Introduce maximal wait period for the lockbox to become ready.

We initialize the counter once in the constructor and never reset it because
it makes no sense to ever reset it. As the state will most probably not change
after the timeout has passed once. We still give the callers the chance to
try once but we will not allow second 10s delay to happen until the browser
is restarted.

BUG=chromium-os:31240
TEST=The simples way is to modify cryptohome to always return LOCK_NOT_READY. This is handling exceptional situation which shoud not happen on a daily basis.
TEST=Once we have proper cryptohome mocking we could mock those replies and automate this test.


Review URL: https://chromiumcodereview.appspot.com/10456053

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140286 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 36 insertions, 10 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 14ed3c8..ea6c4e5 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -15922,7 +15922,10 @@ Battery full
         This device cannot be enrolled in the domain this user account belongs to.
       </message>
       <message name="IDS_ENTERPRISE_ENROLLMENT_MODE_ERROR" desc="Error message to show when the DM Server didn't send or send unsupported enrollment mode to the client.">
-        The supplied enrollment mode is not supported by this version of the operating system. Please make sure you are running the newest version and try again.
+        The supplied enrollment mode is not supported by this version of the operating system.  Please make sure you are running the newest version and try again.
+      </message>
+      <message name="IDS_ENTERPRISE_LOCKBOX_TIMEOUT_ERROR" desc="Error message to show when the initialization of the lockbox is taking too long.">
+        Oops!  The initialization of the installation-time attributes has timed out.  Please contact your support representative.
       </message>
       <message name="IDS_ENTERPRISE_ENROLLMENT_SCREEN_TITLE" desc="The title on the enterprise enrollment dialog.">
         Enterprise enrollment
diff --git a/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.cc b/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.cc
index 4de8851..9b50a20 100644
--- a/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.cc
+++ b/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.cc
@@ -27,6 +27,8 @@ namespace {
 
 // Retry for InstallAttrs initialization every 500ms.
 const int kLockRetryIntervalMs = 500;
+// Maximum time to retry InstallAttrs initialization before we give up.
+const int kLockRetryTimeoutMs = 10 * 60 * 1000;  // 10 minutes.
 
 }  // namespace
 
@@ -37,6 +39,7 @@ EnterpriseEnrollmentScreen::EnterpriseEnrollmentScreen(
       actor_(actor),
       is_auto_enrollment_(false),
       is_showing_(false),
+      lockbox_init_duration_(0),
       ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) {
   actor_->SetController(this);
   // Init the TPM if it has not been done until now (in debug build we might
@@ -187,14 +190,21 @@ void EnterpriseEnrollmentScreen::WriteInstallAttributesData() {
       return;
     }
     case policy::EnterpriseInstallAttributes::LOCK_NOT_READY: {
-      // InstallAttributes not ready yet, retry later.
-      LOG(WARNING) << "Install Attributes not ready yet will retry in "
-                   << kLockRetryIntervalMs << "ms.";
-      MessageLoop::current()->PostDelayedTask(
-          FROM_HERE,
-          base::Bind(&EnterpriseEnrollmentScreen::WriteInstallAttributesData,
-                     weak_ptr_factory_.GetWeakPtr()),
-          base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs));
+      // We wait up to |kLockRetryTimeoutMs| milliseconds and if it hasn't
+      // succeeded by then show an error to the user and stop the enrollment.
+      if (lockbox_init_duration_ < kLockRetryTimeoutMs) {
+        // InstallAttributes not ready yet, retry later.
+        LOG(WARNING) << "Install Attributes not ready yet will retry in "
+                     << kLockRetryIntervalMs << "ms.";
+        MessageLoop::current()->PostDelayedTask(
+            FROM_HERE,
+            base::Bind(&EnterpriseEnrollmentScreen::WriteInstallAttributesData,
+                       weak_ptr_factory_.GetWeakPtr()),
+            base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs));
+        lockbox_init_duration_ += kLockRetryIntervalMs;
+      } else {
+        actor_->ShowLockboxTimeoutError();
+      }
       return;
     }
     case policy::EnterpriseInstallAttributes::LOCK_BACKEND_ERROR: {
diff --git a/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.h b/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.h
index 264329e..65b8b1e 100644
--- a/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.h
+++ b/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.h
@@ -66,6 +66,7 @@ class EnterpriseEnrollmentScreen
   bool is_auto_enrollment_;
   bool is_showing_;
   std::string user_;
+  int lockbox_init_duration_;
   scoped_ptr<policy::CloudPolicySubsystem::ObserverRegistrar> registrar_;
   base::WeakPtrFactory<EnterpriseEnrollmentScreen> weak_ptr_factory_;
 
