Hook up ProximityAuthSystem in EasyUnlockService.

chrome/browser/signin/easy_unlock_service_regular.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/easy_unlock_service_regular.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/scoped_user_pref_update.h"
 #include "base/sys_info.h"
 #include "base/time/default_clock.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/services/gcm/gcm_profile_service.h"
 #include "chrome/browser/services/gcm/gcm_profile_service_factory.h"
 #include "chrome/browser/signin/chrome_proximity_auth_client.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/common/extensions/api/easy_unlock_private.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/login/user_names.h"
 #include "components/pref_registry/pref_registry_syncable.h"
+#include "components/proximity_auth/cryptauth/base64url.h"
 #include "components/proximity_auth/cryptauth/cryptauth_access_token_fetcher.h"
 #include "components/proximity_auth/cryptauth/cryptauth_client_impl.h"
-#include "components/proximity_auth/cryptauth/cryptauth_device_manager.h"
 #include "components/proximity_auth/cryptauth/cryptauth_enrollment_manager.h"
 #include "components/proximity_auth/cryptauth/cryptauth_enrollment_utils.h"
 #include "components/proximity_auth/cryptauth/cryptauth_gcm_manager_impl.h"
 #include "components/proximity_auth/cryptauth/secure_message_delegate.h"
 #include "components/proximity_auth/cryptauth_enroller_factory_impl.h"
 #include "components/proximity_auth/logging/logging.h"
+#include "components/proximity_auth/proximity_auth_system.h"
+#include "components/proximity_auth/remote_device_loader.h"
 #include "components/proximity_auth/screenlock_bridge.h"
 #include "components/proximity_auth/switches.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "components/translate/core/browser/translate_download_manager.h"
 #include "components/version_info/version_info.h"
 #include "content/public/browser/browser_thread.h"
 #include "extensions/browser/event_router.h"
 #include "extensions/common/constants.h"
 #include "google_apis/gaia/gaia_auth_util.h"
@@ skipping 20 matching lines @@
 // Key name of the remote device list in kEasyUnlockPairing.
 const char kKeyDevices[] = "devices";
 
 }  // namespace
 
 EasyUnlockServiceRegular::EasyUnlockServiceRegular(Profile* profile)
     : EasyUnlockService(profile),
       turn_off_flow_status_(EasyUnlockService::IDLE),
       will_unlock_using_easy_unlock_(false),
       lock_screen_last_shown_timestamp_(base::TimeTicks::Now()),
-      weak_ptr_factory_(this) {
-}
+      deferring_device_load_(false),
+      weak_ptr_factory_(this) {}
 
 EasyUnlockServiceRegular::~EasyUnlockServiceRegular() {
 }
 
 proximity_auth::CryptAuthEnrollmentManager*
 EasyUnlockServiceRegular::GetCryptAuthEnrollmentManager() {
   return enrollment_manager_.get();
 }
 
 proximity_auth::CryptAuthDeviceManager*
 EasyUnlockServiceRegular::GetCryptAuthDeviceManager() {
   return device_manager_.get();
 }
 
+void EasyUnlockServiceRegular::LoadRemoteDevices() {

[sacomoto, 2015/09/30 16:46:40]

After the setup is completed we need to sync the devices from CryptAuth. Maybe
you could trigger it from |SetBleRemoteDevices|, which is the last thing called
from the setup flow.

[Tim Song, 2015/09/30 19:13:39]

That sounds good.

