1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#ifndef CHROME_BROWSER_POLICY_CLOUD_EXTERNAL_POLICY_DATA_UPDATER_H_ 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#define CHROME_BROWSER_POLICY_CLOUD_EXTERNAL_POLICY_DATA_UPDATER_H_ 7c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 8c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <map> 9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <queue> 10c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include <string> 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/basictypes.h" 13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/callback_forward.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/memory/ref_counted.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/memory/weak_ptr.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/threading/non_thread_safe.h" 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 18c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace base { 19c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class SequencedTaskRunner; 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace net { 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class URLRequestContextGetter; 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace policy { 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// This class downloads external policy data. Given a |Request|, data is fetched 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// from the |url|, verified to not exceed |max_size| and to match the expected 30c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// |hash| and then handed to a callback that can do further verification before 31c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// finally deciding whether the fetched data is valid. 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// If a fetch is not successful or retrieves invalid data, retries are scheduled 33c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// with exponential backoff. 34c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class ExternalPolicyDataUpdater : public base::NonThreadSafe { 35c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 36c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) struct Request { 37c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 38c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Request(); 39c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) Request(const std::string& url, const std::string& hash, int64 max_size); 40c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 41c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool operator==(const Request& other) const; 42c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 43c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string url; 44c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::string hash; 45c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) int64 max_size; 46c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) }; 47c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 48c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // This callback is invoked when a fetch has successfully retrieved |data| 49c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // that does not exceed |max_size| and matches the expected |hash|. The 50c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // callback can do further verification to decide whether the fetched data is 51c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // valid. 52c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // If the callback returns |true|, the data is accepted and the |Request| is 53c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // finished. If the callback returns |false|, the data is rejected and the 54c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // fetch is retried after a long backoff. Note that in this case, the callback 55c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // may be invoked multiple times as the fetch is repeated. Make sure to not 56c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // bind base::Passed() scoped_ptrs to the callback in such cases as these 57c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // become invalid after a callback has been run once. base::Owned() can be 58c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // used in all cases. 59c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) typedef base::Callback<bool(const std::string&)> FetchSuccessCallback; 60c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 61c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |task_runner| must support file I/O, and is used to post delayed retry 62c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // tasks. 63c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |request_context| will be used for the download fetchers. 64c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ExternalPolicyDataUpdater( 65c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_refptr<base::SequencedTaskRunner> task_runner, 66c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> request_context, 67c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) size_t max_parallel_fetches); 68c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ~ExternalPolicyDataUpdater(); 69c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Fetches the external data specified in the |request|. The |key| is an 71c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // opaque identifier. If another request for the same |key| is still pending, 72c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // it will be canceled and replaced with the new |request|. The callback will 73c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // be invoked after a successful fetch. See the documentation of 74c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |FetchSuccessCallback| for more details. 75c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void FetchExternalData(const std::string key, 76c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const Request& request, 77c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const FetchSuccessCallback& callback); 78c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 79c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Cancels the pending request identified by |key|. If no such request is 80c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // pending, does nothing. 81c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void CancelExternalDataFetch(const std::string& key); 82c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) private: 84c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) class FetchJob; 85c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 86c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Starts jobs from the |job_queue_| until |max_parallel_jobs_| are running or 87c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // the queue is depleted. 88c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void StartNextJobs(); 89c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 90c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Appends |job| to the |job_queue_| and starts it immediately if less than 91c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |max_parallel_jobs_| are running. 92c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void ScheduleJob(FetchJob* job); 93c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 94c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Callback for jobs that succeeded. 95c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void OnJobSucceeded(FetchJob* job); 96c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 97c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Callback for jobs that failed. 98c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void OnJobFailed(FetchJob* job); 99c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 100c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_refptr<base::SequencedTaskRunner> task_runner_; 101c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> request_context_; 102c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 103c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // The maximum number of jobs to run in parallel. 104c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) size_t max_parallel_jobs_; 105c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 106c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // The number of jobs currently running. 107c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) size_t running_jobs_; 108c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 109c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // A monotonically increasing job ID. Used to identify jobs in tests. 110c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) int next_job_id_; 111c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 112c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Queue of jobs waiting to be run. Jobs are taken off the queue and started 113c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // by StartNextJobs(). 114c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::queue<base::WeakPtr<FetchJob> > job_queue_; 115c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 116c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Map that owns all existing jobs, regardless of whether they are currently 117c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // queued, running or waiting for a retry. 118c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) std::map<std::string, FetchJob*> job_map_; 119c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 120c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // |True| once the destructor starts. Prevents jobs from being started during 121c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // shutdown. 122c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool shutting_down_; 123c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 124c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(ExternalPolicyDataUpdater); 125c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 126c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 127c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace policy 128c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 129c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#endif // CHROME_BROWSER_POLICY_CLOUD_EXTERNAL_POLICY_DATA_UPDATER_H_ 130