Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/stabilize-5807.0.B / . / buffet / device_registration_info.cc
blob: de89aff6de9fa0a830d1ef3a6795b14357ae3107 [file] [log] [blame]
// Copyright 2014 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "buffet/device_registration_info.h"
#include <base/json/json_reader.h>
#include <base/json/json_writer.h>
#include <base/values.h>
#include <base/file_util.h>
#include <memory>
#include "buffet/data_encoding.h"
#include "buffet/http_transport_curl.h"
#include "buffet/http_utils.h"
#include "buffet/mime_utils.h"
#include "buffet/string_utils.h"
#include "buffet/url_utils.h"
using namespace chromeos;
using namespace chromeos::data_encoding;
namespace {
// Persistent keys
const char kClientId[] = "client_id";
const char kClientSecret[] = "client_secret";
const char kApiKey[] = "api_key";
const char kRefreshToken[] = "refresh_token";
const char kDeviceId[] = "device_id";
const char kOAuthURL[] = "oauth_url";
const char kServiceURL[] = "service_url";
const char kRobotAccount[] = "robot_account";
// Transient keys
const char kDeviceKind[] = "device_kind";
const char kSystemName[] = "system_name";
const char kDisplayName[] = "display_name";
const base::FilePath::CharType kDeviceInfoFilePath[] =
FILE_PATH_LITERAL("/var/lib/buffet/device_reg_info");
bool GetParamValue(
const std::map<std::string, std::shared_ptr<base::Value>>& params,
const std::string& param_name,
std::string* param_value) {
auto p = params.find(param_name);
if (p == params.end())
return false;
return p->second->GetAsString(param_value);
}
std::pair<std::string, std::string> BuildAuthHeader(
const std::string& access_token_type,
const std::string& access_token) {
std::string authorization = string_utils::Join(' ',
access_token_type,
access_token);
return {http::request_header::kAuthorization, authorization};
}
std::unique_ptr<base::DictionaryValue> ParseOAuthResponse(
const http::Response* response, std::string* error_message) {
int code = 0;
auto resp = http::ParseJsonResponse(response, &code, error_message);
if (resp && code >= http::status_code::BadRequest) {
if (error_message) {
error_message->clear();
std::string error_code, error;
if (resp->GetString("error", &error_code) &&
resp->GetString("error_description", &error)) {
*error_message = error_code + " (" + error + ")";
} else {
*error_message = "Unexpected OAuth error";
}
}
return std::unique_ptr<base::DictionaryValue>();
}
return resp;
}
std::string BuildURL(const std::string& url,
const std::vector<std::string>& subpaths,
const WebParamList& params) {
std::string result = url::CombineMultiple(url, subpaths);
return url::AppendQueryParams(result, params);
}
} // anonymous namespace
namespace buffet {
DeviceRegistrationInfo::DeviceRegistrationInfo()
: transport_(new http::curl::Transport()){
}
DeviceRegistrationInfo::DeviceRegistrationInfo(
std::shared_ptr<http::Transport> transport) : transport_(transport) {
}
std::pair<std::string, std::string>
DeviceRegistrationInfo::GetAuthorizationHeader() const {
return BuildAuthHeader(/*"Bearer"*/"OAuth", access_token_);
}
std::string DeviceRegistrationInfo::GetServiceURL(
const std::string& subpath, const WebParamList& params) const {
return BuildURL(service_url_, {subpath}, params);
}
std::string DeviceRegistrationInfo::GetDeviceURL(
const std::string& subpath, const WebParamList& params) const {
CHECK(!device_id_.empty()) << "Must have a valid device ID";
return BuildURL(service_url_, {"devices", device_id_, subpath}, params);
}
std::string DeviceRegistrationInfo::GetOAuthURL(const std::string& subpath,
const WebParamList& params) const {
return BuildURL(oauth_url_, {subpath}, params);
}
std::string DeviceRegistrationInfo::GetDeviceId() {
return CheckRegistration() ? device_id_ : std::string();
}
bool DeviceRegistrationInfo::Load() {
// TODO(avakulenko): Figure out security implications of storing
// this data unencrypted.
