• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_COMPONENT_CLOUD_POLICY_STORE_H_
6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_COMPONENT_CLOUD_POLICY_STORE_H_
7 
8 #include <map>
9 #include <string>
10 
11 #include "base/basictypes.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/threading/non_thread_safe.h"
14 #include "components/policy/core/common/cloud/resource_cache.h"
15 #include "components/policy/core/common/policy_bundle.h"
16 #include "components/policy/core/common/policy_namespace.h"
17 #include "components/policy/policy_export.h"
18 
19 namespace enterprise_management {
20 class ExternalPolicyData;
21 class PolicyData;
22 class PolicyFetchResponse;
23 }
24 
25 namespace policy {
26 
27 // Validates protobufs for external policy data, validates the data itself, and
28 // caches both locally.
29 class POLICY_EXPORT ComponentCloudPolicyStore : public base::NonThreadSafe {
30  public:
31   class POLICY_EXPORT Delegate {
32    public:
33     virtual ~Delegate();
34 
35     // Invoked whenever the policies served by policy() have changed, except
36     // for the initial Load().
37     virtual void OnComponentCloudPolicyStoreUpdated() = 0;
38   };
39 
40   // Both the |delegate| and the |cache| must outlive this object.
41   ComponentCloudPolicyStore(Delegate* delegate,
42                             ResourceCache* cache);
43   ~ComponentCloudPolicyStore();
44 
45   // Helper that returns true for PolicyDomains that can be managed by this
46   // store.
47   static bool SupportsDomain(PolicyDomain domain);
48 
49   // Returns true if |domain| can be managed by this store; in that case, the
50   // dm_protocol policy type that corresponds to |domain| is stored in
51   // |policy_type|. Otherwise returns false.
52   static bool GetPolicyType(PolicyDomain domain, std::string* policy_type);
53 
54   // Returns true if |policy_type| corresponds to a policy domain that can be
55   // managed by this store; in that case, the domain constants is assigned to
56   // |domain|. Otherwise returns false.
57   static bool GetPolicyDomain(const std::string& policy_type,
58                               PolicyDomain* domain);
59 
60   // The current list of policies.
policy()61   const PolicyBundle& policy() const { return policy_bundle_; }
62 
63   // The cached hash for namespace |ns|, or the empty string if |ns| is not
64   // cached.
65   const std::string& GetCachedHash(const PolicyNamespace& ns) const;
66 
67   // |username| and |dm_token| are used to validate the cached data, and data
68   // stored later.
69   // All ValidatePolicy() requests without credentials fail.
70   void SetCredentials(const std::string& username,
71                       const std::string& dm_token);
72 
73   // Loads and validates all the currently cached protobufs and policy data.
74   // This is performed synchronously, and policy() will return the cached
75   // policies after this call.
76   void Load();
77 
78   // Stores the protobuf and |data| for namespace |ns|. The protobuf is passed
79   // serialized in |serialized_policy_proto|, and must have been validated
80   // before.
81   // The |data| is validated during this call, and its secure hash must match
82   // |secure_hash|.
83   // Returns false if |data| failed validation, otherwise returns true and the
84   // data was stored in the cache.
85   bool Store(const PolicyNamespace& ns,
86              const std::string& serialized_policy_proto,
87              const std::string& secure_hash,
88              const std::string& data);
89 
90   // Deletes the storage of namespace |ns| and stops serving its policies.
91   void Delete(const PolicyNamespace& ns);
92 
93   // Deletes the storage of all components of |domain| that pass then given
94   // |filter|, and stops serving their policies.
95   void Purge(PolicyDomain domain,
96              const ResourceCache::SubkeyFilter& filter);
97 
98   // Deletes the storage of every component.
99   void Clear();
100 
101   // Validates |proto| and returns the corresponding policy namespace in |ns|,
102   // and the parsed ExternalPolicyData in |payload|.
103   // If |proto| validates successfully then its |payload| can be trusted, and
104   // the data referenced there can be downloaded. A |proto| must be validated
105   // before attempting to download the data, and before storing both.
106   bool ValidatePolicy(
107       scoped_ptr<enterprise_management::PolicyFetchResponse> proto,
108       PolicyNamespace* ns,
109       enterprise_management::ExternalPolicyData* payload);
110 
111  private:
112   // Helper for ValidatePolicy(), that's also used to validate protobufs
113   // loaded from the disk cache.
114   bool ValidateProto(
115       scoped_ptr<enterprise_management::PolicyFetchResponse> proto,
116       const std::string& policy_type,
117       const std::string& settings_entity_id,
118       enterprise_management::ExternalPolicyData* payload,
119       enterprise_management::PolicyData* policy_data);
120 
121   // Validates the JSON policy serialized in |data|, and verifies its hash
122   // with |secure_hash|. Returns true on success, and in that case stores the
123   // parsed policies in |policy|.
124   bool ValidateData(const std::string& data,
125                     const std::string& secure_hash,
126                     PolicyMap* policy);
127 
128   // Parses the JSON policy in |data| into |policy|, and returns true if the
129   // parse was successful.
130   bool ParsePolicy(const std::string& data, PolicyMap* policy);
131 
132   Delegate* delegate_;
133   ResourceCache* cache_;
134   std::string username_;
135   std::string dm_token_;
136 
137   PolicyBundle policy_bundle_;
138   std::map<PolicyNamespace, std::string> cached_hashes_;
139 
140   DISALLOW_COPY_AND_ASSIGN(ComponentCloudPolicyStore);
141 };
142 
143 }  // namespace policy
144 
145 #endif  // COMPONENTS_POLICY_CORE_COMMON_CLOUD_COMPONENT_CLOUD_POLICY_STORE_H_
146