extensions/browser/content_verifier_delegate.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_BROWSER_CONTENT_VERIFIER_DELEGATE_H_
   6 #define EXTENSIONS_BROWSER_CONTENT_VERIFIER_DELEGATE_H_
   7
   8 #include <set>
   9
  10 #include "url/gurl.h"
  11
  12 namespace base {
  13 class FilePath;
  14 class Version;
  15 }
  16
  17 namespace extensions {
  18
  19 class Extension;
  20
  21 // A pointer to the bytes of a public key, and the number of bytes.
  22 struct ContentVerifierKey {
  23   const uint8* data;
  24   int size;
  25
  26   ContentVerifierKey() : data(NULL), size(0) {}
  27
  28   ContentVerifierKey(const uint8* data, int size) {
  29     this->data = data;
  30     this->size = size;
  31   }
  32 };
  33
  34 // This is an interface for clients that want to use a ContentVerifier.
  35 class ContentVerifierDelegate {
  36  public:
  37   // Note that it is important for these to appear in increasing "severity"
  38   // order, because we use this to let command line flags increase, but not
  39   // decrease, the mode you're running in compared to the experiment group.
  40   enum Mode {
  41     // Do not try to fetch content hashes if they are missing, and do not
  42     // enforce them if they are present.
  43     NONE = 0,
  44
  45     // If content hashes are missing, try to fetch them, but do not enforce.
  46     BOOTSTRAP,
  47
  48     // If hashes are present, enforce them. If they are missing, try to fetch
  49     // them.
  50     ENFORCE,
  51
  52     // Treat the absence of hashes the same as a verification failure.
  53     ENFORCE_STRICT
  54   };
  55
  56   virtual ~ContentVerifierDelegate() {}
  57
  58   // This should return what verification mode is appropriate for the given
  59   // extension, if any.
  60   virtual Mode ShouldBeVerified(const Extension& extension) = 0;
  61
  62   // Should return the public key to use for validating signatures via the two
  63   // out parameters. NOTE: the pointer returned *must* remain valid for the
  64   // lifetime of this object.
  65   virtual const ContentVerifierKey& PublicKey() = 0;
  66
  67   // This should return a URL that can be used to fetch the
  68   // verified_contents.json containing signatures for the given extension
  69   // id/version pair.
  70   virtual GURL GetSignatureFetchUrl(const std::string& extension_id,
  71                                     const base::Version& version) = 0;
  72
  73   // This should return the set of file paths for images used within the
  74   // browser process. (These may get transcoded during the install process).
  75   virtual std::set<base::FilePath> GetBrowserImagePaths(
  76       const extensions::Extension* extension) = 0;
  77
  78   // Called when the content verifier detects that a read of a file inside
  79   // an extension did not match its expected hash.
  80   virtual void VerifyFailed(const std::string& extension_id) = 0;
  81 };
  82
  83 }  // namespace extensions
  84
  85 #endif  // EXTENSIONS_BROWSER_CONTENT_VERIFIER_DELEGATE_H_