Chromium Code Reviews Chromium Code Reviews
Issue 12538009:
Public Sessions: fetch device robot api token during enterprise enrollment. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
| 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 15 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" | 15 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" |
| 16 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 16 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| 17 #include "chrome/browser/policy/cloud/cloud_policy_client.h" | 17 #include "chrome/browser/policy/cloud/cloud_policy_client.h" |
| 18 #include "chrome/browser/policy/cloud/cloud_policy_store.h" | 18 #include "chrome/browser/policy/cloud/cloud_policy_store.h" |
| 19 #include "google_apis/gaia/gaia_oauth_client.h" | |
| 19 | 20 |
| 20 namespace enterprise_management { | 21 namespace enterprise_management { |
| 21 class PolicyFetchResponse; | 22 class PolicyFetchResponse; |
| 22 } | 23 } |
| 23 | 24 |
| 24 namespace policy { | 25 namespace policy { |
| 25 | 26 |
| 26 // Implements the logic that establishes enterprise enrollment for Chromium OS | 27 // Implements the logic that establishes enterprise enrollment for Chromium OS |
| 27 // devices. The process is as follows: | 28 // devices. The process is as follows: |
| 28 // 1. Given an auth token, register with the policy service. | 29 // 1. Given an auth token, register with the policy service. |
| 29 // 2. Download the initial policy blob from the service. | 30 // 2. Download the initial policy blob from the service. |
| 31 // it. | |
|
Mattias Nissler (ping if slow)
2013/04/22 10:59:00
away.
David Roche
2013/04/23 01:36:08
Oops, should have moved down with other lines. T
| |
| 30 // 3. Verify the policy blob. Everything up to this point doesn't touch device | 32 // 3. Verify the policy blob. Everything up to this point doesn't touch device |
| 31 // state. | 33 // state. |
| 32 // 4. Establish the device lock in installation-time attributes. | 34 // 4. Download the OAuth2 authorization code for device-level API access. |
| 33 // 5. Store the policy blob. | 35 // 5. Download the OAuth2 refresh token for device-level API access and store |
| 36 // 6. Establish the device lock in installation-time attributes. | |
| 37 // 7. Store the policy blob and API refresh token. | |
| 34 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, | 38 class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| 35 public CloudPolicyStore::Observer { | 39 public CloudPolicyStore::Observer, |
| 40 public gaia::GaiaOAuthClient::Delegate { | |
| 36 public: | 41 public: |
| 37 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes | 42 typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes |
| 38 AllowedDeviceModes; | 43 AllowedDeviceModes; |
| 39 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback | 44 typedef DeviceCloudPolicyManagerChromeOS::EnrollmentCallback |
| 40 EnrollmentCallback; | 45 EnrollmentCallback; |
| 41 | 46 |
| 42 // |store| and |install_attributes| must remain valid for the life time of the | 47 // |store| and |install_attributes| must remain valid for the life time of the |
| 43 // enrollment handler. |allowed_device_modes| determines what device modes | 48 // enrollment handler. |allowed_device_modes| determines what device modes |
| 44 // are acceptable. If the mode specified by the server is not acceptable, | 49 // are acceptable. If the mode specified by the server is not acceptable, |
| 45 // enrollment will fail with an EnrollmentStatus indicating | 50 // enrollment will fail with an EnrollmentStatus indicating |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 57 // Starts the enrollment process and reports the result to | 62 // Starts the enrollment process and reports the result to |
| 58 // |completion_callback_|. | 63 // |completion_callback_|. |
| 59 void StartEnrollment(); | 64 void StartEnrollment(); |
| 60 | 65 |
| 61 // Releases the client. | 66 // Releases the client. |
| 62 scoped_ptr<CloudPolicyClient> ReleaseClient(); | 67 scoped_ptr<CloudPolicyClient> ReleaseClient(); |
| 63 | 68 |
| 64 // CloudPolicyClient::Observer: | 69 // CloudPolicyClient::Observer: |
| 65 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; | 70 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; |
| 66 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; | 71 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; |
| 72 virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE; | |
| 67 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; | 73 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; |
| 68 | 74 |
| 69 // CloudPolicyStore::Observer: | 75 // CloudPolicyStore::Observer: |
| 70 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; | 76 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; |
| 71 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; | 77 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; |
| 72 | 78 |
| 79 // GaiaOAuthClient::Delegate: | |
| 80 virtual void OnGetTokensResponse(const std::string& refresh_token, | |
| 81 const std::string& access_token, | |
| 82 int expires_in_seconds) OVERRIDE; | |
| 83 virtual void OnRefreshTokenResponse(const std::string& access_token, | |
