Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / supervised_user / legacy / supervised_user_sync_service.cc
blob1da90a26e4197165ae2f9ec69f96ddc970dabdd0
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/supervised_user/legacy/supervised_user_sync_service.h"
7 #include <set>
9 #include "base/bind.h"
10 #include "base/callback.h"
11 #include "base/prefs/scoped_user_pref_update.h"
12 #include "base/strings/string_number_conversions.h"
13 #include "base/strings/stringprintf.h"
14 #include "base/values.h"
15 #include "chrome/browser/profiles/profile.h"
16 #include "chrome/browser/profiles/profile_avatar_icon_util.h"
17 #include "chrome/browser/signin/signin_manager_factory.h"
18 #include "chrome/common/pref_names.h"
19 #include "components/pref_registry/pref_registry_syncable.h"
20 #include "components/signin/core/browser/signin_manager.h"
21 #include "sync/api/sync_change.h"
22 #include "sync/api/sync_data.h"
23 #include "sync/api/sync_error.h"
24 #include "sync/api/sync_error_factory.h"
25 #include "sync/api/sync_merge_result.h"
26 #include "sync/protocol/sync.pb.h"
28 #if defined(OS_CHROMEOS)
29 #include "components/user_manager/user_image/default_user_images.h"
30 #endif
32 using base::DictionaryValue;
33 using user_prefs::PrefRegistrySyncable;
34 using syncer::SUPERVISED_USERS;
35 using syncer::ModelType;
36 using syncer::SyncChange;
37 using syncer::SyncChangeList;
38 using syncer::SyncChangeProcessor;
39 using syncer::SyncData;
40 using syncer::SyncDataList;
41 using syncer::SyncError;
42 using syncer::SyncErrorFactory;
43 using syncer::SyncMergeResult;
44 using sync_pb::ManagedUserSpecifics;
46 namespace {
48 #if defined(OS_CHROMEOS)
49 const char kChromeOSAvatarPrefix[] = "chromeos-avatar-index:";
50 #else
51 const char kChromeAvatarPrefix[] = "chrome-avatar-index:";
52 #endif
54 SyncData CreateLocalSyncData(const std::string& id,
55 const std::string& name,
56 bool acknowledged,
57 const std::string& master_key,
58 const std::string& chrome_avatar,
59 const std::string& chromeos_avatar,
60 const std::string& password_signature_key,
61 const std::string& password_encryption_key) {
62 ::sync_pb::EntitySpecifics specifics;
63 specifics.mutable_managed_user()->set_id(id);
64 specifics.mutable_managed_user()->set_name(name);
65 if (!chrome_avatar.empty())
66 specifics.mutable_managed_user()->set_chrome_avatar(chrome_avatar);
67 if (!chromeos_avatar.empty())
68 specifics.mutable_managed_user()->set_chromeos_avatar(chromeos_avatar);
69 if (!master_key.empty())
70 specifics.mutable_managed_user()->set_master_key(master_key);
71 if (acknowledged)
72 specifics.mutable_managed_user()->set_acknowledged(true);
73 if (!password_signature_key.empty()) {
74 specifics.mutable_managed_user()->
75 set_password_signature_key(password_signature_key);
77 if (!password_encryption_key.empty()) {
78 specifics.mutable_managed_user()->
79 set_password_encryption_key(password_encryption_key);
81 return SyncData::CreateLocalData(id, name, specifics);
84 SyncData CreateSyncDataFromDictionaryEntry(const std::string& id,
85 const base::Value& value) {
86 const base::DictionaryValue* dict = NULL;
87 bool success = value.GetAsDictionary(&dict);
88 DCHECK(success);
