Connect enrollment screen to cloud policy subsystem.

chrome/browser/chromeos/login/enterprise_enrollment_screen.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/enterprise_enrollment_screen.h"
 
+#include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/cros/cros_library.h"
+#include "chrome/browser/chromeos/cros/system_library.h"
 #include "chrome/browser/chromeos/login/screen_observer.h"
+#include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 
+// MachineInfo key names.
+const char kMachineInfoSystemHwqual[] = "hardware_class";
+const char kMachineInfoSerialNumber[] = "serial_number";
+
 namespace chromeos {
 
 EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen(
     WizardScreenDelegate* delegate)
     : ViewScreen<EnterpriseEnrollmentView>(delegate) {}
 
 EnterpriseEnrollmentScreen::~EnterpriseEnrollmentScreen() {}
 
 void EnterpriseEnrollmentScreen::Authenticate(const std::string& user,
                                               const std::string& password,
                                               const std::string& captcha,
                                               const std::string& access_code) {
   captcha_token_.clear();
+  user_ = user;
   auth_fetcher_.reset(
       new GaiaAuthFetcher(this, GaiaConstants::kChromeSource,
                           g_browser_process->system_request_context()));
 
   if (access_code.empty()) {
     auth_fetcher_->StartClientLogin(user, password,
                                     GaiaConstants::kDeviceManagementService,
                                     captcha_token_, captcha,
                                     GaiaAuthFetcher::HostedAccountsAllowed);
   } else {
     auth_fetcher_->StartClientLogin(user, access_code,
                                     GaiaConstants::kDeviceManagementService,
                                     std::string(), std::string(),
                                     GaiaAuthFetcher::HostedAccountsAllowed);
   }
 }
 
 void EnterpriseEnrollmentScreen::CancelEnrollment() {
   auth_fetcher_.reset();
   ScreenObserver* observer = delegate()->GetObserver(this);
   observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_CANCELLED);

[Nikita (slow), 2011/04/12 12:49:30]

We don't need to call
g_browser_process->browser_policy_connector()->StopAutoRetry();
here because it will continue retrying in the background?

More general question is what happens if enrollment is unsuccessful/cancelled
during OOBE. Machine would have to go through OOBE again to retry it, right?

[Mattias Nissler (ping if slow), 2011/04/12 14:07:15]

You have a point. We should definitely make the StopAutoRetry() call here, since
we don't want it to auto-retry in the background. Fixed.

 }
 
 void EnterpriseEnrollmentScreen::CloseConfirmation() {
   auth_fetcher_.reset();
   ScreenObserver* observer = delegate()->GetObserver(this);
   observer->OnExit(ScreenObserver::ENTERPRISE_ENROLLMENT_COMPLETED);
 }
 
-EnterpriseEnrollmentView* EnterpriseEnrollmentScreen::AllocateView() {
-  return new EnterpriseEnrollmentView(this);
-}
-
 void EnterpriseEnrollmentScreen::OnClientLoginSuccess(
     const ClientLoginResult& result) {
   auth_fetcher_->StartIssueAuthToken(result.sid, result.lsid,
                                      GaiaConstants::kDeviceManagementService);
 }
 
 void EnterpriseEnrollmentScreen::OnClientLoginFailure(
     const GoogleServiceAuthError& error) {
   HandleAuthError(error);
 }
 
 void EnterpriseEnrollmentScreen::OnIssueAuthTokenSuccess(
     const std::string& service,
     const std::string& auth_token) {
   if (service != GaiaConstants::kDeviceManagementService) {
     NOTREACHED() << service;
     return;
   }
 
-  auth_fetcher_.reset();
+  scoped_ptr<GaiaAuthFetcher> auth_fetcher(auth_fetcher_.release());
 
-  // TODO(mnissler): Trigger actual enrollment here!
+  policy::BrowserPolicyConnector* connector =
+      g_browser_process->browser_policy_connector();
+  if (!connector->cloud_policy_subsystem()) {
+    NOTREACHED() << "Cloud policy subsystem not initialized.";
+    if (view())
+      view()->ShowFatalEnrollmentError();
+    return;
+  }
 
-  if (view())
-    view()->ShowConfirmationScreen();
+  registrar_.reset(new policy::CloudPolicySubsystem::ObserverRegistrar(
+      connector->cloud_policy_subsystem(), this));
+
+  // Push the credentials to the policy infrastructure. It'll start enrollment
+  // and notify us of progress through CloudPolicySubsystem::Observer.
+  connector->SetCredentials(user_, auth_token, GetMachineId());

[Nikita (slow), 2011/04/12 12:46:22]

Is this process somehow shown to user, like spinner or so?
Also is it possible for the user to close screen somehow while enrollment is in
process. What happens then?

