Home | History | Annotate | Download | only in policy 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_
      6 #define CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_
      7 
      8 #include <string>
      9 
     10 #include "base/callback_forward.h"
     11 #include "base/compiler_specific.h"
     12 #include "base/macros.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "base/memory/weak_ptr.h"
     15 #include "base/observer_list.h"
     16 #include "base/strings/string16.h"
     17 #include "chrome/browser/chromeos/settings/device_settings_service.h"
     18 #include "chromeos/dbus/dbus_method_call_status.h"
     19 #include "content/public/browser/notification_observer.h"
     20 #include "content/public/browser/notification_registrar.h"
     21 #include "google_apis/gaia/oauth2_token_service.h"
     22 
     23 class PrefRegistrySimple;
     24 class Profile;
     25 
     26 namespace chromeos {
     27 class CryptohomeClient;
     28 }
     29 
     30 namespace cryptohome {
     31 class BaseReply;
     32 }
     33 
     34 namespace policy {
     35 
     36 class EnrollmentStatus;
     37 
     38 // The consumer management service handles several things:
     39 //
     40 // 1. The consumer enrollment state: The consumer enrollment state is an enum
     41 //    value stored in local state to pass the information across reboots and
     42 //    between components, including settings page, sign-in screen, and user
     43 //    notification.
     44 //
     45 // 2. Boot lockbox owner ID: Unlike the owner ID in CrosSettings, the owner ID
     46 //    stored in the boot lockbox can only be modified after reboot and before
     47 //    the first session starts. It is guaranteed that if the device is consumer
     48 //    managed, the owner ID in the boot lockbox will be available, but not the
     49 //    other way.
     50 //
     51 // 3. Consumer management enrollment process: The service kicks off the last
     52 //    part of the consumer management enrollment process after the owner ID is
     53 //    stored in the boot lockbox and the owner signs in.
     54 class ConsumerManagementService
     55     : public chromeos::DeviceSettingsService::Observer,
     56       public content::NotificationObserver,
     57       public OAuth2TokenService::Consumer,
     58       public OAuth2TokenService::Observer {
     59  public:
     60   // The status indicates if the device is enrolled, or if enrollment or
     61   // unenrollment is in progress. If you want to add a value here, please also
     62   // update |kStatusString| in the .cc file, and |ConsumerManagementStatus| in
     63   // chrome/browser/resources/options/chromeos/consumer_management_overlay.js
     64   enum Status {
     65     // The status is currently unavailable.
     66     STATUS_UNKNOWN = 0,
     67 
     68     STATUS_ENROLLED,
     69     STATUS_ENROLLING,
     70     STATUS_UNENROLLED,
     71     STATUS_UNENROLLING,
     72 
     73     // This should always be the last one.
     74     STATUS_LAST,
     75   };
     76 
     77   // Indicating which stage the enrollment process is in.
     78   enum EnrollmentStage {
     79     // Not enrolled, or enrollment is completed.
     80     ENROLLMENT_STAGE_NONE = 0,
     81     // Enrollment is requested by the owner.
     82     ENROLLMENT_STAGE_REQUESTED,
     83     // The owner ID is stored in the boot lockbox.
     84     ENROLLMENT_STAGE_OWNER_STORED,
     85     // Success. The notification is not sent yet.
     86     ENROLLMENT_STAGE_SUCCESS,
     87 
     88     // Error stages.
     89     // Canceled by the user.
     90     ENROLLMENT_STAGE_CANCELED,
     91     // Failed to write to the boot lockbox.
     92     ENROLLMENT_STAGE_BOOT_LOCKBOX_FAILED,
     93     // Failed to get the access token.
     94     ENROLLMENT_STAGE_GET_TOKEN_FAILED,
     95     // Failed to register the device.
     96     ENROLLMENT_STAGE_DM_SERVER_FAILED,
     97 
     98     // This should always be the last one.
     99     ENROLLMENT_STAGE_LAST,
    100   };
    101 
    102   class Observer {
    103    public:
    104     // Called when the status changes.
    105     virtual void OnConsumerManagementStatusChanged() = 0;
    106   };
    107 
    108   // GetOwner() invokes this with an argument set to the owner user ID,
    109   // or an empty string on failure.
    110   typedef base::Callback<void(const std::string&)> GetOwnerCallback;
    111 
    112   // SetOwner() invokes this with an argument indicating success or failure.
    113   typedef base::Callback<void(bool)> SetOwnerCallback;
    114 
    115   // |client| and |device_settings_service| should outlive this object.
    116   ConsumerManagementService(
    117       chromeos::CryptohomeClient* client,
    118       chromeos::DeviceSettingsService* device_settings_service);
    119 
    120   virtual ~ConsumerManagementService();
    121 
    122   // Registers prefs.
