1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_ 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_ 7 8 #include "base/basictypes.h" 9 #include "base/callback.h" 10 #include "base/memory/ref_counted.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" 13 #include "chrome/browser/chromeos/settings/device_settings_service.h" 14 #include "components/ownership/owner_settings_service.h" 15 #include "net/cert/x509_util_nss.h" 16 17 namespace enterprise_management { 18 class ChromeDeviceSettingsProto; 19 class PolicyData; 20 class PolicyFetchResponse; 21 } 22 23 namespace ownership { 24 class OwnerKeyUtil; 25 class PublicKey; 26 } 27 28 namespace chromeos { 29 30 class SessionManagerClient; 31 32 // Handles a single transaction with session manager. This is a virtual base 33 // class that contains common infrastructure for key and policy loading. There 34 // are subclasses for loading, storing and signing policy blobs. 35 class SessionManagerOperation { 36 public: 37 typedef base::Callback<void(SessionManagerOperation*, 38 DeviceSettingsService::Status)> Callback; 39 40 // Creates a new load operation. 41 explicit SessionManagerOperation(const Callback& callback); 42 virtual ~SessionManagerOperation(); 43 44 // Starts the operation. 45 void Start(SessionManagerClient* session_manager_client, 46 scoped_refptr<ownership::OwnerKeyUtil> owner_key_util, 47 scoped_refptr<ownership::PublicKey> public_key); 48 49 // Restarts a load operation (if that part is already in progress). 50 void RestartLoad(bool key_changed); 51 52 // Accessors for recovering the loaded policy data after completion. policy_data()53 scoped_ptr<enterprise_management::PolicyData>& policy_data() { 54 return policy_data_; 55 } 56 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto>& device_settings()57 device_settings() { 58 return device_settings_; 59 } 60 61 // Public part of the owner key as configured/loaded from disk. public_key()62 scoped_refptr<ownership::PublicKey> public_key() { return public_key_; } 63 64 // Whether the load operation is underway. is_loading()65 bool is_loading() const { return is_loading_; } 66 set_force_key_load(bool force_key_load)67 void set_force_key_load(bool force_key_load) { 68 force_key_load_ = force_key_load; 69 } 70 set_username(const std::string & username)71 void set_username(const std::string& username) { username_ = username; } 72 set_owner_settings_service(const base::WeakPtr<ownership::OwnerSettingsService> & owner_settings_service)73 void set_owner_settings_service(const base::WeakPtr< 74 ownership::OwnerSettingsService>& owner_settings_service) { 75 owner_settings_service_ = owner_settings_service; 76 } 77 78 protected: 79 // Runs the operation. The result is reported through |callback_|. 80 virtual void Run() = 0; 81 82 // Ensures the public key is loaded. 83 void EnsurePublicKey(const base::Closure& callback); 84 85 // Starts a load operation. 86 void StartLoading(); 87 88 // Reports the result status of the operation. Once this gets called, the 89 // operation should not perform further processing or trigger callbacks. 90 void ReportResult(DeviceSettingsService::Status status); 91 session_manager_client()92 SessionManagerClient* session_manager_client() { 93 return session_manager_client_; 94 } 95 96 base::WeakPtr<ownership::OwnerSettingsService> owner_settings_service_; 97 98 private: 99 // Loads the owner key from disk. Must be run on a thread that can do I/O. 100 static scoped_refptr<ownership::PublicKey> LoadPublicKey( 101 scoped_refptr<ownership::OwnerKeyUtil> util, 102 scoped_refptr<ownership::PublicKey> current_key); 103 104 // Stores the owner key loaded by LoadOwnerKey and calls |callback|. 105 void StorePublicKey(const base::Closure& callback, 106 scoped_refptr<ownership::PublicKey> new_key); 107 108 // Triggers a device settings load. 109 void RetrieveDeviceSettings(); 110 111 // Validates device settings after retrieval from session_manager. 112 void ValidateDeviceSettings(const std::string& policy_blob); 113 114 // Extracts status and device settings from the validator and reports them. 115 void ReportValidatorStatus(policy::DeviceCloudPolicyValidator* validator); 116 117 SessionManagerClient* session_manager_client_; 118 scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_; 119 120 Callback callback_; 121 122 scoped_refptr<ownership::PublicKey> public_key_; 123 bool force_key_load_; 124 std::string username_; 125 126 bool is_loading_; 127 scoped_ptr<enterprise_management::PolicyData> policy_data_; 128 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_; 129 130 base::WeakPtrFactory<SessionManagerOperation> weak_factory_; 131 132 DISALLOW_COPY_AND_ASSIGN(SessionManagerOperation); 133 }; 134 135 // This operation loads the public owner key from disk if appropriate, fetches 136 // the policy blob from session manager, and validates the loaded policy blob. 137 class LoadSettingsOperation : public SessionManagerOperation { 138 public: 139 // Creates a new load operation. 140 explicit LoadSettingsOperation(const Callback& callback); 141 virtual ~LoadSettingsOperation(); 142 143 protected: 144 // SessionManagerOperation: 145 virtual void Run() OVERRIDE; 146 147 private: 148 DISALLOW_COPY_AND_ASSIGN(LoadSettingsOperation); 149 }; 150 151 // Stores a pre-generated policy blob and reloads the device settings from 152 // session_manager. 153 class StoreSettingsOperation : public SessionManagerOperation { 154 public: 155 // Creates a new store operation. 156 StoreSettingsOperation( 157 const Callback& callback, 158 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 159 virtual ~StoreSettingsOperation(); 160 161 protected: 162 // SessionManagerOperation: 163 virtual void Run() OVERRIDE; 164 165 private: 166 // Handles the result of the store operation and triggers the load. 167 void HandleStoreResult(bool success); 168 169 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; 170 171 base::WeakPtrFactory<StoreSettingsOperation> weak_factory_; 172 173 DISALLOW_COPY_AND_ASSIGN(StoreSettingsOperation); 174 }; 175 176 // Signs device settings and stores the resulting blob to session_manager. 177 class SignAndStoreSettingsOperation : public SessionManagerOperation { 178 public: 179 // Creates a new sign-and-store operation. 180 SignAndStoreSettingsOperation( 181 const Callback& callback, 182 scoped_ptr<enterprise_management::PolicyData> new_policy); 183 virtual ~SignAndStoreSettingsOperation(); 184 185 // SessionManagerOperation: 186 virtual void Run() OVERRIDE; 187 188 private: 189 void StartSigning(bool has_private_key); 190 191 // Stores the signed device settings blob. 192 void StoreDeviceSettingsBlob(std::string device_settings_blob); 193 194 // Handles the result of the store operation and triggers the load. 195 void HandleStoreResult(bool success); 196 197 scoped_ptr<enterprise_management::PolicyData> new_policy_; 198 199 base::WeakPtrFactory<SignAndStoreSettingsOperation> weak_factory_; 200 201 DISALLOW_COPY_AND_ASSIGN(SignAndStoreSettingsOperation); 202 }; 203 204 } // namespace chromeos 205 206 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_ 207