89 bool acknowledged = false;
90 dict->GetBoolean(SupervisedUserSyncService::kAcknowledged, &acknowledged);
91 std::string name;
92 dict->GetString(SupervisedUserSyncService::kName, &name);
93 DCHECK(!name.empty());
94 std::string master_key;
95 dict->GetString(SupervisedUserSyncService::kMasterKey, &master_key);
96 std::string chrome_avatar;
97 dict->GetString(SupervisedUserSyncService::kChromeAvatar, &chrome_avatar);
98 std::string chromeos_avatar;
99 dict->GetString(SupervisedUserSyncService::kChromeOsAvatar, &chromeos_avatar);
100 std::string signature;
101 dict->GetString(SupervisedUserSyncService::kPasswordSignatureKey, &signature);
102 std::string encryption;
103 dict->GetString(SupervisedUserSyncService::kPasswordEncryptionKey,
104 &encryption);
106 return CreateLocalSyncData(id,
107 name,
108 acknowledged,
109 master_key,
110 chrome_avatar,
111 chromeos_avatar,
112 signature,
113 encryption);
116 } // namespace
118 const char SupervisedUserSyncService::kAcknowledged[] = "acknowledged";
119 const char SupervisedUserSyncService::kChromeAvatar[] = "chromeAvatar";
120 const char SupervisedUserSyncService::kChromeOsAvatar[] = "chromeOsAvatar";
121 const char SupervisedUserSyncService::kMasterKey[] = "masterKey";
122 const char SupervisedUserSyncService::kName[] = "name";
123 const char SupervisedUserSyncService::kPasswordSignatureKey[] =
124 "passwordSignatureKey";
125 const char SupervisedUserSyncService::kPasswordEncryptionKey[] =
126 "passwordEncryptionKey";
127 const int SupervisedUserSyncService::kNoAvatar = -100;
129 SupervisedUserSyncService::SupervisedUserSyncService(Profile* profile)
130 : profile_(profile), prefs_(profile->GetPrefs()) {
131 SigninManagerFactory::GetForProfile(profile_)->AddObserver(this);
134 SupervisedUserSyncService::~SupervisedUserSyncService() {
137 // static
138 void SupervisedUserSyncService::RegisterProfilePrefs(
139 PrefRegistrySyncable* registry) {
140 registry->RegisterDictionaryPref(prefs::kSupervisedUsers);
143 // static
144 bool SupervisedUserSyncService::GetAvatarIndex(const std::string& avatar_str,
145 int* avatar_index) {
146 DCHECK(avatar_index);
147 if (avatar_str.empty()) {
148 *avatar_index = kNoAvatar;
149 return true;
151 #if defined(OS_CHROMEOS)
152 const char* prefix = kChromeOSAvatarPrefix;
153 #else
154 const char* prefix = kChromeAvatarPrefix;
155 #endif
156 size_t prefix_len = strlen(prefix);
157 if (avatar_str.size() <= prefix_len ||
158 avatar_str.substr(0, prefix_len) != prefix) {
159 return false;
162 if (!base::StringToInt(avatar_str.substr(prefix_len), avatar_index))
163 return false;
165 const int kChromeOSDummyAvatarIndex = -111;
167 #if defined(OS_CHROMEOS)
168 return (*avatar_index == kChromeOSDummyAvatarIndex ||
169 (*avatar_index >= user_manager::kFirstDefaultImageIndex &&
170 *avatar_index < user_manager::kDefaultImagesCount));
171 #else
172 // Check if the Chrome avatar index is set to a dummy value. Some early
173 // supervised user profiles on ChromeOS stored a dummy avatar index as a
174 // Chrome Avatar before there was logic to sync the ChromeOS avatar
175 // separately. Handle this as if the Chrome Avatar was not chosen yet (which
176 // is correct for these profiles).
