chrome/browser/extensions/install_verifier.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
   6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
   7
   8 #include <queue>
   9 #include <set>
  10 #include <string>
  11
  12 #include "base/basictypes.h"
  13 #include "base/callback.h"
  14 #include "base/memory/linked_ptr.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "extensions/browser/management_policy.h"
  17 #include "extensions/common/extension.h"
  18
  19 namespace net {
  20 class URLRequestContextGetter;
  21 }
  22
  23 namespace extensions {
  24
  25 class ExtensionPrefs;
  26 class InstallSigner;
  27 struct InstallSignature;
  28
  29 // This class implements verification that a set of extensions are either from
  30 // the webstore or are whitelisted by enterprise policy.  The webstore
  31 // verification process works by sending a request to a backend server to get a
  32 // signature proving that a set of extensions are verified. This signature is
  33 // written into the extension preferences and is checked for validity when
  34 // being read back again.
  35 //
  36 // This class should be kept notified of runtime changes to the set of
  37 // extensions installed from the webstore.
  38 class InstallVerifier : public ManagementPolicy::Provider {
  39  public:
  40   InstallVerifier(ExtensionPrefs* prefs,
  41                   net::URLRequestContextGetter* context_getter);
  42   virtual ~InstallVerifier();
  43
  44   // Returns whether |extension| is of a type that needs verification.
  45   static bool NeedsVerification(const Extension& extension);
  46
  47   // Initializes this object for use, including reading preferences and
  48   // validating the stored signature.
  49   void Init();
  50
  51   // Do we need to be bootstrapped? (i.e. do we have a signature already). If
  52   // this is true, then consumers of this class should use Add/AddMany to get
  53   // an initial one so that MustRemainDisabled can actually check against it.
  54   bool NeedsBootstrap();
  55
  56   // A callback for indicating success/failure of adding new ids.
  57   typedef base::Callback<void(bool)> AddResultCallback;
  58
  59   // Try adding a new |id| (or set of ids) to the list of verified ids. When
  60   // this process is finished |callback| will be run with success/failure of
  61   // the signature request (not necessarily whether the ids were verified).
  62   void Add(const std::string& id, const AddResultCallback& callback);
  63   void AddMany(const ExtensionIdSet& ids,
  64                const AddResultCallback& callback);
  65
  66   // Call this to add a set of ids that will immediately be considered allowed,
  67   // and kick off an aysnchronous request to Add.
  68   void AddProvisional(const ExtensionIdSet& ids);
  69
  70   // Removes an id or set of ids from the verified list.
  71   void Remove(const std::string& id);
  72   void RemoveMany(const ExtensionIdSet& ids);
  73
  74   // ManagementPolicy::Provider interface.
  75   virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
  76   virtual bool MustRemainDisabled(const Extension* extension,
  77                                   Extension::DisableReason* reason,
  78                                   base::string16* error) const OVERRIDE;
  79
  80  private:
  81   // We keep a list of operations to the current set of extensions - either
  82   // additions or removals.
  83   enum OperationType {
  84     ADD,
  85     REMOVE
  86   };
  87
  88   // This is an operation we want to apply to the current set of verified ids.
  89   struct PendingOperation {
  90     OperationType type;
  91
  92     // This is the set of ids being either added or removed.
  93     ExtensionIdSet ids;
  94
  95     AddResultCallback callback;
  96
  97     explicit PendingOperation();
  98     ~PendingOperation();
  99   };
 100
 101   // Removes any no-longer-installed ids, requesting a new signature if needed.
 102   void GarbageCollect();
 103
 104   // Returns whether an extension id is allowed by policy.
 105   bool AllowedByEnterprisePolicy(const std::string& id) const;
 106
 107   // Returns whether the given |id| is included in our verified signature.
 108   bool IsVerified(const std::string& id) const;
 109
 110   // Begins the process of fetching a new signature, based on applying the
 111   // operation at the head of the queue to the current set of ids in
 112   // |signature_| (if any) and then sending a request to sign that.
 113   void BeginFetch();
 114
 115   // Saves the current value of |signature_| to the prefs;
 116   void SaveToPrefs();
 117
 118   // Called with the result of a signature request, or NULL on failure.
 119   void SignatureCallback(scoped_ptr<InstallSignature> signature);
 120
 121   ExtensionPrefs* prefs_;
 122   net::URLRequestContextGetter* context_getter_;
 123
 124   // This is the most up-to-date signature, read out of |prefs_| during
 125   // initialization and updated anytime we get new id's added.
 126   scoped_ptr<InstallSignature> signature_;
 127
 128   // The current InstallSigner, if we have a signature request running.
 129   scoped_ptr<InstallSigner> signer_;
 130
 131   // A queue of operations to apply to the current set of allowed ids.
 132   std::queue<linked_ptr<PendingOperation> > operation_queue_;
 133
 134   // A set of ids that have been provisionally added, which we're willing to
 135   // consider allowed until we hear back from the server signature request.
 136   ExtensionIdSet provisional_;
 137
 138   DISALLOW_COPY_AND_ASSIGN(InstallVerifier);
 139 };
 140
 141 }  // namespace extensions
 142
 143 #endif  // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_