1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
7 #include "base/memory/singleton.h"
8 #include "base/prefs/pref_registry_simple.h"
9 #include "base/prefs/pref_service.h"
10 #include "base/prefs/scoped_user_pref_update.h"
11 #include "chrome/browser/browser_process.h"
12 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
13 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
15 #include "chrome/browser/chromeos/profiles/profile_helper.h"
16 #include "chrome/browser/lifetime/application_lifetime.h"
17 #include "chrome/browser/profiles/incognito_helpers.h"
18 #include "chrome/browser/profiles/profile.h"
19 #include "chrome/common/pref_names.h"
20 #include "components/keyed_service/content/browser_context_dependency_manager.h"
21 #include "components/pref_registry/pref_registry_syncable.h"
22 #include "components/user_manager/user_manager.h"
27 PolicyCertService
* PolicyCertServiceFactory::GetForProfile(Profile
* profile
) {
28 return static_cast<PolicyCertService
*>(
29 GetInstance()->GetServiceForBrowserContext(profile
, false));
33 scoped_ptr
<PolicyCertVerifier
> PolicyCertServiceFactory::CreateForProfile(
35 DCHECK(!GetInstance()->GetServiceForBrowserContext(profile
, false));
36 PolicyCertService
* service
= static_cast<PolicyCertService
*>(
37 GetInstance()->GetServiceForBrowserContext(profile
, true));
39 return scoped_ptr
<PolicyCertVerifier
>();
40 return service
->CreatePolicyCertVerifier();
44 PolicyCertServiceFactory
* PolicyCertServiceFactory::GetInstance() {
45 return Singleton
<PolicyCertServiceFactory
>::get();
49 void PolicyCertServiceFactory::SetUsedPolicyCertificates(
50 const std::string
& user_id
) {
51 if (UsedPolicyCertificates(user_id
))
53 ListPrefUpdate
update(g_browser_process
->local_state(),
54 prefs::kUsedPolicyCertificates
);
55 update
->AppendString(user_id
);
59 void PolicyCertServiceFactory::ClearUsedPolicyCertificates(
60 const std::string
& user_id
) {
61 ListPrefUpdate
update(g_browser_process
->local_state(),
62 prefs::kUsedPolicyCertificates
);
63 update
->Remove(base::StringValue(user_id
), NULL
);
67 bool PolicyCertServiceFactory::UsedPolicyCertificates(
68 const std::string
& user_id
) {
69 base::StringValue
value(user_id
);
70 const base::ListValue
* list
=
71 g_browser_process
->local_state()->GetList(prefs::kUsedPolicyCertificates
);
76 return list
->Find(value
) != list
->end();
80 void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple
* local_state
) {
81 local_state
->RegisterListPref(prefs::kUsedPolicyCertificates
);
84 PolicyCertServiceFactory::PolicyCertServiceFactory()
85 : BrowserContextKeyedServiceFactory(
87 BrowserContextDependencyManager::GetInstance()) {
88 DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance());
91 PolicyCertServiceFactory::~PolicyCertServiceFactory() {}
93 KeyedService
* PolicyCertServiceFactory::BuildServiceInstanceFor(
94 content::BrowserContext
* context
) const {
95 Profile
* profile
= static_cast<Profile
*>(context
);
97 user_manager::UserManager
* user_manager
= user_manager::UserManager::Get();
98 const user_manager::User
* user
=
99 chromeos::ProfileHelper::Get()->GetUserByProfile(
100 profile
->GetOriginalProfile());
104 // Backwards compatibility: profiles that used policy-pushed certificates used
105 // to have this condition marked in their prefs. This signal has moved to
106 // local_state though, to support checking it before the profile is loaded.
107 // Check the profile here and update the local_state, if appropriate.
108 // TODO(joaodasilva): remove this, eventually.
109 PrefService
* prefs
= profile
->GetOriginalProfile()->GetPrefs();
110 if (prefs
->GetBoolean(prefs::kUsedPolicyCertificatesOnce
)) {
111 SetUsedPolicyCertificates(user
->email());
112 prefs
->ClearPref(prefs::kUsedPolicyCertificatesOnce
);
114 if (user_manager
->GetLoggedInUsers().size() > 1u) {
115 // This login should not have been allowed. After rebooting, local_state
116 // will contain the updated list of users that used policy-pushed
117 // certificates and this won't happen again.
118 // Note that a user becomes logged in before his profile is created.
119 LOG(ERROR
) << "Shutdown session because a tainted profile was added.";
120 g_browser_process
->local_state()->CommitPendingWrite();
121 prefs
->CommitPendingWrite();
122 chrome::AttemptUserExit();
126 UserNetworkConfigurationUpdater
* net_conf_updater
=
127 UserNetworkConfigurationUpdaterFactory::GetForProfile(profile
);
128 if (!net_conf_updater
)
131 return new PolicyCertService(user
->email(), net_conf_updater
, user_manager
);
134 content::BrowserContext
* PolicyCertServiceFactory::GetBrowserContextToUse(
135 content::BrowserContext
* context
) const {
136 return chrome::GetBrowserContextOwnInstanceInIncognito(context
);
139 void PolicyCertServiceFactory::RegisterProfilePrefs(
140 user_prefs::PrefRegistrySyncable
* registry
) {
141 // TODO(joaodasilva): this is used for backwards compatibility.
142 // Remove once it's not necessary anymore.
143 registry
->RegisterBooleanPref(
144 prefs::kUsedPolicyCertificatesOnce
,
146 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF
);
149 bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const {
153 } // namespace policy
