File: authorization_zone_impl.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (156 lines) | stat: -rw-r--r-- 6,483 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
 
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_PRINTING_OAUTH2_AUTHORIZATION_ZONE_IMPL_H_
#define CHROME_BROWSER_ASH_PRINTING_OAUTH2_AUTHORIZATION_ZONE_IMPL_H_

#include <list>
#include <map>
#include <memory>
#include <string>

#include "base/containers/flat_set.h"
#include "base/memory/scoped_refptr.h"
#include "chrome/browser/ash/printing/oauth2/authorization_server_data.h"
#include "chrome/browser/ash/printing/oauth2/authorization_zone.h"
#include "chrome/browser/ash/printing/oauth2/status_code.h"
#include "chromeos/printing/uri.h"
#include "url/gurl.h"

namespace network {
class SharedURLLoaderFactory;
}  // namespace network

namespace ash {
namespace printing {
namespace oauth2 {

class AuthorizationServerSession;
class ClientIdsDatabase;
class IppEndpointTokenFetcher;

// The class AuthorizationZoneImpl implements functionality described in
// AuthorizationZone interface.
//
class AuthorizationZoneImpl : public AuthorizationZone {
 public:
  // `client_ids_database` cannot be nullptr and must outlive this object.
  AuthorizationZoneImpl(
      scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
      const GURL& authorization_server_uri,
      ClientIdsDatabase* client_ids_database);

  AuthorizationZoneImpl(const AuthorizationZoneImpl&) = delete;
  AuthorizationZoneImpl& operator=(const AuthorizationZoneImpl&) = delete;
  ~AuthorizationZoneImpl() override;

  // AuthorizationZone interface.
  void InitAuthorization(const std::string& scope,
                         StatusCallback callback) override;
  void FinishAuthorization(const GURL& redirect_url,
                           StatusCallback callback) override;
  void GetEndpointAccessToken(const chromeos::Uri& ipp_endpoint,
                              const std::string& scope,
                              StatusCallback callback) override;
  void MarkEndpointAccessTokenAsExpired(
      const chromeos::Uri& ipp_endpoint,
      const std::string& endpoint_access_token) override;
  void MarkAuthorizationZoneAsUntrusted() override;

 private:
  // This method processes (and removes) all elements from
  // `waiting_authorizations_` by initiating authorization procedures for them.
  void AuthorizationProcedure();

  // Callback for AuthorizationServerData::Initialize().
  void OnInitializeCallback(StatusCode status, std::string data);

  // Callback for AuthorizationServerSession::SendFirstTokenRequest() and
  // AuthorizationServerSession::SendNextTokenRequest().
  void OnSendTokenRequestCallback(AuthorizationServerSession* session,
                                  StatusCode status,
                                  std::string data);

  // Callback for IppEndpointTokenFetcher::SendTokenExchangeRequest(...).
  void OnTokenExchangeRequestCallback(const chromeos::Uri& ipp_endpoint,
                                      StatusCode status,
                                      std::string data);

  // Executes all callbacks from the waitlist of `ipp_endpoint`. Also, removes
  // `ipp_endpoint` when `status` != StatusCode::kOK.
  void ResultForIppEndpoint(const chromeos::Uri& ipp_endpoint,
                            StatusCode status,
                            std::string data);

  // This callback is added to the waitlist of AuthorizationSession when
  // `ipp_endpoint` must wait for the access token from it.
  void OnAccessTokenForEndpointCallback(const chromeos::Uri& ipp_endpoint,
                                        StatusCode status,
                                        std::string data);

  // Tries to find OAuth session for given IPP Endpoint and send Token Exchange
  // request to obtain an endpoint access token.
  void AttemptTokenExchange(IppEndpointTokenFetcher* it_endpoint);

  // Finds an element in `pending_authorizations_` with given `state` and remove
  // it. Returns false if such element does not exists. Otherwise, returns true
  // and returns the content of the element in the last two parameters.
  bool FindAndRemovePendingAuthorization(const std::string& state,
                                         base::flat_set<std::string>& scopes,
                                         std::string& code_verifier);

  // Represents started authorization procedure waiting for opening
  // communication with the server. This object is created when
  // InitAuthorization() is called and its callback does not return yet.
  struct WaitingAuthorization {
    WaitingAuthorization(base::flat_set<std::string>&& scopes,
                         StatusCallback callback);
    WaitingAuthorization(const WaitingAuthorization&) = delete;
    WaitingAuthorization& operator=(const WaitingAuthorization&) = delete;
    ~WaitingAuthorization();
    base::flat_set<std::string> scopes;
    StatusCallback callback;
  };

  // Represents started authorization procedure. This object is created when
  // InitAuthorization() is called and is destroyed in the corresponding
  // FinishAuthorization() call.
  struct PendingAuthorization {
    PendingAuthorization(base::flat_set<std::string>&& scopes,
                         std::string&& state,
                         std::string&& code_verifier);
    PendingAuthorization(const PendingAuthorization&) = delete;
    PendingAuthorization& operator=(const PendingAuthorization&) = delete;
    ~PendingAuthorization();
    base::flat_set<std::string> scopes;
    // Values used in the current authorization process.
    std::string state;
    std::string code_verifier;
  };

  // Holds basic parameters of the Authorization Server.
  AuthorizationServerData server_data_;

  // List of InitAuthorization() calls being processed.
  std::list<WaitingAuthorization> waiting_authorizations_;

  // List of completed InitAuthorization() calls waiting for the corresponding
  // FinishAuthorization() call.
  std::list<PendingAuthorization> pending_authorizations_;

  // List of active OAuth2 sessions.
  std::list<std::unique_ptr<AuthorizationServerSession>> sessions_;

  // List of IPP Endpoints for which an endpoint access token was requested.
  std::map<chromeos::Uri, std::unique_ptr<IppEndpointTokenFetcher>>
      ipp_endpoints_;

  scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory_;
};

}  // namespace oauth2
}  // namespace printing
}  // namespace ash

#endif  // CHROME_BROWSER_ASH_PRINTING_OAUTH2_AUTHORIZATION_ZONE_IMPL_H_