Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / policy / cloud / user_policy_signin_service.cc
blob3e6139db75af9b11eab91ae32b0b354ca85a9482
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/callback.h"
10 #include "base/profiler/scoped_tracker.h"
11 #include "chrome/browser/browser_process.h"
12 #include "chrome/browser/chrome_notification_types.h"
13 #include "chrome/browser/profiles/profile.h"
14 #include "chrome/browser/profiles/profile_manager.h"
15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
16 #include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h"
17 #include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
18 #include "components/signin/core/browser/profile_oauth2_token_service.h"
19 #include "components/signin/core/browser/signin_manager.h"
20 #include "content/public/browser/notification_details.h"
21 #include "content/public/browser/notification_source.h"
22 #include "google_apis/gaia/gaia_constants.h"
23 #include "net/url_request/url_request_context_getter.h"
25 namespace policy {
27 UserPolicySigninService::UserPolicySigninService(
28 Profile* profile,
29 PrefService* local_state,
30 DeviceManagementService* device_management_service,
31 UserCloudPolicyManager* policy_manager,
32 SigninManager* signin_manager,
33 scoped_refptr<net::URLRequestContextGetter> system_request_context,
34 ProfileOAuth2TokenService* token_service)
35 : UserPolicySigninServiceBase(profile,
36 local_state,
37 device_management_service,
38 policy_manager,
39 signin_manager,
40 system_request_context),
41 profile_(profile),
42 oauth2_token_service_(token_service) {
43 // ProfileOAuth2TokenService should not yet have loaded its tokens since this
44 // happens in the background after PKS initialization - so this service
45 // should always be created before the oauth token is available.
46 DCHECK(!oauth2_token_service_->RefreshTokenIsAvailable(
47 signin_manager->GetAuthenticatedAccountId()));
49 // Listen for an OAuth token to become available so we can register a client
50 // if for some reason the client is not already registered (for example, if
51 // the policy load failed during initial signin).
52 oauth2_token_service_->AddObserver(this);
55 UserPolicySigninService::~UserPolicySigninService() {
58 void UserPolicySigninService::PrepareForUserCloudPolicyManagerShutdown() {
59 // Stop any pending registration helper activity. We do this here instead of
60 // in the destructor because we want to shutdown the registration helper
61 // before UserCloudPolicyManager shuts down the CloudPolicyClient.
62 registration_helper_.reset();
64 UserPolicySigninServiceBase::PrepareForUserCloudPolicyManagerShutdown();
67 void UserPolicySigninService::Shutdown() {
68 UserPolicySigninServiceBase::Shutdown();
69 oauth2_token_service_->RemoveObserver(this);
72 void UserPolicySigninService::RegisterForPolicy(
73 const std::string& username,
74 const std::string& oauth2_refresh_token,
75 const PolicyRegistrationCallback& callback) {
76 DCHECK(!oauth2_refresh_token.empty());
78 // Create a new CloudPolicyClient for fetching the DMToken.
79 scoped_ptr<CloudPolicyClient> policy_client = CreateClientForRegistrationOnly(
80 username);
81 if (!policy_client) {
82 callback.Run(std::string(), std::string());
83 return;
86 // Fire off the registration process. Callback keeps the CloudPolicyClient
87 // alive for the length of the registration process. Use the system
88 // request context because the user is not signed in to this profile yet
89 // (we are just doing a test registration to see if policy is supported for
90 // this user).
91 registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
92 policy_client.get(),
93 enterprise_management::DeviceRegisterRequest::BROWSER));
94 registration_helper_->StartRegistrationWithLoginToken(
95 oauth2_refresh_token,
96 base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback,
97 base::Unretained(this),
98 base::Passed(&policy_client),
99 callback));
102 void UserPolicySigninService::CallPolicyRegistrationCallback(
103 scoped_ptr<CloudPolicyClient> client,
104 PolicyRegistrationCallback callback) {
105 registration_helper_.reset();
106 callback.Run(client->dm_token(), client->client_id());
109 void UserPolicySigninService::OnRefreshTokenAvailable(
110 const std::string& account_id) {
111 // TODO(robliao): Remove ScopedTracker below once https://crbug.com/422460 is
112 // fixed.
