device_settings_service.h revision 0529e5d033099cbfc42635f6f6183833b09dff6e 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
7
8#include <deque>
9#include <string>
10#include <vector>
11
12#include "base/basictypes.h"
13#include "base/callback.h"
14#include "base/compiler_specific.h"
15#include "base/memory/ref_counted.h"
16#include "base/memory/scoped_ptr.h"
17#include "base/observer_list.h"
18#include "base/stl_util.h"
19#include "chromeos/dbus/session_manager_client.h"
20#include "chromeos/tpm_token_loader.h"
21#include "components/policy/core/common/cloud/cloud_policy_validator.h"
22#include "policy/proto/device_management_backend.pb.h"
23
24namespace crypto {
25class RSAPrivateKey;
26}
27
28namespace enterprise_management {
29class ChromeDeviceSettingsProto;
30}
31
32namespace chromeos {
33
34class OwnerKeyUtil;
35class SessionManagerOperation;
36
37// Keeps the public and private halves of the owner key. Both may be missing,
38// but if the private key is present, the public half will be as well. This
39// class is immutable and refcounted in order to allow safe access from any
40// thread.
41class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> {
42 public:
43  OwnerKey(scoped_ptr<std::vector<uint8> > public_key,
44           scoped_ptr<crypto::RSAPrivateKey> private_key);
45
46  const std::vector<uint8>* public_key() {
47    return public_key_.get();
48  }
49
50  std::string public_key_as_string() {
51    return std::string(reinterpret_cast<const char*>(
52        vector_as_array(public_key_.get())), public_key_->size());
53  }
54
55  crypto::RSAPrivateKey* private_key() {
56    return private_key_.get();
57  }
58
59 private:
60  friend class base::RefCountedThreadSafe<OwnerKey>;
61  ~OwnerKey();
62
63  scoped_ptr<std::vector<uint8> > public_key_;
64  scoped_ptr<crypto::RSAPrivateKey> private_key_;
65
66  DISALLOW_COPY_AND_ASSIGN(OwnerKey);
67};
68
69// Deals with the low-level interface to Chromium OS device settings. Device
70// settings are stored in a protobuf that's protected by a cryptographic
71// signature generated by a key in the device owner's possession. Key and
72// settings are brokered by the session_manager daemon.
73//
74// The purpose of DeviceSettingsService is to keep track of the current key and
75// settings blob. For reading and writing device settings, use CrosSettings
76// instead, which provides a high-level interface that allows for manipulation
77// of individual settings.
78//
79// DeviceSettingsService generates notifications for key and policy update
80// events so interested parties can reload state as appropriate.
81class DeviceSettingsService : public SessionManagerClient::Observer,
82                              public TPMTokenLoader::Observer {
83 public:
84  // Indicates ownership status of the device.
85  enum OwnershipStatus {
86    // Listed in upgrade order.
87    OWNERSHIP_UNKNOWN = 0,
88    OWNERSHIP_NONE,
89    OWNERSHIP_TAKEN
90  };
91
92  typedef base::Callback<void(OwnershipStatus)> OwnershipStatusCallback;
93  typedef base::Callback<void(bool)> IsCurrentUserOwnerCallback;
94
95  // Status codes for Store().
96  enum Status {
97    STORE_SUCCESS,
98    STORE_KEY_UNAVAILABLE,       // Owner key not yet configured.
99    STORE_POLICY_ERROR,          // Failure constructing the settings blob.
100    STORE_OPERATION_FAILED,      // IPC to session_manager daemon failed.
101    STORE_NO_POLICY,             // No settings blob present.
102    STORE_INVALID_POLICY,        // Invalid settings blob.
103    STORE_VALIDATION_ERROR,      // Unrecoverable policy validation failure.
104    STORE_TEMP_VALIDATION_ERROR, // Temporary policy validation failure.
105  };
106
107  // Observer interface.
108  class Observer {
109   public:
110    virtual ~Observer();
111
112    // Indicates device ownership status changes.
113    virtual void OwnershipStatusChanged() = 0;
114
115    // Gets call after updates to the device settings.
116    virtual void DeviceSettingsUpdated() = 0;
117  };
118
119  // Manage singleton instance.
120  static void Initialize();
121  static bool IsInitialized();
122  static void Shutdown();
123  static DeviceSettingsService* Get();
124
125  // Creates a device settings service instance. This is meant for unit tests,
126  // production code uses the singleton returned by Get() above.
127  DeviceSettingsService();
128  virtual ~DeviceSettingsService();
129
130  // To be called on startup once threads are initialized and DBus is ready.
131  void SetSessionManager(SessionManagerClient* session_manager_client,
132                         scoped_refptr<OwnerKeyUtil> owner_key_util);
133
134  // Prevents the service from making further calls to session_manager_client
135  // and stops any pending operations.
136  void UnsetSessionManager();
137
138  // Returns the currently active device settings. Returns NULL if the device
139  // settings have not been retrieved from session_manager yet.
140  const enterprise_management::PolicyData* policy_data() {
141    return policy_data_.get();
142  }
143  const enterprise_management::ChromeDeviceSettingsProto*
144      device_settings() const {
145    return device_settings_.get();
146  }
147
148  // Returns the currently used owner key.
