enrollment_handler_chromeos.cc revision 116680a4aac90f2aa7413d9095a592090648e557
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/bind.h" 8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/command_line.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/logging.h" 109ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 11c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/browser_process.h" 12010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)#include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" 132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" 14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 15116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" 17c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h" 18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "chromeos/chromeos_switches.h" 19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_constants.h" 20c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "google_apis/gaia/gaia_urls.h" 211e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)#include "net/http/http_status_code.h" 22a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "policy/proto/device_management_backend.pb.h" 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace em = enterprise_management; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace policy { 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Retry for InstallAttrs initialization every 500ms. 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const int kLockRetryIntervalMs = 500; 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Maximum time to retry InstallAttrs initialization before we give up. 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const int kLockRetryTimeoutMs = 10 * 60 * 1000; // 10 minutes. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Testing token used when the enrollment-skip-robot-auth is set to skip talking 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// to GAIA for an actual token. This is needed to be able to run against the 37f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// testing DMServer implementations. 38f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)const char kTestingRobotToken[] = "test-token"; 39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)EnrollmentHandlerChromeOS::EnrollmentHandlerChromeOS( 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceCloudPolicyStoreChromeOS* store, 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnterpriseInstallAttributes* install_attributes, 45010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) ServerBackedStateKeysBroker* state_keys_broker, 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<CloudPolicyClient> client, 478bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) scoped_refptr<base::SequencedTaskRunner> background_task_runner, 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& auth_token, 492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& client_id, 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool is_auto_enrollment, 5190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) const std::string& requisition, 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const AllowedDeviceModes& allowed_device_modes, 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const EnrollmentCallback& completion_callback) 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : store_(store), 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) install_attributes_(install_attributes), 56010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_broker_(state_keys_broker), 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_(client.Pass()), 588bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) background_task_runner_(background_task_runner), 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) auth_token_(auth_token), 602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) client_id_(client_id), 612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) is_auto_enrollment_(is_auto_enrollment), 6290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) requisition_(requisition), 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allowed_device_modes_(allowed_device_modes), 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) completion_callback_(completion_callback), 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) device_mode_(DEVICE_MODE_NOT_SET), 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_(STEP_PENDING), 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) lockbox_init_duration_(0), 681e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_(this) { 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(!client_->is_registered()); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) store_->AddObserver(this); 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_->AddObserver(this); 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) client_->AddNamespaceToFetch(PolicyNamespaceKey( 742a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) dm_protocol::kChromeDevicePolicyType, std::string())); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Stop(); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) store_->RemoveObserver(this); 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::StartEnrollment() { 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_PENDING, enrollment_step_); 84010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) enrollment_step_ = STEP_STATE_KEYS; 85010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) state_keys_broker_->RequestStateKeys( 86010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::CheckStateKeys, 87010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) weak_ptr_factory_.GetWeakPtr())); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)scoped_ptr<CloudPolicyClient> EnrollmentHandlerChromeOS::ReleaseClient() { 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Stop(); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return client_.Pass(); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnPolicyFetched(CloudPolicyClient* client) { 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(client_.get(), client); 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_POLICY_FETCH, enrollment_step_); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_VALIDATION; 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Validate the policy. 1022a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const em::PolicyFetchResponse* policy = client_->GetPolicyFor( 1032a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) PolicyNamespaceKey(dm_protocol::kChromeDevicePolicyType, std::string())); 1042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (!policy) { 1052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) ReportResult(EnrollmentStatus::ForFetchError( 1062a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) DM_STATUS_RESPONSE_DECODING_ERROR)); 1072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return; 1082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 1092a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<DeviceCloudPolicyValidator> validator( 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceCloudPolicyValidator::Create( 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<em::PolicyFetchResponse>( 1138bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) new em::PolicyFetchResponse(*policy)), 1148bcbed890bc3ce4d7a057a8f32cab53fa534672eTorne (Richard Coles) background_task_runner_)); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidateTimestamp(base::Time(), base::Time::NowFromSystemTime(), 1172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); 1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If this is re-enrollment, make sure that the new policy matches the 1205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // previously-enrolled domain. 1215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string domain; 1225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (install_attributes_->IsEnterpriseDevice()) { 1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) domain = install_attributes_->GetDomain(); 1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateDomain(domain); 1255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator->ValidateDMToken(client->dm_token(), 1272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType); 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) validator->ValidatePayload(); 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If |domain| is empty here, the policy validation code will just use the 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // domain from the username field in the policy itself to do key validation. 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // TODO(mnissler): Plumb the enrolling user's username into this object so 1335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // we can validate the username on the resulting policy, and use the domain 1345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // from that username to validate the key below (http://crbug.com/343074). 