| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/basictypes.h" |
| 11 #include "base/compiler_specific.h" |
| 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "base/memory/weak_ptr.h" |
| 14 #include "chrome/browser/policy/cloud_policy_client.h" |
| 15 #include "chrome/browser/policy/cloud_policy_store.h" |
| 16 #include "chrome/browser/policy/cloud_policy_validator.h" |
| 17 #include "chrome/browser/policy/device_cloud_policy_manager_chromeos.h" |
| 18 |
| 19 namespace enterprise_management { |
| 20 class PolicyFetchResponse; |
| 21 } |
| 22 |
| 23 namespace policy { |
| 24 |
| 25 class EnterpriseInstallAttributes; |
| 26 |
| 27 // Implements the logic that establishes enterprise enrollment for Chromium OS |
| 28 // devices. The process is as follows: |
| 29 // 1. Given an auth token, register with the policy service. |
| 30 // 2. Download the initial policy blob from the service. |
| 31 // 3. Verify the policy blob. Everything up to this point doesn't touch device |
| 32 // state. |
| 33 // 4. Establish the device lock in installation-time attributes. |
| 34 // 5. Store the policy blob. |
| 35 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| 36 public CloudPolicyStore::Observer { |
| 37 public: |
| 38 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes |
| 39 AllowedDeviceModes; |
| 40 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback |
| 41 EnrollmentCallback; |
| 42 |
| 43 // |store| and |install_attributes| must remain valid for the life time of the |
| 44 // enrollment handler. |allowed_device_modes| determines what device modes |
| 45 // are acceptable. If the mode specified by the server is not acceptable, |
| 46 // enrollment will fail with an EnrollmentStatus indicating |
| 47 // STATUS_REGISTRATION_BAD_MODE. |
| 48 EnrollmentHandlerChromeOS(DeviceCloudPolicyStoreChromeOS* store, |
| 49 EnterpriseInstallAttributes* install_attributes, |
| 50 scoped_ptr<CloudPolicyClient> client, |
| 51 const std::string& auth_token, |
| 52 const AllowedDeviceModes& allowed_device_modes, |
| 53 const EnrollmentCallback& completion_callback); |
| 54 virtual ~EnrollmentHandlerChromeOS(); |
| 55 |
| 56 // Starts the enrollment process and reports the result to |
| 57 // |completion_callback_|. |
| 58 void StartEnrollment(); |
| 59 |
| 60 // Releases the client. |
| 61 scoped_ptr<CloudPolicyClient> ReleaseClient(); |
| 62 |
| 63 // CloudPolicyClient::Observer: |
| 64 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; |
| 65 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; |
| 66 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; |
| 67 |
| 68 // CloudPolicyStore::Observer: |
| 69 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; |
| 70 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; |
| 71 |
| 72 private: |
| 73 // Indicates what step of the process is currently pending. These steps need |
| 74 // to be listed in the order they are traversed in. |
| 75 enum EnrollmentStep { |
| 76 STEP_PENDING, // Not started yet. |
| 77 STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
| 78 STEP_REGISTRATION, // Currently registering the client. |
| 79 STEP_POLICY_FETCH, // Fetching policy. |
| 80 STEP_VALIDATION, // Policy validation. |
| 81 STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| 82 STEP_STORE_POLICY, // Storing policy. |
| 83 STEP_FINISHED, // Enrollment process finished, no further action. |
| 84 }; |
| 85 |
| 86 // Starts registration if the store is initialized. |
| 87 void AttemptRegistration(); |
| 88 |
| 89 // Handles the policy validation result, proceeding with installation-time |
| 90 // attributes locking if successful. |
| 91 void PolicyValidated(DeviceCloudPolicyValidator* validator); |
| 92 |
| 93 // Writes install attributes and proceeds to policy installation. If |
| 94 // unsuccessful, reports the result. |
| 95 void WriteInstallAttributes(const std::string& user, |
| 96 DeviceMode device_mode, |
| 97 const std::string& device_id); |
| 98 |
| 99 // Drops any ongoing actions. |
| 100 void Stop(); |
| 101 |
| 102 // Reports the result of the enrollment process to the initiator. |
| 103 void ReportResult(EnrollmentStatus status); |
| 104 |
| 105 DeviceCloudPolicyStoreChromeOS* store_; |
| 106 EnterpriseInstallAttributes* install_attributes_; |
| 107 scoped_ptr<CloudPolicyClient> client_; |
| 108 |
| 109 std::string auth_token_; |
| 110 AllowedDeviceModes allowed_device_modes_; |
| 111 EnrollmentCallback completion_callback_; |
| 112 |
| 113 // The device mode as received in the registration request. |
| 114 DeviceMode device_mode_; |
| 115 |
| 116 // The validated policy response to be installed in the store. |
| 117 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; |
| 118 |
| 119 // Current enrollment step. |
| 120 EnrollmentStep enrollment_step_; |
| 121 |
| 122 // Total amount of time in milliseconds spent waiting for lockbox |
| 123 // initialization. |
| 124 int lockbox_init_duration_; |
| 125 |
| 126 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_factory_; |
| 127 |
| 128 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); |
| 129 }; |
| 130 |
| 131 } // namespace policy |
| 132 |
| 133 #endif // CHROME_BROWSER_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10928036:
Implement Chrome OS device enrollment on the new cloud policy stack. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src