177 if (*avatar_index == kChromeOSDummyAvatarIndex)
178 *avatar_index = kNoAvatar;
179 return (*avatar_index == kNoAvatar ||
180 (*avatar_index >= 0 &&
181 static_cast<size_t>(*avatar_index) <
182 profiles::GetDefaultAvatarIconCount()));
183 #endif
186 // static
187 std::string SupervisedUserSyncService::BuildAvatarString(int avatar_index) {
188 #if defined(OS_CHROMEOS)
189 const char* prefix = kChromeOSAvatarPrefix;
190 #else
191 const char* prefix = kChromeAvatarPrefix;
192 #endif
193 return base::StringPrintf("%s%d", prefix, avatar_index);
196 void SupervisedUserSyncService::AddObserver(
197 SupervisedUserSyncServiceObserver* observer) {
198 observers_.AddObserver(observer);
201 void SupervisedUserSyncService::RemoveObserver(
202 SupervisedUserSyncServiceObserver* observer) {
203 observers_.RemoveObserver(observer);
206 scoped_ptr<base::DictionaryValue> SupervisedUserSyncService::CreateDictionary(
207 const std::string& name,
208 const std::string& master_key,
209 const std::string& signature_key,
210 const std::string& encryption_key,
211 int avatar_index) {
212 scoped_ptr<base::DictionaryValue> result(new base::DictionaryValue());
213 result->SetString(kName, name);
214 result->SetString(kMasterKey, master_key);
215 result->SetString(kPasswordSignatureKey, signature_key);
216 result->SetString(kPasswordEncryptionKey, encryption_key);
217 // TODO(akuegel): Get rid of the avatar stuff here when Chrome OS switches
218 // to the avatar index that is stored as a shared setting.
219 std::string chrome_avatar;
220 std::string chromeos_avatar;
221 #if defined(OS_CHROMEOS)
222 chromeos_avatar = BuildAvatarString(avatar_index);
223 #else
224 chrome_avatar = BuildAvatarString(avatar_index);
225 #endif
226 result->SetString(kChromeAvatar, chrome_avatar);
227 result->SetString(kChromeOsAvatar, chromeos_avatar);
228 return result.Pass();
231 void SupervisedUserSyncService::AddSupervisedUser(
232 const std::string& id,
233 const std::string& name,
234 const std::string& master_key,
235 const std::string& signature_key,
236 const std::string& encryption_key,
237 int avatar_index) {
238 UpdateSupervisedUserImpl(id,
239 name,
240 master_key,
241 signature_key,
242 encryption_key,
243 avatar_index,
244 true /* add */);
247 void SupervisedUserSyncService::UpdateSupervisedUser(
248 const std::string& id,
249 const std::string& name,
250 const std::string& master_key,
251 const std::string& signature_key,
252 const std::string& encryption_key,
253 int avatar_index) {
254 UpdateSupervisedUserImpl(id,
255 name,
256 master_key,
257 signature_key,
258 encryption_key,
259 avatar_index,
260 false /* update */);
263 void SupervisedUserSyncService::UpdateSupervisedUserImpl(
264 const std::string& id,
265 const std::string& name,
266 const std::string& master_key,
267 const std::string& signature_key,
268 const std::string& encryption_key,
269 int avatar_index,
270 bool add_user) {
271 DictionaryPrefUpdate update(prefs_, prefs::kSupervisedUsers);
272 base::DictionaryValue* dict = update.Get();
273 scoped_ptr<base::DictionaryValue> value = CreateDictionary(
274 name, master_key, signature_key, encryption_key, avatar_index);
276 DCHECK_EQ(add_user, !dict->HasKey(id));
277 base::DictionaryValue* entry = value.get();
278 dict->SetWithoutPathExpansion(id, value.release());
280 if (!sync_processor_)
281 return;
283 // If we're already syncing, create a new change and upload it.
