Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / chrome / browser / chromeos / ownership / owner_settings_service_chromeos.h
blobaea7cc03a24d3c05d5255668372acf487a7aa102
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_
8 #include <string>
9 #include <vector>
11 #include "base/callback_forward.h"
12 #include "base/containers/scoped_ptr_hash_map.h"
13 #include "base/macros.h"
14 #include "base/values.h"
15 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
16 #include "chrome/browser/chromeos/settings/device_settings_service.h"
17 #include "chromeos/dbus/session_manager_client.h"
18 #include "components/keyed_service/core/keyed_service.h"
19 #include "components/ownership/owner_key_util.h"
20 #include "components/ownership/owner_settings_service.h"
21 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
22 #include "content/public/browser/notification_observer.h"
23 #include "content/public/browser/notification_registrar.h"
25 class Profile;
27 namespace content {
28 class WebUI;
31 namespace ownership {
32 class OwnerKeyUtil;
35 namespace chromeos {
37 class FakeOwnerSettingsService;
39 // The class is a profile-keyed service which holds public/private
40 // keypair corresponds to a profile. The keypair is reloaded automatically when
41 // profile is created and TPM token is ready. Note that the private part of a
42 // key can be loaded only for the owner.
44 // TODO (ygorshenin@): move write path for device settings here
45 // (crbug.com/230018).
46 class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService,
47 public content::NotificationObserver,
48 public SessionManagerClient::Observer,
49 public DeviceSettingsService::Observer {
50 public:
51 typedef base::Callback<void(bool success)> OnManagementSettingsSetCallback;
53 struct ManagementSettings {
54 ManagementSettings();
55 ~ManagementSettings();
57 policy::ManagementMode management_mode;
58 std::string request_token;
59 std::string device_id;
62 ~OwnerSettingsServiceChromeOS() override;
64 static OwnerSettingsServiceChromeOS* FromWebUI(content::WebUI* web_ui);
66 void OnTPMTokenReady(bool tpm_token_enabled);
68 bool HasPendingChanges() const;
70 // ownership::OwnerSettingsService implementation:
71 bool HandlesSetting(const std::string& setting) override;
72 bool Set(const std::string& setting, const base::Value& value) override;
73 bool AppendToList(const std::string& setting,
74 const base::Value& value) override;
75 bool RemoveFromList(const std::string& setting,
76 const base::Value& value) override;
77 bool CommitTentativeDeviceSettings(
78 scoped_ptr<enterprise_management::PolicyData> policy) override;
80 // NotificationObserver implementation:
81 void Observe(int type,
82 const content::NotificationSource& source,
83 const content::NotificationDetails& details) override;
85 // SessionManagerClient::Observer:
86 void OwnerKeySet(bool success) override;
88 // DeviceSettingsService::Observer:
89 void OwnershipStatusChanged() override;
90 void DeviceSettingsUpdated() override;
91 void OnDeviceSettingsServiceShutdown() override;
93 // Sets the management related settings.
94 virtual void SetManagementSettings(
95 const ManagementSettings& settings,
96 const OnManagementSettingsSetCallback& callback);
98 // Checks if the user is the device owner, without the user profile having to
99 // been initialized. Should be used only if login state is in safe mode.
100 static void IsOwnerForSafeModeAsync(
101 const std::string& user_hash,
102 const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util,
103 const IsOwnerCallback& callback);
105 // Assembles PolicyData based on |settings|, |policy_data|, |user_id| and
106 // |pending_management_settings|. Applies local-owner policy fixups if needed.
107 static scoped_ptr<enterprise_management::PolicyData> AssemblePolicy(
108 const std::string& user_id,
109 const enterprise_management::PolicyData* policy_data,
110 bool apply_pending_mangement_settings,
111 const ManagementSettings& pending_management_settings,
112 enterprise_management::ChromeDeviceSettingsProto* settings);
114 // Updates device |settings|.
115 static void UpdateDeviceSettings(
116 const std::string& path,
117 const base::Value& value,
118 enterprise_management::ChromeDeviceSettingsProto& settings);
120 protected:
121 OwnerSettingsServiceChromeOS(
122 DeviceSettingsService* device_settings_service,
123 Profile* profile,
124 const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util);
126 private:
127 friend class OwnerSettingsServiceChromeOSFactory;
129 // Perform fixups required to ensure sensical local-owner device policy:
130 // 1) user whitelisting must be explicitly allowed or disallowed, and
131 // 2) the owner user must be on the whitelist, if it's enforced.
132 static void FixupLocalOwnerPolicy(
133 const std::string& user_id,
134 enterprise_management::ChromeDeviceSettingsProto* settings);
136 // OwnerSettingsService protected interface overrides:
138 // Reloads private key from profile's NSS slots, responds via |callback|. On
139 // success, |private_key| is non-null, but if the private key doesn't exist,
140 // |private_key->key()| may be null.
141 void ReloadKeypairImpl(const base::Callback<
142 void(const scoped_refptr<ownership::PublicKey>& public_key,
143 const scoped_refptr<ownership::PrivateKey>& private_key)>& callback)
144 override;
146 // Possibly notifies DeviceSettingsService that owner's keypair is loaded.
147 void OnPostKeypairLoadedActions() override;
149 // Tries to apply recent changes to device settings proto, sign it and store.
150 void StorePendingChanges();
152 // Called when current device settings are successfully signed.
153 // Sends signed settings for storage.
154 void OnPolicyAssembledAndSigned(
155 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_response);
157 // Called by DeviceSettingsService when modified and signed device
158 // settings are stored.
159 void OnSignedPolicyStored(bool success);
161 // Report status to observers and tries to continue storing pending chages to
162 // device settings.
163 void ReportStatusAndContinueStoring(bool success);
165 DeviceSettingsService* device_settings_service_;
167 // Profile this service instance belongs to.
168 Profile* profile_;
170 // User ID this service instance belongs to.
171 std::string user_id_;
173 // Whether profile still needs to be initialized.
174 bool waiting_for_profile_creation_;
176 // Whether TPM token still needs to be initialized.
177 bool waiting_for_tpm_token_;
179 // True if local-owner policy fixups are still pending.
180 bool has_pending_fixups_;
182 // A set of pending changes to device settings.
183 base::ScopedPtrHashMap<std::string, scoped_ptr<base::Value>> pending_changes_;
185 // True if there're pending changes to management settings.
186 bool has_pending_management_settings_;
188 // A set of pending changes to management settings.
189 ManagementSettings pending_management_settings_;
191 // A set of callbacks that need to be run after management settings
192 // are set and policy is stored.
193 std::vector<OnManagementSettingsSetCallback>
194 pending_management_settings_callbacks_;
196 // A protobuf containing pending changes to device settings.
197 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto>
198 tentative_settings_;
200 content::NotificationRegistrar registrar_;
202 base::WeakPtrFactory<OwnerSettingsServiceChromeOS> weak_factory_;
204 base::WeakPtrFactory<OwnerSettingsServiceChromeOS> store_settings_factory_;
206 DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOS);
209 } // namespace chromeos
211 #endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_