std::string json;
if (!base::ReadFileToString(base::FilePath(kDeviceInfoFilePath), &json))
return false;
auto value = std::unique_ptr<base::Value>(base::JSONReader::Read(json));
const base::DictionaryValue* dict = nullptr;
if (!value || !value->GetAsDictionary(&dict))
return false;
// Get the values into temp variables first to make sure we can get
// all the data correctly before changing the state of this object.
std::string client_id;
if (!dict->GetString(kClientId, &client_id))
return false;
std::string client_secret;
if (!dict->GetString(kClientSecret, &client_secret))
return false;
std::string api_key;
if (!dict->GetString(kApiKey, &api_key))
return false;
std::string refresh_token;
if (!dict->GetString(kRefreshToken, &refresh_token))
return false;
std::string device_id;
if (!dict->GetString(kDeviceId, &device_id))
return false;
std::string oauth_url;
if (!dict->GetString(kOAuthURL, &oauth_url))
return false;
std::string service_url;
if (!dict->GetString(kServiceURL, &service_url))
return false;
std::string device_robot_account;
if (!dict->GetString(kRobotAccount, &device_robot_account))
return false;
client_id_ = client_id;
client_secret_ = client_secret;
api_key_ = api_key;
refresh_token_ = refresh_token;
device_id_ = device_id;
oauth_url_ = oauth_url;
service_url_ = service_url;
device_robot_account_ = device_robot_account;
return true;
}
bool DeviceRegistrationInfo::Save() const {
// TODO(avakulenko): Figure out security implications of storing
// this data unencrypted.
base::DictionaryValue dict;
dict.SetString(kClientId, client_id_);
dict.SetString(kClientSecret, client_secret_);
dict.SetString(kApiKey, api_key_);
dict.SetString(kRefreshToken, refresh_token_);
dict.SetString(kDeviceId, device_id_);
dict.SetString(kOAuthURL, oauth_url_);
dict.SetString(kServiceURL, service_url_);
dict.SetString(kRobotAccount, device_robot_account_);
std::string json;
base::JSONWriter::WriteWithOptions(&dict,
base::JSONWriter::OPTIONS_PRETTY_PRINT,
&json);
int count = file_util::WriteFile(base::FilePath(kDeviceInfoFilePath),
json.data(), static_cast<int>(json.size()));
return (count > 0);
}
bool DeviceRegistrationInfo::CheckRegistration() {
LOG(INFO) << "Checking device registration record.";
if (refresh_token_.empty() ||
device_id_.empty() ||
device_robot_account_.empty()) {
LOG(INFO) << "No valid device registration record found.";
return false;
}
LOG(INFO) << "Device registration record found.";
return ValidateAndRefreshAccessToken();
}
bool DeviceRegistrationInfo::ValidateAndRefreshAccessToken() {
LOG(INFO) << " Checking access token expiration.";
if (!access_token_.empty() &&
!access_token_expiration_.is_null() &&
access_token_expiration_ > base::Time::Now()) {
LOG(INFO) << "Access token is still valid.";
return true;
}
auto response = http::PostFormData(GetOAuthURL("token"), {
{"refresh_token", refresh_token_},
{"client_id", client_id_},
{"client_secret", client_secret_},
{"grant_type", "refresh_token"},
}, transport_);
if (!response)
return false;
std::string error;
auto json = ParseOAuthResponse(response.get(), &error);
if (!json) {
LOG(ERROR) << "Unable to refresh access token: " << error;
return false;
}
int expires_in = 0;
if (!json->GetString("access_token", &access_token_) ||
!json->GetInteger("expires_in", &expires_in) ||
access_token_.empty() ||
expires_in <= 0) {
LOG(ERROR) << "Access token unavailable.";
return false;
}
access_token_expiration_ = base::Time::Now() +
base::TimeDelta::FromSeconds(expires_in);
LOG(INFO) << "Access token is refreshed for additional " << expires_in
<< " seconds.";
return true;
}
std::unique_ptr<base::Value> DeviceRegistrationInfo::GetDeviceInfo() {
if (!CheckRegistration())
return std::unique_ptr<base::Value>();
auto response = http::Get(GetDeviceURL(),
{GetAuthorizationHeader()}, transport_);
int status_code = 0;
std::unique_ptr<base::Value> device_info =
http::ParseJsonResponse(response.get(), &status_code, nullptr);
if (device_info) {
if (status_code >= http::status_code::BadRequest) {
LOG(WARNING) << "Failed to retrieve the device info. Response code = "
<< status_code;
return std::unique_ptr<base::Value>();
}
}
return device_info;
}
bool CheckParam(const std::string& param_name,
const std::string& param_value,
std::string* error_msg) {
if (!param_value.empty())
return true;
if (error_msg)
*error_msg = "Parameter " + param_name + " not specified";
return false;
}
std::string DeviceRegistrationInfo::StartRegistration(
const std::map<std::string, std::shared_ptr<base::Value>>& params,
std::string* error_msg) {
GetParamValue(params, kClientId, &client_id_);
GetParamValue(params, kClientSecret, &client_secret_);
GetParamValue(params, kApiKey, &api_key_);
GetParamValue(params, kDeviceId, &device_id_);
GetParamValue(params, kDeviceKind, &device_kind_);
GetParamValue(params, kSystemName, &system_name_);
GetParamValue(params, kDisplayName, &display_name_);
GetParamValue(params, kOAuthURL, &oauth_url_);
GetParamValue(params, kServiceURL, &service_url_);
if (!CheckParam(kClientId, client_id_, error_msg))
return std::string();
if (!CheckParam(kClientSecret, client_secret_, error_msg))
return std::string();
if (!CheckParam(kApiKey, api_key_, error_msg))
return std::string();
if (!CheckParam(kDeviceKind, device_kind_, error_msg))
return std::string();
if (!CheckParam(kSystemName, system_name_, error_msg))
return std::string();
if (!CheckParam(kOAuthURL, oauth_url_, error_msg))
return std::string();
if (!CheckParam(kServiceURL, service_url_, error_msg))
return std::string();
std::vector<std::pair<std::string, std::vector<std::string>>> commands = {
{"SetDeviceConfiguration", {"data"}}
};
base::DictionaryValue req_json;
base::ListValue* set_device_configuration_params = new base::ListValue;
base::DictionaryValue* param1 = new base::DictionaryValue;
param1->SetString("name", "data");
set_device_configuration_params->Append(param1);
base::ListValue* vendor_commands = new base::ListValue;
for (auto&& pair : commands) {
base::ListValue* params = new base::ListValue;
for (auto&& param_name : pair.second) {
base::DictionaryValue* param = new base::DictionaryValue;
param->SetString("name", param_name);
params->Append(param);
}
base::DictionaryValue* command = new base::DictionaryValue;
command->SetString("name", pair.first);
command->Set("parameter", params);
vendor_commands->Append(command);
}
req_json.SetString("oauthClientId", client_id_);
req_json.SetString("deviceDraft.deviceKind", device_kind_);
req_json.SetString("deviceDraft.systemName", system_name_);
req_json.SetString("deviceDraft.displayName", display_name_);
req_json.SetString("deviceDraft.channel.supportedType", "xmpp");
req_json.Set("deviceDraft.commands.base.vendorCommands", vendor_commands);
std::string url = GetServiceURL("registrationTickets", {{"key", api_key_}});
auto resp_json = http::ParseJsonResponse(
http::PostJson(url, &req_json, transport_).get(), nullptr, error_msg);
if (!resp_json)
return std::string();
const base::DictionaryValue* resp_dict = nullptr;
if (!resp_json->GetAsDictionary(&resp_dict)) {
if (error_msg)
*error_msg = "Invalid response received";
return std::string();
}
if (!resp_dict->GetString("id", &ticket_id_))
return std::string();
std::string auth_url = GetOAuthURL("auth", {
{"scope", "https://www.googleapis.com/auth/clouddevices"},
{"redirect_uri", "urn:ietf:wg:oauth:2.0:oob"},
{"response_type", "code"},
{"client_id", client_id_}
});
base::DictionaryValue json;
json.SetString("ticket_id", ticket_id_);
json.SetString("auth_url", auth_url);
std::string ret;
base::JSONWriter::Write(&json, &ret);
return ret;
}
bool DeviceRegistrationInfo::FinishRegistration(
const std::string& user_auth_code) {
if (ticket_id_.empty()) {
LOG(ERROR) << "Finish registration without ticket ID";
return false;
}
std::string url = GetServiceURL("registrationTickets/" + ticket_id_);
std::unique_ptr<http::Response> response;
if (!user_auth_code.empty()) {
std::string user_access_token;
response = http::PostFormData(GetOAuthURL("token"), {
{"code", user_auth_code},
{"client_id", client_id_},
{"client_secret", client_secret_},
{"redirect_uri", "urn:ietf:wg:oauth:2.0:oob"},
{"grant_type", "authorization_code"}
}, transport_);
if (!response)
return false;
std::string error;
auto json_resp = ParseOAuthResponse(response.get(), &error);
if (!json_resp ||
!json_resp->GetString("access_token", &user_access_token)) {
LOG(ERROR) << "Error parsing OAuth response: " << error;
return false;
}
base::DictionaryValue user_info;
user_info.SetString("userEmail", "me");
response = http::PatchJson(
url, &user_info, {BuildAuthHeader("Bearer", user_access_token)},
transport_);
auto json = http::ParseJsonResponse(response.get(), nullptr, &error);
if (!json) {
LOG(ERROR) << "Error populating user info: " << error;
return false;
}
}
std::string auth_code;
url += "/finalize?key=" + api_key_;
do {
LOG(INFO) << "Sending request to: " << url;
response = http::PostBinary(url, nullptr, 0, transport_);
if (response) {
if (response->GetStatusCode() == http::status_code::BadRequest)
sleep(1);
}
}
while (response &&
response->GetStatusCode() == http::status_code::BadRequest);
if (response &&
response->GetStatusCode() == http::status_code::Ok) {
auto json_resp = http::ParseJsonResponse(response.get(), nullptr, nullptr);
if (json_resp &&
json_resp->GetString("robotAccountEmail", &device_robot_account_) &&
json_resp->GetString("robotAccountAuthorizationCode", &auth_code) &&
json_resp->GetString("deviceDraft.id", &device_id_)) {
// Now get access_token and refresh_token
response = http::PostFormData(GetOAuthURL("token"), {
{"code", auth_code},
{"client_id", client_id_},
{"client_secret", client_secret_},
{"redirect_uri", "oob"},
{"scope", "https://www.googleapis.com/auth/clouddevices"},
{"grant_type", "authorization_code"}
}, transport_);
if (!response)
return false;
json_resp = ParseOAuthResponse(response.get(), nullptr);
int expires_in = 0;
if (!json_resp ||
!json_resp->GetString("access_token", &access_token_) ||
!json_resp->GetString("refresh_token", &refresh_token_) ||
!json_resp->GetInteger("expires_in", &expires_in) ||
access_token_.empty() ||
refresh_token_.empty() ||
expires_in <= 0) {
LOG(ERROR) << "Access token unavailable";
return false;
}
access_token_expiration_ = base::Time::Now() +
base::TimeDelta::FromSeconds(expires_in);
Save();
}
}
return true;
}
} // namespace buffet