Network traffic annotation added to OAuth2ApiCallFlow and its subclas…

…ses.

Network traffic annotation is added to network requests of:
chrome/browser/extensions/api/identity/identity_get_auth_token_function.cc
components/cryptauth/cryptauth_api_call_flow.cc
components/signin/core/browser/refresh_token_annotation_request.cc
google_apis/gaia/oauth2_api_call_flow.h
google_apis/gaia/oauth2_api_call_flow.cc

BUG=656607

Review-Url: https://codereview.chromium.org/2888053003
Cr-Commit-Position: refs/heads/master@{#484474}

components/cryptauth/cryptauth_api_call_flow.cc

@@ -6,6 +6,7 @@
 
 #include "base/strings/string_number_conversions.h"
 #include "components/proximity_auth/logging/logging.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 
 namespace cryptauth {
@@ -80,4 +81,10 @@ void CryptAuthApiCallFlow::ProcessApiCallFailure(
   error_callback_.Run(error_message);
 }
 
+net::PartialNetworkTrafficAnnotationTag
+CryptAuthApiCallFlow::GetNetworkTrafficAnnotationTag() {
+  DCHECK(partial_network_annotation_ != nullptr);
+  return *partial_network_annotation_.get();
+}
+
 }  // namespace cryptauth

components/cryptauth/cryptauth_api_call_flow.h

@@ -40,6 +40,14 @@ class CryptAuthApiCallFlow : public OAuth2ApiCallFlow {
                      const ResultCallback& result_callback,
                      const ErrorCallback& error_callback);
 
+  void SetPartialNetworkTrafficAnnotation(
+      const net::PartialNetworkTrafficAnnotationTag&
+          partial_traffic_annotation) {
+    partial_network_annotation_.reset(
+        new net::PartialNetworkTrafficAnnotationTag(
+            partial_traffic_annotation));
+  }
+
  protected:
   // Reduce the visibility of OAuth2ApiCallFlow::Start() to avoid exposing
   // overloaded methods.
@@ -53,6 +61,8 @@ class CryptAuthApiCallFlow : public OAuth2ApiCallFlow {
       const std::string& body) override;
   void ProcessApiCallSuccess(const net::URLFetcher* source) override;
   void ProcessApiCallFailure(const net::URLFetcher* source) override;
+  net::PartialNetworkTrafficAnnotationTag GetNetworkTrafficAnnotationTag()
+      override;
 
  private:
   // The URL of the CryptAuth endpoint serving the request.
@@ -68,6 +78,9 @@ class CryptAuthApiCallFlow : public OAuth2ApiCallFlow {
   // Callback invoked with an error message when the flow fails.
   ErrorCallback error_callback_;
 
+  std::unique_ptr<net::PartialNetworkTrafficAnnotationTag>
+      partial_network_annotation_;
+
   DISALLOW_COPY_AND_ASSIGN(CryptAuthApiCallFlow);
 };
 

components/cryptauth/cryptauth_api_call_flow_unittest.cc

@@ -30,7 +30,10 @@ class CryptAuthApiCallFlowTest
  protected:
   CryptAuthApiCallFlowTest()
       : url_request_context_getter_(new net::TestURLRequestContextGetter(
-            new base::TestSimpleTaskRunner())) {}
+            new base::TestSimpleTaskRunner())) {
+    flow_.SetPartialNetworkTrafficAnnotation(
+        PARTIAL_TRAFFIC_ANNOTATION_FOR_TESTS);
+  }
 
   void SetUp() override {
     // The TestURLFetcherFactory will override the global URLFetcherFactory for

components/cryptauth/cryptauth_client.h

@@ -10,6 +10,7 @@
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 
 namespace cryptauth {
 class GetMyDevicesRequest;
@@ -45,7 +46,9 @@ class CryptAuthClient {
       GetMyDevicesCallback;
   virtual void GetMyDevices(const GetMyDevicesRequest& request,
                             const GetMyDevicesCallback& callback,
-                            const ErrorCallback& error_callback) = 0;
+                            const ErrorCallback& error_callback,
+                            const net::PartialNetworkTrafficAnnotationTag&
+                                partial_traffic_annotation) = 0;
 
   // FindEligibleUnlockDevices
   typedef base::Callback<void(
@@ -62,7 +65,9 @@ class CryptAuthClient {
   virtual void SendDeviceSyncTickle(
       const SendDeviceSyncTickleRequest& request,
       const SendDeviceSyncTickleCallback& callback,
-      const ErrorCallback& error_callback) = 0;
+      const ErrorCallback& error_callback,
+      const net::PartialNetworkTrafficAnnotationTag&
+          partial_traffic_annotation) = 0;
 
