// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/policy/enterprise_install_attributes.h"

#include "base/logging.h"
#include "chrome/browser/chromeos/cros/cryptohome_library.h"

static const char kAttrEnterpriseOwned[] = "enterprise.owned";
static const char kAttrEnterpriseUser[] = "enterprise.user";

namespace policy {

EnterpriseInstallAttributes::EnterpriseInstallAttributes(
    chromeos::CryptohomeLibrary* cryptohome)
    : cryptohome_(cryptohome),
      device_locked_(false) {}

EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice(
    const std::string& user) {
  // Check for existing lock first.
  if (device_locked_) {
    return !registration_user_.empty() && user == registration_user_ ?
        LOCK_SUCCESS : LOCK_WRONG_USER;
  }

  if (!cryptohome_->InstallAttributesIsReady())
    return LOCK_NOT_READY;

  // Clearing the TPM password seems to be always a good deal.
  if (cryptohome_->TpmIsEnabled() &&
      !cryptohome_->TpmIsBeingOwned() &&
      cryptohome_->TpmIsOwned()) {
    cryptohome_->TpmClearStoredPassword();
  }

  // Make sure we really have a working InstallAttrs.
  if (cryptohome_->InstallAttributesIsInvalid()) {
    LOG(ERROR) << "Install attributes invalid.";
    return LOCK_BACKEND_ERROR;
  }

  if (!cryptohome_->InstallAttributesIsFirstInstall())
    return LOCK_WRONG_USER;

  // Set values in the InstallAttrs and lock it.
  if (!cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true") ||
      !cryptohome_->InstallAttributesSet(kAttrEnterpriseUser, user)) {
    LOG(ERROR) << "Failed writing attributes";
    return LOCK_BACKEND_ERROR;
  }

  if (!cryptohome_->InstallAttributesFinalize() ||
      cryptohome_->InstallAttributesIsFirstInstall() ||
      GetRegistrationUser() != user) {
    LOG(ERROR) << "Failed locking.";
    return LOCK_BACKEND_ERROR;
  }

  return LOCK_SUCCESS;
}

bool EnterpriseInstallAttributes::IsEnterpriseDevice() {
  ReadImmutableAttributes();
  return device_locked_ && !registration_user_.empty();
}

std::string EnterpriseInstallAttributes::GetRegistrationUser() {
  ReadImmutableAttributes();

  if (!device_locked_)
    return std::string();

  return registration_user_;
}

std::string EnterpriseInstallAttributes::GetDomain() {
  if (!IsEnterpriseDevice())
    return std::string();

  std::string domain;
  size_t pos = registration_user_.find('@');
  if (pos != std::string::npos)
    domain = registration_user_.substr(pos + 1);

  return domain;
}

void EnterpriseInstallAttributes::ReadImmutableAttributes() {
  if (device_locked_)
    return;

  if (cryptohome_ &&
      cryptohome_->InstallAttributesIsReady() &&
      !cryptohome_->InstallAttributesIsInvalid() &&
      !cryptohome_->InstallAttributesIsFirstInstall()) {
    device_locked_ = true;
    std::string enterprise_owned;
    std::string enterprise_user;
    if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned,
                                          &enterprise_owned) &&
        cryptohome_->InstallAttributesGet(kAttrEnterpriseUser,
                                          &enterprise_user) &&
        enterprise_owned == "true" &&
        !enterprise_user.empty()) {
      registration_user_ = enterprise_user;
    }
  }
}

}  // namespace policy