Device policy infrastructure

chrome/browser/policy/device_token_fetcher.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_POLICY_DEVICE_TOKEN_FETCHER_H_
 #define CHROME_BROWSER_POLICY_DEVICE_TOKEN_FETCHER_H_
 #pragma once
 
 #include <string>
-#include <vector>
 
-#include "base/file_path.h"
 #include "base/observer_list.h"
-#include "base/ref_counted.h"
-#include "base/synchronization/waitable_event.h"
+#include "base/scoped_ptr.h"
+#include "base/task.h"
 #include "chrome/browser/policy/device_management_backend.h"
-#include "chrome/common/notification_observer.h"
-#include "chrome/common/notification_registrar.h"
-
-class Profile;
 
 namespace policy {
 
+class CloudPolicyCache;
+class DeviceManagementService;
+
 namespace em = enterprise_management;
 
 // Fetches the device token that can be used for policy requests with the device
 // management server, either from disk if it already has been successfully
 // requested, otherwise from the device management server. An instance of the
 // fetcher is shared as a singleton by all users of the device management token
 // to ensure they all get the same token.
 class DeviceTokenFetcher
-    : public NotificationObserver,
-      public DeviceManagementBackend::DeviceRegisterResponseDelegate,
-      public base::RefCountedThreadSafe<DeviceTokenFetcher> {
+    : public DeviceManagementBackend::DeviceRegisterResponseDelegate {
  public:
   class Observer {
    public:
-    virtual void OnTokenSuccess() = 0;
-    virtual void OnTokenError() = 0;
-    virtual void OnNotManaged() = 0;
     virtual ~Observer() {}
+    virtual void OnDeviceTokenAvailable() = 0;
   };
 
-  class ObserverRegistrar {
-   public:
-    ObserverRegistrar();
-    ~ObserverRegistrar();
-
-    void Init(DeviceTokenFetcher* token_fetcher);
-    void AddObserver(DeviceTokenFetcher::Observer* observer);
-    void RemoveAll();
-   private:
-    DeviceTokenFetcher* token_fetcher_;
-    std::vector<DeviceTokenFetcher::Observer*> observers_;
-  };
-
-  // Requests to the device management server are sent through |backend|. It
-  // obtains the authentication token from |token_service|. The fetcher stores
-  // the device token to |token_path| once it's retrieved from the server.
-  DeviceTokenFetcher(DeviceManagementBackend* backend,
-                     Profile* profile,
-                     const FilePath& token_path);
+  // |service| is used to talk to the device management service and |cache| is
+  // used to persist whether the device is unmanaged.
+  DeviceTokenFetcher(DeviceManagementService* service,
+                     CloudPolicyCache* cache);
+  // Version for tests that allows to set timing paramters.
+  DeviceTokenFetcher(DeviceManagementService* service,
+                     CloudPolicyCache* cache,
+                     int64 token_fetch_error_delay_ms,
+                     int64 unmanaged_device_refresh_rate_ms);
   virtual ~DeviceTokenFetcher();
 
-  // NotificationObserver method overrides:
-  virtual void Observe(NotificationType type,
-                       const NotificationSource& source,
-                       const NotificationDetails& details);
+  // Starts fetching a token.
+  // Declared virtual so it can be overridden by mocks.
+  virtual void FetchToken(const std::string& auth_token,
+                          const std::string& device_id);
+
+  // Returns the device management token or the empty string if not available.
+  // Declared virtual so it can be overridden by mocks.
+  virtual const std::string& GetDeviceToken();
+
+  void AddObserver(Observer* observer);
+  void RemoveObserver(Observer* observer);
 
   // DeviceManagementBackend::DeviceRegisterResponseDelegate method overrides:
   virtual void HandleRegisterResponse(
       const em::DeviceRegisterResponse& response);
   virtual void OnError(DeviceManagementBackend::ErrorCode code);
 
-  // Re-initializes this DeviceTokenFetcher
-  void Restart();
-
-  // Called by subscribers of the device management token to indicate that they
-  // will need the token in the future. Must be called on the UI thread.
-  void StartFetching();
-
-  // Returns true if there is a pending token request to the device management
-  // server.
-  bool IsTokenPending();
-
-  // Returns the device management token for this device, blocking until
-  // outstanding requests to the device management server are satisfied.  In the
-  // case that the token could not be fetched, an empty string is returned.
-  std::string GetDeviceToken();
-
-  // Returns the device ID for this device. If no such ID has been set yet, a
-  // new ID is generated and returned.
-  std::string GetDeviceID();
-
-  // True if the fetcher has a valid AuthToken for the device management server.
-  bool HasAuthToken() const { return !auth_token_.empty(); }
-
-  // True if the device token has been fetched and is valid.
-  bool IsTokenValid() const;
-
- protected:
-  // Returns the email address of the currently logged-in user.
-  virtual std::string GetCurrentUser();
-
-  // Used to identify GOOGLE_SIGNIN_SUCCESSFUL notifications from the owning
-  // profile, and to query for the current username.
-  Profile* profile_; // weak
-
  private:
   friend class DeviceTokenFetcherTest;
 
