1eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Copyright 2013 The Chromium Authors. All rights reserved. 2eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Use of this source code is governed by a BSD-style license that can be 3eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// found in the LICENSE file. 4eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 5eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#ifndef CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_BASE_H_ 6eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#define CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_BASE_H_ 7eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 8eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include <string> 9eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 10eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/basictypes.h" 11eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/callback.h" 12eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/compiler_specific.h" 13d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)#include "base/memory/ref_counted.h" 14eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/memory/scoped_ptr.h" 15eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/memory/weak_ptr.h" 16a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "components/keyed_service/core/keyed_service.h" 17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_client.h" 18a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "components/policy/core/common/cloud/cloud_policy_service.h" 19e5d81f57cb97b3b6b7fccc9c5610d21eb81db09dBen Murdoch#include "components/signin/core/browser/signin_manager.h" 20eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "content/public/browser/notification_observer.h" 21eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "content/public/browser/notification_registrar.h" 22eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 233551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)class PrefService; 24eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass Profile; 25eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 26d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)namespace net { 27d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)class URLRequestContextGetter; 28d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles)} 29d0247b1b59f9c528cb6df88b4f2b9afaf80d181eTorne (Richard Coles) 30eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochnamespace policy { 31eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 323551c9c881056c480085172ff9840cab31610854Torne (Richard Coles)class DeviceManagementService; 33eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass UserCloudPolicyManager; 34eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 35eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// The UserPolicySigninService is responsible for interacting with the policy 36eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// infrastructure (mainly UserCloudPolicyManager) to load policy for the signed 37eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// in user. This is the base class that contains shared behavior. 38eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// 39eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// At signin time, this class initializes the UCPM and loads policy before any 40eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// other signed in services are initialized. After each restart, this class 41eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// ensures that the CloudPolicyClient is registered (in case the policy server 42eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// was offline during the initial policy fetch) and if not it initiates a fresh 43eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// registration process. 44eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// 45eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Finally, if the user signs out, this class is responsible for shutting down 46eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// the policy infrastructure to ensure that any cached policy is cleared. 47a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)class UserPolicySigninServiceBase : public KeyedService, 48eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch public CloudPolicyClient::Observer, 49eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch public CloudPolicyService::Observer, 504ad1aa43a48567659193a298fad74f55e00b3dd9Ben Murdoch public content::NotificationObserver, 514ad1aa43a48567659193a298fad74f55e00b3dd9Ben Murdoch public SigninManagerBase::Observer { 52eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch public: 53eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // The callback invoked once policy registration is complete. Passed 54f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // |dm_token| and |client_id| parameters are empty if policy registration 55f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // failed. 56f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) typedef base::Callback<void(const std::string& dm_token, 57f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& client_id)> 58eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch PolicyRegistrationCallback; 59eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 60eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // The callback invoked once policy fetch is complete. Passed boolean 61eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // parameter is set to true if the policy fetch succeeded. 62eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch typedef base::Callback<void(bool)> PolicyFetchCallback; 63eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 64eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Creates a UserPolicySigninServiceBase associated with the passed |profile|. 653551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) UserPolicySigninServiceBase( 663551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) Profile* profile, 673551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) PrefService* local_state, 68a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) DeviceManagementService* device_management_service, 695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UserCloudPolicyManager* policy_manager, 705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SigninManager* signin_manager, 71a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> system_request_context); 72eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual ~UserPolicySigninServiceBase(); 73eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 74f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Initiates a policy fetch as part of user signin, using a |dm_token| and 75f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // |client_id| fetched via RegisterForPolicy(). |callback| is invoked 76eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // once the policy fetch is complete, passing true if the policy fetch 77eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // succeeded. 785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void FetchPolicyForSignedInUser( 795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& username, 805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& dm_token, 815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& client_id, 825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> profile_request_context, 835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const PolicyFetchCallback& callback); 84eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 854ad1aa43a48567659193a298fad74f55e00b3dd9Ben Murdoch // SigninManagerBase::Observer implementation: 861320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void GoogleSignedOut(const std::string& account_id, 871320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci const std::string& username) OVERRIDE; 884ad1aa43a48567659193a298fad74f55e00b3dd9Ben Murdoch 89eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // content::NotificationObserver implementation: 90eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void Observe(int type, 91eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const content::NotificationSource& source, 92eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const content::NotificationDetails& details) OVERRIDE; 93eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 94eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // CloudPolicyService::Observer