| OLD | NEW |
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/policy/consumer_enrollment_handler.h" | |
| 6 | |
| 7 #include "base/bind.h" | |
| 8 #include "base/location.h" | |
| 9 #include "base/logging.h" | |
| 10 #include "base/single_thread_task_runner.h" | |
| 11 #include "base/threading/thread_task_runner_handle.h" | |
| 12 #include "chrome/browser/browser_process.h" | |
| 13 #include "chrome/browser/browser_process_platform_part.h" | |
| 14 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_fact
ory.h" | |
| 15 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
| 16 #include "chrome/browser/chromeos/policy/consumer_management_service.h" | |
| 17 #include "chrome/browser/chromeos/policy/consumer_management_stage.h" | |
| 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h" | |
| 19 #include "chrome/browser/chromeos/policy/enrollment_config.h" | |
| 20 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" | |
| 21 #include "chrome/browser/profiles/profile.h" | |
| 22 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" | |
| 23 #include "chrome/browser/signin/signin_manager_factory.h" | |
| 24 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
| 25 #include "components/signin/core/browser/profile_oauth2_token_service.h" | |
| 26 #include "components/signin/core/browser/signin_manager_base.h" | |
| 27 #include "google_apis/gaia/gaia_constants.h" | |
| 28 #include "google_apis/gaia/google_service_auth_error.h" | |
| 29 | |
| 30 namespace policy { | |
| 31 | |
| 32 ConsumerEnrollmentHandler::ConsumerEnrollmentHandler( | |
| 33 Profile* profile, | |
| 34 ConsumerManagementService* consumer_management_service, | |
| 35 DeviceManagementService* device_management_service) | |
| 36 : Consumer("consumer_enrollment_handler"), | |
| 37 profile_(profile), | |
| 38 consumer_management_service_(consumer_management_service), | |
| 39 device_management_service_(device_management_service), | |
| 40 weak_ptr_factory_(this) { | |
| 41 gaia_account_id_ = SigninManagerFactory::GetForProfile(profile)-> | |
| 42 GetAuthenticatedAccountId(); | |
| 43 ContinueEnrollmentProcess(); | |
| 44 } | |
| 45 | |
| 46 ConsumerEnrollmentHandler::~ConsumerEnrollmentHandler() { | |
| 47 } | |
| 48 | |
| 49 void ConsumerEnrollmentHandler::Shutdown() { | |
| 50 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_)-> | |
| 51 RemoveObserver(this); | |
| 52 } | |
| 53 | |
| 54 void ConsumerEnrollmentHandler::OnRefreshTokenAvailable( | |
| 55 const std::string& account_id) { | |
| 56 if (account_id == gaia_account_id_) { | |
| 57 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_)-> | |
| 58 RemoveObserver(this); | |
| 59 OnOwnerRefreshTokenAvailable(); | |
| 60 } | |
| 61 } | |
| 62 | |
| 63 void ConsumerEnrollmentHandler::OnGetTokenSuccess( | |
| 64 const OAuth2TokenService::Request* request, | |
| 65 const std::string& access_token, | |
| 66 const base::Time& expiration_time) { | |
| 67 DCHECK_EQ(token_request_.get(), request); | |
| 68 base::ThreadTaskRunnerHandle::Get()->DeleteSoon(FROM_HERE, | |
| 69 token_request_.release()); | |
| 70 | |
| 71 OnOwnerAccessTokenAvailable(access_token); | |
| 72 } | |
| 73 | |
| 74 void ConsumerEnrollmentHandler::OnGetTokenFailure( | |
| 75 const OAuth2TokenService::Request* request, | |
| 76 const GoogleServiceAuthError& error) { | |
| 77 DCHECK_EQ(token_request_.get(), request); | |
