OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
15 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" | 15 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" |
16 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 16 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
17 #include "chrome/browser/policy/cloud/cloud_policy_client.h" | 17 #include "chrome/browser/policy/cloud/cloud_policy_client.h" |
18 #include "chrome/browser/policy/cloud/cloud_policy_store.h" | 18 #include "chrome/browser/policy/cloud/cloud_policy_store.h" |
| 19 #include "google_apis/gaia/gaia_oauth_client.h" |
19 | 20 |
20 namespace enterprise_management { | 21 namespace enterprise_management { |
21 class PolicyFetchResponse; | 22 class PolicyFetchResponse; |
22 } | 23 } |
23 | 24 |
24 namespace policy { | 25 namespace policy { |
25 | 26 |
26 // Implements the logic that establishes enterprise enrollment for Chromium OS | 27 // Implements the logic that establishes enterprise enrollment for Chromium OS |
27 // devices. The process is as follows: | 28 // devices. The process is as follows: |
28 // 1. Given an auth token, register with the policy service. | 29 // 1. Given an auth token, register with the policy service. |
29 // 2. Download the initial policy blob from the service. | 30 // 2. Download the initial policy blob from the service. |
30 // 3. Verify the policy blob. Everything up to this point doesn't touch device | 31 // 3. Verify the policy blob. Everything up to this point doesn't touch device |
31 // state. | 32 // state. |
32 // 4. Establish the device lock in installation-time attributes. | 33 // 4. Download the OAuth2 authorization code for device-level API access. |
33 // 5. Store the policy blob. | 34 // 5. Download the OAuth2 refresh token for device-level API access and store |
| 35 // it. |
| 36 // 6. Establish the device lock in installation-time attributes. |
| 37 // 7. Store the policy blob and API refresh token. |
34 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, | 38 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
35 public CloudPolicyStore::Observer { | 39 public CloudPolicyStore::Observer, |
| 40 public gaia::GaiaOAuthClient::Delegate { |
36 public: | 41 public: |
37 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes | 42 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes |
38 AllowedDeviceModes; | 43 AllowedDeviceModes; |
39 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback | 44 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback |
40 EnrollmentCallback; | 45 EnrollmentCallback; |
41 | 46 |
42 // |store| and |install_attributes| must remain valid for the life time of the | 47 // |store| and |install_attributes| must remain valid for the life time of the |
43 // enrollment handler. |allowed_device_modes| determines what device modes | 48 // enrollment handler. |allowed_device_modes| determines what device modes |
44 // are acceptable. If the mode specified by the server is not acceptable, | 49 // are acceptable. If the mode specified by the server is not acceptable, |
45 // enrollment will fail with an EnrollmentStatus indicating | 50 // enrollment will fail with an EnrollmentStatus indicating |
(...skipping 11 matching lines...) Expand all Loading... |
57 // Starts the enrollment process and reports the result to | 62 // Starts the enrollment process and reports the result to |
58 // |completion_callback_|. | 63 // |completion_callback_|. |
59 void StartEnrollment(); | 64 void StartEnrollment(); |
60 | 65 |
61 // Releases the client. | 66 // Releases the client. |
62 scoped_ptr<CloudPolicyClient> ReleaseClient(); | 67 scoped_ptr<CloudPolicyClient> ReleaseClient(); |
63 | 68 |
64 // CloudPolicyClient::Observer: | 69 // CloudPolicyClient::Observer: |
65 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; | 70 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; |
66 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; | 71 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; |
| 72 virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE; |
67 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; | 73 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; |
68 | 74 |
69 // CloudPolicyStore::Observer: | 75 // CloudPolicyStore::Observer: |
70 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; | 76 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; |
71 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; | 77 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; |
72 | 78 |
| 79 // GaiaOAuthClient::Delegate: |
| 80 virtual void OnGetTokensResponse(const std::string& refresh_token, |
| 81 const std::string& access_token, |
| 82 int expires_in_seconds) OVERRIDE; |
| 83 virtual void OnRefreshTokenResponse(const std::string& access_token, |
| 84 int expires_in_seconds) OVERRIDE; |
| 85 virtual void OnOAuthError() OVERRIDE; |
| 86 virtual void OnNetworkError(int response_code) OVERRIDE; |
| 87 |
73 private: | 88 private: |
74 // Indicates what step of the process is currently pending. These steps need | 89 // Indicates what step of the process is currently pending. These steps need |
75 // to be listed in the order they are traversed in. | 90 // to be listed in the order they are traversed in. |
76 enum EnrollmentStep { | 91 enum EnrollmentStep { |
77 STEP_PENDING, // Not started yet. | 92 STEP_PENDING, // Not started yet. |
78 STEP_LOADING_STORE, // Waiting for |store_| to initialize. | 93 STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
