1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_ 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_ 7 8 #include <deque> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/callback.h" 14 #include "base/compiler_specific.h" 15 #include "base/memory/ref_counted.h" 16 #include "base/memory/scoped_ptr.h" 17 #include "base/observer_list.h" 18 #include "chrome/browser/policy/cloud/cloud_policy_validator.h" 19 #include "chromeos/cert_loader.h" 20 #include "chromeos/dbus/session_manager_client.h" 21 22 namespace crypto { 23 class RSAPrivateKey; 24 } 25 26 namespace enterprise_management { 27 class ChromeDeviceSettingsProto; 28 class PolicyData; 29 class PolicyFetchResponse; 30 } 31 32 namespace chromeos { 33 34 class OwnerKeyUtil; 35 class SessionManagerOperation; 36 37 // Keeps the public and private halves of the owner key. Both may be missing, 38 // but if the private key is present, the public half will be as well. This 39 // class is immutable and refcounted in order to allow safe access from any 40 // thread. 41 class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> { 42 public: 43 OwnerKey(scoped_ptr<std::vector<uint8> > public_key, 44 scoped_ptr<crypto::RSAPrivateKey> private_key); 45 46 const std::vector<uint8>* public_key() { 47 return public_key_.get(); 48 } 49 crypto::RSAPrivateKey* private_key() { 50 return private_key_.get(); 51 } 52 53 private: 54 friend class base::RefCountedThreadSafe<OwnerKey>; 55 ~OwnerKey(); 56 57 scoped_ptr<std::vector<uint8> > public_key_; 58 scoped_ptr<crypto::RSAPrivateKey> private_key_; 59 60 DISALLOW_COPY_AND_ASSIGN(OwnerKey); 61 }; 62 63 // Deals with the low-level interface to Chromium OS device settings. Device 64 // settings are stored in a protobuf that's protected by a cryptographic 65 // signature generated by a key in the device owner's possession. Key and 66 // settings are brokered by the session_manager daemon. 67 // 68 // The purpose of DeviceSettingsService is to keep track of the current key and 69 // settings blob. For reading and writing device settings, use CrosSettings 70 // instead, which provides a high-level interface that allows for manipulation 71 // of individual settings. 72 // 73 // DeviceSettingsService generates notifications for key and policy update 74 // events so interested parties can reload state as appropriate. 75 class DeviceSettingsService : public SessionManagerClient::Observer, 76 public CertLoader::Observer { 77 public: 78 // Indicates ownership status of the device. 79 enum OwnershipStatus { 80 // Listed in upgrade order. 81 OWNERSHIP_UNKNOWN = 0, 82 OWNERSHIP_NONE, 83 OWNERSHIP_TAKEN 84 }; 85 86 typedef base::Callback<void(OwnershipStatus, bool)> OwnershipStatusCallback; 87 88 // Status codes for Store(). 89 enum Status { 90 STORE_SUCCESS, 91 STORE_KEY_UNAVAILABLE, // Owner key not yet configured. 92 STORE_POLICY_ERROR, // Failure constructing the settings blob. 93 STORE_OPERATION_FAILED, // IPC to session_manager daemon failed. 94 STORE_NO_POLICY, // No settings blob present. 95 STORE_INVALID_POLICY, // Invalid settings blob. 96 STORE_VALIDATION_ERROR, // Unrecoverable policy validation failure. 97 STORE_TEMP_VALIDATION_ERROR, // Temporary policy validation failure. 98 }; 99 100 // Observer interface. 101 class Observer { 102 public: 103 virtual ~Observer(); 104 105 // Indicates device ownership status changes. 106 virtual void OwnershipStatusChanged() = 0; 107 108 // Gets call after updates to the device settings. 109 virtual void DeviceSettingsUpdated() = 0; 110 }; 111 112 // Manage singleton instance. 113 static void Initialize(); 114 static bool IsInitialized(); 115 static void Shutdown(); 116 static DeviceSettingsService* Get(); 117 118 // Creates a device settings service instance. This is meant for unit tests, 119 // production code uses the singleton returned by Get() above. 120 DeviceSettingsService(); 121 virtual ~DeviceSettingsService(); 122 123 // To be called on startup once threads are initialized and DBus is ready. 124 void SetSessionManager(SessionManagerClient* session_manager_client, 125 scoped_refptr<OwnerKeyUtil> owner_key_util); 126 127 // Prevents the service from making further calls to session_manager_client 128 // and stops any pending operations. 129 void UnsetSessionManager(); 130 131 // Returns the currently active device settings. Returns NULL if the device 132 // settings have not been retrieved from session_manager yet. 133 const enterprise_management::PolicyData* policy_data() { 134 return policy_data_.get(); 135 } 136 const enterprise_management::ChromeDeviceSettingsProto* 137 device_settings() const { 138 return device_settings_.get(); 139 } 140 141 // Returns the currently used owner key. 142 scoped_refptr<OwnerKey> GetOwnerKey(); 143 144 // Returns the status generated by the last operation. 