284 SyncChangeList change_list;
285 change_list.push_back(
286 SyncChange(FROM_HERE,
287 add_user ? SyncChange::ACTION_ADD : SyncChange::ACTION_UPDATE,
288 CreateSyncDataFromDictionaryEntry(id, *entry)));
289 SyncError error =
290 sync_processor_->ProcessSyncChanges(FROM_HERE, change_list);
291 DCHECK(!error.IsSet()) << error.ToString();
294 void SupervisedUserSyncService::DeleteSupervisedUser(const std::string& id) {
295 DictionaryPrefUpdate update(prefs_, prefs::kSupervisedUsers);
296 bool success = update->RemoveWithoutPathExpansion(id, NULL);
297 DCHECK(success);
299 if (!sync_processor_)
300 return;
302 SyncChangeList change_list;
303 change_list.push_back(SyncChange(
304 FROM_HERE,
305 SyncChange::ACTION_DELETE,
306 SyncData::CreateLocalDelete(id, SUPERVISED_USERS)));
307 SyncError sync_error =
308 sync_processor_->ProcessSyncChanges(FROM_HERE, change_list);
309 DCHECK(!sync_error.IsSet());
312 const base::DictionaryValue* SupervisedUserSyncService::GetSupervisedUsers() {
313 DCHECK(sync_processor_);
314 return prefs_->GetDictionary(prefs::kSupervisedUsers);
317 bool SupervisedUserSyncService::UpdateSupervisedUserAvatarIfNeeded(
318 const std::string& id,
319 int avatar_index) {
320 DictionaryPrefUpdate update(prefs_, prefs::kSupervisedUsers);
321 base::DictionaryValue* dict = update.Get();
322 DCHECK(dict->HasKey(id));
323 base::DictionaryValue* value = NULL;
324 bool success = dict->GetDictionaryWithoutPathExpansion(id, &value);
325 DCHECK(success);
327 bool acknowledged = false;
328 value->GetBoolean(SupervisedUserSyncService::kAcknowledged, &acknowledged);
329 std::string name;
330 value->GetString(SupervisedUserSyncService::kName, &name);
331 std::string master_key;
332 value->GetString(SupervisedUserSyncService::kMasterKey, &master_key);
333 std::string signature;
334 value->GetString(SupervisedUserSyncService::kPasswordSignatureKey,
335 &signature);
336 std::string encryption;
337 value->GetString(SupervisedUserSyncService::kPasswordEncryptionKey,
338 &encryption);
339 std::string chromeos_avatar;
340 value->GetString(SupervisedUserSyncService::kChromeOsAvatar,
341 &chromeos_avatar);
342 std::string chrome_avatar;
343 value->GetString(SupervisedUserSyncService::kChromeAvatar, &chrome_avatar);
344 // The following check is just for safety. We want to avoid that the existing
345 // avatar selection is overwritten. Currently we don't allow the user to
346 // choose a different avatar in the recreation dialog, anyway, if there is
347 // already an avatar selected.
348 #if defined(OS_CHROMEOS)
349 if (!chromeos_avatar.empty() && avatar_index != kNoAvatar)
350 return false;
351 #else
352 if (!chrome_avatar.empty() && avatar_index != kNoAvatar)
353 return false;
354 #endif
356 chrome_avatar = avatar_index == kNoAvatar ?
357 std::string() : BuildAvatarString(avatar_index);
358 #if defined(OS_CHROMEOS)
359 value->SetString(kChromeOsAvatar, chrome_avatar);
360 #else
361 value->SetString(kChromeAvatar, chrome_avatar);
362 #endif
364 if (!sync_processor_)
365 return true;
367 SyncChangeList change_list;
368 change_list.push_back(SyncChange(
369 FROM_HERE,
370 SyncChange::ACTION_UPDATE,
371 CreateLocalSyncData(id, name, acknowledged, master_key,
372 chrome_avatar, chromeos_avatar,
373 signature, encryption)));
374 SyncError error =
375 sync_processor_->ProcessSyncChanges(FROM_HERE, change_list);
376 DCHECK(!error.IsSet()) << error.ToString();
377 return true;
380 void SupervisedUserSyncService::ClearSupervisedUserAvatar(
381 const std::string& id) {
382 bool cleared = UpdateSupervisedUserAvatarIfNeeded(id, kNoAvatar);
383 DCHECK(cleared);
386 void SupervisedUserSyncService::GetSupervisedUsersAsync(
387 const SupervisedUsersCallback& callback) {
388 // If we are already syncing, just run the callback.
