Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / auto_enrollment_client.h
blobb2140795beaf104a9b7c91b90685e5c2d1fb3fe8
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_AUTO_ENROLLMENT_CLIENT_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_AUTO_ENROLLMENT_CLIENT_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/compiler_specific.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/time/time.h"
15 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
16 #include "net/base/network_change_notifier.h"
17 #include "third_party/protobuf/src/google/protobuf/repeated_field.h"
19 class PrefRegistrySimple;
20 class PrefService;
22 namespace enterprise_management {
23 class DeviceManagementResponse;
26 namespace net {
27 class URLRequestContextGetter;
30 namespace policy {
32 class DeviceManagementRequestJob;
33 class DeviceManagementService;
35 // Indicates the current state of the auto-enrollment check.
36 enum AutoEnrollmentState {
37 // Not yet started.
38 AUTO_ENROLLMENT_STATE_IDLE,
39 // Working, another event will be fired eventually.
40 AUTO_ENROLLMENT_STATE_PENDING,
41 // Failed to connect to DMServer.
42 AUTO_ENROLLMENT_STATE_CONNECTION_ERROR,
43 // Connection successful, but the server failed to generate a valid reply.
44 AUTO_ENROLLMENT_STATE_SERVER_ERROR,
45 // Check completed successfully, enrollment should be triggered.
46 AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT,
47 // Check completed successfully, enrollment not applicable.
48 AUTO_ENROLLMENT_STATE_NO_ENROLLMENT,
51 // Interacts with the device management service and determines whether this
52 // machine should automatically enter the Enterprise Enrollment screen during
53 // OOBE.
54 class AutoEnrollmentClient
55 : public net::NetworkChangeNotifier::NetworkChangeObserver {
56 public:
57 // The modulus value is sent in an int64 field in the protobuf, whose maximum
58 // value is 2^63-1. So 2^64 and 2^63 can't be represented as moduli and the
59 // max is 2^62 (when the moduli are restricted to powers-of-2).
60 static const int kMaximumPower = 62;
62 // Used for signaling progress to a consumer.
63 typedef base::Callback<void(AutoEnrollmentState)> ProgressCallback;
65 // |progress_callback| will be invoked whenever some significant event happens
66 // as part of the protocol, after Start() is invoked.
67 // The result of the protocol will be cached in |local_state|.
68 // |power_initial| and |power_limit| are exponents of power-of-2 values which
69 // will be the initial modulus and the maximum modulus used by this client.
70 AutoEnrollmentClient(
71 const ProgressCallback& progress_callback,
72 DeviceManagementService* device_management_service,
73 PrefService* local_state,
74 scoped_refptr<net::URLRequestContextGetter> system_request_context,
75 const std::string& server_backed_state_key,
76 int power_initial,
77 int power_limit);
78 ~AutoEnrollmentClient() override;
80 // Registers preferences in local state.
81 static void RegisterPrefs(PrefRegistrySimple* registry);
83 // Starts the auto-enrollment check protocol with the device management
84 // service. Subsequent calls drop any previous requests. Notice that this
85 // call can invoke the |progress_callback_| if errors occur.
86 void Start();
88 // Triggers a retry of the currently pending step. This is intended to be
89 // called by consumers when they become aware of environment changes (such as
90 // captive portal setup being complete).
91 void Retry();
93 // Cancels any pending requests. |progress_callback_| will not be invoked.
94 // |this| will delete itself.
95 void CancelAndDeleteSoon();
97 // Returns the device_id randomly generated for the auto-enrollment requests.
98 // It can be reused for subsequent requests to the device management service.
99 std::string device_id() const { return device_id_; }
101 // Current state.
