Move user cloud policy to BrowserProcess.

chrome/browser/policy/browser_policy_connector.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/browser_policy_connector.h"
 
 #include "base/command_line.h"
 #include "base/path_service.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/net/gaia/token_service.h"
+#include "chrome/browser/policy/cloud_policy_provider.h"
 #include "chrome/browser/policy/cloud_policy_subsystem.h"
 #include "chrome/browser/policy/configuration_policy_pref_store.h"
 #include "chrome/browser/policy/configuration_policy_provider.h"
 #include "chrome/browser/policy/dummy_configuration_policy_provider.h"
+#include "chrome/browser/policy/user_policy_cache.h"
+#include "chrome/browser/policy/user_policy_identity_strategy.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
-
+#include "chrome/common/net/gaia/gaia_constants.h"
+#include "content/common/notification_details.h"
+#include "content/common/notification_source.h"
 #if defined(OS_WIN)
 #include "chrome/browser/policy/configuration_policy_provider_win.h"
 #elif defined(OS_MACOSX)
 #include "chrome/browser/policy/configuration_policy_provider_mac.h"
 #elif defined(OS_POSIX)
 #include "chrome/browser/policy/config_dir_policy_provider.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/cros/cros_library.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/policy/device_policy_cache.h"
 #include "chrome/browser/policy/device_policy_identity_strategy.h"
 #include "chrome/browser/policy/enterprise_install_attributes.h"
+#include "content/common/notification_service.h"
 #endif
 
 namespace policy {
 
 namespace {
 
+// The directory suffixes for user cloud policy.
+const FilePath::CharType kPolicyDir[] = FILE_PATH_LITERAL("Device Management");
+const FilePath::CharType kTokenCacheFile[] = FILE_PATH_LITERAL("Token");
+const FilePath::CharType kPolicyCacheFile[] = FILE_PATH_LITERAL("Policy");
+
 // The following constants define delays applied before the initial policy fetch
 // on startup. (So that displaying Chrome's GUI does not get delayed.)
 // Delay in milliseconds from startup.
 const int64 kServiceInitializationStartupDelay = 5000;
 
 }  // namespace
 
 // static
 BrowserPolicyConnector* BrowserPolicyConnector::Create() {
   return new BrowserPolicyConnector();
 }
 
 BrowserPolicyConnector::BrowserPolicyConnector()
     : ALLOW_THIS_IN_INITIALIZER_LIST(method_factory_(this)) {
   managed_platform_provider_.reset(CreateManagedPlatformProvider());
   recommended_platform_provider_.reset(CreateRecommendedPlatformProvider());
 
+  managed_cloud_provider_.reset(new CloudPolicyProvider(
+      ConfigurationPolicyPrefStore::GetChromePolicyDefinitionList(),
+      CloudPolicyCacheBase::POLICY_LEVEL_MANDATORY));
+  recommended_cloud_provider_.reset(new CloudPolicyProvider(
+      ConfigurationPolicyPrefStore::GetChromePolicyDefinitionList(),
+      CloudPolicyCacheBase::POLICY_LEVEL_RECOMMENDED));
+
 #if defined(OS_CHROMEOS)
-  CommandLine* command_line = CommandLine::ForCurrentProcess();
-  if (command_line->HasSwitch(switches::kEnableDevicePolicy)) {
-    identity_strategy_.reset(new DevicePolicyIdentityStrategy());
-    install_attributes_.reset(new EnterpriseInstallAttributes(
-        chromeos::CrosLibrary::Get()->GetCryptohomeLibrary()));
-    cloud_policy_subsystem_.reset(new CloudPolicySubsystem(
-        identity_strategy_.get(),
-        new DevicePolicyCache(identity_strategy_.get(),
-                              install_attributes_.get())));
-
-    // Initialize the subsystem once the message loops are spinning.
-    MessageLoop::current()->PostTask(
-        FROM_HERE,
-        method_factory_.NewRunnableMethod(&BrowserPolicyConnector::Initialize));
-  }
+  InitializeDevicePolicy();
 #endif
 }
 
