device_oauth2_token_service.h revision f2477e01787aa58f445919b809d89e252beef54f
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 6#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 7 8#include <set> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/gtest_prod_util.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/memory/weak_ptr.h" 15#include "base/stl_util.h" 16#include "base/time/time.h" 17#include "google_apis/gaia/gaia_oauth_client.h" 18#include "google_apis/gaia/oauth2_token_service.h" 19#include "net/url_request/url_request_context_getter.h" 20 21namespace net { 22class URLRequestContextGetter; 23} 24 25class GoogleServiceAuthError; 26class PrefRegistrySimple; 27class PrefService; 28class Profile; 29 30namespace chromeos { 31 32class TokenEncryptor; 33 34// DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given 35// set of scopes using the device-level OAuth2 any-api refresh token 36// obtained during enterprise device enrollment. 37// 38// See |OAuth2TokenService| for usage details. 39// 40// When using DeviceOAuth2TokenSerivce, a value of |GetRobotAccountId| should 41// be used in places where API expects |account_id|. 42// 43// Note that requests must be made from the UI thread. 44class DeviceOAuth2TokenService : public OAuth2TokenService { 45 public: 46 // Persist the given refresh token on the device. Overwrites any previous 47 // value. Should only be called during initial device setup. Returns false 48 // if there was an error encrypting and persisting the value, else true. 49 bool SetAndSaveRefreshToken(const std::string& refresh_token); 50 51 static void RegisterPrefs(PrefRegistrySimple* registry); 52 53 // Gets the refresh token used by the service. |account_id| is expected to be 54 // a value of |GetRobotAccountId|. 55 virtual std::string GetRefreshToken(const std::string& account_id) OVERRIDE; 56 57 // Pull the robot account ID from device policy. 58 virtual std::string GetRobotAccountId(); 59 60 protected: 61 // Implementation of OAuth2TokenService. 62 virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE; 63 virtual scoped_ptr<OAuth2TokenService::RequestImpl> CreateRequest( 64 const std::string& account_id, 65 OAuth2TokenService::Consumer* consumer) OVERRIDE; 66 67 private: 68 class ValidatingConsumer; 69 friend class ValidatingConsumer; 70 friend class DeviceOAuth2TokenServiceFactory; 71 friend class DeviceOAuth2TokenServiceTest; 72 friend class TestDeviceOAuth2TokenService; 73 74 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. 75 // Ownership of |token_encryptor| will be taken. 76 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 77 PrefService* local_state, 78 TokenEncryptor* token_encryptor); 79 virtual ~DeviceOAuth2TokenService(); 80 81 void OnValidationComplete(bool token_is_valid); 82 83 bool refresh_token_is_valid_; 84 int max_refresh_token_validation_retries_; 85 86 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; 87 88 // Cache the decrypted refresh token, so we only decrypt once. 89 std::string refresh_token_; 90 PrefService* local_state_; 91 92 // Used to encrypt/decrypt the refresh token. 93 scoped_ptr<TokenEncryptor> token_encryptor_; 94 95 base::WeakPtrFactory<DeviceOAuth2TokenService> weak_ptr_factory_; 96 97 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); 98}; 99 100} // namespace chromeos 101 102#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 103