Home | History | Annotate | Download | only in cloud 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
      6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
      7 
      8 #include <map>
      9 #include <set>
     10 #include <string>
     11 
     12 #include "base/basictypes.h"
     13 #include "base/callback.h"
     14 #include "base/memory/scoped_ptr.h"
     15 #include "base/observer_list.h"
     16 #include "base/time/time.h"
     17 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
     18 #include "components/policy/policy_export.h"
     19 #include "policy/proto/device_management_backend.pb.h"
     20 
     21 namespace net {
     22 class URLRequestContextGetter;
     23 }
     24 
     25 namespace policy {
     26 
     27 class DeviceManagementRequestJob;
     28 class DeviceManagementService;
     29 
     30 // Implements the core logic required to talk to the device management service.
     31 // Also keeps track of the current state of the association with the service,
     32 // such as whether there is a valid registration (DMToken is present in that
     33 // case) and whether and what errors occurred in the latest request.
     34 //
     35 // Note that CloudPolicyClient doesn't do any validation of policy responses
     36 // such as signature and time stamp checks. These happen once the policy gets
     37 // installed in the cloud policy cache.
     38 class POLICY_EXPORT CloudPolicyClient {
     39  public:
     40   // Maps a PolicyNamespaceKey to its corresponding PolicyFetchResponse.
     41   typedef std::map<PolicyNamespaceKey,
     42                    enterprise_management::PolicyFetchResponse*> ResponseMap;
     43 
     44   // A callback which receives boolean status of an operation.  If the operation
     45   // succeeded, |status| is true.
     46   typedef base::Callback<void(bool status)> StatusCallback;
     47 
     48   // Observer interface for state and policy changes.
     49   class POLICY_EXPORT Observer {
     50    public:
     51     virtual ~Observer();
     52 
     53     // Called when a policy fetch completes successfully. If a policy fetch
     54     // triggers an error, OnClientError() will fire.
     55     virtual void OnPolicyFetched(CloudPolicyClient* client) = 0;
     56 
     57     // Called upon registration state changes. This callback is invoked for
     58     // successful completion of registration and unregistration requests.
     59     virtual void OnRegistrationStateChanged(CloudPolicyClient* client) = 0;
     60 
     61     // Called when a request for device robot OAuth2 authorization tokens
     62     // returns successfully. Only occurs during enrollment. Optional
     63     // (default implementation is a noop).
     64     virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client);
     65 
     66     // Indicates there's been an error in a previously-issued request.
     67     virtual void OnClientError(CloudPolicyClient* client) = 0;
     68   };
     69 
     70   // Delegate interface for supplying status information to upload to the server
     71   // as part of the policy fetch request.
     72   class POLICY_EXPORT StatusProvider {
     73    public:
     74     virtual ~StatusProvider();
     75 
     76     // Retrieves status information to send with the next policy fetch.
     77     // Implementations must return true if status information was filled in.
     78     virtual bool GetDeviceStatus(
     79         enterprise_management::DeviceStatusReportRequest* status) = 0;
     80     virtual bool GetSessionStatus(
     81         enterprise_management::SessionStatusReportRequest* status) = 0;
     82 
     83     // Called after the status information has successfully been submitted to
     84     // the server.
     85     virtual void OnSubmittedSuccessfully() = 0;
     86   };
     87 
     88   // |provider| and |service| are weak pointers and it's the caller's
     89   // responsibility to keep them valid for the lifetime of CloudPolicyClient.
     90   CloudPolicyClient(
     91       const std::string& machine_id,
     92       const std::string& machine_model,
     93       UserAffiliation user_affiliation,
     94       StatusProvider* provider,
     95       DeviceManagementService* service,
     96       scoped_refptr<net::URLRequestContextGetter> request_context);
     97   virtual ~CloudPolicyClient();
     98 
     99   // Sets the DMToken, thereby establishing a registration with the server. A
    100   // policy fetch is not automatically issued but can be requested by calling
    101   // FetchPolicy().
