Remove legacy policy cache support on chromeos

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
 
 #include <stddef.h>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 43 matching lines @@
                             VALIDATION_FAILURE_SIZE);
 }
 
 // Extracts the domain name from the passed username.
 std::string ExtractDomain(const std::string& username) {
   return gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));
 }
 
 }  // namespace
 
-// Helper class for loading legacy policy caches.
-class LegacyPolicyCacheLoader : public UserPolicyTokenLoader::Delegate,
-                                public UserPolicyDiskCache::Delegate {
- public:
-  typedef base::Callback<void(const std::string&,
-                              const std::string&,
-                              CloudPolicyStore::Status,
-                              std::unique_ptr<em::PolicyFetchResponse>)>
-      Callback;
-
-  LegacyPolicyCacheLoader(
-      const base::FilePath& token_cache_file,
-      const base::FilePath& policy_cache_file,
-      scoped_refptr<base::SequencedTaskRunner> background_task_runner);
-  ~LegacyPolicyCacheLoader() override;
-
-  // Starts loading, and reports the result to |callback| when done.
-  void Load(const Callback& callback);
-
-  // UserPolicyTokenLoader::Delegate:
-  void OnTokenLoaded(const std::string& token,
-                     const std::string& device_id) override;
-
-  // UserPolicyDiskCache::Delegate:
-  void OnDiskCacheLoaded(UserPolicyDiskCache::LoadResult result,
-                         const em::CachedCloudPolicyResponse& policy) override;
-
- private:
-  // Checks whether the load operations from the legacy caches completed. If so,
-  // fires the appropriate notification.
-  void CheckLoadFinished();
-
-  // Maps a disk cache LoadResult to a CloudPolicyStore::Status.
-  static CloudPolicyStore::Status TranslateLoadResult(
-      UserPolicyDiskCache::LoadResult result);
-
-  scoped_refptr<UserPolicyTokenLoader> token_loader_;
-  scoped_refptr<UserPolicyDiskCache> policy_cache_;
-
-  std::string dm_token_;
-  std::string device_id_;
-  std::unique_ptr<em::PolicyFetchResponse> policy_;
-  CloudPolicyStore::Status status_;
-
-  Callback callback_;
-
-  base::WeakPtrFactory<LegacyPolicyCacheLoader> weak_factory_;
-
-  DISALLOW_COPY_AND_ASSIGN(LegacyPolicyCacheLoader);
-};
-
-LegacyPolicyCacheLoader::LegacyPolicyCacheLoader(
-    const base::FilePath& token_cache_file,
-    const base::FilePath& policy_cache_file,
-    scoped_refptr<base::SequencedTaskRunner> background_task_runner)
-    : status_(CloudPolicyStore::STATUS_OK),
-      weak_factory_(this) {
-  token_loader_ = new UserPolicyTokenLoader(weak_factory_.GetWeakPtr(),
-                                            token_cache_file,
-                                            background_task_runner);
-  policy_cache_ = new UserPolicyDiskCache(weak_factory_.GetWeakPtr(),
-                                          policy_cache_file,
-                                          background_task_runner);
-}
-
-LegacyPolicyCacheLoader::~LegacyPolicyCacheLoader() {}
-
-void LegacyPolicyCacheLoader::Load(const Callback& callback) {
-  callback_ = callback;
-  token_loader_->Load();
-  policy_cache_->Load();
-}
-
-void LegacyPolicyCacheLoader::OnTokenLoaded(const std::string& token,
-                                            const std::string& device_id) {
-  dm_token_ = token;
-  device_id_ = device_id;
-  token_loader_ = NULL;
-  CheckLoadFinished();
-}
-
-void LegacyPolicyCacheLoader::OnDiskCacheLoaded(
-    UserPolicyDiskCache::LoadResult result,
-    const em::CachedCloudPolicyResponse& policy) {
-  status_ = TranslateLoadResult(result);
-  if (result == UserPolicyDiskCache::LOAD_RESULT_SUCCESS) {
-    if (policy.has_cloud_policy())
-      policy_.reset(new em::PolicyFetchResponse(policy.cloud_policy()));
-  } else {
-    LOG(WARNING) << "Failed to load legacy policy cache: " << result;
-  }
-  policy_cache_ = NULL;
-  CheckLoadFinished();
-}
-
-void LegacyPolicyCacheLoader::CheckLoadFinished() {
-  if (!token_loader_.get() && !policy_cache_.get())
-    callback_.Run(dm_token_, device_id_, status_, std::move(policy_));
-}
-
-// static
-CloudPolicyStore::Status LegacyPolicyCacheLoader::TranslateLoadResult(
-    UserPolicyDiskCache::LoadResult result) {
-  switch (result) {
-    case UserPolicyDiskCache::LOAD_RESULT_SUCCESS:
-    case UserPolicyDiskCache::LOAD_RESULT_NOT_FOUND:
-      return CloudPolicyStore::STATUS_OK;
-    case UserPolicyDiskCache::LOAD_RESULT_PARSE_ERROR:
-    case UserPolicyDiskCache::LOAD_RESULT_READ_ERROR:
-      return CloudPolicyStore::STATUS_LOAD_ERROR;
-  }
-  NOTREACHED();
-  return CloudPolicyStore::STATUS_OK;
-}
-
 UserCloudPolicyStoreChromeOS::UserCloudPolicyStoreChromeOS(
     chromeos::CryptohomeClient* cryptohome_client,
     chromeos::SessionManagerClient* session_manager_client,
     scoped_refptr<base::SequencedTaskRunner> background_task_runner,
     const AccountId& account_id,
-    const base::FilePath& user_policy_key_dir,
-    const base::FilePath& legacy_token_cache_file,
-    const base::FilePath& legacy_policy_cache_file)
+    const base::FilePath& user_policy_key_dir)
     : UserCloudPolicyStoreBase(background_task_runner),
       cryptohome_client_(cryptohome_client),
       session_manager_client_(session_manager_client),
       account_id_(account_id),
       user_policy_key_dir_(user_policy_key_dir),
-      legacy_cache_dir_(legacy_token_cache_file.DirName()),
-      legacy_loader_(new LegacyPolicyCacheLoader(legacy_token_cache_file,
-                                                 legacy_policy_cache_file,
-                                                 background_task_runner)),
-      legacy_caches_loaded_(false),
       policy_key_loaded_(false),
       weak_factory_(this) {}
 
