device_cloud_policy_store_chromeos.cc revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
6
7#include "base/bind.h"
8#include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
9#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
10#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
11#include "chrome/browser/policy/cloud/proto/device_management_backend.pb.h"
12
13namespace em = enterprise_management;
14
15namespace policy {
16
17DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS(
18    chromeos::DeviceSettingsService* device_settings_service,
19    EnterpriseInstallAttributes* install_attributes)
20    : device_settings_service_(device_settings_service),
21      install_attributes_(install_attributes),
22      ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) {
23  device_settings_service_->AddObserver(this);
24}
25
26DeviceCloudPolicyStoreChromeOS::~DeviceCloudPolicyStoreChromeOS() {
27  device_settings_service_->RemoveObserver(this);
28}
29
30void DeviceCloudPolicyStoreChromeOS::Store(
31    const em::PolicyFetchResponse& policy) {
32  // Cancel all pending requests.
33  weak_factory_.InvalidateWeakPtrs();
34
35  scoped_refptr<chromeos::OwnerKey> owner_key(
36      device_settings_service_->GetOwnerKey());
37  if (!install_attributes_->IsEnterpriseDevice() ||
38      !device_settings_service_->policy_data() ||
39      !owner_key || !owner_key->public_key()) {
40    status_ = STATUS_BAD_STATE;
41    NotifyStoreError();
42    return;
43  }
44
45  scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy));
46  validator->ValidateSignature(*owner_key->public_key(), true);
47  validator->ValidateAgainstCurrentPolicy(
48      device_settings_service_->policy_data(),
49      CloudPolicyValidatorBase::TIMESTAMP_REQUIRED,
50      CloudPolicyValidatorBase::DM_TOKEN_REQUIRED);
51  validator.release()->StartValidation(
52      base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
53                 weak_factory_.GetWeakPtr()));
54}
55
56void DeviceCloudPolicyStoreChromeOS::Load() {
57  device_settings_service_->Load();
58}
59
60void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy(
61    const em::PolicyFetchResponse& policy) {
62  // Cancel all pending requests.
63  weak_factory_.InvalidateWeakPtrs();
64
65  if (!install_attributes_->IsEnterpriseDevice() &&
66      device_settings_service_->status() !=
67          chromeos::DeviceSettingsService::STORE_NO_POLICY) {
68    status_ = STATUS_BAD_STATE;
69    NotifyStoreError();
70    return;
71  }
72
73  scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy));
74  validator->ValidateInitialKey();
75  validator.release()->StartValidation(
76      base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
77                 weak_factory_.GetWeakPtr()));
78}
79
80void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() {
81  // Nothing to do.
82}
83
84void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() {
85  if (!weak_factory_.HasWeakPtrs())
86    UpdateFromService();
87}
88
89scoped_ptr<DeviceCloudPolicyValidator>
90    DeviceCloudPolicyStoreChromeOS::CreateValidator(
91        const em::PolicyFetchResponse& policy) {
92  scoped_ptr<DeviceCloudPolicyValidator> validator(
93      DeviceCloudPolicyValidator::Create(
94          scoped_ptr<em::PolicyFetchResponse>(
95              new em::PolicyFetchResponse(policy))));
96  validator->ValidateDomain(install_attributes_->GetDomain());
97  validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType);
98  validator->ValidatePayload();
99  return validator.Pass();
100}
101
102void DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated(
103    DeviceCloudPolicyValidator* validator) {
104  if (!validator->success()) {
105    status_ = STATUS_VALIDATION_ERROR;
106    validation_status_ = validator->status();
107    NotifyStoreError();
108    return;
109  }
110
111  device_settings_service_->Store(
112      validator->policy().Pass(),
113      base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyStored,
114                 weak_factory_.GetWeakPtr()));
115}
116
117void DeviceCloudPolicyStoreChromeOS::OnPolicyStored() {
118  UpdateFromService();
119}
120
121void DeviceCloudPolicyStoreChromeOS::UpdateFromService() {
122  if (!install_attributes_->IsEnterpriseDevice()) {
123    status_ = STATUS_BAD_STATE;
124    NotifyStoreError();
125    return;
126  }
127
128  switch (device_settings_service_->status()) {
129    case chromeos::DeviceSettingsService::STORE_SUCCESS: {
130      status_ = STATUS_OK;
131      policy_.reset(new em::PolicyData());
132      if (device_settings_service_->policy_data())
133        policy_->MergeFrom(*device_settings_service_->policy_data());
134
135      PolicyMap new_policy_map;
136      if (is_managed()) {
137        DecodeDevicePolicy(*device_settings_service_->device_settings(),
138                           &new_policy_map, install_attributes_);
139      }
140      policy_map_.Swap(&new_policy_map);
141
142      NotifyStoreLoaded();
143      return;
144    }
145    case chromeos::DeviceSettingsService::STORE_KEY_UNAVAILABLE:
146      status_ = STATUS_BAD_STATE;
147      break;
148    case chromeos::DeviceSettingsService::STORE_POLICY_ERROR:
149    case chromeos::DeviceSettingsService::STORE_OPERATION_FAILED:
150      status_ = STATUS_STORE_ERROR;
151      break;
152    case chromeos::DeviceSettingsService::STORE_NO_POLICY:
153    case chromeos::DeviceSettingsService::STORE_INVALID_POLICY:
154    case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR:
155    case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR:
156      status_ = STATUS_LOAD_ERROR;
157      break;
158  }
159
160  NotifyStoreError();
161}
162
163}  // namespace policy
164