| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ |
| 7 | 7 |
| 8 #include <set> |
| 8 #include <string> | 9 #include <string> |
| 9 | 10 |
| 10 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 11 #include "base/gtest_prod_util.h" | 12 #include "base/gtest_prod_util.h" |
| 12 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/stl_util.h" |
| 15 #include "base/time.h" |
| 16 #include "base/values.h" |
| 13 #include "chrome/browser/signin/oauth2_token_service.h" | 17 #include "chrome/browser/signin/oauth2_token_service.h" |
| 18 #include "google_apis/gaia/gaia_oauth_client.h" |
| 14 #include "net/url_request/url_request_context_getter.h" | 19 #include "net/url_request/url_request_context_getter.h" |
| 15 | 20 |
| 16 namespace net { | 21 namespace net { |
| 17 class URLRequestContextGetter; | 22 class URLRequestContextGetter; |
| 18 } | 23 } |
| 19 | 24 |
| 20 class GoogleServiceAuthError; | 25 class GoogleServiceAuthError; |
| 21 class PrefRegistrySimple; | 26 class PrefRegistrySimple; |
| 22 class PrefService; | 27 class PrefService; |
| 23 class Profile; | 28 class Profile; |
| 24 | 29 |
| 25 namespace chromeos { | 30 namespace chromeos { |
| 26 | 31 |
| 27 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given | 32 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given |
| 28 // set of scopes using the device-level OAuth2 any-api refresh token | 33 // set of scopes using the device-level OAuth2 any-api refresh token |
| 29 // obtained during enterprise device enrollment. | 34 // obtained during enterprise device enrollment. |
| 30 // | 35 // |
| 31 // See |OAuth2TokenService| for usage details. | 36 // See |OAuth2TokenService| for usage details. |
| 32 // | 37 // |
| 33 // Note that requests must be made from the UI thread. | 38 // Note that requests must be made from the UI thread. |
| 34 class DeviceOAuth2TokenService : public OAuth2TokenService { | 39 class DeviceOAuth2TokenService : public OAuth2TokenService { |
| 35 public: | 40 public: |
| 41 // Specialization of StartRequest that in parallel validates that the refresh |
| 42 // token stored on the device is owned by the device service account. |
| 43 virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes, |
| 44 Consumer* consumer) OVERRIDE; |
| 45 |
| 36 // Persist the given refresh token on the device. Overwrites any previous | 46 // Persist the given refresh token on the device. Overwrites any previous |
| 37 // value. Should only be called during initial device setup. | 47 // value. Should only be called during initial device setup. |
| 38 void SetAndSaveRefreshToken(const std::string& refresh_token); | 48 void SetAndSaveRefreshToken(const std::string& refresh_token); |
| 39 | 49 |
| 40 static void RegisterPrefs(PrefRegistrySimple* registry); | 50 static void RegisterPrefs(PrefRegistrySimple* registry); |
| 41 | 51 |
| 42 virtual std::string GetRefreshToken() OVERRIDE; | 52 virtual std::string GetRefreshToken() OVERRIDE; |
| 43 | 53 |
| 54 protected: |
| 55 // Pull the robot account ID from device policy. |
| 56 virtual std::string GetRobotAccountId(); |
| 57 |
| 44 private: | 58 private: |
| 59 class ValidatingConsumer; |
| 60 friend class ValidatingConsumer; |
| 45 friend class DeviceOAuth2TokenServiceFactory; | 61 friend class DeviceOAuth2TokenServiceFactory; |
| 46 FRIEND_TEST_ALL_PREFIXES(DeviceOAuth2TokenServiceTest, SaveEncryptedToken); | 62 friend class DeviceOAuth2TokenServiceTest; |
| 63 friend class TestDeviceOAuth2TokenService; |
| 47 | 64 |
| 48 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. | 65 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. |
| 49 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, | 66 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, |
| 50 PrefService* local_state); | 67 PrefService* local_state); |
| 51 virtual ~DeviceOAuth2TokenService(); | 68 virtual ~DeviceOAuth2TokenService(); |
| 52 | 69 |
| 70 void OnValidationComplete(ValidatingConsumer* validator, bool token_is_valid); |
| 71 |
| 72 bool refresh_token_is_valid_; |
| 73 int max_refresh_token_validation_retries_; |
| 74 |
| 75 scoped_ptr<std::set<ValidatingConsumer*> > pending_validators_; |
| 76 |
| 53 // Cache the decrypted refresh token, so we only decrypt once. | 77 // Cache the decrypted refresh token, so we only decrypt once. |
| 54 std::string refresh_token_; | 78 std::string refresh_token_; |
| 55 PrefService* local_state_; | 79 PrefService* local_state_; |
| 56 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); | 80 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); |
| 57 }; | 81 }; |
| 58 | 82 |
| 59 } // namespace chromeos | 83 } // namespace chromeos |
| 60 | 84 |
| 61 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 85 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17109006:
Device robot refresh token integrity validation. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master