cygprofile: increase timeouts to allow showing web contents
[chromium-blink-merge.git] / components / policy / core / common / cloud / device_management_service.cc
blob5a22d9dfa6d9b88e71800fa718c195aed7c83759
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/policy/core/common/cloud/device_management_service.h"
7 #include <utility>
9 #include "base/bind.h"
10 #include "base/compiler_specific.h"
11 #include "base/location.h"
12 #include "base/single_thread_task_runner.h"
13 #include "base/thread_task_runner_handle.h"
14 #include "net/base/escape.h"
15 #include "net/base/load_flags.h"
16 #include "net/base/net_errors.h"
17 #include "net/http/http_response_headers.h"
18 #include "net/url_request/url_fetcher.h"
19 #include "net/url_request/url_request_context_getter.h"
20 #include "net/url_request/url_request_status.h"
21 #include "url/gurl.h"
23 namespace em = enterprise_management;
25 namespace policy {
27 namespace {
29 const char kPostContentType[] = "application/protobuf";
31 const char kServiceTokenAuthHeader[] = "Authorization: GoogleLogin auth=";
32 const char kDMTokenAuthHeader[] = "Authorization: GoogleDMToken token=";
34 // Number of times to retry on ERR_NETWORK_CHANGED errors.
35 const int kMaxNetworkChangedRetries = 3;
37 // HTTP Error Codes of the DM Server with their concrete meanings in the context
38 // of the DM Server communication.
39 const int kSuccess = 200;
40 const int kInvalidArgument = 400;
41 const int kInvalidAuthCookieOrDMToken = 401;
42 const int kMissingLicenses = 402;
43 const int kDeviceManagementNotAllowed = 403;
44 const int kInvalidURL = 404; // This error is not coming from the GFE.
45 const int kInvalidSerialNumber = 405;
46 const int kDomainMismatch = 406;
47 const int kDeviceIdConflict = 409;
48 const int kDeviceNotFound = 410;
49 const int kPendingApproval = 412;
50 const int kInternalServerError = 500;
51 const int kServiceUnavailable = 503;
52 const int kPolicyNotFound = 902;
53 const int kDeprovisioned = 903;
55 bool IsProxyError(const net::URLRequestStatus status) {
56 switch (status.error()) {
57 case net::ERR_PROXY_CONNECTION_FAILED:
58 case net::ERR_TUNNEL_CONNECTION_FAILED:
59 case net::ERR_PROXY_AUTH_UNSUPPORTED:
60 case net::ERR_HTTPS_PROXY_TUNNEL_RESPONSE:
61 case net::ERR_MANDATORY_PROXY_CONFIGURATION_FAILED:
62 case net::ERR_PROXY_CERTIFICATE_INVALID:
63 case net::ERR_SOCKS_CONNECTION_FAILED:
64 case net::ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
65 return true;
67 return false;
70 bool IsProtobufMimeType(const net::URLFetcher* fetcher) {
71 return fetcher->GetResponseHeaders()->HasHeaderValue(
72 "content-type", "application/x-protobuffer");
75 bool FailedWithProxy(const net::URLFetcher* fetcher) {
76 if ((fetcher->GetLoadFlags() & net::LOAD_BYPASS_PROXY) != 0) {
77 // The request didn't use a proxy.
78 return false;
81 if (!fetcher->GetStatus().is_success() &&
82 IsProxyError(fetcher->GetStatus())) {
83 LOG(WARNING) << "Proxy failed while contacting dmserver.";
84 return true;
87 if (fetcher->GetStatus().is_success() &&
88 fetcher->GetResponseCode() == kSuccess &&
89 fetcher->WasFetchedViaProxy() &&
90 !IsProtobufMimeType(fetcher)) {
91 // The proxy server can be misconfigured but pointing to an existing
92 // server that replies to requests. Try to recover if a successful
93 // request that went through a proxy returns an unexpected mime type.