   // ToggleEasyUnlock
   typedef base::Callback<void(const ToggleEasyUnlockResponse&)>

components/cryptauth/cryptauth_client_impl.cc

@@ -66,44 +66,148 @@ CryptAuthClientImpl::~CryptAuthClientImpl() {
 void CryptAuthClientImpl::GetMyDevices(
     const GetMyDevicesRequest& request,
     const GetMyDevicesCallback& callback,
-    const ErrorCallback& error_callback) {
-  MakeApiCall(kGetMyDevicesPath, request, callback, error_callback);
+    const ErrorCallback& error_callback,
+    const net::PartialNetworkTrafficAnnotationTag& partial_traffic_annotation) {
+  MakeApiCall(kGetMyDevicesPath, request, callback, error_callback,
+              partial_traffic_annotation);
 }
 
 void CryptAuthClientImpl::FindEligibleUnlockDevices(
     const FindEligibleUnlockDevicesRequest& request,
     const FindEligibleUnlockDevicesCallback& callback,
     const ErrorCallback& error_callback) {
-  MakeApiCall(kFindEligibleUnlockDevicesPath, request, callback,
-              error_callback);
+  net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation =
+      net::DefinePartialNetworkTrafficAnnotation(
+          "cryptauth_find_eligible_unlock_devices", "oauth2_api_call_flow",
+          R"(
+      semantics {
+        sender: "CryptAuth Device Manager"
+        description:
+          "Gets the list of mobile devices that can be used by Smart Lock to "
+          "unlock the current device."
+        trigger:
+          "This request is sent when the user starts the Smart Lock setup flow."
+        data: "OAuth 2.0 token and the device's public key."
+        destination: GOOGLE_OWNED_SERVICE
+      }
+      policy {
+        setting:
+          "This feature cannot be disabled in settings, but the request will "
+          "only be sent if the user explicitly tries to enable Smart Lock "
+          "(EasyUnlock), i.e. starts the setup flow."
+        chrome_policy {
+          EasyUnlockAllowed {
+            EasyUnlockAllowed: false
+          }
+        }
+      })");
+  MakeApiCall(kFindEligibleUnlockDevicesPath, request, callback, error_callback,
+              partial_traffic_annotation);
 }
 
 void CryptAuthClientImpl::SendDeviceSyncTickle(
     const SendDeviceSyncTickleRequest& request,
     const SendDeviceSyncTickleCallback& callback,
-    const ErrorCallback& error_callback) {
-  MakeApiCall(kSendDeviceSyncTicklePath, request, callback, error_callback);
+    const ErrorCallback& error_callback,
+    const net::PartialNetworkTrafficAnnotationTag& partial_traffic_annotation) {
+  MakeApiCall(kSendDeviceSyncTicklePath, request, callback, error_callback,
+              partial_traffic_annotation);
 }
 
 void CryptAuthClientImpl::ToggleEasyUnlock(
     const ToggleEasyUnlockRequest& request,
     const ToggleEasyUnlockCallback& callback,
     const ErrorCallback& error_callback) {
-  MakeApiCall(kToggleEasyUnlockPath, request, callback, error_callback);
+  net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation =
+      net::DefinePartialNetworkTrafficAnnotation("cryptauth_toggle_easyunlock",
+                                                 "oauth2_api_call_flow", R"(
+      semantics {
+        sender: "CryptAuth Device Manager"
+        description: "Enables Smart Lock (EasyUnlock) for the current device."
+        trigger:
+          "This request is send after the user goes through the EasyUnlock "
+          "setup flow."
+        data: "OAuth 2.0 token and the device public key."
+        destination: GOOGLE_OWNED_SERVICE
+      }
+      policy {
+        setting:
+          "This feature cannot be disabled in settings, but the request will "
+          "only be send if the user explicitly enables Smart Lock "
+          "(EasyUnlock), i.e. uccessfully complete the setup flow."
+        chrome_policy {
+          EasyUnlockAllowed {
+            EasyUnlockAllowed: false
+          }
+        }
+      })");
+  MakeApiCall(kToggleEasyUnlockPath, request, callback, error_callback,
+              partial_traffic_annotation);
 }
 
 void CryptAuthClientImpl::SetupEnrollment(
     const SetupEnrollmentRequest& request,
     const SetupEnrollmentCallback& callback,
     const ErrorCallback& error_callback) {
-  MakeApiCall(kSetupEnrollmentPath, request, callback, error_callback);
+  net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation =
+      net::DefinePartialNetworkTrafficAnnotation(
+          "cryptauth_enrollment_flow_setup", "oauth2_api_call_flow", R"(
+      semantics {
+        sender: "CryptAuth Device Manager"
+        description: "Starts the CryptAuth registration flow."
+        trigger:
+          "Occurs periodically, at least once a month, because if the device "
+          "does not re-enroll for more than a specific number of days "
+          "(currently 45) it will be removed from the server."
+        data:
+          "Various device information (public key, bluetooth MAC address, "
+          "model, OS version, screen size, manufacturer, has screen lock "
+          "enabled), and OAuth 2.0 token."
+        destination: GOOGLE_OWNED_SERVICE
+      }
+      policy {
+        setting:
+          "This feature cannot be disabled by settings. However, this request "
+          "is made only for signed-in users."
+        chrome_policy {
+          SigninAllowed {
+            SigninAllowed: false
+          }
+        }
+      })");
+  MakeApiCall(kSetupEnrollmentPath, request, callback, error_callback,
+              partial_traffic_annotation);
 }
 
