device_cloud_policy_store_chromeos.cc revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 6 7#include "base/bind.h" 8#include "base/sequenced_task_runner.h" 9#include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h" 10#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" 11#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 12#include "policy/proto/device_management_backend.pb.h" 13 14namespace em = enterprise_management; 15 16namespace policy { 17 18DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS( 19 chromeos::DeviceSettingsService* device_settings_service, 20 EnterpriseInstallAttributes* install_attributes, 21 scoped_refptr<base::SequencedTaskRunner> background_task_runner) 22 : device_settings_service_(device_settings_service), 23 install_attributes_(install_attributes), 24 background_task_runner_(background_task_runner), 25 weak_factory_(this) { 26 device_settings_service_->AddObserver(this); 27} 28 29DeviceCloudPolicyStoreChromeOS::~DeviceCloudPolicyStoreChromeOS() { 30 device_settings_service_->RemoveObserver(this); 31} 32 33void DeviceCloudPolicyStoreChromeOS::Store( 34 const em::PolicyFetchResponse& policy) { 35 // Cancel all pending requests. 36 weak_factory_.InvalidateWeakPtrs(); 37 38 scoped_refptr<chromeos::OwnerKey> owner_key( 39 device_settings_service_->GetOwnerKey()); 40 if (!install_attributes_->IsEnterpriseDevice() || 41 !device_settings_service_->policy_data() || !owner_key.get() || 42 !owner_key->public_key()) { 43 status_ = STATUS_BAD_STATE; 44 NotifyStoreError(); 45 return; 46 } 47 48 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); 49 validator->ValidateSignature(owner_key->public_key_as_string(), 50 GetPolicyVerificationKey(), 51 install_attributes_->GetDomain(), 52 true); 53 validator->ValidateAgainstCurrentPolicy( 54 device_settings_service_->policy_data(), 55 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, 56 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); 57 validator.release()->StartValidation( 58 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, 59 weak_factory_.GetWeakPtr())); 60} 61 62void DeviceCloudPolicyStoreChromeOS::Load() { 63 device_settings_service_->Load(); 64} 65 66void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy( 67 const em::PolicyFetchResponse& policy) { 68 // Cancel all pending requests. 69 weak_factory_.InvalidateWeakPtrs(); 70 71 if (!install_attributes_->IsEnterpriseDevice() && 72 device_settings_service_->status() != 73 chromeos::DeviceSettingsService::STORE_NO_POLICY) { 74 status_ = STATUS_BAD_STATE; 75 NotifyStoreError(); 76 return; 77 } 78 79 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy)); 80 validator->ValidateInitialKey(GetPolicyVerificationKey(), 81 install_attributes_->GetDomain()); 82 validator.release()->StartValidation( 83 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated, 84 weak_factory_.GetWeakPtr())); 85} 86 87void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() { 88 // Nothing to do. 89} 90 91void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() { 92 if (!weak_factory_.HasWeakPtrs()) 93 UpdateFromService(); 94} 95 96scoped_ptr<DeviceCloudPolicyValidator> 97 DeviceCloudPolicyStoreChromeOS::CreateValidator( 98 const em::PolicyFetchResponse& policy) { 99 scoped_ptr<DeviceCloudPolicyValidator> validator( 100 DeviceCloudPolicyValidator::Create( 101 scoped_ptr<em::PolicyFetchResponse>( 102 new em::PolicyFetchResponse(policy)), 103 background_task_runner_)); 104 validator->ValidateDomain(install_attributes_->GetDomain()); 105 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); 106 validator->ValidatePayload(); 107 return validator.Pass(); 108} 109 110void DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated( 111 DeviceCloudPolicyValidator* validator) { 112 if (!validator->success()) { 113 status_ = STATUS_VALIDATION_ERROR; 114 validation_status_ = validator->status(); 115 NotifyStoreError(); 116 return; 117 } 118 119 device_settings_service_->Store( 120 validator->policy().Pass(), 121 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyStored, 122 weak_factory_.GetWeakPtr())); 123} 124 125void DeviceCloudPolicyStoreChromeOS::OnPolicyStored() { 126 UpdateFromService(); 127} 128 129void DeviceCloudPolicyStoreChromeOS::UpdateFromService() { 130 if (!install_attributes_->IsEnterpriseDevice()) { 131 status_ = STATUS_BAD_STATE; 132 NotifyStoreError(); 133 return; 134 } 135 136 switch (device_settings_service_->status()) { 137 case chromeos::DeviceSettingsService::STORE_SUCCESS: { 138 status_ = STATUS_OK; 139 policy_.reset(new em::PolicyData()); 140 if (device_settings_service_->policy_data()) 141 policy_->MergeFrom(*device_settings_service_->policy_data()); 142 143 PolicyMap new_policy_map; 144 if (is_managed()) { 145 DecodeDevicePolicy(*device_settings_service_->device_settings(), 146 &new_policy_map, install_attributes_); 147 } 148 policy_map_.Swap(&new_policy_map); 149 150 NotifyStoreLoaded(); 151 return; 152 } 153 case chromeos::DeviceSettingsService::STORE_KEY_UNAVAILABLE: 154 status_ = STATUS_BAD_STATE; 155 break; 156 case chromeos::DeviceSettingsService::STORE_POLICY_ERROR: 157 case chromeos::DeviceSettingsService::STORE_OPERATION_FAILED: 158 status_ = STATUS_STORE_ERROR; 159 break; 160 case chromeos::DeviceSettingsService::STORE_NO_POLICY: 161 case chromeos::DeviceSettingsService::STORE_INVALID_POLICY: 162 case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: 163 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR: 164 status_ = STATUS_LOAD_ERROR; 165 break; 166 } 167 168 NotifyStoreError(); 169} 170 171} // namespace policy 172