+  if (device_manager_->unlock_keys().empty()) {
+    OnRemoteDeviceChanged(nullptr);
+    return;
+  }
+
+  remote_device_loader_.reset(new proximity_auth::RemoteDeviceLoader(
+      device_manager_->unlock_keys(), proximity_auth_client()->GetAccountId(),
+      enrollment_manager_->GetUserPrivateKey(),
+      proximity_auth_client()->CreateSecureMessageDelegate()));
+  remote_device_loader_->Load(
+      base::Bind(&EasyUnlockServiceRegular::OnRemoteDevicesLoaded,
+                 weak_ptr_factory_.GetWeakPtr()));
+}
+
+void EasyUnlockServiceRegular::OnRemoteDevicesLoaded(
+    const std::vector<proximity_auth::RemoteDevice>& remote_devices) {
+  // TODO(tengs): We only support unlocking with one remote device at the
+  // moment. We need to revisit once multiple devices are supported.
+  OnRemoteDeviceChanged(&remote_devices[0]);
+
+#if defined(OS_CHROMEOS)
+  // We need to store a copy of |remote devices_| in the TPM, so it can be
+  // retrieved on the sign-in screen when a user session has not been started
+  // yet.
+  scoped_ptr<base::ListValue> device_list(new base::ListValue());
+  for (const auto& device : remote_devices) {
+    scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
+    std::string b64_public_key, b64_psk;
+    proximity_auth::Base64UrlEncode(device.public_key, &b64_public_key);
+    proximity_auth::Base64UrlEncode(device.persistent_symmetric_key, &b64_psk);
+
+    dict->SetString("name", device.name);
+    dict->SetString("psk", b64_psk);
+    dict->SetString("bluetoothAddress", device.bluetooth_address);
+    dict->SetString("permitId", "permit://google.com/easyunlock/v1/" +
+                                    proximity_auth_client()->GetAccountId());
+    dict->SetString("permitRecord.id", b64_public_key);
+    dict->SetString("permitRecord.type", "license");
+    dict->SetString("permitRecord.data", b64_public_key);
+    device_list->Append(dict.Pass());
+  }
+
+  // TODO(tengs): Rename this function after the easy_unlock app is replaced.
+  SetRemoteDevices(*device_list);
+#endif
+}
+
 EasyUnlockService::Type EasyUnlockServiceRegular::GetType() const {
   return EasyUnlockService::TYPE_REGULAR;
 }
 
 std::string EasyUnlockServiceRegular::GetUserEmail() const {
   const SigninManagerBase* signin_manager =
       SigninManagerFactory::GetForProfileIfExists(profile());
   // |profile| has to be a signed-in profile with SigninManager already
   // created. Otherwise, just crash to collect stack.
   DCHECK(signin_manager);
@@ skipping 205 matching lines @@
   proximity_auth::ScreenlockBridge::Get()->AddObserver(this);
   registrar_.Init(profile()->GetPrefs());
   registrar_.Add(
       prefs::kEasyUnlockAllowed,
       base::Bind(&EasyUnlockServiceRegular::OnPrefsChanged,
                  base::Unretained(this)));
   registrar_.Add(prefs::kEasyUnlockProximityRequired,
                  base::Bind(&EasyUnlockServiceRegular::OnPrefsChanged,
                             base::Unretained(this)));
 
+  OnPrefsChanged();
+
 #if defined(OS_CHROMEOS)
   if (base::CommandLine::ForCurrentProcess()->HasSwitch(
-          proximity_auth::switches::kEnableBluetoothLowEnergyDiscovery))
+          proximity_auth::switches::kEnableBluetoothLowEnergyDiscovery)) {
     InitializeCryptAuth();
+    LoadRemoteDevices();
+  }
 #endif
-
-  OnPrefsChanged();
 }
 
 void EasyUnlockServiceRegular::ShutdownInternal() {
 #if defined(OS_CHROMEOS)
   short_lived_user_context_.reset();
 #endif
 
   turn_off_flow_status_ = EasyUnlockService::IDLE;
   registrar_.RemoveAll();
   proximity_auth::ScreenlockBridge::Get()->RemoveObserver(this);
@@ skipping 21 matching lines @@
 #else
   // TODO(xiyuan): Revisit when non-chromeos platforms are supported.
   return false;
 #endif
 }
 
 void EasyUnlockServiceRegular::OnWillFinalizeUnlock(bool success) {
   will_unlock_using_easy_unlock_ = success;
 }
 
-void EasyUnlockServiceRegular::OnSuspendDone() {
+void EasyUnlockServiceRegular::OnSuspendDoneInternal() {
   lock_screen_last_shown_timestamp_ = base::TimeTicks::Now();
 }
 
 void EasyUnlockServiceRegular::OnRefreshTokenAvailable(
     const std::string& account_id) {
   if (account_id == proximity_auth_client()->GetAccountId()) {
     OAuth2TokenService* token_service =
         ProfileOAuth2TokenServiceFactory::GetForProfile(profile());
     token_service->RemoveObserver(this);
 #if defined(OS_CHROMEOS)
-    InitializeCryptAuth();
+    enrollment_manager_->Start();
+    device_manager_->Start();
 #endif
   }
 }
 
