Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
index e44443d728057bc1ad2109a0260656fdfb8eca9d..46ebb45e59b6654af64b967f55f6ff4566cc0cf9 100644 |
--- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
+++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
@@ -16,6 +16,7 @@ |
#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
#include "chrome/browser/policy/cloud/cloud_policy_client.h" |
#include "chrome/browser/policy/cloud/cloud_policy_store.h" |
+#include "google_apis/gaia/gaia_oauth_client.h" |
namespace enterprise_management { |
class PolicyFetchResponse; |
@@ -29,10 +30,14 @@ namespace policy { |
// 2. Download the initial policy blob from the service. |
// 3. Verify the policy blob. Everything up to this point doesn't touch device |
// state. |
-// 4. Establish the device lock in installation-time attributes. |
-// 5. Store the policy blob. |
+// 4. Download the OAuth2 authorization code for device-level API access. |
+// 5. Download the OAuth2 refresh token for device-level API access and store |
+// it. |
+// 6. Establish the device lock in installation-time attributes. |
+// 7. Store the policy blob and API refresh token. |
class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
- public CloudPolicyStore::Observer { |
+ public CloudPolicyStore::Observer, |
+ public gaia::GaiaOAuthClient::Delegate { |
public: |
typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes |
AllowedDeviceModes; |
@@ -64,24 +69,36 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
// CloudPolicyClient::Observer: |
virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; |
virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; |
+ virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE; |
virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; |
// CloudPolicyStore::Observer: |
virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; |
virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; |
+ // GaiaOAuthClient::Delegate: |
+ virtual void OnGetTokensResponse(const std::string& refresh_token, |
+ const std::string& access_token, |
+ int expires_in_seconds) OVERRIDE; |
+ virtual void OnRefreshTokenResponse(const std::string& access_token, |
+ int expires_in_seconds) OVERRIDE; |
+ virtual void OnOAuthError() OVERRIDE; |
+ virtual void OnNetworkError(int response_code) OVERRIDE; |
+ |
private: |
// Indicates what step of the process is currently pending. These steps need |
// to be listed in the order they are traversed in. |
enum EnrollmentStep { |
- STEP_PENDING, // Not started yet. |
- STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
- STEP_REGISTRATION, // Currently registering the client. |
- STEP_POLICY_FETCH, // Fetching policy. |
- STEP_VALIDATION, // Policy validation. |
- STEP_LOCK_DEVICE, // Writing installation-time attributes. |
- STEP_STORE_POLICY, // Storing policy. |
- STEP_FINISHED, // Enrollment process finished, no further action. |
+ STEP_PENDING, // Not started yet. |
+ STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
+ STEP_REGISTRATION, // Currently registering the client. |
+ STEP_POLICY_FETCH, // Fetching policy. |
+ STEP_VALIDATION, // Policy validation. |
+ STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. |
+ STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. |
+ STEP_LOCK_DEVICE, // Writing installation-time attributes. |
+ STEP_STORE_POLICY, // Storing policy and API refresh token. |
+ STEP_FINISHED, // Enrollment process finished, no further action. |
}; |
// Starts registration if the store is initialized. |
@@ -91,14 +108,19 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
// attributes locking if successful. |
void PolicyValidated(DeviceCloudPolicyValidator* validator); |
+ // Method called to initiate the STEP_LOCK_DEVICE step. Usually called after |
+ // the STEP_ROBOT_AUTH_REFRESH, but may be called directly after a failed |
+ // STEP_ROBOT_AUTH_FETCH, since robot tokens are currently optional. |
+ void DoLockDeviceStep(); |
+ |
// Calls LockDevice() and proceeds to policy installation. If unsuccessful, |
// reports the result. Actual installation or error report will be done in |
// HandleLockDeviceResult(). |
- void WriteInstallAttributes(const std::string& user, |
- DeviceMode device_mode, |
- const std::string& device_id); |
+ void StartLockDevice(const std::string& user, |
+ DeviceMode device_mode, |
+ const std::string& device_id); |
- // Helper for WriteInstallAttributes(). It performs the actual action based on |
+ // Helper for StartLockDevice(). It performs the actual action based on |
// the result of LockDevice. |
void HandleLockDeviceResult( |
const std::string& user, |
@@ -115,9 +137,11 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
DeviceCloudPolicyStoreChromeOS* store_; |
EnterpriseInstallAttributes* install_attributes_; |
scoped_ptr<CloudPolicyClient> client_; |
+ scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; |
std::string auth_token_; |
std::string client_id_; |
+ std::string robot_refresh_token_; |
bool is_auto_enrollment_; |
AllowedDeviceModes allowed_device_modes_; |
EnrollmentCallback completion_callback_; |
@@ -125,8 +149,10 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
// The device mode as received in the registration request. |
DeviceMode device_mode_; |
- // The validated policy response to be installed in the store. |
+ // The validated policy response info to be installed in the store. |
scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; |
+ std::string username_; |
+ std::string device_id_; |
// Current enrollment step. |
EnrollmentStep enrollment_step_; |