install_verifier.h revision f2477e01787aa58f445919b809d89e252beef54f
1f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// found in the LICENSE file. 4f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 5f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 6f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <queue> 9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <set> 10f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <string> 11f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 12f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/basictypes.h" 13f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/callback.h" 14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/linked_ptr.h" 15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 16f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/browser/management_policy.h" 17f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "extensions/common/extension.h" 18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 19f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace net { 20f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class URLRequestContextGetter; 21f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} 22f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 23f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace extensions { 24f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class ExtensionPrefs; 26f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class InstallSigner; 27f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)struct InstallSignature; 28f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// This class implements verification that a set of extensions are either from 30f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// the webstore or are whitelisted by enterprise policy. The webstore 31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// verification process works by sending a request to a backend server to get a 32f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// signature proving that a set of extensions are verified. This signature is 33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// written into the extension preferences and is checked for validity when 34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// being read back again. 35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// This class should be kept notified of runtime changes to the set of 37f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// extensions installed from the webstore. 38f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class InstallVerifier : public ManagementPolicy::Provider { 39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) public: 40f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) InstallVerifier(ExtensionPrefs* prefs, 41f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) net::URLRequestContextGetter* context_getter); 42f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual ~InstallVerifier(); 43f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 44f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Initializes this object for use, including reading preferences and 45f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // validating the stored signature. 46f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void Init(); 47f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 48f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // A callback for indicating success/failure of adding new ids. 49f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) typedef base::Callback<void(bool)> AddResultCallback; 50f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 51f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Try adding a new |id| (or set of ids) to the list of verified ids. When 52f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // this process is finished |callback| will be run with success/failure. In 53f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // case of success, subsequent calls to IsVerified will begin returning true 54f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // for |id|. 55f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void Add(const std::string& id, const AddResultCallback& callback); 56f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void AddMany(const ExtensionIdSet& ids, 57f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const AddResultCallback& callback); 58f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 59f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Call this to add a set of ids that will immediately be considered allowed, 60f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // and kick off an aysnchronous request to Add. 61f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void AddProvisional(const ExtensionIdSet& ids); 62f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 63f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Removes an id or set of ids from the verified list. 64f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void Remove(const std::string& id); 65f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void RemoveMany(const ExtensionIdSet& ids); 66f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 67f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // ManagementPolicy::Provider interface. 68f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual std::string GetDebugPolicyProviderName() const OVERRIDE; 69f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual bool MustRemainDisabled(const Extension* extension, 70f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) Extension::DisableReason* reason, 71f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) string16* error) const OVERRIDE; 72f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 73f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) private: 74f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // We keep a list of operations to the current set of extensions - either 75f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // additions or removals. 76f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) enum OperationType { 77f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ADD, 78f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) REMOVE 79f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) }; 80f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 81f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // This is an operation we want to apply to the current set of verified ids. 82f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) struct PendingOperation { 83f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) OperationType type; 84f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 85f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // This is the set of ids being either added or removed. 86f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ExtensionIdSet ids; 87f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 88f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) AddResultCallback callback; 89f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 90f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) explicit PendingOperation(); 91f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ~PendingOperation(); 92f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) }; 93f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 94f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Removes any no-longer-installed ids, requesting a new signature if needed. 95f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void GarbageCollect(); 96f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 97f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Returns whether an extension id is allowed by policy. 98f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool AllowedByEnterprisePolicy(const std::string& id) const; 99f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 100f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Returns whether the given |id| is included in our verified signature. 101f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool IsVerified(const std::string& id) const; 102f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 103f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Begins the process of fetching a new signature, based on applying the 104f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // operation at the head of the queue to the current set of ids in 105f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // |signature_| (if any) and then sending a request to sign that. 106f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void BeginFetch(); 107f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 108f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Saves the current value of |signature_| to the prefs; 109f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void SaveToPrefs(); 110f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 111f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Called with the result of a signature request, or NULL on failure. 112f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void SignatureCallback(scoped_ptr<InstallSignature> signature); 113f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 114f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ExtensionPrefs* prefs_; 115f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) net::URLRequestContextGetter* context_getter_; 116f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 117f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // This is the most up-to-date signature, read out of |prefs_| during 118f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // initialization and updated anytime we get new id's added. 119f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<InstallSignature> signature_; 120f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 121f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // The current InstallSigner, if we have a signature request running. 122f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_ptr<InstallSigner> signer_; 123f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 124f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // A queue of operations to apply to the current set of allowed ids. 125f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) std::queue<linked_ptr<PendingOperation> > operation_queue_; 126f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 127f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // A set of ids that have been provisionally added, which we're willing to 128f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // consider allowed until we hear back from the server signature request. 129f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ExtensionIdSet provisional_; 130f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 131f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(InstallVerifier); 132f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}; 133f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 134f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace extensions 135f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 136f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 137