1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_ 7 8 #include <string> 9 10 #include "base/callback_forward.h" 11 #include "base/compiler_specific.h" 12 #include "base/macros.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/weak_ptr.h" 15 #include "base/observer_list.h" 16 #include "base/strings/string16.h" 17 #include "chrome/browser/chromeos/settings/device_settings_service.h" 18 #include "chromeos/dbus/dbus_method_call_status.h" 19 #include "content/public/browser/notification_observer.h" 20 #include "content/public/browser/notification_registrar.h" 21 #include "google_apis/gaia/oauth2_token_service.h" 22 23 class PrefRegistrySimple; 24 class Profile; 25 26 namespace chromeos { 27 class CryptohomeClient; 28 } 29 30 namespace cryptohome { 31 class BaseReply; 32 } 33 34 namespace policy { 35 36 class EnrollmentStatus; 37 38 // The consumer management service handles several things: 39 // 40 // 1. The consumer enrollment state: The consumer enrollment state is an enum 41 // value stored in local state to pass the information across reboots and 42 // between components, including settings page, sign-in screen, and user 43 // notification. 44 // 45 // 2. Boot lockbox owner ID: Unlike the owner ID in CrosSettings, the owner ID 46 // stored in the boot lockbox can only be modified after reboot and before 47 // the first session starts. It is guaranteed that if the device is consumer 48 // managed, the owner ID in the boot lockbox will be available, but not the 49 // other way. 50 // 51 // 3. Consumer management enrollment process: The service kicks off the last 52 // part of the consumer management enrollment process after the owner ID is 53 // stored in the boot lockbox and the owner signs in. 54 class ConsumerManagementService 55 : public chromeos::DeviceSettingsService::Observer, 56 public content::NotificationObserver, 57 public OAuth2TokenService::Consumer, 58 public OAuth2TokenService::Observer { 59 public: 60 // The status indicates if the device is enrolled, or if enrollment or 61 // unenrollment is in progress. If you want to add a value here, please also 62 // update |kStatusString| in the .cc file, and |ConsumerManagementStatus| in 63 // chrome/browser/resources/options/chromeos/consumer_management_overlay.js 64 enum Status { 65 // The status is currently unavailable. 66 STATUS_UNKNOWN = 0, 67 68 STATUS_ENROLLED, 69 STATUS_ENROLLING, 70 STATUS_UNENROLLED, 71 STATUS_UNENROLLING, 72 73 // This should always be the last one. 74 STATUS_LAST, 75 }; 76 77 // Indicating which stage the enrollment process is in. 78 enum EnrollmentStage { 79 // Not enrolled, or enrollment is completed. 80 ENROLLMENT_STAGE_NONE = 0, 81 // Enrollment is requested by the owner. 82 ENROLLMENT_STAGE_REQUESTED, 83 // The owner ID is stored in the boot lockbox. 84 ENROLLMENT_STAGE_OWNER_STORED, 85 // Success. The notification is not sent yet. 86 ENROLLMENT_STAGE_SUCCESS, 87 88 // Error stages. 89 // Canceled by the user. 90 ENROLLMENT_STAGE_CANCELED, 91 // Failed to write to the boot lockbox. 92 ENROLLMENT_STAGE_BOOT_LOCKBOX_FAILED, 93 // Failed to get the access token. 94 ENROLLMENT_STAGE_GET_TOKEN_FAILED, 95 // Failed to register the device. 96 ENROLLMENT_STAGE_DM_SERVER_FAILED, 97 98 // This should always be the last one. 99 ENROLLMENT_STAGE_LAST, 100 }; 101 102 class Observer { 103 public: 104 // Called when the status changes. 105 virtual void OnConsumerManagementStatusChanged() = 0; 106 }; 107 108 // GetOwner() invokes this with an argument set to the owner user ID, 109 // or an empty string on failure. 110 typedef base::Callback<void(const std::string&)> GetOwnerCallback; 111 112 // SetOwner() invokes this with an argument indicating success or failure. 113 typedef base::Callback<void(bool)> SetOwnerCallback; 114 115 // |client| and |device_settings_service| should outlive this object. 116 ConsumerManagementService( 117 chromeos::CryptohomeClient* client, 118 chromeos::DeviceSettingsService* device_settings_service); 119 120 virtual ~ConsumerManagementService(); 121 122 // Registers prefs. 