79 STEP_REGISTRATION, // Currently registering the client. | 94 STEP_REGISTRATION, // Currently registering the client. |
80 STEP_POLICY_FETCH, // Fetching policy. | 95 STEP_POLICY_FETCH, // Fetching policy. |
81 STEP_VALIDATION, // Policy validation. | 96 STEP_VALIDATION, // Policy validation. |
82 STEP_LOCK_DEVICE, // Writing installation-time attributes. | 97 STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. |
83 STEP_STORE_POLICY, // Storing policy. | 98 STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. |
84 STEP_FINISHED, // Enrollment process finished, no further action. | 99 STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| 100 STEP_STORE_POLICY, // Storing policy and API refresh token. |
| 101 STEP_FINISHED, // Enrollment process finished, no further action. |
85 }; | 102 }; |
86 | 103 |
87 // Starts registration if the store is initialized. | 104 // Starts registration if the store is initialized. |
88 void AttemptRegistration(); | 105 void AttemptRegistration(); |
89 | 106 |
90 // Handles the policy validation result, proceeding with installation-time | 107 // Handles the policy validation result, proceeding with installation-time |
91 // attributes locking if successful. | 108 // attributes locking if successful. |
92 void PolicyValidated(DeviceCloudPolicyValidator* validator); | 109 void PolicyValidated(DeviceCloudPolicyValidator* validator); |
93 | 110 |
| 111 // Method called to initiate the STEP_LOCK_DEVICE step. Usually called after |
| 112 // the STEP_ROBOT_AUTH_REFRESH, but may be called directly after a failed |
| 113 // STEP_ROBOT_AUTH_FETCH, since robot tokens are currently optional. |
| 114 void DoLockDeviceStep(); |
| 115 |
94 // Calls LockDevice() and proceeds to policy installation. If unsuccessful, | 116 // Calls LockDevice() and proceeds to policy installation. If unsuccessful, |
95 // reports the result. Actual installation or error report will be done in | 117 // reports the result. Actual installation or error report will be done in |
96 // HandleLockDeviceResult(). | 118 // HandleLockDeviceResult(). |
97 void WriteInstallAttributes(const std::string& user, | 119 void StartLockDevice(const std::string& user, |
98 DeviceMode device_mode, | 120 DeviceMode device_mode, |
99 const std::string& device_id); | 121 const std::string& device_id); |
100 | 122 |
101 // Helper for WriteInstallAttributes(). It performs the actual action based on | 123 // Helper for StartLockDevice(). It performs the actual action based on |
102 // the result of LockDevice. | 124 // the result of LockDevice. |
103 void HandleLockDeviceResult( | 125 void HandleLockDeviceResult( |
104 const std::string& user, | 126 const std::string& user, |
105 DeviceMode device_mode, | 127 DeviceMode device_mode, |
106 const std::string& device_id, | 128 const std::string& device_id, |
107 EnterpriseInstallAttributes::LockResult lock_result); | 129 EnterpriseInstallAttributes::LockResult lock_result); |
108 | 130 |
109 // Drops any ongoing actions. | 131 // Drops any ongoing actions. |
110 void Stop(); | 132 void Stop(); |
111 | 133 |
112 // Reports the result of the enrollment process to the initiator. | 134 // Reports the result of the enrollment process to the initiator. |
113 void ReportResult(EnrollmentStatus status); | 135 void ReportResult(EnrollmentStatus status); |
114 | 136 |
115 DeviceCloudPolicyStoreChromeOS* store_; | 137 DeviceCloudPolicyStoreChromeOS* store_; |
116 EnterpriseInstallAttributes* install_attributes_; | 138 EnterpriseInstallAttributes* install_attributes_; |
117 scoped_ptr<CloudPolicyClient> client_; | 139 scoped_ptr<CloudPolicyClient> client_; |
| 140 scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; |
118 | 141 |
119 std::string auth_token_; | 142 std::string auth_token_; |
120 std::string client_id_; | 143 std::string client_id_; |
| 144 std::string robot_refresh_token_; |
121 bool is_auto_enrollment_; | 145 bool is_auto_enrollment_; |
122 AllowedDeviceModes allowed_device_modes_; | 146 AllowedDeviceModes allowed_device_modes_; |
123 EnrollmentCallback completion_callback_; | 147 EnrollmentCallback completion_callback_; |
124 | 148 |
125 // The device mode as received in the registration request. | 149 // The device mode as received in the registration request. |
126 DeviceMode device_mode_; | 150 DeviceMode device_mode_; |
127 | 151 |
128 // The validated policy response to be installed in the store. | 152 // The validated policy response info to be installed in the store. |
129 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; | 153 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; |
| 154 std::string username_; |
| 155 std::string device_id_; |
130 | 156 |
131 // Current enrollment step. | 157 // Current enrollment step. |
132 EnrollmentStep enrollment_step_; | 158 EnrollmentStep enrollment_step_; |
133 | 159 |
134 // Total amount of time in milliseconds spent waiting for lockbox | 160 // Total amount of time in milliseconds spent waiting for lockbox |
135 // initialization. | 161 // initialization. |
136 int lockbox_init_duration_; | 162 int lockbox_init_duration_; |
137 | 163 |
138 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_factory_; | 164 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_factory_; |
139 | 165 |
140 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); | 166 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); |
141 }; | 167 }; |
142 | 168 |
143 } // namespace policy | 169 } // namespace policy |
144 | 170 |
145 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 171 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
OLD | NEW |