[CrOS Multidevice] Integrate SecureChannel API into EasyUnlockServices.

Grab the global SecureChannelClient instance in EasyUnlockServiceFactory,
and inject it into EasyUnlockServiceRegular and EasyUnlockServiceSignin.

This change has allowed me to manually verify that Smart Lock works with
the new SecureChannel API, in the regular, lock-screen case. Additional
work still needs to be done to fully integrate the sign-in case, which
will come in subsequent CLs.

R=jhawkins@chromium.org, khorimoto@chromium.org

Bug: 824568, 752273
Change-Id: I77952966eace55dabb6895569c8b18ac03cd1189
Reviewed-on: https://chromium-review.googlesource.com/1108880
Commit-Queue: Ryan Hansberry <hansberry@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: James Hawkins <jhawkins@chromium.org>
Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#570110}

chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api_unittest.cc

@@ -64,7 +64,9 @@ constexpr char kInvalidPassword[] = "invalid";
 class FakeEasyUnlockService : public EasyUnlockServiceRegular {
  public:
   explicit FakeEasyUnlockService(Profile* profile)
-      : EasyUnlockServiceRegular(profile, nullptr /* device_sync_client */),
+      : EasyUnlockServiceRegular(profile,
+                                 nullptr /* secure_channel_client */,
+                                 nullptr /* device_sync_client */),
         reauth_count_(0) {}
   ~FakeEasyUnlockService() override {}
 

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service.cc

@@ -219,8 +219,11 @@ class EasyUnlockService::PowerMonitor : public PowerManagerClient::Observer {
   DISALLOW_COPY_AND_ASSIGN(PowerMonitor);
 };
 
-EasyUnlockService::EasyUnlockService(Profile* profile)
+EasyUnlockService::EasyUnlockService(
+    Profile* profile,
+    secure_channel::SecureChannelClient* secure_channel_client)
     : profile_(profile),
+      secure_channel_client_(secure_channel_client),
       proximity_auth_client_(profile),
       bluetooth_detector_(new BluetoothDetector(this)),
       shut_down_(false),
@@ -682,12 +685,11 @@ void EasyUnlockService::SetProximityAuthDevices(
 
   if (!proximity_auth_system_) {
     PA_LOG(INFO) << "Creating ProximityAuthSystem.";
-    // TODO(crbug.com/752273): Inject a real secure_channel_client.
     proximity_auth_system_.reset(new proximity_auth::ProximityAuthSystem(
         GetType() == TYPE_SIGNIN
             ? proximity_auth::ProximityAuthSystem::SIGN_IN
             : proximity_auth::ProximityAuthSystem::SESSION_LOCK,
-        proximity_auth_client(), nullptr /* secure_channel_client */));
+        proximity_auth_client(), secure_channel_client_));
   }
 
   proximity_auth_system_->SetRemoteDevicesForUser(account_id, remote_devices,

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service.h

@@ -47,6 +47,10 @@ class PrefRegistrySimple;
 
 namespace chromeos {
 
+namespace secure_channel {
+class SecureChannelClient;
+}  // namespace secure_channel
+
 class EasyUnlockAppManager;
 class EasyUnlockServiceObserver;
 class UserContext;
@@ -196,7 +200,8 @@ class EasyUnlockService : public KeyedService {
   }
 
  protected:
-  explicit EasyUnlockService(Profile* profile);
+  EasyUnlockService(Profile* profile,
+                    secure_channel::SecureChannelClient* secure_channel_client);
   ~EasyUnlockService() override;
 
   // Does a service type specific initialization.
@@ -300,6 +305,7 @@ class EasyUnlockService : public KeyedService {
   void EnsureTpmKeyPresentIfNeeded();
 
   Profile* const profile_;
+  secure_channel::SecureChannelClient* secure_channel_client_;
 
   ChromeProximityAuthClient proximity_auth_client_;
 

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_factory.cc

@@ -15,6 +15,7 @@
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_signin_chromeos.h"
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/chromeos/secure_channel/secure_channel_client_provider.h"
 #include "chrome/browser/profiles/incognito_helpers.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_switches.h"
@@ -87,13 +88,17 @@ KeyedService* EasyUnlockServiceFactory::BuildServiceInstanceFor(
     if (!context->IsOffTheRecord())
       return NULL;
 
-    service = new EasyUnlockServiceSignin(Profile::FromBrowserContext(context));
+    service = new EasyUnlockServiceSignin(
+        Profile::FromBrowserContext(context),
+        secure_channel::SecureChannelClientProvider::GetInstance()
+            ->GetClient());
     manifest_id = IDR_EASY_UNLOCK_MANIFEST_SIGNIN;
   }
 
   if (!service) {
     service = new EasyUnlockServiceRegular(
         Profile::FromBrowserContext(context),
+        secure_channel::SecureChannelClientProvider::GetInstance()->GetClient(),
         device_sync::DeviceSyncClientFactory::GetForProfile(
             Profile::FromBrowserContext(context)));
     manifest_id = IDR_EASY_UNLOCK_MANIFEST;

