diff --git a/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc b/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc index 2dc5d05231e956..83e653b52ea494 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc +++ b/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc @@ -22,7 +22,7 @@ #include "chrome/browser/chromeos/app_mode/kiosk_app_external_loader.h" #include "chrome/browser/chromeos/app_mode/kiosk_app_manager_observer.h" #include "chrome/browser/chromeos/app_mode/kiosk_external_updater.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" #include "chrome/browser/chromeos/policy/device_local_account.h" #include "chrome/browser/chromeos/settings/cros_settings.h" @@ -59,7 +59,7 @@ void OnRemoveAppCryptohomeComplete(const std::string& app, // Check for presence of machine owner public key file. void CheckOwnerFilePresence(bool *present) { scoped_refptr util = - OwnerSettingsServiceChromeOSFactory::GetInstance()->GetOwnerKeyUtil(); + OwnerSettingsServiceFactory::GetInstance()->GetOwnerKeyUtil(); *present = util.get() && util->IsPublicKeyPresent(); } diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc index 659e00ddfa236f..a0222b5273e795 100644 --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc @@ -55,7 +55,7 @@ #include "chrome/browser/chromeos/memory/oom_priority_manager.h" #include "chrome/browser/chromeos/net/network_portal_detector_impl.h" #include "chrome/browser/chromeos/options/cert_library.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" #include "chrome/browser/chromeos/policy/device_local_account.h" #include "chrome/browser/chromeos/power/idle_action_warning_observer.h" @@ -187,7 +187,7 @@ class DBusServices { DeviceSettingsService::Initialize(); DeviceSettingsService::Get()->SetSessionManager( DBusThreadManager::Get()->GetSessionManagerClient(), - OwnerSettingsServiceChromeOSFactory::GetInstance()->GetOwnerKeyUtil()); + OwnerSettingsServiceFactory::GetInstance()->GetOwnerKeyUtil()); } ~DBusServices() { diff --git a/chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.cc b/chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.cc index 97b24d2138f003..804a32eb1ea615 100644 --- a/chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.cc +++ b/chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.cc @@ -5,11 +5,10 @@ #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h" #include "base/thread_task_runner_handle.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chromeos/login/login_state.h" -#include "components/ownership/owner_key_util.h" #include "components/user_manager/user_manager.h" #include "content/public/browser/browser_thread.h" @@ -45,9 +44,9 @@ void ChromeCryptohomeAuthenticator::CheckSafeModeOwnership( LoginState::LOGGED_IN_USER_NONE); } - OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( + OwnerSettingsService::IsOwnerForSafeModeAsync( context.GetUserIDHash(), - OwnerSettingsServiceChromeOSFactory::GetInstance()->GetOwnerKeyUtil(), + OwnerSettingsServiceFactory::GetInstance()->GetOwnerKeyUtil(), callback); } diff --git a/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc b/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc index 67019a84ad005f..7fd127e5d903ad 100644 --- a/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc +++ b/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc @@ -18,8 +18,8 @@ #include "base/strings/stringprintf.h" #include "chrome/browser/chromeos/login/users/fake_user_manager.h" #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" @@ -136,8 +136,8 @@ class CryptohomeAuthenticatorTest : public testing::Test { mock_caller_(NULL), mock_homedir_methods_(NULL), owner_key_util_(new ownership::MockOwnerKeyUtil()) { - OwnerSettingsServiceChromeOSFactory::GetInstance() - ->SetOwnerKeyUtilForTesting(owner_key_util_); + OwnerSettingsServiceFactory::GetInstance()->SetOwnerKeyUtilForTesting( + owner_key_util_); user_context_.SetKey(Key("fakepass")); user_context_.SetUserIDHash("me_nowhere_com_hash"); const user_manager::User* user = diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc b/chrome/browser/chromeos/ownership/owner_settings_service.cc similarity index 50% rename from chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc rename to chrome/browser/chromeos/ownership/owner_settings_service.cc index 6f04ebbf516072..d9afe65da9b97d 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc +++ b/chrome/browser/chromeos/ownership/owner_settings_service.cc @@ -2,16 +2,14 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" #include #include "base/bind.h" #include "base/bind_helpers.h" -#include "base/callback.h" #include "base/command_line.h" #include "base/prefs/pref_service.h" -#include "base/threading/thread_checker.h" #include "chrome/browser/chrome_notification_types.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/chromeos/settings/cros_settings.h" @@ -19,7 +17,6 @@ #include "chrome/browser/profiles/profile.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/tpm_token_loader.h" -#include "components/ownership/owner_key_util.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/notification_details.h" @@ -57,12 +54,70 @@ bool IsOwnerInTests(const std::string& user_id) { return static_cast(value)->GetString() == user_id; } +// Assembles PolicyData based on |settings|, |policy_data| and +// |user_id|. +scoped_ptr AssemblePolicy( + const std::string& user_id, + const em::PolicyData* policy_data, + const em::ChromeDeviceSettingsProto* settings) { + scoped_ptr policy(new em::PolicyData()); + if (policy_data) { + // Preserve management settings. + if (policy_data->has_management_mode()) + policy->set_management_mode(policy_data->management_mode()); + if (policy_data->has_request_token()) + policy->set_request_token(policy_data->request_token()); + if (policy_data->has_device_id()) + policy->set_device_id(policy_data->device_id()); + } else { + // If there's no previous policy data, this is the first time the device + // setting is set. We set the management mode to NOT_MANAGED initially. + policy->set_management_mode(em::PolicyData::NOT_MANAGED); + } + policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); + policy->set_timestamp( + (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); + policy->set_username(user_id); + if (!settings->SerializeToString(policy->mutable_policy_value())) + return scoped_ptr(); + + return policy.Pass(); +} + +std::string AssembleAndSignPolicy(scoped_ptr policy, + crypto::RSAPrivateKey* private_key) { + // Assemble the policy. + em::PolicyFetchResponse policy_response; + if (!policy->SerializeToString(policy_response.mutable_policy_data())) { + LOG(ERROR) << "Failed to encode policy payload."; + return std::string(); + } + + // Generate the signature. + scoped_ptr signature_creator( + crypto::SignatureCreator::Create(private_key)); + signature_creator->Update( + reinterpret_cast(policy_response.policy_data().c_str()), + policy_response.policy_data().size()); + std::vector signature_bytes; + std::string policy_blob; + if (!signature_creator->Final(&signature_bytes)) { + LOG(ERROR) << "Failed to create policy signature."; + return std::string(); + } + + policy_response.mutable_policy_data_signature()->assign( + reinterpret_cast(vector_as_array(&signature_bytes)), + signature_bytes.size()); + return policy_response.SerializeAsString(); +} + void LoadPrivateKeyByPublicKey( const scoped_refptr& owner_key_util, scoped_refptr public_key, const std::string& username_hash, - const base::Callback& public_key, - const scoped_refptr& private_key)>& + const base::Callback public_key, + scoped_refptr private_key)>& callback) { crypto::EnsureNSSInit(); crypto::ScopedPK11Slot slot = @@ -74,12 +129,11 @@ void LoadPrivateKeyByPublicKey( base::Bind(callback, public_key, private_key)); } -void