1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/consumer_enrollment_handler.h"
8 #include "base/location.h"
9 #include "base/logging.h"
10 #include "base/message_loop/message_loop.h"
11 #include "chrome/browser/browser_process.h"
12 #include "chrome/browser/browser_process_platform_part.h"
13 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h"
14 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
15 #include "chrome/browser/chromeos/policy/consumer_management_service.h"
16 #include "chrome/browser/chromeos/policy/consumer_management_stage.h"
17 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
18 #include "chrome/browser/chromeos/policy/enrollment_config.h"
19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
20 #include "chrome/browser/profiles/profile.h"
21 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
22 #include "chrome/browser/signin/signin_manager_factory.h"
23 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
24 #include "components/signin/core/browser/profile_oauth2_token_service.h"
25 #include "components/signin/core/browser/signin_manager_base.h"
26 #include "google_apis/gaia/gaia_constants.h"
27 #include "google_apis/gaia/google_service_auth_error.h"
31 ConsumerEnrollmentHandler::ConsumerEnrollmentHandler(
33 ConsumerManagementService
* consumer_management_service
,
34 DeviceManagementService
* device_management_service
)
35 : Consumer("consumer_enrollment_handler"),
37 consumer_management_service_(consumer_management_service
),
38 device_management_service_(device_management_service
),
39 weak_ptr_factory_(this) {
40 gaia_account_id_
= SigninManagerFactory::GetForProfile(profile
)->
41 GetAuthenticatedAccountId();
42 ContinueEnrollmentProcess();
45 ConsumerEnrollmentHandler::~ConsumerEnrollmentHandler() {
48 void ConsumerEnrollmentHandler::Shutdown() {
49 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_
)->
53 void ConsumerEnrollmentHandler::OnRefreshTokenAvailable(
54 const std::string
& account_id
) {
55 if (account_id
== gaia_account_id_
) {
56 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_
)->
58 OnOwnerRefreshTokenAvailable();
62 void ConsumerEnrollmentHandler::OnGetTokenSuccess(
63 const OAuth2TokenService::Request
* request
,
64 const std::string
& access_token
,
65 const base::Time
& expiration_time
) {
66 DCHECK_EQ(token_request_
, request
);
67 base::MessageLoop::current()->DeleteSoon(FROM_HERE
, token_request_
.release());
69 OnOwnerAccessTokenAvailable(access_token
);
72 void ConsumerEnrollmentHandler::OnGetTokenFailure(
73 const OAuth2TokenService::Request
* request
,
74 const GoogleServiceAuthError
& error
) {
75 DCHECK_EQ(token_request_
, request
);
76 base::MessageLoop::current()->DeleteSoon(FROM_HERE
, token_request_
.release());
78 LOG(ERROR
) << "Failed to get the access token: " << error
.ToString();
79 EndEnrollment(ConsumerManagementStage::EnrollmentGetTokenFailed());
82 void ConsumerEnrollmentHandler::ContinueEnrollmentProcess() {
83 // First, we need to ensure that the refresh token is available.
84 ProfileOAuth2TokenService
* token_service
=
85 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_
);
86 if (token_service
->RefreshTokenIsAvailable(gaia_account_id_
)) {
87 OnOwnerRefreshTokenAvailable();
89 token_service
->AddObserver(this);
93 void ConsumerEnrollmentHandler::OnOwnerRefreshTokenAvailable() {
94 // Now we can request the OAuth access token for device management to send the
95 // device registration request to the device management server.
96 OAuth2TokenService::ScopeSet oauth_scopes
;
97 oauth_scopes
.insert(GaiaConstants::kDeviceManagementServiceOAuth
);
98 token_request_
= ProfileOAuth2TokenServiceFactory::GetForProfile(
99 profile_
)->StartRequest(gaia_account_id_
, oauth_scopes
, this);
102 void ConsumerEnrollmentHandler::OnOwnerAccessTokenAvailable(
103 const std::string
& access_token
) {
104 // Now that we have the access token, we got everything we need to send the
105 // device registration request to the device management server.
106 BrowserPolicyConnectorChromeOS
* connector
=
107 g_browser_process
->platform_part()->browser_policy_connector_chromeos();
108 DeviceCloudPolicyInitializer
* initializer
=
109 connector
->GetDeviceCloudPolicyInitializer();
112 policy::DeviceCloudPolicyInitializer::AllowedDeviceModes device_modes
;
113 device_modes
[policy::DEVICE_MODE_ENTERPRISE
] = true;
115 EnrollmentConfig enrollment_config
;
116 enrollment_config
.mode
= EnrollmentConfig::MODE_MANUAL
;
117 initializer
->StartEnrollment(
118 MANAGEMENT_MODE_CONSUMER_MANAGED
, device_management_service_
,
119 chromeos::OwnerSettingsServiceChromeOSFactory::GetForBrowserContext(
121 enrollment_config
, access_token
, device_modes
,
122 base::Bind(&ConsumerEnrollmentHandler::OnEnrollmentCompleted
,
123 weak_ptr_factory_
.GetWeakPtr()));
126 void ConsumerEnrollmentHandler::OnEnrollmentCompleted(EnrollmentStatus status
) {
127 if (status
.status() != EnrollmentStatus::STATUS_SUCCESS
) {
128 LOG(ERROR
) << "Failed to enroll the device."
129 << " status=" << status
.status()
130 << " client_status=" << status
.client_status()
131 << " http_status=" << status
.http_status()
132 << " store_status=" << status
.store_status()
133 << " validation_status=" << status
.validation_status();
134 EndEnrollment(ConsumerManagementStage::EnrollmentDMServerFailed());
138 EndEnrollment(ConsumerManagementStage::EnrollmentSuccess());
141 void ConsumerEnrollmentHandler::EndEnrollment(
142 const ConsumerManagementStage
& stage
) {
143 consumer_management_service_
->SetStage(stage
);
146 } // namespace policy