389 if (sync_processor_) {
390 callback.Run(GetSupervisedUsers());
391 return;
394 // Otherwise queue it up until we start syncing.
395 callbacks_.push_back(callback);
398 void SupervisedUserSyncService::Shutdown() {
399 NotifySupervisedUsersSyncingStopped();
400 SigninManagerFactory::GetForProfile(profile_)->RemoveObserver(this);
403 SyncMergeResult SupervisedUserSyncService::MergeDataAndStartSyncing(
404 ModelType type,
405 const SyncDataList& initial_sync_data,
406 scoped_ptr<SyncChangeProcessor> sync_processor,
407 scoped_ptr<SyncErrorFactory> error_handler) {
408 DCHECK_EQ(SUPERVISED_USERS, type);
409 sync_processor_ = sync_processor.Pass();
410 error_handler_ = error_handler.Pass();
412 SyncChangeList change_list;
413 SyncMergeResult result(SUPERVISED_USERS);
415 DictionaryPrefUpdate update(prefs_, prefs::kSupervisedUsers);
416 base::DictionaryValue* dict = update.Get();
417 result.set_num_items_before_association(dict->size());
418 std::set<std::string> seen_ids;
419 int num_items_added = 0;
420 int num_items_modified = 0;
421 for (const SyncData& sync_data : initial_sync_data) {
422 DCHECK_EQ(SUPERVISED_USERS, sync_data.GetDataType());
423 const ManagedUserSpecifics& supervised_user =
424 sync_data.GetSpecifics().managed_user();
425 base::DictionaryValue* value = new base::DictionaryValue();
426 value->SetString(kName, supervised_user.name());
427 value->SetBoolean(kAcknowledged, supervised_user.acknowledged());
428 value->SetString(kMasterKey, supervised_user.master_key());
429 value->SetString(kChromeAvatar, supervised_user.chrome_avatar());
430 value->SetString(kChromeOsAvatar, supervised_user.chromeos_avatar());
431 value->SetString(kPasswordSignatureKey,
432 supervised_user.password_signature_key());
433 value->SetString(kPasswordEncryptionKey,
434 supervised_user.password_encryption_key());
435 if (dict->HasKey(supervised_user.id()))
436 num_items_modified++;
437 else
438 num_items_added++;
439 dict->SetWithoutPathExpansion(supervised_user.id(), value);
440 seen_ids.insert(supervised_user.id());
443 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
444 if (seen_ids.find(it.key()) != seen_ids.end())
445 continue;
447 change_list.push_back(
448 SyncChange(FROM_HERE,
449 SyncChange::ACTION_ADD,
450 CreateSyncDataFromDictionaryEntry(it.key(), it.value())));
452 result.set_error(sync_processor_->ProcessSyncChanges(FROM_HERE, change_list));
454 result.set_num_items_modified(num_items_modified);
455 result.set_num_items_added(num_items_added);
456 result.set_num_items_after_association(dict->size());
458 DispatchCallbacks();
460 return result;
463 void SupervisedUserSyncService::StopSyncing(ModelType type) {
464 DCHECK_EQ(SUPERVISED_USERS, type);
465 // The observers may want to change the Sync data, so notify them before
466 // resetting the |sync_processor_|.
