Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Side by Side Diff: chrome/browser/chromeos/login/device_settings_service.h

Issue 10828032: Add DeviceSettingsService. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_DEVICE_SETTINGS_SERVICE_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_DEVICE_SETTINGS_SERVICE_H_
7
8 #include <deque>
9 #include <string>
10 #include <vector>
11
12 #include "base/basictypes.h"
13 #include "base/callback.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/observer_list.h"
17 #include "base/synchronization/lock.h"
18 #include "chrome/browser/policy/cloud_policy_validator.h"
19 #include "chromeos/dbus/session_manager_client.h"
20
21 namespace base {
22 template <typename T> struct DefaultLazyInstanceTraits;
23 }
24
25 namespace crypto {
26 class RSAPrivateKey;
27 }
28
29 namespace enterprise_management {
30 class ChromeDeviceSettingsProto;
31 class PolicyData;
32 }
33
34 namespace chromeos {
35
36 class OwnerKeyUtil;
37 class SessionManagerOperation;
38
39 // Keeps the public and private halves of the owner key. Both may be missing,
40 // but if the private key is present, the public half will be as well. This
41 // class is immutable and refcounted in order to allow safe access from any
42 // thread.
43 class OwnerKey : public base::RefCountedThreadSafe<OwnerKey> {
44 public:
45 OwnerKey(scoped_ptr<std::vector<uint8> > public_key,
46 scoped_ptr<crypto::RSAPrivateKey> private_key);
47 ~OwnerKey();
48
49 const std::vector<uint8>* public_key() {
50 return public_key_.get();
51 }
52 crypto::RSAPrivateKey* private_key() {
53 return private_key_.get();
54 }
55
56 private:
57 scoped_ptr<std::vector<uint8> > public_key_;
58 scoped_ptr<crypto::RSAPrivateKey> private_key_;
59
60 DISALLOW_COPY_AND_ASSIGN(OwnerKey);
61 };
62
63 // Deals with the low-level interface to Chromium OS device settings. Device
64 // settings are stored in a protobuf that's protected by a cryptographic
65 // signature generated by a key in the device owner's possession. Key and
66 // settings are brokered by the session_manager daemon.
67 //
68 // The purpose of DeviceSettingsService is to keep track of the current key and
69 // settings blob. For reading and writing device settings, use CrosSettings
70 // instead, which provides a high-level interface that allows for manipulation
71 // of individual settings.
72 //
73 // DeviceSettingsService generates notifications for key and policy update
74 // events so interested parties and reload state as appropriate.
75 class DeviceSettingsService : public SessionManagerClient::Observer {
76 public:
77 // Indicates ownership status of the device.
78 enum OwnershipStatus {
79 // Listed in upgrade order.
80 OWNERSHIP_UNKNOWN = 0,
81 OWNERSHIP_NONE,
82 OWNERSHIP_TAKEN
83 };
84
85 typedef base::Callback<void(OwnershipStatus, bool)> OwnershipStatusCallback;
86
87 // Status codes for Store().
88 enum Status {
89 STORE_SUCCESS,
90 STORE_KEY_UNAVAILABLE, // Owner key not yet configured.
91 STORE_POLICY_ERROR, // Failure constructing the settings blob.
92 STORE_OPERATION_FAILED, // IPC to session_manager daemon failed.
93 STORE_NO_POLICY, // No settings blob present.
94 STORE_INVALID_POLICY, // Invalid settings blob.
95 STORE_VALIDATION_ERROR, // Policy validation failure.
96 };
97
98 // Observer interface.
99 class Observer {
100 public:
101 virtual ~Observer();
102
103 // Indicates device ownership status changes.
104 virtual void OwnershipStatusChanged() = 0;
105
106 // Gets call after updates to the device settings.
107 virtual void DeviceSettingsUpdated() = 0;
108 };
109
110 // Creates a device settings service instance. This is meant for unit tests,
111 // production code uses the singleton returned by Get() below.
112 DeviceSettingsService();
113 ~DeviceSettingsService();
114
115 // Returns the singleton instance.
116 static DeviceSettingsService* Get();
117
118 // To be called on startup once threads are initialized and DBus is ready.
119 void Initialize(SessionManagerClient* session_manager_client,
120 scoped_refptr<OwnerKeyUtil> owner_key_util);
121 void Shutdown();
122
123 // Returns the currently active device settings. Returns NULL if the device
124 // settings have not yet been retrieved from session_manager yet.
