| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| 11 #include "base/prefs/pref_service.h" | 11 #include "base/prefs/pref_service.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "chrome/browser/browser_process.h" | 13 #include "chrome/browser/browser_process.h" |
| 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 15 #include "chrome/browser/policy/browser_policy_connector.h" | 15 #include "chrome/browser/policy/browser_policy_connector.h" |
| 16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" | 16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" |
| 17 #include "chrome/common/pref_names.h" | 17 #include "chrome/common/pref_names.h" |
| 18 #include "chromeos/cryptohome/cryptohome_library.h" | |
| 19 #include "content/public/browser/browser_thread.h" | 18 #include "content/public/browser/browser_thread.h" |
| 20 #include "google_apis/gaia/gaia_urls.h" | 19 #include "google_apis/gaia/gaia_urls.h" |
| 21 #include "google_apis/gaia/google_service_auth_error.h" | 20 #include "google_apis/gaia/google_service_auth_error.h" |
| 22 | 21 |
| 23 namespace { | 22 namespace { |
| 24 const char kServiceScopeGetUserInfo[] = | 23 const char kServiceScopeGetUserInfo[] = |
| 25 "https://www.googleapis.com/auth/userinfo.email"; | 24 "https://www.googleapis.com/auth/userinfo.email"; |
| 26 } | 25 } |
| 27 | 26 |
| 28 namespace chromeos { | 27 namespace chromeos { |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 200 consumer_->OnGetTokenFailure(this, error_copy); | 199 consumer_->OnGetTokenFailure(this, error_copy); |
| 201 } else { | 200 } else { |
| 202 std::string access_token_copy = access_token_; | 201 std::string access_token_copy = access_token_; |
| 203 base::Time expiration_time_copy = expiration_time_; | 202 base::Time expiration_time_copy = expiration_time_; |
| 204 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); | 203 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); |
| 205 } | 204 } |
| 206 } | 205 } |
| 207 | 206 |
| 208 DeviceOAuth2TokenService::DeviceOAuth2TokenService( | 207 DeviceOAuth2TokenService::DeviceOAuth2TokenService( |
| 209 net::URLRequestContextGetter* getter, | 208 net::URLRequestContextGetter* getter, |
| 210 PrefService* local_state) | 209 PrefService* local_state, |
| 210 TokenEncryptor* token_encryptor) |
| 211 : refresh_token_is_valid_(false), | 211 : refresh_token_is_valid_(false), |
| 212 max_refresh_token_validation_retries_(3), | 212 max_refresh_token_validation_retries_(3), |
| 213 url_request_context_getter_(getter), | 213 url_request_context_getter_(getter), |
| 214 local_state_(local_state) { | 214 local_state_(local_state), |
| 215 token_encryptor_(token_encryptor) { |
| 215 } | 216 } |
| 216 | 217 |
| 217 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { | 218 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { |
| 218 } | 219 } |
| 219 | 220 |
| 220 void DeviceOAuth2TokenService::OnValidationComplete( | 221 void DeviceOAuth2TokenService::OnValidationComplete( |
| 221 bool refresh_token_is_valid) { | 222 bool refresh_token_is_valid) { |
| 222 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 223 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 223 refresh_token_is_valid_ = refresh_token_is_valid; | 224 refresh_token_is_valid_ = refresh_token_is_valid; |
| 224 } | 225 } |
| 225 | 226 |
| 226 // static | 227 // static |
| 227 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { | 228 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { |
| 228 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, | 229 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, |
| 229 std::string()); | 230 std::string()); |
| 230 } | 231 } |
| 231 | 232 |
| 232 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( | 233 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( |
| 233 const std::string& refresh_token) { | 234 const std::string& refresh_token) { |
| 234 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 235 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 235 std::string encrypted_refresh_token = | 236 std::string encrypted_refresh_token = |
| 236 CryptohomeLibrary::Get()->EncryptWithSystemSalt(refresh_token); | 237 token_encryptor_->EncryptWithSystemSalt(refresh_token); |
| 237 | 238 |
| 238 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, | 239 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, |
| 239 encrypted_refresh_token); | 240 encrypted_refresh_token); |
| 240 } | 241 } |
| 241 | 242 |
| 242 std::string DeviceOAuth2TokenService::GetRefreshToken( | 243 std::string DeviceOAuth2TokenService::GetRefreshToken( |
| 243 const std::string& account_id) { | 244 const std::string& account_id) { |
| 244 DCHECK_EQ(account_id, GetRobotAccountId()); | 245 DCHECK_EQ(account_id, GetRobotAccountId()); |
| 245 if (refresh_token_.empty()) { | 246 if (refresh_token_.empty()) { |
| 246 std::string encrypted_refresh_token = | 247 std::string encrypted_refresh_token = |
| 247 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); | 248 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); |
| 248 | 249 |
| 249 refresh_token_ = CryptohomeLibrary::Get()->DecryptWithSystemSalt( | 250 refresh_token_ = token_encryptor_->DecryptWithSystemSalt( |
| 250 encrypted_refresh_token); | 251 encrypted_refresh_token); |
| 251 } | 252 } |
| 252 return refresh_token_; | 253 return refresh_token_; |
| 253 } | 254 } |
| 254 | 255 |
| 255 std::string DeviceOAuth2TokenService::GetRobotAccountId() { | 256 std::string DeviceOAuth2TokenService::GetRobotAccountId() { |
| 256 policy::BrowserPolicyConnector* connector = | 257 policy::BrowserPolicyConnector* connector = |
| 257 g_browser_process->browser_policy_connector(); | 258 g_browser_process->browser_policy_connector(); |
| 258 if (connector) | 259 if (connector) |
| 259 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); | 260 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 271 return OAuth2TokenService::CreateRequest(consumer); | 272 return OAuth2TokenService::CreateRequest(consumer); |
| 272 | 273 |
| 273 // Substitute our own consumer to wait for refresh token validation. | 274 // Substitute our own consumer to wait for refresh token validation. |
| 274 scoped_ptr<ValidatingConsumer> validating_consumer( | 275 scoped_ptr<ValidatingConsumer> validating_consumer( |
| 275 new ValidatingConsumer(this, consumer)); | 276 new ValidatingConsumer(this, consumer)); |
| 276 validating_consumer->StartValidation(); | 277 validating_consumer->StartValidation(); |
| 277 return validating_consumer.PassAs<RequestImpl>(); | 278 return validating_consumer.PassAs<RequestImpl>(); |
| 278 } | 279 } |
| 279 | 280 |
| 280 } // namespace chromeos | 281 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 25975002:
cryptohome: Move Encrypt/DecryptWithSystemSalt() out of CryptohomeLibrary (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src