chrome/browser/extensions/install_verifier.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
   6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
   7
   8 #include <queue>
   9 #include <set>
  10 #include <string>
  11
  12 #include "base/basictypes.h"
  13 #include "base/callback.h"
  14 #include "base/memory/linked_ptr.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "base/memory/weak_ptr.h"
  17 #include "extensions/browser/management_policy.h"
  18 #include "extensions/common/extension.h"
  19
  20 namespace content {
  21 class BrowserContext;
  22 }
  23
  24 namespace net {
  25 class URLRequestContextGetter;
  26 }
  27
  28 namespace extensions {
  29
  30 class ExtensionPrefs;
  31 class InstallSigner;
  32 struct InstallSignature;
  33
  34 // This class implements verification that a set of extensions are either from
  35 // the webstore or are whitelisted by enterprise policy.  The webstore
  36 // verification process works by sending a request to a backend server to get a
  37 // signature proving that a set of extensions are verified. This signature is
  38 // written into the extension preferences and is checked for validity when
  39 // being read back again.
  40 //
  41 // This class should be kept notified of runtime changes to the set of
  42 // extensions installed from the webstore.
  43 class InstallVerifier : public ManagementPolicy::Provider {
  44  public:
  45   InstallVerifier(ExtensionPrefs* prefs, content::BrowserContext* context);
  46   virtual ~InstallVerifier();
  47
  48   // Returns whether |extension| is of a type that needs verification.
  49   static bool NeedsVerification(const Extension& extension);
  50
  51   // Initializes this object for use, including reading preferences and
  52   // validating the stored signature.
  53   void Init();
  54
  55   // Returns the timestamp of our InstallSignature, if we have one.
  56   base::Time SignatureTimestamp();
  57
  58   // Returns true if |id| is either verified or our stored signature explicitly
  59   // tells us that it was invalid when we asked the server about it.
  60   bool IsKnownId(const std::string& id);
  61
  62   // Attempts to verify a single extension and add it to the verified list.
  63   void VerifyExtension(const std::string& extension_id);
  64
  65   // Attempts to verify all extensions.
  66   void VerifyAllExtensions();
  67
  68   // Call this to add a set of ids that will immediately be considered allowed,
  69   // and kick off an aysnchronous request to Add.
  70   void AddProvisional(const ExtensionIdSet& ids);
  71
  72   // Removes an id or set of ids from the verified list.
  73   void Remove(const std::string& id);
  74   void RemoveMany(const ExtensionIdSet& ids);
  75
  76   // ManagementPolicy::Provider interface.
  77   virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
  78   virtual bool MustRemainDisabled(const Extension* extension,
  79                                   Extension::DisableReason* reason,
  80                                   base::string16* error) const OVERRIDE;
  81
  82  private:
  83   // We keep a list of operations to the current set of extensions.
  84   enum OperationType {
  85     ADD_SINGLE,         // Adding a single extension to be verified.
  86     ADD_ALL,            // Adding all extensions to be verified.
  87     ADD_ALL_BOOTSTRAP,  // Adding all extensions because of a bootstrapping.
  88     ADD_PROVISIONAL,    // Adding one or more provisionally-allowed extensions.
  89     REMOVE              // Remove one or more extensions.
  90   };
  91
  92   // This is an operation we want to apply to the current set of verified ids.
  93   struct PendingOperation {
  94     OperationType type;
  95
  96     // This is the set of ids being either added or removed.
  97     ExtensionIdSet ids;
  98
  99     explicit PendingOperation(OperationType type);
 100     ~PendingOperation();
 101   };
 102
 103   // Returns the set of IDs for all extensions that potentially need to be
 104   // verified.
 105   ExtensionIdSet GetExtensionsToVerify() const;
 106
 107   // Bootstrap the InstallVerifier if we do not already have a signature, or if
 108   // there are unknown extensions which need to be verified.
 109   void MaybeBootstrapSelf();
 110
 111   // Try adding a new set of |ids| to the list of verified ids.
 112   void AddMany(const ExtensionIdSet& ids, OperationType type);
 113
 114   // Record the result of the verification for the histograms, and notify the
 115   // ExtensionPrefs if we verified all extensions.
 116   void OnVerificationComplete(bool success, OperationType type) const;
 117
 118   // Removes any no-longer-installed ids, requesting a new signature if needed.
 119   void GarbageCollect();
 120
 121   // Returns whether an extension id is allowed by policy.
 122   bool AllowedByEnterprisePolicy(const std::string& id) const;
 123
 124   // Returns whether the given |id| is included in our verified signature.
 125   bool IsVerified(const std::string& id) const;
 126
 127   // Returns true if the extension with |id| was installed later than the
 128   // timestamp of our signature.
 129   bool WasInstalledAfterSignature(const std::string& id) const;
 130
 131   // Begins the process of fetching a new signature, based on applying the
 132   // operation at the head of the queue to the current set of ids in
 133   // |signature_| (if any) and then sending a request to sign that.
 134   void BeginFetch();
 135
 136   // Saves the current value of |signature_| to the prefs;
 137   void SaveToPrefs();
 138
 139   // Called with the result of a signature request, or NULL on failure.
 140   void SignatureCallback(scoped_ptr<InstallSignature> signature);
 141
 142   ExtensionPrefs* prefs_;
 143
 144   // The context with which the InstallVerifier is associated.
 145   content::BrowserContext* context_;
 146
 147   // This is the most up-to-date signature, read out of |prefs_| during
 148   // initialization and updated anytime we get new id's added.
 149   scoped_ptr<InstallSignature> signature_;
 150
 151   // The current InstallSigner, if we have a signature request running.
 152   scoped_ptr<InstallSigner> signer_;
 153
 154   // A queue of operations to apply to the current set of allowed ids.
 155   std::queue<linked_ptr<PendingOperation> > operation_queue_;
 156
 157   // A set of ids that have been provisionally added, which we're willing to
 158   // consider allowed until we hear back from the server signature request.
 159   ExtensionIdSet provisional_;
 160
 161   base::WeakPtrFactory<InstallVerifier> weak_factory_;
 162
 163   DISALLOW_COPY_AND_ASSIGN(InstallVerifier);
 164 };
 165
 166 }  // namespace extensions
 167
 168 #endif  // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_