consumer_management_service.h revision 1320f92c476a1ad9d19dba2a48c72b75566198e9 
1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_
7
8#include <string>
9
10#include "base/callback_forward.h"
11#include "base/compiler_specific.h"
12#include "base/macros.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/memory/weak_ptr.h"
15#include "base/observer_list.h"
16#include "base/strings/string16.h"
17#include "chrome/browser/chromeos/settings/device_settings_service.h"
18#include "chromeos/dbus/dbus_method_call_status.h"
19#include "content/public/browser/notification_observer.h"
20#include "content/public/browser/notification_registrar.h"
21#include "google_apis/gaia/oauth2_token_service.h"
22
23class PrefRegistrySimple;
24class Profile;
25
26namespace chromeos {
27class CryptohomeClient;
28}
29
30namespace cryptohome {
31class BaseReply;
32}
33
34namespace policy {
35
36class EnrollmentStatus;
37
38// The consumer management service handles several things:
39//
40// 1. The consumer enrollment state: The consumer enrollment state is an enum
41//    value stored in local state to pass the information across reboots and
42//    between components, including settings page, sign-in screen, and user
43//    notification.
44//
45// 2. Boot lockbox owner ID: Unlike the owner ID in CrosSettings, the owner ID
46//    stored in the boot lockbox can only be modified after reboot and before
47//    the first session starts. It is guaranteed that if the device is consumer
48//    managed, the owner ID in the boot lockbox will be available, but not the
49//    other way.
50//
51// 3. Consumer management enrollment process: The service kicks off the last
52//    part of the consumer management enrollment process after the owner ID is
53//    stored in the boot lockbox and the owner signs in.
54class ConsumerManagementService
55    : public chromeos::DeviceSettingsService::Observer,
56      public content::NotificationObserver,
57      public OAuth2TokenService::Consumer,
58      public OAuth2TokenService::Observer {
59 public:
60  // The status indicates if the device is enrolled, or if enrollment or
61  // unenrollment is in progress. If you want to add a value here, please also
62  // update |kStatusString| in the .cc file, and |ConsumerManagementStatus| in
63  // chrome/browser/resources/options/chromeos/consumer_management_overlay.js
64  enum Status {
65    // The status is currently unavailable.
66    STATUS_UNKNOWN = 0,
67
68    STATUS_ENROLLED,
69    STATUS_ENROLLING,
70    STATUS_UNENROLLED,
71    STATUS_UNENROLLING,
72
73    // This should always be the last one.
74    STATUS_LAST,
75  };
76
77  // Indicating which stage the enrollment process is in.
78  enum EnrollmentStage {
79    // Not enrolled, or enrollment is completed.
80    ENROLLMENT_STAGE_NONE = 0,
81    // Enrollment is requested by the owner.
82    ENROLLMENT_STAGE_REQUESTED,
83    // The owner ID is stored in the boot lockbox.
84    ENROLLMENT_STAGE_OWNER_STORED,
85    // Success. The notification is not sent yet.
86    ENROLLMENT_STAGE_SUCCESS,
87
88    // Error stages.
89    // Canceled by the user.
90    ENROLLMENT_STAGE_CANCELED,
91    // Failed to write to the boot lockbox.
92    ENROLLMENT_STAGE_BOOT_LOCKBOX_FAILED,
93    // Failed to get the access token.
94    ENROLLMENT_STAGE_GET_TOKEN_FAILED,
95    // Failed to register the device.
96    ENROLLMENT_STAGE_DM_SERVER_FAILED,
97
98    // This should always be the last one.
99    ENROLLMENT_STAGE_LAST,
100  };
101
102  class Observer {
103   public:
104    // Called when the status changes.
105    virtual void OnConsumerManagementStatusChanged() = 0;
106  };
107
108  // GetOwner() invokes this with an argument set to the owner user ID,
109  // or an empty string on failure.
110  typedef base::Callback<void(const std::string&)> GetOwnerCallback;
111
112  // SetOwner() invokes this with an argument indicating success or failure.
113  typedef base::Callback<void(bool)> SetOwnerCallback;
114
115  // |client| and |device_settings_service| should outlive this object.
116  ConsumerManagementService(
117      chromeos::CryptohomeClient* client,
118      chromeos::DeviceSettingsService* device_settings_service);
119
120  virtual ~ConsumerManagementService();
121
122  // Registers prefs.
