Added --lso-host switch that lets us override hosts for LSO URLs.

BUG=168602
TEST=existing unittests

Review URL: https://codereview.chromium.org/11786006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175900 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 81 insertions, 36 deletions

diff --git a/chrome/browser/resources/gaia_auth/manifest_test.json b/chrome/browser/resources/gaia_auth/manifest_test.json
index c5228f7..3b0363a 100644
--- a/chrome/browser/resources/gaia_auth/manifest_test.json
+++ b/chrome/browser/resources/gaia_auth/manifest_test.json
@@ -4,7 +4,7 @@
   "name": "GaiaTestAuthExtension",
   "version": "0.0.1",
   "manifest_version": 2,
-  "content_security_policy": "default-src 'self'; script-src 'self'; frame-src 'self' https://insecure.com https://www.google.com/accounts/ https://accounts.google.com https://gaiastaging.corp.google.com",
+  "content_security_policy": "default-src 'self'; script-src 'self'; frame-src 'self' https://insecure.com https://www.google.com/accounts/ https://accounts.google.com https://accounts.youtube.com https://gaiastaging.corp.google.com",
   "description": "GAIA Test Component Extension",
   "content_scripts": [
     {
diff --git a/google_apis/gaia/gaia_switches.cc b/google_apis/gaia/gaia_switches.cc
index 5ed8032..eb3f85e 100644
--- a/google_apis/gaia/gaia_switches.cc
+++ b/google_apis/gaia/gaia_switches.cc
@@ -9,6 +9,8 @@ namespace switches {
 const char kClientLoginToOAuth2Url[]        = "client-login-to-oauth2-url";
 const char kGaiaHost[]                      = "gaia-host";
 const char kGaiaUrlPath[]                   = "gaia-url-path";
+const char kGoogleApisHost[]                = "google-apis-host";
+const char kLsoHost[]                       = "lso-host";
 const char kOAuth1LoginScope[]              = "oauth1-login-scope";
 const char kOAuth2IssueTokenUrl[]           = "oauth2-issue-token-url";
 const char kOAuth2TokenUrl[]                = "oauth2-token-url";
diff --git a/google_apis/gaia/gaia_switches.h b/google_apis/gaia/gaia_switches.h
index bdb3f28..52680dd 100644
--- a/google_apis/gaia/gaia_switches.h
+++ b/google_apis/gaia/gaia_switches.h
@@ -12,7 +12,7 @@ extern const char kClientLoginToOAuth2Url[];
 
 // Specifies the backend server used for gaia authentications, like sync or
 // policies for example. The https:// prefix and the trailing slash should be
-// omitted. The default value is "www.google.com".
+// omitted. The default value is "accounts.google.com".
 extern const char kGaiaHost[];
 
 // Specifies the path prefix for GAIA authentication URL. It should be used
@@ -20,6 +20,19 @@ extern const char kGaiaHost[];
 // used in production.
 extern const char kGaiaUrlPath[];
 
+// Specifies the backend server used for Google API calls. The https:// prefix
+// and the trailing slash should be omitted.
+// The default value is "www.googleapis.com".
+extern const char kGoogleApisHost[];
+
+// Specifies the backend server used for lso authentication calls.
+// The https:// prefix and the trailing slash should be
+// omitted. The default value is "accounts.google.com".
+extern const char kLsoHost[];
+
+// TODO(zelidrag): Get rid of all following since all URLs should be
+// controlled only with --gaia-host, --lso-host and --google-apis-host.
+
 // Specifies custom OAuth1 login scope for testing purposes.
 extern const char kOAuth1LoginScope[];
 
diff --git a/google_apis/gaia/gaia_urls.cc b/google_apis/gaia/gaia_urls.cc
index 8ececeb..a910d4d 100644
--- a/google_apis/gaia/gaia_urls.cc
+++ b/google_apis/gaia/gaia_urls.cc
@@ -12,35 +12,34 @@ namespace {
 
 // Gaia service constants
 const char kDefaultGaiaBaseUrl[] = "accounts.google.com";
+const char kDefaultGoogleApisBaseUrl[] = "www.googleapis.com";
 const char kCaptchaUrlPrefixSuffix[] = "/";
+
+// API calls from accounts.google.com
 const char kClientLoginUrlSuffix[] = "/ClientLogin";
 const char kServiceLoginUrlSuffix[] = "/ServiceLogin";
 const char kIssueAuthTokenUrlSuffix[] = "/IssueAuthToken";
 const char kGetUserInfoUrlSuffix[] = "/GetUserInfo";
 const char kTokenAuthUrlSuffix[] = "/TokenAuth";
 const char kMergeSessionUrlSuffix[] = "/MergeSession";
-
 const char kOAuthGetAccessTokenUrlSuffix[] = "/OAuthGetAccessToken";
 const char kOAuthWrapBridgeUrlSuffix[] = "/OAuthWrapBridge";
 const char kOAuth1LoginUrlSuffix[] = "/OAuthLogin";
 const char kOAuthRevokeTokenUrlSuffix[] = "/AuthSubRevokeToken";
 
