| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" | 5 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/prefs/pref_registry_simple.h" | 10 #include "base/prefs/pref_registry_simple.h" |
| 11 #include "base/prefs/pref_service.h" | 11 #include "base/prefs/pref_service.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "chrome/browser/browser_process.h" | 13 #include "chrome/browser/browser_process.h" |
| 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 15 #include "chrome/browser/chromeos/settings/token_encryptor.h" |
| 15 #include "chrome/browser/policy/browser_policy_connector.h" | 16 #include "chrome/browser/policy/browser_policy_connector.h" |
| 16 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" | 17 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h" |
| 17 #include "chrome/common/pref_names.h" | 18 #include "chrome/common/pref_names.h" |
| 18 #include "chromeos/cryptohome/cryptohome_library.h" | |
| 19 #include "content/public/browser/browser_thread.h" | 19 #include "content/public/browser/browser_thread.h" |
| 20 #include "google_apis/gaia/gaia_urls.h" | 20 #include "google_apis/gaia/gaia_urls.h" |
| 21 #include "google_apis/gaia/google_service_auth_error.h" | 21 #include "google_apis/gaia/google_service_auth_error.h" |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 const char kServiceScopeGetUserInfo[] = | 24 const char kServiceScopeGetUserInfo[] = |
| 25 "https://www.googleapis.com/auth/userinfo.email"; | 25 "https://www.googleapis.com/auth/userinfo.email"; |
| 26 } | 26 } |
| 27 | 27 |
| 28 namespace chromeos { | 28 namespace chromeos { |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 200 consumer_->OnGetTokenFailure(this, error_copy); | 200 consumer_->OnGetTokenFailure(this, error_copy); |
| 201 } else { | 201 } else { |
| 202 std::string access_token_copy = access_token_; | 202 std::string access_token_copy = access_token_; |
| 203 base::Time expiration_time_copy = expiration_time_; | 203 base::Time expiration_time_copy = expiration_time_; |
| 204 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); | 204 consumer_->OnGetTokenSuccess(this, access_token_copy, expiration_time_copy); |
| 205 } | 205 } |
| 206 } | 206 } |
| 207 | 207 |
| 208 DeviceOAuth2TokenService::DeviceOAuth2TokenService( | 208 DeviceOAuth2TokenService::DeviceOAuth2TokenService( |
| 209 net::URLRequestContextGetter* getter, | 209 net::URLRequestContextGetter* getter, |
| 210 PrefService* local_state) | 210 PrefService* local_state, |
| 211 TokenEncryptor* token_encryptor) |
| 211 : refresh_token_is_valid_(false), | 212 : refresh_token_is_valid_(false), |
| 212 max_refresh_token_validation_retries_(3), | 213 max_refresh_token_validation_retries_(3), |
| 213 url_request_context_getter_(getter), | 214 url_request_context_getter_(getter), |
| 214 local_state_(local_state) { | 215 local_state_(local_state), |
| 216 token_encryptor_(token_encryptor) { |
| 215 } | 217 } |
| 216 | 218 |
| 217 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { | 219 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() { |
| 218 } | 220 } |
| 219 | 221 |
| 220 void DeviceOAuth2TokenService::OnValidationComplete( | 222 void DeviceOAuth2TokenService::OnValidationComplete( |
| 221 bool refresh_token_is_valid) { | 223 bool refresh_token_is_valid) { |
| 222 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 224 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 223 refresh_token_is_valid_ = refresh_token_is_valid; | 225 refresh_token_is_valid_ = refresh_token_is_valid; |
| 224 } | 226 } |
| 225 | 227 |
| 226 // static | 228 // static |
| 227 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { | 229 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) { |
| 228 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, | 230 registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken, |
| 229 std::string()); | 231 std::string()); |
| 230 } | 232 } |
| 231 | 233 |
| 232 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( | 234 void DeviceOAuth2TokenService::SetAndSaveRefreshToken( |
| 233 const std::string& refresh_token) { | 235 const std::string& refresh_token) { |
| 234 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 236 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 235 std::string encrypted_refresh_token = | 237 std::string encrypted_refresh_token = |
| 236 CryptohomeLibrary::Get()->EncryptWithSystemSalt(refresh_token); | 238 token_encryptor_->EncryptWithSystemSalt(refresh_token); |
| 237 | 239 |
| 238 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, | 240 local_state_->SetString(prefs::kDeviceRobotAnyApiRefreshToken, |
| 239 encrypted_refresh_token); | 241 encrypted_refresh_token); |
| 240 } | 242 } |
| 241 | 243 |
| 242 std::string DeviceOAuth2TokenService::GetRefreshToken( | 244 std::string DeviceOAuth2TokenService::GetRefreshToken( |
| 243 const std::string& account_id) { | 245 const std::string& account_id) { |
| 244 DCHECK_EQ(account_id, GetRobotAccountId()); | 246 DCHECK_EQ(account_id, GetRobotAccountId()); |
| 245 if (refresh_token_.empty()) { | 247 if (refresh_token_.empty()) { |
| 246 std::string encrypted_refresh_token = | 248 std::string encrypted_refresh_token = |
| 247 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); | 249 local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken); |
| 248 | 250 |
| 249 refresh_token_ = CryptohomeLibrary::Get()->DecryptWithSystemSalt( | 251 refresh_token_ = token_encryptor_->DecryptWithSystemSalt( |
| 250 encrypted_refresh_token); | 252 encrypted_refresh_token); |
| 251 } | 253 } |
| 252 return refresh_token_; | 254 return refresh_token_; |
| 253 } | 255 } |
| 254 | 256 |
| 255 std::string DeviceOAuth2TokenService::GetRobotAccountId() { | 257 std::string DeviceOAuth2TokenService::GetRobotAccountId() { |
| 256 policy::BrowserPolicyConnector* connector = | 258 policy::BrowserPolicyConnector* connector = |
| 257 g_browser_process->browser_policy_connector(); | 259 g_browser_process->browser_policy_connector(); |
| 258 if (connector) | 260 if (connector) |
| 259 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); | 261 return connector->GetDeviceCloudPolicyManager()->GetRobotAccountId(); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 271 return OAuth2TokenService::CreateRequest(consumer); | 273 return OAuth2TokenService::CreateRequest(consumer); |
| 272 | 274 |
| 273 // Substitute our own consumer to wait for refresh token validation. | 275 // Substitute our own consumer to wait for refresh token validation. |
| 274 scoped_ptr<ValidatingConsumer> validating_consumer( | 276 scoped_ptr<ValidatingConsumer> validating_consumer( |
| 275 new ValidatingConsumer(this, consumer)); | 277 new ValidatingConsumer(this, consumer)); |
| 276 validating_consumer->StartValidation(); | 278 validating_consumer->StartValidation(); |
| 277 return validating_consumer.PassAs<RequestImpl>(); | 279 return validating_consumer.PassAs<RequestImpl>(); |
| 278 } | 280 } |
| 279 | 281 |
| 280 } // namespace chromeos | 282 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 25975002:
cryptohome: Move Encrypt/DecryptWithSystemSalt() out of CryptohomeLibrary (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src