102 AutoEnrollmentState state() const { return state_; }
104 // Implementation of net::NetworkChangeNotifier::NetworkChangeObserver:
105 void OnNetworkChanged(
106 net::NetworkChangeNotifier::ConnectionType type) override;
108 private:
109 typedef bool (AutoEnrollmentClient::*RequestCompletionHandler)(
110 DeviceManagementStatus,
111 int,
112 const enterprise_management::DeviceManagementResponse&);
114 // Tries to load the result of a previous execution of the protocol from
115 // local state. Returns true if that decision has been made and is valid.
116 bool GetCachedDecision();
118 // Kicks protocol processing, restarting the current step if applicable.
119 // Returns true if progress has been made, false if the protocol is done.
120 bool RetryStep();
122 // Cleans up and invokes |progress_callback_|.
123 void ReportProgress(AutoEnrollmentState state);
125 // Calls RetryStep() to make progress or determine that all is done. In the
126 // latter case, calls ReportProgress().
127 void NextStep();
129 // Sends an auto-enrollment check request to the device management service.
130 void SendBucketDownloadRequest();
132 // Sends a device state download request to the device management service.
133 void SendDeviceStateRequest();
135 // Runs the response handler for device management requests and calls
136 // NextStep().
137 void HandleRequestCompletion(
138 RequestCompletionHandler handler,
139 DeviceManagementStatus status,
140 int net_error,
141 const enterprise_management::DeviceManagementResponse& response);
143 // Parses the server response to a bucket download request.
144 bool OnBucketDownloadRequestCompletion(
145 DeviceManagementStatus status,
146 int net_error,
147 const enterprise_management::DeviceManagementResponse& response);
149 // Parses the server response to a device state request.
150 bool OnDeviceStateRequestCompletion(
151 DeviceManagementStatus status,
152 int net_error,
153 const enterprise_management::DeviceManagementResponse& response);
155 // Returns true if |server_backed_state_key_hash_| is contained in |hashes|.
156 bool IsIdHashInProtobuf(
157 const google::protobuf::RepeatedPtrField<std::string>& hashes);
159 // Updates UMA histograms for bucket download timings.
160 void UpdateBucketDownloadTimingHistograms();
162 // Callback to invoke when the protocol generates a relevant event. This can
163 // be either successful completion or an error that requires external action.
164 ProgressCallback progress_callback_;
166 // Current state.
167 AutoEnrollmentState state_;
169 // Whether the hash bucket check succeeded, indicating that the server knows
170 // this device and might have keep state for it.
171 bool has_server_state_;
173 // Whether the download of server-kept device state completed successfully.
174 bool device_state_available_;
176 // Randomly generated device id for the auto-enrollment requests.
177 std::string device_id_;
179 // Stable state key and its SHA-256 digest.
180 std::string server_backed_state_key_;
181 std::string server_backed_state_key_hash_;
183 // Power-of-2 modulus to try next.
184 int current_power_;
186 // Power of the maximum power-of-2 modulus that this client will accept from
187 // a retry response from the server.
188 int power_limit_;
190 // Number of requests for a different modulus received from the server.
191 // Used to determine if the server keeps asking for different moduli.
192 int modulus_updates_received_;
194 // Used to communicate with the device management service.
195 DeviceManagementService* device_management_service_;
196 scoped_ptr<DeviceManagementRequestJob> request_job_;
198 // PrefService where the protocol's results are cached.
199 PrefService* local_state_;
201 // The request context to use to perform the auto enrollment request.
202 scoped_refptr<net::URLRequestContextGetter> request_context_;
204 // Times used to determine the duration of the protocol, and the extra time
205 // needed to complete after the signin was complete.
206 // If |time_start_| is not null, the protocol is still running.
207 // If |time_extra_start_| is not null, the protocol is still running but our
208 // owner has relinquished ownership.
209 base::Time time_start_;
210 base::Time time_extra_start_;
212 DISALLOW_COPY_AND_ASSIGN(AutoEnrollmentClient);
215 } // namespace policy
217 #endif // CHROME_BROWSER_CHROMEOS_POLICY_AUTO_ENROLLMENT_CLIENT_H_