-// Federated login constants
-const char kDefaultFederatedLoginHost[] = "www.google.com";
-const char kDefaultFederatedLoginPath[] = "/accounts";
+// API calls from accounts.google.com (LSO)
 const char kGetOAuthTokenUrlSuffix[] = "/o/oauth/GetOAuthToken/";
+const char kClientLoginToOAuth2UrlSuffix[] = "/o/oauth2/programmatic_auth";
+const char kOAuth2TokenUrlSuffix[] = "/o/oauth2/token";
+const char kClientOAuthUrlSuffix[] = "/ClientOAuth";
+
+// API calls from www.googleapis.com
+const char kOAuth2IssueTokenUrlSuffix[] = "/oauth2/v2/IssueToken";
+const char kOAuthUserInfoUrlSuffix[] = "/oauth2/v1/userinfo";
+const char kOAuthWrapBridgeUserInfoScopeUrlSuffix[] = "/auth/userinfo.email";
 
-const char kClientLoginToOAuth2Url[] =
-    "https://accounts.google.com/o/oauth2/programmatic_auth";
-const char kOAuth2TokenUrl[] =
-    "https://accounts.google.com/o/oauth2/token";
-const char kOAuth2IssueTokenUrl[] =
-    "https://www.googleapis.com/oauth2/v2/IssueToken";
 const char kOAuth1LoginScope[] =
     "https://www.google.com/accounts/OAuthLogin";
-const char kOAuthUserInfoUrl[] =
-    "https://www.googleapis.com/oauth2/v1/userinfo";
-
 
 void GetSwitchValueWithDefault(const char* switch_value,
                                const char* default_value,
@@ -65,8 +64,19 @@ GaiaUrls::GaiaUrls() {
   GetSwitchValueWithDefault(switches::kGaiaHost, kDefaultGaiaBaseUrl,
                             &host_base);
 
+  std::string lso_base;
+  GetSwitchValueWithDefault(switches::kLsoHost, kDefaultGaiaBaseUrl,
+                            &lso_base);
+
+  std::string google_apis_base;
+  GetSwitchValueWithDefault(switches::kGoogleApisHost,
+                            kDefaultGoogleApisBaseUrl,
+                            &google_apis_base);
+
   captcha_url_prefix_ = "http://" + host_base + kCaptchaUrlPrefixSuffix;
   gaia_origin_url_ = "https://" + host_base;
+  lso_origin_url_ = "https://" + lso_base;
+  google_apis_origin_url_ = "https://" + google_apis_base;
   std::string gaia_url_base = gaia_origin_url_;
   if (command_line->HasSwitch(switches::kGaiaUrlPath)) {
     std::string path =
@@ -79,49 +89,58 @@ GaiaUrls::GaiaUrls() {
     }
   }
 
