Device robot refresh token integrity validation.

chrome/browser/chromeos/settings/device_oauth2_token_service.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
 
 #include <string>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/values.h"

[Mattias Nissler (ping if slow), 2013/06/19 17:53:17]

forward-declare base::DictionaryValue?

[David Roche, 2013/06/20 17:49:29]

Moved to .cc file with new ValidatingConsumer.

 #include "chrome/browser/signin/oauth2_token_service.h"
+#include "google_apis/gaia/gaia_oauth_client.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace net {
 class URLRequestContextGetter;
 }
 
 class GoogleServiceAuthError;
 class PrefRegistrySimple;
 class PrefService;
 class Profile;
 
 namespace chromeos {
 
 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given
 // set of scopes using the device-level OAuth2 any-api refresh token
 // obtained during enterprise device enrollment.
 //
 // See |OAuth2TokenService| for usage details.
 //
 // Note that requests must be made from the UI thread.
-class DeviceOAuth2TokenService : public OAuth2TokenService {
+class DeviceOAuth2TokenService : public OAuth2TokenService,
+                                 public gaia::GaiaOAuthClient::Delegate {
  public:
   // Persist the given refresh token on the device.  Overwrites any previous
   // value.  Should only be called during initial device setup.
   void SetAndSaveRefreshToken(const std::string& refresh_token);
 
   static void RegisterPrefs(PrefRegistrySimple* registry);
 
   virtual std::string GetRefreshToken() OVERRIDE;
 
+  virtual bool StartRefreshTokenValidation(
+      const std::string refresh_token,
+      RefreshTokenValidationConsumer* consumer) OVERRIDE;
+
+  // gaia::GaiaOAuthClient::Delegate implementation.
+  virtual void OnRefreshTokenResponse(const std::string& access_token,
+                                      int expires_in_seconds) OVERRIDE;
+  virtual void OnGetTokenInfoResponse(scoped_ptr<DictionaryValue> token_info)
+      OVERRIDE;
+  virtual void OnOAuthError() OVERRIDE;
+  virtual void OnNetworkError(int response_code) OVERRIDE;
+
+ protected:
+  // Pull the robot account ID from device policy.
+  virtual std::string GetRobotAccountId();
+
  private:
   friend class DeviceOAuth2TokenServiceFactory;
-  FRIEND_TEST_ALL_PREFIXES(DeviceOAuth2TokenServiceTest, SaveEncryptedToken);
+  friend class DeviceOAuth2TokenServiceTest;
+  friend class TestDeviceOAuth2TokenService;

[Mattias Nissler (ping if slow), 2013/06/19 17:53:17]

Is this friend decl really needed?

[David Roche, 2013/06/20 17:49:29]

Yes, since the constructor/destructor is private here.

 
   // Use DeviceOAuth2TokenServiceFactory to get an instance of this class.
   explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter,
                                     PrefService* local_state);
   virtual ~DeviceOAuth2TokenService();
 
+  // Inform all waiting RefreshTokenValidationConsumer instances of the current
+  // value of refresh_token_is_valid_.
+  void InformAllConsumers();
+
+  std::vector<RefreshTokenValidationConsumer*>
+      refresh_token_validation_consumers_;
+  scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
+  bool refresh_token_is_valid_;
+  int max_refresh_token_validation_retries_;
+
   // Cache the decrypted refresh token, so we only decrypt once.
   std::string refresh_token_;
   PrefService* local_state_;
   DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_