1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 6 #define CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 7 8 #include <queue> 9 #include <set> 10 #include <string> 11 12 #include "base/basictypes.h" 13 #include "base/callback.h" 14 #include "base/memory/linked_ptr.h" 15 #include "base/memory/scoped_ptr.h" 16 #include "base/memory/weak_ptr.h" 17 #include "extensions/browser/management_policy.h" 18 #include "extensions/common/extension.h" 19 20 namespace content { 21 class BrowserContext; 22 } 23 24 namespace net { 25 class URLRequestContextGetter; 26 } 27 28 namespace extensions { 29 30 class ExtensionPrefs; 31 class InstallSigner; 32 struct InstallSignature; 33 34 // This class implements verification that a set of extensions are either from 35 // the webstore or are whitelisted by enterprise policy. The webstore 36 // verification process works by sending a request to a backend server to get a 37 // signature proving that a set of extensions are verified. This signature is 38 // written into the extension preferences and is checked for validity when 39 // being read back again. 40 // 41 // This class should be kept notified of runtime changes to the set of 42 // extensions installed from the webstore. 43 class InstallVerifier : public ManagementPolicy::Provider { 44 public: 45 InstallVerifier(ExtensionPrefs* prefs, content::BrowserContext* context); 46 virtual ~InstallVerifier(); 47 48 // Returns whether |extension| is of a type that needs verification. 49 static bool NeedsVerification(const Extension& extension); 50 51 // Initializes this object for use, including reading preferences and 52 // validating the stored signature. 53 void Init(); 54 55 // Returns the timestamp of our InstallSignature, if we have one. 56 base::Time SignatureTimestamp(); 57 58 // Returns true if |id| is either verified or our stored signature explicitly 59 // tells us that it was invalid when we asked the server about it. 60 bool IsKnownId(const std::string& id); 61 62 // Attempts to verify a single extension and add it to the verified list. 63 void VerifyExtension(const std::string& extension_id); 64 65 // Attempts to verify all extensions. 66 void VerifyAllExtensions(); 67 68 // Call this to add a set of ids that will immediately be considered allowed, 69 // and kick off an aysnchronous request to Add. 70 void AddProvisional(const ExtensionIdSet& ids); 71 72 // Removes an id or set of ids from the verified list. 73 void Remove(const std::string& id); 74 void RemoveMany(const ExtensionIdSet& ids); 75 76 // ManagementPolicy::Provider interface. 77 virtual std::string GetDebugPolicyProviderName() const OVERRIDE; 78 virtual bool MustRemainDisabled(const Extension* extension, 79 Extension::DisableReason* reason, 80 base::string16* error) const OVERRIDE; 81 82 private: 83 // We keep a list of operations to the current set of extensions. 84 enum OperationType { 85 ADD_SINGLE, // Adding a single extension to be verified. 86 ADD_ALL, // Adding all extensions to be verified. 87 ADD_ALL_BOOTSTRAP, // Adding all extensions because of a bootstrapping. 88 ADD_PROVISIONAL, // Adding one or more provisionally-allowed extensions. 89 REMOVE // Remove one or more extensions. 90 }; 91 92 // This is an operation we want to apply to the current set of verified ids. 93 struct PendingOperation { 94 OperationType type; 95 96 // This is the set of ids being either added or removed. 97 ExtensionIdSet ids; 98 99 explicit PendingOperation(OperationType type); 100 ~PendingOperation(); 101 }; 102 103 // Returns the set of IDs for all extensions that potentially need to be 104 // verified. 105 ExtensionIdSet GetExtensionsToVerify() const; 106 107 // Bootstrap the InstallVerifier if we do not already have a signature, or if 108 // there are unknown extensions which need to be verified. 109 void MaybeBootstrapSelf(); 110 111 // Try adding a new set of |ids| to the list of verified ids. 112 void AddMany(const ExtensionIdSet& ids, OperationType type); 113 114 // Record the result of the verification for the histograms, and notify the 115 // ExtensionPrefs if we verified all extensions. 116 void OnVerificationComplete(bool success, OperationType type); 117 118 // Removes any no-longer-installed ids, requesting a new signature if needed. 119 void GarbageCollect(); 120 121 // Returns whether an extension id is allowed by policy. 122 bool AllowedByEnterprisePolicy(const std::string& id) const; 123 124 // Returns whether the given |id| is included in our verified signature. 125 bool IsVerified(const std::string& id) const; 126 127 // Returns true if the extension with |id| was installed later than the 128 // timestamp of our signature. 129 bool WasInstalledAfterSignature(const std::string& id) const; 130 131 // Begins the process of fetching a new signature, based on applying the 132 // operation at the head of the queue to the current set of ids in 133 // |signature_| (if any) and then sending a request to sign that. 134 void BeginFetch(); 135 136 // Saves the current value of |signature_| to the prefs; 137 void SaveToPrefs(); 138 139 // Called with the result of a signature request, or NULL on failure. 140 void SignatureCallback(scoped_ptr<InstallSignature> signature); 141 142 ExtensionPrefs* prefs_; 143 144 // The context with which the InstallVerifier is associated. 145 content::BrowserContext* context_; 146 147 // Have we finished our bootstrap check yet? 148 bool bootstrap_check_complete_; 149 150 // This is the most up-to-date signature, read out of |prefs_| during 151 // initialization and updated anytime we get new id's added. 152 scoped_ptr<InstallSignature> signature_; 153 154 // The current InstallSigner, if we have a signature request running. 155 scoped_ptr<InstallSigner> signer_; 156 157 // A queue of operations to apply to the current set of allowed ids. 158 std::queue<linked_ptr<PendingOperation> > operation_queue_; 159 160 // A set of ids that have been provisionally added, which we're willing to 161 // consider allowed until we hear back from the server signature request. 162 ExtensionIdSet provisional_; 163 164 base::WeakPtrFactory<InstallVerifier> weak_factory_; 165 166 DISALLOW_COPY_AND_ASSIGN(InstallVerifier); 167 }; 168 169 } // namespace extensions 170 171 #endif // CHROME_BROWSER_EXTENSIONS_INSTALL_VERIFIER_H_ 172