LoadPrivateKey( - const scoped_refptr& owner_key_util, - const std::string username_hash, - const base::Callback& public_key, - const scoped_refptr& private_key)>& - callback) { +void LoadPrivateKey(const scoped_refptr& owner_key_util, + const std::string username_hash, + const base::Callback public_key, + scoped_refptr private_key)>& callback) { std::vector public_key_data; scoped_refptr public_key; if (!owner_key_util->ImportPublicKey(&public_key_data)) { @@ -121,14 +175,15 @@ bool DoesPrivateKeyExistAsyncHelper( // not. Responds via |callback|. void DoesPrivateKeyExistAsync( const scoped_refptr& owner_key_util, - const OwnerSettingsServiceChromeOS::IsOwnerCallback& callback) { + const OwnerSettingsService::IsOwnerCallback& callback) { if (!owner_key_util) { callback.Run(false); return; } scoped_refptr task_runner = - BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( - base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); + content::BrowserThread::GetBlockingPool() + ->GetTaskRunnerWithShutdownBehavior( + base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); base::PostTaskAndReplyWithResult( task_runner.get(), FROM_HERE, @@ -136,28 +191,60 @@ void DoesPrivateKeyExistAsync( callback); } -DeviceSettingsService* GetDeviceSettingsService() { - if (g_device_settings_service_for_testing) - return g_device_settings_service_for_testing; - return DeviceSettingsService::IsInitialized() ? DeviceSettingsService::Get() - : NULL; +// Returns the current management mode. +em::PolicyData::ManagementMode GetManagementMode( + DeviceSettingsService* service) { + if (!service) { + LOG(ERROR) << "DeviceSettingsService is not initialized"; + return em::PolicyData::NOT_MANAGED; + } + + const em::PolicyData* policy_data = service->policy_data(); + if (policy_data && policy_data->has_management_mode()) + return policy_data->management_mode(); + return em::PolicyData::NOT_MANAGED; +} + +// Returns true if it is okay to transfer from the current mode to the new +// mode. This function should be called in SetManagementMode(). +bool CheckManagementModeTransition(em::PolicyData::ManagementMode current_mode, + em::PolicyData::ManagementMode new_mode) { + // Mode is not changed. + if (current_mode == new_mode) + return true; + + switch (current_mode) { + case em::PolicyData::NOT_MANAGED: + // For consumer management enrollment. + return new_mode == em::PolicyData::CONSUMER_MANAGED; + + case em::PolicyData::ENTERPRISE_MANAGED: + // Management mode cannot be set when it is currently ENTERPRISE_MANAGED. + return false; + + case em::PolicyData::CONSUMER_MANAGED: + // For consumer management unenrollment. + return new_mode == em::PolicyData::NOT_MANAGED; + } + + NOTREACHED(); + return false; } } // namespace -OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( +OwnerSettingsService::OwnerSettingsService( Profile* profile, const scoped_refptr& owner_key_util) - : ownership::OwnerSettingsService(owner_key_util), - profile_(profile), + : profile_(profile), + owner_key_util_(owner_key_util), waiting_for_profile_creation_(true), waiting_for_tpm_token_(true), weak_factory_(this) { if (TPMTokenLoader::IsInitialized()) { TPMTokenLoader::TPMTokenStatus tpm_token_status = TPMTokenLoader::Get()->IsTPMTokenEnabled( - base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady, - weak_factory_.GetWeakPtr())); + base::Bind(&OwnerSettingsService::OnTPMTokenReady, as_weak_ptr())); waiting_for_tpm_token_ = tpm_token_status == TPMTokenLoader::TPM_TOKEN_STATUS_UNDETERMINED; } @@ -172,7 +259,7 @@ OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS( content::Source(profile_)); } -OwnerSettingsServiceChromeOS::~OwnerSettingsServiceChromeOS() { +OwnerSettingsService::~OwnerSettingsService() { DCHECK(thread_checker_.CalledOnValidThread()); if (DBusThreadManager::IsInitialized() && DBusThreadManager::Get()->GetSessionManagerClient()) { @@ -180,32 +267,80 @@ OwnerSettingsServiceChromeOS::~OwnerSettingsServiceChromeOS() { } } -void OwnerSettingsServiceChromeOS::OnTPMTokenReady( - bool /* tpm_token_enabled */) { +bool OwnerSettingsService::IsOwner() { DCHECK(thread_checker_.CalledOnValidThread()); - waiting_for_tpm_token_ = false; + return private_key_ && private_key_->key(); +} - // TPMTokenLoader initializes the TPM and NSS database which is necessary to - // determine ownership. Force a reload once we know these are initialized. - ReloadKeypair(); +void OwnerSettingsService::IsOwnerAsync(const IsOwnerCallback& callback) { + DCHECK(thread_checker_.CalledOnValidThread()); + if (private_key_) { + base::MessageLoop::current()->PostTask(FROM_HERE, + base::Bind(callback, IsOwner())); + } else { + pending_is_owner_callbacks_.push_back(callback); + } } -void OwnerSettingsServiceChromeOS::SignAndStorePolicyAsync( +bool OwnerSettingsService::AssembleAndSignPolicyAsync( scoped_ptr policy, + const AssembleAndSignPolicyCallback& callback) { + DCHECK(thread_checker_.CalledOnValidThread()); + if (!IsOwner()) + return false; + base::PostTaskAndReplyWithResult( + BrowserThread::GetBlockingPool(), + FROM_HERE, + base::Bind( + &AssembleAndSignPolicy, base::Passed(&policy), private_key_->key()), + callback); + return true; +} + +void OwnerSettingsService::SignAndStoreAsync( + scoped_ptr settings, const base::Closure& callback) { DCHECK(thread_checker_.CalledOnValidThread()); - SignAndStoreSettingsOperation* operation = new SignAndStoreSettingsOperation( - base::Bind(&OwnerSettingsServiceChromeOS::HandleCompletedOperation, - weak_factory_.GetWeakPtr(), - callback), - policy.Pass()); - operation->set_owner_settings_service(weak_factory_.GetWeakPtr()); - pending_operations_.push_back(operation); - if (pending_operations_.front() == operation) - StartNextOperation(); + scoped_ptr policy = AssemblePolicy( + user_id_, GetDeviceSettingsService()->policy_data(), settings.get()); + if (!policy) { + HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); + return; + } + + EnqueueSignAndStore(policy.Pass(), callback); } -void OwnerSettingsServiceChromeOS::Observe( +void OwnerSettingsService::SetManagementSettingsAsync( + em::PolicyData::ManagementMode management_mode, + const std::string& request_token, + const std::string& device_id, + const base::Closure& callback) { + em::PolicyData::ManagementMode current_mode = + GetManagementMode(GetDeviceSettingsService()); + if (!CheckManagementModeTransition(current_mode, management_mode)) { + LOG(ERROR) << "Invalid management mode transition: current mode = " + << current_mode << ", new mode = " << management_mode; + HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); + return; + } + + DeviceSettingsService* service = GetDeviceSettingsService(); + scoped_ptr policy = AssemblePolicy( + user_id_, service->policy_data(), service->device_settings()); + if (!policy) { + HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); + return; + } + + policy->set_management_mode(management_mode); + policy->set_request_token(request_token); + policy->set_device_id(device_id); + + EnqueueSignAndStore(policy.Pass(), callback); +} + +void OwnerSettingsService::Observe( int type, const content::NotificationSource& source, const content::NotificationDetails& details) { @@ -222,17 +357,26 @@ void OwnerSettingsServiceChromeOS::Observe( } waiting_for_profile_creation_ = false; - ReloadKeypair(); + ReloadPrivateKey(); } -void OwnerSettingsServiceChromeOS::OwnerKeySet(bool success) { +void OwnerSettingsService::OnTPMTokenReady(bool /* unused token_enabled */) { + DCHECK(thread_checker_.CalledOnValidThread()); + waiting_for_tpm_token_ = false; + + // TPMTokenLoader initializes the TPM and NSS database which is necessary to + // determine ownership. Force a reload once we know these are