1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 7 8 #include <set> 9 #include <string> 10 11 #include "base/basictypes.h" 12 #include "base/gtest_prod_util.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/stl_util.h" 15 #include "base/time/time.h" 16 #include "chrome/browser/signin/oauth2_token_service.h" 17 #include "google_apis/gaia/gaia_oauth_client.h" 18 #include "net/url_request/url_request_context_getter.h" 19 20 namespace net { 21 class URLRequestContextGetter; 22 } 23 24 class GoogleServiceAuthError; 25 class PrefRegistrySimple; 26 class PrefService; 27 class Profile; 28 29 namespace chromeos { 30 31 // DeviceOAuth2TokenService retrieves OAuth2 access tokens for a given 32 // set of scopes using the device-level OAuth2 any-api refresh token 33 // obtained during enterprise device enrollment. 34 // 35 // See |OAuth2TokenService| for usage details. 36 // 37 // Note that requests must be made from the UI thread. 38 class DeviceOAuth2TokenService : public OAuth2TokenService { 39 public: 40 // Specialization of StartRequest that in parallel validates that the refresh 41 // token stored on the device is owned by the device service account. 42 virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes, 43 Consumer* consumer) OVERRIDE; 44 45 // Persist the given refresh token on the device. Overwrites any previous 46 // value. Should only be called during initial device setup. 47 void SetAndSaveRefreshToken(const std::string& refresh_token); 48 49 static void RegisterPrefs(PrefRegistrySimple* registry); 50 51 virtual std::string GetRefreshToken() OVERRIDE; 52 53 protected: 54 // Pull the robot account ID from device policy. 55 virtual std::string GetRobotAccountId(); 56 57 private: 58 class ValidatingConsumer; 59 friend class ValidatingConsumer; 60 friend class DeviceOAuth2TokenServiceFactory; 61 friend class DeviceOAuth2TokenServiceTest; 62 friend class TestDeviceOAuth2TokenService; 63 64 // Use DeviceOAuth2TokenServiceFactory to get an instance of this class. 65 explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 66 PrefService* local_state); 67 virtual ~DeviceOAuth2TokenService(); 68 69 // Implementation of OAuth2TokenService. 70 virtual net::URLRequestContextGetter* GetRequestContext() OVERRIDE; 71 72 void OnValidationComplete(bool token_is_valid); 73 74 bool refresh_token_is_valid_; 75 int max_refresh_token_validation_retries_; 76 77 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_; 78 79 // Cache the decrypted refresh token, so we only decrypt once. 80 std::string refresh_token_; 81 PrefService* local_state_; 82 DISALLOW_COPY_AND_ASSIGN(DeviceOAuth2TokenService); 83 }; 84 85 } // namespace chromeos 86 87 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_ 88