Factor out authorization from AudioRendererHost.

content/browser/renderer_host/media/audio_output_authorization_handler.h

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This class implements authorization checking for AudioRendererHost.
+#ifndef CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H_
+#define CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H_
+
+#include <memory>
+#include <string>
+#include <utility>
+
+#include "base/callback_forward.h"
+#include "base/memory/weak_ptr.h"
+#include "content/browser/media/media_devices_permission_checker.h"
+#include "content/browser/renderer_host/media/media_stream_manager.h"
+#include "media/audio/audio_device_description.h"
+#include "media/audio/audio_manager.h"
+#include "media/base/audio_parameters.h"
+#include "media/base/output_device_info.h"
+
+namespace content {
+
+// This class, which lives on the IO thread, handles the logic of an IPC device
+// request from the renderer. It checks which device to use (in case of using
+// session_id to select device), verifies that the renderer is authorized to use
+// the device, and gets the default device parameters for the selected audio
+// device.
+class CONTENT_EXPORT AudioOutputAuthorizationHandler {
+ public:
+  // TODO(maxmorin): Change to OnceCallback once base:: code is ready for it.
+  using AuthorizationCompletedCallback =
+      base::Callback<void(media::OutputDeviceStatus status,
+                          const media::AudioParameters& params,
+                          const std::string& translated_device_id)>;
+
+  AudioOutputAuthorizationHandler(MediaStreamManager* media_stream_manager,
+                                  int render_process_id_,
+                                  const std::string& salt);
+
+  ~AudioOutputAuthorizationHandler();
+
+  // Checks authorization of the device with the hashed id device_id for the
+  // given render frame id and security origin, or uses session_id for
+  // authorization. Looks up device id (if session_id is used for device
+  // selection) and default device parameters. |cb| will be called with the
+  // result by |this| on the IO thread. The device_id returned in the callback
+  // will be translated, i.e. not hashed.

[Guido Urdaneta, 2016/11/10 15:26:05]

remove "i.e. not hashed".

"translated" is precise and clear. the "not hashed"  part adds confusion because
the translated ID is actually hashed.

[Max Morin, 2016/11/11 09:26:55]

It is translated from hashed to non-hashed. The ARH needs the raw id for opening
the audio stream, and hashes it before sending it to the renderer. It also only
sends it to the renderer in case session_id is used since the renderer depends
on this behavior (this logic is in ARH).

+  void RequestDeviceAuthorization(int render_frame_id,
+                                  int session_id,
+                                  const std::string& device_id,
+                                  const url::Origin& security_origin,
+                                  AuthorizationCompletedCallback cb) const;
+
+  void OverridePermissionsForTesting(bool override_value);
+
+ private:
+  // A simplified overview of implementation:
+  // RequestDeviceAuthorization:
+  //   Check if session_id should be used. If yes, fetch saved device and
+  //   parameters and we can skip to DeviceParametersRecieved. Otherwise,
+  //   check whether the renderer has access to the output device
+  //   (async in case of a nondefault device). Result goes to AccessChecked.
+  // AccessChecked:
+  //   Queries audio parameters for default devices and calls
+  //   DeviceParametersRecieved. Nondefault devices go
+  //   through TranslateDeviceID.
+  // TranslateDeviceID:
+  //   Checks which raw device id corresponds to the hashed device_id,
+  //   and then gets default parameters for it and calls
+  //   DeviceParametersRecieved with the parameters and the translated id.
+  // DeviceParametersRecieved:
+  //   Returns by calling the callback.
+  //
+  // This sequence of calls can be broken at various places, e.g. if access
+  // rights are missing or the device cannot be found. In this case, a non-Ok
+  // status indicating the error is returned through the callback.
+
+  void AccessChecked(AuthorizationCompletedCallback cb,
+                     const std::string& device_id,
+                     const url::Origin& security_origin,
+                     bool have_access) const;
+
+  void TranslateDeviceID(AuthorizationCompletedCallback cb,
+                         const std::string& device_id,
+                         const url::Origin& security_origin,
+                         const MediaDeviceEnumeration& enumeration) const;
+
+  void DeviceParametersReceived(
+      AuthorizationCompletedCallback cb,
+      const std::string& translated_device_id,
+      const media::AudioParameters& output_params) const;
+
+  MediaStreamManager* const media_stream_manager_;
+  std::unique_ptr<MediaDevicesPermissionChecker> permission_checker_;
+  const int render_process_id_;
+  const std::string salt_;
+  // All access is on IO thread, and taking a weak pointer to const looks
+  // const, so this can be mutable.
+  mutable base::WeakPtrFactory<const AudioOutputAuthorizationHandler>
+      weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(AudioOutputAuthorizationHandler);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H_