1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/compiler_specific.h" 12 #include "base/logging.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "crypto/rsa_private_key.h" 15 #include "policy/proto/cloud_policy.pb.h" 16 #include "policy/proto/device_management_backend.pb.h" 17 18 #if !defined(OS_ANDROID) 19 #include "policy/proto/chrome_extension_policy.pb.h" 20 #endif 21 22 namespace policy { 23 24 // A helper class for testing that provides a straightforward interface for 25 // constructing policy blobs for use in testing. NB: This uses fake data and 26 // hard-coded signing keys by default, so should not be used in production code. 27 class PolicyBuilder { 28 public: 29 // Constants used as dummy data for filling the PolicyData protobuf. 30 static const char kFakeDeviceId[]; 31 static const char kFakeDomain[]; 32 static const char kFakeMachineName[]; 33 static const char kFakePolicyType[]; 34 static const int kFakePublicKeyVersion; 35 static const int64 kFakeTimestamp; 36 static const char kFakeToken[]; 37 static const char kFakeUsername[]; 38 static const char kFakeServiceAccountIdentity[]; 39 40 // Creates a policy builder. The builder will have all PolicyData fields 41 // initialized to dummy values and use the test signing keys. 42 PolicyBuilder(); 43 virtual ~PolicyBuilder(); 44 45 // Use this member to access the PolicyData protobuf. policy_data()46 enterprise_management::PolicyData& policy_data() { 47 if (!policy_data_.get()) 48 policy_data_.reset(new enterprise_management::PolicyData()); 49 return *policy_data_; 50 } clear_policy_data()51 void clear_policy_data() { 52 policy_data_.reset(); 53 } 54 policy()55 enterprise_management::PolicyFetchResponse& policy() { 56 return policy_; 57 } 58 59 scoped_ptr<crypto::RSAPrivateKey> GetSigningKey(); 60 void SetSigningKey(const crypto::RSAPrivateKey& key); 61 void SetDefaultSigningKey(); 62 void UnsetSigningKey(); 63 64 scoped_ptr<crypto::RSAPrivateKey> GetNewSigningKey(); 65 void SetDefaultNewSigningKey(); 66 void UnsetNewSigningKey(); 67 68 // Assembles the policy components. The resulting policy protobuf is available 69 // through policy() after this call. 70 virtual void Build(); 71 72 // Returns a copy of policy(). 73 scoped_ptr<enterprise_management::PolicyFetchResponse> GetCopy(); 74 75 // Returns a binary policy blob, i.e. an encoded PolicyFetchResponse. 76 std::string GetBlob(); 77 78 // These return hard-coded testing keys. Don't use in production! 79 static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey(); 80 static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey(); 81 82 private: 83 // Produces |key|'s signature over |data| and stores it in |signature|. 84 void SignData(const std::string& data, 85 crypto::RSAPrivateKey* key, 86 std::string* signature); 87 88 enterprise_management::PolicyFetchResponse policy_; 89 scoped_ptr<enterprise_management::PolicyData> policy_data_; 90 std::string payload_data_; 91 92 // The keys cannot be stored in NSS. Temporary keys are not guaranteed to 93 // remain in the database. Persistent keys require a persistent database, 94 // which would coincide with the user's database. However, these keys are used 95 // for signing the policy and don't have to coincide with the user's known 96 // keys. Instead, we store the private keys as raw bytes. Where needed, a 97 // temporary RSAPrivateKey is created. 98 std::vector<uint8> raw_signing_key_; 99 std::vector<uint8> raw_new_signing_key_; 100 101 DISALLOW_COPY_AND_ASSIGN(PolicyBuilder); 102 }; 103 104 // Type-parameterized PolicyBuilder extension that allows for building policy 105 // blobs carrying protobuf payloads. 106 template<typename PayloadProto> 107 class TypedPolicyBuilder : public PolicyBuilder { 108 public: 109 TypedPolicyBuilder(); ~TypedPolicyBuilder()110 virtual ~TypedPolicyBuilder() {} 111 112 // Returns a reference to the payload protobuf being built. payload()113 PayloadProto& payload() { 114 if (!payload_.get()) 115 payload_.reset(new PayloadProto()); 116 return *payload_; 117 } clear_payload()118 void clear_payload() { 119 payload_.reset(); 120 } 121 122 // PolicyBuilder: Build()123 virtual void Build() OVERRIDE { 124 if (payload_.get()) 125 CHECK(payload_->SerializeToString(policy_data().mutable_policy_value())); 126 127 PolicyBuilder::Build(); 128 } 129 130 private: 131 scoped_ptr<PayloadProto> payload_; 132 133 DISALLOW_COPY_AND_ASSIGN(TypedPolicyBuilder); 134 }; 135 136 typedef TypedPolicyBuilder<enterprise_management::CloudPolicySettings> 137 UserPolicyBuilder; 138 139 #if !defined(OS_ANDROID) 140 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData> 141 ComponentPolicyBuilder; 142 #endif 143 144 } // namespace policy 145 146 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_POLICY_BUILDER_H_ 147