device_settings_service.h revision c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
7
8#include <deque>
9#include <string>
10#include <vector>
11
12#include "base/basictypes.h"
13#include "base/callback.h"
14#include "base/compiler_specific.h"
15#include "base/memory/ref_counted.h"
16#include "base/memory/scoped_ptr.h"
17#include "base/observer_list.h"
18#include "chrome/browser/policy/cloud/cloud_policy_validator.h"
19#include "chromeos/dbus/session_manager_client.h"
20
21namespace crypto {
22class RSAPrivateKey;
23}
24
25namespace enterprise_management {
26class ChromeDeviceSettingsProto;
27class PolicyData;
28class PolicyFetchResponse;
29}
30
31namespace chromeos {
32
33class OwnerKeyUtil;
34class SessionManagerOperation;
35
36// Keeps the public and private halves of the owner key. Both may be missing,
37// but if the private key is present, the public half will be as well. This
38// class is immutable and refcounted in order to allow safe access from any
39// thread.
40class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> {
41 public:
42  OwnerKey(scoped_ptr<std::vector<uint8> > public_key,
43           scoped_ptr<crypto::RSAPrivateKey> private_key);
44
45  const std::vector<uint8>* public_key() {
46    return public_key_.get();
47  }
48  crypto::RSAPrivateKey* private_key() {
49    return private_key_.get();
50  }
51
52 private:
53  friend class base::RefCountedThreadSafe<OwnerKey>;
54  ~OwnerKey();
55
56  scoped_ptr<std::vector<uint8> > public_key_;
57  scoped_ptr<crypto::RSAPrivateKey> private_key_;
58
59  DISALLOW_COPY_AND_ASSIGN(OwnerKey);
60};
61
62// Deals with the low-level interface to Chromium OS device settings. Device
63// settings are stored in a protobuf that's protected by a cryptographic
64// signature generated by a key in the device owner's possession. Key and
65// settings are brokered by the session_manager daemon.
66//
67// The purpose of DeviceSettingsService is to keep track of the current key and
68// settings blob. For reading and writing device settings, use CrosSettings
69// instead, which provides a high-level interface that allows for manipulation
70// of individual settings.
71//
72// DeviceSettingsService generates notifications for key and policy update
73// events so interested parties can reload state as appropriate.
74class DeviceSettingsService : public SessionManagerClient::Observer {
75 public:
76  // Indicates ownership status of the device.
77  enum OwnershipStatus {
78    // Listed in upgrade order.
79    OWNERSHIP_UNKNOWN = 0,
80    OWNERSHIP_NONE,
81    OWNERSHIP_TAKEN
82  };
83
84  typedef base::Callback<void(OwnershipStatus, bool)> OwnershipStatusCallback;
85
86  // Status codes for Store().
87  enum Status {
88    STORE_SUCCESS,
89    STORE_KEY_UNAVAILABLE,       // Owner key not yet configured.
90    STORE_POLICY_ERROR,          // Failure constructing the settings blob.
91    STORE_OPERATION_FAILED,      // IPC to session_manager daemon failed.
92    STORE_NO_POLICY,             // No settings blob present.
93    STORE_INVALID_POLICY,        // Invalid settings blob.
94    STORE_VALIDATION_ERROR,      // Unrecoverable policy validation failure.
95    STORE_TEMP_VALIDATION_ERROR, // Temporary policy validation failure.
96  };
97
98  // Observer interface.
99  class Observer {
100   public:
101    virtual ~Observer();
102
103    // Indicates device ownership status changes.
104    virtual void OwnershipStatusChanged() = 0;
105
106    // Gets call after updates to the device settings.
107    virtual void DeviceSettingsUpdated() = 0;
108  };
109
110  // Manage singleton instance.
111  static void Initialize();
112  static bool IsInitialized();
113  static void Shutdown();
114  static DeviceSettingsService* Get();
115
116  // Creates a device settings service instance. This is meant for unit tests,
117  // production code uses the singleton returned by Get() above.
118  DeviceSettingsService();
119  virtual ~DeviceSettingsService();
120
121  // To be called on startup once threads are initialized and DBus is ready.
122  void SetSessionManager(SessionManagerClient* session_manager_client,
123                         scoped_refptr<OwnerKeyUtil> owner_key_util);
124
125  // Prevents the service from making further calls to session_manager_client
126  // and stops any pending operations.
