1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_CREATION_CONTROLLER_NEW_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_CREATION_CONTROLLER_NEW_H_ 7 8 #include <string> 9 10 #include "base/files/file_path.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/weak_ptr.h" 13 #include "base/strings/string16.h" 14 #include "base/timer/timer.h" 15 #include "base/values.h" 16 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_controller.h" 17 #include "chrome/browser/supervised_user/supervised_user_registration_utility.h" 18 #include "chromeos/login/auth/extended_authenticator.h" 19 20 class Profile; 21 22 namespace chromeos { 23 24 class UserContext; 25 26 // Supervised user creation process: 27 // 0. Manager is logged in 28 // 1. Generate ID for new supervised user 29 // 2. Start "transaction" in Local State. 30 // 3, Generate keys for user : master key, salt, encryption and signature keys. 31 // 4. Create local cryptohome (errors could arise) 32 // 5. Create user in cloud (errors could arise) 33 // 6. Store cloud token in cryptohome (actually, error could arise). 34 // 7. Mark "transaction" as completed. 35 // 8. End manager session. 36 class SupervisedUserCreationControllerNew 37 : public SupervisedUserCreationController, 38 public ExtendedAuthenticator::NewAuthStatusConsumer { 39 public: 40 // All UI initialization is deferred till Init() call. 41 // |Consumer| is not owned by controller, and it is expected that it wouldn't 42 // be deleted before SupervisedUserCreationControllerNew. 43 SupervisedUserCreationControllerNew(StatusConsumer* consumer, 44 const std::string& manager_id); 45 virtual ~SupervisedUserCreationControllerNew(); 46 47 // Returns the current supervised user controller if it has been created. 48 static SupervisedUserCreationControllerNew* current_controller() { 49 return current_controller_; 50 } 51 52 // Set up controller for creating new supervised user with |display_name|, 53 // |password| and avatar indexed by |avatar_index|. StartCreation() have to 54 // be called to actually start creating user. 55 virtual void StartCreation(const base::string16& display_name, 56 const std::string& password, 57 int avatar_index) OVERRIDE; 58 59 // Starts import of the supervised users created prior to M35. They lack 60 // information about password. 61 // Configures and initiates importing existing supervised user to this device. 62 // Existing user is identified by |sync_id|, has |display_name|, |password|, 63 // |avatar_index|. The master key for cryptohome is a |master_key|. 64 virtual void StartImport(const base::string16& display_name, 65 const std::string& password, 66 int avatar_index, 67 const std::string& sync_id, 68 const std::string& master_key) OVERRIDE; 69 70 // Configures and initiates importing existing supervised user to this device. 71 // Existing user is identified by |sync_id|, has |display_name|, 72 // |avatar_index|. The master key for cryptohome is a |master_key|. The user 73 // has password specified in |password_data| and 74 // |encryption_key|/|signature_key| for cryptohome. 75 virtual void StartImport(const base::string16& display_name, 76 int avatar_index, 77 const std::string& sync_id, 78 const std::string& master_key, 79 const base::DictionaryValue* password_data, 80 const std::string& encryption_key, 81 const std::string& signature_key) OVERRIDE; 82 83 virtual void SetManagerProfile(Profile* manager_profile) OVERRIDE; 84 virtual Profile* GetManagerProfile() OVERRIDE; 85 86 virtual void CancelCreation() OVERRIDE; 87 virtual void FinishCreation() OVERRIDE; 88 virtual std::string GetSupervisedUserId() OVERRIDE; 89 90 private: 91 enum Stage { 92 // Just initial stage. 93 STAGE_INITIAL, 94 95 // Creation attempt is recoreded to allow cleanup in case of failure. 96 TRANSACTION_STARTED, 97 // Different keys are generated and public ones are stored in LocalState. 98 KEYS_GENERATED, 99 // Home directory is created with all necessary passwords. 100 CRYPTOHOME_CREATED, 101 // All user-related information is confirmed to exist on server. 102 DASHBOARD_CREATED, 103 // Managed user's sync token is written. 104 TOKEN_WRITTEN, 105 // Managed user is succesfully created. 106 TRANSACTION_COMMITTED, 107 // Some error happened while creating supervised user. 108 STAGE_ERROR, 109 }; 110 111 // Indicates if we create new user, or import an existing one. 112 enum CreationType { NEW_USER, USER_IMPORT_OLD, USER_IMPORT_NEW, }; 113 114 // Contains information necessary for new user creation. 115 struct UserCreationContext { 116 UserCreationContext(); 117 ~UserCreationContext(); 118 119 base::string16 display_name; 120 int avatar_index; 121 122 std::string manager_id; 123 124 std::string local_user_id; // Used to identify cryptohome. 125 std::string sync_user_id; // Used to identify user in manager's sync data. 126 127 // Keys: 128 std::string master_key; // Random string 129 std::string signature_key; // 256 bit HMAC key 130 std::string encryption_key; // 256 bit HMAC key 131 std::string salted_password; // Hash(salt + Hash(password)) 132 133 std::string password; 134 135 std::string salted_master_key; // Hash(system salt + master key) 136 std::string mount_hash; 137 138 std::string token; 139 140 CreationType creation_type; 141 142 base::DictionaryValue password_data; 143 144 Profile* manager_profile; 145 scoped_ptr<SupervisedUserRegistrationUtility> registration_utility; 146 }; 147 148 // SupervisedUserAuthenticator::StatusConsumer overrides. 149 virtual void OnAuthenticationFailure(ExtendedAuthenticator::AuthState error) 150 OVERRIDE; 151 152 // Authenticator success callbacks. 153 void OnMountSuccess(const std::string& mount_hash); 154 void OnAddKeySuccess(); 155 void OnKeyTransformedIfNeeded(const UserContext& user_context); 156 157 void StartCreationImpl(); 158 159 // Guard timer callback. 160 void CreationTimedOut(); 161 // SupervisedUserRegistrationUtility callback. 162 void RegistrationCallback(const GoogleServiceAuthError& error, 163 const std::string& token); 164 165 // Completion callback for StoreSupervisedUserFiles method. 166 // Called on the UI thread. 167 void OnSupervisedUserFilesStored(bool success); 168 169 // Pointer to the current instance of the controller to be used by 170 // automation tests. 171 static SupervisedUserCreationControllerNew* current_controller_; 172 173 // Current stage of user creation. 174 Stage stage_; 175 176 // Authenticator used for user creation. 177 scoped_refptr<ExtendedAuthenticator> authenticator_; 178 179 // Creation context. Not null while creating new LMU. 180 scoped_ptr<UserCreationContext> creation_context_; 181 182 // Timer for showing warning if creation process takes too long. 183 base::OneShotTimer<SupervisedUserCreationControllerNew> timeout_timer_; 184 185 // Factory of callbacks. 186 base::WeakPtrFactory<SupervisedUserCreationControllerNew> weak_factory_; 187 188 DISALLOW_COPY_AND_ASSIGN(SupervisedUserCreationControllerNew); 189 }; 190 191 } // namespace chromeos 192 193 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_CREATION_CONTROLLER_NEW_H_ 194