94 LOG(WARNING) << "Got bad mime-type in response from dmserver that was "
95 << "fetched via a proxy.";
96 return true;
99 return false;
102 const char* JobTypeToRequestType(DeviceManagementRequestJob::JobType type) {
103 switch (type) {
104 case DeviceManagementRequestJob::TYPE_AUTO_ENROLLMENT:
105 return dm_protocol::kValueRequestAutoEnrollment;
106 case DeviceManagementRequestJob::TYPE_REGISTRATION:
107 return dm_protocol::kValueRequestRegister;
108 case DeviceManagementRequestJob::TYPE_POLICY_FETCH:
109 return dm_protocol::kValueRequestPolicy;
110 case DeviceManagementRequestJob::TYPE_API_AUTH_CODE_FETCH:
111 return dm_protocol::kValueRequestApiAuthorization;
112 case DeviceManagementRequestJob::TYPE_UNREGISTRATION:
113 return dm_protocol::kValueRequestUnregister;
114 case DeviceManagementRequestJob::TYPE_UPLOAD_CERTIFICATE:
115 return dm_protocol::kValueRequestUploadCertificate;
116 case DeviceManagementRequestJob::TYPE_DEVICE_STATE_RETRIEVAL:
117 return dm_protocol::kValueRequestDeviceStateRetrieval;
118 case DeviceManagementRequestJob::TYPE_UPLOAD_STATUS:
119 return dm_protocol::kValueRequestUploadStatus;
120 case DeviceManagementRequestJob::TYPE_REMOTE_COMMANDS:
121 return dm_protocol::kValueRequestRemoteCommands;
122 case DeviceManagementRequestJob::TYPE_ATTRIBUTE_UPDATE_PERMISSION:
123 return dm_protocol::kValueRequestDeviceAttributeUpdatePermission;
124 case DeviceManagementRequestJob::TYPE_ATTRIBUTE_UPDATE:
125 return dm_protocol::kValueRequestDeviceAttributeUpdate;
126 case DeviceManagementRequestJob::TYPE_GCM_ID_UPDATE:
127 return dm_protocol::kValueRequestGcmIdUpdate;
129 NOTREACHED() << "Invalid job type " << type;
130 return "";
133 } // namespace
135 // Request job implementation used with DeviceManagementService.
136 class DeviceManagementRequestJobImpl : public DeviceManagementRequestJob {
137 public:
138 DeviceManagementRequestJobImpl(
139 JobType type,
140 const std::string& agent_parameter,
141 const std::string& platform_parameter,
142 DeviceManagementService* service,
143 const scoped_refptr<net::URLRequestContextGetter>& request_context);
144 ~DeviceManagementRequestJobImpl() override;
146 // Handles the URL request response.
147 void HandleResponse(const net::URLRequestStatus& status,
148 int response_code,
149 const net::ResponseCookies& cookies,
150 const std::string& data);
152 // Gets the URL to contact.
153 GURL GetURL(const std::string& server_url);
155 // Configures the fetcher, setting up payload and headers.
156 void ConfigureRequest(net::URLFetcher* fetcher);
158 // Returns true if this job should be retried. |fetcher| has just completed,
159 // and can be inspected to determine if the request failed and should be
160 // retried.
161 bool ShouldRetry(const net::URLFetcher* fetcher);
163 // Invoked right before retrying this job.
164 void PrepareRetry();
166 protected:
167 // DeviceManagementRequestJob:
168 void Run() override;
170 private:
171 // Invokes the callback with the given error code.
172 void ReportError(DeviceManagementStatus code);
174 // Pointer to the service this job is associated with.
175 DeviceManagementService* service_;
177 // Whether the BYPASS_PROXY flag should be set by ConfigureRequest().
178 bool bypass_proxy_;
180 // Number of times that this job has been retried due to ERR_NETWORK_CHANGED.
181 int retries_count_;
183 // The request context to use for this job.
