Device robot refresh token integrity validation.

chrome/browser/chromeos/settings/device_oauth2_token_service.h

Index: chrome/browser/chromeos/settings/device_oauth2_token_service.h
diff --git a/chrome/browser/chromeos/settings/device_oauth2_token_service.h b/chrome/browser/chromeos/settings/device_oauth2_token_service.h
index 9d4bc6a6890a7323c5d88689249a9d8c1e203358..dc35af8ae21992b04367adba9ced61816e4fc466 100644
--- a/chrome/browser/chromeos/settings/device_oauth2_token_service.h
+++ b/chrome/browser/chromeos/settings/device_oauth2_token_service.h
@@ -6,11 +6,14 @@
 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
 
 #include <string>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/values.h"

[Mattias Nissler (ping if slow), 2013/06/19 17:53:17]

forward-declare base::DictionaryValue?

[David Roche, 2013/06/20 17:49:29]

Moved to .cc file with new ValidatingConsumer.

 #include "chrome/browser/signin/oauth2_token_service.h"
+#include "google_apis/gaia/gaia_oauth_client.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace net {
@@ -31,7 +34,8 @@ namespace chromeos {
 // See |OAuth2TokenService| for usage details.
 //
 // Note that requests must be made from the UI thread.
-class DeviceOAuth2TokenService : public OAuth2TokenService {
+class DeviceOAuth2TokenService : public OAuth2TokenService,
+                                 public gaia::GaiaOAuthClient::Delegate {
  public:
   // Persist the given refresh token on the device.  Overwrites any previous
   // value.  Should only be called during initial device setup.
@@ -41,15 +45,42 @@ class DeviceOAuth2TokenService : public OAuth2TokenService {
 
   virtual std::string GetRefreshToken() OVERRIDE;
 
+  virtual bool StartRefreshTokenValidation(
+      const std::string refresh_token,
+      RefreshTokenValidationConsumer* consumer) OVERRIDE;
+
+  // gaia::GaiaOAuthClient::Delegate implementation.
+  virtual void OnRefreshTokenResponse(const std::string& access_token,
+                                      int expires_in_seconds) OVERRIDE;
+  virtual void OnGetTokenInfoResponse(scoped_ptr<DictionaryValue> token_info)
+      OVERRIDE;
+  virtual void OnOAuthError() OVERRIDE;
+  virtual void OnNetworkError(int response_code) OVERRIDE;
+
+ protected:
+  // Pull the robot account ID from device policy.
+  virtual std::string GetRobotAccountId();
+
  private:
   friend class DeviceOAuth2TokenServiceFactory;
-  FRIEND_TEST_ALL_PREFIXES(DeviceOAuth2TokenServiceTest, SaveEncryptedToken);
+  friend class DeviceOAuth2TokenServiceTest;
+  friend class TestDeviceOAuth2TokenService;

[Mattias Nissler (ping if slow), 2013/06/19 17:53:17]

Is this friend decl really needed?

[David Roche, 2013/06/20 17:49:29]

Yes, since the constructor/destructor is private here.

 
   // Use DeviceOAuth2TokenServiceFactory to get an instance of this class.
   explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter,
                                     PrefService* local_state);
   virtual ~DeviceOAuth2TokenService();
 
+  // Inform all waiting RefreshTokenValidationConsumer instances of the current
+  // value of refresh_token_is_valid_.
+  void InformAllConsumers();
+
+  std::vector<RefreshTokenValidationConsumer*>
+      refresh_token_validation_consumers_;
+  scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
+  bool refresh_token_is_valid_;
+  int max_refresh_token_validation_retries_;
+
   // Cache the decrypted refresh token, so we only decrypt once.
   std::string refresh_token_;
   PrefService* local_state_;