New policy protobuf protocol.

chrome/browser/policy/cloud_policy_cache.h

Index: chrome/browser/policy/cloud_policy_cache.h
diff --git a/chrome/browser/policy/cloud_policy_cache.h b/chrome/browser/policy/cloud_policy_cache.h
new file mode 100644
index 0000000000000000000000000000000000000000..2457cf6445674f4a90a272865e3af3830574c03c
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_cache.h
@@ -0,0 +1,114 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_
+#define CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_
+
+#include <map>
+#include <string>
+
+#include "base/file_path.h"
+#include "base/gtest_prod_util.h"
+#include "base/ref_counted.h"
+#include "base/scoped_ptr.h"
+#include "base/synchronization/lock.h"
+#include "base/time.h"
+#include "chrome/browser/policy/configuration_policy_provider.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
+// configuration_policy_type.h is generated. See policy_templates.json for
+// policy definitions.
+#include "policy/configuration_policy_type.h"
+
+class DictionaryValue;
+class ListValue;
+class Value;
+
+using google::protobuf::RepeatedPtrField;
+
+namespace policy {
+
+namespace em = enterprise_management;
+
+// Decodes a CloudPolicySettings object into two maps with mandatory and
+// recommended settings, respectively. The implementation is generated code.
+void DecodePolicy(const em::CloudPolicySettings& policy,
+                  PolicyMapType* mandatory, PolicyMapType* recommended);

[gfeher, 2011/02/02 08:42:45]

Please hide this in an anonymous namespace.

[Jakob Kummerow, 2011/02/03 14:36:52]

Can't. See the comment: the implementation is generated code, i.e. lives in
another file. The method *has* to be in the policy namespace or it wouldn't be
accessible.

+
+// Keeps the authoritative copy of cloud policy information as read from the
+// persistence file or determined by the policy backend. The cache doesn't talk
+// to the service directly, but receives updated policy information through
+// SetPolicy() calls, which is then persisted and decoded into the internal
+// Value representation chrome uses.
+class CloudPolicyCache {
+ public:
+  explicit CloudPolicyCache(const FilePath& backing_file_path);
+  ~CloudPolicyCache();
+
+  // Loads policy information from the backing file. Non-existing or erroneous
+  // cache files are ignored.
+  void LoadPolicyFromFile();
+
+  // Resets the policy information. Returns true if the new policy is different
+  // from the previously stored policy.
+  bool SetPolicy(const em::CloudPolicyResponse& policy);
+
+  // Gets the policy information. Ownership of the return value is transferred
+  // to the caller.

[gfeher, 2011/02/02 08:42:45]

If I understand correctly, there is no way to get recommended policies out from
this cache, right? If that's intentional, please add a (TODO) comment.

[Jakob Kummerow, 2011/02/03 14:36:52]

Done.

+  PolicyMapType* GetPolicy();
+
+  void SetUnmanaged();
+  bool is_unmanaged() const {
+    return is_unmanaged_;
+  }
+
+  // Returns the time as which the policy was last fetched.
+  base::Time last_policy_refresh_time() const {
+    return last_policy_refresh_time_;
+  }
+
+ private:
+  friend class CloudPolicyCacheTest;
+
+  // Decodes a CloudPolicyResponse into two (ConfigurationPolicyType -> Value*)
+  // maps and a timestamp. Also performs verification, returns NULL if any
+  // check fails.
+  static bool DecodePolicyResponse(
+      const em::CloudPolicyResponse& policy_response,
+      PolicyMapType* mandatory,
+      PolicyMapType* recommended,
+      base::Time* timestamp);
+
+  // Returns true if |certificate_chain| is trusted and a |signature| created
+  // from it matches |data|.
+  static bool VerifySignature(
+      const std::string& signature,
+      const std::string& data,
+      const RepeatedPtrField<std::string>& certificate_chain);
+
+  // Returns true if |a| equals |b|.
+  static bool Equals(const PolicyMapType* a, const PolicyMapType* b);
+
+  // The file in which we store a cached version of the policy information.
+  const FilePath backing_file_path_;
+
+  // Protects |policy_|.

[gfeher, 2011/02/02 08:42:45]

Please update comment.

[Jakob Kummerow, 2011/02/03 14:36:52]

Done.

+  base::Lock lock_;
+
+  // Policy key-value information.
+  scoped_ptr<PolicyMapType> mandatory_policy_;
+  scoped_ptr<PolicyMapType> recommended_policy_;
+
+  // Tracks whether the store received a SetPolicy() call, which overrides any
+  // information loaded from the file.
+  bool fresh_policy_;
+
+  bool is_unmanaged_;
+
+  // The time at which the policy was last refreshed.
+  base::Time last_policy_refresh_time_;
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_