OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
11 #include "base/prefs/pref_service.h" | 11 #include "base/prefs/pref_service.h" |
12 #include "base/values.h" | 12 #include "base/values.h" |
13 #include "chrome/browser/browser_process.h" | 13 #include "chrome/browser/browser_process.h" |
14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
15 #include "chrome/browser/policy/browser_policy_connector.h" | 15 #include "chrome/browser/policy/browser_policy_connector.h" |
16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" | 16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" |
17 #include "chrome/common/pref_names.h" | 17 #include "chrome/common/pref_names.h" |
18 #include "chromeos/cryptohome/cryptohome_library.h" | |
19 #include "content/public/browser/browser_thread.h" | 18 #include "content/public/browser/browser_thread.h" |
20 #include "google_apis/gaia/gaia_urls.h" | 19 #include "google_apis/gaia/gaia_urls.h" |
21 #include "google_apis/gaia/google_service_auth_error.h" | 20 #include "google_apis/gaia/google_service_auth_error.h" |
22 | 21 |
23 namespace { | 22 namespace { |
24 const char kServiceScopeGetUserInfo[] = | 23 const char kServiceScopeGetUserInfo[] = |
25 "https://www.googleapis.com/auth/userinfo.email"; | 24 "https://www.googleapis.com/auth/userinfo.email"; |
26 } | 25 } |
27 | 26 |
28 namespace chromeos { | 27 namespace chromeos { |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 consumer_->OnGetTokenFailure(this, error_copy); | 199 consumer_->OnGetTokenFailure(this, error_copy); |
201 } else { | 200 } else { |
202 std::string access_token_copy = access_token_; | 201 std::string access_token_copy = access_token_; |
203 base::Time expiration_time_copy = expiration_time_; | 202 base::Time expiration_time_copy = expiration_time_; |
204 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); | 203 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); |
205 } | 204 } |
206 } | 205 } |
207 | 206 |
208 DeviceOAuth2TokenService::DeviceOAuth2TokenService( | 207 DeviceOAuth2TokenService::DeviceOAuth2TokenService( |
209 net::URLRequestContextGetter* getter, | 208 net::URLRequestContextGetter* getter, |
210 PrefService* local_state) | 209 PrefService* local_state, |
| 210 TokenEncryptor* token_encryptor) |
211 : refresh_token_is_valid_(false), | 211 : refresh_token_is_valid_(false), |
212 max_refresh_token_validation_retries_(3), | 212 max_refresh_token_validation_retries_(3), |
213 url_request_context_getter_(getter), | 213 url_request_context_getter_(getter), |
214 local_state_(local_state) { | 214 local_state_(local_state), |
| 215 token_encryptor_(token_encryptor) { |
215 } | 216 } |
216 | 217 |
217 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { | 218 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { |
218 } | 219 } |
219 | 220 |
220 void DeviceOAuth2TokenService::OnValidationComplete( | 221 void DeviceOAuth2TokenService::OnValidationComplete( |
221 bool refresh_token_is_valid) { | 222 bool refresh_token_is_valid) { |
222 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 223 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
223 refresh_token_is_valid_ = refresh_token_is_valid; | 224 refresh_token_is_valid_ = refresh_token_is_valid; |
224 } | 225 } |
225 | 226 |
226 // static | 227 // static |
227 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { | 228 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { |
228 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, | 229 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, |
229 std::string()); | 230 std::string()); |
230 } | 231 } |
231 | 232 |
232 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( | 233 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( |
233 const std::string& refresh_token) { | 234 const std::string& refresh_token) { |
234 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 235 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
235 std::string encrypted_refresh_token = | 236 std::string encrypted_refresh_token = |
236 CryptohomeLibrary::Get()->EncryptWithSystemSalt(refresh_token); | 237 token_encryptor_->EncryptWithSystemSalt(refresh_token); |
237 | 238 |
238 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, | 239 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, |
239 encrypted_refresh_token); | 240 encrypted_refresh_token); |
240 } | 241 } |
241 | 242 |
242 std::string DeviceOAuth2TokenService::GetRefreshToken( | 243 std::string DeviceOAuth2TokenService::GetRefreshToken( |
243 const std::string& account_id) { | 244 const std::string& account_id) { |
244 DCHECK_EQ(account_id, GetRobotAccountId()); | 245 DCHECK_EQ(account_id, GetRobotAccountId()); |
245 if (refresh_token_.empty()) { | 246 if (refresh_token_.empty()) { |
246 std::string encrypted_refresh_token = | 247 std::string encrypted_refresh_token = |
247 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); | 248 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); |
248 | 249 |
249 refresh_token_ = CryptohomeLibrary::Get()->DecryptWithSystemSalt( | 250 refresh_token_ = token_encryptor_->DecryptWithSystemSalt( |
250 encrypted_refresh_token); | 251 encrypted_refresh_token); |
251 } | 252 } |
252 return refresh_token_; | 253 return refresh_token_; |
253 } | 254 } |
254 | 255 |
255 std::string DeviceOAuth2TokenService::GetRobotAccountId() { | 256 std::string DeviceOAuth2TokenService::GetRobotAccountId() { |
256 policy::BrowserPolicyConnector* connector = | 257 policy::BrowserPolicyConnector* connector = |
257 g_browser_process->browser_policy_connector(); | 258 g_browser_process->browser_policy_connector(); |
258 if (connector) | 259 if (connector) |
259 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); | 260 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); |
(...skipping 11 matching lines...) Expand all Loading... |
271 return OAuth2TokenService::CreateRequest(consumer); | 272 return OAuth2TokenService::CreateRequest(consumer); |
272 | 273 |
273 // Substitute our own consumer to wait for refresh token validation. | 274 // Substitute our own consumer to wait for refresh token validation. |
274 scoped_ptr<ValidatingConsumer> validating_consumer( | 275 scoped_ptr<ValidatingConsumer> validating_consumer( |
275 new ValidatingConsumer(this, consumer)); | 276 new ValidatingConsumer(this, consumer)); |
276 validating_consumer->StartValidation(); | 277 validating_consumer->StartValidation(); |
277 return validating_consumer.PassAs<RequestImpl>(); | 278 return validating_consumer.PassAs<RequestImpl>(); |
278 } | 279 } |
279 | 280 |
280 } // namespace chromeos | 281 } // namespace chromeos |
OLD | NEW |