1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
8 #include "base/sequenced_task_runner.h"
9 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
10 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
11 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
12 #include "policy/proto/device_management_backend.pb.h"
14 namespace em = enterprise_management;
18 DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS(
19 chromeos::DeviceSettingsService* device_settings_service,
20 EnterpriseInstallAttributes* install_attributes,
21 scoped_refptr<base::SequencedTaskRunner> background_task_runner)
22 : device_settings_service_(device_settings_service),
23 install_attributes_(install_attributes),
24 background_task_runner_(background_task_runner),
26 device_settings_service_->AddObserver(this);
29 DeviceCloudPolicyStoreChromeOS::~DeviceCloudPolicyStoreChromeOS() {
30 device_settings_service_->RemoveObserver(this);
33 void DeviceCloudPolicyStoreChromeOS::Store(
34 const em::PolicyFetchResponse& policy) {
35 // Cancel all pending requests.
36 weak_factory_.InvalidateWeakPtrs();
38 scoped_refptr<chromeos::OwnerKey> owner_key(
39 device_settings_service_->GetOwnerKey());
40 if (!install_attributes_->IsEnterpriseDevice() ||
41 !device_settings_service_->policy_data() || !owner_key.get() ||
42 !owner_key->public_key()) {
43 status_ = STATUS_BAD_STATE;
48 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy));
49 validator->ValidateSignature(owner_key->public_key_as_string(),
50 GetPolicyVerificationKey(),
51 install_attributes_->GetDomain(),
53 validator->ValidateAgainstCurrentPolicy(
54 device_settings_service_->policy_data(),
55 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED,
56 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED);
57 validator.release()->StartValidation(
58 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
59 weak_factory_.GetWeakPtr()));
62 void DeviceCloudPolicyStoreChromeOS::Load() {
63 device_settings_service_->Load();
66 void DeviceCloudPolicyStoreChromeOS::InstallInitialPolicy(
67 const em::PolicyFetchResponse& policy) {
68 // Cancel all pending requests.
69 weak_factory_.InvalidateWeakPtrs();
71 if (!install_attributes_->IsEnterpriseDevice() &&
72 device_settings_service_->status() !=
73 chromeos::DeviceSettingsService::STORE_NO_POLICY) {
74 status_ = STATUS_BAD_STATE;
79 scoped_ptr<DeviceCloudPolicyValidator> validator(CreateValidator(policy));
80 validator->ValidateInitialKey(GetPolicyVerificationKey(),
81 install_attributes_->GetDomain());
82 validator.release()->StartValidation(
83 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
84 weak_factory_.GetWeakPtr()));
87 void DeviceCloudPolicyStoreChromeOS::OwnershipStatusChanged() {
91 void DeviceCloudPolicyStoreChromeOS::DeviceSettingsUpdated() {
92 if (!weak_factory_.HasWeakPtrs())
96 scoped_ptr<DeviceCloudPolicyValidator>
97 DeviceCloudPolicyStoreChromeOS::CreateValidator(
98 const em::PolicyFetchResponse& policy) {
99 scoped_ptr<DeviceCloudPolicyValidator> validator(
100 DeviceCloudPolicyValidator::Create(
101 scoped_ptr<em::PolicyFetchResponse>(
102 new em::PolicyFetchResponse(policy)),
103 background_task_runner_));
104 validator->ValidateDomain(install_attributes_->GetDomain());
105 validator->ValidatePolicyType(dm_protocol::kChromeDevicePolicyType);
106 validator->ValidatePayload();
107 return validator.Pass();
110 void DeviceCloudPolicyStoreChromeOS::OnPolicyToStoreValidated(
111 DeviceCloudPolicyValidator* validator) {
112 if (!validator->success()) {
113 status_ = STATUS_VALIDATION_ERROR;
114 validation_status_ = validator->status();
119 device_settings_service_->Store(
120 validator->policy().Pass(),
121 base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyStored,
122 weak_factory_.GetWeakPtr()));
125 void DeviceCloudPolicyStoreChromeOS::OnPolicyStored() {
129 void DeviceCloudPolicyStoreChromeOS::UpdateFromService() {
130 if (!install_attributes_->IsEnterpriseDevice()) {
131 status_ = STATUS_BAD_STATE;
136 switch (device_settings_service_->status()) {
137 case chromeos::DeviceSettingsService::STORE_SUCCESS: {
139 policy_.reset(new em::PolicyData());
140 if (device_settings_service_->policy_data())
141 policy_->MergeFrom(*device_settings_service_->policy_data());
143 PolicyMap new_policy_map;
145 DecodeDevicePolicy(*device_settings_service_->device_settings(),
146 &new_policy_map, install_attributes_);
148 policy_map_.Swap(&new_policy_map);
153 case chromeos::DeviceSettingsService::STORE_KEY_UNAVAILABLE:
154 status_ = STATUS_BAD_STATE;
156 case chromeos::DeviceSettingsService::STORE_POLICY_ERROR:
157 case chromeos::DeviceSettingsService::STORE_OPERATION_FAILED:
158 status_ = STATUS_STORE_ERROR;
160 case chromeos::DeviceSettingsService::STORE_NO_POLICY:
161 case chromeos::DeviceSettingsService::STORE_INVALID_POLICY:
162 case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR:
163 case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR:
164 status_ = STATUS_LOAD_ERROR;
171 } // namespace policy