, 0xe2, 87 0xf3, 0x57, 0xdd, 0x74, 0x00, 0xb0, 0x42, 0xd6, 0x27, 0xe7, 0x17, 0x61, 88 0x0a, 0xdc, 0xc1, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x34, 89 0xcf, 0xc9, 0xb4, 0x73, 0x2f, 0x0d, 0xd3, 0xcc, 0x6e, 0x9d, 0xdb, 0x29, 90 0xa0, 0x56, 0x56, 0x3b, 0xbd, 0x56, 0x24, 0xb8, 0x2f, 0xfe, 0x97, 0x92, 91 0x0c, 0x16, 0x06, 0x23, 0x44, 0x73, 0x25, 0x1d, 0x65, 0xf4, 0xda, 0x77, 92 0xe7, 0x91, 0x2e, 0x91, 0x05, 0x10, 0xc1, 0x1b, 0x39, 0x5e, 0xb2, 0xf7, 93 0xbd, 0x14, 0x19, 0xcb, 0x6b, 0xc3, 0xa9, 0xe8, 0x91, 0xf7, 0xa7, 0xa9, 94 0x90, 0x08, 0x51, 0x02, 0x21, 0x00, 0xcc, 0x9e, 0x03, 0x54, 0x8f, 0x24, 95 0xde, 0x90, 0x25, 0xec, 0x21, 0xaf, 0xe6, 0x27, 0x2a, 0x16, 0x42, 0x74, 96 0xda, 0xf8, 0x84, 0xc4, 0x8c, 0x1e, 0x86, 0x12, 0x04, 0x5c, 0x17, 0x01, 97 0xea, 0x9d, 0x02, 0x21, 0x00, 0xc0, 0x2a, 0x6c, 0xe9, 0xa1, 0x1a, 0x41, 98 0x11, 0x94, 0x50, 0xf7, 0x1a, 0xd3, 0xbc, 0xf3, 0xa2, 0xf8, 0x46, 0xbc, 99 0x26, 0x77, 0x78, 0xef, 0xc0, 0x54, 0xec, 0x22, 0x3f, 0x2c, 0x57, 0xe0, 100 0xa3, 0x02, 0x20, 0x31, 0xf2, 0xc8, 0xa1, 0x55, 0xa8, 0x0c, 0x64, 0x67, 101 0xbd, 0x72, 0xa3, 0xbb, 0xad, 0x07, 0xcb, 0x13, 0x41, 0xef, 0x4a, 0x07, 102 0x2e, 0xeb, 0x7d, 0x70, 0x00, 0xe9, 0xeb, 0x88, 0xfa, 0x40, 0xc9, 0x02, 103 0x20, 0x3a, 0xe0, 0xc4, 0xde, 0x10, 0x6e, 0x6a, 0xe1, 0x68, 0x00, 0x26, 104 0xb6, 0x21, 0x8a, 0x13, 0x5c, 0x2b, 0x96, 0x00, 0xb0, 0x08, 0x8b, 0x15, 105 0x6a, 0x68, 0x9a, 0xb1, 0x23, 0x8a, 0x02, 0xa2, 0xe1, 0x02, 0x21, 0x00, 106 0xa3, 0xf2, 0x2d, 0x55, 0xc1, 0x6d, 0x40, 0xfa, 0x1d, 0xf7, 0xba, 0x86, 107 0xef, 0x50, 0x98, 0xfc, 0xee, 0x09, 0xcc, 0xe7, 0x22, 0xb9, 0x4e, 0x80, 108 0x32, 0x1a, 0x6b, 0xb3, 0x5f, 0x35, 0xbd, 0xf3, 109 }; 110 111 // SHA256 signature of kNewSigningKey for "example.com" domain. 112 const uint8 kNewSigningKeySignature[] = { 113 0x70, 0xED, 0x27, 0x42, 0x34, 0x69, 0xB6, 0x47, 0x9E, 0x7C, 0xA0, 0xF0, 114 0xE5, 0x0A, 0x49, 0x49, 0x00, 0xDA, 0xBC, 0x70, 0x01, 0xC5, 0x4B, 0xDB, 115 0x47, 0xD5, 0xAF, 0xA1, 0xAD, 0xB7, 0xE4, 0xE1, 0xBD, 0x5A, 0x1C, 0x35, 116 0x44, 0x5A, 0xAA, 0xDB, 0x27, 0xBA, 0xA4, 0xA9, 0xC8, 0xDD, 0xEC, 0xD6, 117 0xEB, 0xFE, 0xDB, 0xE0, 0x03, 0x5C, 0xA6, 0x2E, 0x5A, 0xEC, 0x75, 0x79, 118 0xB8, 0x5F, 0x0A, 0xEE, 0x05, 0xB2, 0x61, 0xDC, 0x58, 0xF0, 0xD1, 0xCB, 119 0x7B, 0x2A, 0xDB, 0xC1, 0x7C, 0x60, 0xE6, 0x3E, 0x87, 0x02, 0x61, 0xE6, 120 0x90, 0xFD, 0x54, 0x65, 0xC7, 0xFF, 0x74, 0x09, 0xD6, 0xAA, 0x8E, 0xDC, 121 0x5B, 0xC8, 0x38, 0x0C, 0x84, 0x0E, 0x84, 0x2E, 0x37, 0x2A, 0x4B, 0xDE, 122 0x31, 0x82, 0x76, 0x1E, 0x77, 0xA5, 0xC1, 0xD5, 0xED, 0xFF, 0xBC, 0xEA, 123 0x91, 0xB7, 0xBC, 0xFF, 0x76, 0x23, 0xE2, 0x78, 0x63, 0x01, 0x47, 0x80, 124 0x47, 0x1F, 0x3A, 0x49, 0xBF, 0x0D, 0xCF, 0x27, 