blob: aeaeda35cc22eafb202e04a4d791d611336688bf [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_SAFE_BROWSING_ADVANCED_PROTECTION_STATUS_MANAGER_H_
#define CHROME_BROWSER_SAFE_BROWSING_ADVANCED_PROTECTION_STATUS_MANAGER_H_
#include "base/timer/timer.h"
#include "components/keyed_service/core/keyed_service.h"
#include "components/signin/core/browser/account_info.h"
#include "services/identity/public/cpp/access_token_info.h"
#include "services/identity/public/cpp/identity_manager.h"
namespace identity {
class PrimaryAccountAccessTokenFetcher;
}
class Profile;
namespace safe_browsing {
// Responsible for keeping track of advanced protection status of the sign-in
// profile.
// Note that for profile that is not signed-in, we consider it NOT under
// advanced protection.
// For incognito profile Chrome returns users' advanced protection status
// of its original profile.
class AdvancedProtectionStatusManager
: public KeyedService,
public identity::IdentityManager::Observer {
public:
explicit AdvancedProtectionStatusManager(Profile* profile);
~AdvancedProtectionStatusManager() override;
// If the primary account of |profile| is under advanced protection.
static bool IsUnderAdvancedProtection(Profile* profile);
bool is_under_advanced_protection() const {
return is_under_advanced_protection_;
}
Profile* profile() const { return profile_; }
// KeyedService:
void Shutdown() override;
bool IsRefreshScheduled();
private:
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
NotSignedInOnStartUp);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
SignedInLongTimeAgoRefreshFailTransientError);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
SignedInLongTimeAgoRefreshFailNonTransientError);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
SignedInLongTimeAgoNotUnderAP);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
SignedInLongTimeAgoUnderAP);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
AlreadySignedInAndUnderAP);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
SignInAndSignOutEvent);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest, AccountRemoval);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
StayInAdvancedProtection);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
AlreadySignedInAndUnderAPIncognito);
FRIEND_TEST_ALL_PREFIXES(AdvancedProtectionStatusManagerTest,
AlreadySignedInAndNotUnderAPIncognito);
void Initialize();
// Called after |Initialize()|. May trigger advanced protection status
// refresh.
void MaybeRefreshOnStartUp();
// Subscribes to sign-in events.
void SubscribeToSigninEvents();
// Subscribes from sign-in events.
void UnsubscribeFromSigninEvents();
// IdentityManager::Observer implementations.
void OnPrimaryAccountSet(const CoreAccountInfo& account_info) override;
void OnPrimaryAccountCleared(const CoreAccountInfo& account_info) override;
void OnExtendedAccountInfoUpdated(const AccountInfo& info) override;
void OnExtendedAccountInfoRemoved(const AccountInfo& info) override;
void OnAdvancedProtectionEnabled();
void OnAdvancedProtectionDisabled();
void OnAccessTokenFetchComplete(std::string account_id,
GoogleServiceAuthError error,
identity::AccessTokenInfo token_info);
// Requests Gaia refresh token to obtain advanced protection status.
void RefreshAdvancedProtectionStatus();
// Starts a timer to schedule next refresh.
void ScheduleNextRefresh();
// Cancels any status refresh in the future.
void CancelFutureRefresh();
// Sets |last_refresh_| to now and persists it.
void UpdateLastRefreshTime();
bool IsPrimaryAccount(const CoreAccountInfo& account_info);
// Decodes |id_token| to get advanced protection status.
void OnGetIDToken(const std::string& account_id, const std::string& id_token);
// Only called in tests.
void SetMinimumRefreshDelay(const base::TimeDelta& delay);
// Gets the account ID of the primary account of |profile_|.
// Returns an empty string if user is not signed in.
std::string GetPrimaryAccountId() const;
// Only called in tests to set a customized minimum delay.
AdvancedProtectionStatusManager(Profile* profile,
const base::TimeDelta& min_delay);
Profile* const profile_;
identity::IdentityManager* identity_manager_;
std::unique_ptr<identity::PrimaryAccountAccessTokenFetcher>
access_token_fetcher_;
AccountTrackerService* account_tracker_service_;
// Is the profile account under advanced protection.
bool is_under_advanced_protection_;
base::OneShotTimer timer_;
base::Time last_refreshed_;
base::TimeDelta minimum_delay_;
DISALLOW_COPY_AND_ASSIGN(AdvancedProtectionStatusManager);
};
} // namespace safe_browsing
#endif // CHROME_BROWSER_SAFE_BROWSING_ADVANCED_PROTECTION_STATUS_MANAGER_H_