184 scoped_refptr<net::URLRequestContextGetter> request_context_;
186 DISALLOW_COPY_AND_ASSIGN(DeviceManagementRequestJobImpl);
189 DeviceManagementRequestJobImpl::DeviceManagementRequestJobImpl(
190 JobType type,
191 const std::string& agent_parameter,
192 const std::string& platform_parameter,
193 DeviceManagementService* service,
194 const scoped_refptr<net::URLRequestContextGetter>& request_context)
195 : DeviceManagementRequestJob(type, agent_parameter, platform_parameter),
196 service_(service),
197 bypass_proxy_(false),
198 retries_count_(0),
199 request_context_(request_context) {
202 DeviceManagementRequestJobImpl::~DeviceManagementRequestJobImpl() {
203 service_->RemoveJob(this);
206 void DeviceManagementRequestJobImpl::Run() {
207 service_->AddJob(this);
210 void DeviceManagementRequestJobImpl::HandleResponse(
211 const net::URLRequestStatus& status,
212 int response_code,
213 const net::ResponseCookies& cookies,
214 const std::string& data) {
215 if (status.status() != net::URLRequestStatus::SUCCESS) {
216 LOG(WARNING) << "DMServer request failed, status: " << status.status()
217 << ", error: " << status.error();
218 em::DeviceManagementResponse dummy_response;
219 callback_.Run(DM_STATUS_REQUEST_FAILED, status.error(), dummy_response);
220 return;
223 if (response_code != kSuccess)
224 LOG(WARNING) << "DMServer sent an error response: " << response_code;
226 switch (response_code) {
227 case kSuccess: {
228 em::DeviceManagementResponse response;
229 if (!response.ParseFromString(data)) {
230 ReportError(DM_STATUS_RESPONSE_DECODING_ERROR);
231 return;
233 callback_.Run(DM_STATUS_SUCCESS, net::OK, response);
234 return;
236 case kInvalidArgument:
237 ReportError(DM_STATUS_REQUEST_INVALID);
238 return;
239 case kInvalidAuthCookieOrDMToken:
240 ReportError(DM_STATUS_SERVICE_MANAGEMENT_TOKEN_INVALID);
241 return;
242 case kMissingLicenses:
243 ReportError(DM_STATUS_SERVICE_MISSING_LICENSES);
244 return;
245 case kDeviceManagementNotAllowed:
246 ReportError(DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED);
247 return;
248 case kPendingApproval:
249 ReportError(DM_STATUS_SERVICE_ACTIVATION_PENDING);
250 return;
251 case kInvalidURL:
252 case kInternalServerError:
253 case kServiceUnavailable:
254 ReportError(DM_STATUS_TEMPORARY_UNAVAILABLE);
255 return;
256 case kDeviceNotFound:
257 ReportError(DM_STATUS_SERVICE_DEVICE_NOT_FOUND);
258 return;
259 case kPolicyNotFound:
260 ReportError(DM_STATUS_SERVICE_POLICY_NOT_FOUND);
261 return;
262 case kInvalidSerialNumber:
263 ReportError(DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER);
264 return;
265 case kDomainMismatch:
266 ReportError(DM_STATUS_SERVICE_DOMAIN_MISMATCH);
267 return;
268 case kDeprovisioned:
269 ReportError(DM_STATUS_SERVICE_DEPROVISIONED);
270 return;
271 case kDeviceIdConflict:
272 ReportError(DM_STATUS_SERVICE_DEVICE_ID_CONFLICT);
273 return;
274 default:
275 // Handle all unknown 5xx HTTP error codes as temporary and any other
276 // unknown error as one that needs more time to recover.
277 if (response_code >= 500 && response_code <= 599)
278 ReportError(DM_STATUS_TEMPORARY_UNAVAILABLE);
279 else
280 ReportError(DM_STATUS_HTTP_STATUS_ERROR);
281 return;
285 GURL DeviceManagementRequestJobImpl::GetURL(
286 const std::string& server_url) {
287 std::string result(server_url);
288 result += '?';
289 for (ParameterMap::const_iterator entry(query_params_.begin());
290 entry != query_params_.end();
291 ++entry) {
292 if (entry != query_params_.begin())
293 result += '&';
294 result += net::EscapeQueryParamValue(entry->first, true);
295 result += '=';
296 result += net::EscapeQueryParamValue(entry->second, true);
298 return GURL(result);
301 void DeviceManagementRequestJobImpl::ConfigureRequest(
302 net::URLFetcher* fetcher) {
303 // TODO(dcheng): It might make sense to make this take a const
304 // scoped_refptr<T>& too eventually.