    102   virtual void SetupRegistration(const std::string& dm_token,
    103                                  const std::string& client_id);
    104 
    105   // Attempts to register with the device management service. Results in a
    106   // registration change or error notification.
    107   virtual void Register(
    108       enterprise_management::DeviceRegisterRequest::Type registration_type,
    109       const std::string& auth_token,
    110       const std::string& client_id,
    111       bool is_auto_enrollment,
    112       const std::string& requisition);
    113 
    114   // Sets information about a policy invalidation. Subsequent fetch operations
    115   // will use the given info, and callers can use fetched_invalidation_version
    116   // to determine which version of policy was fetched.
    117   void SetInvalidationInfo(int64 version, const std::string& payload);
    118 
    119   // Requests a policy fetch. The client being registered is a prerequisite to
    120   // this operation and this call will CHECK if the client is not in registered
    121   // state. FetchPolicy() triggers a policy fetch from the cloud. A policy
    122   // change notification is reported to the observers and the new policy blob
    123   // can be retrieved once the policy fetch operation completes. In case of
    124   // multiple requests to fetch policy, new requests will cancel any pending
    125   // requests and the latest request will eventually trigger notifications.
    126   virtual void FetchPolicy();
    127 
    128   // Requests OAuth2 auth codes for the device robot account. The client being
    129   // registered is a prerequisite to this operation and this call will CHECK if
    130   // the client is not in registered state.
    131   virtual void FetchRobotAuthCodes(const std::string& auth_token);
    132 
    133   // Sends an unregistration request to the server.
    134   virtual void Unregister();
    135 
    136   // Upload a device certificate to the server.  Like FetchPolicy, this method
    137   // requires that the client is in a registered state.  |certificate_data| must
    138   // hold the X.509 certificate data to be sent to the server.  The |callback|
    139   // will be called when the operation completes.
    140   virtual void UploadCertificate(const std::string& certificate_data,
    141                                  const StatusCallback& callback);
    142 
    143   // Adds an observer to be called back upon policy and state changes.
    144   void AddObserver(Observer* observer);
    145 
    146   // Removes the specified observer.
    147   void RemoveObserver(Observer* observer);
    148 
    149   void set_submit_machine_id(bool submit_machine_id) {
    150     submit_machine_id_ = submit_machine_id;
    151   }
    152 
    153   void set_last_policy_timestamp(const base::Time& timestamp) {
    154     last_policy_timestamp_ = timestamp;
    155   }
    156 
    157   void set_public_key_version(int public_key_version) {
    158     public_key_version_ = public_key_version;
    159     public_key_version_valid_ = true;
    160   }
    161 
    162   void clear_public_key_version() {
    163     public_key_version_valid_ = false;
    164   }
    165 
    166   // FetchPolicy() calls will request this policy namespace.
    167   void AddNamespaceToFetch(const PolicyNamespaceKey& policy_ns_key);
    168 
    169   // FetchPolicy() calls won't request the given policy namespace anymore.
    170   void RemoveNamespaceToFetch(const PolicyNamespaceKey& policy_ns_key);
    171 
    172   // Whether the client is registered with the device management service.
    173   bool is_registered() const { return !dm_token_.empty(); }
    174 
    175   const std::string& dm_token() const { return dm_token_; }
    176   const std::string& client_id() const { return client_id_; }
    177 
    178   // The device mode as received in the registration request.
    179   DeviceMode device_mode() const { return device_mode_; }
    180 
    181   // The policy responses as obtained by the last request to the cloud. These
    182   // policies haven't gone through verification, so their contents cannot be
    183   // trusted. Use CloudPolicyStore::policy() and CloudPolicyStore::policy_map()
    184   // instead for making policy decisions.
    185   const ResponseMap& responses() const {
    186     return responses_;
    187   }
    188 
    189   // Returns the policy response for |policy_ns_key|, if found in |responses()|;
    190   // otherwise returns NULL.