145 Status status() { 146 return store_status_; 147 } 148 149 // Triggers an attempt to pull the public half of the owner key from disk and 150 // load the device settings. 151 void Load(); 152 153 // Signs |settings| with the private half of the owner key and sends the 154 // resulting policy blob to session manager for storage. The result of the 155 // operation is reported through |callback|. If successful, the updated device 156 // settings are present in policy_data() and device_settings() when the 157 // callback runs. 158 void SignAndStore( 159 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> new_settings, 160 const base::Closure& callback); 161 162 // Stores a policy blob to session_manager. The result of the operation is 163 // reported through |callback|. If successful, the updated device settings are 164 // present in policy_data() and device_settings() when the callback runs. 165 void Store(scoped_ptr<enterprise_management::PolicyFetchResponse> policy, 166 const base::Closure& callback); 167 168 // Returns the ownership status. May return OWNERSHIP_UNKNOWN if the disk 169 // hasn't been checked yet. 170 OwnershipStatus GetOwnershipStatus(); 171 172 // Determines the ownership status and reports the result to |callback|. This 173 // is guaranteed to never return OWNERSHIP_UNKNOWN. 174 void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback); 175 176 // Checks whether we have the private owner key. 177 bool HasPrivateOwnerKey(); 178 179 // Sets the identity of the user that's interacting with the service. This is 180 // relevant only for writing settings through SignAndStore(). 181 void SetUsername(const std::string& username); 182 const std::string& GetUsername() const; 183 184 // Adds an observer. 185 void AddObserver(Observer* observer); 186 // Removes an observer. 187 void RemoveObserver(Observer* observer); 188 189 // SessionManagerClient::Observer: 190 virtual void OwnerKeySet(bool success) OVERRIDE; 191 virtual void PropertyChangeComplete(bool success) OVERRIDE; 192 193 // CertLoader::Observer: 194 virtual void OnCertificatesLoaded(const net::CertificateList& cert_list, 195 bool initial_load) OVERRIDE; 196 197 private: 198 // Enqueues a new operation. Takes ownership of |operation| and starts it 199 // right away if there is no active operation currently. 200 void Enqueue(SessionManagerOperation* operation); 201 202 // Enqueues a load operation. 203 void EnqueueLoad(bool force_key_load); 204 205 // Makes sure there's a reload operation so changes to the settings (and key, 206 // in case force_key_load is set) are getting picked up. 207 void EnsureReload(bool force_key_load); 208 209 // Runs the next pending operation. 210 void StartNextOperation(); 211 212 // Updates status, policy data and owner key from a finished operation. 213 // Starts the next pending operation if available. 214 void HandleCompletedOperation(const base::Closure& callback, 215 SessionManagerOperation* operation, 216 Status status); 217 218 SessionManagerClient* session_manager_client_; 219 scoped_refptr<OwnerKeyUtil> owner_key_util_; 220 221 base::WeakPtrFactory<DeviceSettingsService> weak_factory_; 222 223 Status store_status_; 224 225 std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_; 226 227 std::string username_; 228 scoped_refptr<OwnerKey> owner_key_; 229 230 scoped_ptr<enterprise_management::PolicyData> policy_data_; 231 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_; 232 233 // The queue of pending operations. The first operation on the queue is 234 // currently active; it gets removed and destroyed once it completes. 235 std::deque<SessionManagerOperation*> pending_operations_; 236 237 ObserverList<Observer, true> observers_; 238 239 // For recoverable load errors how many retries are left before we give up. 240 int load_retries_left_; 241 242 DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService); 243 }; 244 245 // Helper class for tests. Initializes the DeviceSettingsService singleton on 246 // construction and tears it down again on destruction. 247 class ScopedTestDeviceSettingsService { 248 public: 249 ScopedTestDeviceSettingsService(); 250 ~ScopedTestDeviceSettingsService(); 251 252 private: 253 DISALLOW_COPY_AND_ASSIGN(ScopedTestDeviceSettingsService); 254 }; 255 256 } // namespace chromeos 257 258 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_ 259