127  void UnsetSessionManager();
128
129  // Returns the currently active device settings. Returns NULL if the device
130  // settings have not been retrieved from session_manager yet.
131  const enterprise_management::PolicyData* policy_data() {
132    return policy_data_.get();
133  }
134  const enterprise_management::ChromeDeviceSettingsProto*
135      device_settings() const {
136    return device_settings_.get();
137  }
138
139  // Returns the currently used owner key.
140  scoped_refptr<OwnerKey> GetOwnerKey();
141
142  // Returns the status generated by the last operation.
143  Status status() {
144    return store_status_;
145  }
146
147  // Triggers an attempt to pull the public half of the owner key from disk and
148  // load the device settings.
149  void Load();
150
151  // Signs |settings| with the private half of the owner key and sends the
152  // resulting policy blob to session manager for storage. The result of the
153  // operation is reported through |callback|. If successful, the updated device
154  // settings are present in policy_data() and device_settings() when the
155  // callback runs.
156  void SignAndStore(
157      scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> new_settings,
158      const base::Closure& callback);
159
160  // Stores a policy blob to session_manager. The result of the operation is
161  // reported through |callback|. If successful, the updated device settings are
162  // present in policy_data() and device_settings() when the callback runs.
163  void Store(scoped_ptr<enterprise_management::PolicyFetchResponse> policy,
164             const base::Closure& callback);
165
166  // Returns the ownership status. May return OWNERSHIP_UNKNOWN if the disk
167  // hasn't been checked yet.
168  OwnershipStatus GetOwnershipStatus();
169
170  // Determines the ownership status and reports the result to |callback|. This
171  // is guaranteed to never return OWNERSHIP_UNKNOWN.
172  void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback);
173
174  // Checks whether we have the private owner key.
175  bool HasPrivateOwnerKey();
176
177  // Sets the identity of the user that's interacting with the service. This is
178  // relevant only for writing settings through SignAndStore().
179  void SetUsername(const std::string& username);
180  const std::string& GetUsername() const;
181
182  // Adds an observer.
183  void AddObserver(Observer* observer);
184  // Removes an observer.
185  void RemoveObserver(Observer* observer);
186
187  // SessionManagerClient::Observer:
188  virtual void OwnerKeySet(bool success) OVERRIDE;
189  virtual void PropertyChangeComplete(bool success) OVERRIDE;
190
191 private:
192  // Enqueues a new operation. Takes ownership of |operation| and starts it
193  // right away if there is no active operation currently.
194  void Enqueue(SessionManagerOperation* operation);
195
196  // Enqueues a load operation.
197  void EnqueueLoad(bool force_key_load);
198
199  // Makes sure there's a reload operation so changes to the settings (and key,
200  // in case force_key_load is set) are getting picked up.
201  void EnsureReload(bool force_key_load);
202
203  // Runs the next pending operation.
204  void StartNextOperation();
205
206  // Updates status, policy data and owner key from a finished operation.
207  // Starts the next pending operation if available.
208  void HandleCompletedOperation(const base::Closure& callback,
209                                SessionManagerOperation* operation,
210                                Status status);
211
212  SessionManagerClient* session_manager_client_;
213  scoped_refptr<OwnerKeyUtil> owner_key_util_;
214
215  base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
216
217  Status store_status_;
218
219  std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_;
220
221  std::string username_;
222  scoped_refptr<OwnerKey> owner_key_;
223
224  scoped_ptr<enterprise_management::PolicyData> policy_data_;
225  scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_;
226
227  // The queue of pending operations. The first operation on the queue is
228  // currently active; it gets removed and destroyed once it completes.
229  std::deque<SessionManagerOperation*> pending_operations_;
230
231  ObserverList<Observer, true> observers_;
232
233  // For recoverable load errors how many retries are left before we give up.
234  int load_retries_left_;
235
236  DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService);
237};
238
239// Helper class for tests. Initializes the DeviceSettingsService singleton on
240// construction and tears it down again on destruction.
241class ScopedTestDeviceSettingsService {
242 public:
243  ScopedTestDeviceSettingsService();
244  ~ScopedTestDeviceSettingsService();
245
246 private:
247  DISALLOW_COPY_AND_ASSIGN(ScopedTestDeviceSettingsService);
248};
249
250}  // namespace chromeos
251
252#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
253