1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/files/file_path.h"
13 #include "base/memory/weak_ptr.h"
14 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
15 #include "components/policy/policy_export.h"
16 #include "policy/proto/policy_signing_key.pb.h"
19 class SequencedTaskRunner;
24 // Implements a cloud policy store that is stored in a simple file in the user's
25 // profile directory. This is used on (non-chromeos) platforms that do not have
26 // a secure storage implementation.
27 class POLICY_EXPORT UserCloudPolicyStore : public UserCloudPolicyStoreBase {
29 // Creates a policy store associated with a signed-in (or in the progress of
32 const base::FilePath& policy_file,
33 const base::FilePath& key_file,
34 const std::string& verification_key,
35 scoped_refptr<base::SequencedTaskRunner> background_task_runner);
36 virtual ~UserCloudPolicyStore();
38 // Factory method for creating a UserCloudPolicyStore for a profile with path
40 static scoped_ptr<UserCloudPolicyStore> Create(
41 const base::FilePath& profile_path,
42 const std::string& verification_key,
43 scoped_refptr<base::SequencedTaskRunner> background_task_runner);
45 // Sets the username from signin for validation of the policy.
46 void SetSigninUsername(const std::string& username);
48 // Loads policy immediately on the current thread. Virtual for mocks.
49 virtual void LoadImmediately();
51 // Deletes any existing policy blob and notifies observers via OnStoreLoaded()
52 // that the blob has changed. Virtual for mocks.
55 // CloudPolicyStore implementation.
56 virtual void Load() OVERRIDE;
58 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
60 // The key used to sign the current policy (empty if there either is no
61 // loaded policy yet, or if the policy is unsigned).
62 const std::string& policy_key() { return policy_key_; }
65 std::string signin_username_;
68 // Callback invoked when a new policy has been loaded from disk. If
69 // |validate_in_background| is true, then policy is validated via a background
71 void PolicyLoaded(bool validate_in_background,
72 struct PolicyLoadResult policy_load_result);
74 // Starts policy blob validation. |callback| is invoked once validation is
75 // complete. If |validate_in_background| is true, then the validation work
76 // occurs on a background thread (results are sent back to the calling
79 scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
80 scoped_ptr<enterprise_management::PolicySigningKey> key,
81 const std::string& verification_key,
82 bool validate_in_background,
83 const UserCloudPolicyValidator::CompletionCallback& callback);
85 // Callback invoked to install a just-loaded policy after validation has
87 void InstallLoadedPolicyAfterValidation(bool doing_key_rotation,
88 const std::string& signing_key,
89 UserCloudPolicyValidator* validator);
91 // Callback invoked to store the policy after validation has finished.
92 void StorePolicyAfterValidation(UserCloudPolicyValidator* validator);
94 // WeakPtrFactory used to create callbacks for validating and storing policy.
95 base::WeakPtrFactory<UserCloudPolicyStore> weak_factory_;
97 // The key used to verify signatures of cached policy.
98 std::string policy_key_;
100 // Path to file where we store persisted policy.
101 base::FilePath policy_path_;
103 // Path to file where we store the signing key for the policy blob.
104 base::FilePath key_path_;
106 // The hard-coded key used to verify new signing keys.
107 const std::string verification_key_;
109 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStore);
112 } // namespace policy
114 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_USER_CLOUD_POLICY_STORE_H_