chrome/browser/chromeos/settings/device_oauth2_token_service_delegate.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
   6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/callback.h"
  13 #include "base/gtest_prod_util.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "base/memory/weak_ptr.h"
  16 #include "base/stl_util.h"
  17 #include "chrome/browser/chromeos/settings/cros_settings.h"
  18 #include "google_apis/gaia/gaia_oauth_client.h"
  19 #include "google_apis/gaia/oauth2_token_service_delegate.h"
  20 #include "net/url_request/url_request_context_getter.h"
  21
  22 namespace gaia {
  23 class GaiaOAuthClient;
  24 }
  25
  26 namespace net {
  27 class URLRequestContextGetter;
  28 }
  29
  30 class PrefService;
  31
  32 namespace chromeos {
  33
  34 class DeviceOAuth2TokenServiceDelegate
  35     : public OAuth2TokenServiceDelegate,
  36       public gaia::GaiaOAuthClient::Delegate {
  37  public:
  38   DeviceOAuth2TokenServiceDelegate(net::URLRequestContextGetter* getter,
  39                                    PrefService* local_state);
  40   ~DeviceOAuth2TokenServiceDelegate() override;
  41
  42   typedef base::Callback<void(bool)> StatusCallback;
  43
  44   // Persist the given refresh token on the device. Overwrites any previous
  45   // value. Should only be called during initial device setup. Signals
  46   // completion via the given callback, passing true if the operation succeeded.
  47   void SetAndSaveRefreshToken(const std::string& refresh_token,
  48                               const StatusCallback& callback);
  49
  50   // Pull the robot account ID from device policy.
  51   std::string GetRobotAccountId() const;
  52
  53   // Implementation of OAuth2TokenServiceDelegate.
  54   bool RefreshTokenIsAvailable(const std::string& account_id) const override;
  55
  56   net::URLRequestContextGetter* GetRequestContext() const override;
  57
  58   OAuth2AccessTokenFetcher* CreateAccessTokenFetcher(
  59       const std::string& account_id,
  60       net::URLRequestContextGetter* getter,
  61       OAuth2AccessTokenConsumer* consumer) override;
  62
  63   // gaia::GaiaOAuthClient::Delegate implementation.
  64   void OnRefreshTokenResponse(const std::string& access_token,
  65                               int expires_in_seconds) override;
  66   void OnGetTokenInfoResponse(
  67       scoped_ptr<base::DictionaryValue> token_info) override;
  68   void OnOAuthError() override;
  69   void OnNetworkError(int response_code) override;
  70
  71  private:
  72   friend class DeviceOAuth2TokenService;
  73   friend class DeviceOAuth2TokenServiceTest;
  74
  75   class ValidationStatusDelegate {
  76    public:
  77     virtual void OnValidationCompleted(GoogleServiceAuthError::State error) {}
  78   };
  79
  80   // Describes the operational state of this object.
  81   enum State {
  82     // Pending system salt / refresh token load.
  83     STATE_LOADING,
  84     // No token available.
  85     STATE_NO_TOKEN,
  86     // System salt loaded, validation not started yet.
  87     STATE_VALIDATION_PENDING,
  88     // Refresh token validation underway.
  89     STATE_VALIDATION_STARTED,
  90     // Token validation failed.
  91     STATE_TOKEN_INVALID,
  92     // Refresh token is valid.
  93     STATE_TOKEN_VALID,
  94   };
  95
  96   // Invoked by CrosSettings when the robot account ID becomes available.
  97   void OnServiceAccountIdentityChanged();
  98
  99   // Returns the refresh token for account_id.
 100   std::string GetRefreshToken(const std::string& account_id) const;
 101
 102   // Handles completion of the system salt input.
 103   void DidGetSystemSalt(const std::string& system_salt);
 104
 105   // Checks whether |gaia_robot_id| matches the expected account ID indicated in
 106   // device settings.
 107   void CheckRobotAccountId(const std::string& gaia_robot_id);
 108
 109   // Encrypts and saves the refresh token. Should only be called when the system
 110   // salt is available.
 111   void EncryptAndSaveToken();
 112
 113   // Starts the token validation flow, i.e. token info fetch.
 114   void StartValidation();
 115
 116   // Flushes |token_save_callbacks_|, indicating the specified result.
 117   void FlushTokenSaveCallbacks(bool result);
 118
 119   void RequestValidation();
 120
 121   void SetValidationStatusDelegate(ValidationStatusDelegate* delegate);
 122
 123   void ReportServiceError(GoogleServiceAuthError::State error);
 124
 125   // Dependencies.
 126   scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_;
 127   PrefService* local_state_;
 128
 129   // Current operational state.
 130   State state_;
 131
 132   // Token save callbacks waiting to be completed.
 133   std::vector<StatusCallback> token_save_callbacks_;
 134
 135   // The system salt for encrypting and decrypting the refresh token.
 136   std::string system_salt_;
 137
 138   int max_refresh_token_validation_retries_;
 139
 140   // Flag to indicate whether there are pending requests.
 141   bool validation_requested_;
 142
 143   // Validation status delegate
 144   ValidationStatusDelegate* validation_status_delegate_;
 145
 146   // Cache the decrypted refresh token, so we only decrypt once.
 147   std::string refresh_token_;
 148
 149   scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
 150
 151   scoped_ptr<CrosSettings::ObserverSubscription>
 152       service_account_identity_subscription_;
 153
 154   base::WeakPtrFactory<DeviceOAuth2TokenServiceDelegate> weak_ptr_factory_;
 155
 156   DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenServiceDelegate);
 157 };
 158
 159 }  // namespace chromeos
 160
 161 #endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_DELEGATE_H_