search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix infinite recursion on hiding panel when created during fullscreen mode.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / enrollment_handler_chromeos.h
blobe92accf064ea9bfb1ec754bf0b827f1fa2473b42
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_
7
8 #include <string>
9
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/memory/weak_ptr.h"
15 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
16 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h"
17 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
18 #include "components/policy/core/common/cloud/cloud_policy_client.h"
19 #include "components/policy/core/common/cloud/cloud_policy_store.h"
20 #include "google_apis/gaia/gaia_oauth_client.h"
21
22 namespace base {
23 class SequencedTaskRunner;
24 }
25
26 namespace enterprise_management {
27 class PolicyFetchResponse;
28 }
29
30 namespace policy {
31
32 // Implements the logic that establishes enterprise enrollment for Chromium OS
33 // devices. The process is as follows:
34 // 1. Given an auth token, register with the policy service.
35 // 2. Download the initial policy blob from the service.
36 // 3. Verify the policy blob. Everything up to this point doesn't touch device
37 // state.
38 // 4. Download the OAuth2 authorization code for device-level API access.
39 // 5. Download the OAuth2 refresh token for device-level API access and store
40 // it.
41 // 6. Establish the device lock in installation-time attributes.
42 // 7. Store the policy blob and API refresh token.
43 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
44 public CloudPolicyStore::Observer,
45 public gaia::GaiaOAuthClient::Delegate {
46 public:
47 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes
48 AllowedDeviceModes;
49 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback
50 EnrollmentCallback;
51
52 // |store| and |install_attributes| must remain valid for the life time of the
53 // enrollment handler. |allowed_device_modes| determines what device modes
54 // are acceptable. If the mode specified by the server is not acceptable,
55 // enrollment will fail with an EnrollmentStatus indicating
56 // STATUS_REGISTRATION_BAD_MODE.
57 EnrollmentHandlerChromeOS(
58 DeviceCloudPolicyStoreChromeOS* store,
59 EnterpriseInstallAttributes* install_attributes,
60 scoped_ptr<CloudPolicyClient> client,
61 scoped_refptr<base::SequencedTaskRunner> background_task_runner,
62 const std::string& auth_token,
63 const std::string& client_id,
64 bool is_auto_enrollment,
65 const std::string& requisition,
66 const std::string& current_state_key,
67 const AllowedDeviceModes& allowed_device_modes,
68 const EnrollmentCallback& completion_callback);
69 virtual ~EnrollmentHandlerChromeOS();
70
71 // Starts the enrollment process and reports the result to
72 // |completion_callback_|.
73 void StartEnrollment();
74
75 // Releases the client.
76 scoped_ptr<CloudPolicyClient> ReleaseClient();
77
78 // CloudPolicyClient::Observer:
79 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE;
80 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE;
81 virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE;
82 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE;
83
84 // CloudPolicyStore::Observer:
85 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
86 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
87
88 // GaiaOAuthClient::Delegate:
89 virtual void OnGetTokensResponse(const std::string& refresh_token,
90 const std::string& access_token,
91 int expires_in_seconds) OVERRIDE;
92 virtual void OnRefreshTokenResponse(const std::string& access_token,
93 int expires_in_seconds) OVERRIDE;
94 virtual void OnOAuthError() OVERRIDE;
95 virtual void OnNetworkError(int response_code) OVERRIDE;
96
97 private:
98 // Indicates what step of the process is currently pending. These steps need
99 // to be listed in the order they are traversed in.
100 enum EnrollmentStep {
101 STEP_PENDING, // Not started yet.
102 STEP_LOADING_STORE, // Waiting for |store_| to initialize.
103 STEP_REGISTRATION, // Currently registering the client.
104 STEP_POLICY_FETCH, // Fetching policy.
105 STEP_VALIDATION, // Policy validation.
106 STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code.
107 STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token.
108 STEP_LOCK_DEVICE, // Writing installation-time attributes.
109 STEP_STORE_ROBOT_AUTH, // Encrypting & writing robot refresh token.
110 STEP_STORE_POLICY, // Storing policy and API refresh token.
111 STEP_FINISHED, // Enrollment process finished, no further action.
112 };
113
114 // Starts registration if the store is initialized.
115 void AttemptRegistration();
116
117 // Handles the policy validation result, proceeding with installation-time
118 // attributes locking if successful.
119 void PolicyValidated(DeviceCloudPolicyValidator* validator);
120
121 // Calls LockDevice() and proceeds to policy installation. If unsuccessful,
122 // reports the result. Actual installation or error report will be done in
123 // HandleLockDeviceResult().
124 void StartLockDevice(const std::string& user,
125 DeviceMode device_mode,
126 const std::string& device_id);
127
128 // Helper for StartLockDevice(). It performs the actual action based on
129 // the result of LockDevice.
130 void HandleLockDeviceResult(
131 const std::string& user,
132 DeviceMode device_mode,
133 const std::string& device_id,
134 EnterpriseInstallAttributes::LockResult lock_result);
135
136 // Handles completion of the robot token store operation.
137 void HandleRobotAuthTokenStored(bool result);
138
139 // Drops any ongoing actions.
140 void Stop();
141
142 // Reports the result of the enrollment process to the initiator.
143 void ReportResult(EnrollmentStatus status);
144
145 DeviceCloudPolicyStoreChromeOS* store_;
146 EnterpriseInstallAttributes* install_attributes_;
147 scoped_ptr<CloudPolicyClient> client_;
148 scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
149 scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
150
151 std::string auth_token_;
152 std::string client_id_;
153 bool is_auto_enrollment_;
154 std::string requisition_;
155 std::string current_state_key_;
156 std::string refresh_token_;
157 AllowedDeviceModes allowed_device_modes_;
158 EnrollmentCallback completion_callback_;
159
160 // The device mode as received in the registration request.
161 DeviceMode device_mode_;
162
163 // The validated policy response info to be installed in the store.
164 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_;
165 std::string username_;
166 std::string device_id_;
167
168 // Current enrollment step.
169 EnrollmentStep enrollment_step_;
170
171 // Total amount of time in milliseconds spent waiting for lockbox
172 // initialization.
173 int lockbox_init_duration_;
174
175 // Used for locking the device.
176 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_;
177
178 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS);
179 };
180
181 } // namespace policy
182
183 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_