| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" | 5 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/location.h" | 10 #include "base/location.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/single_thread_task_runner.h" | 12 #include "base/single_thread_task_runner.h" |
| 13 #include "base/threading/thread_task_runner_handle.h" | 13 #include "base/threading/thread_task_runner_handle.h" |
| 14 #include "chrome/browser/browser_process.h" | 14 #include "chrome/browser/browser_process.h" |
| 15 #include "chrome/browser/chromeos/attestation/attestation_ca_client.h" | |
| 16 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" | 15 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h" |
| 17 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 16 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 18 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" | 17 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h" |
| 19 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" | 18 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" |
| 20 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 19 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 21 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" | 20 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" |
| 22 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 21 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 22 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 24 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" | 23 #include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h
" |
| 25 #include "chrome/browser/profiles/profile.h" | 24 #include "chrome/browser/profiles/profile.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 66 NOTREACHED() << "Bad enrollment mode: " << mode; | 65 NOTREACHED() << "Bad enrollment mode: " << mode; |
| 67 return em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_MANUAL; | 66 return em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_MANUAL; |
| 68 } | 67 } |
| 69 | 68 |
| 70 } // namespace | 69 } // namespace |
| 71 | 70 |
| 72 EnrollmentHandlerChromeOS::EnrollmentHandlerChromeOS( | 71 EnrollmentHandlerChromeOS::EnrollmentHandlerChromeOS( |
| 73 DeviceCloudPolicyStoreChromeOS* store, | 72 DeviceCloudPolicyStoreChromeOS* store, |
| 74 EnterpriseInstallAttributes* install_attributes, | 73 EnterpriseInstallAttributes* install_attributes, |
| 75 ServerBackedStateKeysBroker* state_keys_broker, | 74 ServerBackedStateKeysBroker* state_keys_broker, |
| 76 cryptohome::AsyncMethodCaller* async_method_caller, | 75 chromeos::attestation::AttestationFlow* attestation_flow, |
| 77 chromeos::CryptohomeClient* cryptohome_client, | |
| 78 std::unique_ptr<CloudPolicyClient> client, | 76 std::unique_ptr<CloudPolicyClient> client, |
| 79 scoped_refptr<base::SequencedTaskRunner> background_task_runner, | 77 scoped_refptr<base::SequencedTaskRunner> background_task_runner, |
| 80 const EnrollmentConfig& enrollment_config, | 78 const EnrollmentConfig& enrollment_config, |
| 81 const std::string& auth_token, | 79 const std::string& auth_token, |
| 82 const std::string& client_id, | 80 const std::string& client_id, |
| 83 const std::string& requisition, | 81 const std::string& requisition, |
| 84 const AllowedDeviceModes& allowed_device_modes, | 82 const AllowedDeviceModes& allowed_device_modes, |
| 85 const EnrollmentCallback& completion_callback) | 83 const EnrollmentCallback& completion_callback) |
| 86 : store_(store), | 84 : store_(store), |
| 87 install_attributes_(install_attributes), | 85 install_attributes_(install_attributes), |
| 88 state_keys_broker_(state_keys_broker), | 86 state_keys_broker_(state_keys_broker), |
| 89 async_method_caller_(async_method_caller), | 87 attestation_flow_(attestation_flow), |
| 90 cryptohome_client_(cryptohome_client), | |
| 91 client_(std::move(client)), | 88 client_(std::move(client)), |
| 92 background_task_runner_(background_task_runner), | 89 background_task_runner_(background_task_runner), |