initialized. + ReloadPrivateKey(); +} + +void OwnerSettingsService::OwnerKeySet(bool success) { DCHECK(thread_checker_.CalledOnValidThread()); if (success) - ReloadKeypair(); + ReloadPrivateKey(); } // static -void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( +void OwnerSettingsService::IsOwnerForSafeModeAsync( const std::string& user_hash, const scoped_refptr& owner_key_util, const IsOwnerCallback& callback) { @@ -250,49 +394,74 @@ void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync( } // static -void OwnerSettingsServiceChromeOS::SetDeviceSettingsServiceForTesting( +void OwnerSettingsService::SetDeviceSettingsServiceForTesting( DeviceSettingsService* device_settings_service) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); g_device_settings_service_for_testing = device_settings_service; } -void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() { - DCHECK(thread_checker_.CalledOnValidThread()); - - user_id_ = profile_->GetProfileName(); - const bool is_owner = IsOwner() || IsOwnerInTests(user_id_); - if (is_owner && GetDeviceSettingsService()) - GetDeviceSettingsService()->InitOwner(user_id_, weak_factory_.GetWeakPtr()); -} - -void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback< - void(const scoped_refptr& public_key, - const scoped_refptr& private_key)>& callback) { +void OwnerSettingsService::ReloadPrivateKey() { DCHECK(thread_checker_.CalledOnValidThread()); - if (waiting_for_profile_creation_ || waiting_for_tpm_token_) return; scoped_refptr task_runner = - BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( - base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); + content::BrowserThread::GetBlockingPool() + ->GetTaskRunnerWithShutdownBehavior( + base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); task_runner->PostTask( FROM_HERE, base::Bind(&LoadPrivateKey, - owner_key_util_, + GetOwnerKeyUtil(), ProfileHelper::GetUserIdHashFromProfile(profile_), - callback)); + base::Bind(&OwnerSettingsService::OnPrivateKeyLoaded, + weak_factory_.GetWeakPtr()))); } -void OwnerSettingsServiceChromeOS::StartNextOperation() { +void OwnerSettingsService::OnPrivateKeyLoaded( + scoped_refptr public_key, + scoped_refptr private_key) { + DCHECK(thread_checker_.CalledOnValidThread()); + public_key_ = public_key; + private_key_ = private_key; + + user_id_ = profile_->GetProfileName(); + const bool is_owner = IsOwner() || IsOwnerInTests(user_id_); + if (is_owner && GetDeviceSettingsService()) + GetDeviceSettingsService()->InitOwner(user_id_, weak_factory_.GetWeakPtr()); + + std::vector is_owner_callbacks; + is_owner_callbacks.swap(pending_is_owner_callbacks_); + for (std::vector::iterator it(is_owner_callbacks.begin()); + it != is_owner_callbacks.end(); + ++it) { + it->Run(is_owner); + } +} + +void OwnerSettingsService::EnqueueSignAndStore( + scoped_ptr policy, + const base::Closure& callback) { + SignAndStoreSettingsOperation* operation = new SignAndStoreSettingsOperation( + base::Bind(&OwnerSettingsService::HandleCompletedOperation, + weak_factory_.GetWeakPtr(), + callback), + policy.Pass()); + operation->set_delegate(weak_factory_.GetWeakPtr()); + pending_operations_.push_back(operation); + if (pending_operations_.front() == operation) + StartNextOperation(); +} + +void OwnerSettingsService::StartNextOperation() { DeviceSettingsService* service = GetDeviceSettingsService(); if (!pending_operations_.empty() && service && service->session_manager_client()) { pending_operations_.front()->Start( - service->session_manager_client(), owner_key_util_, public_key_); + service->session_manager_client(), GetOwnerKeyUtil(), public_key_); } } -void OwnerSettingsServiceChromeOS::HandleCompletedOperation( +void OwnerSettingsService::HandleCompletedOperation( const base::Closure& callback, SessionManagerOperation* operation, DeviceSettingsService::Status status) { @@ -308,10 +477,10 @@ void OwnerSettingsServiceChromeOS::HandleCompletedOperation( (operation->public_key() && public_key_ && operation->public_key()->data() != public_key_->data())) { // Public part changed so we need to reload private part too. - ReloadKeypair(); + ReloadPrivateKey(); content::NotificationService::current()->Notify( chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED, - content::Source(this), + content::Source(this), content::NotificationService::NoDetails()); } service->OnSignAndStoreOperationCompleted(status); @@ -323,4 +492,26 @@ void OwnerSettingsServiceChromeOS::HandleCompletedOperation( StartNextOperation(); } +void OwnerSettingsService::HandleError(DeviceSettingsService::Status status, + const base::Closure& callback) { + LOG(ERROR) << "Session manager operation failed: " << status; + GetDeviceSettingsService()->OnSignAndStoreOperationCompleted(status); + if (!callback.is_null()) + callback.Run(); +} + +scoped_refptr OwnerSettingsService::GetOwnerKeyUtil() { + DCHECK(thread_checker_.CalledOnValidThread()); + return owner_key_util_; +} + +DeviceSettingsService* OwnerSettingsService::GetDeviceSettingsService() { + DCHECK(thread_checker_.CalledOnValidThread()); + if (g_device_settings_service_for_testing) + return g_device_settings_service_for_testing; + if (DeviceSettingsService::IsInitialized()) + return DeviceSettingsService::Get(); + return NULL; +} + } // namespace chromeos diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h b/chrome/browser/chromeos/ownership/owner_settings_service.h similarity index 52% rename from chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h rename to chrome/browser/chromeos/ownership/owner_settings_service.h index 3ef3d7edeff8a3..37bbabb52cd709 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h +++ b/chrome/browser/chromeos/ownership/owner_settings_service.h @@ -2,51 +2,60 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ -#define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ +#ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ +#define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ #include #include -#include "base/callback_forward.h" +#include "base/callback.h" #include "base/compiler_specific.h" #include "base/macros.h" +#include "base/memory/weak_ptr.h" +#include "base/threading/thread_checker.h" #include "chrome/browser/chromeos/settings/device_settings_service.h" #include "chromeos/dbus/session_manager_client.h" #include "components/keyed_service/core/keyed_service.h" #include "components/ownership/owner_key_util.h" -#include "components/ownership/owner_settings_service.h" #include "content/public/browser/notification_observer.h" #include "content/public/browser/notification_registrar.h" class Profile; -namespace ownership { -class OwnerKeyUtil; -} - namespace chromeos { class SessionManagerOperation; -// The class is a profile-keyed service which holds public/private -// keypair corresponds to a profile. The keypair is reloaded automatically when -// profile is created and TPM token is ready. Note that the private part of a -// key can be loaded only for the owner. +// This class reloads owner key from profile NSS slots. // // TODO (ygorshenin@): move write path for device settings here // (crbug.com/230018). -class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, - public content::NotificationObserver, - public SessionManagerClient::Observer { +class OwnerSettingsService : public DeviceSettingsService::PrivateKeyDelegate, + public KeyedService, + public content::NotificationObserver, + public SessionManagerClient::Observer { public: - virtual ~OwnerSettingsServiceChromeOS(); + virtual ~OwnerSettingsService(); + + base::WeakPtr as_weak_ptr() { + return weak_factory_.GetWeakPtr(); + } void OnTPMTokenReady(bool tpm_token_enabled); - // ownership::OwnerSettingsService implementation: - virtual void