1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
6#define CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/compiler_specific.h"
13#include "base/files/file_path.h"
14#include "base/memory/ref_counted.h"
15#include "base/memory/scoped_ptr.h"
16#include "base/memory/weak_ptr.h"
17#include "chromeos/dbus/dbus_method_call_status.h"
18#include "components/policy/core/common/cloud/cloud_policy_validator.h"
19#include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
20
21namespace base {
22class SequencedTaskRunner;
23}
24
25namespace chromeos {
26class CryptohomeClient;
27class SessionManagerClient;
28}
29
30namespace policy {
31
32class LegacyPolicyCacheLoader;
33
34// Implements a cloud policy store backed by the Chrome OS' session_manager,
35// which takes care of persisting policy to disk and is accessed via DBus calls
36// through SessionManagerClient.
37//
38// Additionally, this class drives legacy UserPolicyTokenCache and
39// UserPolicyDiskCache instances, migrating policy from these to session_manager
40// storage on the fly.
41class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase {
42 public:
43  UserCloudPolicyStoreChromeOS(
44      chromeos::CryptohomeClient* cryptohome_client,
45      chromeos::SessionManagerClient* session_manager_client,
46      scoped_refptr<base::SequencedTaskRunner> background_task_runner,
47      const std::string& username,
48      const base::FilePath& user_policy_key_dir,
49      const base::FilePath& legacy_token_cache_file,
50      const base::FilePath& legacy_policy_cache_file);
51  virtual ~UserCloudPolicyStoreChromeOS();
52
53  // CloudPolicyStore:
54  virtual void Store(
55      const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
56  virtual void Load() OVERRIDE;
57
58  // Loads the policy synchronously on the current thread.
59  void LoadImmediately();
60
61 private:
62  // Starts validation of |policy| before storing it.
63  void ValidatePolicyForStore(
64      scoped_ptr<enterprise_management::PolicyFetchResponse> policy);
65
66  // Completion handler for policy validation on the Store() path.
67  // Starts a store operation if the validation succeeded.
68  void OnPolicyToStoreValidated(UserCloudPolicyValidator* validator);
69
70  // Called back from SessionManagerClient for policy store operations.
71  void OnPolicyStored(bool);
72
73  // Called back from SessionManagerClient for policy load operations.
74  void OnPolicyRetrieved(const std::string& policy_blob);
75
76  // Starts validation of the loaded |policy| before installing it.
77  void ValidateRetrievedPolicy(
78      scoped_ptr<enterprise_management::PolicyFetchResponse> policy);
79
80  // Completion handler for policy validation on the Load() path. Installs the
81  // policy and publishes it if validation succeeded.
82  void OnRetrievedPolicyValidated(UserCloudPolicyValidator* validator);
83
84  // Callback for loading legacy caches.
85  void OnLegacyLoadFinished(
86      const std::string& dm_token,
87      const std::string& device_id,
88      Status status,
89      scoped_ptr<enterprise_management::PolicyFetchResponse>);
90
91  // Completion callback for legacy policy validation.
92  void OnLegacyPolicyValidated(const std::string& dm_token,
93                               const std::string& device_id,
94                               UserCloudPolicyValidator* validator);
95
96  // Installs legacy tokens.
97  void InstallLegacyTokens(const std::string& dm_token,
98                           const std::string& device_id);
99
100  // Removes the passed-in legacy cache directory.
101  static void RemoveLegacyCacheDir(const base::FilePath& dir);
102
103  // Invokes |callback| after reloading |policy_key_|.
104  void ReloadPolicyKey(const base::Closure& callback);
105
106  // Reads the contents of |path| into |key|.
107  static void LoadPolicyKey(const base::FilePath& path,
108                            std::string* key);
109
110  // Callback for the key reloading.
111  void OnPolicyKeyReloaded(std::string* key,
112                           const base::Closure& callback);
113
114  // Invokes |callback| after creating |policy_key_|, if it hasn't been created
115  // yet; otherwise invokes |callback| immediately.
116  void EnsurePolicyKeyLoaded(const base::Closure& callback);
117
118  // Callback for getting the sanitized username from |cryptohome_client_|.
119  void OnGetSanitizedUsername(const base::Closure& callback,
120                              chromeos::DBusMethodCallStatus call_status,
121                              const std::string& sanitized_username);
122
123  scoped_ptr<UserCloudPolicyValidator> CreateValidatorForLoad(
124      scoped_ptr<enterprise_management::PolicyFetchResponse> policy);
125
126  chromeos::CryptohomeClient* cryptohome_client_;
127  chromeos::SessionManagerClient* session_manager_client_;
128  const std::string username_;
129  base::FilePath user_policy_key_dir_;
130
131  // TODO(mnissler): Remove all the legacy policy support members below after
132  // the number of pre-M20 clients drops back to zero.
133  base::FilePath legacy_cache_dir_;
134  scoped_ptr<LegacyPolicyCacheLoader> legacy_loader_;
135  bool legacy_caches_loaded_;
136
137  bool policy_key_loaded_;
138  base::FilePath policy_key_path_;
139  std::string policy_key_;
140
141  base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_;
142
143  DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS);
144};
145
146}  // namespace policy
147
148#endif  // CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
149