Switch from SignedSettings to DeviceSettingsService.

chrome/browser/policy/device_policy_cache.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/device_policy_cache.h"
 
 #include <limits>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/cros_settings.h"
-#include "chrome/browser/chromeos/login/ownership_service.h"
-#include "chrome/browser/chromeos/login/signed_settings_helper.h"
 #include "chrome/browser/policy/app_pack_updater.h"
 #include "chrome/browser/policy/cloud_policy_data_store.h"
 #include "chrome/browser/policy/enterprise_install_attributes.h"
 #include "chrome/browser/policy/enterprise_metrics.h"
 #include "chrome/browser/policy/policy_map.h"
 #include "chrome/browser/policy/proto/chrome_device_policy.pb.h"
 #include "chrome/browser/policy/proto/device_management_backend.pb.h"
 #include "chrome/browser/policy/proto/device_management_local.pb.h"
 #include "chrome/common/net/gaia/gaia_auth_util.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/update_engine_client.h"
 #include "policy/policy_constants.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 using google::protobuf::RepeatedField;
 using google::protobuf::RepeatedPtrField;
 
 namespace em = enterprise_management;
 
 namespace {
 
-// Stores policy, updates the owner key if required and reports the status
-// through a callback.
-class StorePolicyOperation : public chromeos::OwnerManager::KeyUpdateDelegate {
- public:
-  typedef base::Callback<void(chromeos::SignedSettings::ReturnCode)> Callback;
-
-  StorePolicyOperation(chromeos::SignedSettingsHelper* signed_settings_helper,
-                       const em::PolicyFetchResponse& policy,
-                       const Callback& callback)
-      : signed_settings_helper_(signed_settings_helper),
-        policy_(policy),
-        callback_(callback),
-        weak_ptr_factory_(this) {
-    signed_settings_helper_->StartStorePolicyOp(
-        policy,
-        base::Bind(&StorePolicyOperation::OnStorePolicyCompleted,
-                   weak_ptr_factory_.GetWeakPtr()));
-  }
-  virtual ~StorePolicyOperation() {
-  }
-
-  void OnStorePolicyCompleted(chromeos::SignedSettings::ReturnCode code) {
-    if (code != chromeos::SignedSettings::SUCCESS) {
-      callback_.Run(code);
-      delete this;
-      return;
-    }
-
-    if (policy_.has_new_public_key()) {
-      // The session manager has successfully done a key rotation. Replace the
-      // owner key also in chrome.
-      const std::string& new_key = policy_.new_public_key();
-      const std::vector<uint8> new_key_data(new_key.c_str(),
-                                            new_key.c_str() + new_key.size());
-      chromeos::OwnershipService::GetSharedInstance()->StartUpdateOwnerKey(
-          new_key_data, this);
-      return;
-    } else {
-      chromeos::CrosSettings::Get()->ReloadProviders();
-      callback_.Run(chromeos::SignedSettings::SUCCESS);
-      delete this;
-      return;
-    }
-  }
-
-  // OwnerManager::KeyUpdateDelegate implementation:
-  virtual void OnKeyUpdated() OVERRIDE {
-    chromeos::CrosSettings::Get()->ReloadProviders();
-    callback_.Run(chromeos::SignedSettings::SUCCESS);
-    delete this;
-  }
-
- private:
-
-  chromeos::SignedSettingsHelper* signed_settings_helper_;
-  em::PolicyFetchResponse policy_;
-  Callback callback_;
-
-  base::WeakPtrFactory<StorePolicyOperation> weak_ptr_factory_;
-
-  DISALLOW_COPY_AND_ASSIGN(StorePolicyOperation);
-};
-
 // Decodes a protobuf integer to an IntegerValue. The caller assumes ownership
 // of the return Value*. Returns NULL in case the input value is out of bounds.
 Value* DecodeIntegerValue(google::protobuf::int64 value) {
   if (value < std::numeric_limits<int>::min() ||
       value > std::numeric_limits<int>::max()) {
     LOG(WARNING) << "Integer value " << value
                  << " out of numeric limits, ignoring.";
     return NULL;
   }
 
