SignAndStore method is moved out from DeviceSettingsService to...

SignAndStore method is moved out from DeviceSettingsService to OwnerSettingsService. It's still called by DeviceSettingsService via delegate, but later it will be invoked by OwnerSettingsService::Set().

BUG=230018
TEST=unit_tests:DeviceSettingsService*

Review URL: https://codereview.chromium.org/399613003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284081 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/chromeos/ownership/OWNERS

+ygorshenin@chromium.org

chrome/browser/chromeos/ownership/owner_settings_service.h

@@ -5,8 +5,10 @@
 #ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
 
+#include <deque>
 #include <vector>
 
+#include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
@@ -22,6 +24,8 @@ class Profile;
 
 namespace chromeos {
 
+class SessionManagerOperation;
+
 // This class reloads owner key from profile NSS slots.
 //
 // TODO (ygorshenin@): move write path for device settings here
@@ -43,6 +47,14 @@ class OwnerSettingsService : public DeviceSettingsService::PrivateKeyDelegate,
   virtual bool AssembleAndSignPolicyAsync(
       scoped_ptr<enterprise_management::PolicyData> policy,
       const AssembleAndSignPolicyCallback& callback) OVERRIDE;
+  virtual void SignAndStoreAsync(
+      scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> settings,
+      const base::Closure& callback) OVERRIDE;
+  virtual void SetManagementSettingsAsync(
+      enterprise_management::PolicyData::ManagementMode management_mode,
+      const std::string& request_token,
+      const std::string& device_id,
+      const base::Closure& callback) OVERRIDE;
 
   // NotificationObserver implementation:
   virtual void Observe(int type,
@@ -74,7 +86,24 @@ class OwnerSettingsService : public DeviceSettingsService::PrivateKeyDelegate,
   void ReloadPrivateKey();
 
   // Called when ReloadPrivateKey() completes it's work.
-  void OnPrivateKeyLoaded(scoped_ptr<crypto::RSAPrivateKey> private_key);
+  void OnPrivateKeyLoaded(scoped_refptr<PublicKey> public_key,
+                          scoped_refptr<PrivateKey> private_key);
+
+  // Puts request to perform sign-and-store operation in the queue.
+  void EnqueueSignAndStore(scoped_ptr<enterprise_management::PolicyData> policy,
+                           const base::Closure& callback);
+
+  // Performs next operation in the queue.
+  void StartNextOperation();
+
+  // Called when sign-and-store operation completes it's work.
+  void HandleCompletedOperation(const base::Closure& callback,
+                                SessionManagerOperation* operation,
+                                DeviceSettingsService::Status status);
+
+  // Called when it's not possible to store settings.
+  void HandleError(DeviceSettingsService::Status status,
+                   const base::Closure& callback);
 
   // Returns testing instance of OwnerKeyUtil when it's set, otherwise
   // returns |owner_key_util_|.
@@ -88,6 +117,11 @@ class OwnerSettingsService : public DeviceSettingsService::PrivateKeyDelegate,
   // Profile this service instance belongs to.
   Profile* profile_;
 
+  // User ID this service instance belongs to.
+  std::string user_id_;
+
+  scoped_refptr<PublicKey> public_key_;
+
   scoped_refptr<PrivateKey> private_key_;
 
   scoped_refptr<OwnerKeyUtil> owner_key_util_;
@@ -100,6 +134,10 @@ class OwnerSettingsService : public DeviceSettingsService::PrivateKeyDelegate,
   // Whether TPM token still needs to be initialized.
   bool waiting_for_tpm_token_;
 
+  // The queue of pending sign-and-store operations. The first operation on the
+  // queue is currently active; it gets removed and destroyed once it completes.
+  std::deque<SessionManagerOperation*> pending_operations_;
+
   content::NotificationRegistrar registrar_;
 
   base::ThreadChecker thread_checker_;

chrome/browser/chromeos/settings/device_settings_service.cc

@@ -113,13 +113,10 @@ void DeviceSettingsService::Load() {
 void DeviceSettingsService::SignAndStore(
     scoped_ptr<em::ChromeDeviceSettingsProto> new_settings,
     const base::Closure& callback) {
-  scoped_ptr<em::PolicyData> new_policy = AssemblePolicy(*new_settings);
-  if (!new_policy) {
-    HandleError(STORE_POLICY_ERROR, callback);
-    return;
-  }
-
-  EnqueueSignAndStore(new_policy.Pass(), callback);
+  if (!delegate_)
+    HandleError(STORE_KEY_UNAVAILABLE, callback);
+  else
+    delegate_->SignAndStoreAsync(new_settings.Pass(), callback);
 }
 
