device_settings_service.h revision 5f1c94371a64b3196d4be9466099bb892df9b88e 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
7
8#include <deque>
9#include <string>
10#include <vector>
11
12#include "base/basictypes.h"
13#include "base/callback.h"
14#include "base/compiler_specific.h"
15#include "base/memory/ref_counted.h"
16#include "base/memory/scoped_ptr.h"
17#include "base/observer_list.h"
18#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
19#include "chromeos/dbus/session_manager_client.h"
20#include "components/policy/core/common/cloud/cloud_policy_validator.h"
21#include "crypto/scoped_nss_types.h"
22#include "policy/proto/device_management_backend.pb.h"
23
24namespace crypto {
25class RSAPrivateKey;
26}
27
28namespace chromeos {
29
30class OwnerKeyUtil;
31class PublicKey;
32class SessionManagerOperation;
33
34// Deals with the low-level interface to Chromium OS device settings. Device
35// settings are stored in a protobuf that's protected by a cryptographic
36// signature generated by a key in the device owner's possession. Key and
37// settings are brokered by the session_manager daemon.
38//
39// The purpose of DeviceSettingsService is to keep track of the current key and
40// settings blob. For reading and writing device settings, use CrosSettings
41// instead, which provides a high-level interface that allows for manipulation
42// of individual settings.
43//
44// DeviceSettingsService generates notifications for key and policy update
45// events so interested parties can reload state as appropriate.
46class DeviceSettingsService : public SessionManagerClient::Observer {
47 public:
48  // Indicates ownership status of the device.
49  enum OwnershipStatus {
50    // Listed in upgrade order.
51    OWNERSHIP_UNKNOWN = 0,
52    OWNERSHIP_NONE,
53    OWNERSHIP_TAKEN
54  };
55
56  typedef base::Callback<void(OwnershipStatus)> OwnershipStatusCallback;
57
58  // Status codes for Store().
59  enum Status {
60    STORE_SUCCESS,
61    STORE_KEY_UNAVAILABLE,       // Owner key not yet configured.
62    STORE_POLICY_ERROR,          // Failure constructing the settings blob.
63    STORE_OPERATION_FAILED,      // IPC to session_manager daemon failed.
64    STORE_NO_POLICY,             // No settings blob present.
65    STORE_INVALID_POLICY,        // Invalid settings blob.
66    STORE_VALIDATION_ERROR,      // Unrecoverable policy validation failure.
67    STORE_TEMP_VALIDATION_ERROR, // Temporary policy validation failure.
68  };
69
70  // Observer interface.
71  class Observer {
72   public:
73    virtual ~Observer();
74
75    // Indicates device ownership status changes.
76    virtual void OwnershipStatusChanged() = 0;
77
78    // Gets call after updates to the device settings.
79    virtual void DeviceSettingsUpdated() = 0;
80  };
81
82  class PrivateKeyDelegate {
83   public:
84    typedef base::Callback<void(bool is_owner)> IsOwnerCallback;
85    typedef base::Callback<void(std::string policy_blob)>
86        AssembleAndSignPolicyCallback;
87
88    virtual ~PrivateKeyDelegate() {}
89
90    // Returns whether current user is owner or not. When this method
91    // is called too early, incorrect result can be returned because
92    // private key loading may be in progress.
93    virtual bool IsOwner() = 0;
94
95    // Determines whether current user is owner or not, responds via
96    // |callback|.
97    virtual void IsOwnerAsync(const IsOwnerCallback& callback) = 0;
98
99    // Assembles and signs |policy|, responds via |callback|.
100    virtual bool AssembleAndSignPolicyAsync(
101        scoped_ptr<enterprise_management::PolicyData> policy,
102        const AssembleAndSignPolicyCallback& callback) = 0;
103
104    // Signs |settings| with the private half of the owner key and sends
105    // the resulting policy blob to session manager for storage. The
106    // result of the operation is reported through |callback|. If
107    // successful, the updated device settings are present in
108    // policy_data() and device_settings() when the callback runs.
109    virtual void SignAndStoreAsync(
110        scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> settings,
111        const base::Closure& callback) = 0;
112
113    // Sets the management related settings in PolicyData. Note that if
114    // |management_mode| is NOT_MANAGED, |request_token| and |device_id|
115    // should be empty strings. The result of the operation is reported
116    // through |callback|.
117    virtual void SetManagementSettingsAsync(
118        enterprise_management::PolicyData::ManagementMode management_mode,
119        const std::string& request_token,
120        const std::string& device_id,
121        const base::Closure& callback) = 0;
122  };
123
124  // Manage singleton instance.
125  static void Initialize();
126  static bool IsInitialized();
127  static void Shutdown();
128  static DeviceSettingsService* Get();
129
130  // Creates a device settings service instance. This is meant for unit tests,
131  // production code uses the singleton returned by Get() above.
132  DeviceSettingsService();
133  virtual ~DeviceSettingsService();
134
135  // To be called on startup once threads are initialized and DBus is ready.
136  void SetSessionManager(SessionManagerClient* session_manager_client,
137                         scoped_refptr<OwnerKeyUtil> owner_key_util);
138
139  // Prevents the service from making further calls to session_manager_client
140  // and stops any pending operations.