305 fetcher->SetRequestContext(request_context_.get());
306 fetcher->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
307 net::LOAD_DO_NOT_SAVE_COOKIES |
308 net::LOAD_DISABLE_CACHE |
309 (bypass_proxy_ ? net::LOAD_BYPASS_PROXY : 0));
310 std::string payload;
311 CHECK(request_.SerializeToString(&payload));
312 fetcher->SetUploadData(kPostContentType, payload);
313 std::string extra_headers;
314 if (!gaia_token_.empty())
315 extra_headers += kServiceTokenAuthHeader + gaia_token_ + "\n";
316 if (!dm_token_.empty())
317 extra_headers += kDMTokenAuthHeader + dm_token_ + "\n";
318 fetcher->SetExtraRequestHeaders(extra_headers);
321 bool DeviceManagementRequestJobImpl::ShouldRetry(
322 const net::URLFetcher* fetcher) {
323 if (FailedWithProxy(fetcher) && !bypass_proxy_) {
324 // Retry the job if it failed due to a broken proxy, by bypassing the
325 // proxy on the next try.
326 bypass_proxy_ = true;
327 return true;
330 // Early device policy fetches on ChromeOS and Auto-Enrollment checks are
331 // often interrupted during ChromeOS startup when network change notifications
332 // are sent. Allowing the fetcher to retry once after that is enough to
333 // recover; allow it to retry up to 3 times just in case.
334 if (fetcher->GetStatus().error() == net::ERR_NETWORK_CHANGED &&
335 retries_count_ < kMaxNetworkChangedRetries) {
336 ++retries_count_;
337 return true;
340 // The request didn't fail, or the limit of retry attempts has been reached;
341 // forward the result to the job owner.
342 return false;
345 void DeviceManagementRequestJobImpl::PrepareRetry() {
346 if (!retry_callback_.is_null())
347 retry_callback_.Run(this);
350 void DeviceManagementRequestJobImpl::ReportError(DeviceManagementStatus code) {
351 em::DeviceManagementResponse dummy_response;
352 callback_.Run(code, net::OK, dummy_response);
355 DeviceManagementRequestJob::~DeviceManagementRequestJob() {}
357 void DeviceManagementRequestJob::SetGaiaToken(const std::string& gaia_token) {
358 gaia_token_ = gaia_token;
361 void DeviceManagementRequestJob::SetOAuthToken(const std::string& oauth_token) {
362 AddParameter(dm_protocol::kParamOAuthToken, oauth_token);
365 void DeviceManagementRequestJob::SetDMToken(const std::string& dm_token) {
366 dm_token_ = dm_token;
369 void DeviceManagementRequestJob::SetClientID(const std::string& client_id) {
370 AddParameter(dm_protocol::kParamDeviceID, client_id);
373 em::DeviceManagementRequest* DeviceManagementRequestJob::GetRequest() {
374 return &request_;
377 DeviceManagementRequestJob::DeviceManagementRequestJob(
378 JobType type,
379 const std::string& agent_parameter,
380 const std::string& platform_parameter) {
381 AddParameter(dm_protocol::kParamRequest, JobTypeToRequestType(type));
382 AddParameter(dm_protocol::kParamDeviceType, dm_protocol::kValueDeviceType);
383 AddParameter(dm_protocol::kParamAppType, dm_protocol::kValueAppType);
384 AddParameter(dm_protocol::kParamAgent, agent_parameter);
385 AddParameter(dm_protocol::kParamPlatform, platform_parameter);
388 void DeviceManagementRequestJob::SetRetryCallback(
389 const RetryCallback& retry_callback) {
390 retry_callback_ = retry_callback;
393 void DeviceManagementRequestJob::Start(const Callback& callback) {
394 callback_ = callback;
395 Run();
398 void DeviceManagementRequestJob::AddParameter(const std::string& name,
399 const std::string& value) {
400 query_params_.push_back(std::make_pair(name, value));
403 // A random value that other fetchers won't likely use.