| 84 int expires_in_seconds) OVERRIDE; | |
| 85 virtual void OnOAuthError() OVERRIDE; | |
| 86 virtual void OnNetworkError(int response_code) OVERRIDE; | |
| 87 | |
| 73 private: | 88 private: |
| 74 // Indicates what step of the process is currently pending. These steps need | 89 // Indicates what step of the process is currently pending. These steps need |
| 75 // to be listed in the order they are traversed in. | 90 // to be listed in the order they are traversed in. |
| 76 enum EnrollmentStep { | 91 enum EnrollmentStep { |
| 77 STEP_PENDING, // Not started yet. | 92 STEP_PENDING, // Not started yet. |
| 78 STEP_LOADING_STORE, // Waiting for |store_| to initialize. | 93 STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
| 79 STEP_REGISTRATION, // Currently registering the client. | 94 STEP_REGISTRATION, // Currently registering the client. |
| 80 STEP_POLICY_FETCH, // Fetching policy. | 95 STEP_POLICY_FETCH, // Fetching policy. |
| 81 STEP_VALIDATION, // Policy validation. | 96 STEP_VALIDATION, // Policy validation. |
| 82 STEP_LOCK_DEVICE, // Writing installation-time attributes. | 97 STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. |
| 83 STEP_STORE_POLICY, // Storing policy. | 98 STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. |
| 84 STEP_FINISHED, // Enrollment process finished, no further action. | 99 STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| 100 STEP_STORE_POLICY, // Storing policy. | |
| 101 STEP_STORE_ROBOT_AUTH, // Storing device API refresh token. | |
| 102 STEP_FINISHED, // Enrollment process finished, no further action. | |
| 85 }; | 103 }; |
| 86 | 104 |
| 87 // Starts registration if the store is initialized. | 105 // Starts registration if the store is initialized. |
| 88 void AttemptRegistration(); | 106 void AttemptRegistration(); |
| 89 | 107 |
| 90 // Handles the policy validation result, proceeding with installation-time | 108 // Handles the policy validation result, proceeding with installation-time |
| 91 // attributes locking if successful. | 109 // attributes locking if successful. |
| 92 void PolicyValidated(DeviceCloudPolicyValidator* validator); | 110 void PolicyValidated(DeviceCloudPolicyValidator* validator); |
| 93 | 111 |
| 94 // Calls LockDevice() and proceeds to policy installation. If unsuccessful, | 112 // Calls LockDevice() and proceeds to policy installation. If unsuccessful, |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 108 | 126 |
| 109 // Drops any ongoing actions. | 127 // Drops any ongoing actions. |
| 110 void Stop(); | 128 void Stop(); |
| 111 | 129 |
| 112 // Reports the result of the enrollment process to the initiator. | 130 // Reports the result of the enrollment process to the initiator. |
| 113 void ReportResult(EnrollmentStatus status); | 131 void ReportResult(EnrollmentStatus status); |
| 114 | 132 |
| 115 DeviceCloudPolicyStoreChromeOS* store_; | 133 DeviceCloudPolicyStoreChromeOS* store_; |
| 116 EnterpriseInstallAttributes* install_attributes_; | 134 EnterpriseInstallAttributes* install_attributes_; |
| 117 scoped_ptr<CloudPolicyClient> client_; | 135 scoped_ptr<CloudPolicyClient> client_; |
| 136 scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; | |
| 118 | 137 |
| 119 std::string auth_token_; | 138 std::string auth_token_; |
| 120 std::string client_id_; | 139 std::string client_id_; |
| 140 std::string robot_refresh_token_; | |
| 121 bool is_auto_enrollment_; | 141 bool is_auto_enrollment_; |
| 122 AllowedDeviceModes allowed_device_modes_; | 142 AllowedDeviceModes allowed_device_modes_; |
| 123 EnrollmentCallback completion_callback_; | 143 EnrollmentCallback completion_callback_; |
| 124 | 144 |
| 125 // The device mode as received in the registration request. | 145 // The device mode as received in the registration request. |
| 126 DeviceMode device_mode_; | 146 DeviceMode device_mode_; |
| 127 | 147 |
| 128 // The validated policy response to be installed in the store. | 148 // The validated policy response info to be installed in the store. |
| 129 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; | 149 scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; |
| 150 std::string username_; | |
| 151 std::string device_id_; | |
| 130 | 152 |
| 131 // Current enrollment step. | 153 // Current enrollment step. |
| 132 EnrollmentStep enrollment_step_; | 154 EnrollmentStep enrollment_step_; |
| 133 | 155 |
| 134 // Total amount of time in milliseconds spent waiting for lockbox | 156 // Total amount of time in milliseconds spent waiting for lockbox |
| 135 // initialization. | 157 // initialization. |
| 136 int lockbox_init_duration_; | 158 int lockbox_init_duration_; |
| 137 | 159 |
| 138 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_factory_; | 160 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_factory_; |
| 139 | 161 |
| 140 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); | 162 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); |
| 141 }; | 163 }; |
| 142 | 164 |
| 143 } // namespace policy | 165 } // namespace policy |
| 144 | 166 |
| 145 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 167 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| OLD | NEW |
