OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_POLICY_DEVICE_MANAGEMENT_POLICY_CACHE_H_ | 5 #ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_ |
6 #define CHROME_BROWSER_POLICY_DEVICE_MANAGEMENT_POLICY_CACHE_H_ | 6 #define CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_ |
| 7 |
| 8 #include <string> |
7 | 9 |
8 #include "base/file_path.h" | 10 #include "base/file_path.h" |
9 #include "base/gtest_prod_util.h" | 11 #include "base/gtest_prod_util.h" |
10 #include "base/ref_counted.h" | 12 #include "base/ref_counted.h" |
11 #include "base/scoped_ptr.h" | 13 #include "base/scoped_ptr.h" |
12 #include "base/synchronization/lock.h" | 14 #include "base/synchronization/lock.h" |
13 #include "base/time.h" | 15 #include "base/time.h" |
| 16 #include "chrome/browser/policy/configuration_policy_provider.h" |
| 17 #include "chrome/browser/policy/policy_map.h" |
14 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | 18 #include "chrome/browser/policy/proto/device_management_backend.pb.h" |
| 19 #include "policy/configuration_policy_type.h" |
15 | 20 |
16 class DictionaryValue; | 21 class DictionaryValue; |
| 22 class ListValue; |
17 class Value; | 23 class Value; |
18 | 24 |
| 25 using google::protobuf::RepeatedPtrField; |
| 26 |
19 namespace policy { | 27 namespace policy { |
20 | 28 |
21 namespace em = enterprise_management; | 29 namespace em = enterprise_management; |
22 | 30 |
23 // Keeps the authoritative copy of cloud policy information as read from the | 31 // Keeps the authoritative copy of cloud policy information as read from the |
24 // persistence file or determined by the policy backend. The cache doesn't talk | 32 // persistence file or determined by the policy backend. The cache doesn't talk |
25 // to the service directly, but receives updated policy information through | 33 // to the service directly, but receives updated policy information through |
26 // SetPolicy() calls, which is then persisted and decoded into the internal | 34 // SetPolicy() calls, which is then persisted and decoded into the internal |
27 // Value representation chrome uses. | 35 // Value representation chrome uses. |
28 class DeviceManagementPolicyCache { | 36 class CloudPolicyCache { |
29 public: | 37 public: |
30 explicit DeviceManagementPolicyCache(const FilePath& backing_file_path); | 38 explicit CloudPolicyCache(const FilePath& backing_file_path); |
31 ~DeviceManagementPolicyCache(); | 39 ~CloudPolicyCache(); |
32 | 40 |
33 // Loads policy information from the backing file. Non-existing or erroneous | 41 // Loads policy information from the backing file. Non-existing or erroneous |
34 // cache files are ignored. | 42 // cache files are ignored. |
35 void LoadPolicyFromFile(); | 43 void LoadPolicyFromFile(); |
36 | 44 |
37 // Resets the policy information. Returns true if the new policy is different | 45 // Resets the policy information. Returns true if the new policy is different |
38 // from the previously stored policy. | 46 // from the previously stored policy. |
39 bool SetPolicy(const em::DevicePolicyResponse& policy); | 47 bool SetPolicy(const em::CloudPolicyResponse& policy); |
| 48 bool SetDevicePolicy(const em::DevicePolicyResponse& policy); |
40 | 49 |
41 // Gets the policy information. Ownership of the return value is transferred | 50 // Gets the policy information. Ownership of the return value is transferred |
42 // to the caller. | 51 // to the caller. |
43 DictionaryValue* GetPolicy(); | 52 DictionaryValue* GetDevicePolicy(); |
| 53 const PolicyMap* GetMandatoryPolicy() const; |
| 54 const PolicyMap* GetRecommendedPolicy() const; |
44 | 55 |
45 void SetDeviceUnmanaged(); | 56 void SetUnmanaged(); |
46 bool is_device_unmanaged() const { | 57 bool is_unmanaged() const { |
47 return is_device_unmanaged_; | 58 return is_unmanaged_; |
48 } | 59 } |
49 | 60 |
50 // Returns the time as which the policy was last fetched. | 61 // Returns the time at which the policy was last fetched. |
51 base::Time last_policy_refresh_time() const { | 62 base::Time last_policy_refresh_time() const { |
52 return last_policy_refresh_time_; | 63 return last_policy_refresh_time_; |
53 } | 64 } |
54 | 65 |
| 66 // Returns true if this cache holds (old-style) device policy that should be |
| 67 // given preference over (new-style) mandatory/recommended policy. |