 void CryptAuthClientImpl::FinishEnrollment(
     const FinishEnrollmentRequest& request,
     const FinishEnrollmentCallback& callback,
     const ErrorCallback& error_callback) {
-  MakeApiCall(kFinishEnrollmentPath, request, callback, error_callback);
+  net::PartialNetworkTrafficAnnotationTag partial_traffic_annotation =
+      net::DefinePartialNetworkTrafficAnnotation(
+          "cryptauth_enrollment_flow_finish", "oauth2_api_call_flow", R"(
+      semantics {
+        sender: "CryptAuth Device Manager"
+        description: "Finishes the CryptAuth registration flow."
+        trigger:
+          "Occurs periodically, at least once a month, because if the device "
+          "does not re-enroll for more than a specific number of days "
+          "(currently 45) it will be removed from the server."
+        data: "OAuth 2.0 token."
+        destination: GOOGLE_OWNED_SERVICE
+      }
+      policy {
+        setting:
+          "This feature cannot be disabled by settings. However, this request "
+          "is made only for signed-in users."
+        chrome_policy {
+          SigninAllowed {
+            SigninAllowed: false
+          }
+        }
+      })");
+  MakeApiCall(kFinishEnrollmentPath, request, callback, error_callback,
+              partial_traffic_annotation);
 }
 
 std::string CryptAuthClientImpl::GetAccessTokenUsed() {
@@ -115,14 +219,18 @@ void CryptAuthClientImpl::MakeApiCall(
     const std::string& request_path,
     const RequestProto& request_proto,
     const base::Callback<void(const ResponseProto&)>& response_callback,
-    const ErrorCallback& error_callback) {
+    const ErrorCallback& error_callback,
+    const net::PartialNetworkTrafficAnnotationTag& partial_traffic_annotation) {
   if (has_call_started_) {
     error_callback.Run(
         "Client has been used for another request. Do not reuse.");
     return;
   }
   has_call_started_ = true;
 
+  api_call_flow_->SetPartialNetworkTrafficAnnotation(
+      partial_traffic_annotation);
+
   // The |device_classifier| field must be present for all CryptAuth requests.
   RequestProto request_copy(request_proto);
   request_copy.mutable_device_classifier()->CopyFrom(device_classifier_);

components/cryptauth/cryptauth_client_impl.h

@@ -11,6 +11,7 @@
 #include "components/cryptauth/cryptauth_api_call_flow.h"
 #include "components/cryptauth/cryptauth_client.h"
 #include "components/cryptauth/proto/cryptauth_api.pb.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_request_context_getter.h"
 
 class OAuth2TokenService;
@@ -39,15 +40,18 @@ class CryptAuthClientImpl : public CryptAuthClient {
   // CryptAuthClient:
   void GetMyDevices(const GetMyDevicesRequest& request,
                     const GetMyDevicesCallback& callback,
-                    const ErrorCallback& error_callback) override;
+                    const ErrorCallback& error_callback,
+                    const net::PartialNetworkTrafficAnnotationTag&
+                        partial_traffic_annotation) override;
   void FindEligibleUnlockDevices(
       const FindEligibleUnlockDevicesRequest& request,
       const FindEligibleUnlockDevicesCallback& callback,
       const ErrorCallback& error_callback) override;
-  void SendDeviceSyncTickle(
-      const SendDeviceSyncTickleRequest& request,
-      const SendDeviceSyncTickleCallback& callback,
-      const ErrorCallback& error_callback) override;
+  void SendDeviceSyncTickle(const SendDeviceSyncTickleRequest& request,
+                            const SendDeviceSyncTickleCallback& callback,
+                            const ErrorCallback& error_callback,
+                            const net::PartialNetworkTrafficAnnotationTag&
+                                partial_traffic_annotation) override;
   void ToggleEasyUnlock(const ToggleEasyUnlockRequest& request,
                         const ToggleEasyUnlockCallback& callback,
                         const ErrorCallback& error_callback) override;
@@ -68,7 +72,9 @@ class CryptAuthClientImpl : public CryptAuthClient {
       const std::string& request_path,
       const RequestProto& request_proto,
       const base::Callback<void(const ResponseProto&)>& response_callback,
-      const ErrorCallback& error_callback);
+      const ErrorCallback& error_callback,
+      const net::PartialNetworkTrafficAnnotationTag&
+          partial_traffic_annotation);
 
   // Called when the access token is obtained so the API request can be made.
   template <class ResponseProto>