Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / install_verifier.h
blob3a29276d08833183f695e8cb31c3f6294ac33cd9
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_
8 #include <queue>
9 #include <set>
10 #include <string>
12 #include "base/basictypes.h"
13 #include "base/callback.h"
14 #include "base/memory/linked_ptr.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/memory/weak_ptr.h"
17 #include "components/keyed_service/core/keyed_service.h"
18 #include "extensions/browser/management_policy.h"
19 #include "extensions/common/extension.h"
21 namespace content {
22 class BrowserContext;
25 namespace net {
26 class URLRequestContextGetter;
29 namespace extensions {
31 class ExtensionPrefs;
32 class InstallSigner;
33 struct InstallSignature;
35 // This class implements verification that a set of extensions are either from
36 // the webstore or are whitelisted by enterprise policy. The webstore
37 // verification process works by sending a request to a backend server to get a
38 // signature proving that a set of extensions are verified. This signature is
39 // written into the extension preferences and is checked for validity when
40 // being read back again.
42 // This class should be kept notified of runtime changes to the set of
43 // extensions installed from the webstore.
44 class InstallVerifier : public KeyedService,
45 public ManagementPolicy::Provider {
46 public:
47 InstallVerifier(ExtensionPrefs* prefs, content::BrowserContext* context);
48 ~InstallVerifier() override;
50 // Convenience method to return the InstallVerifier for a given |context|.
51 static InstallVerifier* Get(content::BrowserContext* context);
53 // Returns whether install verification should be enforced.
54 static bool ShouldEnforce();
56 // Returns whether |extension| is of a type that needs verification.
57 static bool NeedsVerification(const Extension& extension);
59 // Determines if an extension claims to be from the webstore.
60 static bool IsFromStore(const Extension& extension);
62 // Initializes this object for use, including reading preferences and
63 // validating the stored signature.
64 void Init();
66 // Returns the timestamp of our InstallSignature, if we have one.
67 base::Time SignatureTimestamp();
69 // Returns true if |id| is either verified or our stored signature explicitly
70 // tells us that it was invalid when we asked the server about it.
71 bool IsKnownId(const std::string& id) const;
73 // Returns whether the given |id| is considered invalid by our verified
74 // signature.
75 bool IsInvalid(const std::string& id) const;
77 // Attempts to verify a single extension and add it to the verified list.
78 void VerifyExtension(const std::string& extension_id);
80 // Attempts to verify all extensions.
81 void VerifyAllExtensions();
83 // Call this to add a set of ids that will immediately be considered allowed,
84 // and kick off an aysnchronous request to Add.
85 void AddProvisional(const ExtensionIdSet& ids);
87 // Removes an id or set of ids from the verified list.
88 void Remove(const std::string& id);
89 void RemoveMany(const ExtensionIdSet& ids);
91 // Returns whether an extension id is allowed by policy.
92 bool AllowedByEnterprisePolicy(const std::string& id) const;
94 // ManagementPolicy::Provider interface.
95 std::string GetDebugPolicyProviderName() const override;
96 bool MustRemainDisabled(const Extension* extension,
97 Extension::DisableReason* reason,
98 base::string16* error) const override;
100 private:
101 // We keep a list of operations to the current set of extensions.
102 enum OperationType {
103 ADD_SINGLE, // Adding a single extension to be verified.
104 ADD_ALL, // Adding all extensions to be verified.
105 ADD_ALL_BOOTSTRAP, // Adding all extensions because of a bootstrapping.
106 ADD_PROVISIONAL, // Adding one or more provisionally-allowed extensions.
107 REMOVE // Remove one or more extensions.
110 // This is an operation we want to apply to the current set of verified ids.
111 struct PendingOperation {
112 OperationType type;
114 // This is the set of ids being either added or removed.
115 ExtensionIdSet ids;
117 explicit PendingOperation(OperationType type);
118 ~PendingOperation();
121 // Returns the set of IDs for all extensions that potentially need to be
122 // verified.
123 ExtensionIdSet GetExtensionsToVerify() const;
125 // Bootstrap the InstallVerifier if we do not already have a signature, or if
126 // there are unknown extensions which need to be verified.
127 void MaybeBootstrapSelf();
129 // Try adding a new set of |ids| to the list of verified ids.
130 void AddMany(const ExtensionIdSet& ids, OperationType type);
132 // Record the result of the verification for the histograms, and notify the
133 // ExtensionPrefs if we verified all extensions.
134 void OnVerificationComplete(bool success, OperationType type);
136 // Removes any no-longer-installed ids, requesting a new signature if needed.
137 void GarbageCollect();
139 // Returns whether the given |id| is included in our verified signature.
140 bool IsVerified(const std::string& id) const;
142 // Returns true if the extension with |id| was installed later than the
143 // timestamp of our signature.
144 bool WasInstalledAfterSignature(const std::string& id) const;
146 // Begins the process of fetching a new signature, based on applying the
147 // operation at the head of the queue to the current set of ids in
148 // |signature_| (if any) and then sending a request to sign that.
149 void BeginFetch();
151 // Saves the current value of |signature_| to the prefs;
152 void SaveToPrefs();
154 // Called with the result of a signature request, or NULL on failure.
155 void SignatureCallback(scoped_ptr<InstallSignature> signature);
157 ExtensionPrefs* prefs_;
159 // The context with which the InstallVerifier is associated.
160 content::BrowserContext* context_;
162 // Have we finished our bootstrap check yet?
163 bool bootstrap_check_complete_;
165 // This is the most up-to-date signature, read out of |prefs_| during
166 // initialization and updated anytime we get new id's added.
167 scoped_ptr<InstallSignature> signature_;
169 // The current InstallSigner, if we have a signature request running.
170 scoped_ptr<InstallSigner> signer_;
172 // A queue of operations to apply to the current set of allowed ids.
173 std::queue<linked_ptr<PendingOperation> > operation_queue_;
175 // A set of ids that have been provisionally added, which we're willing to
176 // consider allowed until we hear back from the server signature request.
177 ExtensionIdSet provisional_;
179 base::WeakPtrFactory<InstallVerifier> weak_factory_;
181 DISALLOW_COPY_AND_ASSIGN(InstallVerifier);
184 } // namespace extensions
186 #endif // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_