Update local auth info if server side information does not match

Missing fingerprint or different than local one means server data is not useful for auth purpose. BUG: 26140342 Change-Id: If57bdd5b2c589d30748b572bc3e4020c1bec472e Reviewed-on: https://weave-review.googlesource.com/2738 Reviewed-by: Alex Vakulenko <avakulenko@google.com>
author: Vitaly Buka <vitalybuka@google.com> 2016-02-24 18:08:43 -0800
committer: Vitaly Buka <vitalybuka@google.com> 2016-02-25 17:34:54 +0000
commit: 2419a2a618919e2cf29e4737ef256a08b797954a (patch)
tree: 96c11a19f72814fffb164da7468e67357b3ee3c7
parent: b7e099618f1cd94939a240a717c0c82865839851 (diff)
download: libweave-2419a2a618919e2cf29e4737ef256a08b797954a.tar.gz
1 files changed, 19 insertions, 7 deletions
diff --git a/src/device_registration_info.cc b/src/device_registration_info.cc
index 3ae1321..b399d1f 100644
--- a/src/device_registration_info.cc
+++ b/src/device_registration_info.cc
@@ -425,7 +425,12 @@ void DeviceRegistrationInfo::OnRefreshAccessTokenDone(
     StartNotificationChannel();
   }
 
-  SendAuthInfo();
+  if (GetSettings().root_client_token_owner != RootClientTokenOwner::kCloud) {
+    // Avoid re-claiming if device is already claimed by the Cloud. Cloud is
+    // allowed to re-claim device at any time. However this will invalidate all
+    // issued tokens.
+    SendAuthInfo();
+  }
 
   callback.Run(nullptr);
 }
@@ -954,12 +959,7 @@ void DeviceRegistrationInfo::SendAuthInfo() {
   if (!auth_manager_ || auth_info_update_inprogress_)
     return;
 
-  if (GetSettings().root_client_token_owner == RootClientTokenOwner::kCloud) {
-    // Avoid re-claiming if device is already claimed by the Cloud. Cloud is
-    // allowed to re-claim device at any time. However this will invalidate all
-    // issued tokens.
-    return;
-  }
+  LOG(INFO) << "Updating local auth info";
 
   auth_info_update_inprogress_ = true;
 
@@ -1028,6 +1028,18 @@ void DeviceRegistrationInfo::OnUpdateDeviceResourceDone(
   if (error)
     return OnUpdateDeviceResourceError(std::move(error));
   UpdateDeviceInfoTimestamp(device_info);
+
+  if (auth_manager_) {
+    std::string fingerprint_base64;
+    std::vector<uint8_t> fingerprint;
+    if (!device_info.GetString("certFingerprint", &fingerprint_base64) ||
+        !Base64Decode(fingerprint_base64, &fingerprint) ||
+        fingerprint != auth_manager_->GetCertificateFingerprint()) {
+      LOG(WARNING) << "Local auth info from server is invalid";
+      SendAuthInfo();
+    }
+  }
+
   // Make a copy of the callback list so that if the callback triggers another
   // call to UpdateDeviceResource(), we do not modify the list we are iterating
   // over.
author	Vitaly Buka <vitalybuka@google.com>	2016-02-24 18:08:43 -0800
committer	Vitaly Buka <vitalybuka@google.com>	2016-02-25 17:34:54 +0000
commit	2419a2a618919e2cf29e4737ef256a08b797954a (patch)
tree	96c11a19f72814fffb164da7468e67357b3ee3c7
parent	b7e099618f1cd94939a240a717c0c82865839851 (diff)
download	libweave-2419a2a618919e2cf29e4737ef256a08b797954a.tar.gz