Add support for loading user cloud policy on desktop.

chrome/browser/policy/browser_policy_connector.cc

Index: chrome/browser/policy/browser_policy_connector.cc
diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc
index 2874a911dd55d483b43354fedfc3b51ff9cfd511..63de15cf377accfe37b835a4c02495a4de3b0269 100644
--- a/chrome/browser/policy/browser_policy_connector.cc
+++ b/chrome/browser/policy/browser_policy_connector.cc
@@ -23,10 +23,12 @@
 #include "chrome/browser/policy/user_cloud_policy_manager.h"
 #include "chrome/browser/policy/user_policy_cache.h"
 #include "chrome/browser/policy/user_policy_token_cache.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/common/net/gaia/gaia_auth_util.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/notification_details.h"
@@ -45,6 +47,8 @@
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/cros/cros_library.h"
+#include "chrome/browser/chromeos/login/authenticator.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/system/statistics_provider.h"
 #include "chrome/browser/policy/app_pack_updater.h"
 #include "chrome/browser/policy/cros_user_policy_cache.h"
@@ -70,6 +74,10 @@ const FilePath::CharType kPolicyCacheFile[] = FILE_PATH_LITERAL("Policy");
 // Delay in milliseconds from startup.
 const int64 kServiceInitializationStartupDelay = 5000;
 
+// The URL for the device management server.
+const char kDefaultDeviceManagementServerUrl[] =
+    "https://m.google.com/devicemanagement/data/api";
+
 #if defined(OS_CHROMEOS)
 // MachineInfo key names.
 const char kMachineInfoSystemHwqual[] = "hardware_class";
@@ -114,40 +122,37 @@ BrowserPolicyConnector::~BrowserPolicyConnector() {
   user_policy_token_cache_.reset();
   user_data_store_.reset();
 
-  if (user_cloud_policy_manager_.get())
-    user_cloud_policy_manager_->Shutdown();
-  user_cloud_policy_manager_.reset();
-
   device_management_service_.reset();
 }
 
 void BrowserPolicyConnector::Init() {
-  platform_provider_.reset(CreatePlatformProvider());
+  DCHECK(!device_management_service_.get()) <<
+      "BrowserPolicyConnector::Init() called twice.";
+  // Don't create platform providers if running in a unit test, since
+  // AsyncPlatformLoader requires deletion on the FILE thread.

[Mattias Nissler (ping if slow), 2012/08/03 12:19:08]

In policy, we usually just spin up a fake FILE thread in the tests to keep the
production code clean. How many tests are affected?

[Andrew T Wilson (Slow), 2012/08/04 00:54:41]

Basically, any test that results in a call to
g_browser_process->browser_policy_connector() would be affected. This includes
most of the policy stuff (like PolicyUITest, for example) and any test that
creates a ProfileImpl (I don't have an exhaustive list, since a crashing test
exits the unit tests).

Doing the fake FILE thread is not a panacea, because we still hit more DCHECKs
later when we initialize things like ConfigDirPolicyLoader and they expect their
"FILE" thread to have an IO-enabled MessageLoop. And again, I don't think it's a
good option to change every Profile-using test to have to fake up a FILE thread.

+  if (MessageLoop::current())
+    platform_provider_.reset(CreatePlatformProvider());
+
+  device_management_service_.reset(
+      new DeviceManagementService(GetDeviceManagementUrl()));
 
 #if defined(OS_CHROMEOS)
-  // The CloudPolicyProvider blocks asynchronous Profile creation until a login
-  // is performed. This is used to ensure that the Profile's PrefService sees
-  // managed preferences on managed Chrome OS devices. However, this also
-  // prevents creation of new Profiles in Desktop Chrome. The implementation of
-  // cloud policy on the Desktop requires a refactoring of the cloud provider,
-  // but for now it just isn't created.
   CommandLine* command_line = CommandLine::ForCurrentProcess();
-  if (command_line->HasSwitch(switches::kDeviceManagementUrl)) {
-    device_management_service_.reset(
-        new DeviceManagementService(
-            command_line->GetSwitchValueASCII(switches::kDeviceManagementUrl)));
-    if (!command_line->HasSwitch(switches::kEnableCloudPolicyService)) {
-      managed_cloud_provider_.reset(new CloudPolicyProvider(
-          this,
-          POLICY_LEVEL_MANDATORY));
-      recommended_cloud_provider_.reset(new CloudPolicyProvider(
-          this,
-          POLICY_LEVEL_RECOMMENDED));
-    }
+  if (!command_line->HasSwitch(switches::kEnableCloudPolicyService)) {
+    managed_cloud_provider_.reset(new CloudPolicyProvider(
+        this,
+        POLICY_LEVEL_MANDATORY));
+    recommended_cloud_provider_.reset(new CloudPolicyProvider(
+        this,
+        POLICY_LEVEL_RECOMMENDED));
   }
 
