1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/compiler_specific.h" 12 #include "base/files/file_path.h" 13 #include "base/memory/weak_ptr.h" 14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" 15 #include "components/policy/policy_export.h" 16 #include "policy/proto/policy_signing_key.pb.h" 17 18 namespace base { 19 class SequencedTaskRunner; 20 } 21 22 namespace policy { 23 24 // Implements a cloud policy store that is stored in a simple file in the user's 25 // profile directory. This is used on (non-chromeos) platforms that do not have 26 // a secure storage implementation. 27 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase { 28 public: 29 // Creates a policy store associated with a signed-in (or in the progress of 30 // it) user. 31 UserCloudPolicyStore( 32 const base::FilePath& policy_file, 33 const base::FilePath& key_file, 34 const std::string& verification_key, 35 scoped_refptr<base::SequencedTaskRunner> background_task_runner); 36 virtual ~UserCloudPolicyStore(); 37 38 // Factory method for creating a UserCloudPolicyStore for a profile with path 39 // |profile_path|. 40 static scoped_ptr<UserCloudPolicyStore> Create( 41 const base::FilePath& profile_path, 42 const std::string& verification_key, 43 scoped_refptr<base::SequencedTaskRunner> background_task_runner); 44 45 // Sets the username from signin for validation of the policy. 46 void SetSigninUsername(const std::string& username); 47 48 // Loads policy immediately on the current thread. Virtual for mocks. 49 virtual void LoadImmediately(); 50 51 // Deletes any existing policy blob and notifies observers via OnStoreLoaded() 52 // that the blob has changed. Virtual for mocks. 53 virtual void Clear(); 54 55 // CloudPolicyStore implementation. 56 virtual void Load() OVERRIDE; 57 virtual void Store( 58 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; 59 60 // The key used to sign the current policy (empty if there either is no 61 // loaded policy yet, or if the policy is unsigned). 62 const std::string& policy_key() { return policy_key_; } 63 64 protected: 65 std::string signin_username_; 66 67 private: 68 // Callback invoked when a new policy has been loaded from disk. If 69 // |validate_in_background| is true, then policy is validated via a background 70 // thread. 71 void PolicyLoaded(bool validate_in_background, 72 struct PolicyLoadResult policy_load_result); 73 74 // Starts policy blob validation. |callback| is invoked once validation is 75 // complete. If |validate_in_background| is true, then the validation work 76 // occurs on a background thread (results are sent back to the calling 77 // thread). 78 void Validate( 79 scoped_ptr<enterprise_management::PolicyFetchResponse> policy, 80 scoped_ptr<enterprise_management::PolicySigningKey> key, 81 const std::string& verification_key, 82 bool validate_in_background, 83 const UserCloudPolicyValidator::CompletionCallback& callback); 84 85 // Callback invoked to install a just-loaded policy after validation has 86 // finished. 87 void InstallLoadedPolicyAfterValidation(bool doing_key_rotation, 88 const std::string& signing_key, 89 UserCloudPolicyValidator* validator); 90 91 // Callback invoked to store the policy after validation has finished. 92 void StorePolicyAfterValidation(UserCloudPolicyValidator* validator); 93 94 // WeakPtrFactory used to create callbacks for validating and storing policy. 95 base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_; 96 97 // The key used to verify signatures of cached policy. 98 std::string policy_key_; 99 100 // Path to file where we store persisted policy. 101 base::FilePath policy_path_; 102 103 // Path to file where we store the signing key for the policy blob. 104 base::FilePath key_path_; 105 106 // The hard-coded key used to verify new signing keys. 107 const std::string verification_key_; 108 109 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore); 110 }; 111 112 } // namespace policy 113 114 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ 115