1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_CREATION_CONTROLLER_NEW_H_
6#define CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_CREATION_CONTROLLER_NEW_H_
7
8#include <string>
9
10#include "base/files/file_path.h"
11#include "base/memory/scoped_ptr.h"
12#include "base/memory/weak_ptr.h"
13#include "base/strings/string16.h"
14#include "base/timer/timer.h"
15#include "base/values.h"
16#include "chrome/browser/chromeos/login/supervised/supervised_user_creation_controller.h"
17#include "chrome/browser/supervised_user/supervised_user_registration_utility.h"
18#include "chromeos/login/auth/extended_authenticator.h"
19
20class Profile;
21
22namespace chromeos {
23
24class UserContext;
25
26// Supervised user creation process:
27// 0. Manager is logged in
28// 1. Generate ID for new supervised user
29// 2. Start "transaction" in Local State.
30// 3, Generate keys for user : master key, salt, encryption and signature keys.
31// 4. Create local cryptohome (errors could arise)
32// 5. Create user in cloud (errors could arise)
33// 6. Store cloud token in cryptohome (actually, error could arise).
34// 7. Mark "transaction" as completed.
35// 8. End manager session.
36class SupervisedUserCreationControllerNew
37    : public SupervisedUserCreationController,
38      public ExtendedAuthenticator::NewAuthStatusConsumer {
39 public:
40  // All UI initialization is deferred till Init() call.
41  // |Consumer| is not owned by controller, and it is expected that it wouldn't
42  // be deleted before SupervisedUserCreationControllerNew.
43  SupervisedUserCreationControllerNew(StatusConsumer* consumer,
44                                      const std::string& manager_id);
45  virtual ~SupervisedUserCreationControllerNew();
46
47  // Returns the current supervised user controller if it has been created.
48  static SupervisedUserCreationControllerNew* current_controller() {
49    return current_controller_;
50  }
51
52  // Set up controller for creating new supervised user with |display_name|,
53  // |password| and avatar indexed by |avatar_index|. StartCreation() have to
54  // be called to actually start creating user.
55  virtual void StartCreation(const base::string16& display_name,
56                             const std::string& password,
57                             int avatar_index) OVERRIDE;
58
59  // Starts import of the supervised users created prior to M35. They lack
60  // information about password.
61  // Configures and initiates importing existing supervised user to this device.
62  // Existing user is identified by |sync_id|, has |display_name|, |password|,
63  // |avatar_index|. The master key for cryptohome is a |master_key|.
64  virtual void StartImport(const base::string16& display_name,
65                           const std::string& password,
66                           int avatar_index,
67                           const std::string& sync_id,
68                           const std::string& master_key) OVERRIDE;
69
70  // Configures and initiates importing existing supervised user to this device.
71  // Existing user is identified by |sync_id|, has |display_name|,
72  // |avatar_index|. The master key for cryptohome is a |master_key|. The user
73  // has password specified in |password_data| and
74  // |encryption_key|/|signature_key| for cryptohome.
75  virtual void StartImport(const base::string16& display_name,
76                           int avatar_index,
77                           const std::string& sync_id,
78                           const std::string& master_key,
79                           const base::DictionaryValue* password_data,
80                           const std::string& encryption_key,
81                           const std::string& signature_key) OVERRIDE;
82
83  virtual void SetManagerProfile(Profile* manager_profile) OVERRIDE;
84  virtual Profile* GetManagerProfile() OVERRIDE;
85
86  virtual void CancelCreation() OVERRIDE;
87  virtual void FinishCreation() OVERRIDE;
88  virtual std::string GetSupervisedUserId() OVERRIDE;
89
90 private:
91  enum Stage {
92    // Just initial stage.
93    STAGE_INITIAL,
94
95    // Creation attempt is recoreded to allow cleanup in case of failure.
96    TRANSACTION_STARTED,
97    // Different keys are generated and public ones are stored in LocalState.
98    KEYS_GENERATED,
99    // Home directory is created with all necessary passwords.
100    CRYPTOHOME_CREATED,
101    // All user-related information is confirmed to exist on server.
102    DASHBOARD_CREATED,
103    // Managed user's sync token is written.
104    TOKEN_WRITTEN,
105    // Managed user is succesfully created.
106    TRANSACTION_COMMITTED,
107    // Some error happened while creating supervised user.
108    STAGE_ERROR,
109  };
110
111  // Indicates if we create new user, or import an existing one.
112  enum CreationType { NEW_USER, USER_IMPORT_OLD, USER_IMPORT_NEW, };
113
114  // Contains information necessary for new user creation.
115  struct UserCreationContext {
116    UserCreationContext();
117    ~UserCreationContext();
118
119    base::string16 display_name;
120    int avatar_index;
121
122    std::string manager_id;
123
124    std::string local_user_id;  // Used to identify cryptohome.
125    std::string sync_user_id;   // Used to identify user in manager's sync data.
126
127    // Keys:
128    std::string master_key;       // Random string
129    std::string signature_key;    // 256 bit HMAC key
130    std::string encryption_key;   // 256 bit HMAC key
131    std::string salted_password;  // Hash(salt + Hash(password))
132
133    std::string password;
134
135    std::string salted_master_key;  // Hash(system salt + master key)
136    std::string mount_hash;
137
138    std::string token;
139
140    CreationType creation_type;
141
142    base::DictionaryValue password_data;
143
144    Profile* manager_profile;
145    scoped_ptr<SupervisedUserRegistrationUtility> registration_utility;
146  };
147
148  // SupervisedUserAuthenticator::StatusConsumer overrides.
149  virtual void OnAuthenticationFailure(ExtendedAuthenticator::AuthState error)
150      OVERRIDE;
151
152  // Authenticator success callbacks.
153  void OnMountSuccess(const std::string& mount_hash);
154  void OnAddKeySuccess();
155  void OnKeyTransformedIfNeeded(const UserContext& user_context);
156
157  void StartCreationImpl();
158
159  // Guard timer callback.
160  void CreationTimedOut();
161  // SupervisedUserRegistrationUtility callback.
162  void RegistrationCallback(const GoogleServiceAuthError& error,
163                            const std::string& token);
164
165  // Completion callback for StoreSupervisedUserFiles method.
166  // Called on the UI thread.
167  void OnSupervisedUserFilesStored(bool success);
168
169  // Pointer to the current instance of the controller to be used by
170  // automation tests.
171  static SupervisedUserCreationControllerNew* current_controller_;
172
173  // Current stage of user creation.
174  Stage stage_;
175
176  // Authenticator used for user creation.
177  scoped_refptr<ExtendedAuthenticator> authenticator_;
178
179  // Creation context. Not null while creating new LMU.
180  scoped_ptr<UserCreationContext> creation_context_;
181
182  // Timer for showing warning if creation process takes too long.
183  base::OneShotTimer<SupervisedUserCreationControllerNew> timeout_timer_;
184
185  // Factory of callbacks.
186  base::WeakPtrFactory<SupervisedUserCreationControllerNew> weak_factory_;
187
188  DISALLOW_COPY_AND_ASSIGN(SupervisedUserCreationControllerNew);
189};
190
191}  // namespace chromeos
192
193#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SUPERVISED_SUPERVISED_USER_CREATION_CONTROLLER_NEW_H_
194