141  void UnsetSessionManager();
142
143  SessionManagerClient* session_manager_client() const {
144    return session_manager_client_;
145  }
146
147  // Returns the currently active device settings. Returns NULL if the device
148  // settings have not been retrieved from session_manager yet.
149  const enterprise_management::PolicyData* policy_data() {
150    return policy_data_.get();
151  }
152  const enterprise_management::ChromeDeviceSettingsProto*
153      device_settings() const {
154    return device_settings_.get();
155  }
156
157  // Returns the currently used owner key.
158  scoped_refptr<PublicKey> GetPublicKey();
159
160  // Returns the status generated by the last operation.
161  Status status() {
162    return store_status_;
163  }
164
165  // Triggers an attempt to pull the public half of the owner key from disk and
166  // load the device settings.
167  void Load();
168
169  // Signs |settings| with the private half of the owner key and sends the
170  // resulting policy blob to session manager for storage. The result of the
171  // operation is reported through |callback|. If successful, the updated device
172  // settings are present in policy_data() and device_settings() when the
173  // callback runs.
174  void SignAndStore(
175      scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> new_settings,
176      const base::Closure& callback);
177
178  // Sets the management related settings in PolicyData.
179  void SetManagementSettings(
180      enterprise_management::PolicyData::ManagementMode management_mode,
181      const std::string& request_token,
182      const std::string& device_id,
183      const base::Closure& callback);
184
185  // Stores a policy blob to session_manager. The result of the operation is
186  // reported through |callback|. If successful, the updated device settings are
187  // present in policy_data() and device_settings() when the callback runs.
188  void Store(scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
189             const base::Closure& callback);
190
191  // Returns the ownership status. May return OWNERSHIP_UNKNOWN if the disk
192  // hasn't been checked yet.
193  OwnershipStatus GetOwnershipStatus();
194
195  // Determines the ownership status and reports the result to |callback|. This
196  // is guaranteed to never return OWNERSHIP_UNKNOWN.
197  void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback);
198
199  // Checks whether we have the private owner key.
200  bool HasPrivateOwnerKey();
201
202  // Sets the identity of the user that's interacting with the service. This is
203  // relevant only for writing settings through SignAndStore().
204  void InitOwner(const std::string& username,
205                 const base::WeakPtr<PrivateKeyDelegate>& delegate);
206  const std::string& GetUsername() const;
207
208  // Adds an observer.
209  void AddObserver(Observer* observer);
210  // Removes an observer.
211  void RemoveObserver(Observer* observer);
212
213  // SessionManagerClient::Observer:
214  virtual void OwnerKeySet(bool success) OVERRIDE;
215  virtual void PropertyChangeComplete(bool success) OVERRIDE;
216
217 private:
218  friend class OwnerSettingsService;
219
220  // Enqueues a new operation. Takes ownership of |operation| and starts it
221  // right away if there is no active operation currently.
222  void Enqueue(SessionManagerOperation* operation);
223
224  // Enqueues a load operation.
225  void EnqueueLoad(bool force_key_load);
226
227  // Makes sure there's a reload operation so changes to the settings (and key,
228  // in case force_key_load is set) are getting picked up.
229  void EnsureReload(bool force_key_load);
230
231  // Runs the next pending operation.
232  void StartNextOperation();
233
234  // Updates status, policy data and owner key from a finished operation.
235  // Starts the next pending operation if available.
236  void HandleCompletedOperation(const base::Closure& callback,
237                                SessionManagerOperation* operation,
238                                Status status);
239
240  // Updates status and invokes the callback immediately.
241  void HandleError(Status status, const base::Closure& callback);
242
243  // Called by OwnerSettingsService when sign-and-store operation completes.
244  void OnSignAndStoreOperationCompleted(Status status);
245
246  void set_policy_data(
247      scoped_ptr<enterprise_management::PolicyData> policy_data) {
248    policy_data_ = policy_data.Pass();
249  }
250
251  void set_device_settings(scoped_ptr<
252      enterprise_management::ChromeDeviceSettingsProto> device_settings) {
253    device_settings_ = device_settings.Pass();
254  }
255
256  SessionManagerClient* session_manager_client_;
257  scoped_refptr<OwnerKeyUtil> owner_key_util_;
258
259  Status store_status_;
260
261  std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_;
262
263  std::string username_;
264  scoped_refptr<PublicKey> public_key_;
265  base::WeakPtr<PrivateKeyDelegate> delegate_;
266
267  scoped_ptr<enterprise_management::PolicyData> policy_data_;
268  scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_;
269
270  // The queue of pending operations. The first operation on the queue is
271  // currently active; it gets removed and destroyed once it completes.
272  std::deque<SessionManagerOperation*> pending_operations_;
273
274  ObserverList<Observer, true> observers_;
275
276  // For recoverable load errors how many retries are left before we give up.
277  int load_retries_left_;
278
279  base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
280
281  DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService);
282};
283
284// Helper class for tests. Initializes the DeviceSettingsService singleton on
285// construction and tears it down again on destruction.
286class ScopedTestDeviceSettingsService {
287 public:
288  ScopedTestDeviceSettingsService();
289  ~ScopedTestDeviceSettingsService();
290
291 private:
292  DISALLOW_COPY_AND_ASSIGN(ScopedTestDeviceSettingsService);
293};
294
295}  // namespace chromeos
296
297#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
298