enrollment_handler_chromeos.cc revision 010d83a9304c5a91596085d917d248abff47903a
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/bind.h" 8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/command_line.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/logging.h" 109ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/browser_process.h" 12010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" 132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h" 17f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chromeos/chromeos_switches.h" 18a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_constants.h" 19c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "google_apis/gaia/gaia_urls.h" 201e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)#include "net/http/http_status_code.h" 21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "policy/proto/device_management_backend.pb.h" 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace em = enterprise_management; 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace policy { 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Retry for InstallAttrs initialization every 500ms. 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const int kLockRetryIntervalMs = 500; 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Maximum time to retry InstallAttrs initialization before we give up. 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const int kLockRetryTimeoutMs = 10 * 60 * 1000; // 10 minutes. 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Testing token used when the enrollment-skip-robot-auth is set to skip talking 35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// to GAIA for an actual token. This is needed to be able to run against the 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// testing DMServer implementations. 37f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)const char kTestingRobotToken[] = "test-token"; 38f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)EnrollmentHandlerChromeOS::EnrollmentHandlerChromeOS( 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceCloudPolicyStoreChromeOS* store, 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnterpriseInstallAttributes* install_attributes, 44010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) ServerBackedStateKeysBroker* state_keys_broker, 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<CloudPolicyClient> client, 468bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) scoped_refptr<base::SequencedTaskRunner> background_task_runner, 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& auth_token, 482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& client_id, 492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool is_auto_enrollment, 5090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::string& requisition, 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const AllowedDeviceModes& allowed_device_modes, 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const EnrollmentCallback& completion_callback) 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : store_(store), 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) install_attributes_(install_attributes), 55010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_broker_(state_keys_broker), 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_(client.Pass()), 578bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) background_task_runner_(background_task_runner), 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) auth_token_(auth_token), 592a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) client_id_(client_id), 602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) is_auto_enrollment_(is_auto_enrollment), 6190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) requisition_(requisition), 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allowed_device_modes_(allowed_device_modes), 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) completion_callback_(completion_callback), 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) device_mode_(DEVICE_MODE_NOT_SET), 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_(STEP_PENDING), 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) lockbox_init_duration_(0), 671e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_(this) { 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(!client_->is_registered()); 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) store_->AddObserver(this); 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_->AddObserver(this); 722a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) client_->AddNamespaceToFetch(PolicyNamespaceKey( 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) dm_protocol::kChromeDevicePolicyType, std::string())); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Stop(); 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) store_->RemoveObserver(this); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::StartEnrollment() { 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_PENDING, enrollment_step_); 83010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) enrollment_step_ = STEP_STATE_KEYS; 84010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_broker_->RequestStateKeys( 85010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::CheckStateKeys, 86010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) weak_ptr_factory_.GetWeakPtr())); 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)scoped_ptr<CloudPolicyClient> EnrollmentHandlerChromeOS::ReleaseClient() { 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Stop(); 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return client_.Pass(); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) { 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(client_.get(), client); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_POLICY_FETCH, enrollment_step_); 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_VALIDATION; 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Validate the policy. 1012a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const em::PolicyFetchResponse* policy = client_->GetPolicyFor( 1022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) PolicyNamespaceKey(dm_protocol::kChromeDevicePolicyType, std::string())); 1032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (!policy) { 1042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) ReportResult(EnrollmentStatus::ForFetchError( 1052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) DM_STATUS_RESPONSE_DECODING_ERROR)); 1062a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return; 1072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 1082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<DeviceCloudPolicyValidator> validator( 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceCloudPolicyValidator::Create( 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<em::PolicyFetchResponse>( 1128bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) new em::PolicyFetchResponse(*policy)), 1138bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) background_task_runner_)); 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidateTimestamp(base::Time(), base::Time::NowFromSystemTime(), 1162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 1175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If this is re-enrollment, make sure that the new policy matches the 1195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // previously-enrolled domain. 1205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string domain; 1215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (install_attributes_->IsEnterpriseDevice()) { 1225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) domain = install_attributes_->GetDomain(); 1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateDomain(domain); 1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator->ValidateDMToken(client->dm_token(), 1262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidatePayload(); 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If |domain| is empty here, the policy validation code will just use the 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // domain from the username field in the policy itself to do key validation. 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // TODO(mnissler): Plumb the enrolling user's username into this object so 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // we can validate the username on the resulting policy, and use the domain 1335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // from that username to validate the key below (http://crbug.com/343074). 