Fix and re-enable KioskEnterpriseTest.

I couldn't reproduce the original failure, but the logs look like an
unrelated crash in the login screen code. Before re-enabling, the test
needed some updates after changes to the identity API implementation
in https://codereview.chromium.org/26715002

BUG=chromium:306611

Review URL: https://codereview.chromium.org/103263004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@238970 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 67 insertions, 14 deletions

diff --git a/google_apis/gaia/fake_gaia.cc b/google_apis/gaia/fake_gaia.cc
index 9f4a812..322ed54 100644
--- a/google_apis/gaia/fake_gaia.cc
+++ b/google_apis/gaia/fake_gaia.cc
@@ -10,6 +10,8 @@
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/path_service.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/values.h"
 #include "google_apis/gaia/gaia_urls.h"
@@ -65,9 +67,13 @@ scoped_ptr<HttpResponse> FakeGaia::HandleRequest(const HttpRequest& request) {
     http_response->set_content_type("text/html");
   } else if (request_path == gaia_urls->oauth2_token_url().path()) {
     std::string refresh_token;
+    std::string client_id;
+    std::string scope;
     const AccessTokenInfo* token_info = NULL;
+    GetQueryParameter(request.content, "scope", &scope);
     if (GetQueryParameter(request.content, "refresh_token", &refresh_token) &&
-        (token_info = GetAccessTokenInfo(refresh_token))) {
+        GetQueryParameter(request.content, "client_id", &client_id) &&
+        (token_info = GetAccessTokenInfo(refresh_token, client_id, scope))) {
       base::DictionaryValue response_dict;
       response_dict.SetString("access_token", token_info->token);
       response_dict.SetInteger("expires_in", 3600);
@@ -104,6 +110,30 @@ scoped_ptr<HttpResponse> FakeGaia::HandleRequest(const HttpRequest& request) {
     } else {
       http_response->set_code(net::HTTP_BAD_REQUEST);
     }
+  } else if (request_path == gaia_urls->oauth2_issue_token_url().path()) {
+    std::string access_token;
+    std::map<std::string, std::string>::const_iterator auth_header_entry =
+        request.headers.find("Authorization");
+    if (auth_header_entry != request.headers.end()) {
+      if (StartsWithASCII(auth_header_entry->second, "Bearer ", true))
+        access_token = auth_header_entry->second.substr(7);
+    }
+
+    std::string scope;
+    std::string client_id;
+    const AccessTokenInfo* token_info = NULL;
+    if (GetQueryParameter(request.content, "scope", &scope) &&
+        GetQueryParameter(request.content, "client_id", &client_id) &&
+        (token_info = GetAccessTokenInfo(access_token, client_id, scope))) {
+      base::DictionaryValue response_dict;
+      response_dict.SetString("issueAdvice", "auto");
+      response_dict.SetString("expiresIn",
+                              base::IntToString(token_info->expires_in));
+      response_dict.SetString("token", token_info->token);
+      FormatJSONResponse(response_dict, http_response.get());
+    } else {
+      http_response->set_code(net::HTTP_BAD_REQUEST);
+    }
   } else {
     // Request not understood.
     return scoped_ptr<HttpResponse>();
@@ -112,9 +142,9 @@ scoped_ptr<HttpResponse> FakeGaia::HandleRequest(const HttpRequest& request) {
   return http_response.PassAs<HttpResponse>();
 }
 
-void FakeGaia::IssueOAuthToken(const std::string& refresh_token,
+void FakeGaia::IssueOAuthToken(const std::string& auth_token,
                                const AccessTokenInfo& token_info) {
-  access_token_info_map_[refresh_token] = token_info;
+  access_token_info_map_.insert(std::make_pair(auth_token, token_info));
 }
 
 void FakeGaia::FormatJSONResponse(const base::DictionaryValue& response_dict,
@@ -126,10 +156,27 @@ void FakeGaia::FormatJSONResponse(const base::DictionaryValue& response_dict,
 }
 
 const FakeGaia::AccessTokenInfo* FakeGaia::GetAccessTokenInfo(
-    const std::string& refresh_token) const {
-  AccessTokenInfoMap::const_iterator entry =
-      access_token_info_map_.find(refresh_token);
-  return entry == access_token_info_map_.end() ? NULL : &entry->second;
+    const std::string& auth_token,
+    const std::string& client_id,
+    const std::string& scope_string) const {
+  if (auth_token.empty() || client_id.empty())
+    return NULL;
+
+  std::vector<std::string> scope_list;
+  base::SplitString(scope_string, ' ', &scope_list);
+  ScopeSet scopes(scope_list.begin(), scope_list.end());
+
+  for (AccessTokenInfoMap::const_iterator entry(
+           access_token_info_map_.lower_bound(auth_token));
+       entry != access_token_info_map_.upper_bound(auth_token);
+       ++entry) {
+    if (entry->second.audience == client_id &&
+        (scope_string.empty() || entry->second.scopes == scopes)) {
+      return &(entry->second);
+    }
+  }
+
+  return NULL;
 }
 
 // static
diff --git a/google_apis/gaia/fake_gaia.h b/google_apis/gaia/fake_gaia.h
index 24f6891..de4201f 100644
--- a/google_apis/gaia/fake_gaia.h
+++ b/google_apis/gaia/fake_gaia.h
@@ -55,21 +55,27 @@ class FakeGaia {
       const net::test_server::HttpRequest& request);
 
   // Configures an OAuth2 token that'll be returned when a client requests an
-  // access token for the given refresh token.
-  void IssueOAuthToken(const std::string& refresh_token,
+  // access token for the given auth token, which can be a refresh token or an
+  // login-scoped access token for the token minting endpoint. Note that the
+  // scope and audience requested by the client need to match the token_info.
+  void IssueOAuthToken(const std::string& auth_token,
                        const AccessTokenInfo& token_info);
 
  private:
-  typedef std::map<std::string, AccessTokenInfo> AccessTokenInfoMap;
+  typedef std::multimap<std::string, AccessTokenInfo> AccessTokenInfoMap;
 
   // Formats a JSON response with the data in |response_dict|.
   void FormatJSONResponse(const base::DictionaryValue& response_dict,
                           net::test_server::BasicHttpResponse* http_response);
 
-  // Returns the access token associated with |refresh_token| or NULL if not
-  // found.
-  const AccessTokenInfo* GetAccessTokenInfo(
-      const std::string& refresh_token) const;
+  // Returns the access token associated with |auth_token| that matches the
+  // given |client_id| and |scope_string|. If |scope_string| is empty, the first
+  // token satisfying the other criteria is returned. Returns NULL if no token
+  // matches.
+  const AccessTokenInfo* GetAccessTokenInfo(const std::string& auth_token,
+                                            const std::string& client_id,
+                                            const std::string& scope_string)
+      const;
 
   // Extracts the parameter named |key| from |query| and places it in |value|.
   // Returns false if no parameter is found.