Device robot refresh token integrity validation.

chrome/browser/chromeos/settings/device_oauth2_token_service.cc

Index: chrome/browser/chromeos/settings/device_oauth2_token_service.cc
diff --git a/chrome/browser/chromeos/settings/device_oauth2_token_service.cc b/chrome/browser/chromeos/settings/device_oauth2_token_service.cc
index 1e277a5b752425b7a0ddffdce104728f6aa8f4f9..76d508a9c8dedfd520d029c1b03f9e189f6a4e11 100644
--- a/chrome/browser/chromeos/settings/device_oauth2_token_service.cc
+++ b/chrome/browser/chromeos/settings/device_oauth2_token_service.cc
@@ -4,11 +4,19 @@
 
 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
 
+#include <string>
+#include <vector>
+
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
+#include "chrome/browser/policy/browser_policy_connector.h"
+#include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/cryptohome/cryptohome_library.h"
 #include "content/public/browser/browser_thread.h"
+#include "google_apis/gaia/gaia_urls.h"
 
 namespace chromeos {
 
@@ -16,6 +24,8 @@ DeviceOAuth2TokenService::DeviceOAuth2TokenService(
     net::URLRequestContextGetter* getter,
     PrefService* local_state)
     : OAuth2TokenService(getter),
+      refresh_token_is_valid_(false),
+      max_refresh_token_validation_retries_(3),
       local_state_(local_state) {
 }
 
@@ -49,4 +59,93 @@ std::string DeviceOAuth2TokenService::GetRefreshToken() {
   return refresh_token_;
 }
 
+bool DeviceOAuth2TokenService::StartRefreshTokenValidation(
+    const std::string refresh_token,
+    RefreshTokenValidationConsumer* consumer) {
+  DCHECK(GetRefreshToken() == refresh_token);
+  if (refresh_token_is_valid_) {
+    // The cached token never changes, so the previous validation is still good.
+    // Return false to indicate that the validation process wasn't started, and
+    // the token can be used directly.
+    return false;
+  } else {
+    refresh_token_validation_consumers_.push_back(consumer);
+    if (refresh_token_validation_consumers_.size() > 1) {
+      // A validation is already in flight, and its results will be sent to
+      // all consumers.
+      DCHECK(gaia_oauth_client_.get());
+      return true;
+    }
+
+    GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
+    gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
+        g_browser_process->system_request_context()));
+
+    gaia::OAuthClientInfo client_info;
+    client_info.client_id = gaia_urls->oauth2_chrome_client_id();
+    client_info.client_secret = gaia_urls->oauth2_chrome_client_secret();
+
+    gaia_oauth_client_->RefreshToken(
+        client_info,
+        refresh_token,
+        std::vector<std::string>(1, gaia_urls->oauth2_token_info_url()),
+        max_refresh_token_validation_retries_,
+        this);
+    return true;
+  }
+}
+
+void DeviceOAuth2TokenService::OnRefreshTokenResponse(
+    const std::string& access_token,
+    int expires_in_seconds) {
+  gaia_oauth_client_->GetTokenInfo(access_token,
+                                   max_refresh_token_validation_retries_,
+                                   this);
+}
+
+std::string DeviceOAuth2TokenService::GetRobotAccountId() {
+  policy::BrowserPolicyConnector* connector =
+      g_browser_process->browser_policy_connector();
+  if (connector) {

[Mattias Nissler (ping if slow), 2013/06/19 17:53:17]

nit: no curlies

[David Roche, 2013/06/20 17:49:29]

Done.

+    return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId();
+  }
+  return std::string();
+}
+
+void DeviceOAuth2TokenService::OnGetTokenInfoResponse(
+    scoped_ptr<DictionaryValue> token_info) {
+  std::string gaia_robot_id;
+  token_info->GetString("issued_to", &gaia_robot_id);
+
+  std::string policy_robot_id = GetRobotAccountId();
+
+  if (policy_robot_id == gaia_robot_id) {
+    refresh_token_is_valid_ = true;
+  } else {
+    if (gaia_robot_id.empty()) {
+      LOG(WARNING) << "Device service account owner in policy is empty.";
+    } else {

[Mattias Nissler (ping if slow), 2013/06/19 17:53:17]

should we clear the local state pref here for consistency?

[David Roche, 2013/06/20 17:49:29]

I figured we'd just leave it since this class refuses to use it.  Then it's
there for analysis, and also if there's a hiccup in fetching the owner from
tokeninfo, we don't nuke the refresh token on all devices.

+      LOG(INFO) << "Device service account owner in policy does not match "
+                << "refresh token.";
+    }
+  }
+  InformAllConsumers();
+}
+
+void DeviceOAuth2TokenService::OnOAuthError() {
+  InformAllConsumers();
+}
+
+void DeviceOAuth2TokenService::OnNetworkError(int response_code) {
+  InformAllConsumers();
+}
+
+void DeviceOAuth2TokenService::InformAllConsumers() {
+  for (size_t i = 0; i < refresh_token_validation_consumers_.size(); ++i) {
+    refresh_token_validation_consumers_[i]->OnRefreshTokenValidationComplete(
+        GetRefreshToken(), refresh_token_is_valid_);
+  }
+  refresh_token_validation_consumers_.empty();
+}
+
 }  // namespace chromeos