1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_DEVICE_IDENTITY_CHROMEOS_DEVICE_OAUTH2_TOKEN_STORE_CHROMEOS_H_
#define CHROME_BROWSER_DEVICE_IDENTITY_CHROMEOS_DEVICE_OAUTH2_TOKEN_STORE_CHROMEOS_H_
#include <optional>
#include "base/feature_list.h"
#include "base/memory/raw_ptr.h"
#include "chrome/browser/device_identity/device_oauth2_token_store.h"
#include "chromeos/ash/components/settings/cros_settings.h"
class PrefRegistrySimple;
class PrefService;
namespace chromeos {
BASE_DECLARE_FEATURE(kRefreshTokenV3Feature);
// ChromeOS specific implementation of the DeviceOAuth2TokenStore interface used
// by the DeviceOAuth2TokenService to store and retrieve encrypted device-level
// refresh tokens.
class DeviceOAuth2TokenStoreChromeOS : public DeviceOAuth2TokenStore {
public:
enum class State {
STOPPED,
INITIALIZING,
READY,
};
explicit DeviceOAuth2TokenStoreChromeOS(PrefService* local_state);
~DeviceOAuth2TokenStoreChromeOS() override;
DeviceOAuth2TokenStoreChromeOS(const DeviceOAuth2TokenStoreChromeOS& other) =
delete;
DeviceOAuth2TokenStoreChromeOS& operator=(
const DeviceOAuth2TokenStoreChromeOS& other) = delete;
static void RegisterPrefs(PrefRegistrySimple* registry);
// DeviceOAuth2TokenStore:
void Init(InitCallback callback) override;
CoreAccountId GetAccountId() const override;
std::string GetRefreshToken() const override;
void SetAndSaveRefreshToken(const std::string& refresh_token,
StatusCallback result_callback) override;
// Asks CrosSettings to prepare trusted values and waits for that to complete
// before invoking |callback|, at which point it will be known if there is an
// available trusted account ID.
void PrepareTrustedAccountId(TrustedAccountIdCallback callback) override;
private:
// Flushes |token_save_callbacks_|, indicating the specified result.
void FlushTokenSaveCallbacks(bool result);
// Encrypts and saves the refresh token. Should only be called when the system
// salt is available.
void EncryptAndSaveToken();
// Attempt to load a refresh token from the local state. This will return null
// if an error occurs while loading the token, otherwise the token will be
// returned. Note that not having a token at all is not considered an error:
// an empty token is returned in this
std::optional<std::string> LoadAndDecryptToken();
// Handles completion of the system salt input. Will invoke |callback| since
// this function is what happens at the end of the initialization process.
void DidGetSystemSalt(InitCallback callback, const std::string& system_salt);
// Invoked by CrosSettings when the robot account ID becomes available.
void OnServiceAccountIdentityChanged();
// Invoked on enrollment when the refresh_token is obtained from the server.
void StoreRefreshTokenV3();
// Invoked when the store of the refresh token is done, with |success|
// representing the result of store operation.
void OnStoreTokenV3Done(bool success);
// Invoked after the refresh_token load attempt was done.
void OnRefreshTokenLoadedV3(InitCallback callback,
const std::string& refresh_token);
State state_ = State::STOPPED;
raw_ptr<PrefService> local_state_;
base::CallbackListSubscription service_account_identity_subscription_;
// The system salt for encrypting and decrypting the refresh token.
std::string system_salt_;
// Cache the decrypted refresh token, so we only decrypt once.
std::string refresh_token_;
// Token save callbacks waiting to be completed.
std::vector<StatusCallback> token_save_callbacks_;
base::WeakPtrFactory<DeviceOAuth2TokenStoreChromeOS> weak_ptr_factory_{this};
};
} // namespace chromeos
#endif // CHROME_BROWSER_DEVICE_IDENTITY_CHROMEOS_DEVICE_OAUTH2_TOKEN_STORE_CHROMEOS_H_
|
