Packaged license: Detect license on startup

Detect license existence and save it inside EnrollmentConfig for further use in wizard controller and OOBE screens. Test: unittested by these "*AutoEnrollmentClientImplTest*" tests. Bug: 871207 Change-Id: I52c644c80ec3175c3d1efb9ee13e696b9f500b51 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1782175 Commit-Queue: Roman Aleksandrov <raleksandrov@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Denis Kuznetsov <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#699690}

Packaged license: Detect license on startup
Detect license existence and save it inside EnrollmentConfig for further use in wizard controller and OOBE screens. Test: unittested by these "*AutoEnrollmentClientImplTest*" tests. Bug: 871207 Change-Id: I52c644c80ec3175c3d1efb9ee13e696b9f500b51 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1782175 Commit-Queue: Roman Aleksandrov <raleksandrov@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Denis Kuznetsov <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#699690}
85297c28 · Roman Aleksandrov · Commit Bot · 19397af3 · 85297c28 · 85297c28
Commit 85297c28 authored Sep 25, 2019 by Roman Aleksandrov Committed by Commit Bot Sep 25, 2019
6 changed files
--- a/chrome/browser/chromeos/policy/auto_enrollment_client_impl.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client_impl.cc
@@ -143,6 +143,14 @@ class AutoEnrollmentClientImpl::StateDownloadMessageProcessor {
 public:
  virtual ~StateDownloadMessageProcessor() {}

+  // Parsed fields of DeviceManagementResponse.
+  struct ParsedResponse {
+    std::string restore_mode;
+    base::Optional<std::string> management_domain;
+    base::Optional<std::string> disabled_message;
+    base::Optional<bool> is_license_packaged_with_device;
+  };
+
  // Returns the request job type. This must match the request filled in
  // |FillRequest|.
  virtual DeviceManagementService::JobConfiguration::JobType GetJobType()
@@ -152,14 +160,10 @@ class AutoEnrollmentClientImpl::StateDownloadMessageProcessor {
  virtual void FillRequest(
      enterprise_management::DeviceManagementRequest* request) = 0;

-  // Parses the |response|. If it is valid, extracts |restore_mode|,
-  // |management_domain| and |disabled_message| and returns true. Otherwise,
-  // returns false.
-  virtual bool ParseResponse(
-      const enterprise_management::DeviceManagementResponse& response,
-      std::string* restore_mode,
-      base::Optional<std::string>* management_domain,
-      base::Optional<std::string>* disabled_message) = 0;
+  // Parses the |response|. If it is valid, returns a ParsedResponse struct
+  // instance. If it is invalid, returns nullopt.
+  virtual base::Optional<ParsedResponse> ParseResponse(
+      const enterprise_management::DeviceManagementResponse& response) = 0;
 };

 namespace {
@@ -239,31 +243,32 @@ class StateDownloadMessageProcessorFRE
        ->set_server_backed_state_key(server_backed_state_key_);
  }

-  bool ParseResponse(const em::DeviceManagementResponse& response,
-                     std::string* restore_mode,
-                     base::Optional<std::string>* management_domain,
-                     base::Optional<std::string>* disabled_message) override {
+  base::Optional<ParsedResponse> ParseResponse(
+      const em::DeviceManagementResponse& response) override {
+    StateDownloadMessageProcessorFRE::ParsedResponse parsed_response;
    if (!response.has_device_state_retrieval_response()) {
      LOG(ERROR) << "Server failed to provide auto-enrollment response.";
-      return false;
+      return base::nullopt;
    }
    const em::DeviceStateRetrievalResponse& state_response =
        response.device_state_retrieval_response();
-    *restore_mode = ConvertRestoreMode(state_response.restore_mode());
+    parsed_response.restore_mode =
+        ConvertRestoreMode(state_response.restore_mode());
    if (state_response.has_management_domain())
-      *management_domain = state_response.management_domain();
-    else
-      management_domain->reset();
+      parsed_response.management_domain = state_response.management_domain();

