Home | History | Annotate | Download | only in policy
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
      6 
      7 #include "base/memory/singleton.h"
      8 #include "base/prefs/pref_registry_simple.h"
      9 #include "base/prefs/pref_service.h"
     10 #include "base/prefs/scoped_user_pref_update.h"
     11 #include "chrome/browser/browser_process.h"
     12 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
     13 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
     14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
     15 #include "chrome/browser/chromeos/profiles/profile_helper.h"
     16 #include "chrome/browser/lifetime/application_lifetime.h"
     17 #include "chrome/browser/profiles/incognito_helpers.h"
     18 #include "chrome/browser/profiles/profile.h"
     19 #include "chrome/common/pref_names.h"
     20 #include "components/keyed_service/content/browser_context_dependency_manager.h"
     21 #include "components/pref_registry/pref_registry_syncable.h"
     22 #include "components/user_manager/user_manager.h"
     23 
     24 namespace policy {
     25 
     26 // static
     27 PolicyCertService* PolicyCertServiceFactory::GetForProfile(Profile* profile) {
     28   return static_cast<PolicyCertService*>(
     29       GetInstance()->GetServiceForBrowserContext(profile, false));
     30 }
     31 
     32 // static
     33 scoped_ptr<PolicyCertVerifier> PolicyCertServiceFactory::CreateForProfile(
     34     Profile* profile) {
     35   DCHECK(!GetInstance()->GetServiceForBrowserContext(profile, false));
     36   PolicyCertService* service = static_cast<PolicyCertService*>(
     37       GetInstance()->GetServiceForBrowserContext(profile, true));
     38   if (!service)
     39     return scoped_ptr<PolicyCertVerifier>();
     40   return service->CreatePolicyCertVerifier();
     41 }
     42 
     43 // static
     44 PolicyCertServiceFactory* PolicyCertServiceFactory::GetInstance() {
     45   return Singleton<PolicyCertServiceFactory>::get();
     46 }
     47 
     48 // static
     49 void PolicyCertServiceFactory::SetUsedPolicyCertificates(
     50     const std::string& user_id) {
     51   if (UsedPolicyCertificates(user_id))
     52     return;
     53   ListPrefUpdate update(g_browser_process->local_state(),
     54                         prefs::kUsedPolicyCertificates);
     55   update->AppendString(user_id);
     56 }
     57 
     58 // static
     59 void PolicyCertServiceFactory::ClearUsedPolicyCertificates(
     60     const std::string& user_id) {
     61   ListPrefUpdate update(g_browser_process->local_state(),
     62                         prefs::kUsedPolicyCertificates);
     63   update->Remove(base::StringValue(user_id), NULL);
     64 }
     65 
     66 // static
     67 bool PolicyCertServiceFactory::UsedPolicyCertificates(
     68     const std::string& user_id) {
     69   base::StringValue value(user_id);
     70   const base::ListValue* list =
     71       g_browser_process->local_state()->GetList(prefs::kUsedPolicyCertificates);
     72   if (!list) {
     73     NOTREACHED();
     74     return false;
     75   }
     76   return list->Find(value) != list->end();
     77 }
     78 
     79 // static
     80 void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple* local_state) {
     81   local_state->RegisterListPref(prefs::kUsedPolicyCertificates);
     82 }
     83 
     84 PolicyCertServiceFactory::PolicyCertServiceFactory()
     85     : BrowserContextKeyedServiceFactory(
     86           "PolicyCertService",
     87           BrowserContextDependencyManager::GetInstance()) {
     88   DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance());
     89 }
     90 
     91 PolicyCertServiceFactory::~PolicyCertServiceFactory() {}
     92 
     93 KeyedService* PolicyCertServiceFactory::BuildServiceInstanceFor(
     94     content::BrowserContext* context) const {
     95   Profile* profile = static_cast<Profile*>(context);
     96 
     97   user_manager::UserManager* user_manager = user_manager::UserManager::Get();
     98   user_manager::User* user = chromeos::ProfileHelper::Get()->GetUserByProfile(
     99       profile->GetOriginalProfile());
    100   if (!user)
    101     return NULL;
    102 
    103   // Backwards compatibility: profiles that used policy-pushed certificates used
    104   // to have this condition marked in their prefs. This signal has moved to
    105   // local_state though, to support checking it before the profile is loaded.
    106   // Check the profile here and update the local_state, if appropriate.
    107   // TODO(joaodasilva): remove this, eventually.
    108   PrefService* prefs = profile->GetOriginalProfile()->GetPrefs();
    109   if (prefs->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) {
    110     SetUsedPolicyCertificates(user->email());
    111     prefs->ClearPref(prefs::kUsedPolicyCertificatesOnce);
    112 
    113     if (user_manager->GetLoggedInUsers().size() > 1u) {
    114       // This login should not have been allowed. After rebooting, local_state
    115       // will contain the updated list of users that used policy-pushed
    116       // certificates and this won't happen again.
    117       // Note that a user becomes logged in before his profile is created.
    118       LOG(ERROR) << "Shutdown session because a tainted profile was added.";
    119       g_browser_process->local_state()->CommitPendingWrite();
    120       prefs->CommitPendingWrite();
    121       chrome::AttemptUserExit();
    122     }
    123   }
    124 
    125   UserNetworkConfigurationUpdater* net_conf_updater =
    126       UserNetworkConfigurationUpdaterFactory::GetForProfile(profile);
    127   if (!net_conf_updater)
    128     return NULL;
    129 
    130   return new PolicyCertService(user->email(), net_conf_updater, user_manager);
    131 }
    132 
    133 content::BrowserContext* PolicyCertServiceFactory::GetBrowserContextToUse(
    134     content::BrowserContext* context) const {
    135   return chrome::GetBrowserContextOwnInstanceInIncognito(context);
    136 }
    137 
    138 void PolicyCertServiceFactory::RegisterProfilePrefs(
    139     user_prefs::PrefRegistrySyncable* registry) {
    140   // TODO(joaodasilva): this is used for backwards compatibility.
    141   // Remove once it's not necessary anymore.
    142   registry->RegisterBooleanPref(
    143       prefs::kUsedPolicyCertificatesOnce,
    144       false,
    145       user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
    146 }
    147 
    148 bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const {
    149   return true;
    150 }
    151 
    152 }  // namespace policy
    153