chrome/browser/chromeos/settings/device_oauth2_token_service.h - Issue 17109006: Device robot refresh token integrity validation.

Unified Diff: chrome/browser/chromeos/settings/device_oauth2_token_service.h

Issue 17109006: Device robot refresh token integrity validation. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: fix remoting compile error on windows Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('k') | chrome/browser/chromeos/settings/device_oauth2_token_service.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/chromeos/settings/device_oauth2_token_service.h

diff --git a/chrome/browser/chromeos/settings/device_oauth2_token_service.h b/chrome/browser/chromeos/settings/device_oauth2_token_service.h

index 9d4bc6a6890a7323c5d88689249a9d8c1e203358..5b5017f2a9c9725ef6d0dc69c43463593b7b9b81 100644

--- a/chrome/browser/chromeos/settings/device_oauth2_token_service.h

+++ b/chrome/browser/chromeos/settings/device_oauth2_token_service.h

@@ -5,12 +5,16 @@

#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_

#define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_OAUTH2_TOKEN_SERVICE_H_

+#include <set>

#include <string>

#include "base/basictypes.h"

#include "base/gtest_prod_util.h"

#include "base/memory/scoped_ptr.h"

+#include "base/stl_util.h"

+#include "base/time.h"

#include "chrome/browser/signin/oauth2_token_service.h"

+#include "google_apis/gaia/gaia_oauth_client.h"

#include "net/url_request/url_request_context_getter.h"

namespace net {

@@ -33,6 +37,11 @@ namespace chromeos {

// Note that requests must be made from the UI thread.

class DeviceOAuth2TokenService : public OAuth2TokenService {

public:

+ // Specialization of StartRequest that in parallel validates that the refresh

+ // token stored on the device is owned by the device service account.

+ virtual scoped_ptr<Request> StartRequest(const ScopeSet& scopes,

+ Consumer* consumer) OVERRIDE;

// Persist the given refresh token on the device. Overwrites any previous

// value. Should only be called during initial device setup.

void SetAndSaveRefreshToken(const std::string& refresh_token);

@@ -41,15 +50,29 @@ class DeviceOAuth2TokenService : public OAuth2TokenService {

virtual std::string GetRefreshToken() OVERRIDE;

+ protected:

+ // Pull the robot account ID from device policy.

+ virtual std::string GetRobotAccountId();

private:

+ class ValidatingConsumer;

+ friend class ValidatingConsumer;

friend class DeviceOAuth2TokenServiceFactory;

- FRIEND_TEST_ALL_PREFIXES(DeviceOAuth2TokenServiceTest, SaveEncryptedToken);

+ friend class DeviceOAuth2TokenServiceTest;

+ friend class TestDeviceOAuth2TokenService;

// Use DeviceOAuth2TokenServiceFactory to get an instance of this class.

explicit DeviceOAuth2TokenService(net::URLRequestContextGetter* getter,

PrefService* local_state);

virtual ~DeviceOAuth2TokenService();

+ void OnValidationComplete(ValidatingConsumer* validator, bool token_is_valid);

+ bool refresh_token_is_valid_;

+ int max_refresh_token_validation_retries_;

+ scoped_ptr<std::set<ValidatingConsumer*> > pending_validators_;

// Cache the decrypted refresh token, so we only decrypt once.

std::string refresh_token_;

PrefService* local_state_;