Introduce CryptAuthClient, a class capable of performing all CryptAuth API calls.

BUG=419191
TEST=manual + new test

Review URL: https://codereview.chromium.org/738593002

Cr-Commit-Position: refs/heads/master@{#307058}

components/components_tests.gyp

@@ -750,6 +750,7 @@
                 'proximity_auth/client_unittest.cc',
                 'proximity_auth/connection_unittest.cc',
                 'proximity_auth/cryptauth/cryptauth_api_call_flow_unittest.cc',
+                'proximity_auth/cryptauth/cryptauth_client_unittest.cc',
                 'proximity_auth/proximity_auth_system_unittest.cc',
                 'proximity_auth/remote_status_update_unittest.cc',
                 'proximity_auth/wire_message_unittest.cc',
@@ -763,6 +764,7 @@
                 'components.gyp:proximity_auth',
                 'components.gyp:cryptauth',
                 '../device/bluetooth/bluetooth.gyp:device_bluetooth_mocks',
+                '../third_party/protobuf/protobuf.gyp:protobuf_lite',
               ],
             }],
             ['chromeos==1', {

components/proximity_auth.gypi

@@ -64,13 +64,20 @@
         '..',
       ],
       'dependencies': [
+        'cryptauth_proto',
         '../base/base.gyp:base',
         '../google_apis/google_apis.gyp:google_apis',
         '../net/net.gyp:net',
       ],
       'sources': [
+        "proximity_auth/cryptauth/cryptauth_access_token_fetcher.h",
         "proximity_auth/cryptauth/cryptauth_api_call_flow.cc",
         "proximity_auth/cryptauth/cryptauth_api_call_flow.h",
+        "proximity_auth/cryptauth/cryptauth_client.cc",
+        "proximity_auth/cryptauth/cryptauth_client.h",
+      ],
+      'export_dependent_settings': [
+        'cryptauth_proto',
       ],
     },
   ],

components/proximity_auth/cryptauth/BUILD.gn

@@ -4,8 +4,11 @@
 
 source_set("cryptauth") {
   sources = [
+    "cryptauth_access_token_fetcher.h",
     "cryptauth_api_call_flow.cc",
     "cryptauth_api_call_flow.h",
+    "cryptauth_client.cc",
+    "cryptauth_client.h",
   ]
 
   deps = [
@@ -13,12 +16,17 @@ source_set("cryptauth") {
     "//google_apis",
     "//net",
   ]
+
+  public_deps = [
+    "proto",
+  ]
 }
 
 source_set("unit_tests") {
   testonly = true
   sources = [
     "cryptauth_api_call_flow_unittest.cc",
+    "cryptauth_client_unittest.cc",
   ]
 
   deps = [

components/proximity_auth/cryptauth/cryptauth_access_token_fetcher.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_PROXIMITY_AUTH_CRYPT_AUTH_ACCESS_TOKEN_FETCHER_H
+#define COMPONENTS_PROXIMITY_AUTH_CRYPT_AUTH_ACCESS_TOKEN_FETCHER_H
+
+namespace proximity_auth {
+
+// Simple interface for fetching the OAuth2 access token that authorizes
+// CryptAuth API calls.
+class CryptAuthAccessTokenFetcher {
+ public:
+  virtual ~CryptAuthAccessTokenFetcher() {}
+
+  // Fetches the access token asynchronously, invoking the callback upon
+  // completion. If the fetch fails, the callback will be invoked with an empty
+  // string.
+  typedef base::Callback<void(const std::string&)> AccessTokenCallback;
+  virtual void FetchAccessToken(const AccessTokenCallback& callback) = 0;
+};
+
+}  // namespace proximity_auth
+
+#endif  // COMPONENTS_PROXIMITY_AUTH_CRYPT_AUTH_ACCESS_TOKEN_FETCHER_H

components/proximity_auth/cryptauth/cryptauth_api_call_flow.cc

@@ -27,8 +27,8 @@ CryptAuthApiCallFlow::~CryptAuthApiCallFlow() {
 void CryptAuthApiCallFlow::Start(net::URLRequestContextGetter* context,
                                  const std::string& access_token,
                                  const std::string& serialized_request,
-                                 ResultCallback result_callback,
-                                 ErrorCallback error_callback) {
+                                 const ResultCallback& result_callback,
+                                 const ErrorCallback& error_callback) {
   serialized_request_ = serialized_request;
   result_callback_ = result_callback;
   error_callback_ = error_callback;

