OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ | 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ |
6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ | 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" | 14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" |
15 #include "components/policy/policy_export.h" | 15 #include "components/policy/policy_export.h" |
| 16 #include "policy/proto/policy_signing_key.pb.h" |
16 | 17 |
17 namespace base { | 18 namespace base { |
18 class SequencedTaskRunner; | 19 class SequencedTaskRunner; |
19 } | 20 } |
20 | 21 |
21 namespace policy { | 22 namespace policy { |
22 | 23 |
23 // Implements a cloud policy store that is stored in a simple file in the user's | 24 // Implements a cloud policy store that is stored in a simple file in the user's |
24 // profile directory. This is used on (non-chromeos) platforms that do not have | 25 // profile directory. This is used on (non-chromeos) platforms that do not have |
25 // a secure storage implementation. | 26 // a secure storage implementation. |
26 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase { | 27 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase { |
27 public: | 28 public: |
28 // Creates a policy store associated with a signed-in (or in the progress of | 29 // Creates a policy store associated with a signed-in (or in the progress of |
29 // it) user. | 30 // it) user. |
30 UserCloudPolicyStore( | 31 UserCloudPolicyStore( |
31 const base::FilePath& policy_file, | 32 const base::FilePath& policy_file, |
| 33 const base::FilePath& key_file, |
| 34 const std::string& verification_key, |
32 scoped_refptr<base::SequencedTaskRunner> background_task_runner); | 35 scoped_refptr<base::SequencedTaskRunner> background_task_runner); |
33 virtual ~UserCloudPolicyStore(); | 36 virtual ~UserCloudPolicyStore(); |
34 | 37 |
35 // Factory method for creating a UserCloudPolicyStore for a profile with path | 38 // Factory method for creating a UserCloudPolicyStore for a profile with path |
36 // |profile_path|. | 39 // |profile_path|. |
37 static scoped_ptr<UserCloudPolicyStore> Create( | 40 static scoped_ptr<UserCloudPolicyStore> Create( |
38 const base::FilePath& profile_path, | 41 const base::FilePath& profile_path, |
| 42 const std::string& verification_key, |
39 scoped_refptr<base::SequencedTaskRunner> background_task_runner); | 43 scoped_refptr<base::SequencedTaskRunner> background_task_runner); |
40 | 44 |
41 // Sets the username from signin for validation of the policy. | 45 // Sets the username from signin for validation of the policy. |
42 void SetSigninUsername(const std::string& username); | 46 void SetSigninUsername(const std::string& username); |
43 | 47 |
44 // Loads policy immediately on the current thread. Virtual for mocks. | 48 // Loads policy immediately on the current thread. Virtual for mocks. |
45 virtual void LoadImmediately(); | 49 virtual void LoadImmediately(); |
46 | 50 |
47 // Deletes any existing policy blob and notifies observers via OnStoreLoaded() | 51 // Deletes any existing policy blob and notifies observers via OnStoreLoaded() |
48 // that the blob has changed. Virtual for mocks. | 52 // that the blob has changed. Virtual for mocks. |
49 virtual void Clear(); | 53 virtual void Clear(); |
50 | 54 |
51 // CloudPolicyStore implementation. | 55 // CloudPolicyStore implementation. |
52 virtual void Load() OVERRIDE; | 56 virtual void Load() OVERRIDE; |
53 virtual void Store( | 57 virtual void Store( |
54 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; | 58 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; |
55 | 59 |
| 60 // The key used to sign the current policy (empty if there either is no |
| 61 // loaded policy yet, or if the policy is unsigned). |
| 62 const std::string& policy_key() { return policy_key_; } |
| 63 |
56 protected: | 64 protected: |
57 std::string signin_username_; | 65 std::string signin_username_; |
58 | 66 |
59 private: | 67 private: |
60 // Callback invoked when a new policy has been loaded from disk. If | 68 // Callback invoked when a new policy has been loaded from disk. If |
61 // |validate_in_background| is true, then policy is validated via a background | 69 // |validate_in_background| is true, then policy is validated via a background |
62 // thread. | 70 // thread. |
63 void PolicyLoaded(bool validate_in_background, | 71 void PolicyLoaded(bool validate_in_background, |
64 struct PolicyLoadResult policy_load_result); | 72 struct PolicyLoadResult policy_load_result); |
65 | 73 |
66 // Starts policy blob validation. |callback| is invoked once validation is | 74 // Starts policy blob validation. |callback| is invoked once validation is |
67 // complete. If |validate_in_background| is true, then the validation work | 75 // complete. If |validate_in_background| is true, then the validation work |
68 // occurs on a background thread (results are sent back to the calling | 76 // occurs on a background thread (results are sent back to the calling |
69 // thread). | 77 // thread). |
70 void Validate( | 78 void Validate( |
71 scoped_ptr<enterprise_management::PolicyFetchResponse> policy, | 79 scoped_ptr<enterprise_management::PolicyFetchResponse> policy, |
| 80 scoped_ptr<enterprise_management::PolicySigningKey> key, |
72 bool validate_in_background, | 81 bool validate_in_background, |
73 const UserCloudPolicyValidator::CompletionCallback& callback); | 82 const UserCloudPolicyValidator::CompletionCallback& callback); |
74 | 83 |
75 // Callback invoked to install a just-loaded policy after validation has | 84 // Callback invoked to install a just-loaded policy after validation has |
76 // finished. | 85 // finished. |
77 void InstallLoadedPolicyAfterValidation(UserCloudPolicyValidator* validator); | 86 void InstallLoadedPolicyAfterValidation(const std::string& signing_key, |
| 87 UserCloudPolicyValidator* validator); |
78 | 88 |
79 // Callback invoked to store the policy after validation has finished. | 89 // Callback invoked to store the policy after validation has finished. |
80 void StorePolicyAfterValidation(UserCloudPolicyValidator* validator); | 90 void StorePolicyAfterValidation(UserCloudPolicyValidator* validator); |
81 | 91 |
82 // WeakPtrFactory used to create callbacks for validating and storing policy. | 92 // WeakPtrFactory used to create callbacks for validating and storing policy. |
83 base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_; | 93 base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_; |
84 | 94 |
| 95 // The key used to verify signatures of cached policy. |
| 96 std::string policy_key_; |
| 97 |
85 // Path to file where we store persisted policy. | 98 // Path to file where we store persisted policy. |
86 base::FilePath backing_file_path_; | 99 base::FilePath policy_path_; |
| 100 |
| 101 // Path to file where we store the signing key for the policy blob. |
| 102 base::FilePath key_path_; |
| 103 |
| 104 // The hard-coded key used to verify new signing keys. |
| 105 const std::string verification_key_; |
87 | 106 |
88 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore); | 107 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore); |
89 }; | 108 }; |
90 | 109 |
91 } // namespace policy | 110 } // namespace policy |
92 | 111 |
93 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ | 112 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_ |
OLD | NEW |