Google Git
Sign in
weave/weave/libweave/2419a2a618919e2cf29e4737ef256a08b797954a^!/.
commit
2419a2a618919e2cf29e4737ef256a08b797954a
[log] [tgz]
author
Vitaly Buka <vitalybuka@google.com>
Wed Feb 24 18:08:43 2016 -0800
committer
Vitaly Buka <vitalybuka@google.com>
Thu Feb 25 17:34:54 2016 +0000
tree
96c11a19f72814fffb164da7468e67357b3ee3c7
parent
b7e099618f1cd94939a240a717c0c82865839851 [diff]
Update local auth info if server side information does not match

Missing fingerprint or different than local one means server data is not
useful for auth purpose.

BUG: 26140342
Change-Id: If57bdd5b2c589d30748b572bc3e4020c1bec472e
Reviewed-on: https://weave-review.googlesource.com/2738
Reviewed-by: Alex Vakulenko <avakulenko@google.com>

diff --git a/src/device_registration_info.cc b/src/device_registration_info.cc
index 3ae1321..b399d1f 100644
--- a/src/device_registration_info.cc
+++ b/src/device_registration_info.cc

@@ -425,7 +425,12 @@
     StartNotificationChannel();
   }
 
-  SendAuthInfo();
+  if (GetSettings().root_client_token_owner != RootClientTokenOwner::kCloud) {
+    // Avoid re-claiming if device is already claimed by the Cloud. Cloud is
+    // allowed to re-claim device at any time. However this will invalidate all
+    // issued tokens.
+    SendAuthInfo();
+  }
 
   callback.Run(nullptr);
 }
@@ -954,12 +959,7 @@
   if (!auth_manager_ || auth_info_update_inprogress_)
     return;
 
-  if (GetSettings().root_client_token_owner == RootClientTokenOwner::kCloud) {
-    // Avoid re-claiming if device is already claimed by the Cloud. Cloud is
-    // allowed to re-claim device at any time. However this will invalidate all
-    // issued tokens.
-    return;
-  }
+  LOG(INFO) << "Updating local auth info";
 
   auth_info_update_inprogress_ = true;
 
@@ -1028,6 +1028,18 @@
   if (error)
     return OnUpdateDeviceResourceError(std::move(error));
   UpdateDeviceInfoTimestamp(device_info);
+
+  if (auth_manager_) {
+    std::string fingerprint_base64;
+    std::vector<uint8_t> fingerprint;
+    if (!device_info.GetString("certFingerprint", &fingerprint_base64) ||
+        !Base64Decode(fingerprint_base64, &fingerprint) ||
+        fingerprint != auth_manager_->GetCertificateFingerprint()) {
+      LOG(WARNING) << "Local auth info from server is invalid";
+      SendAuthInfo();
+    }
+  }
+
   // Make a copy of the callback list so that if the callback triggers another
   // call to UpdateDeviceResource(), we do not modify the list we are iterating
   // over.