Add code to mint OAuth tokens from login-scoped OAuth token.

chrome/common/net/gaia/oauth2_token_mint_fetcher.cc

Index: chrome/common/net/gaia/oauth2_token_mint_fetcher.cc
===================================================================
--- chrome/common/net/gaia/oauth2_token_mint_fetcher.cc	(revision 0)
+++ chrome/common/net/gaia/oauth2_token_mint_fetcher.cc	(revision 0)
@@ -0,0 +1,203 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/net/gaia/oauth2_token_mint_fetcher.h"
+
+#include <algorithm>
+#include <string>
+
+#include "base/json/json_reader.h"
+#include "base/string_util.h"
+#include "base/stringprintf.h"
+#include "base/values.h"
+#include "chrome/common/net/gaia/gaia_urls.h"
+#include "chrome/common/net/gaia/google_service_auth_error.h"
+#include "net/base/escape.h"
+#include "net/base/load_flags.h"
+#include "net/http/http_status_code.h"
+#include "net/url_request/url_request_context_getter.h"
+#include "net/url_request/url_request_status.h"
+
+using content::URLFetcher;
+using content::URLFetcherDelegate;
+using net::ResponseCookies;
+using net::URLRequestContextGetter;
+using net::URLRequestStatus;
+
+namespace {
+static const char kAuthorizationHeaderFormat[] =
+    "Authorization: Bearer %s";
+static const char kOAuth2IssueTokenBodyFormat[] =
+    "force=true"
+    "&response_type=token"
+    "&scope=%s"
+    "&client_id=%s"
+    "&origin=%s";
+static const char kAccessTokenKey[] = "token";
+
+static bool GetStringFromDictionary(const DictionaryValue* dict,

[asargent_no_longer_on_chrome, 2012/03/01 00:53:36]

nit: I think you can get rid of this function and just use
DictionaryValue::GetString() in the places where you were calling it

[Munjal (Google), 2012/03/01 18:38:52]

Done.