@@ skipping 17 matching lines @@
 
 }  // namespace
 
 namespace policy {
 
 DevicePolicyCache::DevicePolicyCache(
     CloudPolicyDataStore* data_store,
     EnterpriseInstallAttributes* install_attributes)
     : data_store_(data_store),
       install_attributes_(install_attributes),
-      signed_settings_helper_(chromeos::SignedSettingsHelper::Get()),
+      device_settings_service_(chromeos::DeviceSettingsService::Get()),
       ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)),
       policy_fetch_pending_(false) {
+  device_settings_service_->AddObserver(this);
 }
 
 DevicePolicyCache::DevicePolicyCache(
     CloudPolicyDataStore* data_store,
     EnterpriseInstallAttributes* install_attributes,
-    chromeos::SignedSettingsHelper* signed_settings_helper)
+    chromeos::DeviceSettingsService* device_settings_service)
     : data_store_(data_store),
       install_attributes_(install_attributes),
-      signed_settings_helper_(signed_settings_helper),
+      device_settings_service_(device_settings_service),
       ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)),
       policy_fetch_pending_(false) {
+  device_settings_service_->AddObserver(this);
 }
 
 DevicePolicyCache::~DevicePolicyCache() {
+  device_settings_service_->RemoveObserver(this);
 }
 
 void DevicePolicyCache::Load() {
-  signed_settings_helper_->StartRetrievePolicyOp(
-      base::Bind(&DevicePolicyCache::OnRetrievePolicyCompleted,
-                 weak_ptr_factory_.GetWeakPtr()));
+  DeviceSettingsUpdated();
 }
 
 bool DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) {
   DCHECK(IsReady());
 
   // Make sure we have an enterprise device.
   std::string registration_domain(install_attributes_->GetDomain());
   if (registration_domain.empty()) {
     LOG(WARNING) << "Refusing to accept policy on non-enterprise device.";
     UMA_HISTOGRAM_ENUMERATION(kMetricPolicy,
@@ skipping 23 matching lines @@
     UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchUserMismatch,
                               kMetricPolicySize);
     InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                    CloudPolicySubsystem::POLICY_LOCAL_ERROR);
     return false;
   }
 
   set_last_policy_refresh_time(base::Time::NowFromSystemTime());
 
   // Start a store operation.
-  StorePolicyOperation::Callback callback =
+  policy_fetch_pending_ = true;
+  device_settings_service_->Store(
+      policy.SerializeAsString(),
       base::Bind(&DevicePolicyCache::PolicyStoreOpCompleted,
-                 weak_ptr_factory_.GetWeakPtr());
-  new StorePolicyOperation(signed_settings_helper_, policy, callback);
-  policy_fetch_pending_ = true;
+                 weak_ptr_factory_.GetWeakPtr()));
   return true;
 }
 
 void DevicePolicyCache::SetUnmanaged() {
   LOG(WARNING) << "Tried to set DevicePolicyCache to 'unmanaged'!";
   // This is not supported for DevicePolicyCache.
 }
 
 void DevicePolicyCache::SetFetchingDone() {
   // Don't send the notification just yet if there is a pending policy
   // store/reload cycle.
   if (!policy_fetch_pending_)
     CloudPolicyCacheBase::SetFetchingDone();
 }
 
