1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
#define CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
#pragma once
#include "base/observer_list.h"
#include "base/threading/non_thread_safe.h"
#include "base/time.h"
#include "chrome/browser/policy/cloud_policy_subsystem.h"
#include "chrome/browser/policy/policy_map.h"
#include "chrome/browser/policy/proto/device_management_backend.pb.h"
namespace policy {
class PolicyNotifier;
namespace em = enterprise_management;
// Caches policy information, as set by calls to |SetPolicy()|, persists
// it to disk or session_manager (depending on subclass implementation),
// and makes it available via policy providers.
class CloudPolicyCacheBase : public base::NonThreadSafe {
public:
// Used to distinguish mandatory from recommended policies.
enum PolicyLevel {
// Policy is forced upon the user and should always take effect.
POLICY_LEVEL_MANDATORY,
// The value is just a recommendation that the user may override.
POLICY_LEVEL_RECOMMENDED,
};
class Observer {
public:
virtual ~Observer() {}
virtual void OnCacheGoingAway(CloudPolicyCacheBase*) = 0;
virtual void OnCacheUpdate(CloudPolicyCacheBase*) = 0;
};
CloudPolicyCacheBase();
virtual ~CloudPolicyCacheBase();
void set_policy_notifier(PolicyNotifier* notifier) {
notifier_ = notifier;
}
// Loads persisted policy information.
virtual void Load() = 0;
// Resets the policy information.
virtual void SetPolicy(const em::PolicyFetchResponse& policy) = 0;
virtual void SetUnmanaged() = 0;
bool is_unmanaged() const {
return is_unmanaged_;
}
// Returns the time at which the policy was last fetched.
base::Time last_policy_refresh_time() const {
return last_policy_refresh_time_;
}
// Get the version of the encryption key currently used for decoding policy.
// Returns true if the version is available, in which case |version| is filled
// in.
bool GetPublicKeyVersion(int* version);
void AddObserver(Observer* observer);
void RemoveObserver(Observer* observer);
// Accessor for the underlying PolicyMaps.
const PolicyMap* policy(PolicyLevel level);
// Resets the cache, clearing the policy currently stored in memory and the
// last refresh time.
void Reset();
// true if the cache contains data that is ready to be served as policies.
// This should mean that this method turns true as soon as a round-trip to
// the local policy storage is complete. The creation of the Profile is
// blocked on this method, so we shouldn't wait for successful network
// round trips.
bool IsReady();
protected:
// Wraps public key version and validity.
struct PublicKeyVersion {
int version;
bool valid;
};
// Decodes the given |policy| using |DecodePolicyResponse()|, applies the
// contents to |{mandatory,recommended}_policy_|, and notifies observers.
// |timestamp| returns the timestamp embedded in |policy|, callers can pass
// NULL if they don't care. |check_for_timestamp_validity| tells this method
// to discard policy data with a timestamp from the future.
// Returns true upon success.
bool SetPolicyInternal(const em::PolicyFetchResponse& policy,
base::Time* timestamp,
bool check_for_timestamp_validity);
void SetUnmanagedInternal(const base::Time& timestamp);
// Indicates that initialization is now complete. Observers will be notified.
void SetReady();
// Decodes |policy_data|, populating |mandatory| and |recommended| with
// the results.
virtual bool DecodePolicyData(const em::PolicyData& policy_data,
PolicyMap* mandatory,
PolicyMap* recommended) = 0;
// Decodes a PolicyFetchResponse into two PolicyMaps and a timestamp.
// Also performs verification, returns NULL if any check fails.
bool DecodePolicyResponse(const em::PolicyFetchResponse& policy_response,
PolicyMap* mandatory,
PolicyMap* recommended,
base::Time* timestamp,
PublicKeyVersion* public_key_version);
// Notifies observers if the cache IsReady().
void NotifyObservers();
void InformNotifier(CloudPolicySubsystem::PolicySubsystemState state,
CloudPolicySubsystem::ErrorDetails error_details);
void set_last_policy_refresh_time(base::Time timestamp) {
last_policy_refresh_time_ = timestamp;
}
private:
friend class DevicePolicyCacheTest;
friend class UserPolicyCacheTest;
friend class MockCloudPolicyCache;
// Policy key-value information.
PolicyMap mandatory_policy_;
PolicyMap recommended_policy_;
PolicyNotifier* notifier_;
// The time at which the policy was last refreshed. Is updated both upon
// successful and unsuccessful refresh attempts.
base::Time last_policy_refresh_time_;
// Whether initialization has been completed. This is the case when we have
// valid policy, learned that the device is unmanaged or ran into
// unrecoverable errors.
bool initialization_complete_;
// Whether the the server has indicated this device is unmanaged.
bool is_unmanaged_;
// Currently used public key version, if available.
PublicKeyVersion public_key_version_;
// Cache observers that are registered with this cache.
ObserverList<Observer, true> observer_list_;
DISALLOW_COPY_AND_ASSIGN(CloudPolicyCacheBase);
};
} // namespace policy
#endif // CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
|