SignAndStorePolicyAsync( + // DeviceSettingsService::PrivateKeyDelegate implementation: + virtual bool IsOwner() OVERRIDE; + virtual void IsOwnerAsync(const IsOwnerCallback& callback) OVERRIDE; + virtual bool AssembleAndSignPolicyAsync( scoped_ptr policy, + const AssembleAndSignPolicyCallback& callback) OVERRIDE; + virtual void SignAndStoreAsync( + scoped_ptr settings, + const base::Closure& callback) OVERRIDE; + virtual void SetManagementSettingsAsync( + enterprise_management::PolicyData::ManagementMode management_mode, + const std::string& request_token, + const std::string& device_id, const base::Closure& callback) OVERRIDE; // NotificationObserver implementation: @@ -68,22 +77,23 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, DeviceSettingsService* device_settings_service); private: - friend class OwnerSettingsServiceChromeOSFactory; + friend class OwnerSettingsServiceFactory; - OwnerSettingsServiceChromeOS( + OwnerSettingsService( Profile* profile, const scoped_refptr& owner_key_util); - // OwnerSettingsService protected interface overrides: + // Reloads private key from profile's NSS slots. Responds via call + // to OnPrivateKeyLoaded(). + void ReloadPrivateKey(); - // Reloads private key from profile's NSS slots, responds via |callback|. - virtual void ReloadKeypairImpl(const base::Callback< - void(const scoped_refptr& public_key, - const scoped_refptr& private_key)>& callback) - OVERRIDE; + // Called when ReloadPrivateKey() completes it's work. + void OnPrivateKeyLoaded(scoped_refptr public_key, + scoped_refptr private_key); - // Possibly notifies DeviceSettingsService that owner's keypair is loaded. - virtual void OnPostKeypairLoadedActions() OVERRIDE; + // Puts request to perform sign-and-store operation in the queue. + void EnqueueSignAndStore(scoped_ptr policy, + const base::Closure& callback); // Performs next operation in the queue. void StartNextOperation(); @@ -93,12 +103,33 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, SessionManagerOperation* operation, DeviceSettingsService::Status status); + // Called when it's not possible to store settings. + void HandleError(DeviceSettingsService::Status status, + const base::Closure& callback); + + // Returns testing instance of OwnerKeyUtil when it's set, otherwise + // returns |owner_key_util_|. + scoped_refptr GetOwnerKeyUtil(); + + // Returns testing instance of DeviceSettingsService when it's set, + // otherwise returns pointer to a singleton instance, when it's + // initialized. + DeviceSettingsService* GetDeviceSettingsService(); + // Profile this service instance belongs to. Profile* profile_; // User ID this service instance belongs to. std::string user_id_; + scoped_refptr public_key_; + + scoped_refptr private_key_; + + scoped_refptr owner_key_util_; + + std::vector pending_is_owner_callbacks_; + // Whether profile still needs to be initialized. bool waiting_for_profile_creation_; @@ -111,11 +142,13 @@ class OwnerSettingsServiceChromeOS : public ownership::OwnerSettingsService, content::NotificationRegistrar registrar_; - base::WeakPtrFactory weak_factory_; + base::ThreadChecker thread_checker_; + + base::WeakPtrFactory weak_factory_; - DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOS); + DISALLOW_COPY_AND_ASSIGN(OwnerSettingsService); }; } // namespace chromeos -#endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ +#endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc b/chrome/browser/chromeos/ownership/owner_settings_service_factory.cc similarity index 62% rename from chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc rename to chrome/browser/chromeos/ownership/owner_settings_service_factory.cc index b971f3407aee59..4f2e79d1491152 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc +++ b/chrome/browser/chromeos/ownership/owner_settings_service_factory.cc @@ -2,10 +2,10 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "base/path_service.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/profiles/profile.h" #include "chromeos/chromeos_paths.h" @@ -15,30 +15,29 @@ namespace chromeos { -OwnerSettingsServiceChromeOSFactory::OwnerSettingsServiceChromeOSFactory() +OwnerSettingsServiceFactory::OwnerSettingsServiceFactory() : BrowserContextKeyedServiceFactory( "OwnerSettingsService", BrowserContextDependencyManager::GetInstance()) { } -OwnerSettingsServiceChromeOSFactory::~OwnerSettingsServiceChromeOSFactory() { +OwnerSettingsServiceFactory::~OwnerSettingsServiceFactory() { } // static -OwnerSettingsServiceChromeOS* -OwnerSettingsServiceChromeOSFactory::GetForProfile(Profile* profile) { - return static_cast( +OwnerSettingsService* OwnerSettingsServiceFactory::GetForProfile( + Profile* profile) { + return static_cast( GetInstance()->GetServiceForBrowserContext(profile, true)); } // static -OwnerSettingsServiceChromeOSFactory* -OwnerSettingsServiceChromeOSFactory::GetInstance() { - return Singleton::get(); +OwnerSettingsServiceFactory* OwnerSettingsServiceFactory::GetInstance() { + return Singleton::get(); } scoped_refptr -OwnerSettingsServiceChromeOSFactory::GetOwnerKeyUtil() { +OwnerSettingsServiceFactory::GetOwnerKeyUtil() { if (owner_key_util_.get()) return owner_key_util_; base::FilePath public_key_path; @@ -48,27 +47,25 @@ OwnerSettingsServiceChromeOSFactory::GetOwnerKeyUtil() { return owner_key_util_; } -void OwnerSettingsServiceChromeOSFactory::SetOwnerKeyUtilForTesting( +void OwnerSettingsServiceFactory::SetOwnerKeyUtilForTesting( const scoped_refptr& owner_key_util) { owner_key_util_ = owner_key_util; } // static -KeyedService* OwnerSettingsServiceChromeOSFactory::BuildInstanceFor( +KeyedService* OwnerSettingsServiceFactory::BuildInstanceFor( content::BrowserContext* browser_context) { Profile* profile = static_cast(browser_context); if (profile->IsGuestSession() || ProfileHelper::IsSigninProfile(profile)) return NULL; - return new OwnerSettingsServiceChromeOS(profile, - GetInstance()->GetOwnerKeyUtil()); + return new OwnerSettingsService(profile, GetInstance()->GetOwnerKeyUtil()); } -bool OwnerSettingsServiceChromeOSFactory::ServiceIsCreatedWithBrowserContext() - const { +bool OwnerSettingsServiceFactory::ServiceIsCreatedWithBrowserContext() const { return true; } -KeyedService* OwnerSettingsServiceChromeOSFactory::BuildServiceInstanceFor( +KeyedService* OwnerSettingsServiceFactory::BuildServiceInstanceFor( content::BrowserContext* context) const { return BuildInstanceFor(context); } diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h b/chrome/browser/chromeos/ownership/owner_settings_service_factory.h similarity index 70% rename from chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h rename to chrome/browser/chromeos/ownership/owner_settings_service_factory.h index 3409456ef6c80c..597656b76ad20a 100644 --- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h +++ b/chrome/browser/chromeos/ownership/owner_settings_service_factory.h @@ -2,8 +2,10 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_FACTORY_H_ -#define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_FACTORY_H_ +#ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_FACTORY_H_ +#define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_FACTORY_H_ + +#include #include "base/compiler_specific.h" #include "base/macros.h" @@ -20,14 +22,13 @@ class OwnerKeyUtil; namespace chromeos { -class OwnerSettingsServiceChromeOS; +class OwnerSettingsService; -class OwnerSettingsServiceChromeOSFactory - : public BrowserContextKeyedServiceFactory { +class OwnerSettingsServiceFactory : public BrowserContextKeyedServiceFactory { public: - static OwnerSettingsServiceChromeOS* GetForProfile(Profile* profile); + static OwnerSettingsService* GetForProfile(Profile* profile); - static OwnerSettingsServiceChromeOSFactory* GetInstance(); + static