 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {}
 
 void UserCloudPolicyStoreChromeOS::Store(
     const em::PolicyFetchResponse& policy) {
   // Cancel all pending requests.
   weak_factory_.InvalidateWeakPtrs();
   std::unique_ptr<em::PolicyFetchResponse> response(
@@ skipping 20 matching lines @@
   // session. That happens when the browser crashes, or right after signin if
   // the user has flags configured in about:flags.
   // However, on those paths we must load policy synchronously so that the
   // Profile initialization never sees unmanaged prefs, which would lead to
   // data loss. http://crbug.com/263061
   std::string policy_blob =
       session_manager_client_->BlockingRetrievePolicyForUser(
           cryptohome::Identification(account_id_));
   if (policy_blob.empty()) {
     // The session manager doesn't have policy, or the call failed.
-    // Just notify that the load is done, and don't bother with the legacy
-    // caches in this case.
     NotifyStoreLoaded();
     return;
   }
 
   std::unique_ptr<em::PolicyFetchResponse> policy(
       new em::PolicyFetchResponse());
   if (!policy->ParseFromString(policy_blob)) {
     status_ = STATUS_PARSE_ERROR;
     NotifyStoreError();
     return;
@@ skipping 79 matching lines @@
     // the session manager. An additional validation is performed after the
     // load; reload the key for that validation too, in case it was rotated.
     ReloadPolicyKey(base::Bind(&UserCloudPolicyStoreChromeOS::Load,
                                weak_factory_.GetWeakPtr()));
   }
 }
 
 void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
     const std::string& policy_blob) {
   if (policy_blob.empty()) {
-    // Policy fetch failed. Try legacy caches if we haven't done that already.
-    if (!legacy_caches_loaded_ && legacy_loader_.get()) {
-      legacy_caches_loaded_ = true;
-      legacy_loader_->Load(
-          base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished,
-                     weak_factory_.GetWeakPtr()));
-    } else {
-      // session_manager doesn't have policy. Adjust internal state and notify
-      // the world about the policy update.
-      policy_.reset();
-      NotifyStoreLoaded();
-    }
+    // session_manager doesn't have policy. Adjust internal state and notify
+    // the world about the policy update.
+    policy_.reset();
+    NotifyStoreLoaded();
     return;
   }
 
-  // Policy is supplied by session_manager. Disregard legacy data from now on.
-  legacy_loader_.reset();
-
   std::unique_ptr<em::PolicyFetchResponse> policy(
       new em::PolicyFetchResponse());
   if (!policy->ParseFromString(policy_blob)) {
     status_ = STATUS_PARSE_ERROR;
     NotifyStoreError();
     return;
   }
 
   // Load |policy_key_| to verify the loaded policy.
   EnsurePolicyKeyLoaded(
@@ skipping 26 matching lines @@
   if (!validator->success()) {
     status_ = STATUS_VALIDATION_ERROR;
     NotifyStoreError();
     return;
   }
 