123 static void RegisterPrefs(PrefRegistrySimple* registry); 124 125 void AddObserver(Observer* observer); 126 void RemoveObserver(Observer* observer); 127 128 // Returns the status. 129 Status GetStatus() const; 130 131 // Returns the string value of the status. 132 std::string GetStatusString() const; 133 134 // Returns the enrollment stage. 135 EnrollmentStage GetEnrollmentStage() const; 136 137 // Sets the enrollment stage. 138 void SetEnrollmentStage(EnrollmentStage stage); 139 140 // Returns the device owner stored in the boot lockbox via |callback|. 141 void GetOwner(const GetOwnerCallback& callback); 142 143 // Stores the device owner user ID into the boot lockbox and signs it. 144 // |callback| is invoked with an agument indicating success or failure. 145 void SetOwner(const std::string& user_id, const SetOwnerCallback& callback); 146 147 // chromeos::DeviceSettingsService::Observer: 148 virtual void OwnershipStatusChanged() OVERRIDE; 149 virtual void DeviceSettingsUpdated() OVERRIDE; 150 151 // content::NotificationObserver implmentation. 152 virtual void Observe(int type, 153 const content::NotificationSource& source, 154 const content::NotificationDetails& details) OVERRIDE; 155 156 // OAuth2TokenService::Observer: 157 virtual void OnRefreshTokenAvailable(const std::string& account_id) OVERRIDE; 158 159 // OAuth2TokenService::Consumer: 160 virtual void OnGetTokenSuccess( 161 const OAuth2TokenService::Request* request, 162 const std::string& access_token, 163 const base::Time& expiration_time) OVERRIDE; 164 virtual void OnGetTokenFailure( 165 const OAuth2TokenService::Request* request, 166 const GoogleServiceAuthError& error) OVERRIDE; 167 GetTokenRequestForTesting()168 OAuth2TokenService::Request* GetTokenRequestForTesting() { 169 return token_request_.get(); 170 } 171 172 private: 173 void OnGetBootAttributeDone( 174 const GetOwnerCallback& callback, 175 chromeos::DBusMethodCallStatus call_status, 176 bool dbus_success, 177 const cryptohome::BaseReply& reply); 178 179 void OnSetBootAttributeDone(const SetOwnerCallback& callback, 180 chromeos::DBusMethodCallStatus call_status, 181 bool dbus_success, 182 const cryptohome::BaseReply& reply); 183 184 void OnFlushAndSignBootAttributesDone( 185 const SetOwnerCallback& callback, 186 chromeos::DBusMethodCallStatus call_status, 187 bool dbus_success, 188 const cryptohome::BaseReply& reply); 189 190 // Called when the owner signs in. 191 void OnOwnerSignin(Profile* profile); 192 193 // Continues the enrollment process after the owner ID is stored into the boot 194 // lockbox and the owner signs in. 195 void ContinueEnrollmentProcess(Profile* profile); 196 197 // Called when the owner's refresh token is available. 198 void OnOwnerRefreshTokenAvailable(); 199 200 // Called when the owner's access token for device management is available. 201 void OnOwnerAccessTokenAvailable(const std::string& access_token); 202 203 // Called upon the completion of the enrollment process. 204 void OnEnrollmentCompleted(EnrollmentStatus status); 205 206 // Ends the enrollment process and shows a desktop notification if the 207 // current user is the owner. 208 void EndEnrollment(EnrollmentStage stage); 209 210 // Shows a desktop notification and resets the enrollment stage. 211 void ShowDesktopNotificationAndResetStage( 212 EnrollmentStage stage, 213 Profile* profile); 214 215 // Opens the settings page. 216 void OpenSettingsPage(Profile* profile) const; 217 218 // Opens the enrollment confirmation dialog in the settings page. 219 void TryEnrollmentAgain(Profile* profile) const; 220 221 void NotifyStatusChanged(); 222 223 chromeos::CryptohomeClient* client_; 224 chromeos::DeviceSettingsService* device_settings_service_; 225 226 Profile* enrolling_profile_; 227 scoped_ptr<OAuth2TokenService::Request> token_request_; 228 content::NotificationRegistrar registrar_; 229 ObserverList<Observer, true> observers_; 230 base::WeakPtrFactory<ConsumerManagementService> weak_ptr_factory_; 231 232 DISALLOW_COPY_AND_ASSIGN(ConsumerManagementService); 233 }; 234 235 } // namespace policy 236 237 #endif // CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_ 238