OwnerSettingsServiceFactory* GetInstance(); scoped_refptr GetOwnerKeyUtil(); @@ -35,10 +36,10 @@ class OwnerSettingsServiceChromeOSFactory const scoped_refptr& owner_key_util); private: - friend struct DefaultSingletonTraits; + friend struct DefaultSingletonTraits; - OwnerSettingsServiceChromeOSFactory(); - virtual ~OwnerSettingsServiceChromeOSFactory(); + OwnerSettingsServiceFactory(); + virtual ~OwnerSettingsServiceFactory(); static KeyedService* BuildInstanceFor(content::BrowserContext* context); @@ -51,9 +52,9 @@ class OwnerSettingsServiceChromeOSFactory scoped_refptr owner_key_util_; - DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOSFactory); + DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceFactory); }; } // namespace chromeos -#endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_FACTORY_H_ +#endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_FACTORY_H_ diff --git a/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc b/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc index 6f617502f64ace..79d79b9c71e7bb 100644 --- a/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc +++ b/chrome/browser/chromeos/settings/device_settings_provider_unittest.cc @@ -13,6 +13,8 @@ #include "base/test/scoped_path_override.h" #include "base/values.h" #include "chrome/browser/chromeos/login/users/fake_user_manager.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/device_local_account.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" diff --git a/chrome/browser/chromeos/settings/device_settings_service.cc b/chrome/browser/chromeos/settings/device_settings_service.cc index 36de11dff7393d..9ba93243c923ee 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.cc +++ b/chrome/browser/chromeos/settings/device_settings_service.cc @@ -35,62 +35,6 @@ int kLoadRetryDelayMs = 1000 * 5; // of retry time. int kMaxLoadRetries = (1000 * 60 * 10) / kLoadRetryDelayMs; -// Assembles PolicyData based on |settings|, |policy_data| and -// |user_id|. -scoped_ptr AssemblePolicy( - const std::string& user_id, - const em::PolicyData* policy_data, - const em::ChromeDeviceSettingsProto* settings) { - scoped_ptr policy(new em::PolicyData()); - if (policy_data) { - // Preserve management settings. - if (policy_data->has_management_mode()) - policy->set_management_mode(policy_data->management_mode()); - if (policy_data->has_request_token()) - policy->set_request_token(policy_data->request_token()); - if (policy_data->has_device_id()) - policy->set_device_id(policy_data->device_id()); - } else { - // If there's no previous policy data, this is the first time the device - // setting is set. We set the management mode to NOT_MANAGED initially. - policy->set_management_mode(em::PolicyData::NOT_MANAGED); - } - policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType); - policy->set_timestamp( - (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds()); - policy->set_username(user_id); - if (!settings->SerializeToString(policy->mutable_policy_value())) - return scoped_ptr(); - - return policy.Pass(); -} - -// Returns true if it is okay to transfer from the current mode to the new -// mode. This function should be called in SetManagementMode(). -bool CheckManagementModeTransition(em::PolicyData::ManagementMode current_mode, - em::PolicyData::ManagementMode new_mode) { - // Mode is not changed. - if (current_mode == new_mode) - return true; - - switch (current_mode) { - case em::PolicyData::NOT_MANAGED: - // For consumer management enrollment. - return new_mode == em::PolicyData::CONSUMER_MANAGED; - - case em::PolicyData::ENTERPRISE_MANAGED: - // Management mode cannot be set when it is currently ENTERPRISE_MANAGED. - return false; - - case em::PolicyData::CONSUMER_MANAGED: - // For consumer management unenrollment. - return new_mode == em::PolicyData::NOT_MANAGED; - } - - NOTREACHED(); - return false; -} - } // namespace namespace chromeos { @@ -172,18 +116,10 @@ void DeviceSettingsService::Load() { void DeviceSettingsService::SignAndStore( scoped_ptr new_settings, const base::Closure& callback) { - if (!owner_settings_service_) { + if (!delegate_) HandleError(STORE_KEY_UNAVAILABLE, callback); - return; - } - scoped_ptr policy = - AssemblePolicy(GetUsername(), policy_data(), new_settings.get()); - if (!policy) { - HandleError(STORE_POLICY_ERROR, callback); - return; - } - - owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); + else + delegate_->SignAndStoreAsync(new_settings.Pass(), callback); } void DeviceSettingsService::SetManagementSettings( @@ -191,34 +127,12 @@ void DeviceSettingsService::SetManagementSettings( const std::string& request_token, const std::string& device_id, const base::Closure& callback) { - if (!owner_settings_service_) { + if (!delegate_) { HandleError(STORE_KEY_UNAVAILABLE, callback); - return; - } - - em::PolicyData::ManagementMode current_mode = em::PolicyData::NOT_MANAGED; - if (policy_data() && policy_data()->has_management_mode()) - current_mode = policy_data()->management_mode(); - - if (!CheckManagementModeTransition(current_mode, management_mode)) { - LOG(ERROR) << "Invalid management mode transition: current mode = " - << current_mode << ", new mode = " << management_mode; - HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); - return; - } - - scoped_ptr policy = - AssemblePolicy(GetUsername(), policy_data(), device_settings()); - if (!policy) { - HandleError(DeviceSettingsService::STORE_POLICY_ERROR, callback); - return; + } else { + delegate_->SetManagementSettingsAsync( + management_mode, request_token, device_id, callback); } - - policy->set_management_mode(management_mode); - policy->set_request_token(request_token); - policy->set_device_id(device_id); - - owner_settings_service_->SignAndStorePolicyAsync(policy.Pass(), callback); } void DeviceSettingsService::Store(scoped_ptr policy, @@ -255,19 +169,18 @@ void DeviceSettingsService::GetOwnershipStatusAsync( } bool DeviceSettingsService::HasPrivateOwnerKey() { - return owner_settings_service_ && owner_settings_service_->IsOwner(); + return delegate_ && delegate_->IsOwner(); } void DeviceSettingsService::InitOwner( const std::string& username, - const base::WeakPtr& - owner_settings_service) { + const base::WeakPtr& delegate) { // When InitOwner() is called twice with the same |username| it's // worth to reload settings since owner key may become available. if (!username_.empty() && username_ != username) return; username_ = username; - owner_settings_service_ = owner_settings_service; + delegate_ = delegate; EnsureReload(true); } @@ -317,15 +230,14 @@ void DeviceSettingsService::EnqueueLoad(bool force_key_load) { base::Closure())); operation->set_force_key_load(force_key_load); operation->set_username(username_); - operation->set_owner_settings_service(owner_settings_service_); + operation->set_delegate(delegate_); Enqueue(operation); } void DeviceSettingsService::EnsureReload(bool force_key_load) { if (!pending_operations_.empty()) { pending_operations_.front()->set_username(username_); - pending_operations_.front()->set_owner_settings_service( - owner_settings_service_); + pending_operations_.front()->set_delegate(delegate_); pending_operations_.front()->RestartLoad(force_key_load); } else { EnqueueLoad(force_key_load); diff --git a/chrome/browser/chromeos/settings/device_settings_service.h b/chrome/browser/chromeos/settings/device_settings_service.h index d29e6896c1c55e..b514037ad74e16 100644 --- a/chrome/browser/chromeos/settings/device_settings_service.h +++ b/chrome/browser/chromeos/settings/device_settings_service.h @@ -17,7 +17,6 @@ #include "base/observer_list.