 BrowserPolicyConnector::BrowserPolicyConnector(
     ConfigurationPolicyProvider* managed_platform_provider,
-    ConfigurationPolicyProvider* recommended_platform_provider)
+    ConfigurationPolicyProvider* recommended_platform_provider,
+    CloudPolicyProvider* managed_cloud_provider,
+    CloudPolicyProvider* recommended_cloud_provider)
     : managed_platform_provider_(managed_platform_provider),
       recommended_platform_provider_(recommended_platform_provider),
+      managed_cloud_provider_(managed_cloud_provider),
+      recommended_cloud_provider_(recommended_cloud_provider),
       ALLOW_THIS_IN_INITIALIZER_LIST(method_factory_(this)) {}
 
 BrowserPolicyConnector::~BrowserPolicyConnector() {
-  if (cloud_policy_subsystem_.get())
-    cloud_policy_subsystem_->Shutdown();
-  cloud_policy_subsystem_.reset();
+  // Shutdown device cloud policy.
 #if defined(OS_CHROMEOS)
-  identity_strategy_.reset();
+  if (device_cloud_policy_subsystem_.get())
+    device_cloud_policy_subsystem_->Shutdown();
+  device_cloud_policy_subsystem_.reset();
+  device_identity_strategy_.reset();
 #endif
+
+  // Shutdown user cloud policy.
+  if (user_cloud_policy_subsystem_.get())
+    user_cloud_policy_subsystem_->Shutdown();
+  user_cloud_policy_subsystem_.reset();
+  user_identity_strategy_.reset();
 }
 
 ConfigurationPolicyProvider*
     BrowserPolicyConnector::GetManagedPlatformProvider() const {
   return managed_platform_provider_.get();
 }
 
 ConfigurationPolicyProvider*
     BrowserPolicyConnector::GetManagedCloudProvider() const {
-  if (cloud_policy_subsystem_.get())
-    return cloud_policy_subsystem_->GetManagedPolicyProvider();
-
-  return NULL;
+  return managed_cloud_provider_.get();
 }
 
 ConfigurationPolicyProvider*
     BrowserPolicyConnector::GetRecommendedPlatformProvider() const {
   return recommended_platform_provider_.get();
 }
 
 ConfigurationPolicyProvider*
     BrowserPolicyConnector::GetRecommendedCloudProvider() const {
-  if (cloud_policy_subsystem_.get())
-    return cloud_policy_subsystem_->GetRecommendedPolicyProvider();
-
-  return NULL;
+  return recommended_cloud_provider_.get();
 }
 
 ConfigurationPolicyProvider*
     BrowserPolicyConnector::CreateManagedPlatformProvider() {
   const ConfigurationPolicyProvider::PolicyDefinitionList* policy_list =
       ConfigurationPolicyPrefStore::GetChromePolicyDefinitionList();
 #if defined(OS_WIN)
   return new ConfigurationPolicyProviderWin(policy_list);
 #elif defined(OS_MACOSX)
   return new ConfigurationPolicyProviderMac(policy_list);
@@ skipping 22 matching lines @@
         policy_list,
         config_dir_path.Append(FILE_PATH_LITERAL("recommended")));
   } else {
     return new DummyConfigurationPolicyProvider(policy_list);
   }
 #else
   return new DummyConfigurationPolicyProvider(policy_list);
 #endif
 }
 