-    if (state_response.has_disabled_state())
-      *disabled_message = state_response.disabled_state().message();
-    else
-      disabled_message->reset();
+    if (state_response.has_disabled_state()) {
+      parsed_response.disabled_message =
+          state_response.disabled_state().message();
+    }
+
+    // Package license is not available during the re-enrollment
+    parsed_response.is_license_packaged_with_device.reset();

    // Logging as "WARNING" to make sure it's preserved in the logs.
    LOG(WARNING) << "Received restore_mode=" << state_response.restore_mode();

-    return true;
+    return parsed_response;
  }

 private:
@@ -295,32 +300,34 @@ class StateDownloadMessageProcessorInitialEnrollment
    inner_request->set_serial_number(device_serial_number_);
  }

-  bool ParseResponse(const em::DeviceManagementResponse& response,
-                     std::string* restore_mode,
-                     base::Optional<std::string>* management_domain,
-                     base::Optional<std::string>* disabled_message) override {
+  base::Optional<ParsedResponse> ParseResponse(
+      const em::DeviceManagementResponse& response) override {
+    StateDownloadMessageProcessorFRE::ParsedResponse parsed_response;
    if (!response.has_device_initial_enrollment_state_response()) {
      LOG(ERROR) << "Server failed to provide initial enrollment response.";
-      return false;
+      return base::nullopt;
    }

    const em::DeviceInitialEnrollmentStateResponse& state_response =
        response.device_initial_enrollment_state_response();
    if (state_response.has_initial_enrollment_mode()) {
-      *restore_mode = ConvertInitialEnrollmentMode(
+      parsed_response.restore_mode = ConvertInitialEnrollmentMode(
          state_response.initial_enrollment_mode());
    } else {
      // Unknown initial enrollment mode - treat as no enrollment.
-      *restore_mode = std::string();
+      parsed_response.restore_mode.clear();
    }

    if (state_response.has_management_domain())
-      *management_domain = state_response.management_domain();
-    else
-      management_domain->reset();
+      parsed_response.management_domain = state_response.management_domain();
+
+    if (state_response.has_is_license_packaged_with_device()) {
+      parsed_response.is_license_packaged_with_device =
+          state_response.is_license_packaged_with_device();
+    }

    // Device disabling is not supported in initial forced enrollment.
-    disabled_message->reset();
+    parsed_response.disabled_message.reset();

    // Logging as "WARNING" to make sure it's preserved in the logs.
    LOG(WARNING) << "Received initial_enrollment_mode="
@@ -329,7 +336,7 @@ class StateDownloadMessageProcessorInitialEnrollment
                         ? "Device has a packaged license for management."
                         : "No packaged license.");

-    return true;
+    return parsed_response;
  }

 private:
@@ -728,29 +735,37 @@ bool AutoEnrollmentClientImpl::OnDeviceStateRequestCompletion(
    DeviceManagementStatus status,
    int net_error,
    const em::DeviceManagementResponse& response) {
-  std::string device_state_mode;
-  base::Optional<std::string> management_domain;
-  base::Optional<std::string> disabled_message;
+  base::Optional<StateDownloadMessageProcessorFRE::ParsedResponse>
+      parsed_response_opt;

-  bool progress = state_download_message_processor_->ParseResponse(
-      response, &device_state_mode, &management_domain, &disabled_message);
-  if (!progress)
+  parsed_response_opt =
+      state_download_message_processor_->ParseResponse(response);
+  if (!parsed_response_opt)
    return false;

+  StateDownloadMessageProcessorFRE::ParsedResponse parsed_response =
+      std::move(parsed_response_opt.value());
  {
    DictionaryPrefUpdate dict(local_state_, prefs::kServerBackedDeviceState);
    UpdateDict(dict.Get(), kDeviceStateManagementDomain,
-               management_domain.has_value(),
+               parsed_response.management_domain.has_value(),
               std::make_unique<base::Value>(
-                   management_domain.value_or(std::string())));
+                   parsed_response.management_domain.value_or(std::string())));