1355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) validator->ValidateInitialKey(GetPolicyVerificationKey(), domain); 1362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) validator.release()->StartValidation( 1372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::PolicyValidated, 1381e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr())); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnRegistrationStateChanged( 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CloudPolicyClient* client) { 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(client_.get(), client); 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) { 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_POLICY_FETCH, 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) device_mode_ = client_->device_mode(); 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (device_mode_ == DEVICE_MODE_NOT_SET) 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) device_mode_ = DEVICE_MODE_ENTERPRISE; 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!allowed_device_modes_.test(device_mode_)) { 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Bad device mode " << device_mode_; 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE)); 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_->FetchPolicy(); 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(FATAL) << "Registration state changed to " << client_->is_registered() 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " in step " << enrollment_step_; 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnClientError(CloudPolicyClient* client) { 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(client_.get(), client); 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 166c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (enrollment_step_ == STEP_ROBOT_AUTH_FETCH) { 1671e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) LOG(ERROR) << "API authentication code fetch failed: " 1681e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) << client_->status(); 1691e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult(EnrollmentStatus::ForRobotAuthFetchError(client_->status())); 170c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else if (enrollment_step_ < STEP_POLICY_FETCH) { 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForRegistrationError(client_->status())); 172c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } else { 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForFetchError(client_->status())); 174c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) { 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(store_, store); 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (enrollment_step_ == STEP_LOADING_STORE) { 181c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // If the |store_| wasn't initialized when StartEnrollment() was 182c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // called, then AttemptRegistration() bails silently. This gets 183c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // registration rolling again after the store finishes loading. 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AttemptRegistration(); 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (enrollment_step_ == STEP_STORE_POLICY) { 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS)); 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::OnStoreError(CloudPolicyStore* store) { 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_EQ(store_, store); 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStoreError(store_->status(), 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) store_->validation_status())); 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 196010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)void EnrollmentHandlerChromeOS::CheckStateKeys( 197010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) const std::vector<std::string>& state_keys) { 198010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) CHECK_EQ(STEP_STATE_KEYS, enrollment_step_); 199010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 200010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) // Make sure state keys are available if forced re-enrollment is on. 201010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (chromeos::AutoEnrollmentController::GetMode() == 202010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT) { 203010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) if (state_keys.empty()) { 204010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) ReportResult( 205010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_NO_STATE_KEYS)); 206010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) return; 207010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } 208010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) client_->SetStateKeysToUpload(state_keys); 209010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) current_state_key_ = state_keys_broker_->current_state_key(); 210010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) } 211010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 212010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) enrollment_step_ = STEP_LOADING_STORE; 213010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) AttemptRegistration(); 214010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles)} 215010d83a9304c5a91596085d917d248abff47903aTorne (Richard Coles) 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::AttemptRegistration() { 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (store_->is_initialized()) { 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_REGISTRATION; 2202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) client_->Register(em::DeviceRegisterRequest::DEVICE, 22190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) auth_token_, client_id_, is_auto_enrollment_, 222effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch requisition_, current_state_key_); 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::PolicyValidated( 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceCloudPolicyValidator* validator) { 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_VALIDATION, enrollment_step_); 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (validator->success()) { 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) policy_ = validator->policy().Pass(); 231c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) username_ = validator->policy_data()->username(); 232c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_id_ = validator->policy_data()->device_id(); 233c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 234f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) if (CommandLine::ForCurrentProcess()->HasSwitch( 235f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) chromeos::switches::kEnterpriseEnrollmentSkipRobotAuth)) { 236f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // For test purposes we allow enrollment to succeed without proper robot 237f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // account and use the provided value as a token. 238f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) refresh_token_ = kTestingRobotToken; 239f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) enrollment_step_ = STEP_LOCK_DEVICE, 240f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) StartLockDevice(username_, device_mode_, device_id_); 241f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) return; 242f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) } 243f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 244c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enrollment_step_ = STEP_ROBOT_AUTH_FETCH; 245c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_->FetchRobotAuthCodes(auth_token_); 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForValidationError(validator->status())); 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 251c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched( 252c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CloudPolicyClient* client) { 253c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DCHECK_EQ(client_.get(), client); 254c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_FETCH, enrollment_step_); 255c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 256c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enrollment_step_ = STEP_ROBOT_AUTH_REFRESH; 257c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 258c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) gaia::OAuthClientInfo client_info; 259c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_info.client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id(); 260c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_info.client_secret = 261c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) GaiaUrls::GetInstance()->oauth2_chrome_client_secret(); 262c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client_info.redirect_uri = "oob"; 263c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 264c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Use the system request context to avoid sending user cookies. 265c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) gaia_oauth_client_.reset(new gaia::GaiaOAuthClient( 266c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) g_browser_process->system_request_context())); 267c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) gaia_oauth_client_->GetTokensFromAuthCode(client_info, 268c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) client->robot_api_auth_code(), 269c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 0 /* max_retries */, 270c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) this); 271c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 272c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 273c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched. 274c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnGetTokensResponse( 275c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& refresh_token, 276c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& access_token, 277c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) int expires_in_seconds) { 278c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); 279c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 2801e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) refresh_token_ = refresh_token; 281c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 282c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) enrollment_step_ = STEP_LOCK_DEVICE, 283c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StartLockDevice(username_, device_mode_, device_id_); 284c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 285c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 286c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate 287c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnRefreshTokenResponse( 288c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& access_token, 289c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) int expires_in_seconds) { 290c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // We never use the code that should trigger this callback. 