 void DeviceSettingsService::SetManagementSettings(
@@ -127,24 +124,12 @@ void DeviceSettingsService::SetManagementSettings(
     const std::string& request_token,
     const std::string& device_id,
     const base::Closure& callback) {
-  if (!CheckManagementModeTransition(management_mode)) {
-    LOG(ERROR) << "Invalid management mode transition: current mode = "
-               << GetManagementMode() << ", new mode = " << management_mode;
-    HandleError(STORE_POLICY_ERROR, callback);
-    return;
-  }
-
-  scoped_ptr<em::PolicyData> policy = AssemblePolicy(*device_settings_);
-  if (!policy) {
-    HandleError(STORE_POLICY_ERROR, callback);
-    return;
+  if (!delegate_) {
+    HandleError(STORE_KEY_UNAVAILABLE, callback);
+  } else {
+    delegate_->SetManagementSettingsAsync(
+        management_mode, request_token, device_id, callback);
   }
-
-  policy->set_management_mode(management_mode);
-  policy->set_request_token(request_token);
-  policy->set_device_id(device_id);
-
-  EnqueueSignAndStore(policy.Pass(), callback);
 }
 
 void DeviceSettingsService::Store(scoped_ptr<em::PolicyFetchResponse> policy,
@@ -244,18 +229,6 @@ void DeviceSettingsService::EnqueueLoad(bool force_key_load) {
   Enqueue(operation);
 }
 
-void DeviceSettingsService::EnqueueSignAndStore(
-    scoped_ptr<em::PolicyData> policy,
-    const base::Closure& callback) {
-  SignAndStoreSettingsOperation* operation = new SignAndStoreSettingsOperation(
-      base::Bind(&DeviceSettingsService::HandleCompletedOperation,
-                 weak_factory_.GetWeakPtr(),
-                 callback),
-      policy.Pass());
-  operation->set_delegate(delegate_);
-  Enqueue(operation);
-}
-
 void DeviceSettingsService::EnsureReload(bool force_key_load) {
   if (!pending_operations_.empty()) {
     pending_operations_.front()->set_username(username_);
@@ -365,63 +338,9 @@ void DeviceSettingsService::HandleError(Status status,
     callback.Run();
 }
 
-scoped_ptr<em::PolicyData> DeviceSettingsService::AssemblePolicy(
-    const em::ChromeDeviceSettingsProto& settings) const {
-  scoped_ptr<em::PolicyData> policy(new em::PolicyData());
-  if (policy_data_) {
-    // Preserve management settings.
-    if (policy_data_->has_management_mode())
-      policy->set_management_mode(policy_data_->management_mode());
-    if (policy_data_->has_request_token())
-      policy->set_request_token(policy_data_->request_token());
-    if (policy_data_->has_device_id())
-      policy->set_device_id(policy_data_->device_id());
-  } else {
-    // If there's no previous policy data, this is the first time the device
-    // setting is set. We set the management mode to NOT_MANAGED initially.
-    policy->set_management_mode(em::PolicyData::NOT_MANAGED);
-  }
-  policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType);
-  policy->set_timestamp((base::Time::Now() - base::Time::UnixEpoch()).
-                        InMilliseconds());
-  policy->set_username(username_);
-  if (!settings.SerializeToString(policy->mutable_policy_value()))
-    return scoped_ptr<em::PolicyData>();
-
-  return policy.Pass();
-}
-
-em::PolicyData::ManagementMode DeviceSettingsService::GetManagementMode()
-    const {
-  if (policy_data_ && policy_data_->has_management_mode())
-    return policy_data_->management_mode();
-  return em::PolicyData::NOT_MANAGED;
-}
-
-bool DeviceSettingsService::CheckManagementModeTransition(
-    em::PolicyData::ManagementMode new_mode) const {
-  em::PolicyData::ManagementMode current_mode = GetManagementMode();
-
-  // Mode is not changed.
-  if (current_mode == new_mode)
-    return true;
-
-  switch (current_mode) {
-    case em::PolicyData::NOT_MANAGED:
-      // For consumer management enrollment.
-      return new_mode == em::PolicyData::CONSUMER_MANAGED;
-
-    case em::PolicyData::ENTERPRISE_MANAGED:
-      // Management mode cannot be set when it is currently ENTERPRISE_MANAGED.
-      return false;
-
-    case em::PolicyData::CONSUMER_MANAGED:
-      // For consumer management unenrollment.
-      return new_mode == em::PolicyData::NOT_MANAGED;
-  }
-
-  NOTREACHED();
-  return false;
+void DeviceSettingsService::OnSignAndStoreOperationCompleted(Status status) {
+  store_status_ = status;
+  FOR_EACH_OBSERVER(Observer, observers_, DeviceSettingsUpdated());
 }
 