-    UpdateDict(dict.Get(), kDeviceStateMode, !device_state_mode.empty(),
-               std::make_unique<base::Value>(device_state_mode));
+    UpdateDict(dict.Get(), kDeviceStateMode,
+               !parsed_response.restore_mode.empty(),
+               std::make_unique<base::Value>(parsed_response.restore_mode));

    UpdateDict(dict.Get(), kDeviceStateDisabledMessage,
-               disabled_message.has_value(),
+               parsed_response.disabled_message.has_value(),
+               std::make_unique<base::Value>(
+                   parsed_response.disabled_message.value_or(std::string())));
+
+    UpdateDict(
+        dict.Get(), kDeviceStatePackagedLicense,
+        parsed_response.is_license_packaged_with_device.has_value(),
        std::make_unique<base::Value>(
-                   disabled_message.value_or(std::string())));
+            parsed_response.is_license_packaged_with_device.value_or(false)));
  }
  local_state_->CommitPendingWrite();
  device_state_available_ = true;

--- a/chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc
--- a/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
@@ -224,10 +224,21 @@ EnrollmentConfig DeviceCloudPolicyInitializer::GetPrescribedEnrollmentConfig()
      local_state_->GetDictionary(prefs::kServerBackedDeviceState);
  std::string device_state_mode;
  std::string device_state_management_domain;
+  base::Optional<bool> is_license_packaged_with_device;
+
  if (device_state) {
    device_state->GetString(kDeviceStateMode, &device_state_mode);
    device_state->GetString(kDeviceStateManagementDomain,
                            &device_state_management_domain);
+    is_license_packaged_with_device =
+        device_state->FindBoolPath(kDeviceStatePackagedLicense);
+  }
+
+  if (is_license_packaged_with_device) {
+    config.is_license_packaged_with_device =
+        is_license_packaged_with_device.value();
+  } else {
+    config.is_license_packaged_with_device = false;
  }

  const bool pref_enrollment_auto_start_present =

--- a/chrome/browser/chromeos/policy/enrollment_config.h
+++ b/chrome/browser/chromeos/policy/enrollment_config.h
@@ -159,6 +159,9 @@ struct EnrollmentConfig {
  // Enrollment token to use for authentication (for USB-enrollment).
  std::string enrollment_token;

+  // Is a license packaged with device or not.
+  bool is_license_packaged_with_device = false;
+
  // The authentication mechanism to use.
  // TODO(drcrash): Change to best available once ZTE is everywhere.
  AuthMechanism auth_mechanism = AUTH_MECHANISM_INTERACTIVE;

--- a/chrome/browser/chromeos/policy/server_backed_device_state.cc
+++ b/chrome/browser/chromeos/policy/server_backed_device_state.cc
@@ -18,6 +18,7 @@ namespace policy {
 const char kDeviceStateManagementDomain[] = "management_domain";
 const char kDeviceStateMode[] = "device_mode";
 const char kDeviceStateDisabledMessage[] = "disabled_message";
+const char kDeviceStatePackagedLicense[] = "packaged_license";

 const char kDeviceStateRestoreModeReEnrollmentRequested[] =
    "re-enrollment-requested";

--- a/chrome/browser/chromeos/policy/server_backed_device_state.h
+++ b/chrome/browser/chromeos/policy/server_backed_device_state.h
@@ -11,6 +11,7 @@ namespace policy {
 extern const char kDeviceStateManagementDomain[];
 extern const char kDeviceStateMode[];
 extern const char kDeviceStateDisabledMessage[];
+extern const char kDeviceStatePackagedLicense[];

 // String constants used to persist the restorative action in the
 // kDeviceStateMode dictionary entry.