components/proximity_auth/cryptauth/cryptauth_api_call_flow.h

@@ -32,11 +32,11 @@ class CryptAuthApiCallFlow : public OAuth2ApiCallFlow {
   //   result_callback: Called when the flow completes successfully with a
   //       serialized response proto.
   //   error_callback: Called when the flow completes with an error.
-  void Start(net::URLRequestContextGetter* context,
-             const std::string& access_token,
-             const std::string& serialized_request,
-             ResultCallback result_callback,
-             ErrorCallback error_callback);
+  virtual void Start(net::URLRequestContextGetter* context,
+                     const std::string& access_token,
+                     const std::string& serialized_request,
+                     const ResultCallback& result_callback,
+                     const ErrorCallback& error_callback);
 
  protected:
   // Reduce the visibility of OAuth2ApiCallFlow::Start() to avoid exposing

components/proximity_auth/cryptauth/cryptauth_client.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/bind.h"
+#include "base/command_line.h"
+#include "components/proximity_auth/cryptauth/cryptauth_access_token_fetcher.h"
+#include "components/proximity_auth/cryptauth/cryptauth_api_call_flow.h"
+#include "components/proximity_auth/cryptauth/cryptauth_client.h"
+#include "components/proximity_auth/cryptauth/proto/cryptauth_api.pb.h"
+#include "components/proximity_auth/switches.h"
+#include "net/url_request/url_request_context_getter.h"
+
+namespace proximity_auth {
+
+namespace {
+
+// Default URL of Google APIs endpoint hosting CryptAuth.
+const char kDefaultCryptAuthHTTPHost[] = "https://www.googleapis.com";
+
+// URL subpath hosting the CryptAuth service.
+const char kCryptAuthPath[] = "cryptauth/v1/";
+
+// URL subpaths for each CryptAuth API.
+const char kGetMyDevicesPath[] = "deviceSync/getmydevices";
+const char kFindEligibleUnlockDevicesPath[] =
+    "deviceSync/findeligibleunlockdevices";
+const char kSendDeviceSyncTicklePath[] = "deviceSync/senddevicesynctickle";
+const char kToggleEasyUnlockPath[] = "deviceSync/toggleeasyunlock";
+const char kSetupEnrollmentPath[] = "enrollment/setupenrollment";
+const char kFinishEnrollmentPath[] = "enrollment/finishenrollment";
+
+// Query string of the API URL indicating that the response should be in a
+// serialized protobuf format.
+const char kQueryProtobuf[] = "?alt=proto";
+
+// Creates the full CryptAuth URL for endpoint to the API with |request_path|.
+GURL CreateRequestUrl(const std::string& request_path) {
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+  GURL google_apis_url =
+      GURL(command_line->HasSwitch(switches::kCryptAuthHTTPHost)
+               ? command_line->GetSwitchValueASCII(switches::kCryptAuthHTTPHost)
+               : kDefaultCryptAuthHTTPHost);
+  return google_apis_url.Resolve(kCryptAuthPath + request_path +
+                                 kQueryProtobuf);
+}
+
+}  // namespace
+
+CryptAuthClient::CryptAuthClient(
+    scoped_ptr<CryptAuthAccessTokenFetcher> access_token_fetcher,
+    scoped_refptr<net::URLRequestContextGetter> url_request_context)
+    : url_request_context_(url_request_context),
+      access_token_fetcher_(access_token_fetcher.Pass()),
+      weak_ptr_factory_(this) {
+}
+
+CryptAuthClient::~CryptAuthClient() {
+}
+
+void CryptAuthClient::GetMyDevices(
+    const cryptauth::GetMyDevicesRequest& request,
+    const GetMyDevicesCallback& callback,
+    const ErrorCallback& error_callback) {
+  MakeApiCall(kGetMyDevicesPath, request, callback, error_callback);
+}
+
+void CryptAuthClient::FindEligibleUnlockDevices(
+    const cryptauth::FindEligibleUnlockDevicesRequest& request,
