1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_POLICY_CLOUD_COMPONENT_CLOUD_POLICY_STORE_H_ 6 #define CHROME_BROWSER_POLICY_CLOUD_COMPONENT_CLOUD_POLICY_STORE_H_ 7 8 #include <map> 9 #include <set> 10 #include <string> 11 12 #include "base/basictypes.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/threading/non_thread_safe.h" 15 #include "chrome/browser/policy/policy_bundle.h" 16 #include "chrome/browser/policy/policy_service.h" 17 18 namespace enterprise_management { 19 class ExternalPolicyData; 20 class PolicyData; 21 class PolicyFetchResponse; 22 } 23 24 namespace policy { 25 26 class ResourceCache; 27 28 // Validates protobufs for external policy data, validates the data itself, and 29 // caches both locally. 30 class ComponentCloudPolicyStore : public base::NonThreadSafe { 31 public: 32 class Delegate { 33 public: 34 virtual ~Delegate(); 35 36 // Invoked whenever the policies served by policy() have changed, except 37 // for the initial Load(). 38 virtual void OnComponentCloudPolicyStoreUpdated() = 0; 39 }; 40 41 // Both the |delegate| and the |cache| must outlive this object. 42 ComponentCloudPolicyStore(Delegate* delegate, 43 ResourceCache* cache); 44 ~ComponentCloudPolicyStore(); 45 46 // Helper that returns true for PolicyDomains that can be managed by this 47 // store. 48 static bool SupportsDomain(PolicyDomain domain); 49 50 // Returns true if |domain| can be managed by this store; in that case, the 51 // dm_protocol policy type that corresponds to |domain| is stored in 52 // |policy_type|. Otherwise returns false. 53 static bool GetPolicyType(PolicyDomain domain, std::string* policy_type); 54 55 // Returns true if |policy_type| corresponds to a policy domain that can be 56 // managed by this store; in that case, the domain constants is assigned to 57 // |domain|. Otherwise returns false. 58 static bool GetPolicyDomain(const std::string& policy_type, 59 PolicyDomain* domain); 60 61 // The current list of policies. 62 const PolicyBundle& policy() const { return policy_bundle_; } 63 64 // The cached hash for namespace |ns|, or the empty string if |ns| is not 65 // cached. 66 const std::string& GetCachedHash(const PolicyNamespace& ns) const; 67 68 // |username| and |dm_token| are used to validate the cached data, and data 69 // stored later. 70 // All ValidatePolicy() requests without credentials fail. 71 void SetCredentials(const std::string& username, 72 const std::string& dm_token); 73 74 // Loads and validates all the currently cached protobufs and policy data. 75 // This is performed synchronously, and policy() will return the cached 76 // policies after this call. 77 void Load(); 78 79 // Stores the protobuf and |data| for namespace |ns|. The protobuf is passed 80 // serialized in |serialized_policy_proto|, and must have been validated 81 // before. 82 // The |data| is validated during this call, and its secure hash must match 83 // |secure_hash|. 84 // Returns false if |data| failed validation, otherwise returns true and the 85 // data was stored in the cache. 86 bool Store(const PolicyNamespace& ns, 87 const std::string& serialized_policy_proto, 88 const std::string& secure_hash, 89 const std::string& data); 90 91 // Deletes the storage of namespace |ns| and stops serving its policies. 92 void Delete(const PolicyNamespace& ns); 93 94 // Deletes the storage of all components of |domain| that are not in 95 // |components_to_keep|, and stops serving their policies. 96 void Purge(PolicyDomain domain, 97 const std::set<std::string>& components_to_keep); 98 99 // Validates |proto| and returns the corresponding policy namespace in |ns|, 100 // and the parsed ExternalPolicyData in |payload|. 101 // If |proto| validates successfully then its |payload| can be trusted, and 102 // the data referenced there can be downloaded. A |proto| must be validated 103 // before attempting to download the data, and before storing both. 104 bool ValidatePolicy( 105 scoped_ptr<enterprise_management::PolicyFetchResponse> proto, 106 PolicyNamespace* ns, 107 enterprise_management::ExternalPolicyData* payload); 108 109 private: 110 // Helper for ValidatePolicy(), that's also used to validate protobufs 111 // loaded from the disk cache. 112 bool ValidateProto( 113 scoped_ptr<enterprise_management::PolicyFetchResponse> proto, 114 const std::string& policy_type, 115 const std::string& settings_entity_id, 116 enterprise_management::ExternalPolicyData* payload, 117 enterprise_management::PolicyData* policy_data); 118 119 // Validates the JSON policy serialized in |data|, and verifies its hash 120 // with |secure_hash|. Returns true on success, and in that case stores the 121 // parsed policies in |policy|. 122 bool ValidateData(const std::string& data, 123 const std::string& secure_hash, 124 PolicyMap* policy); 125 126 // Parses the JSON policy in |data| into |policy|, and returns true if the 127 // parse was successful. 128 bool ParsePolicy(const std::string& data, PolicyMap* policy); 129 130 Delegate* delegate_; 131 ResourceCache* cache_; 132 std::string username_; 133 std::string dm_token_; 134 135 PolicyBundle policy_bundle_; 136 std::map<PolicyNamespace, std::string> cached_hashes_; 137 138 DISALLOW_COPY_AND_ASSIGN(ComponentCloudPolicyStore); 139 }; 140 141 } // namespace policy 142 143 #endif // CHROME_BROWSER_POLICY_CLOUD_COMPONENT_CLOUD_POLICY_STORE_H_ 144