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_regular.cc

@@ -107,17 +107,20 @@ void LogSmartLockEnabledState(SmartLockEnabledState state) {
 
 EasyUnlockServiceRegular::EasyUnlockServiceRegular(
     Profile* profile,
+    secure_channel::SecureChannelClient* secure_channel_client,
     device_sync::DeviceSyncClient* device_sync_client)
     : EasyUnlockServiceRegular(
           profile,
+          secure_channel_client,
           std::make_unique<EasyUnlockNotificationController>(profile),
           device_sync_client) {}
 
 EasyUnlockServiceRegular::EasyUnlockServiceRegular(
     Profile* profile,
+    secure_channel::SecureChannelClient* secure_channel_client,
     std::unique_ptr<EasyUnlockNotificationController> notification_controller,
     device_sync::DeviceSyncClient* device_sync_client)
-    : EasyUnlockService(profile),
+    : EasyUnlockService(profile, secure_channel_client),
       turn_off_flow_status_(EasyUnlockService::IDLE),
       scoped_crypt_auth_device_manager_observer_(this),
       will_unlock_using_easy_unlock_(false),

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_regular.h

@@ -43,6 +43,10 @@ class Profile;
 
 namespace chromeos {
 
+namespace secure_channel {
+class SecureChannelClient;
+}  // namespace secure_channel
+
 class EasyUnlockNotificationController;
 
 // EasyUnlockService instance that should be used for regular, non-signin
@@ -53,13 +57,15 @@ class EasyUnlockServiceRegular
       public cryptauth::CryptAuthDeviceManager::Observer,
       public device_sync::DeviceSyncClient::Observer {
  public:
-  explicit EasyUnlockServiceRegular(
+  EasyUnlockServiceRegular(
       Profile* profile,
+      secure_channel::SecureChannelClient* secure_channel_client,
       device_sync::DeviceSyncClient* device_sync_client);
 
   // Constructor for tests.
   EasyUnlockServiceRegular(
       Profile* profile,
+      secure_channel::SecureChannelClient* secure_channel_client,
       std::unique_ptr<EasyUnlockNotificationController> notification_controller,
       device_sync::DeviceSyncClient* device_sync_client);
 

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_signin_chromeos.cc

@@ -167,8 +167,10 @@ EasyUnlockServiceSignin::UserData::UserData()
 
 EasyUnlockServiceSignin::UserData::~UserData() {}
 
-EasyUnlockServiceSignin::EasyUnlockServiceSignin(Profile* profile)
-    : EasyUnlockService(profile),
+EasyUnlockServiceSignin::EasyUnlockServiceSignin(
+    Profile* profile,
+    secure_channel::SecureChannelClient* secure_channel_client)
+    : EasyUnlockService(profile, secure_channel_client),
       account_id_(EmptyAccountId()),
       user_pod_last_focused_timestamp_(base::TimeTicks::Now()),
       remote_device_cache_(

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_signin_chromeos.h

@@ -28,6 +28,10 @@ class ProximityAuthLocalStatePrefManager;
 
 namespace chromeos {
 
+namespace secure_channel {
+class SecureChannelClient;
+}  // namespace secure_channel
+
 class EasyUnlockChallengeWrapper;
 
 // EasyUnlockService instance that should be used for signin profile.
@@ -36,7 +40,9 @@ class EasyUnlockServiceSignin
       public proximity_auth::ScreenlockBridge::Observer,
       public LoginState::Observer {
  public:
-  explicit EasyUnlockServiceSignin(Profile* profile);
+  EasyUnlockServiceSignin(
+      Profile* profile,
+      secure_channel::SecureChannelClient* secure_channel_client);
   ~EasyUnlockServiceSignin() override;
 
   // Wraps the challenge for the remote device identified by |account_id| and

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_unittest_chromeos.cc

@@ -210,6 +210,7 @@ std::unique_ptr<KeyedService> CreateEasyUnlockServiceForTest(
   std::unique_ptr<EasyUnlockServiceRegular> service(
       new EasyUnlockServiceRegular(
           Profile::FromBrowserContext(context),
+          nullptr /* secure_channel_client */,
           std::make_unique<MockEasyUnlockNotificationController>(),
           fake_device_sync_client));
   service->Initialize(std::move(app_manager));

chrome/browser/ui/webui/settings/chromeos/easy_unlock_settings_handler_unittest.cc

@@ -22,7 +22,7 @@ namespace {
 class FakeEasyUnlockService : public EasyUnlockService {
  public:
   explicit FakeEasyUnlockService(Profile* profile)
-      : EasyUnlockService(profile),
+      : EasyUnlockService(profile, nullptr /* secure_channel_client */),
         turn_off_status_(IDLE),
         is_allowed_(true),
         is_enabled_(false) {}