   InstallPolicy(std::move(validator->policy_data()),
                 std::move(validator->payload()));
   status_ = STATUS_OK;
 
-  // Policy has been loaded successfully. This indicates that new-style policy
-  // is working, so the legacy cache directory can be removed.
-  if (!legacy_cache_dir_.empty()) {
-    background_task_runner()->PostTask(
-        FROM_HERE,
-        base::Bind(&UserCloudPolicyStoreChromeOS::RemoveLegacyCacheDir,
-                   legacy_cache_dir_));
-    legacy_cache_dir_.clear();
-  }
   NotifyStoreLoaded();
 }
 
-void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished(
-    const std::string& dm_token,
-    const std::string& device_id,
-    Status status,
-    std::unique_ptr<em::PolicyFetchResponse> policy) {
-  status_ = status;
-  if (policy.get()) {
-    // Create and configure a validator for the loaded legacy policy. Note that
-    // the signature on this policy is not verified.
-    std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
-        std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_FULLY_VALIDATED);
-    validator->ValidateUsername(account_id_.GetUserEmail(), true);
-    validator.release()->StartValidation(
-        base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated,
-                   weak_factory_.GetWeakPtr(),
-                   dm_token,
-                   device_id));
-  } else {
-    InstallLegacyTokens(dm_token, device_id);
-  }
-}
-
-void UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated(
-    const std::string& dm_token,
-    const std::string& device_id,
-    UserCloudPolicyValidator* validator) {
-  validation_status_ = validator->status();
-  if (validator->success()) {
-    status_ = STATUS_OK;
-    InstallPolicy(std::move(validator->policy_data()),
-                  std::move(validator->payload()));
-
-    // Clear the public key version. The public key version field would
-    // otherwise indicate that we have key installed in the store when in fact
-    // we haven't. This may result in policy updates failing signature
-    // verification.
-    policy_->clear_public_key_version();
-  } else {
-    status_ = STATUS_VALIDATION_ERROR;
-  }
-
-  InstallLegacyTokens(dm_token, device_id);
-}
-
-void UserCloudPolicyStoreChromeOS::InstallLegacyTokens(
-    const std::string& dm_token,
-    const std::string& device_id) {
-  // Write token and device ID to |policy_|, giving them precedence over the
-  // policy blob. This is to match the legacy behavior, which used token and
-  // device id exclusively from the token cache file.
-  if (!dm_token.empty() && !device_id.empty()) {
-    if (!policy_.get())
-      policy_.reset(new em::PolicyData());
-    policy_->set_request_token(dm_token);
-    policy_->set_device_id(device_id);
-  }
-
-  // Tell the rest of the world that the policy load completed.
-  NotifyStoreLoaded();
-}
-
-// static
-void UserCloudPolicyStoreChromeOS::RemoveLegacyCacheDir(
-    const base::FilePath& dir) {
-  if (base::PathExists(dir) && !base::DeleteFile(dir, true))
-    LOG(ERROR) << "Failed to remove cache dir " << dir.value();
-}
-
 void UserCloudPolicyStoreChromeOS::ReloadPolicyKey(
     const base::Closure& callback) {
   std::string* key = new std::string();
   background_task_runner()->PostTaskAndReply(
       FROM_HERE,
       base::Bind(&UserCloudPolicyStoreChromeOS::LoadPolicyKey,
                  policy_key_path_,
                  key),
       base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyKeyReloaded,
                  weak_factory_.GetWeakPtr(),
@@ skipping 68 matching lines @@
 
 std::unique_ptr<UserCloudPolicyValidator>
 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
     std::unique_ptr<em::PolicyFetchResponse> policy) {
   std::unique_ptr<UserCloudPolicyValidator> validator = CreateValidator(
       std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
   validator->ValidateUsername(account_id_.GetUserEmail(), true);
   const bool allow_rotation = false;
   const std::string empty_key = std::string();
   // The policy loaded from session manager need not be validated using the
-  // verification key since it is secure, and since there may be legacy policy
-  // data that was stored without a verification key. Hence passing an empty
-  // value for the verification key.
+  // verification key since it is secure. Hence passing an empty value for the
+  // verification key.

[Andrew T Wilson (Slow), 2016/11/08 15:50:40]

Actually, the "legacy policy" described in this comment is different from the
legacy policy you're removing. So restore the old comment language.

   validator->ValidateSignature(policy_key_, empty_key,
                                ExtractDomain(account_id_.GetUserEmail()),
                                allow_rotation);
   return validator;
 }
 }  // namespace policy