// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef LOGIN_MANAGER_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
#define LOGIN_MANAGER_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_

#include <stdint.h>

#include <map>
#include <string>
#include <vector>

#include <base/files/file_path.h>
#include <base/macros.h>
#include <base/memory/ref_counted.h>
#include <gtest/gtest.h>

#include "login_manager/policy_service.h"

namespace base {
class MessageLoopProxy;
}

namespace enterprise_management {
class ChromeDeviceSettingsProto;
}

namespace login_manager {

class PolicyKey;

// Manages policy blobs for device-local accounts, loading/storing them from/to
// disk, making sure signature checks are performed on store operations and
// restricting access to the accounts defined in device settings.
class DeviceLocalAccountPolicyService {
 public:
  // Name of the subdirectory to store policy in.
  static const base::FilePath::CharType kPolicyDir[];
  // File name of the file within |kPolicyDir| that holds the policy blob.
  static const base::FilePath::CharType kPolicyFileName[];

  DeviceLocalAccountPolicyService(
      const base::FilePath& device_local_account_dir,
      PolicyKey* owner_key,
      const scoped_refptr<base::MessageLoopProxy>& main_loop);
  ~DeviceLocalAccountPolicyService();

  // Store policy for |account_id|, return false if the device-local account is
  // not defined in device policy.
  bool Store(const std::string& account_id,
             const uint8_t* policy_data,
             uint32_t policy_data_size,
             PolicyService::Completion* completion);

  // Load policy for a given |account_id| and places the result in
  // |policy_data|. Returns true if the account exists and policy could be read
  // successfully, false otherwise.
  bool Retrieve(const std::string& account_id,
                std::vector<uint8_t>* policy_data);

  // Updates device settings, i.e. what device-local accounts are available.
  // This will purge any on-disk state for accounts that are no longer defined
  // in device settings. Later requests to Load() and Store() will respect the
  // new list of device-local accounts and fail for accounts that are not
  // present.
  void UpdateDeviceSettings(
      const enterprise_management::ChromeDeviceSettingsProto& device_settings);

 private:
  // Migrate uppercase local-account directories to their lowercase variants.
  // This is to repair the damage caused by http://crbug.com/225472.
  bool MigrateUppercaseDirs(void);

  // Obtains the PolicyService instance that manages disk storage for
  // |account_id| after checking that |account_id| is valid. The PolicyService
  // is lazily created on the fly if not present yet.
  PolicyService* GetPolicyService(const std::string& account_id);

  // Returns the identifier for a given |account_id|. The value returned is safe
  // to use as a file system name. This may fail, in which case the returned
  // string will be empty.
  std::string GetAccountKey(const std::string& account_id);

  // Checks whether the passed string is a properly formatted account key.
  bool IsValidAccountKey(const std::string& str);

  // The base path for storing device-local account information on disk.
  const base::FilePath device_local_account_dir_;

  // The policy key to verify signatures against.
  PolicyKey* owner_key_;

  // Main loop for the policy service to use.
  scoped_refptr<base::MessageLoopProxy> main_loop_;

  // Keeps lazily-created instances of the device-local account policy services.
  // The keys present in this map are kept in sync with device policy. Entries
  // that are not present are invalid, entries that contain a NULL pointer
  // indicate the respective policy blob hasn't been pulled from disk yet.
  std::map<std::string, PolicyService*> policy_map_;

  FRIEND_TEST(DeviceLocalAccountPolicyServiceTest, MigrateUppercaseDirs);

  DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService);
};

}  // namespace login_manager

#endif  // LOGIN_MANAGER_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_