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chromeos/dbus/session_manager_client.h" -#include "components/ownership/owner_settings_service.h" #include "components/policy/core/common/cloud/cloud_policy_validator.h" #include "crypto/scoped_nss_types.h" #include "policy/proto/device_management_backend.pb.h" @@ -83,6 +82,48 @@ class DeviceSettingsService : public SessionManagerClient::Observer { virtual void DeviceSettingsUpdated() = 0; }; + class PrivateKeyDelegate { + public: + typedef base::Callback IsOwnerCallback; + typedef base::Callback + AssembleAndSignPolicyCallback; + + virtual ~PrivateKeyDelegate() {} + + // Returns whether current user is owner or not. When this method + // is called too early, incorrect result can be returned because + // private key loading may be in progress. + virtual bool IsOwner() = 0; + + // Determines whether current user is owner or not, responds via + // |callback|. + virtual void IsOwnerAsync(const IsOwnerCallback& callback) = 0; + + // Assembles and signs |policy|, responds via |callback|. + virtual bool AssembleAndSignPolicyAsync( + scoped_ptr policy, + const AssembleAndSignPolicyCallback& callback) = 0; + + // Signs |settings| with the private half of the owner key and sends + // the resulting policy blob to session manager for storage. The + // result of the operation is reported through |callback|. If + // successful, the updated device settings are present in + // policy_data() and device_settings() when the callback runs. + virtual void SignAndStoreAsync( + scoped_ptr settings, + const base::Closure& callback) = 0; + + // Sets the management related settings in PolicyData. Note that if + // |management_mode| is NOT_MANAGED, |request_token| and |device_id| + // should be empty strings. The result of the operation is reported + // through |callback|. + virtual void SetManagementSettingsAsync( + enterprise_management::PolicyData::ManagementMode management_mode, + const std::string& request_token, + const std::string& device_id, + const base::Closure& callback) = 0; + }; + // Manage singleton instance. static void Initialize(); static bool IsInitialized(); @@ -164,9 +205,7 @@ class DeviceSettingsService : public SessionManagerClient::Observer { // Sets the identity of the user that's interacting with the service. This is // relevant only for writing settings through SignAndStore(). void InitOwner(const std::string& username, - const base::WeakPtr& - owner_settings_service); - + const base::WeakPtr& delegate); const std::string& GetUsername() const; // Adds an observer. @@ -179,7 +218,7 @@ class DeviceSettingsService : public SessionManagerClient::Observer { virtual void PropertyChangeComplete(bool success) OVERRIDE; private: - friend class OwnerSettingsServiceChromeOS; + friend class OwnerSettingsService; // Enqueues a new operation. Takes ownership of |operation| and starts it // right away if there is no active operation currently. @@ -226,7 +265,7 @@ class DeviceSettingsService : public SessionManagerClient::Observer { std::string username_; scoped_refptr public_key_; - base::WeakPtr owner_settings_service_; + base::WeakPtr delegate_; scoped_ptr policy_data_; scoped_ptr device_settings_; diff --git a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc index 3515a67f00044d..4c293a54586868 100644 --- a/chrome/browser/chromeos/settings/device_settings_service_unittest.cc +++ b/chrome/browser/chromeos/settings/device_settings_service_unittest.cc @@ -9,8 +9,8 @@ #include "base/bind_helpers.h" #include "base/compiler_specific.h" #include "base/time/time.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" #include "chrome/test/base/testing_profile.h" @@ -497,8 +497,8 @@ TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForNonOwner) { const std::string& user_id = device_policy_.policy_data().username(); InitOwner(user_id, false); - OwnerSettingsServiceChromeOS* service = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); + OwnerSettingsService* service = + OwnerSettingsServiceFactory::GetForProfile(profile_.get()); ASSERT_TRUE(service); service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner, base::Unretained(this))); @@ -542,8 +542,8 @@ TEST_F(DeviceSettingsServiceTest, OnTPMTokenReadyForOwner) { const std::string& user_id = device_policy_.policy_data().username(); owner_key_util_->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); InitOwner(user_id, false); - OwnerSettingsServiceChromeOS* service = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); + OwnerSettingsService* service = + OwnerSettingsServiceFactory::GetForProfile(profile_.get()); ASSERT_TRUE(service); service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner, base::Unretained(this))); @@ -599,8 +599,8 @@ TEST_F(DeviceSettingsServiceTest, IsCurrentUserOwnerAsyncWithLoadedCerts) { device_settings_service_.GetOwnershipStatus()); EXPECT_FALSE(is_owner_set_); - OwnerSettingsServiceChromeOS* service = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); + OwnerSettingsService* service = + OwnerSettingsServiceFactory::GetForProfile(profile_.get()); ASSERT_TRUE(service); service->IsOwnerAsync(base::Bind(&DeviceSettingsServiceTest::OnIsOwner, base::Unretained(this))); diff --git a/chrome/browser/chromeos/settings/device_settings_test_helper.cc b/chrome/browser/chromeos/settings/device_settings_test_helper.cc index 9225906e3d3896..518e8246620563 100644 --- a/chrome/browser/chromeos/settings/device_settings_test_helper.cc +++ b/chrome/browser/chromeos/settings/device_settings_test_helper.cc @@ -7,8 +7,8 @@ #include "base/message_loop/message_loop.h" #include "base/run_loop.h" #include "base/threading/sequenced_worker_pool.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/chromeos/settings/device_settings_service.h" @@ -207,7 +207,7 @@ DeviceSettingsTestBase::DeviceSettingsTestBase() : user_manager_(new FakeUserManager()), user_manager_enabler_(user_manager_), owner_key_util_(new ownership::MockOwnerKeyUtil()) { - OwnerSettingsServiceChromeOSFactory::GetInstance()->SetOwnerKeyUtilForTesting( + OwnerSettingsServiceFactory::GetInstance()->SetOwnerKeyUtilForTesting( owner_key_util_); } @@ -228,13 +228,13 @@ void DeviceSettingsTestBase::SetUp() { device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); device_settings_service_.SetSessionManager(&device_settings_test_helper_, owner_key_util_); - OwnerSettingsServiceChromeOS::SetDeviceSettingsServiceForTesting( + OwnerSettingsService::SetDeviceSettingsServiceForTesting( &device_settings_service_); profile_.reset(new TestingProfile()); } void DeviceSettingsTestBase::TearDown() { - OwnerSettingsServiceChromeOS::SetDeviceSettingsServiceForTesting(NULL); + OwnerSettingsService::SetDeviceSettingsServiceForTesting(NULL); FlushDeviceSettings(); device_settings_service_.UnsetSessionManager(); DBusThreadManager::Shutdown(); @@ -259,8 +259,8 @@ void DeviceSettingsTestBase::InitOwner(const std::string& user_id, ProfileHelper::Get()->SetUserToProfileMappingForTesting(user, profile_.get()); } - OwnerSettingsServiceChromeOS* service = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); + OwnerSettingsService* service = + OwnerSettingsServiceFactory::GetForProfile(profile_.get()); CHECK(service); if (tpm_is_ready) service->OnTPMTokenReady(true /* token is enabled */); diff --git a/chrome/browser/chromeos/settings/session_manager_operation.cc b/chrome/browser/chromeos/settings/session_manager_operation.cc index 33832aa31e7ac0..436ea0f416c627 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation.cc +++ b/chrome/browser/chromeos/settings/session_manager_operation.cc @@ -251,23 +251,22 @@ SignAndStoreSettingsOperation::SignAndStoreSettingsOperation( SignAndStoreSettingsOperation::~SignAndStoreSettingsOperation() {} void SignAndStoreSettingsOperation::Run() { - if (!owner_settings_service_) { + if (!delegate_) { ReportResult(DeviceSettingsService::STORE_KEY_UNAVAILABLE); return; } - owner_settings_service_->IsOwnerAsync( + delegate_->IsOwnerAsync( base::Bind(&SignAndStoreSettingsOperation::StartSigning, weak_factory_.GetWeakPtr())); } void SignAndStoreSettingsOperation::StartSigning(bool is_owner) { - if (!owner_settings_service_ || !is_owner) { + if (!delegate_ || !is_owner) { ReportResult(DeviceSettingsService::STORE_KEY_UNAVAILABLE); return; } - bool rv = owner_settings_service_->AssembleAndSignPolicyAsync( - content::BrowserThread::GetBlockingPool(), + bool rv = delegate_->AssembleAndSignPolicyAsync( new_policy_.Pass(), base::Bind(&SignAndStoreSettingsOperation::StoreDeviceSettingsBlob, weak_factory_.GetWeakPtr())); diff --git a/chrome/browser/chromeos/settings/session_manager_operation.h b/chrome/browser/chromeos/settings/session_manager_operation.h index 66ba738c4533f3..a7484b521853f7 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation.h +++ b/chrome/browser/chromeos/settings/session_manager_operation.h @@ -11,7 +11,6 @@ #include "base/memory/scoped_ptr.h" #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" #include "chrome/browser/chromeos/settings/device_settings_service.h" -#include "components/ownership/owner_settings_service.h" #include "net/cert/x509_util_nss.h" namespace enterprise_management { @@ -70,9 +69,9 @@ class SessionManagerOperation { void set_username(const std::string& username) { username_ = username; } - void set_owner_settings_service(const base::WeakPtr< - ownership::OwnerSettingsService>& owner_settings_service) { - owner_settings_service_ = owner_settings_service; + void set_delegate(const base::WeakPtr< + DeviceSettingsService::PrivateKeyDelegate>& delegate) { + delegate_ = delegate; } protected: @@ -93,7 +92,7 @@ class SessionManagerOperation { return session_manager_client_; } - base::WeakPtr owner_settings_service_; + base::WeakPtr delegate_; private: // Loads the owner key from disk. Must be run on a thread that can do I/O. diff --git a/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc b/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc index 3ad70f432f360f..6229bd7b286f5e 100644 --- a/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc +++ b/chrome/browser/chromeos/settings/session_manager_operation_unittest.cc @@ -11,8 +11,8 @@ #include "base/memory/scoped_ptr.h" #include "base/message_loop/message_loop.h" #include "base/time/time.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" #include "chrome/test/base/testing_profile.h" @@ -40,8 +40,8 @@ class SessionManagerOperationTest : public testing::Test { file_thread_(content::BrowserThread::FILE, &message_loop_), owner_key_util_(new ownership::MockOwnerKeyUtil()), validated_(false) { - OwnerSettingsServiceChromeOSFactory::GetInstance() - ->SetOwnerKeyUtilForTesting(owner_key_util_); + OwnerSettingsServiceFactory::GetInstance()->SetOwnerKeyUtilForTesting( + owner_key_util_); } virtual void SetUp() OVERRIDE { @@ -49,8 +49,7 @@ class SessionManagerOperationTest : public testing::Test { policy_.Build(); profile_.reset(new TestingProfile()); - service_ = - OwnerSettingsServiceChromeOSFactory::GetForProfile(profile_.get()); + service_ = OwnerSettingsServiceFactory::GetForProfile(profile_.get()); } MOCK_METHOD2(OnOperationCompleted, @@ -83,7 +82,7 @@ class SessionManagerOperationTest : public testing::Test { scoped_refptr owner_key_util_; scoped_ptr profile_; - OwnerSettingsServiceChromeOS* service_; + OwnerSettingsService* service_; bool validated_; @@ -221,7 +220,7 @@ TEST_F(SessionManagerOperationTest, SignAndStoreSettings) { base::Bind(&SessionManagerOperationTest::OnOperationCompleted, base::Unretained(this)), policy.Pass()); - op.set_owner_settings_service(service_->as_weak_ptr()); + op.set_delegate(service_->as_weak_ptr()); EXPECT_CALL(*this, OnOperationCompleted( diff --git a/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc b/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc index a31257b61e5f51..06f1ebf3ebba47 100644 --- a/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc +++ b/chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.cc @@ -70,7 +70,7 @@ #include "chrome/browser/policy/cloud/user_cloud_policy_invalidator_factory.h" #include "chrome/browser/policy/schema_registry_service_factory.h" #if defined(OS_CHROMEOS) -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" #include "chrome/browser/chromeos/policy/recommendation_restorer_factory.h" #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h" @@ -221,7 +221,7 @@ EnsureBrowserContextKeyedServiceFactoriesBuilt() { policy::ProfilePolicyConnectorFactory::GetInstance(); #if defined(ENABLE_CONFIGURATION_POLICY) #if defined(OS_CHROMEOS) - chromeos::OwnerSettingsServiceChromeOSFactory::GetInstance(); + chromeos::OwnerSettingsServiceFactory::GetInstance(); policy::PolicyCertServiceFactory::GetInstance(); policy::RecommendationRestorerFactory::GetInstance(); policy::UserCloudPolicyManagerFactoryChromeOS::GetInstance(); diff --git a/chrome/browser/ui/webui/flags_ui.cc b/chrome/browser/ui/webui/flags_ui.cc index 148a9c5195b0da..88dfe1938846c8 100644 --- a/chrome/browser/ui/webui/flags_ui.cc +++ b/chrome/browser/ui/webui/flags_ui.cc @@ -34,8 +34,8 @@ #if defined(OS_CHROMEOS) #include "base/sys_info.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" -#include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service.h" +#include "chrome/browser/chromeos/ownership/owner_settings_service_factory.h" #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chrome/browser/chromeos/settings/owner_flags_storage.h" #include "chromeos/dbus/dbus_thread_manager.h" @@ -292,8 +292,8 @@ FlagsUI::FlagsUI(content::WebUI* web_ui) web_ui->AddMessageHandler(handler); #if defined(OS_CHROMEOS) - chromeos::OwnerSettingsServiceChromeOS* service = - chromeos::OwnerSettingsServiceChromeOSFactory::GetForProfile(profile); + chromeos::OwnerSettingsService* service = + chromeos::OwnerSettingsServiceFactory::GetForProfile(profile); if (service) { service->IsOwnerAsync(base::Bind( &FinishInitialization, weak_factory_.GetWeakPtr(), profile, handler)); diff --git a/chrome/chrome_browser_chromeos.gypi b/chrome/chrome_browser_chromeos.gypi index 9f55b2b7252cc3..e5c29c0e4b50e0 100644 --- a/chrome/chrome_browser_chromeos.gypi +++ b/chrome/chrome_browser_chromeos.gypi @@ -782,10 +782,10 @@ 'browser/chromeos/options/wifi_config_view.h', 'browser/chromeos/options/wimax_config_view.cc', 'browser/chromeos/options/wimax_config_view.h', - 'browser/chromeos/ownership/owner_settings_service_chromeos.cc', - 'browser/chromeos/ownership/owner_settings_service_chromeos.h', - 'browser/chromeos/ownership/owner_settings_service_chromeos_factory.cc', - 'browser/chromeos/ownership/owner_settings_service_chromeos_factory.h', + 'browser/chromeos/ownership/owner_settings_service.cc', + 'browser/chromeos/ownership/owner_settings_service.h', + 'browser/chromeos/ownership/owner_settings_service_factory.cc', + 'browser/chromeos/ownership/owner_settings_service_factory.h', 'browser/chromeos/platform_keys/platform_keys.cc', 'browser/chromeos/platform_keys/platform_keys.h', 'browser/chromeos/platform_keys/platform_keys_nss.cc', diff --git a/components/ownership.gypi b/components/ownership.gypi index 7fc162f0d9ca33..46a7a51093e7e8 100644 --- a/components/ownership.gypi +++ b/components/ownership.gypi @@ -8,16 +8,11 @@ 'type': '<(component)', 'dependencies': [ '<(DEPTH)/base/base.gyp:base', - '<(DEPTH)/components/components.gyp:cloud_policy_proto', - '<(DEPTH)/components/components.gyp:keyed_service_core', '<(DEPTH)/crypto/crypto.gyp:crypto', ], 'defines': [ 'OWNERSHIP_IMPLEMENTATION', ], - 'include_dirs': [ - '<(SHARED_INTERMEDIATE_DIR)', - ], 'sources': [ 'ownership/mock_owner_key_util.cc', 