chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_

 #include <map>
 #include <memory>
 #include <string>

 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"

 class GoogleServiceAuthError;

 namespace policy {
 struct EnrollmentConfig;
 class EnrollmentStatus;
 }  // namespace policy

 namespace chromeos {

 // Maps a license type to number of available licenses.
 using EnrollmentLicenseMap = std::map<policy::LicenseType, int>;

 class ActiveDirectoryJoinDelegate;

 // This class is capable to enroll the device into enterprise domain, using
 // either a profile containing authentication data or OAuth token.
 // It can also clear an authentication data from the profile and revoke tokens
 // that are not longer needed.
 class EnterpriseEnrollmentHelper {
  public:
   using EnrollmentCallback =
       policy::DeviceCloudPolicyInitializer::EnrollmentCallback;

   // Enumeration of the possible errors that can occur during enrollment which
   // are not covered by GoogleServiceAuthError or EnrollmentStatus.
   enum OtherError {
     // Existing enrollment domain doesn't match authentication user.
     OTHER_ERROR_DOMAIN_MISMATCH,
     // Unexpected error condition, indicates a bug in the code.
     OTHER_ERROR_FATAL
   };

   class EnrollmentStatusConsumer {
    public:
     virtual ~EnrollmentStatusConsumer() = default;

     // Called when an error happens on attempt to receive authentication tokens.
     virtual void OnAuthError(const GoogleServiceAuthError& error) = 0;

     // Called when there are multiple license types available for enrollment,
     // and admin allowed user to choose license type to assign.
     // Enrollment is paused, and will resume once UseLicenseType() is called.
     virtual void OnMultipleLicensesAvailable(
         const EnrollmentLicenseMap& licenses) = 0;

     // Called when an error happens during enrollment.
     virtual void OnEnrollmentError(policy::EnrollmentStatus status) = 0;

     // Called when some other error happens.
     virtual void OnOtherError(OtherError error) = 0;

     // Called when enrollment finishes successfully.
     virtual void OnDeviceEnrolled() = 0;

     // Called when device attribute update permission granted,
     // |granted| indicates whether permission granted or not.
     virtual void OnDeviceAttributeUpdatePermission(bool granted) = 0;

     // Called when device attribute upload finishes. |success| indicates
     // whether it is successful or not.
     virtual void OnDeviceAttributeUploadCompleted(bool success) = 0;

     // Called when steps required to fully restore enrollment steps after
     // version rollback are completed.
     virtual void OnRestoreAfterRollbackCompleted() = 0;
   };

   // Factory method. Caller takes ownership of the returned object.
   static std::unique_ptr<EnterpriseEnrollmentHelper> Create(
       EnrollmentStatusConsumer* status_consumer,
       ActiveDirectoryJoinDelegate* ad_join_delegate,
       const policy::EnrollmentConfig& enrollment_config,
       const std::string& enrolling_user_domain);

   using CreateMockEnrollmentHelper =
       EnterpriseEnrollmentHelper* (*)(EnrollmentStatusConsumer* status_consumer,
                                       const policy::EnrollmentConfig&
                                           enrollment_config,
                                       const std::string& enrolling_user_domain);

   // Use |creator| instead of the default enrollment helper allocator. This
   // allows tests to substitute in a mock enrollment helper. This function will
   // only be used once.
   static void SetupEnrollmentHelperMock(CreateMockEnrollmentHelper creator);

   virtual ~EnterpriseEnrollmentHelper();

   // Starts enterprise enrollment using |auth_code|. First tries to exchange the
   // auth code to authentication token, then tries to enroll the device with the
   // received token.
   // If |fetch_additional_token| is true, the helper fetches an additional token
   // and passes it to the |status_consumer| on successful enrollment.
   // EnrollUsingAuthCode can be called only once during this object's lifetime,
   // and only if none of the EnrollUsing* methods was called before.
   // TODO (alemate): Remove unused |fetch_additional_token| parameter.
   virtual void EnrollUsingAuthCode(const std::string& auth_code,
                                    bool fetch_additional_token) = 0;

   // Starts enterprise enrollment using |token|.
   // This flow is used when enrollment is controlled by the paired device.
   // EnrollUsingToken can be called only once during this object's lifetime, and
   // only if none of the EnrollUsing* was called before.
   virtual void EnrollUsingToken(const std::string& token) = 0;

   // Starts enterprise enrollment using enrollment |token| for authentication.
   // This flow is used in OOBE configuration flow.
   // EnrollUsingWorkflowToken can be called only once during this object's
   // lifetime, and only if none of the EnrollUsing* was called before.
   virtual void EnrollUsingEnrollmentToken(const std::string& token) = 0;

   // Starts enterprise enrollment using PCA attestation.
   // EnrollUsingAttestation can be called only once during the object's
   // lifetime, and only if none of the EnrollUsing* was called before.
   virtual void EnrollUsingAttestation() = 0;

