search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / enrollment_handler_chromeos.h
blobc15e146c2bee3f043d9e9e22fa21356b317f8bbd
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_
7
8 #include <string>
9
10 #include "base/basictypes.h"
11 #include "base/compiler_specific.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/memory/weak_ptr.h"
15 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
16 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h"
17 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
18 #include "components/policy/core/common/cloud/cloud_policy_client.h"
19 #include "components/policy/core/common/cloud/cloud_policy_store.h"
20 #include "google_apis/gaia/gaia_oauth_client.h"
21
22 namespace base {
23 class SequencedTaskRunner;
24 }
25
26 namespace chromeos {
27 class DeviceOAuth2TokenService;
28 }
29
30 namespace enterprise_management {
31 class PolicyFetchResponse;
32 }
33
34 namespace policy {
35
36 // Implements the logic that establishes enterprise enrollment for Chromium OS
37 // devices. The process is as follows:
38 // 1. Given an auth token, register with the policy service.
39 // 2. Download the initial policy blob from the service.
40 // 3. Verify the policy blob. Everything up to this point doesn't touch device
41 // state.
42 // 4. Download the OAuth2 authorization code for device-level API access.
43 // 5. Download the OAuth2 refresh token for device-level API access and store
44 // it.
45 // 6. Establish the device lock in installation-time attributes.
46 // 7. Store the policy blob and API refresh token.
47 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
48 public CloudPolicyStore::Observer,
49 public gaia::GaiaOAuthClient::Delegate {
50 public:
51 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes
52 AllowedDeviceModes;
53 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback
54 EnrollmentCallback;
55
56 // |store| and |install_attributes| must remain valid for the life time of the
57 // enrollment handler. |allowed_device_modes| determines what device modes
58 // are acceptable. If the mode specified by the server is not acceptable,
59 // enrollment will fail with an EnrollmentStatus indicating
60 // STATUS_REGISTRATION_BAD_MODE.
61 EnrollmentHandlerChromeOS(
62 DeviceCloudPolicyStoreChromeOS* store,
63 EnterpriseInstallAttributes* install_attributes,
64 scoped_ptr<CloudPolicyClient> client,
65 scoped_refptr<base::SequencedTaskRunner> background_task_runner,
66 const std::string& auth_token,
67 const std::string& client_id,
68 bool is_auto_enrollment,
69 const std::string& requisition,
70 const AllowedDeviceModes& allowed_device_modes,
71 const EnrollmentCallback& completion_callback);
72 virtual ~EnrollmentHandlerChromeOS();
73
74 // Starts the enrollment process and reports the result to
75 // |completion_callback_|.
76 void StartEnrollment();
77
78 // Releases the client.
79 scoped_ptr<CloudPolicyClient> ReleaseClient();
80
81 // CloudPolicyClient::Observer:
82 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE;
83 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE;
84 virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE;
85 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE;
86
87 // CloudPolicyStore::Observer:
88 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
89 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
90
91 // GaiaOAuthClient::Delegate:
92 virtual void OnGetTokensResponse(const std::string& refresh_token,
93 const std::string& access_token,
94 int expires_in_seconds) OVERRIDE;
95 virtual void OnRefreshTokenResponse(const std::string& access_token,
96 int expires_in_seconds) OVERRIDE;
97 virtual void OnOAuthError() OVERRIDE;
98 virtual void OnNetworkError(int response_code) OVERRIDE;
99
100 private:
101 // Indicates what step of the process is currently pending. These steps need
102 // to be listed in the order they are traversed in.
103 enum EnrollmentStep {
104 STEP_PENDING, // Not started yet.
105 STEP_LOADING_STORE, // Waiting for |store_| to initialize.
106 STEP_REGISTRATION, // Currently registering the client.
107 STEP_POLICY_FETCH, // Fetching policy.
108 STEP_VALIDATION, // Policy validation.
109 STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code.
110 STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token.
111 STEP_LOCK_DEVICE, // Writing installation-time attributes.
112 STEP_STORE_ROBOT_AUTH, // Encrypting & writing robot refresh token.
113 STEP_STORE_POLICY, // Storing policy and API refresh token.
114 STEP_FINISHED, // Enrollment process finished, no further action.
115 };
116
117 // Starts registration if the store is initialized.
118 void AttemptRegistration();
119
120 // Handles the policy validation result, proceeding with installation-time
121 // attributes locking if successful.
122 void PolicyValidated(DeviceCloudPolicyValidator* validator);
123
124 // Calls LockDevice() and proceeds to policy installation. If unsuccessful,
125 // reports the result. Actual installation or error report will be done in
126 // HandleLockDeviceResult().
127 void StartLockDevice(const std::string& user,
128 DeviceMode device_mode,
129 const std::string& device_id);
130
131 // Helper for StartLockDevice(). It performs the actual action based on
132 // the result of LockDevice.
133 void HandleLockDeviceResult(
134 const std::string& user,
135 DeviceMode device_mode,
136 const std::string& device_id,
137 EnterpriseInstallAttributes::LockResult lock_result);
138
139 // Drops any ongoing actions.
140 void Stop();
141
142 // Reports the result of the enrollment process to the initiator.
143 void ReportResult(EnrollmentStatus status);
144
145 // Continuation of OnStoreLoaded().
146 void DidGetTokenService(chromeos::DeviceOAuth2TokenService* token_service);
147
148 DeviceCloudPolicyStoreChromeOS* store_;
149 EnterpriseInstallAttributes* install_attributes_;
150 scoped_ptr<CloudPolicyClient> client_;
151 scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
152 scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
153
154 std::string auth_token_;
155 std::string client_id_;
156 bool is_auto_enrollment_;
157 std::string requisition_;
158 std::string refresh_token_;
159 AllowedDeviceModes allowed_device_modes_;
160 EnrollmentCallback completion_callback_;
161
162 // The device mode as received in the registration request.
163 DeviceMode device_mode_;
164
165 // The validated policy response info to be installed in the store.
166 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_;
167 std::string username_;
168 std::string device_id_;
169
170 // Current enrollment step.
171 EnrollmentStep enrollment_step_;
172
173 // Total amount of time in milliseconds spent waiting for lockbox
174 // initialization.
175 int lockbox_init_duration_;
176
177 // Used for locking the device and getting the OAuth2 token service.
178 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_;
179
180 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS);
181 };
182
183 } // namespace policy
184
185 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_