chrome/browser/policy/cloud_policy_store.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_STORE_H_
#define CHROME_BROWSER_POLICY_CLOUD_POLICY_STORE_H_
#pragma once

#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "base/observer_list.h"
#include "chrome/browser/policy/policy_map.h"
#include "chrome/browser/policy/proto/device_management_backend.pb.h"

namespace policy {

// Defines the low-level interface used by the cloud policy code to:
//   1. Validate policy blobs that should be applied locally
//   2. Persist policy blobs
//   3. Decode policy blobs to PolicyMap representation
class CloudPolicyStore {
 public:
  // Status codes.
  enum Status {
    // Everything is in good order.
    STATUS_OK,
    // Loading policy from the underlying data store failed.
    STATUS_PERSIST_LOAD_ERROR,
    // Failed to store policy to the data store.
    STATUS_PERSIST_STORE_ERROR,
    // Failed to parse the policy read from the data store.
    STATUS_PERSIST_PARSE_ERROR,
    // Failed to serialize policy for storage.
    STATUS_PERSIST_SERIALIZE_ERROR,
    // Validation failure: Bad signature.
    STATUS_VALIDATION_BAD_SIGNATURE,
    // Validation failure: Policy blob contains error code.
    STATUS_VALIDATION_ERROR_CODE_PRESENT,
    // Validation failure: Policy payload failed to decode.
    STATUS_VALIDATION_PAYLOAD_PARSE_ERROR,
    // Validation failure: Unexpected policy type.
    STATUS_VALIDATION_POLICY_TYPE,
    // Validation failure: Time stamp from the future.
    STATUS_VALIDATION_TIMESTAMP,
    // Validation failure: Token doesn't match.
    STATUS_VALIDATION_TOKEN,
    // Validation failure: Username doesn't match.
    STATUS_VALIDATION_USERNAME,
    // Policy protobuf parse error.
    STATUS_VALIDATION_POLICY_PARSE_ERROR,
  };

  // Callbacks for policy store events. Most importantly, policy updates.
  class Observer {
   public:
    virtual ~Observer();

    // Called on changes to store->policy() and/or store->policy_map().
    virtual void OnStoreLoaded(CloudPolicyStore* store) = 0;

    // Called upon encountering errors.
    virtual void OnStoreError(CloudPolicyStore* store) = 0;
  };

  CloudPolicyStore();
  virtual ~CloudPolicyStore();

  // Indicates whether the store has been fully initialized. This is
  // accomplished by calling Load() after startup.
  bool is_initialized() const { return is_initialized_; }

  const PolicyMap& policy_map() const { return policy_map_; }
  bool has_policy() const {
    return policy_.get() != NULL;
  }
  const enterprise_management::PolicyData* policy() const {
    return policy_.get();
  }
  bool is_managed() const {
    return policy_.get() &&
           policy_->state() == enterprise_management::PolicyData::ACTIVE;
  }
  Status status() const { return status_; }

  // Store a new policy blob. Pending store operations will be canceled. The
  // store operation may proceed asynchronously and observers are notified once
  // the operation finishes. If successful, OnStoreLoaded() will be invoked on
  // the observers and the updated policy can be read through policy(). Errors
  // generate OnStoreError() notifications.
  virtual void Store(
      const enterprise_management::PolicyFetchResponse& policy) = 0;

  // Load the current policy blob from persistent storage. This may trigger
  // asynchronous operations. Upon success, OnStoreLoaded() will be called on
  // the registered observers. Otherwise, OnStoreError() reports the reason for
  // failure.
  virtual void Load() = 0;

  // Registers an observer to be notified when policy changes.
  void AddObserver(Observer* observer);

  // Removes the specified observer.
  void RemoveObserver(Observer* observer);

 protected:
  // Invokes the corresponding callback on all registered observers.
  void NotifyStoreLoaded();
  void NotifyStoreError();

  // Decoded version of the currently effective policy.
  PolicyMap policy_map_;

  // Currently effective policy.
  scoped_ptr<enterprise_management::PolicyData> policy_;

  // Latest status code.
  Status status_;

 private:
  // Whether the store has completed asynchronous initialization, which is
  // triggered by calling Load().
  bool is_initialized_;

  ObserverList<Observer, true> observers_;

  DISALLOW_COPY_AND_ASSIGN(CloudPolicyStore);
};

}  // namespace policy

#endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_STORE_H_