device_oauth2_token_service.h revision eb525c5499e34cc9c4b825d6d9e75bb07cc06ace 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
7
8#include <set>
9#include <string>
10
11#include "base/basictypes.h"
12#include "base/gtest_prod_util.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/stl_util.h"
15#include "base/time/time.h"
16#include "chrome/browser/signin/oauth2_token_service.h"
17#include "google_apis/gaia/gaia_oauth_client.h"
18#include "net/url_request/url_request_context_getter.h"
19
20namespace net {
21class URLRequestContextGetter;
22}
23
24class GoogleServiceAuthError;
25class PrefRegistrySimple;
26class PrefService;
27class Profile;
28
29namespace chromeos {
30
31// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given
32// set of scopes using the device-level OAuth2 any-api refresh token
33// obtained during enterprise device enrollment.
34//
35// See |OAuth2TokenService| for usage details.
36//
37// Note that requests must be made from the UI thread.
38class DeviceOAuth2TokenService : public OAuth2TokenService {
39 public:
40  // Specialization of StartRequest that in parallel validates that the refresh
41  // token stored on the device is owned by the device service account.
42  virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes,
43                                           Consumer* consumer) OVERRIDE;
44
45  // Persist the given refresh token on the device.  Overwrites any previous
46  // value.  Should only be called during initial device setup.
47  void SetAndSaveRefreshToken(const std::string& refresh_token);
48
49  static void RegisterPrefs(PrefRegistrySimple* registry);
50
51  virtual std::string GetRefreshToken() OVERRIDE;
52
53 protected:
54  // Pull the robot account ID from device policy.
55  virtual std::string GetRobotAccountId();
56
57 private:
58  class ValidatingConsumer;
59  friend class ValidatingConsumer;
60  friend class DeviceOAuth2TokenServiceFactory;
61  friend class DeviceOAuth2TokenServiceTest;
62  friend class TestDeviceOAuth2TokenService;
63
64  // Use DeviceOAuth2TokenServiceFactory to get an instance of this class.
65  explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter,
66                                    PrefService* local_state);
67  virtual ~DeviceOAuth2TokenService();
68
69  void OnValidationComplete(ValidatingConsumer* validator, bool token_is_valid);
70
71  bool refresh_token_is_valid_;
72  int max_refresh_token_validation_retries_;
73
74  scoped_ptr<std::set<ValidatingConsumer*> > pending_validators_;
75
76  // Cache the decrypted refresh token, so we only decrypt once.
77  std::string refresh_token_;
78  PrefService* local_state_;
79  DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService);
80};
81
82}  // namespace chromeos
83
84#endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_
85