Factor out authorization from AudioRendererHost.

content/browser/renderer_host/media/audio_output_authorization_handler.h

Index: content/browser/renderer_host/media/audio_output_authorization_handler.h
diff --git a/content/browser/renderer_host/media/audio_output_authorization_handler.h b/content/browser/renderer_host/media/audio_output_authorization_handler.h
new file mode 100644
index 0000000000000000000000000000000000000000..9b761257ee5d32973b46d2b82f4b616c7b03d3e1
--- /dev/null
+++ b/content/browser/renderer_host/media/audio_output_authorization_handler.h
@@ -0,0 +1,118 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This class implements authorization checking for AudioRendererHost.
+#ifndef CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H_
+#define CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H_
+
+#include <memory>
+#include <string>
+#include <utility>
+
+#include "base/callback_forward.h"
+#include "base/memory/weak_ptr.h"
+#include "content/browser/media/media_devices_permission_checker.h"
+#include "content/browser/renderer_host/media/media_stream_manager.h"
+#include "media/audio/audio_device_description.h"
+#include "media/audio/audio_manager.h"
+#include "media/base/audio_parameters.h"
+#include "media/base/output_device_info.h"
+
+namespace content {
+
+// This class, which lives on the IO thread, handles the logic of an IPC device
+// request from the renderer. It checks which device to use (in case of using
+// session_id to select device), verifies that the renderer is authorized to use
+// the device, and gets the default device parameters for the selected audio
+// device.
+class CONTENT_EXPORT AudioOutputAuthorizationHandler {
+ public:
+  // The result of an authorization check. In addition to the status,
+  // it indicates whether a device was found using the session_id in the
+  // variable should_send_id, in which case the renderer expects to get the id
+  // hash. It also has the default audio parameters for the device, and the id
+  // for the device, which is needed to open a stream for the device. This id
+  // is not hashed, so it must be hashed before sending it to the renderer.
+  // TODO(maxmorin): Change to OnceCallback once base:: code is ready for it.
+  using AuthorizationCompletedCallback =
+      base::Callback<void(media::OutputDeviceStatus status,
+                          bool should_send_id,
+                          const media::AudioParameters& params,
+                          const std::string& raw_device_id)>;
+
+  AudioOutputAuthorizationHandler(MediaStreamManager* media_stream_manager,
+                                  int render_process_id_,
+                                  const std::string& salt);
+
+  ~AudioOutputAuthorizationHandler();
+
+  // Checks authorization of the device with the hashed id device_id for the
+  // given render frame id and security origin, or uses session_id for
+  // authorization. Looks up device id (if session_id is used for device
+  // selection) and default device parameters.
+  void RequestDeviceAuthorization(int render_frame_id,
+                                  int session_id,
+                                  const std::string& device_id,
+                                  const url::Origin& security_origin,
+                                  AuthorizationCompletedCallback cb) const;
+
+  // Calling this method will make the checks for permission from the user
+  // always return |override_value|.
+  void OverridePermissionsForTesting(bool override_value);
+
+ private:
+  // The comments give a simplified overview of implementation. The sequence of
+  // calls can be broken at various places, e.g. if access rights are missing or
+  // the device cannot be found. In this case, a non-ok status indicating the
+  // error is returned through the callback.
+
+  // RequestDeviceAuthorization will check if |session_id| should be used. If
+  // yes, fetch saved device and parameters and skip to
+  // DeviceParametersRecieved. Otherwise, check whether the renderer has access
+  // to the output device (async in case of a nondefault device). Result goes to
+  // AccessChecked.
+
+  // Calls GetDeviceParameters for default devices. Nondefault devices first
+  // goes to TranslateDeviceId.
+  void AccessChecked(AuthorizationCompletedCallback cb,
+                     const std::string& device_id,
+                     const url::Origin& security_origin,
+                     bool have_access) const;

[o1ka, 2016/11/16 15:11:28]

has_access?

[Max Morin, 2016/11/16 15:54:36]

Fixed. I'm surprised the compiler doesn't warn about the difference in h and cc
file.

+
+  // Takes the |device_id|,which is hashed, and finds the corresponding raw
+  // device id. After that, it calls GetDeviceParameters with the result.

[o1ka, 2016/11/16 15:11:28]

Agree with Guido: we don;t need a description of what's happening in the
function. Juts clarify what device_id it expects: raw or hashed.

[Max Morin, 2016/11/16 15:54:36]

Done.

+  void TranslateDeviceID(AuthorizationCompletedCallback cb,
+                         const std::string& device_id,
+                         const url::Origin& security_origin,
+                         const MediaDeviceEnumeration& enumeration) const;
+
+  // Takes a raw device id and gets the default device parameters for the device
+  // from the OS. Calls DeviceParametersReceived.
+  void GetDeviceParameters(AuthorizationCompletedCallback cb,
+                           const std::string& raw_device_id) const;
+
+  // Returns by calling the callback. |should_send_id| indicates whether the
+  // renderer expects to get the chosen id back, which is the case if a device
+  // was found using a session id.
+  void DeviceParametersReceived(
+      AuthorizationCompletedCallback cb,
+      bool should_send_id,
+      const std::string& raw_device_id,
+      const media::AudioParameters& output_params) const;
+
+  MediaStreamManager* const media_stream_manager_;
+  std::unique_ptr<MediaDevicesPermissionChecker> permission_checker_;
+  const int render_process_id_;
+  const std::string salt_;
+  // All access is on the IO thread, and taking a weak pointer to const looks
+  // const, so this can be mutable.
+  mutable base::WeakPtrFactory<const AudioOutputAuthorizationHandler>
+      weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(AudioOutputAuthorizationHandler);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_RENDERER_HOST_MEDIA_AUDIO_OUTPUT_AUTHORIZATION_HANDLER_H_