Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / install_signer.h
blob56f23b4f1455e9ffb2905ce6f82ac8335b63e586
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_SIGNER_H_
6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_SIGNER_H_
8 #include <set>
9 #include <string>
10 #include <vector>
12 #include "base/basictypes.h"
13 #include "base/callback.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "extensions/common/extension.h"
17 namespace base {
18 class DictionaryValue;
21 namespace net {
22 class URLFetcher;
23 class URLRequestContextGetter;
26 namespace extensions {
28 // This represents a list of ids signed with a private key using an algorithm
29 // that includes some salt bytes.
30 struct InstallSignature {
31 // The set of ids that have been signed.
32 ExtensionIdSet ids;
34 // Both of these are just arrays of bytes, NOT base64-encoded.
35 std::string salt;
36 std::string signature;
38 // The date that the signature should expire, in YYYY-MM-DD format.
39 std::string expire_date;
41 // The time this signature was obtained from the server. Note that this
42 // is computed locally and *not* signed by the server key.
43 base::Time timestamp;
45 // The set of ids that the server indicated were invalid (ie not signed).
46 // Note that this is computed locally and *not* signed by the signature.
47 ExtensionIdSet invalid_ids;
49 InstallSignature();
50 ~InstallSignature();
52 // Helper methods for serialization to/from a base::DictionaryValue.
53 void ToValue(base::DictionaryValue* value) const;
55 static scoped_ptr<InstallSignature> FromValue(
56 const base::DictionaryValue& value);
59 // Objects of this class encapsulate an operation to get a signature proving
60 // that a set of ids are hosted in the webstore.
61 class InstallSigner {
62 public:
63 typedef base::Callback<void(scoped_ptr<InstallSignature>)> SignatureCallback;
65 // IMPORTANT NOTE: It is possible that only some, but not all, of the entries
66 // in |ids| will be successfully signed by the backend. Callers should always
67 // check the set of ids in the InstallSignature passed to their callback, as
68 // it may contain only a subset of the ids they passed in.
69 InstallSigner(net::URLRequestContextGetter* context_getter,
70 const ExtensionIdSet& ids);
71 ~InstallSigner();
73 // Returns a set of ids that are forced to be considered not from webstore,
74 // e.g. by a command line flag used for testing.
75 static ExtensionIdSet GetForcedNotFromWebstore();
77 // Begins the process of fetching a signature from the backend. This should
78 // only be called once! If you want to get another signature, make another
79 // instance of this class.
80 void GetSignature(const SignatureCallback& callback);
82 // Returns whether the signature in InstallSignature is properly signed with a
83 // known public key.
84 static bool VerifySignature(const InstallSignature& signature);
86 private:
87 // A very simple delegate just used to call ourself back when a url fetch is
88 // complete.
89 class FetcherDelegate;
91 // A helper function that calls |callback_| with an indication that an error
92 // happened (currently done by passing an empty pointer).
93 void ReportErrorViaCallback();
95 // Called when |url_fetcher_| has returned a result to parse the response,
96 // and then call HandleSignatureResult with structured data.
97 void ParseFetchResponse();
99 // Handles the result from a backend fetch.
100 void HandleSignatureResult(const std::string& signature,
101 const std::string& expire_date,
102 const ExtensionIdSet& invalid_ids);
104 // The final callback for when we're done.
105 SignatureCallback callback_;
107 // The current set of ids we're trying to verify. This may contain fewer ids
108 // than we started with.
109 ExtensionIdSet ids_;
111 // An array of random bytes used as an input to hash with the machine id,
112 // which will need to be persisted in the eventual InstallSignature we get.
113 std::string salt_;
115 // These are used to make the call to a backend server for a signature.
116 net::URLRequestContextGetter* context_getter_;
117 scoped_ptr<net::URLFetcher> url_fetcher_;
118 scoped_ptr<FetcherDelegate> delegate_;
120 // The time the request to the server was started.
121 base::Time request_start_time_;
123 DISALLOW_COPY_AND_ASSIGN(InstallSigner);
126 } // namespace extensions
128 #endif // CHROME_BROWSER_EXTENSIONS_INSTALL_SIGNER_H_