| 68 bool has_device_policy() const { |
| 69 return has_device_policy_; |
| 70 } |
| 71 |
55 private: | 72 private: |
| 73 friend class CloudPolicyCacheTest; |
56 friend class DeviceManagementPolicyCacheDecodeTest; | 74 friend class DeviceManagementPolicyCacheDecodeTest; |
57 FRIEND_TEST_ALL_PREFIXES(DeviceManagementPolicyCacheDecodeTest, DecodePolicy); | 75 |
| 76 // Decodes a CloudPolicyResponse into two (ConfigurationPolicyType -> Value*) |
| 77 // maps and a timestamp. Also performs verification, returns NULL if any |
| 78 // check fails. |
| 79 static bool DecodePolicyResponse( |
| 80 const em::CloudPolicyResponse& policy_response, |
| 81 PolicyMap* mandatory, |
| 82 PolicyMap* recommended, |
| 83 base::Time* timestamp); |
| 84 |
| 85 // Returns true if |certificate_chain| is trusted and a |signature| created |
| 86 // from it matches |data|. |
| 87 static bool VerifySignature( |
| 88 const std::string& signature, |
| 89 const std::string& data, |
| 90 const RepeatedPtrField<std::string>& certificate_chain); |
58 | 91 |
59 // Decodes an int64 value. Checks whether the passed value fits the numeric | 92 // Decodes an int64 value. Checks whether the passed value fits the numeric |
60 // limits of the value representation. Returns a value (ownership is | 93 // limits of the value representation. Returns a value (ownership is |
61 // transferred to the caller) on success, NULL on failure. | 94 // transferred to the caller) on success, NULL on failure. |
62 static Value* DecodeIntegerValue(google::protobuf::int64 value); | 95 static Value* DecodeIntegerValue(google::protobuf::int64 value); |
63 | 96 |
64 // Decode a GenericValue message to the Value representation used internally. | 97 // Decode a GenericValue message to the Value representation used internally. |
65 // Returns NULL if |value| is invalid (i.e. contains no actual value). | 98 // Returns NULL if |value| is invalid (i.e. contains no actual value). |
66 static Value* DecodeValue(const em::GenericValue& value); | 99 static Value* DecodeValue(const em::GenericValue& value); |
67 | 100 |
68 // Decodes a policy message and returns it in Value representation. Ownership | 101 // Decodes a policy message and returns it in Value representation. Ownership |
69 // of the returned dictionary is transferred to the caller. | 102 // of the returned dictionary is transferred to the caller. |
70 static DictionaryValue* DecodePolicy( | 103 static DictionaryValue* DecodeDevicePolicy( |
71 const em::DevicePolicyResponse& response); | 104 const em::DevicePolicyResponse& response); |
72 | 105 |
73 // The file in which we store a cached version of the policy information. | 106 // The file in which we store a cached version of the policy information. |
74 const FilePath backing_file_path_; | 107 const FilePath backing_file_path_; |
75 | 108 |
76 // Protects |policy_|. | 109 // Protects both |mandatory_policy_| and |recommended_policy_| as well as |
| 110 // |device_policy_|. |
77 base::Lock lock_; | 111 base::Lock lock_; |
78 | 112 |
79 // Policy key-value information. | 113 // Policy key-value information. |
80 scoped_ptr<DictionaryValue> policy_; | 114 PolicyMap mandatory_policy_; |
| 115 PolicyMap recommended_policy_; |
| 116 scoped_ptr<DictionaryValue> device_policy_; |
81 | 117 |
82 // Tracks whether the store received a SetPolicy() call, which overrides any | 118 // Tracks whether the store received a SetPolicy() call, which overrides any |
83 // information loaded from the file. | 119 // information loaded from the file. |
84 bool fresh_policy_; | 120 bool fresh_policy_; |
85 | 121 |
86 bool is_device_unmanaged_; | 122 bool is_unmanaged_; |
| 123 |
| 124 // Tracks whether the cache currently stores |device_policy_| that should be |
| 125 // given preference over |mandatory_policy_| and |recommended_policy_|. |
| 126 bool has_device_policy_; |
87 | 127 |
88 // The time at which the policy was last refreshed. | 128 // The time at which the policy was last refreshed. |
89 base::Time last_policy_refresh_time_; | 129 base::Time last_policy_refresh_time_; |
90 }; | 130 }; |
91 | 131 |
92 } // namespace policy | 132 } // namespace policy |
93 | 133 |
94 #endif // CHROME_BROWSER_POLICY_DEVICE_MANAGEMENT_POLICY_CACHE_H_ | 134 #endif // CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_ |
OLD | NEW |