| 78 base::ThreadTaskRunnerHandle::Get()->DeleteSoon(FROM_HERE, | |
| 79 token_request_.release()); | |
| 80 | |
| 81 LOG(ERROR) << "Failed to get the access token: " << error.ToString(); | |
| 82 EndEnrollment(ConsumerManagementStage::EnrollmentGetTokenFailed()); | |
| 83 } | |
| 84 | |
| 85 void ConsumerEnrollmentHandler::ContinueEnrollmentProcess() { | |
| 86 // First, we need to ensure that the refresh token is available. | |
| 87 ProfileOAuth2TokenService* token_service = | |
| 88 ProfileOAuth2TokenServiceFactory::GetForProfile(profile_); | |
| 89 if (token_service->RefreshTokenIsAvailable(gaia_account_id_)) { | |
| 90 OnOwnerRefreshTokenAvailable(); | |
| 91 } else { | |
| 92 token_service->AddObserver(this); | |
| 93 } | |
| 94 } | |
| 95 | |
| 96 void ConsumerEnrollmentHandler::OnOwnerRefreshTokenAvailable() { | |
| 97 // Now we can request the OAuth access token for device management to send the | |
| 98 // device registration request to the device management server. | |
| 99 OAuth2TokenService::ScopeSet oauth_scopes; | |
| 100 oauth_scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth); | |
| 101 token_request_ = ProfileOAuth2TokenServiceFactory::GetForProfile( | |
| 102 profile_)->StartRequest(gaia_account_id_, oauth_scopes, this); | |
| 103 } | |
| 104 | |
| 105 void ConsumerEnrollmentHandler::OnOwnerAccessTokenAvailable( | |
| 106 const std::string& access_token) { | |
| 107 // Now that we have the access token, we got everything we need to send the | |
| 108 // device registration request to the device management server. | |
| 109 BrowserPolicyConnectorChromeOS* connector = | |
| 110 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
| 111 DeviceCloudPolicyInitializer* initializer = | |
| 112 connector->GetDeviceCloudPolicyInitializer(); | |
| 113 CHECK(initializer); | |
| 114 | |
| 115 policy::DeviceCloudPolicyInitializer::AllowedDeviceModes device_modes; | |
| 116 device_modes[policy::DEVICE_MODE_ENTERPRISE] = true; | |
| 117 | |
| 118 EnrollmentConfig enrollment_config; | |
| 119 enrollment_config.mode = EnrollmentConfig::MODE_MANUAL; | |
| 120 initializer->StartEnrollment( | |
| 121 MANAGEMENT_MODE_CONSUMER_MANAGED, device_management_service_, | |
| 122 chromeos::OwnerSettingsServiceChromeOSFactory::GetForBrowserContext( | |
| 123 profile_), | |
| 124 enrollment_config, access_token, device_modes, | |
| 125 base::Bind(&ConsumerEnrollmentHandler::OnEnrollmentCompleted, | |
| 126 weak_ptr_factory_.GetWeakPtr())); | |
| 127 } | |
| 128 | |
| 129 void ConsumerEnrollmentHandler::OnEnrollmentCompleted(EnrollmentStatus status) { | |
| 130 if (status.status() != EnrollmentStatus::STATUS_SUCCESS) { | |
| 131 LOG(ERROR) << "Failed to enroll the device." | |
| 132 << " status=" << status.status() | |
| 133 << " client_status=" << status.client_status() | |
| 134 << " http_status=" << status.http_status() | |
| 135 << " store_status=" << status.store_status() | |
| 136 << " validation_status=" << status.validation_status(); | |
| 137 EndEnrollment(ConsumerManagementStage::EnrollmentDMServerFailed()); | |
| 138 return; | |
| 139 } | |
| 140 | |
| 141 EndEnrollment(ConsumerManagementStage::EnrollmentSuccess()); | |
| 142 } | |
| 143 | |
| 144 void ConsumerEnrollmentHandler::EndEnrollment( | |
| 145 const ConsumerManagementStage& stage) { | |
| 146 consumer_management_service_->SetStage(stage); | |
| 147 } | |
| 148 | |
| 149 } // namespace policy | |
| OLD | NEW |