149  scoped_refptr<OwnerKey> GetOwnerKey();
150
151  // Returns the status generated by the last operation.
152  Status status() {
153    return store_status_;
154  }
155
156  // Triggers an attempt to pull the public half of the owner key from disk and
157  // load the device settings.
158  void Load();
159
160  // Signs |settings| with the private half of the owner key and sends the
161  // resulting policy blob to session manager for storage. The result of the
162  // operation is reported through |callback|. If successful, the updated device
163  // settings are present in policy_data() and device_settings() when the
164  // callback runs.
165  void SignAndStore(
166      scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> new_settings,
167      const base::Closure& callback);
168
169  // Sets the management related settings in PolicyData. Note that if
170  // |management_mode| is NOT_MANAGED, |request_token| and |device_id| should be
171  // empty strings.
172  void SetManagementSettings(
173      enterprise_management::PolicyData::ManagementMode management_mode,
174      const std::string& request_token,
175      const std::string& device_id,
176      const base::Closure& callback);
177
178  // Stores a policy blob to session_manager. The result of the operation is
179  // reported through |callback|. If successful, the updated device settings are
180  // present in policy_data() and device_settings() when the callback runs.
181  void Store(scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
182             const base::Closure& callback);
183
184  // Returns the ownership status. May return OWNERSHIP_UNKNOWN if the disk
185  // hasn't been checked yet.
186  OwnershipStatus GetOwnershipStatus();
187
188  // Determines the ownership status and reports the result to |callback|. This
189  // is guaranteed to never return OWNERSHIP_UNKNOWN.
190  void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback);
191
192  // Checks whether we have the private owner key.
193  bool HasPrivateOwnerKey();
194
195  // Determines whether the current user is the owner. The callback is
196  // guaranteed not to be called before it is possible to determine if the
197  // current user is the owner (by testing existence of the private owner key).
198  void IsCurrentUserOwnerAsync(const IsCurrentUserOwnerCallback& callback);
199
200  // Sets the identity of the user that's interacting with the service. This is
201  // relevant only for writing settings through SignAndStore().
202  void SetUsername(const std::string& username);
203  const std::string& GetUsername() const;
204
205  // Adds an observer.
206  void AddObserver(Observer* observer);
207  // Removes an observer.
208  void RemoveObserver(Observer* observer);
209
210  // SessionManagerClient::Observer:
211  virtual void OwnerKeySet(bool success) OVERRIDE;
212  virtual void PropertyChangeComplete(bool success) OVERRIDE;
213
214  // TPMTokenLoader::Observer:
215  virtual void OnTPMTokenReady() OVERRIDE;
216
217 private:
218  // Enqueues a new operation. Takes ownership of |operation| and starts it
219  // right away if there is no active operation currently.
220  void Enqueue(SessionManagerOperation* operation);
221
222  // Enqueues a load operation.
223  void EnqueueLoad(bool force_key_load);
224
225  // Makes sure there's a reload operation so changes to the settings (and key,
226  // in case force_key_load is set) are getting picked up.
227  void EnsureReload(bool force_key_load);
228
229  // Runs the next pending operation.
230  void StartNextOperation();
231
232  // Updates status, policy data and owner key from a finished operation.
233  // Starts the next pending operation if available.
234  void HandleCompletedOperation(const base::Closure& callback,
235                                SessionManagerOperation* operation,
236                                Status status);
237
238  // Assembles PolicyData based on |settings| and the current |policy_data_|
239  // and |username_|.
240  scoped_ptr<enterprise_management::PolicyData> AssemblePolicy(
241      const enterprise_management::ChromeDeviceSettingsProto& settings);
242
243  SessionManagerClient* session_manager_client_;
244  scoped_refptr<OwnerKeyUtil> owner_key_util_;
245
246  Status store_status_;
247
248  std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_;
249  std::vector<IsCurrentUserOwnerCallback>
250      pending_is_current_user_owner_callbacks_;
251
252  std::string username_;
253  scoped_refptr<OwnerKey> owner_key_;
254  // Whether TPM token still needs to be initialized.
255  bool waiting_for_tpm_token_;
256  // Whether TPM token was ready when the current owner key was set.
257  // Implies that the current user is owner iff the private owner key is set.
258  bool owner_key_loaded_with_tpm_token_;
259
260  scoped_ptr<enterprise_management::PolicyData> policy_data_;
261  scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_;
262
263  // The queue of pending operations. The first operation on the queue is
264  // currently active; it gets removed and destroyed once it completes.
265  std::deque<SessionManagerOperation*> pending_operations_;
266
267  ObserverList<Observer, true> observers_;
268
269  // For recoverable load errors how many retries are left before we give up.
270  int load_retries_left_;
271
272  base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
273
274  DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService);
275};
276
277// Helper class for tests. Initializes the DeviceSettingsService singleton on
278// construction and tears it down again on destruction.
279class ScopedTestDeviceSettingsService {
280 public:
281  ScopedTestDeviceSettingsService();
282  ~ScopedTestDeviceSettingsService();
283
284 private:
285  DISALLOW_COPY_AND_ASSIGN(ScopedTestDeviceSettingsService);
286};
287
288}  // namespace chromeos
289
290#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
291