1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_ 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_ 7 8 #include "base/basictypes.h" 9 #include "base/callback.h" 10 #include "base/memory/ref_counted.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" 13 #include "chrome/browser/chromeos/settings/device_settings_service.h" 14 #include "net/cert/x509_util_nss.h" 15 16 namespace enterprise_management { 17 class ChromeDeviceSettingsProto; 18 class PolicyData; 19 class PolicyFetchResponse; 20 } 21 22 namespace chromeos { 23 24 class OwnerKeyUtil; 25 class SessionManagerClient; 26 27 // Handles a single transaction with session manager. This is a virtual base 28 // class that contains common infrastructure for key and policy loading. There 29 // are subclasses for loading, storing and signing policy blobs. 30 class SessionManagerOperation { 31 public: 32 typedef base::Callback<void(SessionManagerOperation*, 33 DeviceSettingsService::Status)> Callback; 34 35 // Creates a new load operation. 36 explicit SessionManagerOperation(const Callback& callback); 37 virtual ~SessionManagerOperation(); 38 39 // Starts the operation. 40 void Start(SessionManagerClient* session_manager_client, 41 scoped_refptr<OwnerKeyUtil> owner_key_util, 42 scoped_refptr<PublicKey> public_key); 43 44 // Restarts a load operation (if that part is already in progress). 45 void RestartLoad(bool key_changed); 46 47 // Accessors for recovering the loaded policy data after completion. policy_data()48 scoped_ptr<enterprise_management::PolicyData>& policy_data() { 49 return policy_data_; 50 } 51 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto>& device_settings()52 device_settings() { 53 return device_settings_; 54 } 55 56 // Public part of the owner key as configured/loaded from disk. public_key()57 scoped_refptr<PublicKey> public_key() { return public_key_; } 58 59 // Whether the load operation is underway. is_loading()60 bool is_loading() const { return is_loading_; } 61 set_force_key_load(bool force_key_load)62 void set_force_key_load(bool force_key_load) { 63 force_key_load_ = force_key_load; 64 } 65 set_username(const std::string & username)66 void set_username(const std::string& username) { username_ = username; } 67 set_delegate(const base::WeakPtr<DeviceSettingsService::PrivateKeyDelegate> & delegate)68 void set_delegate(const base::WeakPtr< 69 DeviceSettingsService::PrivateKeyDelegate>& delegate) { 70 delegate_ = delegate; 71 } 72 73 protected: 74 // Runs the operation. The result is reported through |callback_|. 75 virtual void Run() = 0; 76 77 // Ensures the public key is loaded. 78 void EnsurePublicKey(const base::Closure& callback); 79 80 // Starts a load operation. 81 void StartLoading(); 82 83 // Reports the result status of the operation. Once this gets called, the 84 // operation should not perform further processing or trigger callbacks. 85 void ReportResult(DeviceSettingsService::Status status); 86 session_manager_client()87 SessionManagerClient* session_manager_client() { 88 return session_manager_client_; 89 } 90 91 base::WeakPtr<DeviceSettingsService::PrivateKeyDelegate> delegate_; 92 93 private: 94 // Loads the owner key from disk. Must be run on a thread that can do I/O. 95 static scoped_refptr<PublicKey> LoadPublicKey( 96 scoped_refptr<OwnerKeyUtil> util, 97 scoped_refptr<PublicKey> current_key); 98 99 // Stores the owner key loaded by LoadOwnerKey and calls |callback|. 100 void StorePublicKey(const base::Closure& callback, 101 scoped_refptr<PublicKey> new_key); 102 103 // Triggers a device settings load. 104 void RetrieveDeviceSettings(); 105 106 // Validates device settings after retrieval from session_manager. 107 void ValidateDeviceSettings(const std::string& policy_blob); 108 109 // Extracts status and device settings from the validator and reports them. 110 void ReportValidatorStatus(policy::DeviceCloudPolicyValidator* validator); 111 112 SessionManagerClient* session_manager_client_; 113 scoped_refptr<OwnerKeyUtil> owner_key_util_; 114 115 base::WeakPtrFactory<SessionManagerOperation> weak_factory_; 116 117 Callback callback_; 118 119 scoped_refptr<PublicKey> public_key_; 120 bool force_key_load_; 121 std::string username_; 122 123 bool is_loading_; 124 scoped_ptr<enterprise_management::PolicyData> policy_data_; 125 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_; 126 127 DISALLOW_COPY_AND_ASSIGN(SessionManagerOperation); 128 }; 129 130 // This operation loads the public owner key from disk if appropriate, fetches 131 // the policy blob from session manager, and validates the loaded policy blob. 132 class LoadSettingsOperation : public SessionManagerOperation { 133 public: 134 // Creates a new load operation. 135 explicit LoadSettingsOperation(const Callback& callback); 136 virtual ~LoadSettingsOperation(); 137 138 protected: 139 // SessionManagerOperation: 140 virtual void Run() OVERRIDE; 141 142 private: 143 DISALLOW_COPY_AND_ASSIGN(LoadSettingsOperation); 144 }; 145 146 // Stores a pre-generated policy blob and reloads the device settings from 147 // session_manager. 148 class StoreSettingsOperation : public SessionManagerOperation { 149 public: 150 // Creates a new store operation. 151 StoreSettingsOperation( 152 const Callback& callback, 153 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 154 virtual ~StoreSettingsOperation(); 155 156 protected: 157 // SessionManagerOperation: 158 virtual void Run() OVERRIDE; 159 160 private: 161 // Handles the result of the store operation and triggers the load. 162 void HandleStoreResult(bool success); 163 164 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; 165 166 base::WeakPtrFactory<StoreSettingsOperation> weak_factory_; 167 168 DISALLOW_COPY_AND_ASSIGN(StoreSettingsOperation); 169 }; 170 171 // Signs device settings and stores the resulting blob to session_manager. 172 class SignAndStoreSettingsOperation : public SessionManagerOperation { 173 public: 174 // Creates a new sign-and-store operation. 175 SignAndStoreSettingsOperation( 176 const Callback& callback, 177 scoped_ptr<enterprise_management::PolicyData> new_policy); 178 virtual ~SignAndStoreSettingsOperation(); 179 180 // SessionManagerOperation: 181 virtual void Run() OVERRIDE; 182 183 private: 184 void StartSigning(bool has_private_key); 185 186 // Stores the signed device settings blob. 187 void StoreDeviceSettingsBlob(std::string device_settings_blob); 188 189 // Handles the result of the store operation and triggers the load. 190 void HandleStoreResult(bool success); 191 192 scoped_ptr<enterprise_management::PolicyData> new_policy_; 193 194 base::WeakPtrFactory<SignAndStoreSettingsOperation> weak_factory_; 195 196 DISALLOW_COPY_AND_ASSIGN(SignAndStoreSettingsOperation); 197 }; 198 199 } // namespace chromeos 200 201 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_ 202