diff --git a/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen_actor.h b/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen_actor.h
index 7976adc..4172d48 100644
--- a/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen_actor.h
+++ b/chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen_actor.h
@@ -72,6 +72,7 @@ class EnterpriseEnrollmentScreenActor {
   virtual void ShowFatalEnrollmentError() = 0;
   virtual void ShowAutoEnrollmentError() = 0;
   virtual void ShowNetworkEnrollmentError() = 0;
+  virtual void ShowLockboxTimeoutError() = 0;
 
   // Used for testing only.
   virtual void SubmitTestCredentials(const std::string& email,
diff --git a/chrome/browser/chromeos/login/enrollment/mock_enterprise_enrollment_screen.h b/chrome/browser/chromeos/login/enrollment/mock_enterprise_enrollment_screen.h
index 22868aa..3ecf589 100644
--- a/chrome/browser/chromeos/login/enrollment/mock_enterprise_enrollment_screen.h
+++ b/chrome/browser/chromeos/login/enrollment/mock_enterprise_enrollment_screen.h
@@ -40,6 +40,7 @@ class MockEnterpriseEnrollmentScreenActor
   MOCK_METHOD0(ShowFatalEnrollmentError, void());
   MOCK_METHOD0(ShowAutoEnrollmentError, void());
   MOCK_METHOD0(ShowNetworkEnrollmentError, void());
+  MOCK_METHOD0(ShowLockboxTimeoutError, void());
   MOCK_METHOD2(SubmitTestCredentials, void(const std::string& email,
                                            const std::string& password));
 };
diff --git a/chrome/browser/policy/enterprise_metrics.h b/chrome/browser/policy/enterprise_metrics.h
index 357cd38..5e12b5c 100644
--- a/chrome/browser/policy/enterprise_metrics.h
+++ b/chrome/browser/policy/enterprise_metrics.h
@@ -131,7 +131,7 @@ enum MetricEnrollment {
   kMetricEnrollmentAutoFailed,
   // Auto-enrollment was retried after having failed before.
   kMetricEnrollmentAutoRetried,
-  // Auto-enrollment was cancelled through the opt-out dialog.
+  // Auto-enrollment was canceled through the opt-out dialog.
   kMetricEnrollmentAutoCancelled,
   // Auto-enrollment succeeded.
   kMetricEnrollmentAutoOK,
@@ -141,6 +141,9 @@ enum MetricEnrollment {
   // Auto-enrollment is not supported for the mode supplied by the server.
   // This presently means trying to auto-enroll in kiosk mode.
   kMetricEnrollmentAutoEnrollmentNotSupported,
+  // The lockbox initialization has taken too long to complete and the
+  // enrollment has been canceled because of that.
+  kMetricLockboxTimeoutError,
 
   kMetricEnrollmentSize  // Must be the last.
 };
diff --git a/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.cc
index db91c9c..9950066 100644
--- a/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.cc
@@ -239,6 +239,12 @@ void EnterpriseOAuthEnrollmentScreenHandler::ShowNetworkEnrollmentError() {
   NotifyObservers(false);
 }
 
+void EnterpriseOAuthEnrollmentScreenHandler::ShowLockboxTimeoutError() {
+  UMAFailure(policy::kMetricLockboxTimeoutError);
+  ShowError(IDS_ENTERPRISE_LOCKBOX_TIMEOUT_ERROR, true);
+  NotifyObservers(false);
+}
+
 void EnterpriseOAuthEnrollmentScreenHandler::SubmitTestCredentials(
     const std::string& email,
     const std::string& password) {
diff --git a/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.h b/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.h
index e9b0f53..041a402 100644
--- a/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.h
+++ b/chrome/browser/ui/webui/chromeos/login/enterprise_oauth_enrollment_screen_handler.h
@@ -49,6 +49,7 @@ class EnterpriseOAuthEnrollmentScreenHandler
   virtual void ShowFatalEnrollmentError() OVERRIDE;
   virtual void ShowAutoEnrollmentError() OVERRIDE;
   virtual void ShowNetworkEnrollmentError() OVERRIDE;
+  virtual void ShowLockboxTimeoutError() OVERRIDE;
   virtual void SubmitTestCredentials(const std::string& email,
                                      const std::string& password) OVERRIDE;