| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ |
| 7 | 7 |
| 8 #include <set> |
| 8 #include <string> | 9 #include <string> |
| 9 | 10 |
| 10 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 11 #include "base/gtest_prod_util.h" | 12 #include "base/gtest_prod_util.h" |
| 12 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/stl_util.h" |
| 15 #include "base/time.h" |
| 13 #include "chrome/browser/signin/oauth2_token_service.h" | 16 #include "chrome/browser/signin/oauth2_token_service.h" |
| 17 #include "google_apis/gaia/gaia_oauth_client.h" |
| 14 #include "net/url_request/url_request_context_getter.h" | 18 #include "net/url_request/url_request_context_getter.h" |
| 15 | 19 |
| 16 namespace net { | 20 namespace net { |
| 17 class URLRequestContextGetter; | 21 class URLRequestContextGetter; |
| 18 } | 22 } |
| 19 | 23 |
| 20 class GoogleServiceAuthError; | 24 class GoogleServiceAuthError; |
| 21 class PrefRegistrySimple; | 25 class PrefRegistrySimple; |
| 22 class PrefService; | 26 class PrefService; |
| 23 class Profile; | 27 class Profile; |
| 24 | 28 |
| 25 namespace chromeos { | 29 namespace chromeos { |
| 26 | 30 |
| 27 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given | 31 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given |
| 28 // set of scopes using the device-level OAuth2 any-api refresh token | 32 // set of scopes using the device-level OAuth2 any-api refresh token |
| 29 // obtained during enterprise device enrollment. | 33 // obtained during enterprise device enrollment. |
| 30 // | 34 // |
| 31 // See |OAuth2TokenService| for usage details. | 35 // See |OAuth2TokenService| for usage details. |
| 32 // | 36 // |
| 33 // Note that requests must be made from the UI thread. | 37 // Note that requests must be made from the UI thread. |
| 34 class DeviceOAuth2TokenService : public OAuth2TokenService { | 38 class DeviceOAuth2TokenService : public OAuth2TokenService { |
| 35 public: | 39 public: |
| 40 // Specialization of StartRequest that in parallel validates that the refresh |
| 41 // token stored on the device is owned by the device service account. |
| 42 virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes, |
| 43 Consumer* consumer) OVERRIDE; |
| 44 |
| 36 // Persist the given refresh token on the device. Overwrites any previous | 45 // Persist the given refresh token on the device. Overwrites any previous |
| 37 // value. Should only be called during initial device setup. | 46 // value. Should only be called during initial device setup. |
| 38 void SetAndSaveRefreshToken(const std::string& refresh_token); | 47 void SetAndSaveRefreshToken(const std::string& refresh_token); |
| 39 | 48 |
| 40 static void RegisterPrefs(PrefRegistrySimple* registry); | 49 static void RegisterPrefs(PrefRegistrySimple* registry); |
| 41 | 50 |
| 42 virtual std::string GetRefreshToken() OVERRIDE; | 51 virtual std::string GetRefreshToken() OVERRIDE; |
| 43 | 52 |
| 53 protected: |
| 54 // Pull the robot account ID from device policy. |
| 55 virtual std::string GetRobotAccountId(); |
| 56 |
| 44 private: | 57 private: |
| 58 class ValidatingConsumer; |
| 59 friend class ValidatingConsumer; |
| 45 friend class DeviceOAuth2TokenServiceFactory; | 60 friend class DeviceOAuth2TokenServiceFactory; |
| 46 FRIEND_TEST_ALL_PREFIXES(DeviceOAuth2TokenServiceTest, SaveEncryptedToken); | 61 friend class DeviceOAuth2TokenServiceTest; |
| 62 friend class TestDeviceOAuth2TokenService; |
| 47 | 63 |
| 48 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. | 64 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. |
| 49 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, | 65 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, |
| 50 PrefService* local_state); | 66 PrefService* local_state); |
| 51 virtual ~DeviceOAuth2TokenService(); | 67 virtual ~DeviceOAuth2TokenService(); |
| 52 | 68 |
| 69 void OnValidationComplete(ValidatingConsumer* validator, bool token_is_valid); |
| 70 |
| 71 bool refresh_token_is_valid_; |
| 72 int max_refresh_token_validation_retries_; |
| 73 |
| 74 scoped_ptr<std::set<ValidatingConsumer*> > pending_validators_; |
| 75 |
| 53 // Cache the decrypted refresh token, so we only decrypt once. | 76 // Cache the decrypted refresh token, so we only decrypt once. |
| 54 std::string refresh_token_; | 77 std::string refresh_token_; |
| 55 PrefService* local_state_; | 78 PrefService* local_state_; |
| 56 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); | 79 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); |
| 57 }; | 80 }; |
| 58 | 81 |
| 59 } // namespace chromeos | 82 } // namespace chromeos |
| 60 | 83 |
| 61 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ | 84 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17109006:
Device robot refresh token integrity validation. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master