0x70, 0x92, 0xBB, 0xEA, 125 0xB3, 0x92, 0x70, 0xFF, 0x1E, 0x4B, 0x1B, 0xE0, 0x4E, 0x0C, 0x4C, 0x6B, 126 0x5D, 0x77, 0x06, 0xBB, 0xFB, 0x9B, 0x0E, 0x55, 0xB8, 0x8A, 0xF2, 0x45, 127 0xA9, 0xF3, 0x54, 0x3D, 0x0C, 0xAC, 0xA8, 0x15, 0xD2, 0x31, 0x8D, 0x97, 128 0x08, 0x73, 0xC9, 0x0F, 0x1D, 0xDE, 0x10, 0x22, 0xC6, 0x55, 0x53, 0x7F, 129 0x7C, 0x50, 0x16, 0x5A, 0x08, 0xCC, 0x1C, 0x53, 0x9B, 0x02, 0xB8, 0x80, 130 0xB7, 0x46, 0xF5, 0xF1, 0xC7, 0x3D, 0x36, 0xBD, 0x26, 0x02, 0xDE, 0x10, 131 0xAB, 0x5A, 0x03, 0xCD, 0x67, 0x00, 0x1C, 0x23, 0xC7, 0x13, 0xEE, 0x5D, 132 0xAF, 0xC5, 0x1F, 0xE3, 0xA0, 0x54, 0xAC, 0xC2, 0xC9, 0x44, 0xD4, 0x4A, 133 0x09, 0x8E, 0xEB, 0xAE, 0xCA, 0x08, 0x8A, 0x7F, 0x41, 0x7B, 0xD8, 0x2C, 134 0xDD, 0x6F, 0x80, 0xC3, 135 }; 136 137 } // namespace 138 139 // Constants used as dummy data for filling the PolicyData protobuf. 140 const char PolicyBuilder::kFakeDeviceId[] = "device-id"; 141 const char PolicyBuilder::kFakeDomain[] = "example.com"; 142 const char PolicyBuilder::kFakeMachineName[] = "machine-name"; 143 const char PolicyBuilder::kFakePolicyType[] = "policy type"; 144 const int PolicyBuilder::kFakePublicKeyVersion = 17; 145 const int64 PolicyBuilder::kFakeTimestamp = 365LL * 24 * 60 * 60 * 1000; 146 const char PolicyBuilder::kFakeToken[] = "token"; 147 const char PolicyBuilder::kFakeUsername[] = "username (at) example.com"; 148 const char PolicyBuilder::kFakeServiceAccountIdentity[] = "robot4test (at) g.com"; 149 150 PolicyBuilder::PolicyBuilder() 151 : policy_data_(new em::PolicyData()) { 152 SetDefaultSigningKey(); 153 policy_data_->set_policy_type(kFakePolicyType); 154 policy_data_->set_timestamp(kFakeTimestamp); 155 policy_data_->set_request_token(kFakeToken); 156 policy_data_->set_machine_name(kFakeMachineName); 157 policy_data_->set_public_key_version(kFakePublicKeyVersion); 158 policy_data_->set_username(kFakeUsername); 159 policy_data_->set_device_id(kFakeDeviceId); 160 policy_data_->set_state(em::PolicyData::ACTIVE); 161 policy_data_->set_service_account_identity(kFakeServiceAccountIdentity); 162 } 163 164 PolicyBuilder::~PolicyBuilder() {} 165 166 scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::GetSigningKey() { 167 if (raw_signing_key_.empty()) 168 return scoped_ptr<crypto::RSAPrivateKey>(); 169 return scoped_ptr<crypto::RSAPrivateKey>( 170 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_signing_key_)); 171 } 172 173 void PolicyBuilder::SetSigningKey(const crypto::RSAPrivateKey& key) { 174 key.ExportPrivateKey(&raw_signing_key_); 175 } 176 177 void PolicyBuilder::SetDefaultSigningKey() { 178 std::vector<uint8> key(kSigningKey, kSigningKey + arraysize(kSigningKey)); 179 