1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
6
7#include "base/memory/singleton.h"
8#include "base/prefs/pref_registry_simple.h"
9#include "base/prefs/pref_service.h"
10#include "base/prefs/scoped_user_pref_update.h"
11#include "chrome/browser/browser_process.h"
12#include "chrome/browser/chromeos/policy/policy_cert_service.h"
13#include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
14#include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
15#include "chrome/browser/chromeos/profiles/profile_helper.h"
16#include "chrome/browser/lifetime/application_lifetime.h"
17#include "chrome/browser/profiles/incognito_helpers.h"
18#include "chrome/browser/profiles/profile.h"
19#include "chrome/common/pref_names.h"
20#include "components/keyed_service/content/browser_context_dependency_manager.h"
21#include "components/pref_registry/pref_registry_syncable.h"
22#include "components/user_manager/user_manager.h"
23
24namespace policy {
25
26// static
27PolicyCertService* PolicyCertServiceFactory::GetForProfile(Profile* profile) {
28  return static_cast<PolicyCertService*>(
29      GetInstance()->GetServiceForBrowserContext(profile, false));
30}
31
32// static
33scoped_ptr<PolicyCertVerifier> PolicyCertServiceFactory::CreateForProfile(
34    Profile* profile) {
35  DCHECK(!GetInstance()->GetServiceForBrowserContext(profile, false));
36  PolicyCertService* service = static_cast<PolicyCertService*>(
37      GetInstance()->GetServiceForBrowserContext(profile, true));
38  if (!service)
39    return scoped_ptr<PolicyCertVerifier>();
40  return service->CreatePolicyCertVerifier();
41}
42
43// static
44PolicyCertServiceFactory* PolicyCertServiceFactory::GetInstance() {
45  return Singleton<PolicyCertServiceFactory>::get();
46}
47
48// static
49void PolicyCertServiceFactory::SetUsedPolicyCertificates(
50    const std::string& user_id) {
51  if (UsedPolicyCertificates(user_id))
52    return;
53  ListPrefUpdate update(g_browser_process->local_state(),
54                        prefs::kUsedPolicyCertificates);
55  update->AppendString(user_id);
56}
57
58// static
59void PolicyCertServiceFactory::ClearUsedPolicyCertificates(
60    const std::string& user_id) {
61  ListPrefUpdate update(g_browser_process->local_state(),
62                        prefs::kUsedPolicyCertificates);
63  update->Remove(base::StringValue(user_id), NULL);
64}
65
66// static
67bool PolicyCertServiceFactory::UsedPolicyCertificates(
68    const std::string& user_id) {
69  base::StringValue value(user_id);
70  const base::ListValue* list =
71      g_browser_process->local_state()->GetList(prefs::kUsedPolicyCertificates);
72  if (!list) {
73    NOTREACHED();
74    return false;
75  }
76  return list->Find(value) != list->end();
77}
78
79// static
80void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple* local_state) {
81  local_state->RegisterListPref(prefs::kUsedPolicyCertificates);
82}
83
84PolicyCertServiceFactory::PolicyCertServiceFactory()
85    : BrowserContextKeyedServiceFactory(
86          "PolicyCertService",
87          BrowserContextDependencyManager::GetInstance()) {
88  DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance());
89}
90
91PolicyCertServiceFactory::~PolicyCertServiceFactory() {}
92
93KeyedService* PolicyCertServiceFactory::BuildServiceInstanceFor(
94    content::BrowserContext* context) const {
95  Profile* profile = static_cast<Profile*>(context);
96
97  user_manager::UserManager* user_manager = user_manager::UserManager::Get();
98  user_manager::User* user = chromeos::ProfileHelper::Get()->GetUserByProfile(
99      profile->GetOriginalProfile());
100  if (!user)
101    return NULL;
102
103  // Backwards compatibility: profiles that used policy-pushed certificates used
104  // to have this condition marked in their prefs. This signal has moved to
105  // local_state though, to support checking it before the profile is loaded.
106  // Check the profile here and update the local_state, if appropriate.
107  // TODO(joaodasilva): remove this, eventually.
108  PrefService* prefs = profile->GetOriginalProfile()->GetPrefs();
109  if (prefs->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) {
110    SetUsedPolicyCertificates(user->email());
111    prefs->ClearPref(prefs::kUsedPolicyCertificatesOnce);
112
113    if (user_manager->GetLoggedInUsers().size() > 1u) {
114      // This login should not have been allowed. After rebooting, local_state
115      // will contain the updated list of users that used policy-pushed
116      // certificates and this won't happen again.
117      // Note that a user becomes logged in before his profile is created.
118      LOG(ERROR) << "Shutdown session because a tainted profile was added.";
119      g_browser_process->local_state()->CommitPendingWrite();
120      prefs->CommitPendingWrite();
121      chrome::AttemptUserExit();
122    }
123  }
124
125  UserNetworkConfigurationUpdater* net_conf_updater =
126      UserNetworkConfigurationUpdaterFactory::GetForProfile(profile);
127  if (!net_conf_updater)
128    return NULL;
129
130  return new PolicyCertService(user->email(), net_conf_updater, user_manager);
131}
132
133content::BrowserContext* PolicyCertServiceFactory::GetBrowserContextToUse(
134    content::BrowserContext* context) const {
135  return chrome::GetBrowserContextOwnInstanceInIncognito(context);
136}
137
138void PolicyCertServiceFactory::RegisterProfilePrefs(
139    user_prefs::PrefRegistrySyncable* registry) {
140  // TODO(joaodasilva): this is used for backwards compatibility.
141  // Remove once it's not necessary anymore.
142  registry->RegisterBooleanPref(
143      prefs::kUsedPolicyCertificatesOnce,
144      false,
145      user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
146}
147
148bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const {
149  return true;
150}
151
152}  // namespace policy
153