   // Starts enterprise enrollment for offline demo-mode.
   // EnrollForOfflineDemo is used offline, no network connections. Thus it goes
   // into enrollment without authentication -- and applies policies which are
   // stored locally.
   virtual void EnrollForOfflineDemo() = 0;

   // When chrome version is rolled back on the device via policy, the enrollment
   // information is persisted (install attributes, DM token), but some steps
   // should still be taken (e.g. create robot accounts on the device) as the
   // stateful partition is reset.
   virtual void RestoreAfterRollback() = 0;

   // Continue enrollment using license |type|.
   virtual void UseLicenseType(policy::LicenseType type) = 0;

   // Starts device attribute update process. First tries to get
   // permission to update device attributes for current user
   // using stored during enrollment oauth token.
   virtual void GetDeviceAttributeUpdatePermission() = 0;

   // Uploads device attributes on DM server. |asset_id| - Asset Identifier
   // and |location| - Assigned Location, these attributes were typed by
   // current user on the device attribute prompt screen after successful
   // enrollment.
   virtual void UpdateDeviceAttributes(const std::string& asset_id,
                                       const std::string& location) = 0;

   // Clears authentication data from the profile (if EnrollUsingProfile was
   // used) and revokes fetched tokens.
   // Does not revoke the additional token if enrollment finished successfully.
   // Calls |callback| on completion.
   virtual void ClearAuth(const base::Closure& callback) = 0;

  protected:
   // |status_consumer| must outlive |this|. Moreover, the user of this class
   // is responsible for clearing auth data in some cases (see comment for
   // EnrollUsingProfile()).
   explicit EnterpriseEnrollmentHelper(
       EnrollmentStatusConsumer* status_consumer);

   EnrollmentStatusConsumer* status_consumer() { return status_consumer_; }

  private:
   EnrollmentStatusConsumer* status_consumer_;

   // If this is not nullptr, then it will be used to create the enrollment
   // helper. |create_mock_enrollment_helper_| needs to outlive this class.
   static CreateMockEnrollmentHelper create_mock_enrollment_helper_;

   DISALLOW_COPY_AND_ASSIGN(EnterpriseEnrollmentHelper);
 };

 }  // namespace chromeos

 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
	#define CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_

	#include <map>
	#include <memory>
	#include <string>

	#include "base/callback_forward.h"
	#include "base/macros.h"
	#include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
	#include "components/policy/core/common/cloud/cloud_policy_constants.h"

	class GoogleServiceAuthError;

	namespace policy {
	struct EnrollmentConfig;
	class EnrollmentStatus;
	} // namespace policy

	namespace chromeos {

	// Maps a license type to number of available licenses.
	using EnrollmentLicenseMap = std::map<policy::LicenseType, int>;

	class ActiveDirectoryJoinDelegate;

	// This class is capable to enroll the device into enterprise domain, using
	// either a profile containing authentication data or OAuth token.
	// It can also clear an authentication data from the profile and revoke tokens
	// that are not longer needed.
	class EnterpriseEnrollmentHelper {
	public:
	using EnrollmentCallback =
	policy::DeviceCloudPolicyInitializer::EnrollmentCallback;

	// Enumeration of the possible errors that can occur during enrollment which
	// are not covered by GoogleServiceAuthError or EnrollmentStatus.
	enum OtherError {
	// Existing enrollment domain doesn't match authentication user.
	OTHER_ERROR_DOMAIN_MISMATCH,
	// Unexpected error condition, indicates a bug in the code.
	OTHER_ERROR_FATAL
	};

	class EnrollmentStatusConsumer {
	public:
	virtual ~EnrollmentStatusConsumer() = default;

	// Called when an error happens on attempt to receive authentication tokens.
	virtual void OnAuthError(const GoogleServiceAuthError& error) = 0;

	// Called when there are multiple license types available for enrollment,
	// and admin allowed user to choose license type to assign.
	// Enrollment is paused, and will resume once UseLicenseType() is called.
	virtual void OnMultipleLicensesAvailable(
	const EnrollmentLicenseMap& licenses) = 0;

	// Called when an error happens during enrollment.
	virtual void OnEnrollmentError(policy::EnrollmentStatus status) = 0;

	// Called when some other error happens.
	virtual void OnOtherError(OtherError error) = 0;

	// Called when enrollment finishes successfully.
	virtual void OnDeviceEnrolled() = 0;

	// Called when device attribute update permission granted,
	// \|granted\| indicates whether permission granted or not.
	virtual void OnDeviceAttributeUpdatePermission(bool granted) = 0;

	// Called when device attribute upload finishes. \|success\| indicates
	// whether it is successful or not.
	virtual void OnDeviceAttributeUploadCompleted(bool success) = 0;