   InitializeDevicePolicy();
 
+  // Don't bother updating the cache if this is a unit test.
+  if (!MessageLoop::current())
+    return;
+
   // Create the AppPackUpdater to start updating the cache. It requires the
   // system request context, which isn't available yet; therefore it is
   // created only once the loops are running.
@@ -158,7 +163,7 @@ void BrowserPolicyConnector::Init() {
 #endif
 }
 
-PolicyService* BrowserPolicyConnector::CreatePolicyService(
+scoped_ptr<PolicyService> BrowserPolicyConnector::CreatePolicyService(
     Profile* profile) {
   // |providers| in decreasing order of priority.
   PolicyServiceImpl::Providers providers;
@@ -176,8 +181,9 @@ PolicyService* BrowserPolicyConnector::CreatePolicyService(
   // directly as their provider, which may also block initialization on a policy
   // fetch at login time.
   if (profile) {
-    if (user_cloud_policy_manager_.get())
-      providers.push_back(user_cloud_policy_manager_.get());
+    UserCloudPolicyManager* manager = profile->GetUserCloudPolicyManager();
+    if (manager)
+      providers.push_back(manager);
 
     providers.push_back(
         ManagedModePolicyProviderFactory::GetForProfile(profile));
@@ -185,7 +191,7 @@ PolicyService* BrowserPolicyConnector::CreatePolicyService(
     providers.push_back(&user_cloud_policy_provider_);
   }
 
-  return new PolicyServiceImpl(providers);
+  return scoped_ptr<PolicyService>(new PolicyServiceImpl(providers)).Pass();
 }
 
 void BrowserPolicyConnector::RegisterForDevicePolicy(
@@ -302,12 +308,11 @@ void BrowserPolicyConnector::ScheduleServiceInitialization(
   }
 #endif
 }
+
 void BrowserPolicyConnector::InitializeUserPolicy(
     const std::string& user_name,
     bool wait_for_policy_fetch) {
   // Throw away the old backend.
-  user_cloud_policy_manager_.reset();
-
   user_cloud_policy_subsystem_.reset();
   user_policy_token_cache_.reset();
   user_data_store_.reset();
@@ -316,66 +321,54 @@ void BrowserPolicyConnector::InitializeUserPolicy(
 
   CommandLine* command_line = CommandLine::ForCurrentProcess();
 
-  if (command_line->HasSwitch(switches::kDeviceManagementUrl)) {
-    int64 startup_delay =
-        wait_for_policy_fetch ? 0 : kServiceInitializationStartupDelay;
+  int64 startup_delay =
+      wait_for_policy_fetch ? 0 : kServiceInitializationStartupDelay;
 
-    if (command_line->HasSwitch(switches::kEnableCloudPolicyService)) {
-#if defined(OS_CHROMEOS)
-      user_cloud_policy_manager_ =
-          UserCloudPolicyManager::Create(wait_for_policy_fetch);
-      user_cloud_policy_manager_->Initialize(g_browser_process->local_state(),
-                                             device_management_service_.get(),
-                                             GetUserAffiliation(user_name));
-      user_cloud_policy_provider_.SetDelegate(user_cloud_policy_manager_.get());
-
-      device_management_service_->ScheduleInitialization(startup_delay);
-#endif
-    } else {
-      FilePath profile_dir;
-      PathService::Get(chrome::DIR_USER_DATA, &profile_dir);
+  if (!command_line->HasSwitch(switches::kEnableCloudPolicyService)) {
+    FilePath profile_dir;
+    PathService::Get(chrome::DIR_USER_DATA, &profile_dir);
 #if defined(OS_CHROMEOS)
-      profile_dir = profile_dir.Append(
-          command_line->GetSwitchValuePath(switches::kLoginProfile));
+    profile_dir = profile_dir.Append(
+        command_line->GetSwitchValuePath(switches::kLoginProfile));
 #endif
-      const FilePath policy_dir = profile_dir.Append(kPolicyDir);
-      const FilePath policy_cache_file = policy_dir.Append(kPolicyCacheFile);
-      const FilePath token_cache_file = policy_dir.Append(kTokenCacheFile);
-      CloudPolicyCacheBase* user_policy_cache = NULL;
+    const FilePath policy_dir = profile_dir.Append(kPolicyDir);
+    const FilePath policy_cache_file = policy_dir.Append(kPolicyCacheFile);
+    const FilePath token_cache_file = policy_dir.Append(kTokenCacheFile);
+    CloudPolicyCacheBase* user_policy_cache = NULL;
 
