chromium/chrome/browser/ash/policy/core/device_local_account_policy_store.h

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_POLICY_CORE_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_
#define CHROME_BROWSER_ASH_POLICY_CORE_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_

#include <memory>
#include <string>

#include "base/functional/callback.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/ash/settings/device_settings_service.h"
#include "chromeos/ash/components/dbus/session_manager/session_manager_client.h"
#include "components/policy/core/common/cloud/cloud_policy_validator.h"
#include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"

namespace base {
class SequencedTaskRunner;
}

namespace enterprise_management {
class PolicyFetchResponse;
}

namespace policy {

// CloudPolicyStore implementation for device-local account policy. Stores/loads
// policy to/from session_manager.
class DeviceLocalAccountPolicyStore : public UserCloudPolicyStoreBase {
 public:
  DeviceLocalAccountPolicyStore(
      const std::string& account_id,
      ash::SessionManagerClient* client,
      ash::DeviceSettingsService* device_settings_service,
      scoped_refptr<base::SequencedTaskRunner> background_task_runner);

  DeviceLocalAccountPolicyStore(const DeviceLocalAccountPolicyStore&) = delete;
  DeviceLocalAccountPolicyStore& operator=(
      const DeviceLocalAccountPolicyStore&) = delete;

  ~DeviceLocalAccountPolicyStore() override;

  const std::string& account_id() const {
    DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
    return account_id_;
  }

  // CloudPolicyStore:
  void Store(const enterprise_management::PolicyFetchResponse& policy) override;
  void Load() override;

  // Loads the policy synchronously on the current thread.
  void LoadImmediately();

 protected:
  // UserCloudPolicyStoreBase:
  std::unique_ptr<UserCloudPolicyValidator> CreateValidator(
      std::unique_ptr<enterprise_management::PolicyFetchResponse> policy,
      CloudPolicyValidatorBase::ValidateTimestampOption option) override;

 private:
  // The callback invoked once policy validation is complete. Passed are the
  // used public key and the validator.
  using ValidateCompletionCallback =
      base::OnceCallback<void(const std::string&, UserCloudPolicyValidator*)>;

  // Called back by |session_manager_client_| after policy retrieval. Checks for
  // success and triggers policy validation.
  void ValidateLoadedPolicyBlob(
      bool validate_in_background,
      ash::SessionManagerClient::RetrievePolicyResponseType response_type,
      const std::string& policy_blob);

  // Updates state after validation and notifies observers.
  void UpdatePolicy(const std::string& signature_validation_public_key,
                    UserCloudPolicyValidator* validator);

  // Sends the policy blob to session_manager for storing after validation.
  void OnPolicyToStoreValidated(
      const std::string& signature_validation_public_key_unused,
      UserCloudPolicyValidator* validator);

  // Called back when a store operation completes, updates state and reloads the
  // policy if applicable.
  void HandleStoreResult(bool result);

  // Gets the owner key and triggers policy validation.
  void CheckKeyAndValidate(
      bool valid_timestamp_required,
      std::unique_ptr<enterprise_management::PolicyFetchResponse> policy,
      bool validate_in_background,
      ValidateCompletionCallback callback);

  // Triggers policy validation.
  void Validate(
      bool valid_timestamp_required,
      std::unique_ptr<enterprise_management::PolicyFetchResponse> policy,
      ValidateCompletionCallback callback,
      ash::DeviceSettingsService::OwnershipStatus ownership_status);

  const std::string account_id_;
  raw_ptr<ash::SessionManagerClient> session_manager_client_;
  raw_ptr<ash::DeviceSettingsService> device_settings_service_;

  base::WeakPtrFactory<DeviceLocalAccountPolicyStore> weak_factory_{this};
};

}  // namespace policy

#endif  // CHROME_BROWSER_ASH_POLICY_CORE_DEVICE_LOCAL_ACCOUNT_POLICY_STORE_H_