1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
11 #include "base/basictypes.h"
12 #include "base/compiler_specific.h"
13 #include "base/files/file_path.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/memory/weak_ptr.h"
17 #include "chromeos/dbus/dbus_method_call_status.h"
18 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
19 #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
22 class SequencedTaskRunner
;
26 class CryptohomeClient
;
27 class SessionManagerClient
;
32 class LegacyPolicyCacheLoader
;
34 // Implements a cloud policy store backed by the Chrome OS' session_manager,
35 // which takes care of persisting policy to disk and is accessed via DBus calls
36 // through SessionManagerClient.
38 // Additionally, this class drives legacy UserPolicyTokenCache and
39 // UserPolicyDiskCache instances, migrating policy from these to session_manager
40 // storage on the fly.
41 class UserCloudPolicyStoreChromeOS
: public UserCloudPolicyStoreBase
{
43 UserCloudPolicyStoreChromeOS(
44 chromeos::CryptohomeClient
* cryptohome_client
,
45 chromeos::SessionManagerClient
* session_manager_client
,
46 scoped_refptr
<base::SequencedTaskRunner
> background_task_runner
,
47 const std::string
& username
,
48 const base::FilePath
& user_policy_key_dir
,
49 const base::FilePath
& legacy_token_cache_file
,
50 const base::FilePath
& legacy_policy_cache_file
);
51 virtual ~UserCloudPolicyStoreChromeOS();
55 const enterprise_management::PolicyFetchResponse
& policy
) OVERRIDE
;
56 virtual void Load() OVERRIDE
;
58 // Loads the policy synchronously on the current thread.
59 void LoadImmediately();
62 // Starts validation of |policy| before storing it.
63 void ValidatePolicyForStore(
64 scoped_ptr
<enterprise_management::PolicyFetchResponse
> policy
);
66 // Completion handler for policy validation on the Store() path.
67 // Starts a store operation if the validation succeeded.
68 void OnPolicyToStoreValidated(UserCloudPolicyValidator
* validator
);
70 // Called back from SessionManagerClient for policy store operations.
71 void OnPolicyStored(bool);
73 // Called back from SessionManagerClient for policy load operations.
74 void OnPolicyRetrieved(const std::string
& policy_blob
);
76 // Starts validation of the loaded |policy| before installing it.
77 void ValidateRetrievedPolicy(
78 scoped_ptr
<enterprise_management::PolicyFetchResponse
> policy
);
80 // Completion handler for policy validation on the Load() path. Installs the
81 // policy and publishes it if validation succeeded.
82 void OnRetrievedPolicyValidated(UserCloudPolicyValidator
* validator
);
84 // Callback for loading legacy caches.
85 void OnLegacyLoadFinished(
86 const std::string
& dm_token
,
87 const std::string
& device_id
,
89 scoped_ptr
<enterprise_management::PolicyFetchResponse
>);
91 // Completion callback for legacy policy validation.
92 void OnLegacyPolicyValidated(const std::string
& dm_token
,
93 const std::string
& device_id
,
94 UserCloudPolicyValidator
* validator
);
96 // Installs legacy tokens.
97 void InstallLegacyTokens(const std::string
& dm_token
,
98 const std::string
& device_id
);
100 // Removes the passed-in legacy cache directory.
101 static void RemoveLegacyCacheDir(const base::FilePath
& dir
);
103 // Invokes |callback| after reloading |policy_key_|.
104 void ReloadPolicyKey(const base::Closure
& callback
);
106 // Reads the contents of |path| into |key|.
107 static void LoadPolicyKey(const base::FilePath
& path
,
108 std::vector
<uint8
>* key
);
110 // Callback for the key reloading.
111 void OnPolicyKeyReloaded(std::vector
<uint8
>* key
,
112 const base::Closure
& callback
);
114 // Invokes |callback| after creating |policy_key_|, if it hasn't been created
115 // yet; otherwise invokes |callback| immediately.
116 void EnsurePolicyKeyLoaded(const base::Closure
& callback
);
118 // Callback for getting the sanitized username from |cryptohome_client_|.
119 void OnGetSanitizedUsername(const base::Closure
& callback
,
120 chromeos::DBusMethodCallStatus call_status
,
121 const std::string
& sanitized_username
);
123 chromeos::CryptohomeClient
* cryptohome_client_
;
124 chromeos::SessionManagerClient
* session_manager_client_
;
125 const std::string username_
;
126 base::FilePath user_policy_key_dir_
;
128 base::WeakPtrFactory
<UserCloudPolicyStoreChromeOS
> weak_factory_
;
130 // TODO(mnissler): Remove all the legacy policy support members below after
131 // the number of pre-M20 clients drops back to zero.
132 base::FilePath legacy_cache_dir_
;
133 scoped_ptr
<LegacyPolicyCacheLoader
> legacy_loader_
;
134 bool legacy_caches_loaded_
;
136 bool policy_key_loaded_
;
137 base::FilePath policy_key_path_
;
138 std::vector
<uint8
> policy_key_
;
140 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS
);
143 } // namespace policy
145 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_