'ownership/mock_owner_key_util.h', @@ -25,8 +20,6 @@ 'ownership/owner_key_util.h', 'ownership/owner_key_util_impl.cc', 'ownership/owner_key_util_impl.h', - 'ownership/owner_settings_service.cc', - 'ownership/owner_settings_service.h', ], }], } diff --git a/components/ownership/BUILD.gn b/components/ownership/BUILD.gn index 5ef09b262dc9b7..067f71fbd93402 100644 --- a/components/ownership/BUILD.gn +++ b/components/ownership/BUILD.gn @@ -10,8 +10,6 @@ component("ownership") { "owner_key_util.h", "owner_key_util_impl.cc", "owner_key_util_impl.h", - "owner_settings_service.cc", - "owner_settings_service.h", ] defines = [ @@ -20,8 +18,6 @@ component("ownership") { deps = [ "//base", - "//components/keyed_service/core", - "//components/policy/proto", "//crypto", ] } diff --git a/components/ownership/DEPS b/components/ownership/DEPS index 719e7d0030b630..bc55362a6a1739 100644 --- a/components/ownership/DEPS +++ b/components/ownership/DEPS @@ -1,5 +1,3 @@ include_rules = [ -"+components/keyed_service", "+crypto", -"+policy", ] diff --git a/components/ownership/owner_settings_service.cc b/components/ownership/owner_settings_service.cc deleted file mode 100644 index 09c88d372dc898..00000000000000 --- a/components/ownership/owner_settings_service.cc +++ /dev/null @@ -1,118 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "components/ownership/owner_settings_service.h" - -#include "base/basictypes.h" -#include "base/bind.h" -#include "base/callback.h" -#include "base/location.h" -#include "base/logging.h" -#include "base/message_loop/message_loop.h" -#include "base/task_runner.h" -#include "base/task_runner_util.h" -#include "components/ownership/owner_key_util.h" -#include "crypto/signature_creator.h" - -namespace em = enterprise_management; - -namespace ownership { - -namespace { - -std::string AssembleAndSignPolicy(scoped_ptr policy, - crypto::RSAPrivateKey* private_key) { - // Assemble the policy. - em::PolicyFetchResponse policy_response; - if (!policy->SerializeToString(policy_response.mutable_policy_data())) { - LOG(ERROR) << "Failed to encode policy payload."; - return std::string(); - } - - // Generate the signature. - scoped_ptr signature_creator( - crypto::SignatureCreator::Create(private_key)); - signature_creator->Update( - reinterpret_cast(policy_response.policy_data().c_str()), - policy_response.policy_data().size()); - std::vector signature_bytes; - std::string policy_blob; - if (!signature_creator->Final(&signature_bytes)) { - LOG(ERROR) << "Failed to create policy signature."; - return std::string(); - } - - policy_response.mutable_policy_data_signature()->assign( - reinterpret_cast(vector_as_array(&signature_bytes)), - signature_bytes.size()); - return policy_response.SerializeAsString(); -} - -} // namepace - -OwnerSettingsService::OwnerSettingsService( - const scoped_refptr& owner_key_util) - : owner_key_util_(owner_key_util), weak_factory_(this) { -} - -OwnerSettingsService::~OwnerSettingsService() { - DCHECK(thread_checker_.CalledOnValidThread()); -} - -bool OwnerSettingsService::IsOwner() { - DCHECK(thread_checker_.CalledOnValidThread()); - return private_key_.get() && private_key_->key(); -} - -void OwnerSettingsService::IsOwnerAsync(const IsOwnerCallback& callback) { - DCHECK(thread_checker_.CalledOnValidThread()); - if (private_key_.get()) { - base::MessageLoop::current()->PostTask(FROM_HERE, - base::Bind(callback, IsOwner())); - } else { - pending_is_owner_callbacks_.push_back(callback); - } -} - -bool OwnerSettingsService::AssembleAndSignPolicyAsync( - base::TaskRunner* task_runner, - scoped_ptr policy, - const AssembleAndSignPolicyAsyncCallback& callback) { - DCHECK(thread_checker_.CalledOnValidThread()); - if (!task_runner || !IsOwner()) - return false; - return base::PostTaskAndReplyWithResult( - task_runner, - FROM_HERE, - base::Bind( - &AssembleAndSignPolicy, base::Passed(&policy), private_key_->key()), - callback); -} - -void OwnerSettingsService::ReloadKeypair() { - ReloadKeypairImpl( - base::Bind(&OwnerSettingsService::OnKeypairLoaded, as_weak_ptr())); -} - -void OwnerSettingsService::OnKeypairLoaded( - const scoped_refptr& public_key, - const scoped_refptr& private_key) { - DCHECK(thread_checker_.CalledOnValidThread()); - - public_key_ = public_key; - private_key_ = private_key; - - const bool is_owner = IsOwner(); - std::vector is_owner_callbacks; - is_owner_callbacks.swap(pending_is_owner_callbacks_); - for (std::vector::iterator it(is_owner_callbacks.begin()); - it != is_owner_callbacks.end(); - ++it) { - it->Run(is_owner); - } - - OnPostKeypairLoadedActions(); -} - -} // namespace ownership diff --git a/components/ownership/owner_settings_service.h b/components/ownership/owner_settings_service.h deleted file mode 100644 index ed4a1b5be90a69..00000000000000 --- a/components/ownership/owner_settings_service.h +++ /dev/null @@ -1,102 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ -#define COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_ - -#include -#include - -#include "base/callback_forward.h" -#include "base/macros.h" -#include "base/memory/ref_counted.h" -#include "base/memory/scoped_ptr.h" -#include "base/memory/weak_ptr.h" -#include "base/threading/thread_checker.h" -#include "components/keyed_service/core/keyed_service.h" -#include "components/ownership/ownership_export.h" -#include "policy/proto/device_management_backend.pb.h" - -namespace base { -class TaskRunner; -} - -namespace ownership { -class OwnerKeyUtil; -class PrivateKey; -class PublicKey; - -// This class is a common interface for platform-specific classes -// which deal with ownership, keypairs and owner-related settings. -class OWNERSHIP_EXPORT OwnerSettingsService : public KeyedService { - public: - typedef base::Callback - AssembleAndSignPolicyAsyncCallback; - - typedef base::Callback IsOwnerCallback; - - explicit OwnerSettingsService( - const scoped_refptr& owner_key_util); - virtual ~OwnerSettingsService(); - - base::WeakPtr as_weak_ptr() { - return weak_factory_.GetWeakPtr(); - } - - // Returns whether current user is owner or not. When this method - // is called too early, incorrect result can be returned because - // private key loading may be in progress. - bool IsOwner(); - - // Determines whether current user is owner or not, responds via - // |callback|. - void IsOwnerAsync(const IsOwnerCallback& callback); - - // Assembles and signs |policy| on the |task_runner|, responds on - // the original thread via |callback|. - bool AssembleAndSignPolicyAsync( - base::TaskRunner* task_runner, - scoped_ptr policy, - const AssembleAndSignPolicyAsyncCallback& callback); - - // Signs |settings| with the private half of the owner key and sends - // the resulting policy blob for storage. The - // result of the operation is reported through |callback|. - virtual void SignAndStorePolicyAsync( - scoped_ptr policy, - const base::Closure& callback) = 0; - - protected: - void ReloadKeypair(); - - void OnKeypairLoaded(const scoped_refptr& public_key, - const scoped_refptr& private_key); - - // Platform-specific keypair loading algorithm. - virtual void ReloadKeypairImpl(const base::Callback< - void(const scoped_refptr& public_key, - const scoped_refptr& private_key)>& callback) = 0; - - // Plafrom-specific actions which should be performed when keypair is loaded. - virtual void OnPostKeypairLoadedActions() = 0; - - scoped_refptr public_key_; - - scoped_refptr private_key_; - - scoped_refptr owner_key_util_; - - std::vector pending_is_owner_callbacks_; - - base::ThreadChecker thread_checker_; - - private: - base::WeakPtrFactory weak_factory_; - - DISALLOW_COPY_AND_ASSIGN(OwnerSettingsService); -}; - -} // namespace ownership - -#endif // COMPONENTS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_