OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
11 #include "base/prefs/pref_service.h" | 11 #include "base/prefs/pref_service.h" |
12 #include "base/values.h" | 12 #include "base/values.h" |
13 #include "chrome/browser/browser_process.h" | 13 #include "chrome/browser/browser_process.h" |
14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 15 #include "chrome/browser/chromeos/settings/token_encryptor.h" |
15 #include "chrome/browser/policy/browser_policy_connector.h" | 16 #include "chrome/browser/policy/browser_policy_connector.h" |
16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" | 17 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" |
17 #include "chrome/common/pref_names.h" | 18 #include "chrome/common/pref_names.h" |
18 #include "chromeos/cryptohome/cryptohome_library.h" | |
19 #include "content/public/browser/browser_thread.h" | 19 #include "content/public/browser/browser_thread.h" |
20 #include "google_apis/gaia/gaia_urls.h" | 20 #include "google_apis/gaia/gaia_urls.h" |
21 #include "google_apis/gaia/google_service_auth_error.h" | 21 #include "google_apis/gaia/google_service_auth_error.h" |
22 | 22 |
23 namespace { | 23 namespace { |
24 const char kServiceScopeGetUserInfo[] = | 24 const char kServiceScopeGetUserInfo[] = |
25 "https://www.googleapis.com/auth/userinfo.email"; | 25 "https://www.googleapis.com/auth/userinfo.email"; |
26 } | 26 } |
27 | 27 |
28 namespace chromeos { | 28 namespace chromeos { |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 consumer_->OnGetTokenFailure(this, error_copy); | 200 consumer_->OnGetTokenFailure(this, error_copy); |
201 } else { | 201 } else { |
202 std::string access_token_copy = access_token_; | 202 std::string access_token_copy = access_token_; |
203 base::Time expiration_time_copy = expiration_time_; | 203 base::Time expiration_time_copy = expiration_time_; |
204 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); | 204 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); |
205 } | 205 } |
206 } | 206 } |
207 | 207 |
208 DeviceOAuth2TokenService::DeviceOAuth2TokenService( | 208 DeviceOAuth2TokenService::DeviceOAuth2TokenService( |
209 net::URLRequestContextGetter* getter, | 209 net::URLRequestContextGetter* getter, |
210 PrefService* local_state) | 210 PrefService* local_state, |
| 211 TokenEncryptor* token_encryptor) |
211 : refresh_token_is_valid_(false), | 212 : refresh_token_is_valid_(false), |
212 max_refresh_token_validation_retries_(3), | 213 max_refresh_token_validation_retries_(3), |
213 url_request_context_getter_(getter), | 214 url_request_context_getter_(getter), |
214 local_state_(local_state) { | 215 local_state_(local_state), |
| 216 token_encryptor_(token_encryptor) { |
215 } | 217 } |
216 | 218 |
217 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { | 219 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { |
218 } | 220 } |
219 | 221 |
220 void DeviceOAuth2TokenService::OnValidationComplete( | 222 void DeviceOAuth2TokenService::OnValidationComplete( |
221 bool refresh_token_is_valid) { | 223 bool refresh_token_is_valid) { |
222 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 224 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
223 refresh_token_is_valid_ = refresh_token_is_valid; | 225 refresh_token_is_valid_ = refresh_token_is_valid; |
224 } | 226 } |
225 | 227 |
226 // static | 228 // static |
227 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { | 229 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { |
228 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, | 230 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, |
229 std::string()); | 231 std::string()); |
230 } | 232 } |
231 | 233 |
232 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( | 234 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( |
233 const std::string& refresh_token) { | 235 const std::string& refresh_token) { |
234 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 236 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
235 std::string encrypted_refresh_token = | 237 std::string encrypted_refresh_token = |
236 CryptohomeLibrary::Get()->EncryptWithSystemSalt(refresh_token); | 238 token_encryptor_->EncryptWithSystemSalt(refresh_token); |
237 | 239 |
238 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, | 240 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, |
239 encrypted_refresh_token); | 241 encrypted_refresh_token); |
240 } | 242 } |
241 | 243 |
242 std::string DeviceOAuth2TokenService::GetRefreshToken( | 244 std::string DeviceOAuth2TokenService::GetRefreshToken( |
243 const std::string& account_id) { | 245 const std::string& account_id) { |
244 DCHECK_EQ(account_id, GetRobotAccountId()); | 246 DCHECK_EQ(account_id, GetRobotAccountId()); |
245 if (refresh_token_.empty()) { | 247 if (refresh_token_.empty()) { |
246 std::string encrypted_refresh_token = | 248 std::string encrypted_refresh_token = |
247 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); | 249 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); |
248 | 250 |
249 refresh_token_ = CryptohomeLibrary::Get()->DecryptWithSystemSalt( | 251 refresh_token_ = token_encryptor_->DecryptWithSystemSalt( |
250 encrypted_refresh_token); | 252 encrypted_refresh_token); |
251 } | 253 } |
252 return refresh_token_; | 254 return refresh_token_; |
253 } | 255 } |
254 | 256 |
255 std::string DeviceOAuth2TokenService::GetRobotAccountId() { | 257 std::string DeviceOAuth2TokenService::GetRobotAccountId() { |
256 policy::BrowserPolicyConnector* connector = | 258 policy::BrowserPolicyConnector* connector = |
257 g_browser_process->browser_policy_connector(); | 259 g_browser_process->browser_policy_connector(); |
258 if (connector) | 260 if (connector) |
259 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); | 261 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); |
(...skipping 11 matching lines...) Expand all Loading... |
271 return OAuth2TokenService::CreateRequest(consumer); | 273 return OAuth2TokenService::CreateRequest(consumer); |
272 | 274 |
273 // Substitute our own consumer to wait for refresh token validation. | 275 // Substitute our own consumer to wait for refresh token validation. |
274 scoped_ptr<ValidatingConsumer> validating_consumer( | 276 scoped_ptr<ValidatingConsumer> validating_consumer( |
275 new ValidatingConsumer(this, consumer)); | 277 new ValidatingConsumer(this, consumer)); |
276 validating_consumer->StartValidation(); | 278 validating_consumer->StartValidation(); |
277 return validating_consumer.PassAs<RequestImpl>(); | 279 return validating_consumer.PassAs<RequestImpl>(); |
278 } | 280 } |
279 | 281 |
280 } // namespace chromeos | 282 } // namespace chromeos |
OLD | NEW |