113 tracked_objects::ScopedTracker tracking_profile(
114 FROM_HERE_WITH_EXPLICIT_FUNCTION(
115 "422460 UserPolicySigninService::OnRefreshTokenAvailable"));
117 // If using a TestingProfile with no UserCloudPolicyManager, skip
118 // initialization.
119 if (!policy_manager()) {
120 DVLOG(1) << "Skipping initialization for tests due to missing components.";
121 return;
124 // Ignore OAuth tokens for any account but the primary one.
125 if (account_id != signin_manager()->GetAuthenticatedAccountId())
126 return;
128 // ProfileOAuth2TokenService now has a refresh token so initialize the
129 // UserCloudPolicyManager.
130 InitializeForSignedInUser(
131 signin_manager()->GetAuthenticatedAccountInfo().email,
132 profile_->GetRequestContext());
135 void UserPolicySigninService::InitializeUserCloudPolicyManager(
136 const std::string& username,
137 scoped_ptr<CloudPolicyClient> client) {
138 UserPolicySigninServiceBase::InitializeUserCloudPolicyManager(username,
139 client.Pass());
140 ProhibitSignoutIfNeeded();
143 void UserPolicySigninService::ShutdownUserCloudPolicyManager() {
144 UserCloudPolicyManager* manager = policy_manager();
145 // Allow the user to signout again.
146 if (manager)
147 signin_manager()->ProhibitSignout(false);
148 UserPolicySigninServiceBase::ShutdownUserCloudPolicyManager();
151 void UserPolicySigninService::OnInitializationCompleted(
152 CloudPolicyService* service) {
153 UserCloudPolicyManager* manager = policy_manager();
154 DCHECK_EQ(service, manager->core()->service());
155 DCHECK(service->IsInitializationComplete());
156 // The service is now initialized - if the client is not yet registered, then
157 // it means that there is no cached policy and so we need to initiate a new
158 // client registration.
159 DVLOG_IF(1, manager->IsClientRegistered())
160 << "Client already registered - not fetching DMToken";
161 if (!manager->IsClientRegistered()) {
162 if (!oauth2_token_service_->RefreshTokenIsAvailable(
163 signin_manager()->GetAuthenticatedAccountId())) {
164 // No token yet - this class listens for OnRefreshTokenAvailable()
165 // and will re-attempt registration once the token is available.
166 DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download";
167 return;
169 RegisterCloudPolicyService();
171 // If client is registered now, prohibit signout.
172 ProhibitSignoutIfNeeded();
175 void UserPolicySigninService::RegisterCloudPolicyService() {
176 DCHECK(!policy_manager()->IsClientRegistered());
177 DVLOG(1) << "Fetching new DM Token";
178 // Do nothing if already starting the registration process.
179 if (registration_helper_)
180 return;
182 // Start the process of registering the CloudPolicyClient. Once it completes,
183 // policy fetch will automatically happen.
184 registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
185 policy_manager()->core()->client(),
186 enterprise_management::DeviceRegisterRequest::BROWSER));
187 registration_helper_->StartRegistration(
188 oauth2_token_service_,
189 signin_manager()->GetAuthenticatedAccountId(),
190 base::Bind(&UserPolicySigninService::OnRegistrationComplete,
191 base::Unretained(this)));
194 void UserPolicySigninService::OnRegistrationComplete() {
195 ProhibitSignoutIfNeeded();
196 registration_helper_.reset();
199 void UserPolicySigninService::ProhibitSignoutIfNeeded() {
200 if (policy_manager()->IsClientRegistered()) {
201 DVLOG(1) << "User is registered for policy - prohibiting signout";
202 signin_manager()->ProhibitSignout(true);
206 } // namespace policy