-      user_data_store_.reset(CloudPolicyDataStore::CreateForUserPolicies());
+    user_data_store_.reset(CloudPolicyDataStore::CreateForUserPolicies());
 #if defined(OS_CHROMEOS)
-      user_policy_cache =
-          new CrosUserPolicyCache(
-              chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
-              user_data_store_.get(),
-              wait_for_policy_fetch,
-              token_cache_file,
-              policy_cache_file);
+    user_policy_cache =
+        new CrosUserPolicyCache(
+            chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
+            user_data_store_.get(),
+            wait_for_policy_fetch,
+            token_cache_file,
+            policy_cache_file);
 #else
-      user_policy_cache = new UserPolicyCache(policy_cache_file,
-                                              wait_for_policy_fetch);
-      user_policy_token_cache_.reset(
-          new UserPolicyTokenCache(user_data_store_.get(), token_cache_file));
+    user_policy_cache = new UserPolicyCache(policy_cache_file,
+                                            wait_for_policy_fetch);
+    user_policy_token_cache_.reset(
+        new UserPolicyTokenCache(user_data_store_.get(), token_cache_file));
 
-      // Initiate the DM-Token load.
-      user_policy_token_cache_->Load();
+    // Initiate the DM-Token load.
+    user_policy_token_cache_->Load();
 #endif
 
-      user_cloud_policy_subsystem_.reset(new CloudPolicySubsystem(
-          user_data_store_.get(),
-          user_policy_cache));
+    user_cloud_policy_subsystem_.reset(new CloudPolicySubsystem(
+        user_data_store_.get(),
+        user_policy_cache,
+        GetDeviceManagementUrl()));
 
-      user_data_store_->set_user_name(user_name);
-      user_data_store_->set_user_affiliation(GetUserAffiliation(user_name));
+    user_data_store_->set_user_name(user_name);
+    user_data_store_->set_user_affiliation(GetUserAffiliation(user_name));
 
-      user_cloud_policy_subsystem_->CompleteInitialization(
-          prefs::kUserPolicyRefreshRate,
-          startup_delay);
+    user_cloud_policy_subsystem_->CompleteInitialization(
+        prefs::kUserPolicyRefreshRate,
+        startup_delay);
 
-      managed_cloud_provider_->SetUserPolicyCache(user_policy_cache);
-      recommended_cloud_provider_->SetUserPolicyCache(user_policy_cache);
-    }
+    managed_cloud_provider_->SetUserPolicyCache(user_policy_cache);
+    recommended_cloud_provider_->SetUserPolicyCache(user_policy_cache);
   }
 }
 
@@ -407,17 +400,6 @@ void BrowserPolicyConnector::RegisterForUserPolicy(
     if (user_data_store_.get())
       user_data_store_->SetOAuthToken(oauth_token);
   }
-  if (user_cloud_policy_manager_.get()) {
-    CloudPolicyService* service =
-        user_cloud_policy_manager_->cloud_policy_service();
-    if (service->client() &&
-        !service->client()->is_registered() &&
-        !oauth_token.empty()) {
-      service->client()->Register(oauth_token);
-    } else {
-      user_cloud_policy_manager_->CancelWaitForPolicyFetch();
-    }
-  }
 }
 
 CloudPolicyDataStore* BrowserPolicyConnector::GetDeviceCloudPolicyDataStore() {
@@ -441,9 +423,11 @@ UserAffiliation BrowserPolicyConnector::GetUserAffiliation(
     const std::string& user_name) {
 #if defined(OS_CHROMEOS)
   if (install_attributes_.get()) {
-    size_t pos = user_name.find('@');
+    std::string canonicalized_user_name(gaia::CanonicalizeEmail(user_name));
+    size_t pos = canonicalized_user_name.find('@');
     if (pos != std::string::npos &&
-        user_name.substr(pos + 1) == install_attributes_->GetDomain()) {
+        canonicalized_user_name.substr(pos + 1) ==
+            install_attributes_->GetDomain()) {
       return USER_AFFILIATION_MANAGED;
     }
   }
@@ -474,6 +458,15 @@ void BrowserPolicyConnector::SetPolicyProviderForTesting(
   g_testing_provider = provider;
 }
 
+// static
+std::string BrowserPolicyConnector::GetDeviceManagementUrl() {
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(switches::kDeviceManagementUrl))
+    return command_line->GetSwitchValueASCII(switches::kDeviceManagementUrl);
+  else
+    return kDefaultDeviceManagementServerUrl;
+}
+
 void BrowserPolicyConnector::Observe(
     int type,
     const content::NotificationSource& source,
@@ -521,7 +514,12 @@ void BrowserPolicyConnector::InitializeDevicePolicy() {
 
       device_cloud_policy_subsystem_.reset(new CloudPolicySubsystem(
           device_data_store_.get(),
-          device_policy_cache));
+          device_policy_cache,
+          GetDeviceManagementUrl()));
+
+      // Skip the final initialization if this is a unit test.
+      if (!MessageLoop::current())
+        return;
 
       // Initialize the subsystem once the message loops are spinning.
       MessageLoop::current()->PostTask(