+    const FindEligibleUnlockDevicesCallback& callback,
+    const ErrorCallback& error_callback) {
+  MakeApiCall(kFindEligibleUnlockDevicesPath, request, callback,
+              error_callback);
+}
+
+void CryptAuthClient::SendDeviceSyncTickle(
+    const cryptauth::SendDeviceSyncTickleRequest& request,
+    const SendDeviceSyncTickleCallback& callback,
+    const ErrorCallback& error_callback) {
+  MakeApiCall(kSendDeviceSyncTicklePath, request, callback, error_callback);
+}
+
+void CryptAuthClient::ToggleEasyUnlock(
+    const cryptauth::ToggleEasyUnlockRequest& request,
+    const ToggleEasyUnlockCallback& callback,
+    const ErrorCallback& error_callback) {
+  MakeApiCall(kToggleEasyUnlockPath, request, callback, error_callback);
+}
+
+void CryptAuthClient::SetupEnrollment(
+    const cryptauth::SetupEnrollmentRequest& request,
+    const SetupEnrollmentCallback& callback,
+    const ErrorCallback& error_callback) {
+  MakeApiCall(kSetupEnrollmentPath, request, callback, error_callback);
+}
+
+void CryptAuthClient::FinishEnrollment(
+    const cryptauth::FinishEnrollmentRequest& request,
+    const FinishEnrollmentCallback& callback,
+    const ErrorCallback& error_callback) {
+  MakeApiCall(kFinishEnrollmentPath, request, callback, error_callback);
+}
+
+scoped_ptr<CryptAuthApiCallFlow> CryptAuthClient::CreateFlow(
+    const GURL& request_url) {
+  return make_scoped_ptr(new CryptAuthApiCallFlow(request_url));
+}
+
+template <class RequestProto, class ResponseProto>
+void CryptAuthClient::MakeApiCall(
+    const std::string& request_path,
+    const RequestProto& request_proto,
+    const base::Callback<void(const ResponseProto&)>& response_callback,
+    const ErrorCallback& error_callback) {
+  if (flow_) {
+    error_callback.Run(
+        "Client has been used for another request. Do not reuse.");
+    return;
+  }
+
+  std::string serialized_request;
+  if (!request_proto.SerializeToString(&serialized_request)) {
+    error_callback.Run(std::string("Failed to serialize ") +
+                       request_proto.GetTypeName() + " proto.");
+    return;
+  }
+
+  request_path_ = request_path;
+  error_callback_ = error_callback;
+  access_token_fetcher_->FetchAccessToken(base::Bind(
+      &CryptAuthClient::OnAccessTokenFetched<ResponseProto>,
+      weak_ptr_factory_.GetWeakPtr(), serialized_request, response_callback));
+}
+
+template <class ResponseProto>
+void CryptAuthClient::OnAccessTokenFetched(
+    const std::string& serialized_request,
+    const base::Callback<void(const ResponseProto&)>& response_callback,
+    const std::string& access_token) {
+  if (access_token.empty()) {
+    OnApiCallFailed("Failed to get a valid access token.");
+    return;
+  }
+
+  flow_ = CreateFlow(CreateRequestUrl(request_path_));
+  flow_->Start(url_request_context_.get(), access_token, serialized_request,
+               base::Bind(&CryptAuthClient::OnFlowSuccess<ResponseProto>,
+                          weak_ptr_factory_.GetWeakPtr(), response_callback),
+               base::Bind(&CryptAuthClient::OnApiCallFailed,
+                          weak_ptr_factory_.GetWeakPtr()));
+}
+
+template <class ResponseProto>
+void CryptAuthClient::OnFlowSuccess(
+    const base::Callback<void(const ResponseProto&)>& result_callback,
+    const std::string& serialized_response) {
+  ResponseProto response;
+  if (!response.ParseFromString(serialized_response)) {
+    OnApiCallFailed("Failed to parse response proto.");
+    return;
+  }
+  result_callback.Run(response);
+};
+
+void CryptAuthClient::OnApiCallFailed(const std::string& error_message) {
+  error_callback_.Run(error_message);
+}
+
+}  // proximity_auth

