1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_
7
8#include "base/basictypes.h"
9#include "base/callback.h"
10#include "base/memory/ref_counted.h"
11#include "base/memory/scoped_ptr.h"
12#include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h"
13#include "chrome/browser/chromeos/settings/device_settings_service.h"
14#include "components/ownership/owner_settings_service.h"
15#include "net/cert/x509_util_nss.h"
16
17namespace enterprise_management {
18class ChromeDeviceSettingsProto;
19class PolicyData;
20class PolicyFetchResponse;
21}
22
23namespace ownership {
24class OwnerKeyUtil;
25class PublicKey;
26}
27
28namespace chromeos {
29
30class SessionManagerClient;
31
32// Handles a single transaction with session manager. This is a virtual base
33// class that contains common infrastructure for key and policy loading. There
34// are subclasses for loading, storing and signing policy blobs.
35class SessionManagerOperation {
36 public:
37  typedef base::Callback<void(SessionManagerOperation*,
38                              DeviceSettingsService::Status)> Callback;
39
40  // Creates a new load operation.
41  explicit SessionManagerOperation(const Callback& callback);
42  virtual ~SessionManagerOperation();
43
44  // Starts the operation.
45  void Start(SessionManagerClient* session_manager_client,
46             scoped_refptr<ownership::OwnerKeyUtil> owner_key_util,
47             scoped_refptr<ownership::PublicKey> public_key);
48
49  // Restarts a load operation (if that part is already in progress).
50  void RestartLoad(bool key_changed);
51
52  // Accessors for recovering the loaded policy data after completion.
53  scoped_ptr<enterprise_management::PolicyData>& policy_data() {
54    return policy_data_;
55  }
56  scoped_ptr<enterprise_management::ChromeDeviceSettingsProto>&
57      device_settings() {
58    return device_settings_;
59  }
60
61  // Public part of the owner key as configured/loaded from disk.
62  scoped_refptr<ownership::PublicKey> public_key() { return public_key_; }
63
64  // Whether the load operation is underway.
65  bool is_loading() const { return is_loading_; }
66
67  void set_force_key_load(bool force_key_load) {
68    force_key_load_ = force_key_load;
69  }
70
71  void set_username(const std::string& username) { username_ = username; }
72
73  void set_owner_settings_service(const base::WeakPtr<
74      ownership::OwnerSettingsService>& owner_settings_service) {
75    owner_settings_service_ = owner_settings_service;
76  }
77
78 protected:
79  // Runs the operation. The result is reported through |callback_|.
80  virtual void Run() = 0;
81
82  // Ensures the public key is loaded.
83  void EnsurePublicKey(const base::Closure& callback);
84
85  // Starts a load operation.
86  void StartLoading();
87
88  // Reports the result status of the operation. Once this gets called, the
89  // operation should not perform further processing or trigger callbacks.
90  void ReportResult(DeviceSettingsService::Status status);
91
92  SessionManagerClient* session_manager_client() {
93    return session_manager_client_;
94  }
95
96  base::WeakPtr<ownership::OwnerSettingsService> owner_settings_service_;
97
98 private:
99  // Loads the owner key from disk. Must be run on a thread that can do I/O.
100  static scoped_refptr<ownership::PublicKey> LoadPublicKey(
101      scoped_refptr<ownership::OwnerKeyUtil> util,
102      scoped_refptr<ownership::PublicKey> current_key);
103
104  // Stores the owner key loaded by LoadOwnerKey and calls |callback|.
105  void StorePublicKey(const base::Closure& callback,
106                      scoped_refptr<ownership::PublicKey> new_key);
107
108  // Triggers a device settings load.
109  void RetrieveDeviceSettings();
110
111  // Validates device settings after retrieval from session_manager.
112  void ValidateDeviceSettings(const std::string& policy_blob);
113
114  // Extracts status and device settings from the validator and reports them.
115  void ReportValidatorStatus(policy::DeviceCloudPolicyValidator* validator);
116
117  SessionManagerClient* session_manager_client_;
118  scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_;
119
120  Callback callback_;
121
122  scoped_refptr<ownership::PublicKey> public_key_;
123  bool force_key_load_;
124  std::string username_;
125
126  bool is_loading_;
127  scoped_ptr<enterprise_management::PolicyData> policy_data_;
128  scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_;
129
130  base::WeakPtrFactory<SessionManagerOperation> weak_factory_;
131
132  DISALLOW_COPY_AND_ASSIGN(SessionManagerOperation);
133};
134
135// This operation loads the public owner key from disk if appropriate, fetches
136// the policy blob from session manager, and validates the loaded policy blob.
137class LoadSettingsOperation : public SessionManagerOperation {
138 public:
139  // Creates a new load operation.
140  explicit LoadSettingsOperation(const Callback& callback);
141  virtual ~LoadSettingsOperation();
142
143 protected:
144  // SessionManagerOperation:
145  virtual void Run() OVERRIDE;
146
147 private:
148  DISALLOW_COPY_AND_ASSIGN(LoadSettingsOperation);
149};
150
151// Stores a pre-generated policy blob and reloads the device settings from
152// session_manager.
153class StoreSettingsOperation : public SessionManagerOperation {
154 public:
155  // Creates a new store operation.
156  StoreSettingsOperation(
157      const Callback& callback,
158      scoped_ptr<enterprise_management::PolicyFetchResponse> policy);
159  virtual ~StoreSettingsOperation();
160
161 protected:
162  // SessionManagerOperation:
163  virtual void Run() OVERRIDE;
164
165 private:
166  // Handles the result of the store operation and triggers the load.
167  void HandleStoreResult(bool success);
168
169  scoped_ptr<enterprise_management::PolicyFetchResponse> policy_;
170
171  base::WeakPtrFactory<StoreSettingsOperation> weak_factory_;
172
173  DISALLOW_COPY_AND_ASSIGN(StoreSettingsOperation);
174};
175
176// Signs device settings and stores the resulting blob to session_manager.
177class SignAndStoreSettingsOperation : public SessionManagerOperation {
178 public:
179  // Creates a new sign-and-store operation.
180  SignAndStoreSettingsOperation(
181      const Callback& callback,
182      scoped_ptr<enterprise_management::PolicyData> new_policy);
183  virtual ~SignAndStoreSettingsOperation();
184
185  // SessionManagerOperation:
186  virtual void Run() OVERRIDE;
187
188 private:
189  void StartSigning(bool has_private_key);
190
191  // Stores the signed device settings blob.
192  void StoreDeviceSettingsBlob(std::string device_settings_blob);
193
194  // Handles the result of the store operation and triggers the load.
195  void HandleStoreResult(bool success);
196
197  scoped_ptr<enterprise_management::PolicyData> new_policy_;
198
199  base::WeakPtrFactory<SignAndStoreSettingsOperation> weak_factory_;
200
201  DISALLOW_COPY_AND_ASSIGN(SignAndStoreSettingsOperation);
202};
203
204}  // namespace chromeos
205
206#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_SESSION_MANAGER_OPERATION_H_
207