install_verifier.h revision a1401311d1ab56c4ed0a474bd38c108f75cb0cd9 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
6#define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
7
8#include <queue>
9#include <set>
10#include <string>
11
12#include "base/basictypes.h"
13#include "base/callback.h"
14#include "base/memory/linked_ptr.h"
15#include "base/memory/scoped_ptr.h"
16#include "extensions/browser/management_policy.h"
17#include "extensions/common/extension.h"
18
19namespace net {
20class URLRequestContextGetter;
21}
22
23namespace extensions {
24
25class ExtensionPrefs;
26class InstallSigner;
27struct InstallSignature;
28
29// This class implements verification that a set of extensions are either from
30// the webstore or are whitelisted by enterprise policy.  The webstore
31// verification process works by sending a request to a backend server to get a
32// signature proving that a set of extensions are verified. This signature is
33// written into the extension preferences and is checked for validity when
34// being read back again.
35//
36// This class should be kept notified of runtime changes to the set of
37// extensions installed from the webstore.
38class InstallVerifier : public ManagementPolicy::Provider {
39 public:
40  InstallVerifier(ExtensionPrefs* prefs,
41                  net::URLRequestContextGetter* context_getter);
42  virtual ~InstallVerifier();
43
44  // Returns whether |extension| is of a type that needs verification.
45  static bool NeedsVerification(const Extension& extension);
46
47  // Initializes this object for use, including reading preferences and
48  // validating the stored signature.
49  void Init();
50
51  // Do we need to be bootstrapped? (i.e. do we have a signature already). If
52  // this is true, then consumers of this class should use Add/AddMany to get
53  // an initial one so that MustRemainDisabled can actually check against it.
54  bool NeedsBootstrap();
55
56  // Returns the timestamp of our InstallSignature, if we have one.
57  base::Time SignatureTimestamp();
58
59  // Returns true if |id| is either verified or our stored signature explicitly
60  // tells us that it was invalid when we asked the server about it.
61  bool IsKnownId(const std::string& id);
62
63  // A callback for indicating success/failure of adding new ids.
64  typedef base::Callback<void(bool)> AddResultCallback;
65
66  // Try adding a new |id| (or set of ids) to the list of verified ids. When
67  // this process is finished |callback| will be run with success/failure of
68  // the signature request (not necessarily whether the ids were verified).
69  void Add(const std::string& id, const AddResultCallback& callback);
70  void AddMany(const ExtensionIdSet& ids,
71               const AddResultCallback& callback);
72
73  // Call this to add a set of ids that will immediately be considered allowed,
74  // and kick off an aysnchronous request to Add.
75  void AddProvisional(const ExtensionIdSet& ids);
76
77  // Removes an id or set of ids from the verified list.
78  void Remove(const std::string& id);
79  void RemoveMany(const ExtensionIdSet& ids);
80
81  // ManagementPolicy::Provider interface.
82  virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
83  virtual bool MustRemainDisabled(const Extension* extension,
84                                  Extension::DisableReason* reason,
85                                  base::string16* error) const OVERRIDE;
86
87 private:
88  // We keep a list of operations to the current set of extensions - either
89  // additions or removals.
90  enum OperationType {
91    ADD,
92    REMOVE
93  };
94
95  // This is an operation we want to apply to the current set of verified ids.
96  struct PendingOperation {
97    OperationType type;
98
99    // This is the set of ids being either added or removed.
100    ExtensionIdSet ids;
101
102    AddResultCallback callback;
103
104    explicit PendingOperation();
105    ~PendingOperation();
106  };
107
108  // Removes any no-longer-installed ids, requesting a new signature if needed.
109  void GarbageCollect();
110
111  // Returns whether an extension id is allowed by policy.
112  bool AllowedByEnterprisePolicy(const std::string& id) const;
113
114  // Returns whether the given |id| is included in our verified signature.
115  bool IsVerified(const std::string& id) const;
116
117  // Returns true if the extension with |id| was installed later than the
118  // timestamp of our signature.
119  bool WasInstalledAfterSignature(const std::string& id) const;
120
121  // Begins the process of fetching a new signature, based on applying the
122  // operation at the head of the queue to the current set of ids in
123  // |signature_| (if any) and then sending a request to sign that.
124  void BeginFetch();
125
126  // Saves the current value of |signature_| to the prefs;
127  void SaveToPrefs();
128
129  // Called with the result of a signature request, or NULL on failure.
130  void SignatureCallback(scoped_ptr<InstallSignature> signature);
131
132  ExtensionPrefs* prefs_;
133  net::URLRequestContextGetter* context_getter_;
134
135  // This is the most up-to-date signature, read out of |prefs_| during
136  // initialization and updated anytime we get new id's added.
137  scoped_ptr<InstallSignature> signature_;
138
139  // The current InstallSigner, if we have a signature request running.
140  scoped_ptr<InstallSigner> signer_;
141
142  // A queue of operations to apply to the current set of allowed ids.
143  std::queue<linked_ptr<PendingOperation> > operation_queue_;
144
145  // A set of ids that have been provisionally added, which we're willing to
146  // consider allowed until we hear back from the server signature request.
147  ExtensionIdSet provisional_;
148
149  DISALLOW_COPY_AND_ASSIGN(InstallVerifier);
150};
151
152}  // namespace extensions
153
154#endif  // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
155