chrome/browser/chromeos/cert_provisioning/cert_provisioning_scheduler.h - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_SCHEDULER_H_
 #define CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_SCHEDULER_H_

 #include <map>
 #include <set>

 #include "base/memory/weak_ptr.h"
 #include "base/sequence_checker.h"
 #include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.h"
 #include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_invalidator.h"
 #include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_platform_keys_helpers.h"
 #include "chromeos/network/network_state_handler_observer.h"
 #include "components/prefs/pref_change_registrar.h"

 class Profile;
 class PrefService;

 namespace policy {
 class CloudPolicyClient;
 }

 namespace chromeos {

 class NetworkStateHandler;

 namespace platform_keys {
 class PlatformKeysService;
 }  // namespace platform_keys

 namespace cert_provisioning {

 class CertProvisioningWorker;

 using WorkerMap =
     std::map<CertProfileId, std::unique_ptr<CertProvisioningWorker>>;

 struct FailedWorkerInfo {
   CertProvisioningWorkerState state = CertProvisioningWorkerState::kInitState;
   std::string public_key;
 };

 // This class is a part of certificate provisioning feature. It tracks updates
 // of |RequiredClientCertificateForUser|, |RequiredClientCertificateForDevice|
 // policies and creates one CertProvisioningWorker for every policy entry.
 // Should work on the UI thread because it interacts with PlatformKeysService
 // and some methods are called from the UI to populate certificate manager
 // settings page.
 class CertProvisioningScheduler : public NetworkStateHandlerObserver {
  public:
   static std::unique_ptr<CertProvisioningScheduler>
   CreateUserCertProvisioningScheduler(Profile* profile);
   static std::unique_ptr<CertProvisioningScheduler>
   CreateDeviceCertProvisioningScheduler(
       policy::AffiliatedInvalidationServiceProvider*
           invalidation_service_provider);

   CertProvisioningScheduler(
       CertScope cert_scope,
       Profile* profile,
       PrefService* pref_service,
       const char* pref_name,
       policy::CloudPolicyClient* cloud_policy_client,
       NetworkStateHandler* network_state_handler,
       std::unique_ptr<CertProvisioningInvalidatorFactory> invalidator_factory);
   ~CertProvisioningScheduler() override;

   CertProvisioningScheduler(const CertProvisioningScheduler&) = delete;
   CertProvisioningScheduler& operator=(const CertProvisioningScheduler&) =
       delete;
   // Intended to be called when a user press a button in certificate manager UI.
   // Retries provisioning of a specific certificate.
   void UpdateOneCert(const std::string& cert_profile_id);
   void UpdateCerts();
   void OnProfileFinished(const CertProfile& profile,
                          CertProvisioningWorkerState state);

   const WorkerMap& GetWorkers() const;
   const std::map<std::string, FailedWorkerInfo>& GetFailedCertProfileIds()
       const;

  private:
   void ScheduleInitialUpdate();
   void ScheduleDailyUpdate();
   // Posts delayed task to call ProcessProfile.
   void ScheduleRetry(const CertProfile& profile);

   void InitialUpdateCerts();
   void DeleteCertsWithoutPolicy();
   void OnDeleteCertsWithoutPolicyDone(const std::string& error_message);
   void CancelWorkersWithoutPolicy(const std::vector<CertProfile>& profiles);
   void CleanVaKeysIfIdle();
   void OnCleanVaKeysIfIdleDone(base::Optional<bool> delete_result);
   void RegisterForPrefsChanges();

   void OnPrefsChange();
   void DailyUpdateCerts();
   void DeserializeWorkers();

   void OnGetCertsWithIdsDone(
       std::map<std::string, scoped_refptr<net::X509Certificate>>
           existing_certs_with_ids,
       const std::string& error_message);

