1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_CREATION_CONTROLLER_NEW_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_CREATION_CONTROLLER_NEW_H_
10 #include "base/files/file_path.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/weak_ptr.h"
13 #include "base/strings/string16.h"
14 #include "base/timer/timer.h"
15 #include "base/values.h"
16 #include "chrome/browser/chromeos/login/auth/extended_authenticator.h"
17 #include "chrome/browser/chromeos/login/managed/managed_user_creation_controller.h"
18 #include "chrome/browser/supervised_user/supervised_user_registration_utility.h"
26 // LMU Creation process:
27 // 0. Manager is logged in
28 // 1. Generate ID for new LMU
29 // 2. Start "transaction" in Local State.
30 // 3, Generate keys for user : master key, salt, encryption and signature keys.
31 // 4. Create local cryptohome (errors could arise)
32 // 5. Create user in cloud (errors could arise)
33 // 6. Store cloud token in cryptohome (actually, error could arise).
34 // 7. Mark "transaction" as completed.
35 // 8. End manager session.
36 class ManagedUserCreationControllerNew
37 : public ManagedUserCreationController,
38 public ExtendedAuthenticator::AuthStatusConsumer {
40 // All UI initialization is deferred till Init() call.
41 // |Consumer| is not owned by controller, and it is expected that it wouldn't
42 // be deleted before ManagedUserCreationControllerNew.
43 ManagedUserCreationControllerNew(StatusConsumer* consumer,
44 const std::string& manager_id);
45 virtual ~ManagedUserCreationControllerNew();
47 // Returns the current locally managed user controller if it has been created.
48 static ManagedUserCreationControllerNew* current_controller() {
49 return current_controller_;
52 // Set up controller for creating new supervised user with |display_name|,
53 // |password| and avatar indexed by |avatar_index|. StartCreation() have to
54 // be called to actually start creating user.
55 virtual void StartCreation(const base::string16& display_name,
56 const std::string& password,
57 int avatar_index) OVERRIDE;
59 // Starts import of the supervised users created prior to M35. They lack
60 // information about password.
61 // Configures and initiates importing existing supervised user to this device.
62 // Existing user is identified by |sync_id|, has |display_name|, |password|,
63 // |avatar_index|. The master key for cryptohome is a |master_key|.
64 virtual void StartImport(const base::string16& display_name,
65 const std::string& password,
67 const std::string& sync_id,
68 const std::string& master_key) OVERRIDE;
70 // Configures and initiates importing existing supervised user to this device.
71 // Existing user is identified by |sync_id|, has |display_name|,
72 // |avatar_index|. The master key for cryptohome is a |master_key|. The user
73 // has password specified in |password_data| and
74 // |encryption_key|/|signature_key| for cryptohome.
75 virtual void StartImport(const base::string16& display_name,
77 const std::string& sync_id,
78 const std::string& master_key,
79 const base::DictionaryValue* password_data,
80 const std::string& encryption_key,
81 const std::string& signature_key) OVERRIDE;
83 virtual void SetManagerProfile(Profile* manager_profile) OVERRIDE;
84 virtual Profile* GetManagerProfile() OVERRIDE;
86 virtual void CancelCreation() OVERRIDE;
87 virtual void FinishCreation() OVERRIDE;
88 virtual std::string GetManagedUserId() OVERRIDE;
92 // Just initial stage.
95 // Creation attempt is recoreded to allow cleanup in case of failure.
97 // Different keys are generated and public ones are stored in LocalState.
99 // Home directory is created with all necessary passwords.
101 // All user-related information is confirmed to exist on server.
103 // Managed user's sync token is written.
105 // Managed user is succesfully created.
106 TRANSACTION_COMMITTED,
107 // Some error happened while creating supervised user.
111 // Indicates if we create new user, or import an existing one.
112 enum CreationType { NEW_USER, USER_IMPORT_OLD, USER_IMPORT_NEW, };
114 // Contains information necessary for new user creation.
115 struct UserCreationContext {
116 UserCreationContext();
117 ~UserCreationContext();
119 base::string16 display_name;
122 std::string manager_id;
124 std::string local_user_id; // Used to identify cryptohome.
125 std::string sync_user_id; // Used to identify user in manager's sync data.
128 std::string master_key; // Random string
129 std::string signature_key; // 256 bit HMAC key
130 std::string encryption_key; // 256 bit HMAC key
131 std::string salted_password; // Hash(salt + Hash(password))
133 std::string password;
135 std::string salted_master_key; // Hash(system salt + master key)
136 std::string mount_hash;
140 CreationType creation_type;
142 base::DictionaryValue password_data;
144 Profile* manager_profile;
145 scoped_ptr<SupervisedUserRegistrationUtility> registration_utility;
148 // ManagedUserAuthenticator::StatusConsumer overrides.
149 virtual void OnAuthenticationFailure(ExtendedAuthenticator::AuthState error)
152 // Authenticator success callbacks.
153 void OnMountSuccess(const std::string& mount_hash);
154 void OnAddKeySuccess();
155 void OnKeyTransformedIfNeeded(const UserContext& user_context);
157 void StartCreationImpl();
159 // Guard timer callback.
160 void CreationTimedOut();
161 // SupervisedUserRegistrationUtility callback.
162 void RegistrationCallback(const GoogleServiceAuthError& error,
163 const std::string& token);
165 // Completion callback for StoreManagedUserFiles method.
166 // Called on the UI thread.
167 void OnManagedUserFilesStored(bool success);
169 // Pointer to the current instance of the controller to be used by
171 static ManagedUserCreationControllerNew* current_controller_;
173 // Current stage of user creation.
176 // Authenticator used for user creation.
177 scoped_refptr<ExtendedAuthenticator> authenticator_;
179 // Creation context. Not null while creating new LMU.
180 scoped_ptr<UserCreationContext> creation_context_;
182 // Timer for showing warning if creation process takes too long.
183 base::OneShotTimer<ManagedUserCreationControllerNew> timeout_timer_;
185 // Factory of callbacks.
186 base::WeakPtrFactory<ManagedUserCreationControllerNew> weak_factory_;
188 DISALLOW_COPY_AND_ASSIGN(ManagedUserCreationControllerNew);
191 } // namespace chromeos
193 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_MANAGED_USER_CREATION_CONTROLLER_NEW_H_