-void BrowserPolicyConnector::SetCredentials(const std::string& owner_email,
-                                            const std::string& gaia_token) {
+void BrowserPolicyConnector::SetDeviceCredentials(
+    const std::string& owner_email,
+    const std::string& gaia_token) {
 #if defined(OS_CHROMEOS)
-  if (identity_strategy_.get())
-    identity_strategy_->SetAuthCredentials(owner_email, gaia_token);
+  if (device_identity_strategy_.get())
+    device_identity_strategy_->SetAuthCredentials(owner_email, gaia_token);
 #endif
 }
 
 bool BrowserPolicyConnector::IsEnterpriseManaged() {
 #if defined(OS_CHROMEOS)
   return install_attributes_.get() && install_attributes_->IsEnterpriseDevice();
 #else
   return false;
 #endif
 }
@@ skipping 10 matching lines @@
 
 std::string BrowserPolicyConnector::GetEnterpriseDomain() {
 #if defined(OS_CHROMEOS)
   if (install_attributes_.get())
     return install_attributes_->GetDomain();
 #endif
 
   return std::string();
 }
 
-void BrowserPolicyConnector::StopAutoRetry() {
-  if (cloud_policy_subsystem_.get())
-    cloud_policy_subsystem_->StopAutoRetry();
-}
-
-void BrowserPolicyConnector::FetchPolicy() {
+void BrowserPolicyConnector::DeviceStopAutoRetry() {
 #if defined(OS_CHROMEOS)
-  if (identity_strategy_.get())
-    return identity_strategy_->FetchPolicy();
+  if (device_cloud_policy_subsystem_.get())
+    device_cloud_policy_subsystem_->StopAutoRetry();
 #endif
 }
 
-void BrowserPolicyConnector::Initialize() {
-  if (cloud_policy_subsystem_.get()) {
-    cloud_policy_subsystem_->Initialize(
+void BrowserPolicyConnector::FetchDevicePolicy() {
+#if defined(OS_CHROMEOS)
+  if (device_identity_strategy_.get())
+    return device_identity_strategy_->FetchPolicy();
+#endif
+}
+
+void BrowserPolicyConnector::InitializeUserPolicy(std::string& user_name,
+                                                  const FilePath& policy_dir,
+                                                  TokenService* token_service) {
+  // Throw away the old backend.
+  user_cloud_policy_subsystem_.reset();
+  user_identity_strategy_.reset();
+  registrar_.RemoveAll();
+
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(switches::kDeviceManagementUrl)) {
+    token_service_ = token_service;
+    registrar_.Add(this,
+                   NotificationType::TOKEN_AVAILABLE,
+                   Source<TokenService>(token_service_));
+
+    // Register for the event of user login on CrOS to make sure that the user
+    // is not changing while the user policy backend is active.
+#if defined(OS_CHROMEOS)
+    registrar_.Add(this,
+                   NotificationType::LOGIN_USER_CHANGED,
+                   NotificationService::AllSources());
+#endif
+    FilePath policy_cache_dir = policy_dir.Append(kPolicyDir);
+    UserPolicyCache* user_policy_cache =
+        new UserPolicyCache(policy_cache_dir.Append(kPolicyCacheFile));
+
+    // Prepending user caches meaning they will take precedence of device policy
+    // caches.
+    managed_cloud_provider_->PrependCache(user_policy_cache);
+    recommended_cloud_provider_->PrependCache(user_policy_cache);
+    user_identity_strategy_.reset(
+        new UserPolicyIdentityStrategy(
+            user_name,
+            policy_cache_dir.Append(kTokenCacheFile)));
+    user_cloud_policy_subsystem_.reset(new CloudPolicySubsystem(
+        user_identity_strategy_.get(),
+        user_policy_cache));
+
+    // Initiate the DM-Token load.
+    user_identity_strategy_->LoadTokenCache();
+
+    // In case the token of |token_service_| is already available we set it
+    // directly, since there will be no notification for it.
+    if (token_service_->HasTokenForService(
+            GaiaConstants::kDeviceManagementService)) {
+      user_identity_strategy_->SetAuthToken(
+          token_service_->GetTokenForService(
+              GaiaConstants::kDeviceManagementService));
+    }
+
+    // TODO(sfeuz): This already assumes that user policy refresh rate
+    // preference lives in local_state.
+    user_cloud_policy_subsystem_->Initialize(
         g_browser_process->local_state(),
         kServiceInitializationStartupDelay);
   }
 }
 
