Home | History | Annotate | Download | only in cloud 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
      6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/compiler_specific.h"
     12 #include "base/files/file_path.h"
     13 #include "base/memory/weak_ptr.h"
     14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
     15 #include "components/policy/policy_export.h"
     16 #include "policy/proto/policy_signing_key.pb.h"
     17 
     18 namespace base {
     19 class SequencedTaskRunner;
     20 }
     21 
     22 namespace policy {
     23 
     24 // Implements a cloud policy store that is stored in a simple file in the user's
     25 // profile directory. This is used on (non-chromeos) platforms that do not have
     26 // a secure storage implementation.
     27 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
     28  public:
     29   // Creates a policy store associated with a signed-in (or in the progress of
     30   // it) user.
     31   UserCloudPolicyStore(
     32       const base::FilePath& policy_file,
     33       const base::FilePath& key_file,
     34       const std::string& verification_key,
     35       scoped_refptr<base::SequencedTaskRunner> background_task_runner);
     36   virtual ~UserCloudPolicyStore();
     37 
     38   // Factory method for creating a UserCloudPolicyStore for a profile with path
     39   // |profile_path|.
     40   static scoped_ptr<UserCloudPolicyStore> Create(
     41       const base::FilePath& profile_path,
     42       const std::string& verification_key,
     43       scoped_refptr<base::SequencedTaskRunner> background_task_runner);
     44 
     45   // Sets the username from signin for validation of the policy.
     46   void SetSigninUsername(const std::string& username);
     47 
     48   // Loads policy immediately on the current thread. Virtual for mocks.
     49   virtual void LoadImmediately();
     50 
     51   // Deletes any existing policy blob and notifies observers via OnStoreLoaded()
     52   // that the blob has changed. Virtual for mocks.
     53   virtual void Clear();
     54 
     55   // CloudPolicyStore implementation.
     56   virtual void Load() OVERRIDE;
     57   virtual void Store(
     58       const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
     59 
     60   // The key used to sign the current policy (empty if there either is no
     61   // loaded policy yet, or if the policy is unsigned).
     62   const std::string& policy_key() { return policy_key_; }
     63 
     64  protected:
     65   std::string signin_username_;
     66 
     67  private:
     68   // Callback invoked when a new policy has been loaded from disk. If
     69   // |validate_in_background| is true, then policy is validated via a background
     70   // thread.
     71   void PolicyLoaded(bool validate_in_background,
     72                     struct PolicyLoadResult policy_load_result);
     73 
     74   // Starts policy blob validation. |callback| is invoked once validation is
     75   // complete. If |validate_in_background| is true, then the validation work
     76   // occurs on a background thread (results are sent back to the calling
     77   // thread).
     78   void Validate(
     79       scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
     80       scoped_ptr<enterprise_management::PolicySigningKey> key,
     81       const std::string& verification_key,
     82       bool validate_in_background,
     83       const UserCloudPolicyValidator::CompletionCallback& callback);
     84 
     85   // Callback invoked to install a just-loaded policy after validation has
     86   // finished.
     87   void InstallLoadedPolicyAfterValidation(bool doing_key_rotation,
     88                                           const std::string& signing_key,
     89                                           UserCloudPolicyValidator* validator);
     90 
     91   // Callback invoked to store the policy after validation has finished.
     92   void StorePolicyAfterValidation(UserCloudPolicyValidator* validator);
     93 
     94   // The key used to verify signatures of cached policy.
     95   std::string policy_key_;
     96 
     97   // Path to file where we store persisted policy.
     98   base::FilePath policy_path_;
     99 
    100   // Path to file where we store the signing key for the policy blob.
    101   base::FilePath key_path_;
    102 
    103   // The hard-coded key used to verify new signing keys.
    104   const std::string verification_key_;
    105 
    106   // WeakPtrFactory used to create callbacks for validating and storing policy.
    107   base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_;
    108 
    109   DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore);
    110 };
    111 
    112 }  // namespace policy
    113 
    114 #endif  // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
    115