-void DevicePolicyCache::OnRetrievePolicyCompleted(
-    chromeos::SignedSettings::ReturnCode code,
-    const em::PolicyFetchResponse& policy) {
+void DevicePolicyCache::OwnershipStatusChanged() {}
+
+void DevicePolicyCache::DeviceSettingsUpdated() {
   DCHECK(CalledOnValidThread());
+  chromeos::DeviceSettingsService::Status status =
+      device_settings_service_->status();
+  const em::PolicyData* policy_data = device_settings_service_->policy_data();
+  if (status == chromeos::DeviceSettingsService::STORE_SUCCESS &&
+      !policy_data) {
+    // Initial policy load is still pending.
+    return;
+  }
+
   if (!IsReady()) {
     std::string device_token;
-    InstallInitialPolicy(code, policy, &device_token);
+    InstallInitialPolicy(status, policy_data, &device_token);
     SetTokenAndFlagReady(device_token);
   } else {  // In other words, IsReady() == true
-    if (code != chromeos::SignedSettings::SUCCESS) {
-      if (code == chromeos::SignedSettings::BAD_SIGNATURE) {
+    if (status != chromeos::DeviceSettingsService::STORE_SUCCESS ||
+        !policy_data) {
+      if (status == chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR) {
         UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchBadSignature,
                                   kMetricPolicySize);
         InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                        CloudPolicySubsystem::SIGNATURE_MISMATCH);
       } else {
         UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchOtherFailed,
                                   kMetricPolicySize);
         InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                        CloudPolicySubsystem::POLICY_LOCAL_ERROR);
       }
     } else {
-      bool ok = SetPolicyInternal(policy, NULL, false);
+      em::PolicyFetchResponse policy_response;
+      CHECK(policy_data->SerializeToString(
+          policy_response.mutable_policy_data()));
+      bool ok = SetPolicyInternal(policy_response, NULL, false);
       if (ok) {
         UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchOK,
                                   kMetricPolicySize);
       }
     }
   }
-  CheckFetchingDone();
 }
 
 bool DevicePolicyCache::DecodePolicyData(const em::PolicyData& policy_data,
                                          PolicyMap* policies) {
   em::ChromeDeviceSettingsProto policy;
   if (!policy.ParseFromString(policy_data.policy_value())) {
     LOG(WARNING) << "Failed to parse ChromeDeviceSettingsProto.";
     return false;
   }
   DecodeDevicePolicy(policy, policies);
   return true;
 }
 
-void DevicePolicyCache::PolicyStoreOpCompleted(
-    chromeos::SignedSettings::ReturnCode code) {
+void DevicePolicyCache::PolicyStoreOpCompleted() {
   DCHECK(CalledOnValidThread());
-  if (code != chromeos::SignedSettings::SUCCESS) {
+  chromeos::DeviceSettingsService::Status status =
+      device_settings_service_->status();
+  if (status != chromeos::DeviceSettingsService::STORE_SUCCESS) {
     UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyStoreFailed,
                               kMetricPolicySize);
-    if (code == chromeos::SignedSettings::BAD_SIGNATURE) {
+    if (status == chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR) {
       UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchBadSignature,
                                 kMetricPolicySize);
       InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                      CloudPolicySubsystem::SIGNATURE_MISMATCH);
     } else {
       UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyFetchOtherFailed,
                                 kMetricPolicySize);
       InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                      CloudPolicySubsystem::POLICY_LOCAL_ERROR);
     }
     CheckFetchingDone();
     return;
   }
   UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyStoreSucceeded,
                             kMetricPolicySize);
-  signed_settings_helper_->StartRetrievePolicyOp(
-      base::Bind(&DevicePolicyCache::OnRetrievePolicyCompleted,
-                 weak_ptr_factory_.GetWeakPtr()));
+
+  CheckFetchingDone();
 }
 
