device_oauth2_token_service.h revision eb525c5499e34cc9c4b825d6d9e75bb07cc06ace
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 7 8#include <set> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/gtest_prod_util.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/stl_util.h" 15#include "base/time/time.h" 16#include "chrome/browser/signin/oauth2_token_service.h" 17#include "google_apis/gaia/gaia_oauth_client.h" 18#include "net/url_request/url_request_context_getter.h" 19 20namespace net { 21class URLRequestContextGetter; 22} 23 24class GoogleServiceAuthError; 25class PrefRegistrySimple; 26class PrefService; 27class Profile; 28 29namespace chromeos { 30 31// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given 32// set of scopes using the device-level OAuth2 any-api refresh token 33// obtained during enterprise device enrollment. 34// 35// See |OAuth2TokenService| for usage details. 36// 37// Note that requests must be made from the UI thread. 38class DeviceOAuth2TokenService : public OAuth2TokenService { 39 public: 40 // Specialization of StartRequest that in parallel validates that the refresh 41 // token stored on the device is owned by the device service account. 42 virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes, 43 Consumer* consumer) OVERRIDE; 44 45 // Persist the given refresh token on the device. Overwrites any previous 46 // value. Should only be called during initial device setup. 47 void SetAndSaveRefreshToken(const std::string& refresh_token); 48 49 static void RegisterPrefs(PrefRegistrySimple* registry); 50 51 virtual std::string GetRefreshToken() OVERRIDE; 52 53 protected: 54 // Pull the robot account ID from device policy. 55 virtual std::string GetRobotAccountId(); 56 57 private: 58 class ValidatingConsumer; 59 friend class ValidatingConsumer; 60 friend class DeviceOAuth2TokenServiceFactory; 61 friend class DeviceOAuth2TokenServiceTest; 62 friend class TestDeviceOAuth2TokenService; 63 64 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. 65 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 66 PrefService* local_state); 67 virtual ~DeviceOAuth2TokenService(); 68 69 void OnValidationComplete(ValidatingConsumer* validator, bool token_is_valid); 70 71 bool refresh_token_is_valid_; 72 int max_refresh_token_validation_retries_; 73 74 scoped_ptr<std::set<ValidatingConsumer*> > pending_validators_; 75 76 // Cache the decrypted refresh token, so we only decrypt once. 77 std::string refresh_token_; 78 PrefService* local_state_; 79 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); 80}; 81 82} // namespace chromeos 83 84#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 85