diff options
author | Vitaly Buka <vitalybuka@google.com> | 2016-02-24 18:08:43 -0800 |
---|---|---|
committer | Vitaly Buka <vitalybuka@google.com> | 2016-02-25 17:34:54 +0000 |
commit | 2419a2a618919e2cf29e4737ef256a08b797954a (patch) | |
tree | 96c11a19f72814fffb164da7468e67357b3ee3c7 | |
parent | b7e099618f1cd94939a240a717c0c82865839851 (diff) | |
download | libweave-2419a2a618919e2cf29e4737ef256a08b797954a.tar.gz |
Update local auth info if server side information does not match
Missing fingerprint or different than local one means server data is not
useful for auth purpose.
BUG: 26140342
Change-Id: If57bdd5b2c589d30748b572bc3e4020c1bec472e
Reviewed-on: https://weave-review.googlesource.com/2738
Reviewed-by: Alex Vakulenko <avakulenko@google.com>
-rw-r--r-- | src/device_registration_info.cc | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/src/device_registration_info.cc b/src/device_registration_info.cc index 3ae1321..b399d1f 100644 --- a/src/device_registration_info.cc +++ b/src/device_registration_info.cc @@ -425,7 +425,12 @@ void DeviceRegistrationInfo::OnRefreshAccessTokenDone( StartNotificationChannel(); } - SendAuthInfo(); + if (GetSettings().root_client_token_owner != RootClientTokenOwner::kCloud) { + // Avoid re-claiming if device is already claimed by the Cloud. Cloud is + // allowed to re-claim device at any time. However this will invalidate all + // issued tokens. + SendAuthInfo(); + } callback.Run(nullptr); } @@ -954,12 +959,7 @@ void DeviceRegistrationInfo::SendAuthInfo() { if (!auth_manager_ || auth_info_update_inprogress_) return; - if (GetSettings().root_client_token_owner == RootClientTokenOwner::kCloud) { - // Avoid re-claiming if device is already claimed by the Cloud. Cloud is - // allowed to re-claim device at any time. However this will invalidate all - // issued tokens. - return; - } + LOG(INFO) << "Updating local auth info"; auth_info_update_inprogress_ = true; @@ -1028,6 +1028,18 @@ void DeviceRegistrationInfo::OnUpdateDeviceResourceDone( if (error) return OnUpdateDeviceResourceError(std::move(error)); UpdateDeviceInfoTimestamp(device_info); + + if (auth_manager_) { + std::string fingerprint_base64; + std::vector<uint8_t> fingerprint; + if (!device_info.GetString("certFingerprint", &fingerprint_base64) || + !Base64Decode(fingerprint_base64, &fingerprint) || + fingerprint != auth_manager_->GetCertificateFingerprint()) { + LOG(WARNING) << "Local auth info from server is invalid"; + SendAuthInfo(); + } + } + // Make a copy of the callback list so that if the callback triggers another // call to UpdateDeviceResource(), we do not modify the list we are iterating // over. |