404 const int DeviceManagementService::kURLFetcherID = 0xde71ce1d;
406 DeviceManagementService::~DeviceManagementService() {
407 // All running jobs should have been cancelled by now.
408 DCHECK(pending_jobs_.empty());
409 DCHECK(queued_jobs_.empty());
412 DeviceManagementRequestJob* DeviceManagementService::CreateJob(
413 DeviceManagementRequestJob::JobType type,
414 const scoped_refptr<net::URLRequestContextGetter>& request_context) {
415 return new DeviceManagementRequestJobImpl(
416 type,
417 configuration_->GetAgentParameter(),
418 configuration_->GetPlatformParameter(),
419 this,
420 request_context);
423 void DeviceManagementService::ScheduleInitialization(int64 delay_milliseconds) {
424 if (initialized_)
425 return;
426 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
427 FROM_HERE, base::Bind(&DeviceManagementService::Initialize,
428 weak_ptr_factory_.GetWeakPtr()),
429 base::TimeDelta::FromMilliseconds(delay_milliseconds));
432 void DeviceManagementService::Initialize() {
433 if (initialized_)
434 return;
435 initialized_ = true;
437 while (!queued_jobs_.empty()) {
438 StartJob(queued_jobs_.front());
439 queued_jobs_.pop_front();
443 void DeviceManagementService::Shutdown() {
444 for (JobFetcherMap::iterator job(pending_jobs_.begin());
445 job != pending_jobs_.end();
446 ++job) {
447 delete job->first;
448 queued_jobs_.push_back(job->second);
450 pending_jobs_.clear();
453 DeviceManagementService::DeviceManagementService(
454 scoped_ptr<Configuration> configuration)
455 : configuration_(configuration.Pass()),
456 initialized_(false),
457 weak_ptr_factory_(this) {
458 DCHECK(configuration_);
461 void DeviceManagementService::StartJob(DeviceManagementRequestJobImpl* job) {
462 std::string server_url = GetServerUrl();
463 net::URLFetcher* fetcher =
464 net::URLFetcher::Create(kURLFetcherID, job->GetURL(server_url),
465 net::URLFetcher::POST, this).release();
466 job->ConfigureRequest(fetcher);
467 pending_jobs_[fetcher] = job;
468 fetcher->Start();
471 std::string DeviceManagementService::GetServerUrl() {
472 return configuration_->GetServerUrl();
475 void DeviceManagementService::OnURLFetchComplete(
476 const net::URLFetcher* source) {
477 JobFetcherMap::iterator entry(pending_jobs_.find(source));
478 if (entry == pending_jobs_.end()) {
479 NOTREACHED() << "Callback from foreign URL fetcher";
480 return;
483 DeviceManagementRequestJobImpl* job = entry->second;
484 pending_jobs_.erase(entry);
486 if (job->ShouldRetry(source)) {
487 VLOG(1) << "Retrying dmserver request.";
488 job->PrepareRetry();
489 StartJob(job);
490 } else {
491 std::string data;
492 source->GetResponseAsString(&data);
493 job->HandleResponse(source->GetStatus(), source->GetResponseCode(),
494 source->GetCookies(), data);
496 delete source;
499 void DeviceManagementService::AddJob(DeviceManagementRequestJobImpl* job) {
500 if (initialized_)
501 StartJob(job);
502 else
503 queued_jobs_.push_back(job);
506 void DeviceManagementService::RemoveJob(DeviceManagementRequestJobImpl* job) {
507 for (JobFetcherMap::iterator entry(pending_jobs_.begin());
508 entry != pending_jobs_.end();
509 ++entry) {
510 if (entry->second == job) {
511 delete entry->first;
512 pending_jobs_.erase(entry);
513 return;
517 const JobQueue::iterator elem =
518 std::find(queued_jobs_.begin(), queued_jobs_.end(), job);
519 if (elem != queued_jobs_.end())
520 queued_jobs_.erase(elem);
523 } // namespace policy