Chromad: Create AuthPolicyCredentialsManager

AuthPolicyCredentialsManager KeyedService service is created for every
Active Directory user profile.
It calls GetUserStatus at the start of service, each hour and on every
network connection.
Tests are coming...

BUG=662400

Review-Url: https://codereview.chromium.org/2860443002
Cr-Commit-Position: refs/heads/master@{#476248}

chrome/app/generated_resources.grd

@@ -9439,6 +9439,15 @@ Tell us what happened exactly before you got the profile error message:
           <message name="IDS_SYNC_RELOGIN_LINK_LABEL" desc="The text to display on in the hyperlink when the user needs to sign out and sign in again to use sync on Chrome OS.">
             Sign out
           </message>
+          <message name="IDS_ACTIVE_DIRECTORY_PASSWORD_EXPIRED" desc="The text to display on the hyperlink when the user needs to sign out and sign in again to change their password.">
+            Your password has expired. Please sign out then sign in again to change it.
+          </message>
+          <message name="IDS_ACTIVE_DIRECTORY_PASSWORD_CHANGED" desc="The text to display on the hyperlink when the user needs to sign out and sign in again to update local password to cryptohome.">
+            Your password has been changed on the server. Please sign out then sign in again.
+          </message>
+          <message name="IDS_ACTIVE_DIRECTORY_REFRESH_AUTH_TOKEN" desc="The text to display on the hyperlink when the user needs to sign out and sign in again to get authentication token.">
+            Failed to get authentication token. Please sign out then sign in again to try again.
+          </message>
         </if>
         <message name="IDS_OPTIONS_CUSTOMIZE_SYNC_BUTTON_LABEL" desc="The text to display on the button to customize which data types the user is syncing.">
           Advanced sync settings...

chrome/browser/chromeos/BUILD.gn

@@ -53,6 +53,7 @@ source_set("chromeos") {
     "//chrome/common/safe_browsing:proto",
     "//chromeos",
     "//chromeos:attestation_proto",
+    "//chromeos:authpolicy_proto",
     "//chromeos:cryptohome_proto",
     "//chromeos:cryptohome_signkey_proto",
     "//chromeos/components/tether",
@@ -356,6 +357,8 @@ source_set("chromeos") {
     "attestation/platform_verification_flow.h",
     "attestation/platform_verification_impl.cc",
     "attestation/platform_verification_impl.h",
+    "authpolicy/auth_policy_credentials_manager.cc",
+    "authpolicy/auth_policy_credentials_manager.h",
     "background/ash_wallpaper_delegate.cc",
     "background/ash_wallpaper_delegate.h",
     "base/file_flusher.cc",

chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_AUTHPOLICY_AUTH_POLICY_CREDENTIALS_MANAGER_H_
+#define CHROME_BROWSER_CHROMEOS_AUTHPOLICY_AUTH_POLICY_CREDENTIALS_MANAGER_H_
+
+#include <set>
+
+#include "base/cancelable_callback.h"
+#include "base/memory/weak_ptr.h"
+#include "chromeos/dbus/authpolicy/active_directory_info.pb.h"
+#include "chromeos/network/network_state_handler_observer.h"
+#include "components/keyed_service/content/browser_context_keyed_service_factory.h"
+#include "components/keyed_service/core/keyed_service.h"
+#include "components/signin/core/account_id/account_id.h"
+#include "third_party/cros_system_api/dbus/service_constants.h"
+
+class Profile;
+
+namespace authpolicy {
+class ActiveDirectoryUserStatus;
+}
+
+namespace base {
+template <typename T>
+struct DefaultSingletonTraits;
+}  // namespace base
+
+// A service responsible for tracking user credential status. Created for each
+// Active Directory user profile.
+class AuthPolicyCredentialsManager
+    : public KeyedService,
+      public chromeos::NetworkStateHandlerObserver {
+ public:
+  explicit AuthPolicyCredentialsManager(Profile* profile);
+  ~AuthPolicyCredentialsManager() override;
+
+  // KeyedService overrides.
+  void Shutdown() override;
+
+  // chromeos::NetworkStateHandlerObserver overrides.
+  void DefaultNetworkChanged(const chromeos::NetworkState* network) override;
+  void NetworkConnectionStateChanged(
+      const chromeos::NetworkState* network) override;
+  void OnShuttingDown() override;
+
+ private:
+  // Calls AuthPolicyClient::GetUserStatus method.
+  void GetUserStatus();
+
+  // See AuthPolicyClient::GetUserStatusCallback.
+  void OnGetUserStatusCallback(
+      authpolicy::ErrorType error,
+      const authpolicy::ActiveDirectoryUserStatus& user_status);
+
+  // Post delayed task to call GetUserStatus in the future.
+  void ScheduleGetUserStatus();
+
+  // Add itself as network observer.
+  void StartObserveNetwork();
+  // Remove itself as network observer.
+  void StopObserveNetwork();
+
+  // Update display and given name in case it has changed.
+  void UpdateDisplayAndGivenName(
+      const authpolicy::ActiveDirectoryAccountInfo& account_info);
+
+  // Shows user notification to sign out/sign in.
+  void ShowNotification(int message_id);
+
+  // Call GetUserStatus if |network_state| is connected and the previous call
+  // failed.
+  void GetUserStatusIfConnected(const chromeos::NetworkState* network_state);
+
+  Profile* const profile_;
+  AccountId account_id_;
+  std::string display_name_;
+  std::string given_name_;
+  bool rerun_get_status_on_error_ = false;
+  bool is_observing_network_ = false;
+
+  // Stores message ids of shown notifications. Each notification is shown at
+  // most once.
+  std::set<int> shown_notifications_;
+  authpolicy::ErrorType last_error_ = authpolicy::ERROR_NONE;
+  base::CancelableClosure scheduled_get_user_status_call_;
+
+  base::WeakPtrFactory<AuthPolicyCredentialsManager> weak_factory_{this};
+  DISALLOW_COPY_AND_ASSIGN(AuthPolicyCredentialsManager);
+};
+
+// Singleton that owns all AuthPolicyCredentialsManagers and associates them
+// with BrowserContexts.
+class AuthPolicyCredentialsManagerFactory
+    : public BrowserContextKeyedServiceFactory {
+ public:
+  static AuthPolicyCredentialsManagerFactory* GetInstance();
+
+  static void BuildForProfileIfActiveDirectory(Profile* profile);
+
+ private:
+  friend struct base::DefaultSingletonTraits<
+      AuthPolicyCredentialsManagerFactory>;
+
+  AuthPolicyCredentialsManagerFactory();
+  ~AuthPolicyCredentialsManagerFactory() override;
+
+  KeyedService* BuildServiceInstanceFor(
+      content::BrowserContext* context) const override;
+
+  DISALLOW_COPY_AND_ASSIGN(AuthPolicyCredentialsManagerFactory);
+};
+
+#endif  // CHROME_BROWSER_CHROMEOS_AUTHPOLICY_AUTH_POLICY_CREDENTIALS_MANAGER_H_

chrome/browser/profiles/profile_impl.cc

@@ -130,6 +130,7 @@
 #include "ui/base/l10n/l10n_util.h"
 
 #if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h"
 #include "chrome/browser/chromeos/locale_change_guard.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
@@ -472,6 +473,7 @@ ProfileImpl::ProfileImpl(
   configuration_policy_provider_ =
       policy::UserPolicyManagerFactoryChromeOS::CreateForProfile(
           this, force_immediate_policy_load, sequenced_task_runner);
+  AuthPolicyCredentialsManagerFactory::BuildForProfileIfActiveDirectory(this);
 #else
   configuration_policy_provider_ =
       policy::UserCloudPolicyManagerFactory::CreateForOriginalBrowserContext(