| 93 enrollment_config_(enrollment_config), | 90 enrollment_config_(enrollment_config), |
| 94 auth_token_(auth_token), | 91 auth_token_(auth_token), |
| 95 client_id_(client_id), | 92 client_id_(client_id), |
| 96 requisition_(requisition), | 93 requisition_(requisition), |
| 97 allowed_device_modes_(allowed_device_modes), | 94 allowed_device_modes_(allowed_device_modes), |
| 98 completion_callback_(completion_callback), | 95 completion_callback_(completion_callback), |
| 99 device_mode_(DEVICE_MODE_NOT_SET), | 96 device_mode_(DEVICE_MODE_NOT_SET), |
| 100 skip_robot_auth_(false), | 97 skip_robot_auth_(false), |
| 101 enrollment_step_(STEP_PENDING), | 98 enrollment_step_(STEP_PENDING), |
| 102 lockbox_init_duration_(0), | 99 lockbox_init_duration_(0), |
| 103 weak_ptr_factory_(this) { | 100 weak_ptr_factory_(this) { |
| 104 CHECK(!client_->is_registered()); | 101 CHECK(!client_->is_registered()); |
| 105 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); | 102 CHECK_EQ(DM_STATUS_SUCCESS, client_->status()); |
| 106 CHECK((enrollment_config_.mode == EnrollmentConfig::MODE_ATTESTATION || | 103 CHECK((enrollment_config_.mode == EnrollmentConfig::MODE_ATTESTATION || |
| 107 enrollment_config_.mode == | 104 enrollment_config_.mode == |
| 108 EnrollmentConfig::MODE_ATTESTATION_FORCED) == auth_token_.empty()); | 105 EnrollmentConfig::MODE_ATTESTATION_FORCED) == auth_token_.empty()); |
| 109 CHECK(enrollment_config_.auth_mechanism != | 106 CHECK(enrollment_config_.auth_mechanism != |
| 110 EnrollmentConfig::AUTH_MECHANISM_ATTESTATION || | 107 EnrollmentConfig::AUTH_MECHANISM_ATTESTATION || |
| 111 (async_method_caller_ != nullptr && cryptohome_client_ != nullptr)); | 108 attestation_flow_); |
| 112 store_->AddObserver(this); | 109 store_->AddObserver(this); |
| 113 client_->AddObserver(this); | 110 client_->AddObserver(this); |
| 114 client_->AddPolicyTypeToFetch(dm_protocol::kChromeDevicePolicyType, | 111 client_->AddPolicyTypeToFetch(dm_protocol::kChromeDevicePolicyType, |
| 115 std::string()); | 112 std::string()); |
| 116 } | 113 } |
| 117 | 114 |
| 118 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { | 115 EnrollmentHandlerChromeOS::~EnrollmentHandlerChromeOS() { |
| 119 Stop(); | 116 Stop(); |
| 120 store_->RemoveObserver(this); | 117 store_->RemoveObserver(this); |
| 121 } | 118 } |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 } | 261 } |
| 265 | 262 |
| 266 void EnrollmentHandlerChromeOS::StartRegistration() { | 263 void EnrollmentHandlerChromeOS::StartRegistration() { |
| 267 CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); | 264 CHECK_EQ(STEP_LOADING_STORE, enrollment_step_); |
| 268 if (!store_->is_initialized()) { | 265 if (!store_->is_initialized()) { |
| 269 // Do nothing. StartRegistration() will be called again from OnStoreLoaded() | 266 // Do nothing. StartRegistration() will be called again from OnStoreLoaded() |
| 270 // after the CloudPolicyStore has initialized. | 267 // after the CloudPolicyStore has initialized. |
| 271 return; | 268 return; |
| 272 } | 269 } |
| 273 enrollment_step_ = STEP_REGISTRATION; | 270 enrollment_step_ = STEP_REGISTRATION; |
| 274 if (enrollment_config_.should_enroll_with_attestation()) { | 271 if (enrollment_config_.is_mode_attestation()) { |
| 275 StartAttestationBasedEnrollmentFlow(); | 272 StartAttestationBasedEnrollmentFlow(); |
| 276 } else { | 273 } else { |
| 277 client_->Register( | 274 client_->Register( |
| 278 em::DeviceRegisterRequest::DEVICE, | 275 em::DeviceRegisterRequest::DEVICE, |
| 279 EnrollmentModeToRegistrationFlavor(enrollment_config_.mode), | 276 EnrollmentModeToRegistrationFlavor(enrollment_config_.mode), |
| 280 auth_token_, client_id_, requisition_, current_state_key_); | 277 auth_token_, client_id_, requisition_, current_state_key_); |
| 281 } | 278 } |
| 282 } | 279 } |
| 283 | 280 |
| 284 void EnrollmentHandlerChromeOS::StartAttestationBasedEnrollmentFlow() { | 281 void EnrollmentHandlerChromeOS::StartAttestationBasedEnrollmentFlow() { |
