chrome/browser/extensions/install_verifier.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
   6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
   7
   8 #include <queue>
   9 #include <set>
  10 #include <string>
  11
  12 #include "base/basictypes.h"
  13 #include "base/callback.h"
  14 #include "base/memory/linked_ptr.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "base/memory/weak_ptr.h"
  17 #include "components/keyed_service/core/keyed_service.h"
  18 #include "extensions/browser/management_policy.h"
  19 #include "extensions/common/extension.h"
  20
  21 namespace content {
  22 class BrowserContext;
  23 }
  24
  25 namespace net {
  26 class URLRequestContextGetter;
  27 }
  28
  29 namespace extensions {
  30
  31 class ExtensionPrefs;
  32 class InstallSigner;
  33 struct InstallSignature;
  34
  35 // This class implements verification that a set of extensions are either from
  36 // the webstore or are whitelisted by enterprise policy.  The webstore
  37 // verification process works by sending a request to a backend server to get a
  38 // signature proving that a set of extensions are verified. This signature is
  39 // written into the extension preferences and is checked for validity when
  40 // being read back again.
  41 //
  42 // This class should be kept notified of runtime changes to the set of
  43 // extensions installed from the webstore.
  44 class InstallVerifier : public KeyedService,
  45                         public ManagementPolicy::Provider {
  46  public:
  47   InstallVerifier(ExtensionPrefs* prefs, content::BrowserContext* context);
  48   ~InstallVerifier() override;
  49
  50   // Convenience method to return the InstallVerifier for a given |context|.
  51   static InstallVerifier* Get(content::BrowserContext* context);
  52
  53   // Returns whether install verification should be enforced.
  54   static bool ShouldEnforce();
  55
  56   // Returns whether |extension| is of a type that needs verification.
  57   static bool NeedsVerification(const Extension& extension);
  58
  59   // Determines if an extension claims to be from the webstore.
  60   static bool IsFromStore(const Extension& extension);
  61
  62   // Initializes this object for use, including reading preferences and
  63   // validating the stored signature.
  64   void Init();
  65
  66   // Returns the timestamp of our InstallSignature, if we have one.
  67   base::Time SignatureTimestamp();
  68
  69   // Returns true if |id| is either verified or our stored signature explicitly
  70   // tells us that it was invalid when we asked the server about it.
  71   bool IsKnownId(const std::string& id) const;
  72
  73   // Returns whether the given |id| is considered invalid by our verified
  74   // signature.
  75   bool IsInvalid(const std::string& id) const;
  76
  77   // Attempts to verify a single extension and add it to the verified list.
  78   void VerifyExtension(const std::string& extension_id);
  79
  80   // Attempts to verify all extensions.
  81   void VerifyAllExtensions();
  82
  83   // Call this to add a set of ids that will immediately be considered allowed,
  84   // and kick off an aysnchronous request to Add.
  85   void AddProvisional(const ExtensionIdSet& ids);
  86
  87   // Removes an id or set of ids from the verified list.
  88   void Remove(const std::string& id);
  89   void RemoveMany(const ExtensionIdSet& ids);
  90
  91   // Returns whether an extension id is allowed by policy.
  92   bool AllowedByEnterprisePolicy(const std::string& id) const;
  93
  94   // ManagementPolicy::Provider interface.
  95   std::string GetDebugPolicyProviderName() const override;
  96   bool MustRemainDisabled(const Extension* extension,
  97                           Extension::DisableReason* reason,
  98                           base::string16* error) const override;
  99
 100  private:
 101   // We keep a list of operations to the current set of extensions.
 102   enum OperationType {
 103     ADD_SINGLE,         // Adding a single extension to be verified.
 104     ADD_ALL,            // Adding all extensions to be verified.
 105     ADD_ALL_BOOTSTRAP,  // Adding all extensions because of a bootstrapping.
 106     ADD_PROVISIONAL,    // Adding one or more provisionally-allowed extensions.
 107     REMOVE              // Remove one or more extensions.
 108   };
 109
 110   // This is an operation we want to apply to the current set of verified ids.
 111   struct PendingOperation {
 112     OperationType type;
 113
 114     // This is the set of ids being either added or removed.
 115     ExtensionIdSet ids;
 116
 117     explicit PendingOperation(OperationType type);
 118     ~PendingOperation();
 119   };
 120
 121   // Returns the set of IDs for all extensions that potentially need to be
 122   // verified.
 123   ExtensionIdSet GetExtensionsToVerify() const;
 124
 125   // Bootstrap the InstallVerifier if we do not already have a signature, or if
 126   // there are unknown extensions which need to be verified.
 127   void MaybeBootstrapSelf();
 128
 129   // Try adding a new set of |ids| to the list of verified ids.
 130   void AddMany(const ExtensionIdSet& ids, OperationType type);
 131
 132   // Record the result of the verification for the histograms, and notify the
 133   // ExtensionPrefs if we verified all extensions.
 134   void OnVerificationComplete(bool success, OperationType type);
 135
 136   // Removes any no-longer-installed ids, requesting a new signature if needed.
 137   void GarbageCollect();
 138
 139   // Returns whether the given |id| is included in our verified signature.
 140   bool IsVerified(const std::string& id) const;
 141
 142   // Returns true if the extension with |id| was installed later than the
 143   // timestamp of our signature.
 144   bool WasInstalledAfterSignature(const std::string& id) const;
 145
 146   // Begins the process of fetching a new signature, based on applying the
 147   // operation at the head of the queue to the current set of ids in
 148   // |signature_| (if any) and then sending a request to sign that.
 149   void BeginFetch();
 150
 151   // Saves the current value of |signature_| to the prefs;
 152   void SaveToPrefs();
 153
 154   // Called with the result of a signature request, or NULL on failure.
 155   void SignatureCallback(scoped_ptr<InstallSignature> signature);
 156
 157   ExtensionPrefs* prefs_;
 158
 159   // The context with which the InstallVerifier is associated.
 160   content::BrowserContext* context_;
 161
 162   // Have we finished our bootstrap check yet?
 163   bool bootstrap_check_complete_;
 164
 165   // This is the most up-to-date signature, read out of |prefs_| during
 166   // initialization and updated anytime we get new id's added.
 167   scoped_ptr<InstallSignature> signature_;
 168
 169   // The current InstallSigner, if we have a signature request running.
 170   scoped_ptr<InstallSigner> signer_;
 171
 172   // A queue of operations to apply to the current set of allowed ids.
 173   std::queue<linked_ptr<PendingOperation> > operation_queue_;
 174
 175   // A set of ids that have been provisionally added, which we're willing to
 176   // consider allowed until we hear back from the server signature request.
 177   ExtensionIdSet provisional_;
 178
 179   base::WeakPtrFactory<InstallVerifier> weak_factory_;
 180
 181   DISALLOW_COPY_AND_ASSIGN(InstallVerifier);
 182 };
 183
 184 }  // namespace extensions
 185
 186 #endif  // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_