	// Called when steps required to fully restore enrollment steps after
	// version rollback are completed.
	virtual void OnRestoreAfterRollbackCompleted() = 0;
	};

	// Factory method. Caller takes ownership of the returned object.
	static std::unique_ptr<EnterpriseEnrollmentHelper> Create(
	EnrollmentStatusConsumer* status_consumer,
	ActiveDirectoryJoinDelegate* ad_join_delegate,
	const policy::EnrollmentConfig& enrollment_config,
	const std::string& enrolling_user_domain);

	using CreateMockEnrollmentHelper =
	EnterpriseEnrollmentHelper* ()(EnrollmentStatusConsumer status_consumer,
	const policy::EnrollmentConfig&
	enrollment_config,
	const std::string& enrolling_user_domain);

	// Use \|creator\| instead of the default enrollment helper allocator. This
	// allows tests to substitute in a mock enrollment helper. This function will
	// only be used once.
	static void SetupEnrollmentHelperMock(CreateMockEnrollmentHelper creator);

	virtual ~EnterpriseEnrollmentHelper();

	// Starts enterprise enrollment using \|auth_code\|. First tries to exchange the
	// auth code to authentication token, then tries to enroll the device with the
	// received token.
	// If \|fetch_additional_token\| is true, the helper fetches an additional token
	// and passes it to the \|status_consumer\| on successful enrollment.
	// EnrollUsingAuthCode can be called only once during this object's lifetime,
	// and only if none of the EnrollUsing* methods was called before.
	// TODO (alemate): Remove unused \|fetch_additional_token\| parameter.
	virtual void EnrollUsingAuthCode(const std::string& auth_code,
	bool fetch_additional_token) = 0;

	// Starts enterprise enrollment using \|token\|.
	// This flow is used when enrollment is controlled by the paired device.
	// EnrollUsingToken can be called only once during this object's lifetime, and
	// only if none of the EnrollUsing* was called before.
	virtual void EnrollUsingToken(const std::string& token) = 0;

	// Starts enterprise enrollment using enrollment \|token\| for authentication.
	// This flow is used in OOBE configuration flow.
	// EnrollUsingWorkflowToken can be called only once during this object's
	// lifetime, and only if none of the EnrollUsing* was called before.
	virtual void EnrollUsingEnrollmentToken(const std::string& token) = 0;

	// Starts enterprise enrollment using PCA attestation.
	// EnrollUsingAttestation can be called only once during the object's
	// lifetime, and only if none of the EnrollUsing* was called before.
	virtual void EnrollUsingAttestation() = 0;

	// Starts enterprise enrollment for offline demo-mode.
	// EnrollForOfflineDemo is used offline, no network connections. Thus it goes
	// into enrollment without authentication -- and applies policies which are
	// stored locally.
	virtual void EnrollForOfflineDemo() = 0;

	// When chrome version is rolled back on the device via policy, the enrollment
	// information is persisted (install attributes, DM token), but some steps
	// should still be taken (e.g. create robot accounts on the device) as the
	// stateful partition is reset.
	virtual void RestoreAfterRollback() = 0;

	// Continue enrollment using license \|type\|.
	virtual void UseLicenseType(policy::LicenseType type) = 0;

	// Starts device attribute update process. First tries to get
	// permission to update device attributes for current user
	// using stored during enrollment oauth token.
	virtual void GetDeviceAttributeUpdatePermission() = 0;

	// Uploads device attributes on DM server. \|asset_id\| - Asset Identifier
	// and \|location\| - Assigned Location, these attributes were typed by
	// current user on the device attribute prompt screen after successful
	// enrollment.
	virtual void UpdateDeviceAttributes(const std::string& asset_id,
	const std::string& location) = 0;

	// Clears authentication data from the profile (if EnrollUsingProfile was
	// used) and revokes fetched tokens.
	// Does not revoke the additional token if enrollment finished successfully.
	// Calls \|callback\| on completion.
	virtual void ClearAuth(const base::Closure& callback) = 0;

	protected:
	// \|status_consumer\| must outlive \|this\|. Moreover, the user of this class
	// is responsible for clearing auth data in some cases (see comment for
	// EnrollUsingProfile()).
	explicit EnterpriseEnrollmentHelper(
	EnrollmentStatusConsumer* status_consumer);

	EnrollmentStatusConsumer* status_consumer() { return status_consumer_; }

	private:
	EnrollmentStatusConsumer* status_consumer_;

	// If this is not nullptr, then it will be used to create the enrollment
	// helper. \|create_mock_enrollment_helper_\| needs to outlive this class.
	static CreateMockEnrollmentHelper create_mock_enrollment_helper_;

	DISALLOW_COPY_AND_ASSIGN(EnterpriseEnrollmentHelper);
	};

	} // namespace chromeos

	#endif // CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_