WIP: Experiment with auto sign-in for chrome enterprise support.

chrome/browser/signin/signin_manager_factory.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager_factory.h"
 
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/first_run/first_run.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/signin/about_signin_internals_factory.h"
 #include "chrome/browser/signin/account_fetcher_service_factory.h"
 #include "chrome/browser/signin/account_tracker_service_factory.h"
 #include "chrome/browser/signin/chrome_signin_client_factory.h"
 #include "chrome/browser/signin/gaia_cookie_manager_service_factory.h"
 #include "chrome/browser/signin/local_auth.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "components/keyed_service/content/browser_context_dependency_manager.h"
 #include "components/prefs/pref_registry_simple.h"
+#include "components/signin/core/browser/about_signin_internals.h"
+#include "components/signin/core/browser/signin_internals_util.h"
 #include "components/signin/core/browser/signin_manager.h"
 
+#if defined(OS_WIN)
+#include "base/base64.h"
+#include "base/strings/sys_string_conversions.h"
+#include "base/win/registry.h"
+#include "base/win/win_util.h"
+#include "chrome/browser/ui/sync/one_click_signin_sync_starter.h"
+#include "components/os_crypt/os_crypt.h"
+#include "google_apis/google_api_keys.h"
+
+namespace {
+
+std::string DecryptRefreshToken(const std::string& cipher_text) {
+  std::string refresh_token;
+  if (!OSCrypt::DecryptString(cipher_text, &refresh_token)) {
+    LOG(ERROR) << "\n\n*** rogerta: unable to decrypt";
+    return std::string();
+  }
+
+  return refresh_token;
+}
+
+// This function is posted from SigninManagerFactory::BuildServiceInstanceFor()
+void StartOneClickSigninSyncStarter(Profile* profile,
+                                    const base::string16& gaia_id,
+                                    const base::string16& email,
+                                    const std::string& refresh_token) {
+  AboutSigninInternals* signin_internals =
+      AboutSigninInternalsFactory::GetInstance()
+          ->GetForProfile(profile);
+  signin_internals->OnAuthenticationResultReceived("GCP");
+
+  // OneClickSigninSyncStarter will delete itself once done.
+  new OneClickSigninSyncStarter(
+      profile,
+      nullptr,  // Browser*
+      base::SysWideToUTF8(gaia_id),
+      base::SysWideToUTF8(email),
+      std::string(),  // password
+      refresh_token,
+      OneClickSigninSyncStarter::CURRENT_PROFILE,
+      OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS,
+      nullptr,  // WebContent*
+      OneClickSigninSyncStarter::CONFIRM_AFTER_SIGNIN,
+      GURL(),  // current_url
+      GURL(),  // continue_url
+      OneClickSigninSyncStarter::Callback());
+}
+
+}  // namespace
+
+#endif
+
 SigninManagerFactory::SigninManagerFactory()
     : BrowserContextKeyedServiceFactory(
         "SigninManager",
         BrowserContextDependencyManager::GetInstance()) {
+  DependsOn(AccountTrackerServiceFactory::GetInstance());
   DependsOn(ChromeSigninClientFactory::GetInstance());
   DependsOn(GaiaCookieManagerServiceFactory::GetInstance());
   DependsOn(ProfileOAuth2TokenServiceFactory::GetInstance());
-  DependsOn(AccountTrackerServiceFactory::GetInstance());
 }
 