125 const enterprise_management::PolicyData* policy_data() {
126 return policy_data_.get();
127 }
128 const enterprise_management::ChromeDeviceSettingsProto*
129 device_settings() const {
130 return device_settings_.get();
131 }
132
133 // Returns the currently used owner key.
134 scoped_refptr<OwnerKey> GetOwnerKey();
135
136 // Returns the status generated by the last operation.
137 Status status() {
138 return store_status_;
139 }
140
141 // Triggers an attempt to pull the public half of the owner key from disk and
142 // load the device settings.
143 void Load();
144
145 // Signs |settings| with the private half of the owner key and sends the
146 // resulting policy blob to session manager for storage. The result of the
147 // operation is reported through |callback|. If successful, the updated device
148 // settings are present in policy_data() and device_settings() when the
149 // callback runs.
150 void SignAndStore(
151 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> settings,
152 const base::Closure& callback);
153
154 // Stores a policy blob to session_manager. The result of the operation is
155 // reported through |callback|. If successful, the updated device settings are
156 // present in policy_data() and device_settings() when the callback runs.
157 void Store(const std::string& policy_blob, const base::Closure& callback);
158
159 // This method can be run either on FILE or UI threads. If |blocking| flag
160 // is specified then it is guaranteed to return either OWNERSHIP_NONE or
161 // OWNERSHIP_TAKEN (and not OWNERSHIP_UNKNOWN), however in this case it may
162 // occasionally block doing I/O.
163 //
164 // TODO(mnissler, pastarmovj): Remove the blocking flag and only allow this on
165 // the UI thread.
166 OwnershipStatus GetOwnershipStatus(bool blocking);
167
168 // Determines the ownership status and reports the result to |callback|. This
169 // is guaranteed to never return OWNERSHIP_UNKNOWN.
170 void GetOwnershipStatusAsync(const OwnershipStatusCallback& callback);
171
172 // Checks whether we have the private owner key.
173 bool HasPrivateOwnerKey();
174
175 // Sets the identity of the user that's interacting with the service. This is
176 // relevant only for writing settings through SignAndStore().
177 void SetUsername(const std::string& username);
178 const std::string& GetUsername() const;
179
180 // Adds an observer.
181 void AddObserver(Observer* observer);
182 // Removes and observer.
183 void RemoveObserver(Observer* observer);
184
185 // SessionManagerClient::Observer:
186 void OwnerKeySet(bool success) OVERRIDE;
187 void PropertyChangeComplete(bool success) OVERRIDE;
188
189 private:
190 // Enqueues a new operation. Takes ownership of |operation| and starts it
191 // right away if there is no active operation currently.
192 void Enqueue(SessionManagerOperation* operation);
193
194 // Enqueues a load operation.
195 void EnqueueLoad(bool force_key_load);
196
197 // Makes sure there's a reload operation so changes to the settings (and key,
198 // in case force_key_load is set) are getting picked up.
199 void EnsureReload(bool force_key_load);
200
201 // Runs the next pending operation.
202 void RunNextOperation();
203
204 // Updates status, policy data and owner key from a finished operation.
205 // Starts the next pending operation if available.
206 void HandleCompletedOperation(const base::Closure& callback,
207 SessionManagerOperation* operation,
208 Status status);
209
210 // Sets ownership status. May be called on either thread.
211 void SetOwnershipStatus(OwnershipStatus new_status);
212
213 SessionManagerClient* session_manager_client_;
214 scoped_refptr<OwnerKeyUtil> owner_key_util_;
215
216 base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
217
218 Status store_status_;
219
220 OwnershipStatus ownership_status_;
221 base::Lock ownership_status_lock_;
222 std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_;
223
224 std::string username_;
225 scoped_refptr<OwnerKey> owner_key_;
226
227 scoped_ptr<enterprise_management::PolicyData> policy_data_;
228 scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> device_settings_;
229
230 // The queue of pending operations. The first operation on the queue is
231 // currently active; it gets removed and destroyed once it completes.
232 std::deque<SessionManagerOperation*> pending_operations_;
233
234 ObserverList<Observer, true> observers_;
235
236 DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService);
237 };
238
239 } // namespace chromeos
240
241 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_DEVICE_SETTINGS_SERVICE_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698