    123   static void RegisterPrefs(PrefRegistrySimple* registry);
    124 
    125   void AddObserver(Observer* observer);
    126   void RemoveObserver(Observer* observer);
    127 
    128   // Returns the status.
    129   Status GetStatus() const;
    130 
    131   // Returns the string value of the status.
    132   std::string GetStatusString() const;
    133 
    134   // Returns the enrollment stage.
    135   EnrollmentStage GetEnrollmentStage() const;
    136 
    137   // Sets the enrollment stage.
    138   void SetEnrollmentStage(EnrollmentStage stage);
    139 
    140   // Returns the device owner stored in the boot lockbox via |callback|.
    141   void GetOwner(const GetOwnerCallback& callback);
    142 
    143   // Stores the device owner user ID into the boot lockbox and signs it.
    144   // |callback| is invoked with an agument indicating success or failure.
    145   void SetOwner(const std::string& user_id, const SetOwnerCallback& callback);
    146 
    147   // chromeos::DeviceSettingsService::Observer:
    148   virtual void OwnershipStatusChanged() OVERRIDE;
    149   virtual void DeviceSettingsUpdated() OVERRIDE;
    150 
    151   // content::NotificationObserver implmentation.
    152   virtual void Observe(int type,
    153                        const content::NotificationSource& source,
    154                        const content::NotificationDetails& details) OVERRIDE;
    155 
    156   // OAuth2TokenService::Observer:
    157   virtual void OnRefreshTokenAvailable(const std::string& account_id) OVERRIDE;
    158 
    159   // OAuth2TokenService::Consumer:
    160   virtual void OnGetTokenSuccess(
    161       const OAuth2TokenService::Request* request,
    162       const std::string& access_token,
    163       const base::Time& expiration_time) OVERRIDE;
    164   virtual void OnGetTokenFailure(
    165       const OAuth2TokenService::Request* request,
    166       const GoogleServiceAuthError& error) OVERRIDE;
    167 
    168   OAuth2TokenService::Request* GetTokenRequestForTesting() {
    169     return token_request_.get();
    170   }
    171 
    172  private:
    173   void OnGetBootAttributeDone(
    174       const GetOwnerCallback& callback,
    175       chromeos::DBusMethodCallStatus call_status,
    176       bool dbus_success,
    177       const cryptohome::BaseReply& reply);
    178 
    179   void OnSetBootAttributeDone(const SetOwnerCallback& callback,
    180                               chromeos::DBusMethodCallStatus call_status,
    181                               bool dbus_success,
    182                               const cryptohome::BaseReply& reply);
    183 
    184   void OnFlushAndSignBootAttributesDone(
    185       const SetOwnerCallback& callback,
    186       chromeos::DBusMethodCallStatus call_status,
    187       bool dbus_success,
    188       const cryptohome::BaseReply& reply);
    189 
    190   // Called when the owner signs in.
    191   void OnOwnerSignin(Profile* profile);
    192 
    193   // Continues the enrollment process after the owner ID is stored into the boot
    194   // lockbox and the owner signs in.
    195   void ContinueEnrollmentProcess(Profile* profile);
    196 
    197   // Called when the owner's refresh token is available.
    198   void OnOwnerRefreshTokenAvailable();
    199 
    200   // Called when the owner's access token for device management is available.
    201   void OnOwnerAccessTokenAvailable(const std::string& access_token);
    202 
    203   // Called upon the completion of the enrollment process.
    204   void OnEnrollmentCompleted(EnrollmentStatus status);
    205 
    206   // Ends the enrollment process and shows a desktop notification if the
    207   // current user is the owner.
    208   void EndEnrollment(EnrollmentStage stage);
    209 
    210   // Shows a desktop notification and resets the enrollment stage.
    211   void ShowDesktopNotificationAndResetStage(
    212       EnrollmentStage stage,
    213       Profile* profile);
    214 
    215   // Opens the settings page.
    216   void OpenSettingsPage(Profile* profile) const;
    217 
    218   // Opens the enrollment confirmation dialog in the settings page.
    219   void TryEnrollmentAgain(Profile* profile) const;
    220 
    221   void NotifyStatusChanged();
    222 
    223   chromeos::CryptohomeClient* client_;
    224   chromeos::DeviceSettingsService* device_settings_service_;
    225 
    226   Profile* enrolling_profile_;
    227   scoped_ptr<OAuth2TokenService::Request> token_request_;
    228   content::NotificationRegistrar registrar_;
    229   ObserverList<Observer, true> observers_;
    230   base::WeakPtrFactory<ConsumerManagementService> weak_ptr_factory_;
    231 
    232   DISALLOW_COPY_AND_ASSIGN(ConsumerManagementService);
    233 };
    234 
    235 }  // namespace policy
    236 
    237 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_
    238