Encrypted OAuth1 all access token and secret with system salt for now, will replace this with use...

chrome/browser/chromeos/login/login_utils.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/login_utils.h"
 
 #include <vector>
 
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
@@ skipping 266 matching lines @@
   // Given the authenticated credentials from the cookie jar, try to exchange
   // fetch OAuth request, v1 and v2 tokens.
   void FetchOAuth1AccessToken(Profile* auth_profile);
 
   // Given the credentials try to exchange them for
   // full-fledged Google authentication cookies.
   virtual void FetchCookies(
       Profile* profile,
       const GaiaAuthConsumer::ClientLoginResult& credentials) OVERRIDE;
 
+  // Starts process of fetching OAuth2 tokens (based on OAuth1 tokens found
+  // in |user_profile|) and kicks off internal services that depend on them.
+  virtual void StartTokenServices(Profile* user_profile) OVERRIDE;
+
   // Supply credentials for sync and others to use.
   virtual void StartSync(
       Profile* profile,
       const GaiaAuthConsumer::ClientLoginResult& credentials) OVERRIDE;
 
   // Sets the current background view.
   virtual void SetBackgroundView(
       chromeos::BackgroundView* background_view) OVERRIDE;
 
   // Gets the current background view.
@@ skipping 284 matching lines @@
     const GaiaAuthConsumer::ClientLoginResult& credentials) {
   // Take the credentials passed in and try to exchange them for
   // full-fledged Google authentication cookies.  This is
   // best-effort; it's possible that we'll fail due to network
   // troubles or some such.
   // CookieFetcher will delete itself once done.
   CookieFetcher* cf = new CookieFetcher(profile);
   cf->AttemptFetch(credentials.data);
 }
 
+void LoginUtilsImpl::StartTokenServices(Profile* user_profile) {
+  std::string oauth1_token;
+  std::string oauth1_secret;
+  if (!ReadOAuth1AccessToken(user_profile, &oauth1_token, &oauth1_secret))
+    return;
+
+  FetchSecondaryTokens(user_profile->GetOffTheRecordProfile(), oauth1_token,
+                       oauth1_secret);
+}
+
 void LoginUtilsImpl::StartSync(
     Profile* user_profile,
     const GaiaAuthConsumer::ClientLoginResult& credentials) {
   TokenService* token_service = user_profile->GetTokenService();
   static bool initialized = false;
   if (!initialized) {
     initialized = true;
 
     // Set the CrOS user by getting this constructor run with the
     // user's email on first retrieval.
@@ skipping 262 matching lines @@
 
 void LoginUtilsImpl::FetchSecondaryTokens(Profile* offrecord_profile,
                                           const std::string& token,
                                           const std::string& secret) {
   FetchPolicyToken(offrecord_profile, token, secret);
   // TODO(rickcam, zelidrag): Wire TokenService there when it becomes
   // capable of handling OAuth1 tokens directly.
 }
 
 bool LoginUtilsImpl::ReadOAuth1AccessToken(Profile* user_profile,
-                                     std::string* token,
-                                     std::string* secret) {
+                                           std::string* token,
+                                           std::string* secret) {
   PrefService* pref_service = user_profile->GetPrefs();
-  *token = pref_service->GetString(prefs::kOAuth1Token);
-  *secret = pref_service->GetString(prefs::kOAuth1Secret);
-  if (!token->length() || !secret->length())
+  std::string encoded_token = pref_service->GetString(prefs::kOAuth1Token);
+  std::string encoded_secret = pref_service->GetString(prefs::kOAuth1Secret);
+  if (!encoded_token.length() || !encoded_secret.length())
     return false;
 
+  std::string decoded_token = authenticator_->DecryptToken(encoded_token);
+  std::string decoded_secret = authenticator_->DecryptToken(encoded_secret);
+  if (!decoded_token.length() || !decoded_secret.length())
+    return false;
+
+  *token = decoded_token;
+  *secret = decoded_secret;
   return true;
 }
 
 void LoginUtilsImpl::StoreOAuth1AccessToken(Profile* user_profile,
                                             const std::string& token,
                                             const std::string& secret) {
   // First store OAuth1 token + service for the current user profile...
   PrefService* pref_service = user_profile->GetPrefs();
-  pref_service->SetString(prefs::kOAuth1Token, token);
-  pref_service->SetString(prefs::kOAuth1Secret, secret);
+  pref_service->SetString(prefs::kOAuth1Token,
+                          authenticator_->EncryptToken(token));
+  pref_service->SetString(prefs::kOAuth1Secret,
+                          authenticator_->EncryptToken(secret));
 
   // ...then record the presence of valid OAuth token for this account in local
   // state as well.
   UserManager::Get()->SaveUserOAuthStatus(username_,
       UserManager::OAUTH_TOKEN_STATUS_VALID);
 }
 
 void LoginUtilsImpl::FetchCredentials(Profile* user_profile,
                                       const std::string& token,
                                       const std::string& secret) {
@@ skipping 54 matching lines @@
   // Mark login host for deletion after browser starts.  This
   // guarantees that the message loop will be referenced by the
   // browser before it is dereferenced by the login host.
   if (login_host) {
     login_host->OnSessionStart();
     login_host = NULL;
   }
 }
 
 }  // namespace chromeos