1f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// found in the LICENSE file. 4f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 5f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 6f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <queue> 9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <set> 10f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <string> 11f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 12f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/basictypes.h" 13f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/callback.h" 14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/linked_ptr.h" 15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 16effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch#include "base/memory/weak_ptr.h" 17f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/browser/management_policy.h" 18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/common/extension.h" 19f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 20effb81e5f8246d0db0270817048dc992db66e9fbBen Murdochnamespace content { 21effb81e5f8246d0db0270817048dc992db66e9fbBen Murdochclass BrowserContext; 22effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch} 23effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 24f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace net { 25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class URLRequestContextGetter; 26f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} 27f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 28f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace extensions { 29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 30f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class ExtensionPrefs; 31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class InstallSigner; 32f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)struct InstallSignature; 33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// This class implements verification that a set of extensions are either from 35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// the webstore or are whitelisted by enterprise policy. The webstore 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// verification process works by sending a request to a backend server to get a 37f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// signature proving that a set of extensions are verified. This signature is 38f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// written into the extension preferences and is checked for validity when 39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// being read back again. 40f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// 41f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// This class should be kept notified of runtime changes to the set of 42f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// extensions installed from the webstore. 43f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class InstallVerifier : public ManagementPolicy::Provider { 44f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) public: 45effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch InstallVerifier(ExtensionPrefs* prefs, content::BrowserContext* context); 46f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual ~InstallVerifier(); 47f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Returns whether |extension| is of a type that needs verification. 495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) static bool NeedsVerification(const Extension& extension); 505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 51f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Initializes this object for use, including reading preferences and 52f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // validating the stored signature. 53f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void Init(); 54f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Returns the timestamp of our InstallSignature, if we have one. 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Time SignatureTimestamp(); 575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 58a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Returns true if |id| is either verified or our stored signature explicitly 59a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // tells us that it was invalid when we asked the server about it. 60a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) bool IsKnownId(const std::string& id); 61a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 62effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Attempts to verify a single extension and add it to the verified list. 63effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch void VerifyExtension(const std::string& extension_id); 64f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 65effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Attempts to verify all extensions. 66effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch void VerifyAllExtensions(); 67f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 68f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Call this to add a set of ids that will immediately be considered allowed, 69f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // and kick off an aysnchronous request to Add. 70f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void AddProvisional(const ExtensionIdSet& ids); 71f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 72f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Removes an id or set of ids from the verified list. 73f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void Remove(const std::string& id); 74f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void RemoveMany(const ExtensionIdSet& ids); 75f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 76f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // ManagementPolicy::Provider interface. 77f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual std::string GetDebugPolicyProviderName() const OVERRIDE; 78f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual bool MustRemainDisabled(const Extension* extension, 79f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) Extension::DisableReason* reason, 80a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::string16* error) const OVERRIDE; 81f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 82f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) private: 83effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // We keep a list of operations to the current set of extensions. 84f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) enum OperationType { 85effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch ADD_SINGLE, // Adding a single extension to be verified. 86effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch ADD_ALL, // Adding all extensions to be verified. 87effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch ADD_ALL_BOOTSTRAP, // Adding all extensions because of a bootstrapping. 88effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch ADD_PROVISIONAL, // Adding one or more provisionally-allowed extensions. 89effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch REMOVE // Remove one or more extensions. 90f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) }; 91f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 92f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // This is an operation we want to apply to the current set of verified ids. 93f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) struct PendingOperation { 94f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) OperationType type; 95f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 96f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // This is the set of ids being either added or removed. 97f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ExtensionIdSet ids; 98f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 99effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch explicit PendingOperation(OperationType type); 100f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ~PendingOperation(); 101f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) }; 102f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 103effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Returns the set of IDs for all extensions that potentially need to be 104effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // verified. 105effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch ExtensionIdSet GetExtensionsToVerify() const; 106effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 107effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Bootstrap the InstallVerifier if we do not already have a signature, or if 108effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // there are unknown extensions which need to be verified. 109effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch void MaybeBootstrapSelf(); 110effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 111effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Try adding a new set of |ids| to the list of verified ids. 112effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch void AddMany(const ExtensionIdSet& ids, OperationType type); 113effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 114effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Record the result of the verification for the histograms, and notify the 115effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // ExtensionPrefs if we verified all extensions. 116f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) void OnVerificationComplete(bool success, OperationType type); 117effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 118f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Removes any no-longer-installed ids, requesting a new signature if needed. 119f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void GarbageCollect(); 120f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 121f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Returns whether an extension id is allowed by policy. 122f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool AllowedByEnterprisePolicy(const std::string& id) const; 123f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 124f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Returns whether the given |id| is included in our verified signature. 125f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool IsVerified(const std::string& id) const; 126f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Returns true if the extension with |id| was installed later than the 1285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // timestamp of our signature. 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool WasInstalledAfterSignature(const std::string& id) const; 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 131f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Begins the process of fetching a new signature, based on applying the 132f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // operation at the head of the queue to the current set of ids in 133f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // |signature_| (if any) and then sending a request to sign that. 134f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void BeginFetch(); 135f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 136f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Saves the current value of |signature_| to the prefs; 137f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void SaveToPrefs(); 138f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 139f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Called with the result of a signature request, or NULL on failure. 140f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void SignatureCallback(scoped_ptr<InstallSignature> signature); 141f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 142f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ExtensionPrefs* prefs_; 143effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 144effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // The context with which the InstallVerifier is associated. 145effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch content::BrowserContext* context_; 146f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 147f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // Have we finished our bootstrap check yet? 148f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) bool bootstrap_check_complete_; 149f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 150f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // This is the most up-to-date signature, read out of |prefs_| during 151f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // initialization and updated anytime we get new id's added. 152f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<InstallSignature> signature_; 153f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 154f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // The current InstallSigner, if we have a signature request running. 155f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<InstallSigner> signer_; 156f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 157f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // A queue of operations to apply to the current set of allowed ids. 158f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) std::queue<linked_ptr<PendingOperation> > operation_queue_; 159f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 160f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // A set of ids that have been provisionally added, which we're willing to 161f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // consider allowed until we hear back from the server signature request. 162f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ExtensionIdSet provisional_; 163f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 164effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch base::WeakPtrFactory<InstallVerifier> weak_factory_; 165effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 166f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(InstallVerifier); 167f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}; 168f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 169f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace extensions 170f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 171f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 172