device_oauth2_token_service.h revision 1e9bf3e0803691d0a228da41fc608347b6db4340
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
7
8#include <set>
9#include <string>
10
11#include "base/basictypes.h"
12#include "base/gtest_prod_util.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/memory/weak_ptr.h"
15#include "base/stl_util.h"
16#include "base/time/time.h"
17#include "google_apis/gaia/gaia_oauth_client.h"
18#include "google_apis/gaia/oauth2_token_service.h"
19#include "net/url_request/url_request_context_getter.h"
20
21namespace net {
22class URLRequestContextGetter;
23}
24
25class GoogleServiceAuthError;
26class PrefRegistrySimple;
27class PrefService;
28class Profile;
29
30namespace chromeos {
31
32class TokenEncryptor;
33
34// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given
35// set of scopes using the device-level OAuth2 any-api refresh token
36// obtained during enterprise device enrollment.
37//
38// See |OAuth2TokenService| for usage details.
39//
40// When using DeviceOAuth2TokenSerivce, a value of |GetRobotAccountId| should
41// be used in places where API expects |account_id|.
42//
43// Note that requests must be made from the UI thread.
44class DeviceOAuth2TokenService : public OAuth2TokenService {
45 public:
46  // Persist the given refresh token on the device.  Overwrites any previous
47  // value.  Should only be called during initial device setup.  Returns false
48  // if there was an error encrypting and persisting the value, else true.
49  bool SetAndSaveRefreshToken(const std::string& refresh_token);
50
51  static void RegisterPrefs(PrefRegistrySimple* registry);
52
53  // Gets the refresh token used by the service. |account_id| is expected to be
54  // a value of |GetRobotAccountId|.
55  virtual std::string GetRefreshToken(const std::string& account_id) OVERRIDE;
56
57  // Pull the robot account ID from device policy.
58  virtual std::string GetRobotAccountId();
59
60 protected:
61  // Implementation of OAuth2TokenService.
62  virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE;
63  virtual scoped_ptr<OAuth2TokenService::RequestImpl> CreateRequest(
64      OAuth2TokenService::Consumer* consumer) OVERRIDE;
65
66 private:
67  class ValidatingConsumer;
68  friend class ValidatingConsumer;
69  friend class DeviceOAuth2TokenServiceFactory;
70  friend class DeviceOAuth2TokenServiceTest;
71  friend class TestDeviceOAuth2TokenService;
72
73  // Use DeviceOAuth2TokenServiceFactory to get an instance of this class.
74  // Ownership of |token_encryptor| will be taken.
75  explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter,
76                                    PrefService* local_state,
77                                    TokenEncryptor* token_encryptor);
78  virtual ~DeviceOAuth2TokenService();
79
80  void OnValidationComplete(bool token_is_valid);
81
82  bool refresh_token_is_valid_;
83  int max_refresh_token_validation_retries_;
84
85  scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_;
86
87  // Cache the decrypted refresh token, so we only decrypt once.
88  std::string refresh_token_;
89  PrefService* local_state_;
90
91  // Used to encrypt/decrypt the refresh token.
92  scoped_ptr<TokenEncryptor> token_encryptor_;
93
94  base::WeakPtrFactory<DeviceOAuth2TokenService> weak_ptr_factory_;
95
96  DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService);
97};
98
99}  // namespace chromeos
100
101#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
102