+void EasyUnlockServiceRegular::OnSyncFinished(
+    proximity_auth::CryptAuthDeviceManager::SyncResult sync_result,
+    proximity_auth::CryptAuthDeviceManager::DeviceChangeResult
+        device_change_result) {
+  if (device_change_result !=
+      proximity_auth::CryptAuthDeviceManager::DeviceChangeResult::CHANGED)
+    return;
+
+  if (proximity_auth::ScreenlockBridge::Get()->IsLocked()) {
+    PA_LOG(INFO) << "Deferring device load until screen is unlocked.";
+    deferring_device_load_ = true;
+  } else {
+    LoadRemoteDevices();
+  }
+}
+
 void EasyUnlockServiceRegular::OnScreenDidLock(
     proximity_auth::ScreenlockBridge::LockHandler::ScreenType screen_type) {
   will_unlock_using_easy_unlock_ = false;
   lock_screen_last_shown_timestamp_ = base::TimeTicks::Now();
 }
 
 void EasyUnlockServiceRegular::OnScreenDidUnlock(
     proximity_auth::ScreenlockBridge::LockHandler::ScreenType screen_type) {
   // Notifications of signin screen unlock events can also reach this code path;
   // disregard them.
   if (screen_type != proximity_auth::ScreenlockBridge::LockHandler::LOCK_SCREEN)
     return;
 
   // Only record metrics for users who have enabled the feature.
   if (IsEnabled()) {
     EasyUnlockAuthEvent event =
         will_unlock_using_easy_unlock_
             ? EASY_UNLOCK_SUCCESS
             : GetPasswordAuthEvent();
     RecordEasyUnlockScreenUnlockEvent(event);
 
     if (will_unlock_using_easy_unlock_) {
       RecordEasyUnlockScreenUnlockDuration(
           base::TimeTicks::Now() - lock_screen_last_shown_timestamp_);
     }
   }
 
   will_unlock_using_easy_unlock_ = false;
+
+  // If we synced remote devices while the screen was locked, we can now load
+  // the new remote devices.
+  if (deferring_device_load_) {
+    PA_LOG(INFO) << "Loading deferred devices after screen unlock.";
+    deferring_device_load_ = false;
+    LoadRemoteDevices();
+  }
 }
 
 void EasyUnlockServiceRegular::OnFocusedUserChanged(
     const std::string& user_id) {
   // Nothing to do.
 }
 
 void EasyUnlockServiceRegular::OnPrefsChanged() {
   SyncProfilePrefsToLocalState();
   UpdateAppState();
@@ skipping 80 matching lines @@
   // Note: The unit of this measument is in milli-inches.
   device_info.set_device_display_diagonal_mils(diagonal_in_inches * 1000.0);
 #else
 // TODO(tengs): Fill in device information for other platforms.
 #endif
   return device_info;
 }
 
 #if defined(OS_CHROMEOS)
 void EasyUnlockServiceRegular::InitializeCryptAuth() {
-  OAuth2TokenService* token_service =
-      ProfileOAuth2TokenServiceFactory::GetForProfile(profile());
-  if (!token_service->RefreshTokenIsAvailable(
-          proximity_auth_client()->GetAccountId())) {
-    PA_LOG(INFO) << "Refresh token not yet available.";
-    token_service->AddObserver(this);
-    return;
-  }
-
   PA_LOG(INFO) << "Initializing CryptAuth managers.";
   // Initialize GCM manager.
   gcm_manager_.reset(new proximity_auth::CryptAuthGCMManagerImpl(
       gcm::GCMProfileServiceFactory::GetForProfile(profile())->driver(),
       proximity_auth_client()->GetPrefService()));
   gcm_manager_->StartListening();
 
   // Initialize enrollment manager.
   cryptauth::GcmDeviceInfo device_info;
   enrollment_manager_.reset(new proximity_auth::CryptAuthEnrollmentManager(
       make_scoped_ptr(new base::DefaultClock()),
       make_scoped_ptr(new proximity_auth::CryptAuthEnrollerFactoryImpl(
           proximity_auth_client())),
       proximity_auth_client()->CreateSecureMessageDelegate(),
       GetGcmDeviceInfo(), gcm_manager_.get(),
       proximity_auth_client()->GetPrefService()));
-  enrollment_manager_->Start();
 
   // Initialize device manager.
   device_manager_.reset(new proximity_auth::CryptAuthDeviceManager(
       make_scoped_ptr(new base::DefaultClock()),
       proximity_auth_client()->CreateCryptAuthClientFactory(),
       gcm_manager_.get(), proximity_auth_client()->GetPrefService()));
+
+  OAuth2TokenService* token_service =
+      ProfileOAuth2TokenServiceFactory::GetForProfile(profile());
+  if (!token_service->RefreshTokenIsAvailable(
+          proximity_auth_client()->GetAccountId())) {
+    PA_LOG(INFO) << "Refresh token not yet available, "
+                 << "waiting before starting CryptAuth managers";
+    token_service->AddObserver(this);
+  }
+
+  device_manager_->AddObserver(this);
+  enrollment_manager_->Start();
   device_manager_->Start();
 }
 #endif