   // Creates a new worker for |profile| if there is no at the moment.
   // Recreates a worker if existing one has a different version of the profile.
   // Continues an existing worker if it is in a waiting state.
   void ProcessProfile(const CertProfile& profile);

   base::Optional<CertProfile> GetOneCertProfile(
       const std::string& cert_profile_id);
   std::vector<CertProfile> GetCertProfiles();

   void CreateCertProvisioningWorker(CertProfile profile);
   CertProvisioningWorker* FindWorker(CertProfileId profile_id);

   bool CheckInternetConnection();
   void OnNetworkChange(const NetworkState* network);
   // NetworkStateHandlerObserver
   void DefaultNetworkChanged(const NetworkState* network) override;
   void NetworkConnectionStateChanged(const NetworkState* network) override;

   void UpdateFailedCertProfiles(const CertProvisioningWorker& worker);

   CertScope cert_scope_ = CertScope::kUser;
   Profile* profile_ = nullptr;
   PrefService* pref_service_ = nullptr;
   const char* pref_name_ = nullptr;
   policy::CloudPolicyClient* cloud_policy_client_ = nullptr;
   NetworkStateHandler* network_state_handler_ = nullptr;
   platform_keys::PlatformKeysService* platform_keys_service_ = nullptr;
   PrefChangeRegistrar pref_change_registrar_;
   WorkerMap workers_;
   // Collection of cert profile ids that failed recently. They will not be
   // retried until next |DailyUpdateCerts|. FailedWorkerInfo contains some extra
   // information about the failure. Profiles that failed with
   // kInconsistentDataError will not be stored into this collection.
   std::map<std::string /*cert_profile_id*/, FailedWorkerInfo>
       failed_cert_profiles_;
   // Equals true if the last attempt to update certificates failed because there
   // was no internet connection.
   bool is_waiting_for_online_ = false;

   std::unique_ptr<CertProvisioningCertsWithIdsGetter> certs_with_ids_getter_;
   std::unique_ptr<CertProvisioningCertDeleter> cert_deleter_;
   std::unique_ptr<CertProvisioningInvalidatorFactory> invalidator_factory_;

   base::WeakPtrFactory<CertProvisioningScheduler> weak_factory_{this};
 };

 }  // namespace cert_provisioning
 }  // namespace chromeos

 #endif  // CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_SCHEDULER_H_
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_SCHEDULER_H_
	#define CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_SCHEDULER_H_

	#include <map>
	#include <set>

	#include "base/memory/weak_ptr.h"
	#include "base/sequence_checker.h"
	#include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_common.h"
	#include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_invalidator.h"
	#include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_platform_keys_helpers.h"
	#include "chromeos/network/network_state_handler_observer.h"
	#include "components/prefs/pref_change_registrar.h"

	class Profile;
	class PrefService;

	namespace policy {
	class CloudPolicyClient;
	}

	namespace chromeos {

	class NetworkStateHandler;

	namespace platform_keys {
	class PlatformKeysService;
	} // namespace platform_keys

	namespace cert_provisioning {

	class CertProvisioningWorker;

	using WorkerMap =
	std::map<CertProfileId, std::unique_ptr<CertProvisioningWorker>>;

	struct FailedWorkerInfo {
	CertProvisioningWorkerState state = CertProvisioningWorkerState::kInitState;
	std::string public_key;
	};

	// This class is a part of certificate provisioning feature. It tracks updates
	// of \|RequiredClientCertificateForUser\|, \|RequiredClientCertificateForDevice\|
	// policies and creates one CertProvisioningWorker for every policy entry.
	// Should work on the UI thread because it interacts with PlatformKeysService
	// and some methods are called from the UI to populate certificate manager
	// settings page.
	class CertProvisioningScheduler : public NetworkStateHandlerObserver {
	public:
	static std::unique_ptr<CertProvisioningScheduler>
	CreateUserCertProvisioningScheduler(Profile* profile);
	static std::unique_ptr<CertProvisioningScheduler>
	CreateDeviceCertProvisioningScheduler(
	policy::AffiliatedInvalidationServiceProvider*
	invalidation_service_provider);

	CertProvisioningScheduler(
	CertScope cert_scope,
	Profile* profile,
	PrefService* pref_service,
	const char* pref_name,
	policy::CloudPolicyClient* cloud_policy_client,
	NetworkStateHandler* network_state_handler,
	std::unique_ptr<CertProvisioningInvalidatorFactory> invalidator_factory);
	~CertProvisioningScheduler() override;

