chrome/browser/extensions/install_signer.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_SIGNER_H_
   6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_SIGNER_H_
   7
   8 #include <set>
   9 #include <string>
  10 #include <vector>
  11
  12 #include "base/basictypes.h"
  13 #include "base/callback.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "extensions/common/extension.h"
  16
  17 namespace base {
  18 class DictionaryValue;
  19 }
  20
  21 namespace net {
  22 class URLFetcher;
  23 class URLRequestContextGetter;
  24 }
  25
  26 namespace extensions {
  27
  28 // This represents a list of ids signed with a private key using an algorithm
  29 // that includes some salt bytes.
  30 struct InstallSignature {
  31   // The set of ids that have been signed.
  32   ExtensionIdSet ids;
  33
  34   // Both of these are just arrays of bytes, NOT base64-encoded.
  35   std::string salt;
  36   std::string signature;
  37
  38   // The date that the signature should expire, in YYYY-MM-DD format.
  39   std::string expire_date;
  40
  41   // The time this signature was obtained from the server. Note that this
  42   // is computed locally and *not* signed by the server key.
  43   base::Time timestamp;
  44
  45   // The set of ids that the server indicated were invalid (ie not signed).
  46   // Note that this is computed locally and *not* signed by the signature.
  47   ExtensionIdSet invalid_ids;
  48
  49   InstallSignature();
  50   ~InstallSignature();
  51
  52   // Helper methods for serialization to/from a base::DictionaryValue.
  53   void ToValue(base::DictionaryValue* value) const;
  54
  55   static scoped_ptr<InstallSignature> FromValue(
  56       const base::DictionaryValue& value);
  57 };
  58
  59 // Objects of this class encapsulate an operation to get a signature proving
  60 // that a set of ids are hosted in the webstore.
  61 class InstallSigner {
  62  public:
  63   typedef base::Callback<void(scoped_ptr<InstallSignature>)> SignatureCallback;
  64
  65   // IMPORTANT NOTE: It is possible that only some, but not all, of the entries
  66   // in |ids| will be successfully signed by the backend. Callers should always
  67   // check the set of ids in the InstallSignature passed to their callback, as
  68   // it may contain only a subset of the ids they passed in.
  69   InstallSigner(net::URLRequestContextGetter* context_getter,
  70                 const ExtensionIdSet& ids);
  71   ~InstallSigner();
  72
  73   // Returns a set of ids that are forced to be considered not from webstore,
  74   // e.g. by a command line flag used for testing.
  75   static ExtensionIdSet GetForcedNotFromWebstore();
  76
  77   // Begins the process of fetching a signature from the backend. This should
  78   // only be called once! If you want to get another signature, make another
  79   // instance of this class.
  80   void GetSignature(const SignatureCallback& callback);
  81
  82   // Returns whether the signature in InstallSignature is properly signed with a
  83   // known public key.
  84   static bool VerifySignature(const InstallSignature& signature);
  85
  86  private:
  87   // A very simple delegate just used to call ourself back when a url fetch is
  88   // complete.
  89   class FetcherDelegate;
  90
  91   // A helper function that calls |callback_| with an indication that an error
  92   // happened (currently done by passing an empty pointer).
  93   void ReportErrorViaCallback();
  94
  95   // Called when |url_fetcher_| has returned a result to parse the response,
  96   // and then call HandleSignatureResult with structured data.
  97   void ParseFetchResponse();
  98
  99   // Handles the result from a backend fetch.
 100   void HandleSignatureResult(const std::string& signature,
 101                              const std::string& expire_date,
 102                              const ExtensionIdSet& invalid_ids);
 103
 104   // The final callback for when we're done.
 105   SignatureCallback callback_;
 106
 107   // The current set of ids we're trying to verify. This may contain fewer ids
 108   // than we started with.
 109   ExtensionIdSet ids_;
 110
 111   // An array of random bytes used as an input to hash with the machine id,
 112   // which will need to be persisted in the eventual InstallSignature we get.
 113   std::string salt_;
 114
 115   // These are used to make the call to a backend server for a signature.
 116   net::URLRequestContextGetter* context_getter_;
 117   scoped_ptr<net::URLFetcher> url_fetcher_;
 118   scoped_ptr<FetcherDelegate> delegate_;
 119
 120   // The time the request to the server was started.
 121   base::Time request_start_time_;
 122
 123   DISALLOW_COPY_AND_ASSIGN(InstallSigner);
 124 };
 125
 126 }  // namespace extensions
 127
 128 #endif  // CHROME_BROWSER_EXTENSIONS_INSTALL_SIGNER_H_