1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef EXTENSIONS_BROWSER_CONTENT_VERIFIER_H_
6#define EXTENSIONS_BROWSER_CONTENT_VERIFIER_H_
7
8#include <set>
9#include <string>
10
11#include "base/macros.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "extensions/browser/content_verify_job.h"
15
16namespace base {
17class FilePath;
18}
19
20namespace content {
21class BrowserContext;
22}
23
24namespace extensions {
25
26class Extension;
27class ContentHashFetcher;
28class ContentVerifierDelegate;
29
30// Used for managing overall content verification - both fetching content
31// hashes as needed, and supplying job objects to verify file contents as they
32// are read.
33class ContentVerifier : public base::RefCountedThreadSafe<ContentVerifier> {
34 public:
35  // Takes ownership of |delegate|.
36  ContentVerifier(content::BrowserContext* context,
37                  ContentVerifierDelegate* delegate);
38  void Start();
39  void Shutdown();
40
41  // Call this before reading a file within an extension. The caller owns the
42  // returned job.
43  ContentVerifyJob* CreateJobFor(const std::string& extension_id,
44                                 const base::FilePath& extension_root,
45                                 const base::FilePath& relative_path);
46
47  // Called (typically by a verification job) to indicate that verification
48  // failed while reading some file in |extension_id|.
49  void VerifyFailed(const std::string& extension_id,
50                    ContentVerifyJob::FailureReason reason);
51
52  void OnFetchComplete(const std::string& extension_id,
53                       bool success,
54                       bool was_force_check,
55                       const std::set<base::FilePath>& hash_mismatch_paths);
56
57 private:
58  DISALLOW_COPY_AND_ASSIGN(ContentVerifier);
59
60  friend class base::RefCountedThreadSafe<ContentVerifier>;
61  virtual ~ContentVerifier();
62
63  // Returns true if any of the paths in |relative_paths| *should* have their
64  // contents verified. (Some files get transcoded during the install process,
65  // so we don't want to verify their contents because they are expected not
66  // to match).
67  bool ShouldVerifyAnyPaths(const Extension* extension,
68                            const std::set<base::FilePath>& relative_paths);
69
70  // Note that it is important for these to appear in increasing "severity"
71  // order, because we use this to let command line flags increase, but not
72  // decrease, the mode you're running in compared to the experiment group.
73  enum Mode {
74    // Do not try to fetch content hashes if they are missing, and do not
75    // enforce them if they are present.
76    NONE = 0,
77
78    // If content hashes are missing, try to fetch them, but do not enforce.
79    BOOTSTRAP,
80
81    // If hashes are present, enforce them. If they are missing, try to fetch
82    // them.
83    ENFORCE,
84
85    // Treat the absence of hashes the same as a verification failure.
86    ENFORCE_STRICT
87  };
88
89  static Mode GetMode();
90
91  // The mode we're running in - set once at creation.
92  const Mode mode_;
93
94  // The associated BrowserContext.
95  content::BrowserContext* context_;
96
97  scoped_ptr<ContentVerifierDelegate> delegate_;
98
99  // For fetching content hash signatures.
100  scoped_ptr<ContentHashFetcher> fetcher_;
101};
102
103}  // namespace extensions
104
105#endif  // EXTENSIONS_BROWSER_CONTENT_VERIFIER_H_
106