-void BrowserPolicyConnector::ScheduleServiceInitialization(
+void BrowserPolicyConnector::ScheduleUserServiceInitialization(
     int64 delay_milliseconds) {
-  if (cloud_policy_subsystem_.get())
-    cloud_policy_subsystem_->ScheduleServiceInitialization(delay_milliseconds);
+  if (user_cloud_policy_subsystem_.get())
+    user_cloud_policy_subsystem_->
+        ScheduleServiceInitialization(delay_milliseconds);
+}
+
+void BrowserPolicyConnector::InitializeDevicePolicy() {
+#if defined(OS_CHROMEOS)
+  // Throw away the old backend.
+  device_cloud_policy_subsystem_.reset();
+  device_identity_strategy_.reset();
+
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(switches::kEnableDevicePolicy)) {
+    device_cloud_policy_subsystem_.reset();
+    device_identity_strategy_.reset();
+
+    device_identity_strategy_.reset(new DevicePolicyIdentityStrategy());
+    install_attributes_.reset(new EnterpriseInstallAttributes(
+        chromeos::CrosLibrary::Get()->GetCryptohomeLibrary()));
+    DevicePolicyCache* device_policy_cache =
+        new DevicePolicyCache(device_identity_strategy_.get(),
+                              install_attributes_.get());
+
+    managed_cloud_provider_->AppendCache(device_policy_cache);
+    recommended_cloud_provider_->AppendCache(device_policy_cache);
+
+    device_cloud_policy_subsystem_.reset(new CloudPolicySubsystem(
+        device_identity_strategy_.get(),
+        device_policy_cache));
+
+    // Initialize the subsystem once the message loops are spinning.
+    MessageLoop::current()->PostTask(
+        FROM_HERE,
+        method_factory_.NewRunnableMethod(
+            &BrowserPolicyConnector::InitializeDevicePolicySubsystem));
+  }
+#endif
+}
+
+void BrowserPolicyConnector::InitializeDevicePolicySubsystem() {
+#if defined(OS_CHROMEOS)
+  if (device_cloud_policy_subsystem_.get()) {
+    device_cloud_policy_subsystem_->Initialize(
+        g_browser_process->local_state(),
+        kServiceInitializationStartupDelay);
+  }
+#endif
+}
+
+void BrowserPolicyConnector::ScheduleDeviceServiceInitialization(
+    int64 delay_milliseconds) {
+#if defined(OS_CHROMEOS)
+  if (device_cloud_policy_subsystem_.get()) {
+    device_cloud_policy_subsystem_->
+        ScheduleServiceInitialization(delay_milliseconds);
+  }
+#endif
+}
+
+void BrowserPolicyConnector::Observe(NotificationType type,
+                                     const NotificationSource& source,
+                                     const NotificationDetails& details) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  if (type == NotificationType::TOKEN_AVAILABLE) {
+    const TokenService::TokenService* token_source =
+        Source<const TokenService>(source).ptr();
+    DCHECK_EQ(token_service_, token_source);
+    const TokenService::TokenAvailableDetails* token_details =
+        Details<const TokenService::TokenAvailableDetails>(details).ptr();
+    if (token_details->service() == GaiaConstants::kDeviceManagementService)
+      if (user_identity_strategy_.get())
+        user_identity_strategy_->SetAuthToken(token_details->token());
+#if defined(OS_CHROMEOS)
+  } else if (type == NotificationType::LOGIN_USER_CHANGED) {
+    const chromeos::UserManager::User* user_details =
+      Details<const chromeos::UserManager::User>(details).ptr();
+    std::string current_username, current_auth_token;
+    user_identity_strategy_->GetCredentials(&current_username,
+                                            &current_auth_token);
+    DCHECK_EQ(current_username, user_details->email());
+#endif
+  } else {
+    NOTREACHED();
+  }
 }
 
 }  // namespace