	CertProvisioningScheduler(const CertProvisioningScheduler&) = delete;
	CertProvisioningScheduler& operator=(const CertProvisioningScheduler&) =
	delete;
	// Intended to be called when a user press a button in certificate manager UI.
	// Retries provisioning of a specific certificate.
	void UpdateOneCert(const std::string& cert_profile_id);
	void UpdateCerts();
	void OnProfileFinished(const CertProfile& profile,
	CertProvisioningWorkerState state);

	const WorkerMap& GetWorkers() const;
	const std::map<std::string, FailedWorkerInfo>& GetFailedCertProfileIds()
	const;

	private:
	void ScheduleInitialUpdate();
	void ScheduleDailyUpdate();
	// Posts delayed task to call ProcessProfile.
	void ScheduleRetry(const CertProfile& profile);

	void InitialUpdateCerts();
	void DeleteCertsWithoutPolicy();
	void OnDeleteCertsWithoutPolicyDone(const std::string& error_message);
	void CancelWorkersWithoutPolicy(const std::vector<CertProfile>& profiles);
	void CleanVaKeysIfIdle();
	void OnCleanVaKeysIfIdleDone(base::Optional<bool> delete_result);
	void RegisterForPrefsChanges();

	void OnPrefsChange();
	void DailyUpdateCerts();
	void DeserializeWorkers();

	void OnGetCertsWithIdsDone(
	std::map<std::string, scoped_refptr<net::X509Certificate>>
	existing_certs_with_ids,
	const std::string& error_message);

	// Creates a new worker for \|profile\| if there is no at the moment.
	// Recreates a worker if existing one has a different version of the profile.
	// Continues an existing worker if it is in a waiting state.
	void ProcessProfile(const CertProfile& profile);

	base::Optional<CertProfile> GetOneCertProfile(
	const std::string& cert_profile_id);
	std::vector<CertProfile> GetCertProfiles();

	void CreateCertProvisioningWorker(CertProfile profile);
	CertProvisioningWorker* FindWorker(CertProfileId profile_id);

	bool CheckInternetConnection();
	void OnNetworkChange(const NetworkState* network);
	// NetworkStateHandlerObserver
	void DefaultNetworkChanged(const NetworkState* network) override;
	void NetworkConnectionStateChanged(const NetworkState* network) override;

	void UpdateFailedCertProfiles(const CertProvisioningWorker& worker);

	CertScope cert_scope_ = CertScope::kUser;
	Profile* profile_ = nullptr;
	PrefService* pref_service_ = nullptr;
	const char* pref_name_ = nullptr;
	policy::CloudPolicyClient* cloud_policy_client_ = nullptr;
	NetworkStateHandler* network_state_handler_ = nullptr;
	platform_keys::PlatformKeysService* platform_keys_service_ = nullptr;
	PrefChangeRegistrar pref_change_registrar_;
	WorkerMap workers_;
	// Collection of cert profile ids that failed recently. They will not be
	// retried until next \|DailyUpdateCerts\|. FailedWorkerInfo contains some extra
	// information about the failure. Profiles that failed with
	// kInconsistentDataError will not be stored into this collection.
	std::map<std::string /cert_profile_id/, FailedWorkerInfo>
	failed_cert_profiles_;
	// Equals true if the last attempt to update certificates failed because there
	// was no internet connection.
	bool is_waiting_for_online_ = false;

	std::unique_ptr<CertProvisioningCertsWithIdsGetter> certs_with_ids_getter_;
	std::unique_ptr<CertProvisioningCertDeleter> cert_deleter_;
	std::unique_ptr<CertProvisioningInvalidatorFactory> invalidator_factory_;

	base::WeakPtrFactory<CertProvisioningScheduler> weak_factory_{this};
	};

	} // namespace cert_provisioning
	} // namespace chromeos

	#endif // CHROME_BROWSER_CHROMEOS_CERT_PROVISIONING_CERT_PROVISIONING_SCHEDULER_H_