+
+  oauth2_chrome_client_id_ =
+      google_apis::GetOAuth2ClientID(google_apis::CLIENT_MAIN);
+  oauth2_chrome_client_secret_ =
+      google_apis::GetOAuth2ClientSecret(google_apis::CLIENT_MAIN);
+
+  // URLs from accounts.google.com.
+  gaia_login_form_realm_ = gaia_url_base + "/";
   client_login_url_ = gaia_url_base + kClientLoginUrlSuffix;
   service_login_url_ = gaia_url_base + kServiceLoginUrlSuffix;
   issue_auth_token_url_ = gaia_url_base + kIssueAuthTokenUrlSuffix;
   get_user_info_url_ = gaia_url_base + kGetUserInfoUrlSuffix;
   token_auth_url_ = gaia_url_base + kTokenAuthUrlSuffix;
   merge_session_url_ = gaia_url_base + kMergeSessionUrlSuffix;
-  get_oauth_token_url_ = gaia_url_base + kGetOAuthTokenUrlSuffix;
   oauth_get_access_token_url_ = gaia_url_base +
                                 kOAuthGetAccessTokenUrlSuffix;
   oauth_wrap_bridge_url_ = gaia_url_base + kOAuthWrapBridgeUrlSuffix;
   oauth_revoke_token_url_ = gaia_url_base + kOAuthRevokeTokenUrlSuffix;
   oauth1_login_url_ = gaia_url_base + kOAuth1LoginUrlSuffix;
-
+  client_oauth_url_ = gaia_url_base + kClientOAuthUrlSuffix;
+
+  // URLs from accounts.google.com (LSO).
+  get_oauth_token_url_ = lso_origin_url_ + kGetOAuthTokenUrlSuffix;
+  std::string client_login_to_oauth2_url = lso_origin_url_ +
+                                           kClientLoginToOAuth2UrlSuffix;
+  std::string oauth2_token_url = lso_origin_url_ + kOAuth2TokenUrlSuffix;
+
+  // URLs from www.googleapis.com.
+  oauth_wrap_bridge_user_info_scope_ = google_apis_origin_url_ +
+      kOAuthWrapBridgeUserInfoScopeUrlSuffix;
+  std::string oauth2_issue_token_url = google_apis_origin_url_ +
+                                       kOAuth2IssueTokenUrlSuffix;
+  std::string oauth_user_info_url = google_apis_origin_url_ +
+                                    kOAuthUserInfoUrlSuffix;
+
+  // TODO(zelidrag): Get rid of all these switches since all URLs should be
+  // controlled only with --gaia-host, --lso-host and --google-apis-host.
   GetSwitchValueWithDefault(switches::kOAuth1LoginScope,
                             kOAuth1LoginScope,
                             &oauth1_login_scope_);
-
-  // TODO(joaodasilva): these aren't configurable for now, but are managed here
-  // so that users of Gaia URLs don't have to use static constants.
-  // http://crbug.com/97126
-  oauth_wrap_bridge_user_info_scope_ =
-      "https://www.googleapis.com/auth/userinfo.email";
-  client_oauth_url_ = "https://accounts.google.com/ClientOAuth";
-
-  oauth2_chrome_client_id_ =
-      google_apis::GetOAuth2ClientID(google_apis::CLIENT_MAIN);
-  oauth2_chrome_client_secret_ =
-      google_apis::GetOAuth2ClientSecret(google_apis::CLIENT_MAIN);
-
   GetSwitchValueWithDefault(switches::kClientLoginToOAuth2Url,
-                            kClientLoginToOAuth2Url,
+                            client_login_to_oauth2_url.c_str(),
                             &client_login_to_oauth2_url_);
   GetSwitchValueWithDefault(switches::kOAuth2TokenUrl,
-                            kOAuth2TokenUrl,
+                            oauth2_token_url.c_str(),
                             &oauth2_token_url_);
   GetSwitchValueWithDefault(switches::kOAuth2IssueTokenUrl,
-                            kOAuth2IssueTokenUrl,
+                            oauth2_issue_token_url.c_str(),
                             &oauth2_issue_token_url_);
   GetSwitchValueWithDefault(switches::kOAuthUserInfoUrl,
-                            kOAuthUserInfoUrl,
+                            oauth_user_info_url.c_str(),
                             &oauth_user_info_url_);
-
-  gaia_login_form_realm_ = "https://accounts.google.com/";
 }
 
 GaiaUrls::~GaiaUrls() {
diff --git a/google_apis/gaia/gaia_urls.h b/google_apis/gaia/gaia_urls.h
index cf7b87c..cd63d1d 100644
--- a/google_apis/gaia/gaia_urls.h
+++ b/google_apis/gaia/gaia_urls.h
@@ -52,6 +52,8 @@ class GaiaUrls {
   std::string captcha_url_prefix_;
 
   std::string gaia_origin_url_;
+  std::string lso_origin_url_;
+  std::string google_apis_origin_url_;
   std::string client_login_url_;
   std::string service_login_url_;
   std::string issue_auth_token_url_;
diff --git a/net/url_request/url_fetcher_core.cc b/net/url_request/url_fetcher_core.cc
index 8673de7..fc21883 100644
--- a/net/url_request/url_fetcher_core.cc
+++ b/net/url_request/url_fetcher_core.cc
@@ -622,6 +622,12 @@ void URLFetcherCore::OnReadCompleted(URLRequest* request,
   }
 }
 
+void URLFetcherCore::OnCertificateRequested(
+    URLRequest* request,
+    SSLCertRequestInfo* cert_request_info) {
+  request->ContinueWithCertificate(NULL);
+}
+
 void URLFetcherCore::OnConnectionTypeChanged(
     NetworkChangeNotifier::ConnectionType type) {
   DCHECK_GT(num_retries_on_network_changes_, 0);
diff --git a/net/url_request/url_fetcher_core.h b/net/url_request/url_fetcher_core.h
index 67589c4..4796d24 100644
--- a/net/url_request/url_fetcher_core.h
+++ b/net/url_request/url_fetcher_core.h
@@ -124,6 +124,9 @@ class URLFetcherCore
   virtual void OnResponseStarted(URLRequest* request) OVERRIDE;
   virtual void OnReadCompleted(URLRequest* request,
                                int bytes_read) OVERRIDE;
+  virtual void OnCertificateRequested(
+      URLRequest* request,
+      SSLCertRequestInfo* cert_request_info) OVERRIDE;
 
   // Overridden from NetworkChangeNotifier::ConnectionTypeObserver:
   virtual void OnConnectionTypeChanged(