raw_signing_key_.swap(key); 180 } 181 182 void PolicyBuilder::UnsetSigningKey() { 183 raw_signing_key_.clear(); 184 } 185 186 scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::GetNewSigningKey() { 187 if (raw_new_signing_key_.empty()) 188 return scoped_ptr<crypto::RSAPrivateKey>(); 189 return scoped_ptr<crypto::RSAPrivateKey>( 190 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key_)); 191 } 192 193 void PolicyBuilder::SetDefaultNewSigningKey() { 194 std::vector<uint8> key(kNewSigningKey, 195 kNewSigningKey + arraysize(kNewSigningKey)); 196 raw_new_signing_key_.swap(key); 197 raw_new_signing_key_signature_ = GetTestOtherSigningKeySignature(); 198 } 199 200 void PolicyBuilder::SetDefaultInitialSigningKey() { 201 std::vector<uint8> key(kSigningKey, 202 kSigningKey + arraysize(kSigningKey)); 203 raw_new_signing_key_.swap(key); 204 raw_new_signing_key_signature_ = GetTestSigningKeySignature(); 205 UnsetSigningKey(); 206 } 207 208 void PolicyBuilder::UnsetNewSigningKey() { 209 raw_new_signing_key_.clear(); 210 raw_new_signing_key_signature_.clear(); 211 } 212 213 void PolicyBuilder::Build() { 214 // Generate signatures if applicable. 215 scoped_ptr<crypto::RSAPrivateKey> policy_signing_key = GetNewSigningKey(); 216 if (policy_signing_key) { 217 // Add the new public key. 218 std::vector<uint8> raw_new_public_signing_key; 219 CHECK(policy_signing_key->ExportPublicKey(&raw_new_public_signing_key)); 220 policy_.set_new_public_key(vector_as_array(&raw_new_public_signing_key), 221 raw_new_public_signing_key.size()); 222 223 policy_.set_new_public_key_verification_signature( 224 raw_new_signing_key_signature_); 225 226 // The new public key must be signed by the old key. 227 scoped_ptr<crypto::RSAPrivateKey> old_signing_key = GetSigningKey(); 228 if (old_signing_key) { 229 SignData(policy_.new_public_key(), 230 old_signing_key.get(), 231 policy_.mutable_new_public_key_signature()); 232 } 233 } else { 234 // No new signing key, so clear the old public key (this allows us to 235 // reuse the same PolicyBuilder to build multiple policy blobs). 236 policy_.clear_new_public_key(); 237 policy_.clear_new_public_key_signature(); 238 policy_signing_key = GetSigningKey(); 239 } 240 241 // Policy isn't signed, so there shouldn't be a public key version. 242 if (!policy_signing_key) 243 policy_data_->clear_public_key_version(); 244 245 // Serialize the policy data. 246 if (policy_data_.get()) 247 CHECK(policy_data_->SerializeToString(policy_.mutable_policy_data())); 248 249 // PolicyData signature. 