1 files changed, 67 insertions, 1 deletions

diff --git a/remoting/host/setup/native_messaging_host.cc b/remoting/host/setup/native_messaging_host.cc
index 7bf6b7c150..0492736c61 100644
--- a/remoting/host/setup/native_messaging_host.cc
+++ b/remoting/host/setup/native_messaging_host.cc
@@ -15,12 +15,16 @@
 #include "base/run_loop.h"
 #include "base/strings/stringize_macros.h"
 #include "base/values.h"
+#include "google_apis/gaia/gaia_oauth_client.h"
+#include "google_apis/google_api_keys.h"
 #include "net/base/net_util.h"
+#include "net/url_request/url_fetcher.h"
 #include "remoting/base/rsa_key_pair.h"
+#include "remoting/base/url_request_context.h"
 #include "remoting/host/host_exit_codes.h"
 #include "remoting/host/pairing_registry_delegate.h"
-#include "remoting/host/pairing_registry_delegate.h"
 #include "remoting/host/pin_hash.h"
+#include "remoting/host/setup/oauth_client.h"
 #include "remoting/protocol/pairing_registry.h"
 
 #if defined(OS_POSIX)
@@ -32,8 +36,13 @@ namespace {
 // Features supported in addition to the base protocol.
 const char* kSupportedFeatures[] = {
   "pairingRegistry",
+  "oauthClient"
 };
 
+// redirect_uri to use when authenticating service accounts (service account
+// codes are obtained "out-of-band", i.e., not through an OAuth redirect).
+const char* kServiceAccountRedirectUri = "oob";
+
 // Helper to extract the "config" part of a message as a DictionaryValue.
 // Returns NULL on failure, and logs an error message.
 scoped_ptr<base::DictionaryValue> ConfigDictionaryFromMessage(
@@ -55,6 +64,7 @@ namespace remoting {
 NativeMessagingHost::NativeMessagingHost(
     scoped_ptr<DaemonController> daemon_controller,
     scoped_refptr<protocol::PairingRegistry> pairing_registry,
+    scoped_ptr<OAuthClient> oauth_client,
     base::PlatformFile input,
     base::PlatformFile output,
     scoped_refptr<base::SingleThreadTaskRunner> caller_task_runner,
@@ -65,6 +75,7 @@ NativeMessagingHost::NativeMessagingHost(
       native_messaging_writer_(output),
       daemon_controller_(daemon_controller.Pass()),
       pairing_registry_(pairing_registry),
+      oauth_client_(oauth_client.Pass()),
       weak_factory_(this) {
   weak_ptr_ = weak_factory_.GetWeakPtr();
 }
@@ -145,6 +156,11 @@ void NativeMessagingHost::ProcessMessage(scoped_ptr<base::Value> message) {
     success = ProcessStopDaemon(*message_dict, response_dict.Pass());
   } else if (type == "getDaemonState") {
     success = ProcessGetDaemonState(*message_dict, response_dict.Pass());
+  } else if (type == "getHostClientId") {
+    success = ProcessGetHostClientId(*message_dict, response_dict.Pass());
+  } else if (type == "getCredentialsFromAuthCode") {
+    success = ProcessGetCredentialsFromAuthCode(
+        *message_dict, response_dict.Pass());
   } else {
     LOG(ERROR) << "Unsupported request type: " << type;
   }
@@ -347,6 +363,38 @@ bool NativeMessagingHost::ProcessGetDaemonState(
   return true;
 }
 
+bool NativeMessagingHost::ProcessGetHostClientId(
+    const base::DictionaryValue& message,
+    scoped_ptr<base::DictionaryValue> response) {
+  response->SetString("clientId", google_apis::GetOAuth2ClientID(
+      google_apis::CLIENT_REMOTING_HOST));
+  SendResponse(response.Pass());
+  return true;
+}
+
+bool NativeMessagingHost::ProcessGetCredentialsFromAuthCode(
+    const base::DictionaryValue& message,
+    scoped_ptr<base::DictionaryValue> response) {
+  std::string auth_code;
+  if (!message.GetString("authorizationCode", &auth_code)) {
+    LOG(ERROR) << "'authorizationCode' string not found.";
+    return false;
+  }
+
+  gaia::OAuthClientInfo oauth_client_info = {
+    google_apis::GetOAuth2ClientID(google_apis::CLIENT_REMOTING_HOST),
+    google_apis::GetOAuth2ClientSecret(google_apis::CLIENT_REMOTING_HOST),
+    kServiceAccountRedirectUri
+  };
+
+  oauth_client_->GetCredentialsFromAuthCode(
+      oauth_client_info, auth_code, base::Bind(
+          &NativeMessagingHost::SendCredentialsResponse, weak_ptr_,
+          base::Passed(&response)));
+
+  return true;
+}
+
 void NativeMessagingHost::SendResponse(
     scoped_ptr<base::DictionaryValue> response) {
   if (!caller_task_runner_->BelongsToCurrentThread()) {
@@ -415,6 +463,15 @@ void NativeMessagingHost::SendBooleanResult(
   SendResponse(response.Pass());
 }
 
+void NativeMessagingHost::SendCredentialsResponse(
+    scoped_ptr<base::DictionaryValue> response,
+    const std::string& user_email,
+    const std::string& refresh_token) {
+  response->SetString("userEmail", user_email);
+  response->SetString("refreshToken", refresh_token);
+  SendResponse(response.Pass());
+}
+
 int NativeMessagingHostMain() {
 #if defined(OS_WIN)
   base::PlatformFile read_file = GetStdHandle(STD_INPUT_HANDLE);
@@ -428,10 +485,19 @@ int NativeMessagingHostMain() {
 
   base::MessageLoop message_loop(base::MessageLoop::TYPE_IO);
   base::RunLoop run_loop;
+  // OAuth client (for credential requests).
+  scoped_refptr<net::URLRequestContextGetter> url_request_context_getter(
+      new remoting::URLRequestContextGetter(message_loop.message_loop_proxy()));
+  scoped_ptr<remoting::OAuthClient> oauth_client(
+      new remoting::OAuthClient(url_request_context_getter));
+
+  net::URLFetcher::SetIgnoreCertificateRequests(true);
+
   scoped_refptr<protocol::PairingRegistry> pairing_registry =
       CreatePairingRegistry(message_loop.message_loop_proxy());
   remoting::NativeMessagingHost host(remoting::DaemonController::Create(),
                                      pairing_registry,
+                                     oauth_client.Pass(),
                                      read_file, write_file,
                                      message_loop.message_loop_proxy(),
                                      run_loop.QuitClosure());