components/proximity_auth/cryptauth/cryptauth_client.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_PROXIMITY_AUTH_CRYPT_AUTH_CLIENT_H
+#define COMPONENTS_PROXIMITY_AUTH_CRYPT_AUTH_CLIENT_H
+
+#include "base/callback.h"
+#include "base/macros.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "components/proximity_auth/cryptauth/proto/cryptauth_api.pb.h"
+#include "net/url_request/url_request_context_getter.h"
+#include "url/gurl.h"
+
+class OAuth2TokenService;
+
+namespace proximity_auth {
+
+class CryptAuthAccessTokenFetcher;
+class CryptAuthApiCallFlow;
+
+// Use CryptAuthClient to make API requests to the CryptAuth service, which
+// manages cryptographic credentials (ie. public keys) for a user's devices.
+// CryptAuthClient only processes one request, so create a new instance for each
+// request you make. DO NOT REUSE.
+// For documentation on each API call, see
+// components/proximity_auth/cryptauth/proto/cryptauth_api.proto
+class CryptAuthClient {
+ public:
+  typedef base::Callback<void(const std::string&)> ErrorCallback;
+
+  // Creates the client using |url_request_context| to make the HTTP request.
+  // CryptAuthClient takes ownership of |access_token_fetcher|, which provides
+  // the access token authorizing CryptAuth requests.
+  CryptAuthClient(
+      scoped_ptr<CryptAuthAccessTokenFetcher> access_token_fetcher,
+      scoped_refptr<net::URLRequestContextGetter> url_request_context);
+  virtual ~CryptAuthClient();
+
+  // GetMyDevices
+  typedef base::Callback<void(const cryptauth::GetMyDevicesResponse&)>
+      GetMyDevicesCallback;
+  void GetMyDevices(const cryptauth::GetMyDevicesRequest& request,
+                    const GetMyDevicesCallback& callback,
+                    const ErrorCallback& error_callback);
+
+  // FindEligibleUnlockDevices
+  typedef base::Callback<void(
+      const cryptauth::FindEligibleUnlockDevicesResponse&)>
+      FindEligibleUnlockDevicesCallback;
+  void FindEligibleUnlockDevices(
+      const cryptauth::FindEligibleUnlockDevicesRequest& request,
+      const FindEligibleUnlockDevicesCallback& callback,
+      const ErrorCallback& error_callback);
+
+  // SendDeviceSyncTickle
+  typedef base::Callback<void(const cryptauth::SendDeviceSyncTickleResponse&)>
+      SendDeviceSyncTickleCallback;
+  void SendDeviceSyncTickle(
+      const cryptauth::SendDeviceSyncTickleRequest& request,
+      const SendDeviceSyncTickleCallback& callback,
+      const ErrorCallback& error_callback);
+
+  // ToggleEasyUnlock
+  typedef base::Callback<void(const cryptauth::ToggleEasyUnlockResponse&)>
+      ToggleEasyUnlockCallback;
+  void ToggleEasyUnlock(const cryptauth::ToggleEasyUnlockRequest& request,
+                        const ToggleEasyUnlockCallback& callback,
+                        const ErrorCallback& error_callback);
+
+  // SetupEnrollment
+  typedef base::Callback<void(const cryptauth::SetupEnrollmentResponse&)>
+      SetupEnrollmentCallback;
+  void SetupEnrollment(const cryptauth::SetupEnrollmentRequest& request,
+                       const SetupEnrollmentCallback& callback,
+                       const ErrorCallback& error_callback);
+
+  // FinishEnrollment
+  typedef base::Callback<void(const cryptauth::FinishEnrollmentResponse&)>
+      FinishEnrollmentCallback;
+  void FinishEnrollment(const cryptauth::FinishEnrollmentRequest& request,
+                        const FinishEnrollmentCallback& callback,
+                        const ErrorCallback& error_callback);
+
+ protected:
+  // Creates a CryptAuthApiCallFlow object. Exposed for testing.
+  virtual scoped_ptr<CryptAuthApiCallFlow> CreateFlow(const GURL& request_url);
+
+ private:
+  // Starts a call to the API given by |request_path|, with the templated
+  // request and response types. The client first fetches the access token and
+  // then makes the HTTP request.
+  template <class RequestProto, class ResponseProto>
+  void MakeApiCall(
+      const std::string& request_path,
+      const RequestProto& request_proto,
+      const base::Callback<void(const ResponseProto&)>& response_callback,
+      const ErrorCallback& error_callback);
+
+  // Called when the access token is obtained so the API request can be made.
+  template <class ResponseProto>
+  void OnAccessTokenFetched(
+      const std::string& serialized_request,
+      const base::Callback<void(const ResponseProto&)>& response_callback,
+      const std::string& access_token);
+
+  // Called with CryptAuthApiCallFlow completes successfully to deserialize and
+  // return the result.
+  template <class ResponseProto>
+  void OnFlowSuccess(
+      const base::Callback<void(const ResponseProto&)>& result_callback,
+      const std::string& serialized_response);
+
+  // Called when the current API call fails at any step.
+  void OnApiCallFailed(const std::string& error_message);
+
+  // The context for network requests.
+  scoped_refptr<net::URLRequestContextGetter> url_request_context_;
+
+  // Fetches the access token authorizing the API calls.
+  scoped_ptr<CryptAuthAccessTokenFetcher> access_token_fetcher_;
+
+  // Handles the current API call.
+  scoped_ptr<CryptAuthApiCallFlow> flow_;
+
+  // URL path of the current request.
+  std::string request_path_;
+
+  // Called when the current request fails.
+  ErrorCallback error_callback_;
+
+  base::WeakPtrFactory<CryptAuthClient> weak_ptr_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(CryptAuthClient);
+};
+
+}  // namespace proximity_auth
+
+#endif  // COMPONENTS_PROXIMITY_AUTH_CRYPT_AUTH_CLIENT_H

