Home | History | Annotate | Download | only in cloud 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_BUILDER_H_
      6 #define CHROME_BROWSER_POLICY_CLOUD_POLICY_BUILDER_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/compiler_specific.h"
     12 #include "base/logging.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "chrome/browser/policy/proto/cloud/device_management_local.pb.h"
     15 #include "crypto/rsa_private_key.h"
     16 
     17 namespace enterprise_management {
     18 class CloudPolicySettings;
     19 class ExternalPolicyData;
     20 }  // namespace enterprise_management
     21 
     22 namespace policy {
     23 
     24 // A helper class for testing that provides a straightforward interface for
     25 // constructing policy blobs for use in testing. NB: This uses fake data and
     26 // hard-coded signing keys by default, so should not be used in production code.
     27 class PolicyBuilder {
     28  public:
     29   // Constants used as dummy data for filling the PolicyData protobuf.
     30   static const char kFakeDeviceId[];
     31   static const char kFakeDomain[];
     32   static const char kFakeMachineName[];
     33   static const char kFakePolicyType[];
     34   static const int kFakePublicKeyVersion;
     35   static const int64 kFakeTimestamp;
     36   static const char kFakeToken[];
     37   static const char kFakeUsername[];
     38   static const char kFakeServiceAccountIdentity[];
     39 
     40   // Creates a policy builder. The builder will have all PolicyData fields
     41   // initialized to dummy values and use the test signing keys.
     42   PolicyBuilder();
     43   virtual ~PolicyBuilder();
     44 
     45   // Use this member to access the PolicyData protobuf.
     46   enterprise_management::PolicyData& policy_data() {
     47     if (!policy_data_.get())
     48       policy_data_.reset(new enterprise_management::PolicyData());
     49     return *policy_data_;
     50   }
     51   void clear_policy_data() {
     52     policy_data_.reset();
     53   }
     54 
     55   enterprise_management::PolicyFetchResponse& policy() {
     56     return policy_;
     57   }
     58 
     59   scoped_ptr<crypto::RSAPrivateKey> GetSigningKey();
     60   void SetSigningKey(const crypto::RSAPrivateKey& key);
     61   void SetDefaultSigningKey();
     62   void UnsetSigningKey();
     63 
     64   scoped_ptr<crypto::RSAPrivateKey> GetNewSigningKey();
     65   void SetDefaultNewSigningKey();
     66   void UnsetNewSigningKey();
     67 
     68   // Assembles the policy components. The resulting policy protobuf is available
     69   // through policy() after this call.
     70   virtual void Build();
     71 
     72   // Returns a copy of policy().
     73   scoped_ptr<enterprise_management::PolicyFetchResponse> GetCopy();
     74 
     75   // Returns a binary policy blob, i.e. an encoded PolicyFetchResponse.
     76   std::string GetBlob();
     77 
     78   // These return hard-coded testing keys. Don't use in production!
     79   static scoped_ptr<crypto::RSAPrivateKey> CreateTestSigningKey();
     80   static scoped_ptr<crypto::RSAPrivateKey> CreateTestOtherSigningKey();
     81 
     82  private:
     83   // Produces |key|'s signature over |data| and stores it in |signature|.
     84   void SignData(const std::string& data,
     85                 crypto::RSAPrivateKey* key,
     86                 std::string* signature);
     87 
     88   enterprise_management::PolicyFetchResponse policy_;
     89   scoped_ptr<enterprise_management::PolicyData> policy_data_;
     90   std::string payload_data_;
     91 
     92   // The keys cannot be stored in NSS. Temporary keys are not guaranteed to
     93   // remain in the database. Persistent keys require a persistent database,
     94   // which would coincide with the user's database. However, these keys are used
     95   // for signing the policy and don't have to coincide with the user's known
     96   // keys. Instead, we store the private keys as raw bytes. Where needed, a
     97   // temporary RSAPrivateKey is created.
     98   std::vector<uint8> raw_signing_key_;
     99   std::vector<uint8> raw_new_signing_key_;
    100 
    101   DISALLOW_COPY_AND_ASSIGN(PolicyBuilder);
    102 };
    103 
    104 // Type-parameterized PolicyBuilder extension that allows for building policy
    105 // blobs carrying protobuf payloads.
    106 template<typename PayloadProto>
    107 class TypedPolicyBuilder : public PolicyBuilder {
    108  public:
    109   TypedPolicyBuilder();
    110   virtual ~TypedPolicyBuilder() {}
    111 
    112   // Returns a reference to the payload protobuf being built.
    113   PayloadProto& payload() {
    114     if (!payload_.get())
    115       payload_.reset(new PayloadProto());
    116     return *payload_;
    117   }
    118   void clear_payload() {
    119     payload_.reset();
    120   }
    121 
    122   // PolicyBuilder:
    123   virtual void Build() OVERRIDE {
    124     if (payload_.get())
    125       CHECK(payload_->SerializeToString(policy_data().mutable_policy_value()));
    126 
    127     PolicyBuilder::Build();
    128   }
    129 
    130  private:
    131   scoped_ptr<PayloadProto> payload_;
    132 
    133   DISALLOW_COPY_AND_ASSIGN(TypedPolicyBuilder);
    134 };
    135 
    136 typedef TypedPolicyBuilder<enterprise_management::CloudPolicySettings>
    137     UserPolicyBuilder;
    138 typedef TypedPolicyBuilder<enterprise_management::ExternalPolicyData>
    139     ComponentPolicyBuilder;
    140 
    141 }  // namespace policy
    142 
    143 #endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_BUILDER_H_
    144