   // The different states that the fetcher can be in during the process of
-  // getting the device token.
+  // getting the device token. |state_| is initialized to INACTIVE, depending
+  // on the result of a token fetching attempt can transition to either of
+  // TOKEN_AVAILABLE, UNMANAGED, or ERROR. The first attempt must be triggered
+  // externally. When |state_| is UNMANAGED, a new fetching attempt is
+  // performed every |unmanaged_device_refresh_rate_ms_|; when it's ERROR,
+  // a new attempt is done after |effective_token_fetch_error_delay_ms_|.
   enum FetcherState {
-    kStateNotStarted,
-    kStateLoadDeviceTokenFromDisk,
-    kStateReadyToRequestDeviceTokenFromServer,
-    kStateRequestingDeviceTokenFromServer,
-    kStateHasDeviceToken,
-    kStateFailure,
-    kStateNotManaged,
+    // Fetcher inactive.
+    STATE_INACTIVE,
+    // Token available.
+    STATE_TOKEN_AVAILABLE,
+    // Device unmanaged.
+    STATE_UNMANAGED,
+    // Error, retry later.
+    STATE_ERROR,
   };
 
-  // Moves the fetcher into a new state. If the fetcher has the device token
-  // or is moving into the failure state, callers waiting on WaitForToken
-  // are unblocked.
+  // Common initialization helper.
+  void Initialize(DeviceManagementService* service,
+                  CloudPolicyCache* cache,
+                  int64 token_fetch_error_delay_ms,
+                  int64 unmanaged_device_refresh_rate_ms);
+
+  // Moves the fetcher into a new state.
   void SetState(FetcherState state);
 
-  // Returns the full path to the file that persists the device manager token.
-  void GetDeviceTokenPath(FilePath* token_path) const;
+  // Resets |backend_|, then uses |auth_token_| and |device_id_| to perform
+  // an actual token fetch.
+  void FetchTokenInternal();
 
-  // Tries to load the device token from disk. Must be called on the FILE
-  // thread.
-  void AttemptTokenLoadFromDisk();
+  // Called back from the |retry_task_|.
+  void ExecuteRetryTask();
 
-  // Called if it's not possible to load the device token from disk.  Sets the
-  // fetcher in a state that's ready to register the device with the device
-  // management server and receive the device token in return. If the AuthToken
-  // for the device management server is available, initiate the server
-  // request.
-  void MakeReadyToRequestDeviceToken();
+  // Cancels the |retry_task_|.
+  void CancelRetryTask();
 
-  // Issues a registration request to the server if both the fetcher is in the
-  // ready-to-request state and the device management server AuthToken is
-  // available.
-  void SendServerRequestIfPossible();
+  // Service and backend. A new backend is created whenever the fetcher gets
+  // reset.
+  DeviceManagementService* service_;  // weak
+  scoped_ptr<DeviceManagementBackend> backend_;
 
-  void AddObserver(Observer* obs) {
-    observer_list_.AddObserver(obs);
-  }
+  // Reference to the cache. Used to persist and read unmanaged state.
+  CloudPolicyCache* cache_;
 
-  void RemoveObserver(Observer* obs) {
-    observer_list_.RemoveObserver(obs);
-  }
+  // Refresh parameters.
+  int64 token_fetch_error_delay_ms_;
+  int64 effective_token_fetch_error_delay_ms_;
+  int64 unmanaged_device_refresh_rate_ms_;
 
-  void NotifyTokenSuccess() {
-    FOR_EACH_OBSERVER(Observer, observer_list_, OnTokenSuccess());
-  }
+  // State the fetcher is currently in.
+  FetcherState state_;
 
-  void NotifyTokenError() {
-    FOR_EACH_OBSERVER(Observer, observer_list_, OnTokenError());
-  }
+  // Current device token.
+  std::string device_token_;
 
-  void NotifyNotManaged() {
-    FOR_EACH_OBSERVER(Observer, observer_list_, OnNotManaged());
-  }
+  // Contains the AuthToken for the device management server.
+  std::string auth_token_;
+  // Device identifier to send to the server.
+  std::string device_id_;
 
-  // Saves the device management token to disk once it has been retrieved from
-  // the server. Must be called on the FILE thread.
-  static void WriteDeviceTokenToDisk(const FilePath& path,
-                                     const std::string& token,
-                                     const std::string& device_id);
+  // Task that has been scheduled to retry fetching a token.
+  CancelableTask* retry_task_;
 
-  // Generates a new device ID used to register the device with the device
-  // management server and generate the device token.
-  static std::string GenerateNewDeviceID();
+  ScopedRunnableMethodFactory<DeviceTokenFetcher> method_factory_;
 
   ObserverList<Observer, true> observer_list_;
-  FilePath token_path_;
-  DeviceManagementBackend* backend_;  // weak
-  FetcherState state_;
-  std::string device_token_;
-  std::string device_id_;
-
-  // Contains the AuthToken for the device management server. Empty if the
-  // AuthToken hasn't been issued yet or that was an error getting the
-  // AuthToken.
-  std::string auth_token_;
-
-  // An event that is signaled only once the device token has been fetched
-  // or it has been determined that there was an error during fetching.
-  base::WaitableEvent device_token_load_complete_event_;
-
-  // Registers the fetcher for notification of successful Gaia logins.
-  NotificationRegistrar registrar_;
 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_POLICY_DEVICE_TOKEN_FETCHER_H_