components/proximity_auth/cryptauth/proto/cryptauth_api.proto

@@ -38,10 +38,6 @@ message FindEligibleUnlockDevicesRequest {
   // this field is left unset, no callback will be made, and no message will be
   // pushed to the user's devices.
   optional string callback_bluetooth_address = 2;
-
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#findEligibleUnlockDevicesRequest"</code>.
-  optional string kind = 3;
 }
 
 // Response containing a list of devices that could be made Unlock Keys
@@ -53,10 +49,6 @@ message FindEligibleUnlockDevicesResponse {
   // will not contain any non-gms core devices, even though these are also not
   // eligible to be unlock keys.
   repeated IneligibleDevice ineligible_devices = 2;
-
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#findEligibleUnlockDevicesResponse"</code>.
-  optional string kind = 3;
 }
 
 // Request to complete a device enrollment.
@@ -78,10 +70,6 @@ message FinishEnrollmentResponse {
 
   // A detailed error message if there was a failure.
   optional string error_message = 2;
-
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#finishEnrollmentResponse"</code>.
-  optional string kind = 5;
 }
 
 // Used to request devices that have a specific feature.
@@ -95,10 +83,6 @@ message GetDevicesForFeatureRequest {
 message GetDevicesForFeatureResponse {
   // A (possibly empty) list of devices supporting the requested feature.
   repeated ExternalDeviceInfo result_sets = 1;
-
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#getDevicesForFeatureResponse"</code>.
-  optional string kind = 2;
 }
 
 // Request for a listing of a user's own devices
@@ -106,19 +90,14 @@ message GetMyDevicesRequest {
   // Return only devices that can act as EasyUnlock keys.
   optional bool approved_for_unlock_required = 2;
 
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#getMyDevicesRequest"</code>.
-  optional string kind = 3;
+  // Allow the returned list to be somewhat out of date (read will be faster)
+  optional bool allow_stale_read = 3 [default = false];
 }
 
 // Response containing a listing of the users device's
 message GetMyDevicesResponse {
   // A listing of all sync-able devices
   repeated ExternalDeviceInfo devices = 1;
-
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#getMyDevicesResponse"</code>.
-  optional string kind = 2;
 }
 
 // A device that the server thinks is not eligible to be an unlock key, and the
@@ -137,9 +116,10 @@ message IneligibleDevice {
 
 // Requests to send a "tickle" requesting to sync all of a user's devices now
 message SendDeviceSyncTickleRequest {
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#sendDeviceSyncTickleRequest"</code>.
-  optional string kind = 2;
+}
+
+message SendDeviceSyncTickleResponse {
+  // empty for now
 }
 
 // Contains information needed to begin a device enrollment.
@@ -178,10 +158,6 @@ message SetupEnrollmentResponse {
 
   // Information for each of the requested protocol <code>type</code>s.
   repeated SetupEnrollmentInfo infos = 2;
-
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#setupEnrollmentResponse"</code>.
-  optional string kind = 3;
 }
 
 // Used to enable or disable EasyUnlock features on a specified device, and also
@@ -202,8 +178,8 @@ message ToggleEasyUnlockRequest {
   // set.  NOTE: the case enable=true is not yet supported, so this option can
   // only disable EasyUnlock for all devices.
   optional bool apply_to_all = 3;
+}
 
-  // Identifies what kind of resource this is. Value: the fixed string
-  // <code>"cryptauth#toggleEasyUnlockRequest"</code>.
-  optional string kind = 4;
+message ToggleEasyUnlockResponse {
+  // empty for now
 }

components/proximity_auth/switches.cc

@@ -7,6 +7,10 @@
 namespace proximity_auth {
 namespace switches {
 
+// Overrides the default URL for Google APIs (https://www.googleapis.com) used
+// by CryptAuth.
+const char kCryptAuthHTTPHost[] = "cryptauth-http-host";
+
 // Disable Easy sign-in.
 const char kDisableEasySignin[] = "disable-easy-signin";
 

components/proximity_auth/switches.h

@@ -10,6 +10,7 @@ namespace switches {
 
 // All switches in alphabetical order. The switches should be documented
 // alongside the definition of their values in the .cc file.
+extern const char kCryptAuthHTTPHost[];
 extern const char kDisableEasySignin[];
 extern const char kDisableEasyUnlock[];
 extern const char kEnableEasySignin[];