1345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateInitialKey(GetPolicyVerificationKey(), domain); 1352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator.release()->StartValidation( 1362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated, 1371e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr())); 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CloudPolicyClient* client) { 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(client_.get(), client); 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_POLICY_FETCH, 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) device_mode_ = client_->device_mode(); 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (device_mode_ == DEVICE_MODE_NOT_SET) 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) device_mode_ = DEVICE_MODE_ENTERPRISE; 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!allowed_device_modes_.test(device_mode_)) { 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Bad device mode " << device_mode_; 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE)); 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_->FetchPolicy(); 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(FATAL) << "Registration state changed to " << client_->is_registered() 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " in step " << enrollment_step_; 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnClientError(CloudPolicyClient* client) { 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(client_.get(), client); 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 165c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (enrollment_step_ == STEP_ROBOT_AUTH_FETCH) { 1661e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) LOG(ERROR) << "API authentication code fetch failed: " 1671e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) << client_->status(); 1681e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult(EnrollmentStatus::ForRobotAuthFetchError(client_->status())); 169c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else if (enrollment_step_ < STEP_POLICY_FETCH) { 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForRegistrationError(client_->status())); 171c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else { 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForFetchError(client_->status())); 173c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) { 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(store_, store); 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (enrollment_step_ == STEP_LOADING_STORE) { 180c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // If the |store_| wasn't initialized when StartEnrollment() was 181c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // called, then AttemptRegistration() bails silently. This gets 182c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // registration rolling again after the store finishes loading. 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AttemptRegistration(); 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (enrollment_step_ == STEP_STORE_POLICY) { 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(store_, store); 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStoreError(store_->status(), 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) store_->validation_status())); 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)void EnrollmentHandlerChromeOS::CheckStateKeys( 196010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::vector<std::string>& state_keys) { 197010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) CHECK_EQ(STEP_STATE_KEYS, enrollment_step_); 198010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 199010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Make sure state keys are available if forced re-enrollment is on. 200010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (chromeos::AutoEnrollmentController::GetMode() == 201010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT) { 202010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (state_keys.empty()) { 203010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) ReportResult( 204010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_NO_STATE_KEYS)); 205010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) return; 206010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } 207010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) client_->SetStateKeysToUpload(state_keys); 208010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) current_state_key_ = state_keys_broker_->current_state_key(); 209010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } 210010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 211010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) enrollment_step_ = STEP_LOADING_STORE; 212010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) AttemptRegistration(); 213010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 214010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::AttemptRegistration() { 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (store_->is_initialized()) { 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_REGISTRATION; 2192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) client_->Register(em::DeviceRegisterRequest::DEVICE, 22090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) auth_token_, client_id_, is_auto_enrollment_, 221effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch requisition_, current_state_key_); 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::PolicyValidated( 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceCloudPolicyValidator* validator) { 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_VALIDATION, enrollment_step_); 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (validator->success()) { 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_ = validator->policy().Pass(); 230c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) username_ = validator->policy_data()->username(); 231c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_id_ = validator->policy_data()->device_id(); 232c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 233f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) if (CommandLine::ForCurrentProcess()->HasSwitch( 234f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) chromeos::switches::kEnterpriseEnrollmentSkipRobotAuth)) { 235f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // For test purposes we allow enrollment to succeed without proper robot 236f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // account and use the provided value as a token. 237f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) refresh_token_ = kTestingRobotToken; 238f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) enrollment_step_ = STEP_LOCK_DEVICE, 239f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) StartLockDevice(username_, device_mode_, device_id_); 240f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) return; 241f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) } 242f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 243c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enrollment_step_ = STEP_ROBOT_AUTH_FETCH; 244c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_->FetchRobotAuthCodes(auth_token_); 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForValidationError(validator->status())); 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 250c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched( 251c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CloudPolicyClient* client) { 252c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DCHECK_EQ(client_.get(), client); 253c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_FETCH, enrollment_step_); 254c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 255c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enrollment_step_ = STEP_ROBOT_AUTH_REFRESH; 256c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 257c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) gaia::OAuthClientInfo client_info; 258c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_info.client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id(); 259c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_info.client_secret = 260c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) GaiaUrls::GetInstance()->oauth2_chrome_client_secret(); 261c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_info.redirect_uri = "oob"; 262c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 263c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Use the system request context to avoid sending user cookies. 264c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) gaia_oauth_client_.reset(new gaia::GaiaOAuthClient( 265c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) g_browser_process->system_request_context())); 266c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) gaia_oauth_client_->GetTokensFromAuthCode(client_info, 267c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client->robot_api_auth_code(), 268c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 0 /* max_retries */, 269c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) this); 270c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 271c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 272c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched. 273c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnGetTokensResponse( 274c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& refresh_token, 275c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& access_token, 276c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) int expires_in_seconds) { 277c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); 278c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 2791e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) refresh_token_ = refresh_token; 280c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 281c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enrollment_step_ = STEP_LOCK_DEVICE, 282c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartLockDevice(username_, device_mode_, device_id_); 283c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 284c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 285c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate 286c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnRefreshTokenResponse( 287c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& access_token, 288c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) int expires_in_seconds) { 289c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // We never use the code that should trigger this callback. 