| 285 if (!attestation_flow_) { | |
| 286 std::unique_ptr<chromeos::attestation::ServerProxy> attestation_ca_client( | |
| 287 new chromeos::attestation::AttestationCAClient()); | |
| 288 attestation_flow_.reset(new chromeos::attestation::AttestationFlow( | |
| 289 async_method_caller_, cryptohome_client_, | |
| 290 std::move(attestation_ca_client))); | |
| 291 } | |
| 292 const chromeos::attestation::AttestationFlow::CertificateCallback callback = | 282 const chromeos::attestation::AttestationFlow::CertificateCallback callback = |
| 293 base::Bind( | 283 base::Bind( |
| 294 &EnrollmentHandlerChromeOS::HandleRegistrationCertificateResult, | 284 &EnrollmentHandlerChromeOS::HandleRegistrationCertificateResult, |
| 295 weak_ptr_factory_.GetWeakPtr()); | 285 weak_ptr_factory_.GetWeakPtr()); |
| 296 attestation_flow_->GetCertificate( | 286 attestation_flow_->GetCertificate( |
| 297 chromeos::attestation::PROFILE_ENTERPRISE_ENROLLMENT_CERTIFICATE, | 287 chromeos::attestation::PROFILE_ENTERPRISE_ENROLLMENT_CERTIFICATE, |
| 298 EmptyAccountId(), "" /* request_origin */, false /* force_new_key */, | 288 EmptyAccountId(), "" /* request_origin */, false /* force_new_key */, |
| 299 callback); | 289 callback); |
| 300 } | 290 } |
| 301 | 291 |
| 302 void EnrollmentHandlerChromeOS::HandleRegistrationCertificateResult( | 292 void EnrollmentHandlerChromeOS::HandleRegistrationCertificateResult( |
| 303 bool success, | 293 bool success, |
| 304 const std::string& pem_certificate_chain) { | 294 const std::string& pem_certificate_chain) { |
| 305 LOG(WARNING) << "Enrolling with a registration certificate" | 295 if (success) |
| 306 " is not supported yet."; | 296 client_->RegisterWithCertificate( |
| 307 // TODO(drcrash): Invert success/fail tests, mocking as always failed now. | 297 em::DeviceRegisterRequest::DEVICE, |
| 308 if (success) { | 298 EnrollmentModeToRegistrationFlavor(enrollment_config_.mode), |
| 309 // TODO(drcrash): Implement new call in client_ to register with cert. | 299 pem_certificate_chain, client_id_, requisition_, current_state_key_); |
| 310 } | 300 else |
| 311 ReportResult(EnrollmentStatus::ForStatus( | 301 ReportResult(EnrollmentStatus::ForStatus( |
| 312 EnrollmentStatus::STATUS_REGISTRATION_CERTIFICATE_FETCH_FAILED)); | 302 EnrollmentStatus::STATUS_REGISTRATION_CERTIFICATE_FETCH_FAILED)); |
| 313 } | 303 } |
| 314 | 304 |
| 315 void EnrollmentHandlerChromeOS::HandlePolicyValidationResult( | 305 void EnrollmentHandlerChromeOS::HandlePolicyValidationResult( |
| 316 DeviceCloudPolicyValidator* validator) { | 306 DeviceCloudPolicyValidator* validator) { |
| 317 CHECK_EQ(STEP_VALIDATION, enrollment_step_); | 307 CHECK_EQ(STEP_VALIDATION, enrollment_step_); |
| 318 if (validator->success()) { | 308 if (validator->success()) { |
| 319 policy_ = std::move(validator->policy()); | 309 policy_ = std::move(validator->policy()); |
| 320 username_ = validator->policy_data()->username(); | 310 username_ = validator->policy_data()->username(); |
| 321 device_id_ = validator->policy_data()->device_id(); | 311 device_id_ = validator->policy_data()->device_id(); |
| 322 request_token_ = validator->policy_data()->request_token(); | 312 request_token_ = validator->policy_data()->request_token(); |
| (...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 504 << ", validation: " << status.validation_status() | 494 << ", validation: " << status.validation_status() |
| 505 << ", store: " << status.store_status() | 495 << ", store: " << status.store_status() |
| 506 << ", lock: " << status.lock_status(); | 496 << ", lock: " << status.lock_status(); |
| 507 } | 497 } |
| 508 | 498 |
| 509 if (!callback.is_null()) | 499 if (!callback.is_null()) |
| 510 callback.Run(status); | 500 callback.Run(status); |
| 511 } | 501 } |
| 512 | 502 |
| 513 } // namespace policy | 503 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2276593004:
Device registration using an enrollment certificate from the PCA. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master