// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_
#define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_

#include <deque>
#include <vector>

#include "base/callback.h"
#include "base/compiler_specific.h"
#include "base/macros.h"
#include "base/memory/weak_ptr.h"
#include "base/threading/thread_checker.h"
#include "chrome/browser/chromeos/settings/device_settings_service.h"
#include "chrome/browser/chromeos/settings/owner_key_util.h"
#include "chromeos/dbus/session_manager_client.h"
#include "chromeos/tpm_token_loader.h"
#include "components/keyed_service/core/keyed_service.h"
#include "content/public/browser/notification_observer.h"
#include "content/public/browser/notification_registrar.h"

class Profile;

namespace chromeos {

class SessionManagerOperation;

// This class reloads owner key from profile NSS slots.
//
// TODO (ygorshenin@): move write path for device settings here
// (crbug.com/230018).
class OwnerSettingsService : public DeviceSettingsService::PrivateKeyDelegate,
                             public KeyedService,
                             public content::NotificationObserver,
                             public TPMTokenLoader::Observer,
                             public SessionManagerClient::Observer {
 public:
  virtual ~OwnerSettingsService();

  base::WeakPtr<OwnerSettingsService> as_weak_ptr() {
    return weak_factory_.GetWeakPtr();
  }

  // DeviceSettingsService::PrivateKeyDelegate implementation:
  virtual bool IsOwner() OVERRIDE;
  virtual void IsOwnerAsync(const IsOwnerCallback& callback) OVERRIDE;
  virtual bool AssembleAndSignPolicyAsync(
      scoped_ptr<enterprise_management::PolicyData> policy,
      const AssembleAndSignPolicyCallback& callback) OVERRIDE;
  virtual void SignAndStoreAsync(
      scoped_ptr<enterprise_management::ChromeDeviceSettingsProto> settings,
      const base::Closure& callback) OVERRIDE;
  virtual void SetManagementSettingsAsync(
      enterprise_management::PolicyData::ManagementMode management_mode,
      const std::string& request_token,
      const std::string& device_id,
      const base::Closure& callback) OVERRIDE;

  // NotificationObserver implementation:
  virtual void Observe(int type,
                       const content::NotificationSource& source,
                       const content::NotificationDetails& details) OVERRIDE;

  // TPMTokenLoader::Observer:
  virtual void OnTPMTokenReady() OVERRIDE;

  // SessionManagerClient::Observer:
  virtual void OwnerKeySet(bool success) OVERRIDE;

  // Checks if the user is the device owner, without the user profile having to
  // been initialized. Should be used only if login state is in safe mode.
  static void IsOwnerForSafeModeAsync(const std::string& user_id,
                                      const std::string& user_hash,
                                      const IsOwnerCallback& callback);

  static void SetOwnerKeyUtilForTesting(
      const scoped_refptr<OwnerKeyUtil>& owner_key_util);

  static void SetDeviceSettingsServiceForTesting(
      DeviceSettingsService* device_settings_service);

 private:
  friend class OwnerSettingsServiceFactory;

  explicit OwnerSettingsService(Profile* profile);

  // Reloads private key from profile's NSS slots. Responds via call
  // to OnPrivateKeyLoaded().
  void ReloadPrivateKey();

  // Called when ReloadPrivateKey() completes it's work.
  void OnPrivateKeyLoaded(scoped_refptr<PublicKey> public_key,
                          scoped_refptr<PrivateKey> private_key);

  // Puts request to perform sign-and-store operation in the queue.
  void EnqueueSignAndStore(scoped_ptr<enterprise_management::PolicyData> policy,
                           const base::Closure& callback);

  // Performs next operation in the queue.
  void StartNextOperation();

  // Called when sign-and-store operation completes it's work.
  void HandleCompletedOperation(const base::Closure& callback,
                                SessionManagerOperation* operation,
                                DeviceSettingsService::Status status);

  // Called when it's not possible to store settings.
  void HandleError(DeviceSettingsService::Status status,
                   const base::Closure& callback);

  // Returns testing instance of OwnerKeyUtil when it's set, otherwise
  // returns |owner_key_util_|.
  scoped_refptr<OwnerKeyUtil> GetOwnerKeyUtil();

  // Returns testing instance of DeviceSettingsService when it's set,
  // otherwise returns pointer to a singleton instance, when it's
  // initialized.
  DeviceSettingsService* GetDeviceSettingsService();

  // Profile this service instance belongs to.
  Profile* profile_;

  // User ID this service instance belongs to.
  std::string user_id_;

  scoped_refptr<PublicKey> public_key_;

  scoped_refptr<PrivateKey> private_key_;

  scoped_refptr<OwnerKeyUtil> owner_key_util_;

  std::vector<IsOwnerCallback> pending_is_owner_callbacks_;

  // Whether profile still needs to be initialized.
  bool waiting_for_profile_creation_;

  // Whether TPM token still needs to be initialized.
  bool waiting_for_tpm_token_;

  // The queue of pending sign-and-store operations. The first operation on the
  // queue is currently active; it gets removed and destroyed once it completes.
  std::deque<SessionManagerOperation*> pending_operations_;

  content::NotificationRegistrar registrar_;

  base::ThreadChecker thread_checker_;

  base::WeakPtrFactory<OwnerSettingsService> weak_factory_;

  DISALLOW_COPY_AND_ASSIGN(OwnerSettingsService);
};

}  // namespace chromeos

#endif  // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_H_