290c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) LOG(FATAL) << "Unexpected callback invoked"; 291c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 292c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 293c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request. 294c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnOAuthError() { 295c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); 2961e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // OnOAuthError is only called if the request is bad (malformed) or the 2971e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // response is bad (empty access token returned). 2981e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) LOG(ERROR) << "OAuth protocol error while fetching API refresh token."; 2991e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult( 3001e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) EnrollmentStatus::ForRobotRefreshFetchError(net::HTTP_BAD_REQUEST)); 301c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 302c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 303c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate network error when fetching refresh token. 304c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnNetworkError(int response_code) { 3051e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); 306c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) LOG(ERROR) << "Network error while fetching API refresh token: " 307c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) << response_code; 3081e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult( 3091e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) EnrollmentStatus::ForRobotRefreshFetchError(response_code)); 310c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 311c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 312c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::StartLockDevice( 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& user, 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceMode device_mode, 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& device_id) { 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Since this method is also called directly. 3181e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.InvalidateWeakPtrs(); 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 320c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) install_attributes_->LockDevice( 321c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) user, device_mode, device_id, 322c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, 3231e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr(), 324c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) user, 325c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_mode, 326c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_id)); 327c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 328c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 329c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::HandleLockDeviceResult( 330c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& user, 331c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DeviceMode device_mode, 332c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& device_id, 333c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EnterpriseInstallAttributes::LockResult lock_result) { 334c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); 3355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (lock_result) { 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_SUCCESS: 3371e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // Get the token service so we can store our robot refresh token. 3381e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) enrollment_step_ = STEP_STORE_ROBOT_AUTH; 339a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) chromeos::DeviceOAuth2TokenServiceFactory::Get()->SetAndSaveRefreshToken( 340a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) refresh_token_, 341a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::HandleRobotAuthTokenStored, 3421e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr())); 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_NOT_READY: 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // succeeded by then show an error to the user and stop the enrollment. 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (lockbox_init_duration_ < kLockRetryTimeoutMs) { 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // InstallAttributes not ready yet, retry later. 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(WARNING) << "Install Attributes not ready yet will retry in " 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << kLockRetryIntervalMs << "ms."; 35190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostDelayedTask( 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) FROM_HERE, 353c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice, 3541e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr(), 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user, device_mode, device_id), 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs)); 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) lockbox_init_duration_ += kLockRetryIntervalMs; 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_TIMEOUT)); 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_ERROR)); 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_WRONG_USER: 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Enrollment cannot proceed because the InstallAttrs " 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << "has been locked already!"; 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_WRONG_USER)); 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED() << "Invalid lock result " << lock_result; 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_ERROR)); 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 380a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)void EnrollmentHandlerChromeOS::HandleRobotAuthTokenStored(bool result) { 3811e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); 3821e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 383a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (!result) { 3841e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) LOG(ERROR) << "Failed to store API refresh token."; 3851e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3861e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); 3871e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) return; 3881e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) } 3891e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 3901e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) enrollment_step_ = STEP_STORE_POLICY; 3911e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) store_->InstallInitialPolicy(*policy_); 3921e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)} 3931e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 3945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::Stop() { 3955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (client_.get()) 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_->RemoveObserver(this); 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_FINISHED; 3981e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.InvalidateWeakPtrs(); 3995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) completion_callback_.Reset(); 4005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { 4035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentCallback callback = completion_callback_; 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Stop(); 4055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { 4075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(WARNING) << "Enrollment failed: " << status.status() 4085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " " << status.client_status() 4095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " " << status.validation_status() 4105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " " << status.store_status(); 4115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!callback.is_null()) 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) callback.Run(status); 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace policy 418