| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ |
| #define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ |
| |
| #include <queue> |
| #include <set> |
| #include <string> |
| |
| #include "base/basictypes.h" |
| #include "base/callback.h" |
| #include "base/memory/linked_ptr.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "extensions/browser/management_policy.h" |
| #include "extensions/common/extension.h" |
| |
| namespace net { |
| class URLRequestContextGetter; |
| } |
| |
| namespace extensions { |
| |
| class ExtensionPrefs; |
| class InstallSigner; |
| struct InstallSignature; |
| |
| // This class implements verification that a set of extensions are either from |
| // the webstore or are whitelisted by enterprise policy. The webstore |
| // verification process works by sending a request to a backend server to get a |
| // signature proving that a set of extensions are verified. This signature is |
| // written into the extension preferences and is checked for validity when |
| // being read back again. |
| // |
| // This class should be kept notified of runtime changes to the set of |
| // extensions installed from the webstore. |
| class InstallVerifier : public ManagementPolicy::Provider { |
| public: |
| InstallVerifier(ExtensionPrefs* prefs, |
| net::URLRequestContextGetter* context_getter); |
| virtual ~InstallVerifier(); |
| |
| // Returns whether |extension| is of a type that needs verification. |
| static bool NeedsVerification(const Extension& extension); |
| |
| // Initializes this object for use, including reading preferences and |
| // validating the stored signature. |
| void Init(); |
| |
| // Do we need to be bootstrapped? (i.e. do we have a signature already). If |
| // this is true, then consumers of this class should use Add/AddMany to get |
| // an initial one so that MustRemainDisabled can actually check against it. |
| bool NeedsBootstrap(); |
| |
| // Returns the timestamp of our InstallSignature, if we have one. |
| base::Time SignatureTimestamp(); |
| |
| // A callback for indicating success/failure of adding new ids. |
| typedef base::Callback<void(bool)> AddResultCallback; |
| |
| // Try adding a new |id| (or set of ids) to the list of verified ids. When |
| // this process is finished |callback| will be run with success/failure of |
| // the signature request (not necessarily whether the ids were verified). |
| void Add(const std::string& id, const AddResultCallback& callback); |
| void AddMany(const ExtensionIdSet& ids, |
| const AddResultCallback& callback); |
| |
| // Call this to add a set of ids that will immediately be considered allowed, |
| // and kick off an aysnchronous request to Add. |
| void AddProvisional(const ExtensionIdSet& ids); |
| |
| // Removes an id or set of ids from the verified list. |
| void Remove(const std::string& id); |
| void RemoveMany(const ExtensionIdSet& ids); |
| |
| // ManagementPolicy::Provider interface. |
| virtual std::string GetDebugPolicyProviderName() const OVERRIDE; |
| virtual bool MustRemainDisabled(const Extension* extension, |
| Extension::DisableReason* reason, |
| base::string16* error) const OVERRIDE; |
| |
| private: |
| // We keep a list of operations to the current set of extensions - either |
| // additions or removals. |
| enum OperationType { |
| ADD, |
| REMOVE |
| }; |
| |
| // This is an operation we want to apply to the current set of verified ids. |
| struct PendingOperation { |
| OperationType type; |
| |
| // This is the set of ids being either added or removed. |
| ExtensionIdSet ids; |
| |
| AddResultCallback callback; |
| |
| explicit PendingOperation(); |
| ~PendingOperation(); |
| }; |
| |
| // Removes any no-longer-installed ids, requesting a new signature if needed. |
| void GarbageCollect(); |
| |
| // Returns whether an extension id is allowed by policy. |
| bool AllowedByEnterprisePolicy(const std::string& id) const; |
| |
| // Returns whether the given |id| is included in our verified signature. |
| bool IsVerified(const std::string& id) const; |
| |
| // Returns true if the extension with |id| was installed later than the |
| // timestamp of our signature. |
| bool WasInstalledAfterSignature(const std::string& id) const; |
| |
| // Begins the process of fetching a new signature, based on applying the |
| // operation at the head of the queue to the current set of ids in |
| // |signature_| (if any) and then sending a request to sign that. |
| void BeginFetch(); |
| |
| // Saves the current value of |signature_| to the prefs; |
| void SaveToPrefs(); |
| |
| // Called with the result of a signature request, or NULL on failure. |
| void SignatureCallback(scoped_ptr<InstallSignature> signature); |
| |
| ExtensionPrefs* prefs_; |
| net::URLRequestContextGetter* context_getter_; |
| |
| // This is the most up-to-date signature, read out of |prefs_| during |
| // initialization and updated anytime we get new id's added. |
| scoped_ptr<InstallSignature> signature_; |
| |
| // The current InstallSigner, if we have a signature request running. |
| scoped_ptr<InstallSigner> signer_; |
| |
| // A queue of operations to apply to the current set of allowed ids. |
| std::queue<linked_ptr<PendingOperation> > operation_queue_; |
| |
| // A set of ids that have been provisionally added, which we're willing to |
| // consider allowed until we hear back from the server signature request. |
| ExtensionIdSet provisional_; |
| |
| DISALLOW_COPY_AND_ASSIGN(InstallVerifier); |
| }; |
| |
| } // namespace extensions |
| |
| #endif // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ |