[CrOS Multidevice] Integrate SecureChannel API into proximity_auth::RemoteDeviceLifeCycle.

This injects SecureChannelClient and local device into RemoteDeviceLifeCycle,
both of which are used to make a call to SecureChannel service. If the
chromeos::features::kMultiDeviceApi flag is enabled, they are used to create
an authenticated BLE connection to the remote device, instead of
using BluetoothLowEnergyConnectionFinder.

This change also injects a real ClientChannel into ProximityAuthMonitor.

R=jhawkins@chromium.org, khorimoto@chromium.org

Bug: 824568, 752273
Change-Id: Iefb03d1356ea7e8f5aac0136c8d7a4280302da16
Reviewed-on: https://chromium-review.googlesource.com/1107490
Commit-Queue: Ryan Hansberry <hansberry@chromium.org>
Reviewed-by: James Hawkins <jhawkins@chromium.org>
Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569825}

chromeos/components/proximity_auth/BUILD.gn

@@ -86,6 +86,7 @@ static_library("test_support") {
   deps = [
     "//base",
     "//chromeos/components/proximity_auth/logging",
+    "//chromeos/services/secure_channel/public/cpp/client",
     "//components/cryptauth:test_support",
     "//testing/gmock",
   ]

chromeos/components/proximity_auth/fake_remote_device_life_cycle.cc

@@ -26,6 +26,11 @@ cryptauth::Connection* FakeRemoteDeviceLifeCycle::GetConnection() const {
   return connection_;
 }
 
+chromeos::secure_channel::ClientChannel* FakeRemoteDeviceLifeCycle::GetChannel()
+    const {
+  return channel_;
+}
+
 RemoteDeviceLifeCycle::State FakeRemoteDeviceLifeCycle::GetState() const {
   return state_;
 }

chromeos/components/proximity_auth/fake_remote_device_life_cycle.h

@@ -8,6 +8,7 @@
 #include "base/macros.h"
 #include "base/observer_list.h"
 #include "chromeos/components/proximity_auth/remote_device_life_cycle.h"
+#include "chromeos/services/secure_channel/public/cpp/client/client_channel.h"
 #include "components/cryptauth/fake_connection.h"
 #include "components/cryptauth/remote_device_ref.h"
 
@@ -22,6 +23,7 @@ class FakeRemoteDeviceLifeCycle : public RemoteDeviceLifeCycle {
   void Start() override;
   cryptauth::RemoteDeviceRef GetRemoteDevice() const override;
   cryptauth::Connection* GetConnection() const override;
+  chromeos::secure_channel::ClientChannel* GetChannel() const override;
   State GetState() const override;
   Messenger* GetMessenger() override;
   void AddObserver(Observer* observer) override;
@@ -36,21 +38,21 @@ class FakeRemoteDeviceLifeCycle : public RemoteDeviceLifeCycle {
     connection_ = connection;
   }
 
+  void set_channel(chromeos::secure_channel::ClientChannel* channel) {
+    channel_ = channel;
+  }
+
   bool started() { return started_; }
 
   base::ObserverList<Observer>& observers() { return observers_; }
 
  private:
   cryptauth::RemoteDeviceRef remote_device_;
-
   base::ObserverList<Observer> observers_;
-
   bool started_;
-
   State state_;
-
   cryptauth::Connection* connection_;
-
+  chromeos::secure_channel::ClientChannel* channel_;
   Messenger* messenger_;
 
   DISALLOW_COPY_AND_ASSIGN(FakeRemoteDeviceLifeCycle);

chromeos/components/proximity_auth/proximity_auth_system.cc

@@ -114,8 +114,10 @@ void ProximityAuthSystem::OnSuspendDone() {
 std::unique_ptr<RemoteDeviceLifeCycle>
 ProximityAuthSystem::CreateRemoteDeviceLifeCycle(
     cryptauth::RemoteDeviceRef remote_device) {
-  return std::unique_ptr<RemoteDeviceLifeCycle>(
-      new RemoteDeviceLifeCycleImpl(remote_device));
+  // TODO(crbug.com/752273): Inject a real local device and SecureChannelClient.
+  return std::make_unique<RemoteDeviceLifeCycleImpl>(
+      remote_device, base::nullopt /* local_device */,
+      nullptr /* secure_channel_client */);
 }
 
 void ProximityAuthSystem::OnLifeCycleStateChanged(

chromeos/components/proximity_auth/remote_device_life_cycle.h

@@ -11,6 +11,12 @@
 #include "components/cryptauth/connection.h"
 #include "components/cryptauth/remote_device_ref.h"
 
+namespace chromeos {
+namespace secure_channel {
+class ClientChannel;
+}  // namespace secure_channel
+}  // namespace chromeos
+
 namespace proximity_auth {
 
 class Messenger;
@@ -63,6 +69,10 @@ class RemoteDeviceLifeCycle {
   // Returns the current Connection, or null if the device is not yet connected.
   virtual cryptauth::Connection* GetConnection() const = 0;
 
+  // Returns the active channel to the remote device, or null if the device is
+  // not yet connected.
+  virtual chromeos::secure_channel::ClientChannel* GetChannel() const = 0;
+
   // Returns the current state of in the life cycle.
   virtual State GetState() const = 0;
 

chromeos/components/proximity_auth/remote_device_life_cycle_impl.cc

@@ -12,10 +12,13 @@
 #include "base/location.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/time/default_tick_clock.h"
+#include "chromeos/chromeos_features.h"
 #include "chromeos/components/proximity_auth/bluetooth_low_energy_connection_finder.h"
 #include "chromeos/components/proximity_auth/logging/logging.h"
 #include "chromeos/components/proximity_auth/messenger_impl.h"
 #include "chromeos/components/proximity_auth/switches.h"
+#include "chromeos/services/secure_channel/public/cpp/client/secure_channel_client.h"
+#include "chromeos/services/secure_channel/public/cpp/shared/connection_priority.h"
 #include "components/cryptauth/connection_finder.h"
 #include "components/cryptauth/device_to_device_authenticator.h"
 #include "components/cryptauth/secure_context.h"
@@ -25,15 +28,22 @@ namespace proximity_auth {
 
 namespace {
 
+const char kSmartLockFeatureName[] = "easy_unlock";
+
 // The time to wait, in seconds, after authentication fails, before retrying
-// another connection.
+// another connection. This value is not used if the SecureChannel API fails to
+// create an authenticated connection.
 const int kAuthenticationRecoveryTimeSeconds = 10;
 
 }  // namespace
 
 RemoteDeviceLifeCycleImpl::RemoteDeviceLifeCycleImpl(
-    cryptauth::RemoteDeviceRef remote_device)
+    cryptauth::RemoteDeviceRef remote_device,
+    base::Optional<cryptauth::RemoteDeviceRef> local_device,
+    chromeos::secure_channel::SecureChannelClient* secure_channel_client)
     : remote_device_(remote_device),
+      local_device_(local_device),
+      secure_channel_client_(secure_channel_client),
       state_(RemoteDeviceLifeCycle::State::STOPPED),
       weak_ptr_factory_(this) {}
 
@@ -50,6 +60,8 @@ cryptauth::RemoteDeviceRef RemoteDeviceLifeCycleImpl::GetRemoteDevice() const {
 }
 
 cryptauth::Connection* RemoteDeviceLifeCycleImpl::GetConnection() const {
+  DCHECK(!base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi));
+
   if (connection_)
     return connection_.get();
   if (messenger_)
@@ -57,6 +69,17 @@ cryptauth::Connection* RemoteDeviceLifeCycleImpl::GetConnection() const {
   return nullptr;
 }
 
+chromeos::secure_channel::ClientChannel* RemoteDeviceLifeCycleImpl::GetChannel()
+    const {
+  DCHECK(base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi));
+
+  if (channel_)
+    return channel_.get();
+  if (messenger_)
+    return messenger_->GetChannel();
+  return nullptr;
+}
+
 RemoteDeviceLifeCycle::State RemoteDeviceLifeCycleImpl::GetState() const {
   return state_;
 }
@@ -95,22 +118,32 @@ void RemoteDeviceLifeCycleImpl::TransitionToState(
 }
 
 void RemoteDeviceLifeCycleImpl::FindConnection() {
-  connection_finder_ = CreateConnectionFinder();
-  if (!connection_finder_) {
-    // TODO(tengs): We need to introduce a failed state if the RemoteDevice data
-    // is invalid.
-    TransitionToState(RemoteDeviceLifeCycleImpl::State::FINDING_CONNECTION);
-    return;
+  if (base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi)) {
+    connection_attempt_ = secure_channel_client_->ListenForConnectionFromDevice(
+        remote_device_, *local_device_, kSmartLockFeatureName,
+        chromeos::secure_channel::ConnectionPriority::kHigh);
+    connection_attempt_->SetDelegate(this);
+  } else {
+    connection_finder_ = CreateConnectionFinder();
+    if (!connection_finder_) {
+      // TODO(tengs): We need to introduce a failed state if the RemoteDevice
+      // data is invalid.
+      TransitionToState(RemoteDeviceLifeCycleImpl::State::FINDING_CONNECTION);
+      return;
+    }
+
+    connection_finder_->Find(
+        base::BindRepeating(&RemoteDeviceLifeCycleImpl::OnConnectionFound,
+                            weak_ptr_factory_.GetWeakPtr()));
   }
 
-  connection_finder_->Find(
-      base::Bind(&RemoteDeviceLifeCycleImpl::OnConnectionFound,
-                 weak_ptr_factory_.GetWeakPtr()));
   TransitionToState(RemoteDeviceLifeCycle::State::FINDING_CONNECTION);
 }
 
 void RemoteDeviceLifeCycleImpl::OnConnectionFound(
     std::unique_ptr<cryptauth::Connection> connection) {
+  DCHECK(!base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi));
+
   DCHECK(state_ == RemoteDeviceLifeCycle::State::FINDING_CONNECTION);
   connection_ = std::move(connection);
   authenticator_ = CreateAuthenticator();
@@ -123,6 +156,8 @@ void RemoteDeviceLifeCycleImpl::OnConnectionFound(
 void RemoteDeviceLifeCycleImpl::OnAuthenticationResult(
     cryptauth::Authenticator::Result result,
     std::unique_ptr<cryptauth::SecureContext> secure_context) {
+  DCHECK(!base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi));
+
   DCHECK(state_ == RemoteDeviceLifeCycle::State::AUTHENTICATING);
   authenticator_.reset();
   if (result != cryptauth::Authenticator::Result::SUCCESS) {
@@ -149,16 +184,49 @@ void RemoteDeviceLifeCycleImpl::OnAuthenticationResult(
 void RemoteDeviceLifeCycleImpl::CreateMessenger() {
   DCHECK(state_ == RemoteDeviceLifeCycle::State::AUTHENTICATING);
 
-  // TODO(crbug.com/752273): Inject a real ClientChannel.
-  messenger_.reset(new MessengerImpl(std::move(connection_),
-                                     std::move(secure_context_),
-                                     nullptr /* channel */));
+  if (base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi)) {
+    messenger_.reset(new MessengerImpl(nullptr /* connection */,
+                                       nullptr /* secure_context */,
+                                       std::move(channel_)));
+  } else {
+    messenger_.reset(new MessengerImpl(std::move(connection_),
+                                       std::move(secure_context_),
+                                       nullptr /* channel */));
+  }
 
   messenger_->AddObserver(this);
 
   TransitionToState(RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED);
 }
 
+void RemoteDeviceLifeCycleImpl::OnConnectionAttemptFailure(
+    chromeos::secure_channel::mojom::ConnectionAttemptFailureReason reason) {
+  DCHECK(base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi));
+
+  PA_LOG(ERROR) << "Failed to create connection to remote device: "
+                << remote_device_.GetTruncatedDeviceIdForLogs()
+                << ", for reason: " << reason << ". Giving up.";
+  connection_attempt_.reset();
+  TransitionToState(RemoteDeviceLifeCycle::State::AUTHENTICATION_FAILED);
+}
+
+void RemoteDeviceLifeCycleImpl::OnConnection(
+    std::unique_ptr<chromeos::secure_channel::ClientChannel> channel) {
+  DCHECK(base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi));
+
+  DCHECK(state_ == RemoteDeviceLifeCycle::State::FINDING_CONNECTION);
+  TransitionToState(RemoteDeviceLifeCycle::State::AUTHENTICATING);
+
+  channel_ = std::move(channel);
+
+  // Create the MessengerImpl asynchronously. |messenger_| registers itself as
+  // an observer of |channel_|, so creating it synchronously would trigger
+  // |OnSendCompleted()| as an observer call for |messenger_|.
+  base::ThreadTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::BindOnce(&RemoteDeviceLifeCycleImpl::CreateMessenger,
+                                weak_ptr_factory_.GetWeakPtr()));
+}
+
 void RemoteDeviceLifeCycleImpl::OnDisconnected() {
   DCHECK(state_ == RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED);
   messenger_.reset();

chromeos/components/proximity_auth/remote_device_life_cycle_impl.h

@@ -13,11 +13,21 @@
 #include "base/timer/timer.h"
 #include "chromeos/components/proximity_auth/messenger_observer.h"
 #include "chromeos/components/proximity_auth/remote_device_life_cycle.h"
+#include "chromeos/services/secure_channel/public/cpp/client/connection_attempt.h"
+#include "chromeos/services/secure_channel/public/cpp/client/secure_channel_client.h"
+#include "chromeos/services/secure_channel/public/mojom/secure_channel.mojom.h"
 #include "components/cryptauth/authenticator.h"
 #include "components/cryptauth/connection.h"
 #include "components/cryptauth/connection_finder.h"
 #include "components/cryptauth/remote_device_ref.h"
 
+namespace chromeos {
+namespace secure_channel {
+class ClientChannel;
+class SecureChannelClient;
+}  // namespace secure_channel
+}  // namespace chromeos
+
 namespace cryptauth {
 class SecureContext;
 }
@@ -27,18 +37,25 @@ namespace proximity_auth {
 class Messenger;
 
 // Implementation of RemoteDeviceLifeCycle.
-class RemoteDeviceLifeCycleImpl : public RemoteDeviceLifeCycle,
-                                  public MessengerObserver {
+class RemoteDeviceLifeCycleImpl
+    : public RemoteDeviceLifeCycle,
+      public chromeos::secure_channel::ConnectionAttempt::Delegate,
+      public MessengerObserver {
  public:
   // Creates the life cycle for controlling the given |remote_device|.
   // |proximity_auth_client| is not owned.
-  explicit RemoteDeviceLifeCycleImpl(cryptauth::RemoteDeviceRef remote_device);
+  RemoteDeviceLifeCycleImpl(
+      cryptauth::RemoteDeviceRef remote_device,
+      base::Optional<cryptauth::RemoteDeviceRef> local_device,
+      chromeos::secure_channel::SecureChannelClient* secure_channel_client);
   ~RemoteDeviceLifeCycleImpl() override;
 
   // RemoteDeviceLifeCycle:
   void Start() override;
   cryptauth::RemoteDeviceRef GetRemoteDevice() const override;
   cryptauth::Connection* GetConnection() const override;
+  chromeos::secure_channel::ClientChannel* GetChannel() const override;
+
   RemoteDeviceLifeCycle::State GetState() const override;
   Messenger* GetMessenger() override;
   void AddObserver(Observer* observer) override;
@@ -73,12 +90,25 @@ class RemoteDeviceLifeCycleImpl : public RemoteDeviceLifeCycle,
   // Creates the messenger which parses status updates.
   void CreateMessenger();
 
+  // chromeos::secure_channel::ConnectionAttempt::Delegate:
+  void OnConnectionAttemptFailure(
+      chromeos::secure_channel::mojom::ConnectionAttemptFailureReason reason)
+      override;
+  void OnConnection(std::unique_ptr<chromeos::secure_channel::ClientChannel>
+                        channel) override;
+
   // MessengerObserver:
   void OnDisconnected() override;
 
   // The remote device being controlled.
   const cryptauth::RemoteDeviceRef remote_device_;
 
+  // Represents this device (i.e. this Chromebook) for a particular profile.
+  base::Optional<cryptauth::RemoteDeviceRef> local_device_;
+
+  // The entrypoint to the SecureChannel API.
+  chromeos::secure_channel::SecureChannelClient* secure_channel_client_;
+
   // The current state in the life cycle.
   RemoteDeviceLifeCycle::State state_;
 
@@ -105,6 +135,12 @@ class RemoteDeviceLifeCycleImpl : public RemoteDeviceLifeCycle,
   // remote device.
   std::unique_ptr<cryptauth::ConnectionFinder> connection_finder_;
 
+  std::unique_ptr<chromeos::secure_channel::ConnectionAttempt>
+      connection_attempt_;
+
+  // Ownership is eventually passed to |messenger_|.
+  std::unique_ptr<chromeos::secure_channel::ClientChannel> channel_;
+
   // After authentication fails, this timer waits for a period of time before
   // retrying the connection.
   base::OneShotTimer authentication_recovery_timer_;

chromeos/components/proximity_auth/remote_device_life_cycle_impl_unittest.cc

@@ -11,9 +11,14 @@
 
 #include "base/callback.h"
 #include "base/macros.h"
+#include "base/test/scoped_feature_list.h"
 #include "base/test/test_simple_task_runner.h"
 #include "base/threading/thread_task_runner_handle.h"
+#include "chromeos/chromeos_features.h"
 #include "chromeos/components/proximity_auth/messenger.h"
+#include "chromeos/services/secure_channel/public/cpp/client/fake_client_channel.h"
+#include "chromeos/services/secure_channel/public/cpp/client/fake_connection_attempt.h"
+#include "chromeos/services/secure_channel/public/cpp/client/fake_secure_channel_client.h"
 #include "components/cryptauth/authenticator.h"
 #include "components/cryptauth/connection_finder.h"
 #include "components/cryptauth/fake_connection.h"
@@ -129,8 +134,13 @@ class FakeAuthenticator : public cryptauth::Authenticator {
 // Subclass of RemoteDeviceLifeCycleImpl to make it testable.
 class TestableRemoteDeviceLifeCycleImpl : public RemoteDeviceLifeCycleImpl {
  public:
-  TestableRemoteDeviceLifeCycleImpl(cryptauth::RemoteDeviceRef remote_device)
-      : RemoteDeviceLifeCycleImpl(remote_device),
+  TestableRemoteDeviceLifeCycleImpl(
+      cryptauth::RemoteDeviceRef remote_device,
+      base::Optional<cryptauth::RemoteDeviceRef> local_device,
+      chromeos::secure_channel::SecureChannelClient* secure_channel_client)
+      : RemoteDeviceLifeCycleImpl(remote_device,
+                                  local_device,
+                                  secure_channel_client),
         remote_device_(remote_device) {}
 
   ~TestableRemoteDeviceLifeCycleImpl() override {}
@@ -169,7 +179,14 @@ class ProximityAuthRemoteDeviceLifeCycleImplTest
       public RemoteDeviceLifeCycle::Observer {
  protected:
   ProximityAuthRemoteDeviceLifeCycleImplTest()
-      : life_cycle_(cryptauth::CreateRemoteDeviceRefForTest()),
+      : test_remote_device_(cryptauth::CreateRemoteDeviceRefForTest()),
+        test_local_device_(cryptauth::CreateRemoteDeviceRefForTest()),
+        fake_secure_channel_client_(
+            std::make_unique<
+                chromeos::secure_channel::FakeSecureChannelClient>()),
+        life_cycle_(test_remote_device_,
+                    test_local_device_,
+                    fake_secure_channel_client_.get()),
         task_runner_(new base::TestSimpleTaskRunner()),
         thread_task_runner_handle_(task_runner_) {}
 
@@ -177,6 +194,20 @@ class ProximityAuthRemoteDeviceLifeCycleImplTest
     life_cycle_.RemoveObserver(this);
   }
 
+  void CreateFakeConnectionAttempt() {
+    auto fake_connection_attempt =
+        std::make_unique<chromeos::secure_channel::FakeConnectionAttempt>();
+    fake_connection_attempt_ = fake_connection_attempt.get();
+    fake_secure_channel_client_->set_next_listen_connection_attempt(
+        test_remote_device_, test_local_device_,
+        std::move(fake_connection_attempt));
+  }
+
+  void SetMultiDeviceApiEnabled() {
+    scoped_feature_list_.InitAndEnableFeature(
+        chromeos::features::kMultiDeviceApi);
+  }
+
   void StartLifeCycle() {
     EXPECT_EQ(RemoteDeviceLifeCycle::State::STOPPED, life_cycle_.GetState());
     life_cycle_.AddObserver(this);
@@ -192,6 +223,52 @@ class ProximityAuthRemoteDeviceLifeCycleImplTest
               life_cycle_.GetState());
   }
 
+  void SimulateSuccessfulAuthenticatedConnection() {
+    EXPECT_EQ(RemoteDeviceLifeCycle::State::FINDING_CONNECTION,
+              life_cycle_.GetState());
+
+    EXPECT_CALL(*this, OnLifeCycleStateChanged(
+                           RemoteDeviceLifeCycle::State::FINDING_CONNECTION,
+                           RemoteDeviceLifeCycle::State::AUTHENTICATING));
+
+    auto fake_client_channel =
+        std::make_unique<chromeos::secure_channel::FakeClientChannel>();
+    auto* fake_client_channel_raw = fake_client_channel.get();
+    fake_connection_attempt_->NotifyConnection(std::move(fake_client_channel));
+
+    Mock::VerifyAndClearExpectations(this);
+
+    EXPECT_CALL(*this,
+                OnLifeCycleStateChanged(
+                    RemoteDeviceLifeCycle::State::AUTHENTICATING,
+                    RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED));
+    task_runner_->RunUntilIdle();
+
+    EXPECT_EQ(fake_client_channel_raw, life_cycle_.GetChannel());
+    EXPECT_EQ(fake_client_channel_raw,
+              life_cycle_.GetMessenger()->GetChannel());
+  }
+
+  void SimulateFailureToAuthenticateConnection() {
+    EXPECT_EQ(RemoteDeviceLifeCycle::State::FINDING_CONNECTION,
+              life_cycle_.GetState());
+
+    EXPECT_CALL(*this,
+                OnLifeCycleStateChanged(
+                    RemoteDeviceLifeCycle::State::FINDING_CONNECTION,
+                    RemoteDeviceLifeCycle::State::AUTHENTICATION_FAILED));
+
+    fake_connection_attempt_->NotifyConnectionAttemptFailure(
+        chromeos::secure_channel::mojom::ConnectionAttemptFailureReason::
+            AUTHENTICATION_ERROR);
+
+    EXPECT_EQ(nullptr, life_cycle_.GetChannel());
+    EXPECT_EQ(nullptr, life_cycle_.GetMessenger());
+
+    EXPECT_EQ(RemoteDeviceLifeCycle::State::AUTHENTICATION_FAILED,
+              life_cycle_.GetState());
+  }
+
   cryptauth::FakeConnection* OnConnectionFound() {
     EXPECT_EQ(RemoteDeviceLifeCycle::State::FINDING_CONNECTION,
               life_cycle_.GetState());
@@ -200,7 +277,6 @@ class ProximityAuthRemoteDeviceLifeCycleImplTest
                            RemoteDeviceLifeCycle::State::FINDING_CONNECTION,
                            RemoteDeviceLifeCycle::State::AUTHENTICATING));
     life_cycle_.connection_finder()->OnConnectionFound();
-    task_runner_->RunUntilIdle();
     Mock::VerifyAndClearExpectations(this);
 
     EXPECT_EQ(RemoteDeviceLifeCycle::State::AUTHENTICATING,
@@ -233,23 +309,38 @@ class ProximityAuthRemoteDeviceLifeCycleImplTest
                void(RemoteDeviceLifeCycle::State old_state,
                     RemoteDeviceLifeCycle::State new_state));
 
+  cryptauth::RemoteDeviceRef test_remote_device_;
+  cryptauth::RemoteDeviceRef test_local_device_;
+  std::unique_ptr<chromeos::secure_channel::FakeSecureChannelClient>
+      fake_secure_channel_client_;
   TestableRemoteDeviceLifeCycleImpl life_cycle_;
+
+  chromeos::secure_channel::FakeConnectionAttempt* fake_connection_attempt_;
+
   scoped_refptr<base::TestSimpleTaskRunner> task_runner_;
   base::ThreadTaskRunnerHandle thread_task_runner_handle_;
+  base::test::ScopedFeatureList scoped_feature_list_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ProximityAuthRemoteDeviceLifeCycleImplTest);
 };
 
-TEST_F(ProximityAuthRemoteDeviceLifeCycleImplTest, GetRemoteDevice) {
-  cryptauth::RemoteDeviceRef expected_remote_device =
-      cryptauth::CreateRemoteDeviceRefForTest();
-  cryptauth::RemoteDeviceRef remote_device = life_cycle_.GetRemoteDevice();
-  EXPECT_EQ(expected_remote_device.user_id(), remote_device.user_id());
-  EXPECT_EQ(expected_remote_device.name(), remote_device.name());
-  EXPECT_EQ(expected_remote_device.public_key(), remote_device.public_key());
-  EXPECT_EQ(expected_remote_device.persistent_symmetric_key(),
-            remote_device.persistent_symmetric_key());
+TEST_F(ProximityAuthRemoteDeviceLifeCycleImplTest,
+       MultiDeviceApiEnabled_Success) {
+  SetMultiDeviceApiEnabled();
+  CreateFakeConnectionAttempt();
+
+  StartLifeCycle();
+  SimulateSuccessfulAuthenticatedConnection();
+}
+
+TEST_F(ProximityAuthRemoteDeviceLifeCycleImplTest,
+       MultiDeviceApiEnabled_Failure) {
+  SetMultiDeviceApiEnabled();
+  CreateFakeConnectionAttempt();
+
+  StartLifeCycle();
+  SimulateFailureToAuthenticateConnection();
 }
 
 TEST_F(ProximityAuthRemoteDeviceLifeCycleImplTest, AuthenticateAndDisconnect) {

chromeos/components/proximity_auth/unlock_manager_impl.cc

@@ -156,8 +156,7 @@ void UnlockManagerImpl::OnLifeCycleStateChanged() {
   if (state == RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED) {
     DCHECK(life_cycle_->GetConnection());
     DCHECK(GetMessenger());
-    proximity_monitor_ =
-        CreateProximityMonitor(life_cycle_->GetConnection(), pref_manager_);
+    proximity_monitor_ = CreateProximityMonitor(life_cycle_, pref_manager_);
     GetMessenger()->AddObserver(this);
   }
 
@@ -322,12 +321,17 @@ void UnlockManagerImpl::OnAuthAttempted(mojom::AuthType auth_type) {
 }
 
 std::unique_ptr<ProximityMonitor> UnlockManagerImpl::CreateProximityMonitor(
-    cryptauth::Connection* connection,
+    RemoteDeviceLifeCycle* life_cycle,
     ProximityAuthPrefManager* pref_manager) {
-  // TODO(crbug.com/752273): Inject a real ClientChannel.
-  return std::make_unique<ProximityMonitorImpl>(connection->remote_device(),
-                                                nullptr /* channel */,
-                                                connection, pref_manager);
+  return std::make_unique<ProximityMonitorImpl>(
+      life_cycle->GetRemoteDevice(),
+      base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi)
+          ? life_cycle->GetChannel()
+          : nullptr,
+      base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi)
+          ? nullptr
+          : life_cycle->GetConnection(),
+      pref_manager);
 }
 
 void UnlockManagerImpl::SendSignInChallenge() {

chromeos/components/proximity_auth/unlock_manager_impl.h

@@ -53,7 +53,7 @@ class UnlockManagerImpl : public UnlockManager,
   // Creates a ProximityMonitor instance for the given |connection|.
   // Exposed for testing.
   virtual std::unique_ptr<ProximityMonitor> CreateProximityMonitor(
-      cryptauth::Connection* connection,
+      RemoteDeviceLifeCycle* life_cycle,
       ProximityAuthPrefManager* pref_manager);
 
  private:

chromeos/components/proximity_auth/unlock_manager_impl_unittest.cc

@@ -121,10 +121,10 @@ class TestUnlockManager : public UnlockManagerImpl {
 
  private:
   std::unique_ptr<ProximityMonitor> CreateProximityMonitor(
-      cryptauth::Connection* connection,
+      RemoteDeviceLifeCycle* life_cycle,
       ProximityAuthPrefManager* pref_manager) override {
     EXPECT_EQ(cryptauth::kTestRemoteDevicePublicKey,
-              connection->remote_device().public_key());
+              life_cycle->GetConnection()->remote_device().public_key());
     std::unique_ptr<MockProximityMonitor> proximity_monitor(
         new NiceMock<MockProximityMonitor>());
     proximity_monitor_ = proximity_monitor.get();

chromeos/components/proximity_auth/webui/proximity_auth_webui_handler.cc

@@ -569,8 +569,16 @@ void ProximityAuthWebUIHandler::OnRemoteDevicesLoaded(
 
 void ProximityAuthWebUIHandler::StartRemoteDeviceLifeCycle(
     cryptauth::RemoteDeviceRef remote_device) {
+  base::Optional<cryptauth::RemoteDeviceRef> local_device;
+  if (base::FeatureList::IsEnabled(chromeos::features::kMultiDeviceApi)) {
+    local_device = device_sync_client_->GetLocalDeviceMetadata();
+  }
+
   selected_remote_device_ = remote_device;
-  life_cycle_.reset(new RemoteDeviceLifeCycleImpl(*selected_remote_device_));
+  // TODO(crbug.com/752273): Inject a real SecureChannelClient.
+  life_cycle_.reset(
+      new RemoteDeviceLifeCycleImpl(*selected_remote_device_, local_device,
+                                    nullptr /* secure_channel_client */));
   life_cycle_->AddObserver(this);
   life_cycle_->Start();
 }