467 NotifySupervisedUsersSyncingStopped();
468 sync_processor_.reset();
469 error_handler_.reset();
472 SyncDataList SupervisedUserSyncService::GetAllSyncData(
473 ModelType type) const {
474 SyncDataList data;
475 DictionaryPrefUpdate update(prefs_, prefs::kSupervisedUsers);
476 base::DictionaryValue* dict = update.Get();
477 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance())
478 data.push_back(CreateSyncDataFromDictionaryEntry(it.key(), it.value()));
480 return data;
483 SyncError SupervisedUserSyncService::ProcessSyncChanges(
484 const tracked_objects::Location& from_here,
485 const SyncChangeList& change_list) {
486 SyncError error;
487 DictionaryPrefUpdate update(prefs_, prefs::kSupervisedUsers);
488 base::DictionaryValue* dict = update.Get();
489 for (const SyncChange& sync_change : change_list) {
490 SyncData data = sync_change.sync_data();
491 DCHECK_EQ(SUPERVISED_USERS, data.GetDataType());
492 const ManagedUserSpecifics& supervised_user =
493 data.GetSpecifics().managed_user();
494 switch (sync_change.change_type()) {
495 case SyncChange::ACTION_ADD:
496 case SyncChange::ACTION_UPDATE: {
497 // Every item we get from the server should be acknowledged.
498 DCHECK(supervised_user.acknowledged());
499 const base::DictionaryValue* old_value = NULL;
500 dict->GetDictionaryWithoutPathExpansion(supervised_user.id(),
501 &old_value);
503 // For an update action, the supervised user should already exist, for
504 // an add action, it should not.
505 DCHECK_EQ(
506 old_value ? SyncChange::ACTION_UPDATE : SyncChange::ACTION_ADD,
507 sync_change.change_type());
509 // If the supervised user switched from unacknowledged to acknowledged,
510 // we might need to continue with a registration.
511 if (old_value && !old_value->HasKey(kAcknowledged))
512 NotifySupervisedUserAcknowledged(supervised_user.id());
514 base::DictionaryValue* value = new base::DictionaryValue;
515 value->SetString(kName, supervised_user.name());
516 value->SetBoolean(kAcknowledged, supervised_user.acknowledged());
517 value->SetString(kMasterKey, supervised_user.master_key());
518 value->SetString(kChromeAvatar, supervised_user.chrome_avatar());
519 value->SetString(kChromeOsAvatar, supervised_user.chromeos_avatar());
520 value->SetString(kPasswordSignatureKey,
521 supervised_user.password_signature_key());
522 value->SetString(kPasswordEncryptionKey,
523 supervised_user.password_encryption_key());
524 dict->SetWithoutPathExpansion(supervised_user.id(), value);
526 NotifySupervisedUsersChanged();
527 break;
529 case SyncChange::ACTION_DELETE: {
530 DCHECK(dict->HasKey(supervised_user.id())) << supervised_user.id();
531 dict->RemoveWithoutPathExpansion(supervised_user.id(), NULL);
532 break;
534 case SyncChange::ACTION_INVALID: {
535 NOTREACHED();
536 break;
540 return error;
543 void SupervisedUserSyncService::GoogleSignedOut(
544 const std::string& account_id,
545 const std::string& username) {
546 DCHECK(!sync_processor_);
548 // Clear all data on signout, to avoid supervised users from one custodian
549 // appearing in another one's profile.
550 prefs_->ClearPref(prefs::kSupervisedUsers);
553 void SupervisedUserSyncService::NotifySupervisedUserAcknowledged(
554 const std::string& supervised_user_id) {
555 FOR_EACH_OBSERVER(SupervisedUserSyncServiceObserver, observers_,
556 OnSupervisedUserAcknowledged(supervised_user_id));
559 void SupervisedUserSyncService::NotifySupervisedUsersSyncingStopped() {
560 FOR_EACH_OBSERVER(SupervisedUserSyncServiceObserver, observers_,
561 OnSupervisedUsersSyncingStopped());
564 void SupervisedUserSyncService::NotifySupervisedUsersChanged() {
565 FOR_EACH_OBSERVER(SupervisedUserSyncServiceObserver,
566 observers_,
567 OnSupervisedUsersChanged());
570 void SupervisedUserSyncService::DispatchCallbacks() {
571 const base::DictionaryValue* supervised_users =
572 prefs_->GetDictionary(prefs::kSupervisedUsers);
573 for (const auto& callback : callbacks_)
574 callback.Run(supervised_users);
575 callbacks_.clear();