 void DevicePolicyCache::InstallInitialPolicy(
-    chromeos::SignedSettings::ReturnCode code,
-    const em::PolicyFetchResponse& policy,
+    chromeos::DeviceSettingsService::Status status,
+    const em::PolicyData* policy_data,
     std::string* device_token) {
-  if (code == chromeos::SignedSettings::NOT_FOUND ||
-      code == chromeos::SignedSettings::KEY_UNAVAILABLE ||
-      !policy.has_policy_data()) {
+  if (status == chromeos::DeviceSettingsService::STORE_NO_POLICY ||
+      status == chromeos::DeviceSettingsService::STORE_KEY_UNAVAILABLE) {
     InformNotifier(CloudPolicySubsystem::UNENROLLED,
                    CloudPolicySubsystem::NO_DETAILS);
     return;
   }
-  em::PolicyData policy_data;
-  if (!policy_data.ParseFromString(policy.policy_data())) {
+  if (!policy_data) {
     LOG(WARNING) << "Failed to parse PolicyData protobuf.";
     UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyLoadFailed,
                               kMetricPolicySize);
     InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                    CloudPolicySubsystem::POLICY_LOCAL_ERROR);
     return;
   }
-  if (!policy_data.has_request_token() ||
-      policy_data.request_token().empty()) {
+  if (!policy_data->has_request_token() ||
+      policy_data->request_token().empty()) {
     SetUnmanagedInternal(base::Time::NowFromSystemTime());
     InformNotifier(CloudPolicySubsystem::UNMANAGED,
                    CloudPolicySubsystem::NO_DETAILS);
     // TODO(jkummerow): Reminder: When we want to feed device-wide settings
     // made by a local owner into this cache, we need to call
     // SetPolicyInternal() here.
     return;
   }
-  if (!policy_data.has_username() || !policy_data.has_device_id()) {
+  if (!policy_data->has_username() || !policy_data->has_device_id()) {
     UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyLoadFailed,
                               kMetricPolicySize);
     InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
                    CloudPolicySubsystem::POLICY_LOCAL_ERROR);
     return;
   }
   UMA_HISTOGRAM_ENUMERATION(kMetricPolicy, kMetricPolicyLoadSucceeded,
                             kMetricPolicySize);
-  data_store_->set_user_name(policy_data.username());
-  data_store_->set_device_id(policy_data.device_id());
-  *device_token = policy_data.request_token();
+  data_store_->set_user_name(policy_data->username());
+  data_store_->set_device_id(policy_data->device_id());
+  *device_token = policy_data->request_token();
   base::Time timestamp;
-  if (SetPolicyInternal(policy, &timestamp, true))
+  em::PolicyFetchResponse policy_response;
+  CHECK(policy_data->SerializeToString(policy_response.mutable_policy_data()));
+  if (SetPolicyInternal(policy_response, &timestamp, true))
     set_last_policy_refresh_time(timestamp);
 }
 
 void DevicePolicyCache::SetTokenAndFlagReady(const std::string& device_token) {
-  // Make sure that we only start device policy fetches once device settings are
-  // available in order to ensure the first device policy fetch uploads the
-  // configured reporting bits.

[pastarmovj, 2012/07/30 13:55:02]

Are you sure this is not needed anymore? I remember we had to add this code here
because we were getting in trouble shortly around boot times or some such.

[Mattias Nissler (ping if slow), 2012/08/02 12:01:52]

The issue was that the policy stuff would start talking to the server before
CrosSettings was initialized. Now that everything goes through
DeviceSettingsService (also token loading), we get the proper device settings in
the first request as well (I tested that).

-  if (chromeos::CrosSettingsProvider::TEMPORARILY_UNTRUSTED ==
-      chromeos::CrosSettings::Get()->PrepareTrustedValues(
-          base::Bind(&DevicePolicyCache::SetTokenAndFlagReady,
-                     weak_ptr_factory_.GetWeakPtr(),
-                     device_token))) {
-    return;
-  }
-
   // We need to call SetDeviceToken unconditionally to indicate the cache has
   // finished loading.
   data_store_->SetDeviceToken(device_token, true);
   SetReady();
 }
 
 void DevicePolicyCache::CheckFetchingDone() {
   if (policy_fetch_pending_) {
     CloudPolicyCacheBase::SetFetchingDone();
     policy_fetch_pending_ = false;
@@ skipping 351 matching lines @@
       }
       policies->Set(key::kDeviceStartUpUrls,
                     POLICY_LEVEL_MANDATORY,
                     POLICY_SCOPE_MACHINE,
                     urls);
     }
   }
 }
 
 }  // namespace policy