Add AndroidManagementClient

chrome/browser/chromeos/policy/android_management_client.cc

+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/android_management_client.h"
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/guid.h"
+#include "base/logging.h"
+#include "components/policy/core/common/cloud/device_management_service.h"
+#include "google_apis/gaia/gaia_constants.h"
+#include "google_apis/gaia/google_service_auth_error.h"
+#include "policy/proto/device_management_backend.pb.h"
+
+namespace em = enterprise_management;
+
+namespace {
+const char* fake_access_token = nullptr;
+}
+
+namespace policy {
+
+AndroidManagementClient::AndroidManagementClient(
+    DeviceManagementService* service,
+    scoped_refptr<net::URLRequestContextGetter> request_context,
+    const std::string& account_id,
+    OAuth2TokenService* token_service)
+    : OAuth2TokenService::Consumer("android_management_client"),
+      service_(service),
+      request_context_(request_context),
+      account_id_(account_id),
+      token_service_(token_service),
+      weak_ptr_factory_(this) {}
+
+AndroidManagementClient::~AndroidManagementClient() {}
+
+void AndroidManagementClient::StartCheckAndroidManagement(
+    const StatusCallback& callback) {
+  DCHECK(service_);
+  DCHECK(callback_.is_null());
+
+  callback_ = callback;
+
+  if (fake_access_token)
+    CheckAndroidManagement(fake_access_token);
+  else
+    RequestAccessToken();
+}
+
+// static
+void AndroidManagementClient::SetAccessTokenForTesting(

[Thiemo Nagel, 2016/04/28 13:26:59]

What would you think of passing the access token through the constructor and
running RequestAccessToken() if the passed token is empty?  That would allow to
remove the SetAccessTokenForTesting() method and the fake_access_token global.

[Polina Bondarenko, 2016/04/28 16:18:40]

Removed fake access token at all. It's possible to use
FakeProfileOAuth2TokenService as a token_service_ to issue right tokens. See
unittest.

+    const char* access_token) {
+  fake_access_token = access_token;
+}
+
+void AndroidManagementClient::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+  DCHECK_EQ(token_request_.get(), request);
+  token_request_.reset();
+
+  CheckAndroidManagement(access_token);
+}
+
+void AndroidManagementClient::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  DCHECK_EQ(token_request_.get(), request);
+  token_request_.reset();
+  LOG(ERROR) << "Token request failed: " << error.ToString();
+
+  callback_.Run(policy::AndroidManagementClient::Result::RESULT_ERROR);

[Thiemo Nagel, 2016/04/28 13:26:59]

It should be possible to drop the namespace and class qualification for
Result::RESULT_ERROR.

[Polina Bondarenko, 2016/04/28 16:18:40]

Done.

+  callback_.Reset();
+}
+
+void AndroidManagementClient::RequestAccessToken() {
+  DCHECK(!token_request_);
+  // The user must be signed in already.
+  DCHECK(token_service_->RefreshTokenIsAvailable(account_id_));
+
+  OAuth2TokenService::ScopeSet scopes;
+  scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);
+  scopes.insert(GaiaConstants::kOAuthWrapBridgeUserInfoScope);
+  token_request_ = token_service_->StartRequest(account_id_, scopes, this);
+}
+
+void AndroidManagementClient::CheckAndroidManagement(
+    const std::string& access_token) {
+  request_job_.reset(service_->CreateJob(
+      DeviceManagementRequestJob::TYPE_ANDROID_MANAGEMENT_CHECK,
+      request_context_.get()));
+  request_job_->SetOAuthToken(access_token);
+  request_job_->SetClientID(base::GenerateGUID());
+  request_job_->GetRequest()->mutable_check_android_management_request();
+
+  request_job_->Start(
+      base::Bind(&AndroidManagementClient::OnAndroidManagementChecked,
+                 weak_ptr_factory_.GetWeakPtr()));
+}
+
+void AndroidManagementClient::OnAndroidManagementChecked(
+    DeviceManagementStatus status,
+    int net_error,
+    const em::DeviceManagementResponse& response) {
+  if (status == DM_STATUS_SUCCESS &&
+      !response.has_check_android_management_response()) {
+    LOG(WARNING) << "Invalid check android management response.";
+    status = DM_STATUS_RESPONSE_DECODING_ERROR;
+  }
+
+  Result result;
+  switch (status) {
+    case DM_STATUS_SUCCESS:
+      result = RESULT_UNMANAGED;
+      break;
+    case DM_STATUS_SERVICE_DEVICE_ID_CONFLICT:
+      result = RESULT_MANAGED;
+      break;
+    default:
+      result = RESULT_ERROR;
+  }
+
+  callback_.Run(result);
+  callback_.Reset();
+  request_job_.reset();

[Thiemo Nagel, 2016/04/28 13:26:59]

Nit: I'd reset the |request_job_| as early as possible, i.e. before running the
callback.

[Polina Bondarenko, 2016/04/28 16:18:40]

Done.

+}
+
+}  // namespace policy