[Mattias Nissler (ping if slow), 2011/04/12 14:07:15]

It's just the login spinner on the GAIA login box, so there is some indication
of "something is going on". I know this is not perfect, but I think it's
sufficient for now. Note that the whole process completes in less then a second
in my tests, so we should be good.

Concerning the cancel button, see my comment above.

 }
 
 void EnterpriseEnrollmentScreen::OnIssueAuthTokenFailure(
     const std::string& service,
     const GoogleServiceAuthError& error) {
   if (service != GaiaConstants::kDeviceManagementService) {
     NOTREACHED() << service;
     return;
   }
 
   HandleAuthError(error);
 }
 
+void EnterpriseEnrollmentScreen::OnPolicyStateChanged(
+    policy::CloudPolicySubsystem::PolicySubsystemState state,
+    policy::CloudPolicySubsystem::ErrorDetails error_details) {
+
+  if (view()) {
+    switch (state) {
+      case policy::CloudPolicySubsystem::UNENROLLED:
+        // Still working...
+        return;
+      case policy::CloudPolicySubsystem::BAD_GAIA_TOKEN:
+      case policy::CloudPolicySubsystem::LOCAL_ERROR:
+        view()->ShowFatalEnrollmentError();
+        break;
+      case policy::CloudPolicySubsystem::UNMANAGED:
+        view()->ShowAccountError();
+        break;
+      case policy::CloudPolicySubsystem::NETWORK_ERROR:
+        view()->ShowNetworkEnrollmentError();
+        break;
+      case policy::CloudPolicySubsystem::SUCCESS:
+        // Success!
+        registrar_.reset();
+        view()->ShowConfirmationScreen();
+        return;
+    }
+
+    // We have an error.
+    LOG(WARNING) << "Policy subsystem error during enrollment: " << state
+                 << " details: " << error_details;
+  }
+
+  // Stop the policy infrastructure.
+  registrar_.reset();
+  g_browser_process->browser_policy_connector()->StopAutoRetry();
+}
+
+EnterpriseEnrollmentView* EnterpriseEnrollmentScreen::AllocateView() {
+  return new EnterpriseEnrollmentView(this);
+}
+
 void EnterpriseEnrollmentScreen::HandleAuthError(
     const GoogleServiceAuthError& error) {
   scoped_ptr<GaiaAuthFetcher> scoped_killer(auth_fetcher_.release());
 
   if (!view())
     return;
 
   switch (error.state()) {
     case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
     case GoogleServiceAuthError::CONNECTION_FAILED:
@@ skipping 13 matching lines @@
       // fall through.
     case GoogleServiceAuthError::REQUEST_CANCELED:
       LOG(ERROR) << "Unexpected GAIA auth error: " << error.state();
       view()->ShowFatalAuthError();
       return;
   }
 
   NOTREACHED() << error.state();
 }
 
+std::string EnterpriseEnrollmentScreen::GetMachineId() {
+  chromeos::SystemLibrary* sys_lib =
+      chromeos::CrosLibrary::Get()->GetSystemLibrary();
+
+  std::string system_hwqual;
+  std::string serial_number;
+  if (!sys_lib->GetMachineStatistic(kMachineInfoSystemHwqual, &system_hwqual) ||

[Nikita (slow), 2011/04/12 12:46:22]

Just FYI, this information is only accessible during OOBE.
So after first user signs in, it will not be accessible.
Is this fine with enrollment flow?

[Mattias Nissler (ping if slow), 2011/04/12 14:07:15]

That's fine, since we can only enroll if the device hasn't been claimed (which
happens once a user logs in).

+      !sys_lib->GetMachineStatistic(kMachineInfoSerialNumber, &serial_number)) {
+    LOG(ERROR) << "Failed to get machine information";
+    return "";
+  }
+
+  return system_hwqual + " " + serial_number;
+}
+
 }  // namespace chromeos