1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_CREATION_CONTROLLER_NEW_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_CREATION_CONTROLLER_NEW_H_
10 #include "base/files/file_path.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/weak_ptr.h"
13 #include "base/strings/string16.h"
14 #include "base/timer/timer.h"
15 #include "base/values.h"
16 #include "chrome/browser/chromeos/login/extended_authenticator.h"
17 #include "chrome/browser/chromeos/login/managed/managed_user_creation_controller.h"
18 #include "chrome/browser/managed_mode/managed_user_registration_utility.h"
24 // LMU Creation process:
25 // 0. Manager is logged in
26 // 1. Generate ID for new LMU
27 // 2. Start "transaction" in Local State.
28 // 3, Generate keys for user : master key, salt, encryption and signature keys.
29 // 4. Create local cryptohome (errors could arise)
30 // 5. Create user in cloud (errors could arise)
31 // 6. Store cloud token in cryptohome (actually, error could arise).
32 // 7. Mark "transaction" as completed.
33 // 8. End manager session.
34 class ManagedUserCreationControllerNew
35 : public ManagedUserCreationController,
36 public ExtendedAuthenticator::AuthStatusConsumer {
38 // All UI initialization is deferred till Init() call.
39 // |Consumer| is not owned by controller, and it is expected that it wouldn't
40 // be deleted before ManagedUserCreationControllerNew.
41 ManagedUserCreationControllerNew(StatusConsumer* consumer,
42 const std::string& manager_id);
43 virtual ~ManagedUserCreationControllerNew();
45 // Returns the current locally managed user controller if it has been created.
46 static ManagedUserCreationControllerNew* current_controller() {
47 return current_controller_;
50 // Set up controller for creating new supervised user with |display_name|,
51 // |password| and avatar indexed by |avatar_index|. StartCreation() have to
52 // be called to actually start creating user.
53 virtual void StartCreation(const base::string16& display_name,
54 const std::string& password,
55 int avatar_index) OVERRIDE;
57 // Starts import of the supervised users created prior to M35. They lack
58 // information about password.
59 // Configures and initiates importing existing supervised user to this device.
60 // Existing user is identified by |sync_id|, has |display_name|, |password|,
61 // |avatar_index|. The master key for cryptohome is a |master_key|.
62 virtual void StartImport(const base::string16& display_name,
63 const std::string& password,
65 const std::string& sync_id,
66 const std::string& master_key) OVERRIDE;
68 // Configures and initiates importing existing supervised user to this device.
69 // Existing user is identified by |sync_id|, has |display_name|,
70 // |avatar_index|. The master key for cryptohome is a |master_key|. The user
71 // has password specified in |password_data| and
72 // |encryption_key|/|signature_key| for cryptohome.
73 virtual void StartImport(const base::string16& display_name,
75 const std::string& sync_id,
76 const std::string& master_key,
77 const base::DictionaryValue* password_data,
78 const std::string& encryption_key,
79 const std::string& signature_key) OVERRIDE;
81 virtual void SetManagerProfile(Profile* manager_profile) OVERRIDE;
82 virtual Profile* GetManagerProfile() OVERRIDE;
84 virtual void CancelCreation() OVERRIDE;
85 virtual void FinishCreation() OVERRIDE;
86 virtual std::string GetManagedUserId() OVERRIDE;
90 // Just initial stage.
93 // Creation attempt is recoreded to allow cleanup in case of failure.
95 // Different keys are generated and public ones are stored in LocalState.
97 // Home directory is created with all necessary passwords.
99 // All user-related information is confirmed to exist on server.
101 // Managed user's sync token is written.
103 // Managed user is succesfully created.
104 TRANSACTION_COMMITTED,
105 // Some error happened while creating supervised user.
109 // Indicates if we create new user, or import an existing one.
110 enum CreationType { NEW_USER, USER_IMPORT_OLD, USER_IMPORT_NEW, };
112 // Contains information necessary for new user creation.
113 struct UserCreationContext {
114 UserCreationContext();
115 ~UserCreationContext();
117 base::string16 display_name;
120 std::string manager_id;
122 std::string local_user_id; // Used to identify cryptohome.
123 std::string sync_user_id; // Used to identify user in manager's sync data.
126 std::string master_key; // Random string
127 std::string signature_key; // 256 bit HMAC key
128 std::string encryption_key; // 256 bit HMAC key
129 std::string salted_password; // Hash(salt + Hash(password))
131 std::string password;
133 std::string salted_master_key; // Hash(system salt + master key)
134 std::string mount_hash;
138 CreationType creation_type;
140 base::DictionaryValue password_data;
142 Profile* manager_profile;
143 scoped_ptr<ManagedUserRegistrationUtility> registration_utility;
146 // ManagedUserAuthenticator::StatusConsumer overrides.
147 virtual void OnAuthenticationFailure(ExtendedAuthenticator::AuthState error)
150 // Authenticator success callbacks.
151 void OnMountSuccess(const std::string& mount_hash);
152 void OnAddKeySuccess();
153 void OnPasswordHashingSuccess(const std::string& password_hash);
155 void StartCreationImpl();
157 // Guard timer callback.
158 void CreationTimedOut();
159 // ManagedUserRegistrationUtility callback.
160 void RegistrationCallback(const GoogleServiceAuthError& error,
161 const std::string& token);
163 // Completion callback for StoreManagedUserFiles method.
164 // Called on the UI thread.
165 void OnManagedUserFilesStored(bool success);
167 // Pointer to the current instance of the controller to be used by
169 static ManagedUserCreationControllerNew* current_controller_;
171 // Current stage of user creation.
174 // Authenticator used for user creation.
175 scoped_refptr<ExtendedAuthenticator> authenticator_;
177 // Creation context. Not null while creating new LMU.
178 scoped_ptr<UserCreationContext> creation_context_;
180 // Timer for showing warning if creation process takes too long.
181 base::OneShotTimer<ManagedUserCreationControllerNew> timeout_timer_;
183 // Factory of callbacks.
184 base::WeakPtrFactory<ManagedUserCreationControllerNew> weak_factory_;
186 DISALLOW_COPY_AND_ASSIGN(ManagedUserCreationControllerNew);
189 } // namespace chromeos
191 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_CREATION_CONTROLLER_NEW_H_