implementation: 95eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void OnInitializationCompleted(CloudPolicyService* service) OVERRIDE; 96eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 97eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // CloudPolicyClient::Observer implementation: 98eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; 99eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; 100eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; 101eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 102a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // KeyedService implementation: 103eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void Shutdown() OVERRIDE; 104eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 105a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) void SetSystemRequestContext( 106f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> request_context); 107f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 108eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch protected: 109a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) net::URLRequestContextGetter* system_request_context() { 1101320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci return system_request_context_.get(); 111a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) } 112f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 113eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Returns a CloudPolicyClient to perform a registration with the DM server, 114eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // or NULL if |username| shouldn't register for policy management. 115a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) scoped_ptr<CloudPolicyClient> CreateClientForRegistrationOnly( 116a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const std::string& username); 117eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 118eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Returns false if cloud policy is disabled or if the passed |email_address| 119eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // is definitely not from a hosted domain (according to the blacklist in 120eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // BrowserPolicyConnector::IsNonEnterpriseUser()). 121eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch bool ShouldLoadPolicyForUser(const std::string& email_address); 122eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 123eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Invoked to initialize the UserPolicySigninService once its owning Profile 124eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // becomes ready. If the Profile has a signed-in account associated with it 125eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // at startup then this initializes the cloud policy manager by calling 126eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // InitializeForSignedInUser(); otherwise it clears any stored policies. 1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void InitializeOnProfileReady(Profile* profile); 128eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 129eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Invoked to initialize the cloud policy service for |username|, which is the 130eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // account associated with the Profile that owns this service. This is invoked 131eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // from InitializeOnProfileReady() if the Profile already has a signed-in 132eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // account at startup, or (on the desktop platforms) as soon as the user 133eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // signs-in and an OAuth2 login refresh token becomes available. 1345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void InitializeForSignedInUser( 1355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& username, 1365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> profile_request_context); 137eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 138eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Initializes the cloud policy manager with the passed |client|. This is 139eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // called from InitializeForSignedInUser() when the Profile already has a 140eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // signed in account at startup, and from FetchPolicyForSignedInUser() during 141eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // the initial policy fetch after signing in. 142eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void InitializeUserCloudPolicyManager( 143f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& username, 144eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<CloudPolicyClient> client); 145eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 1463551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // Prepares for the UserCloudPolicyManager to be shutdown due to 1473551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) // user signout or profile destruction. 1483551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) virtual void PrepareForUserCloudPolicyManagerShutdown(); 1493551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 150eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Shuts down the UserCloudPolicyManager (for example, after the user signs 151eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // out) and deletes any cached policy. 152eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual void ShutdownUserCloudPolicyManager(); 153eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 1545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Convenience helpers to get the associated UserCloudPolicyManager and 1555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // SigninManager. 1565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UserCloudPolicyManager* policy_manager() { return policy_manager_; } 1575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SigninManager* signin_manager() { return signin_manager_; } 158eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 159eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch content::NotificationRegistrar* registrar() { return ®istrar_; } 160eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 161eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch private: 162a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // Helper functions to create a request context for use by CloudPolicyClients. 1635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> CreateUserRequestContext( 1645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> profile_request_context); 165a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> CreateSystemRequestContext(); 166a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 1675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Weak pointer to the UserCloudPolicyManager and SigninManager this service 1685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // is associated with. 1695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UserCloudPolicyManager* policy_manager_; 1705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SigninManager* signin_manager_; 171eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 172eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch content::NotificationRegistrar registrar_; 173eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 1743551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) PrefService* local_state_; 1753551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) DeviceManagementService* device_management_service_; 176a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) scoped_refptr<net::URLRequestContextGetter> system_request_context_; 1773551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) 178eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch base::WeakPtrFactory<UserPolicySigninServiceBase> weak_factory_; 179eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 180eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch DISALLOW_COPY_AND_ASSIGN(UserPolicySigninServiceBase); 181eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch}; 182eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 183eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} // namespace policy 184eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 185eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#endif // CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_BASE_H_ 186