 SigninManagerFactory::~SigninManagerFactory() {
 }
 
 #if defined(OS_CHROMEOS)
 // static
 SigninManagerBase* SigninManagerFactory::GetForProfileIfExists(
     Profile* profile) {
   return static_cast<SigninManagerBase*>(
@@ skipping 78 matching lines @@
       AccountTrackerServiceFactory::GetForProfile(profile));
 #else
   service = new SigninManager(
       client,
       ProfileOAuth2TokenServiceFactory::GetForProfile(profile),
       AccountTrackerServiceFactory::GetForProfile(profile),
       GaiaCookieManagerServiceFactory::GetForProfile(profile));
   AccountFetcherServiceFactory::GetForProfile(profile);
 #endif
   service->Initialize(g_browser_process->local_state());
+
+  // Check to see if auto signin information is available.  Only applies if:
+  //
+  //  - running on windows
+  //  - is an enterprise install
+  //  - this is first run
+  //  - opening the default profile (i.e. count==0 at this point)
+  //  - not already signed in
+#if defined(OS_WIN)
+  LOG(ERROR) << "\n\n*** rogerta: client_id="
+             << google_apis::GetOAuth2ClientID(google_apis::CLIENT_MAIN);
+
+  bool check_for_auto_signin = first_run::IsChromeFirstRun() &&
+      g_browser_process->profile_manager()->GetNumberOfProfiles() == 0 &&
+      /*base::win::IsEnrolledToDomain() &&*/ !service->IsAuthenticated();
+  LOG(ERROR) << "\n\n*** rogerta: check=" << check_for_auto_signin;
+  if (check_for_auto_signin) {
+    base::win::RegKey key;
+    LONG sts = key.Open(HKEY_CURRENT_USER, L"Software\\Google\\Accounts",
+                        KEY_READ);
+    if (sts == ERROR_SUCCESS) {
+      LOG(ERROR) << "\n\n*** rogerta: opened a/g/a";
+      base::win::RegistryKeyIterator it(key.Handle(), L"");
+      if (it.Valid() && it.SubkeyCount() > 0) {
+        LOG(ERROR) << "\n\n*** rogerta: subkey count=" << it.SubkeyCount();
+        base::win::RegKey key_account(key.Handle(), it.Name(), KEY_READ);
+        if (key_account.Valid()) {
+          base::string16 gaia_id = it.Name();
+          base::string16 email;
+          key_account.ReadValue(L"email", &email);
+          LOG(ERROR) << "\n\n*** rogerta: id=" << it.Name()
+                     << " email=" << email;
+
+          // Read the encrypted refresh token.  The data is stored in
+          // binary format.
+          std::string encrypted_refresh_token;
+          DWORD size = 0;
+          DWORD type;
+          if (key_account.ReadValue(L"refresh_token", nullptr, &size, &type)
+              == ERROR_SUCCESS) {
+            LOG(ERROR) << "\n\n*** rogerta: rt size=" << size;
+            encrypted_refresh_token.resize(size);
+            key_account.ReadValue(
+                L"refresh_token",
+                const_cast<char*>(encrypted_refresh_token.c_str()),
+                &size, &type);
+            LOG(ERROR) << "\n\n*** rogerta: rt type=" << type;
+            if (!gaia_id.empty() && !email.empty() && type == REG_BINARY &&
+                !encrypted_refresh_token.empty()) {
+              LOG(ERROR) << "\n\n*** rogerta: do autologin";
+              // Delay the OneClickSigninSyncStarter since it will try to get
+              // PKS pointers, and this won't work very from within this PKS
+              // factory function.
+              base::ThreadTaskRunnerHandle::Get()->PostTask(
+                  FROM_HERE,
+                  base::Bind(&StartOneClickSigninSyncStarter,
+                             profile, gaia_id, email,
+                             DecryptRefreshToken(encrypted_refresh_token)));
+            }
+          }
+        }
+      }
+    }
+  }
+#endif
+
   for (Observer& observer : observer_list_)
     observer.SigninManagerCreated(service);
   return service;
 }
 
 void SigninManagerFactory::BrowserContextShutdown(
     content::BrowserContext* context) {
   SigninManagerBase* manager = static_cast<SigninManagerBase*>(
       GetServiceForBrowserContext(context, false));
   if (manager) {
     for (Observer& observer : observer_list_)
       observer.SigninManagerShutdown(manager);
   }
   BrowserContextKeyedServiceFactory::BrowserContextShutdown(context);
 }