291c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) LOG(FATAL) << "Unexpected callback invoked"; 292c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 293c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 294c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request. 295c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnOAuthError() { 296c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); 2971e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // OnOAuthError is only called if the request is bad (malformed) or the 2981e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // response is bad (empty access token returned). 2991e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) LOG(ERROR) << "OAuth protocol error while fetching API refresh token."; 3001e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult( 3011e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) EnrollmentStatus::ForRobotRefreshFetchError(net::HTTP_BAD_REQUEST)); 302c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 303c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 304c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// GaiaOAuthClient::Delegate network error when fetching refresh token. 305c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::OnNetworkError(int response_code) { 3061e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_); 307c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) LOG(ERROR) << "Network error while fetching API refresh token: " 308c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) << response_code; 3091e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult( 3101e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) EnrollmentStatus::ForRobotRefreshFetchError(response_code)); 311c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 312c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 313c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::StartLockDevice( 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& user, 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DeviceMode device_mode, 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& device_id) { 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Since this method is also called directly. 3191e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.InvalidateWeakPtrs(); 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 321c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) install_attributes_->LockDevice( 322c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) user, device_mode, device_id, 323c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::HandleLockDeviceResult, 3241e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr(), 325c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) user, 326c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_mode, 327c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) device_id)); 328c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 329c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 330c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)void EnrollmentHandlerChromeOS::HandleLockDeviceResult( 331c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& user, 332c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DeviceMode device_mode, 333c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const std::string& device_id, 334c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EnterpriseInstallAttributes::LockResult lock_result) { 335c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_); 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (lock_result) { 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_SUCCESS: 3381e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // Get the token service so we can store our robot refresh token. 3391e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) enrollment_step_ = STEP_STORE_ROBOT_AUTH; 340a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) chromeos::DeviceOAuth2TokenServiceFactory::Get()->SetAndSaveRefreshToken( 341a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) refresh_token_, 342a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::HandleRobotAuthTokenStored, 3431e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr())); 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_NOT_READY: 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // succeeded by then show an error to the user and stop the enrollment. 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (lockbox_init_duration_ < kLockRetryTimeoutMs) { 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // InstallAttributes not ready yet, retry later. 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(WARNING) << "Install Attributes not ready yet will retry in " 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << kLockRetryIntervalMs << "ms."; 35290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop::current()->PostDelayedTask( 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) FROM_HERE, 354c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice, 3551e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.GetWeakPtr(), 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user, device_mode, device_id), 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs)); 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) lockbox_init_duration_ += kLockRetryIntervalMs; 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_TIMEOUT)); 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_ERROR)); 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case EnterpriseInstallAttributes::LOCK_WRONG_USER: 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Enrollment cannot proceed because the InstallAttrs " 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << "has been locked already!"; 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_WRONG_USER)); 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED() << "Invalid lock result " << lock_result; 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentStatus::STATUS_LOCK_ERROR)); 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 381a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)void EnrollmentHandlerChromeOS::HandleRobotAuthTokenStored(bool result) { 3821e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) CHECK_EQ(STEP_STORE_ROBOT_AUTH, enrollment_step_); 3831e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 384a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) if (!result) { 3851e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) LOG(ERROR) << "Failed to store API refresh token."; 3861e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) ReportResult(EnrollmentStatus::ForStatus( 3871e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED)); 3881e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) return; 3891e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) } 3901e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 3911e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) enrollment_step_ = STEP_STORE_POLICY; 3921e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) store_->InstallInitialPolicy(*policy_); 3931e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)} 3941e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 3955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::Stop() { 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (client_.get()) 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) client_->RemoveObserver(this); 3985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enrollment_step_ = STEP_FINISHED; 3991e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) weak_ptr_factory_.InvalidateWeakPtrs(); 4005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) completion_callback_.Reset(); 4015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnrollmentHandlerChromeOS::ReportResult(EnrollmentStatus status) { 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnrollmentCallback callback = completion_callback_; 4055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Stop(); 4065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { 4085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(WARNING) << "Enrollment failed: " << status.status() 4095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " " << status.client_status() 4105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " " << status.validation_status() 4115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << " " << status.store_status(); 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!callback.is_null()) 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) callback.Run(status); 4165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace policy 419