+                                    const std::string& key,
+                                    std::string* value) {
+  Value* json_value;
+  if (!dict->Get(key, &json_value))
+    return false;
+  if (json_value->GetType() != base::Value::TYPE_STRING)
+    return false;
+
+  StringValue* json_str_value = static_cast<StringValue*>(json_value);
+  json_str_value->GetAsString(value);
+  return true;
+}
+
+static GoogleServiceAuthError CreateAuthError(URLRequestStatus status) {
+  CHECK(!status.is_success());
+  if (status.status() == URLRequestStatus::CANCELED) {
+    return GoogleServiceAuthError(GoogleServiceAuthError::REQUEST_CANCELED);
+  } else {
+    DLOG(WARNING) << "Could not reach Google Accounts servers: errno "
+                  << status.error();
+    return GoogleServiceAuthError::FromConnectionError(status.error());
+  }
+}
+
+static URLFetcher* CreateFetcher(URLRequestContextGetter* getter,
+                                 const GURL& url,
+                                 const std::string& headers,
+                                 const std::string& body,
+                                 URLFetcherDelegate* delegate) {
+  bool empty_body = body.empty();
+  URLFetcher* result = URLFetcher::Create(
+      0, url,
+      empty_body ? URLFetcher::GET : URLFetcher::POST,
+      delegate);
+
+  result->SetRequestContext(getter);
+  result->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
+                       net::LOAD_DO_NOT_SAVE_COOKIES);
+
+  if (!empty_body)
+    result->SetUploadData("application/x-www-form-urlencoded", body);
+  if (!headers.empty())
+    result->SetExtraRequestHeaders(headers);
+
+  return result;
+}
+}  // namespace
+
+OAuth2TokenMintFetcher::OAuth2TokenMintFetcher(
+    OAuth2TokenMintConsumer* consumer,
+    URLRequestContextGetter* getter,
+    const std::string& source)
+    : consumer_(consumer),
+      getter_(getter),
+      source_(source),
+      state_(INITIAL) { }
+
+OAuth2TokenMintFetcher::~OAuth2TokenMintFetcher() { }
+
+void OAuth2TokenMintFetcher::CancelRequest() {
+  fetcher_.reset();
+}
+
+void OAuth2TokenMintFetcher::Start(const std::string& oauth_login_access_token,
+                                   const std::string& client_id,
+                                   const std::vector<std::string>& scopes,
+                                   const std::string& origin) {
+  oauth_login_access_token_ = oauth_login_access_token;
+  client_id_ = client_id;
+  scopes_ = scopes;
+  origin_ = origin;
+  StartMintToken();
+}
+
+void OAuth2TokenMintFetcher::StartMintToken() {
+  CHECK_EQ(INITIAL, state_);
+  state_ = MINT_TOKEN_STARTED;
+  fetcher_.reset(CreateFetcher(
+      getter_,
+      MakeMintTokenUrl(),
+      MakeMintTokenHeader(oauth_login_access_token_),
+      MakeMintTokenBody(client_id_, scopes_, origin_),
+      this));
+  fetcher_->Start();  // OnURLFetchComplete will be called.
+}
+
+void OAuth2TokenMintFetcher::EndMintToken(const URLFetcher* source) {
+  CHECK_EQ(MINT_TOKEN_STARTED, state_);
+  state_ = MINT_TOKEN_DONE;
+
+  URLRequestStatus status = source->GetStatus();
+  if (!status.is_success()) {
+    OnMintTokenFailure(CreateAuthError(status));
+    return;
+  }
+
+  if (source->GetResponseCode() != net::HTTP_OK) {
+    OnMintTokenFailure(GoogleServiceAuthError(
+        GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
+    return;
+  }
+
+  // The request was successfully fetched and it returned OK.
+  // Parse out the access token.
+  std::string access_token;
+  ParseMintTokenResponse(source, &access_token);
+  OnMintTokenSuccess(access_token);
+}
+
+void OAuth2TokenMintFetcher::OnMintTokenSuccess(
+    const std::string& access_token) {
+  consumer_->OnMintTokenSuccess(access_token);
+}
+
+void OAuth2TokenMintFetcher::OnMintTokenFailure(GoogleServiceAuthError error) {
+  state_ = ERROR_STATE;
+  consumer_->OnMintTokenFailure(error);
+}
+
+void OAuth2TokenMintFetcher::OnURLFetchComplete(const URLFetcher* source) {
+  CHECK(source);
+  CHECK_EQ(MINT_TOKEN_STARTED, state_);
+  EndMintToken(source);
+}
+
+// static
+GURL OAuth2TokenMintFetcher::MakeMintTokenUrl() {
+  return GURL(GaiaUrls::GetInstance()->oauth2_issue_token_url());
+}
+
+// static
+std::string OAuth2TokenMintFetcher::MakeMintTokenHeader(
+    const std::string& access_token) {
+  return StringPrintf(kAuthorizationHeaderFormat, access_token);
+}
+
+// static
+std::string OAuth2TokenMintFetcher::MakeMintTokenBody(
+    const std::string& client_id,
+    const std::vector<std::string>& scopes,
+    const std::string& origin) {
+  return StringPrintf(
+      kOAuth2IssueTokenBodyFormat,
+      net::EscapeUrlEncodedData(JoinString(scopes, ','), true).c_str(),
+      net::EscapeUrlEncodedData(client_id, true).c_str(),
+      net::EscapeUrlEncodedData(origin, true).c_str());
+}
+
+// static
+bool OAuth2TokenMintFetcher::ParseMintTokenResponse(
+    const URLFetcher* source,
+    std::string* access_token) {
+  CHECK(source);
+  CHECK(access_token);
+  std::string data;
+  source->GetResponseAsString(&data);
+  base::JSONReader reader;
+  scoped_ptr<base::Value> value(reader.Read(data, false));
+  if (!value.get() || value->GetType() != base::Value::TYPE_DICTIONARY)
+    return false;
+
+  DictionaryValue* dict = static_cast<DictionaryValue*>(value.get());
+  return GetStringFromDictionary(dict, kAccessTokenKey, access_token);
+}