    191   const enterprise_management::PolicyFetchResponse* GetPolicyFor(
    192       const PolicyNamespaceKey& policy_ns_key) const;
    193 
    194   DeviceManagementStatus status() const {
    195     return status_;
    196   }
    197 
    198   const std::string& robot_api_auth_code() const {
    199     return robot_api_auth_code_;
    200   }
    201 
    202   // Returns the invalidation version that was used for the last FetchPolicy.
    203   // Observers can call this method from their OnPolicyFetched method to
    204   // determine which at which invalidation version the policy was fetched.
    205   int64 fetched_invalidation_version() const {
    206     return fetched_invalidation_version_;
    207   }
    208 
    209   scoped_refptr<net::URLRequestContextGetter> GetRequestContext();
    210 
    211  protected:
    212   // A set of PolicyNamespaceKeys to fetch.
    213   typedef std::set<PolicyNamespaceKey> NamespaceSet;
    214 
    215   // Callback for retries of registration requests.
    216   void OnRetryRegister(DeviceManagementRequestJob* job);
    217 
    218   // Callback for registration requests.
    219   void OnRegisterCompleted(
    220       DeviceManagementStatus status,
    221       int net_error,
    222       const enterprise_management::DeviceManagementResponse& response);
    223 
    224   // Callback for policy fetch requests.
    225   void OnPolicyFetchCompleted(
    226       DeviceManagementStatus status,
    227       int net_error,
    228       const enterprise_management::DeviceManagementResponse& response);
    229 
    230   // Callback for robot account api authorization requests.
    231   void OnFetchRobotAuthCodesCompleted(
    232       DeviceManagementStatus status,
    233       int net_error,
    234       const enterprise_management::DeviceManagementResponse& response);
    235 
    236   // Callback for unregistration requests.
    237   void OnUnregisterCompleted(
    238       DeviceManagementStatus status,
    239       int net_error,
    240       const enterprise_management::DeviceManagementResponse& response);
    241 
    242   // Callback for certificate upload requests.
    243   void OnCertificateUploadCompleted(
    244       const StatusCallback& callback,
    245       DeviceManagementStatus status,
    246       int net_error,
    247       const enterprise_management::DeviceManagementResponse& response);
    248 
    249   // Observer notification helpers.
    250   void NotifyPolicyFetched();
    251   void NotifyRegistrationStateChanged();
    252   void NotifyRobotAuthCodesFetched();
    253   void NotifyClientError();
    254 
    255   // Data necessary for constructing policy requests.
    256   const std::string machine_id_;
    257   const std::string machine_model_;
    258   const UserAffiliation user_affiliation_;
    259   NamespaceSet namespaces_to_fetch_;
    260 
    261   std::string dm_token_;
    262   DeviceMode device_mode_;
    263   std::string client_id_;
    264   bool submit_machine_id_;
    265   base::Time last_policy_timestamp_;
    266   int public_key_version_;
    267   bool public_key_version_valid_;
    268   std::string robot_api_auth_code_;
    269 
    270   // Information for the latest policy invalidation received.
    271   int64 invalidation_version_;
    272   std::string invalidation_payload_;
    273 
    274   // The invalidation version used for the most recent fetch operation.
    275   int64 fetched_invalidation_version_;
    276 
    277   // Used for issuing requests to the cloud.
    278   DeviceManagementService* service_;
    279   scoped_ptr<DeviceManagementRequestJob> request_job_;
    280 
    281   // Status upload data is produced by |status_provider_|.
    282   StatusProvider* status_provider_;
    283 
    284   // The policy responses returned by the last policy fetch operation.
    285   ResponseMap responses_;
    286   DeviceManagementStatus status_;
    287 
    288   ObserverList<Observer, true> observers_;
    289   scoped_refptr<net::URLRequestContextGetter> request_context_;
    290 
    291  private:
    292   DISALLOW_COPY_AND_ASSIGN(CloudPolicyClient);
    293 };
    294 
    295 }  // namespace policy
    296 
    297 #endif  // COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
    298