123  static void RegisterPrefs(PrefRegistrySimple* registry);
124
125  void AddObserver(Observer* observer);
126  void RemoveObserver(Observer* observer);
127
128  // Returns the status.
129  Status GetStatus() const;
130
131  // Returns the string value of the status.
132  std::string GetStatusString() const;
133
134  // Returns the enrollment stage.
135  EnrollmentStage GetEnrollmentStage() const;
136
137  // Sets the enrollment stage.
138  void SetEnrollmentStage(EnrollmentStage stage);
139
140  // Returns the device owner stored in the boot lockbox via |callback|.
141  void GetOwner(const GetOwnerCallback& callback);
142
143  // Stores the device owner user ID into the boot lockbox and signs it.
144  // |callback| is invoked with an agument indicating success or failure.
145  void SetOwner(const std::string& user_id, const SetOwnerCallback& callback);
146
147  // chromeos::DeviceSettingsService::Observer:
148  virtual void OwnershipStatusChanged() OVERRIDE;
149  virtual void DeviceSettingsUpdated() OVERRIDE;
150
151  // content::NotificationObserver implmentation.
152  virtual void Observe(int type,
153                       const content::NotificationSource& source,
154                       const content::NotificationDetails& details) OVERRIDE;
155
156  // OAuth2TokenService::Observer:
157  virtual void OnRefreshTokenAvailable(const std::string& account_id) OVERRIDE;
158
159  // OAuth2TokenService::Consumer:
160  virtual void OnGetTokenSuccess(
161      const OAuth2TokenService::Request* request,
162      const std::string& access_token,
163      const base::Time& expiration_time) OVERRIDE;
164  virtual void OnGetTokenFailure(
165      const OAuth2TokenService::Request* request,
166      const GoogleServiceAuthError& error) OVERRIDE;
167
168  OAuth2TokenService::Request* GetTokenRequestForTesting() {
169    return token_request_.get();
170  }
171
172 private:
173  void OnGetBootAttributeDone(
174      const GetOwnerCallback& callback,
175      chromeos::DBusMethodCallStatus call_status,
176      bool dbus_success,
177      const cryptohome::BaseReply& reply);
178
179  void OnSetBootAttributeDone(const SetOwnerCallback& callback,
180                              chromeos::DBusMethodCallStatus call_status,
181                              bool dbus_success,
182                              const cryptohome::BaseReply& reply);
183
184  void OnFlushAndSignBootAttributesDone(
185      const SetOwnerCallback& callback,
186      chromeos::DBusMethodCallStatus call_status,
187      bool dbus_success,
188      const cryptohome::BaseReply& reply);
189
190  // Called when the owner signs in.
191  void OnOwnerSignin(Profile* profile);
192
193  // Continues the enrollment process after the owner ID is stored into the boot
194  // lockbox and the owner signs in.
195  void ContinueEnrollmentProcess(Profile* profile);
196
197  // Called when the owner's refresh token is available.
198  void OnOwnerRefreshTokenAvailable();
199
200  // Called when the owner's access token for device management is available.
201  void OnOwnerAccessTokenAvailable(const std::string& access_token);
202
203  // Called upon the completion of the enrollment process.
204  void OnEnrollmentCompleted(EnrollmentStatus status);
205
206  // Ends the enrollment process and shows a desktop notification if the
207  // current user is the owner.
208  void EndEnrollment(EnrollmentStage stage);
209
210  // Shows a desktop notification and resets the enrollment stage.
211  void ShowDesktopNotificationAndResetStage(
212      EnrollmentStage stage,
213      Profile* profile);
214
215  // Opens the settings page.
216  void OpenSettingsPage(Profile* profile) const;
217
218  // Opens the enrollment confirmation dialog in the settings page.
219  void TryEnrollmentAgain(Profile* profile) const;
220
221  void NotifyStatusChanged();
222
223  chromeos::CryptohomeClient* client_;
224  chromeos::DeviceSettingsService* device_settings_service_;
225
226  Profile* enrolling_profile_;
227  scoped_ptr<OAuth2TokenService::Request> token_request_;
228  content::NotificationRegistrar registrar_;
229  ObserverList<Observer, true> observers_;
230  base::WeakPtrFactory<ConsumerManagementService> weak_ptr_factory_;
231
232  DISALLOW_COPY_AND_ASSIGN(ConsumerManagementService);
233};
234
235}  // namespace policy
236
237#endif  // CHROME_BROWSER_CHROMEOS_POLICY_CONSUMER_MANAGEMENT_SERVICE_H_
238