 ScopedTestDeviceSettingsService::ScopedTestDeviceSettingsService() {

chrome/browser/chromeos/settings/device_settings_service.h

@@ -15,6 +15,7 @@
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/observer_list.h"
+#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
 #include "crypto/scoped_nss_types.h"
@@ -24,10 +25,6 @@ namespace crypto {
 class RSAPrivateKey;
 }
 
-namespace enterprise_management {
-class ChromeDeviceSettingsProto;
-}
-
 namespace chromeos {
 
 class OwnerKeyUtil;
@@ -103,6 +100,25 @@ class DeviceSettingsService : public SessionManagerClient::Observer {
     virtual bool AssembleAndSignPolicyAsync(
         scoped_ptr<enterprise_management::PolicyData> policy,
         const AssembleAndSignPolicyCallback& callback) = 0;
+
+    // Signs |settings| with the private half of the owner key and sends
+    // the resulting policy blob to session manager for storage. The
+    // result of the operation is reported through |callback|. If
+    // successful, the updated device settings are present in
+    // policy_data() and device_settings() when the callback runs.
+    virtual void SignAndStoreAsync(
+        scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> settings,
+        const base::Closure& callback) = 0;
+
+    // Sets the management related settings in PolicyData. Note that if
+    // |management_mode| is NOT_MANAGED, |request_token| and |device_id|
+    // should be empty strings. The result of the operation is reported
+    // through |callback|.
+    virtual void SetManagementSettingsAsync(
+        enterprise_management::PolicyData::ManagementMode management_mode,
+        const std::string& request_token,
+        const std::string& device_id,
+        const base::Closure& callback) = 0;
   };
 
   // Manage singleton instance.
@@ -124,6 +140,10 @@ class DeviceSettingsService : public SessionManagerClient::Observer {
   // and stops any pending operations.
   void UnsetSessionManager();
 
+  SessionManagerClient* session_manager_client() const {
+    return session_manager_client_;
+  }
+
   // Returns the currently active device settings. Returns NULL if the device
   // settings have not been retrieved from session_manager yet.
   const enterprise_management::PolicyData* policy_data() {
@@ -155,9 +175,7 @@ class DeviceSettingsService : public SessionManagerClient::Observer {
       scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> new_settings,
       const base::Closure& callback);
 
-  // Sets the management related settings in PolicyData. Note that if
-  // |management_mode| is NOT_MANAGED, |request_token| and |device_id| should be
-  // empty strings.
+  // Sets the management related settings in PolicyData.
   void SetManagementSettings(
       enterprise_management::PolicyData::ManagementMode management_mode,
       const std::string& request_token,
@@ -197,6 +215,8 @@ class DeviceSettingsService : public SessionManagerClient::Observer {
   virtual void PropertyChangeComplete(bool success) OVERRIDE;
 
  private:
+  friend class OwnerSettingsService;
+
   // Enqueues a new operation. Takes ownership of |operation| and starts it
   // right away if there is no active operation currently.
   void Enqueue(SessionManagerOperation* operation);
@@ -204,9 +224,6 @@ class DeviceSettingsService : public SessionManagerClient::Observer {
   // Enqueues a load operation.
   void EnqueueLoad(bool force_key_load);
 
-  void EnqueueSignAndStore(scoped_ptr<enterprise_management::PolicyData> policy,
-                           const base::Closure& callback);
-
   // Makes sure there's a reload operation so changes to the settings (and key,
   // in case force_key_load is set) are getting picked up.
   void EnsureReload(bool force_key_load);
@@ -223,18 +240,18 @@ class DeviceSettingsService : public SessionManagerClient::Observer {
   // Updates status and invokes the callback immediately.
   void HandleError(Status status, const base::Closure& callback);
 
-  // Assembles PolicyData based on |settings| and the current |policy_data_|
-  // and |username_|.
-  scoped_ptr<enterprise_management::PolicyData> AssemblePolicy(
-      const enterprise_management::ChromeDeviceSettingsProto& settings) const;
+  // Called by OwnerSettingsService when sign-and-store operation completes.
+  void OnSignAndStoreOperationCompleted(Status status);
 
-  // Returns the current management mode.
-  enterprise_management::PolicyData::ManagementMode GetManagementMode() const;
+  void set_policy_data(
+      scoped_ptr<enterprise_management::PolicyData> policy_data) {
+    policy_data_ = policy_data.Pass();
+  }
 
-  // Returns true if it is okay to transfer from the current mode to the new
-  // mode. This function should be called in SetManagementMode().
-  bool CheckManagementModeTransition(
-      enterprise_management::PolicyData::ManagementMode new_mode) const;
+  void set_device_settings(scoped_ptr<
+      enterprise_management::ChromeDeviceSettingsProto> device_settings) {
+    device_settings_ = device_settings.Pass();
+  }
 
   SessionManagerClient* session_manager_client_;
   scoped_refptr<OwnerKeyUtil> owner_key_util_;