250 if (policy_signing_key) { 251 SignData(policy_.policy_data(), policy_signing_key.get(), 252 policy_.mutable_policy_data_signature()); 253 } 254 } 255 256 std::string PolicyBuilder::GetBlob() { 257 return policy_.SerializeAsString(); 258 } 259 260 scoped_ptr<em::PolicyFetchResponse> PolicyBuilder::GetCopy() { 261 scoped_ptr<em::PolicyFetchResponse> result(new em::PolicyFetchResponse()); 262 result->CopyFrom(policy_); 263 return result.Pass(); 264 } 265 266 // static 267 scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::CreateTestSigningKey() { 268 std::vector<uint8> raw_signing_key( 269 kSigningKey, kSigningKey + arraysize(kSigningKey)); 270 return scoped_ptr<crypto::RSAPrivateKey>( 271 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_signing_key)); 272 } 273 274 // static 275 scoped_ptr<crypto::RSAPrivateKey> PolicyBuilder::CreateTestOtherSigningKey() { 276 std::vector<uint8> raw_new_signing_key( 277 kNewSigningKey, kNewSigningKey + arraysize(kNewSigningKey)); 278 return scoped_ptr<crypto::RSAPrivateKey>( 279 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(raw_new_signing_key)); 280 } 281 282 // static 283 std::string PolicyBuilder::GetTestSigningKeySignature() { 284 return std::string(reinterpret_cast<const char*>(kSigningKeySignature), 285 sizeof(kSigningKeySignature)); 286 } 287 288 // static 289 std::string PolicyBuilder::GetTestOtherSigningKeySignature() { 290 return std::string(reinterpret_cast<const char*>(kNewSigningKeySignature), 291 sizeof(kNewSigningKeySignature)); 292 } 293 294 void PolicyBuilder::SignData(const std::string& data, 295 crypto::RSAPrivateKey* key, 296 std::string* signature) { 297 scoped_ptr<crypto::SignatureCreator> signature_creator( 298 crypto::SignatureCreator::Create(key)); 299 signature_creator->Update(reinterpret_cast<const uint8*>(data.c_str()), 300 data.size()); 301 std::vector<uint8> signature_bytes; 302 CHECK(signature_creator->Final(&signature_bytes)); 303 signature->assign( 304 reinterpret_cast<const char*>(vector_as_array(&signature_bytes)), 305 signature_bytes.size()); 306 } 307 308 template<> 309 TypedPolicyBuilder<em::CloudPolicySettings>::TypedPolicyBuilder() 310 : payload_(new em::CloudPolicySettings()) { 311 policy_data().set_policy_type(dm_protocol::kChromeUserPolicyType); 312 } 313 314 // Have the instantiation compiled into the module. 315 template class TypedPolicyBuilder<em::CloudPolicySettings>; 316 317 #if !defined(OS_ANDROID) && !defined(OS_IOS) 318 template<> 319 TypedPolicyBuilder<em::ExternalPolicyData>::TypedPolicyBuilder() 320 : payload_(new em::ExternalPolicyData()) { 321 policy_data().set_policy_type(dm_protocol::kChromeExtensionPolicyType); 322 } 323 324 template class TypedPolicyBuilder<em::ExternalPolicyData>; 325 #endif 326 327 } // namespace policy 328
