diff options
| author | alemate <alemate@chromium.org> | 2016-03-04 02:39:54 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-04 10:41:09 +0000 |
| commit | 627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7 (patch) | |
| tree | 5b57e0a8999752be8165706373ba5abfe5851729 | |
| parent | 0cdae918ae7ffe4d4046027182807b9d99b6b719 (diff) | |
| download | chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.zip chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.tar.gz chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.tar.bz2 | |
ChromeOS cryptohome should be able to use gaia id as user identifier.
This CL adds support for using Gaia ID as cryptohome identifier.
BUG=462823
TEST=unit tests
Review URL: https://codereview.chromium.org/1693383003
Cr-Commit-Position: refs/heads/master@{#379262}
113 files changed, 1610 insertions, 1341 deletions
diff --git a/chrome/browser/browsing_data/browsing_data_remover.cc b/chrome/browser/browsing_data/browsing_data_remover.cc index 83f835f..a07aab0 100644 --- a/chrome/browser/browsing_data/browsing_data_remover.cc +++ b/chrome/browser/browsing_data/browsing_data_remover.cc @@ -89,6 +89,7 @@ #if defined(OS_CHROMEOS) #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chromeos/attestation/attestation_constants.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "components/user_manager/user.h" @@ -881,7 +882,8 @@ void BrowsingDataRemover::RemoveImpl(const TimeRange& time_range, chromeos::DBusThreadManager::Get() ->GetCryptohomeClient() ->TpmAttestationDeleteKeys( - chromeos::attestation::KEY_USER, user->email(), + chromeos::attestation::KEY_USER, + cryptohome::Identification(user->GetAccountId()), chromeos::attestation::kContentProtectionKeyPrefix, base::Bind(&BrowsingDataRemover::OnClearPlatformKeys, weak_ptr_factory_.GetWeakPtr())); diff --git a/chrome/browser/chromeos/app_mode/app_session.cc b/chrome/browser/chromeos/app_mode/app_session.cc index 850615e..6f2e374 100644 --- a/chrome/browser/chromeos/app_mode/app_session.cc +++ b/chrome/browser/chromeos/app_mode/app_session.cc @@ -120,8 +120,9 @@ class AppSession::AppWindowHandler : public AppWindowRegistry::Observer { void OnAppWindowRemoved(AppWindow* app_window) override { if (window_registry_->GetAppWindowsForApp(app_id_).empty()) { - if (DemoAppLauncher::IsDemoAppSession( - user_manager::UserManager::Get()->GetActiveUser()->email())) { + if (DemoAppLauncher::IsDemoAppSession(user_manager::UserManager::Get() + ->GetActiveUser() + ->GetAccountId())) { // If we were in demo mode, we disabled all our network technologies, // re-enable them. NetworkStateHandler* handler = @@ -188,7 +189,7 @@ void AppSession::Init(Profile* profile, const std::string& app_id) { // For a demo app, we don't need to either setup the update service or // the idle app name notification. if (DemoAppLauncher::IsDemoAppSession( - user_manager::UserManager::Get()->GetActiveUser()->email())) + user_manager::UserManager::Get()->GetActiveUser()->GetAccountId())) return; // Set the app_id for the current instance of KioskAppUpdateService. diff --git a/chrome/browser/chromeos/app_mode/kiosk_app_data.cc b/chrome/browser/chromeos/app_mode/kiosk_app_data.cc index ed46386..0cb0c98 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_app_data.cc +++ b/chrome/browser/chromeos/app_mode/kiosk_app_data.cc @@ -395,14 +395,13 @@ class KioskAppData::WebstoreDataParser KioskAppData::KioskAppData(KioskAppDataDelegate* delegate, const std::string& app_id, - const std::string& user_id, + const AccountId& account_id, const GURL& update_url) : delegate_(delegate), status_(STATUS_INIT), app_id_(app_id), - user_id_(user_id), - update_url_(update_url) { -} + account_id_(account_id), + update_url_(update_url) {} KioskAppData::~KioskAppData() {} diff --git a/chrome/browser/chromeos/app_mode/kiosk_app_data.h b/chrome/browser/chromeos/app_mode/kiosk_app_data.h index c50fec8..edcf76f 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_app_data.h +++ b/chrome/browser/chromeos/app_mode/kiosk_app_data.h @@ -12,6 +12,7 @@ #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" #include "chrome/browser/extensions/webstore_data_fetcher_delegate.h" +#include "components/signin/core/account_id/account_id.h" #include "ui/gfx/image/image_skia.h" #include "url/gurl.h" @@ -48,7 +49,7 @@ class KioskAppData : public base::SupportsWeakPtr<KioskAppData>, KioskAppData(KioskAppDataDelegate* delegate, const std::string& app_id, - const std::string& user_id, + const AccountId& account_id, const GURL& update_url); ~KioskAppData() override; @@ -73,7 +74,7 @@ class KioskAppData : public base::SupportsWeakPtr<KioskAppData>, bool IsFromWebStore() const; const std::string& app_id() const { return app_id_; } - const std::string& user_id() const { return user_id_; } + const AccountId& account_id() const { return account_id_; } const std::string& name() const { return name_; } const GURL& update_url() const { return update_url_; } const gfx::ImageSkia& icon() const { return icon_; } @@ -145,7 +146,7 @@ class KioskAppData : public base::SupportsWeakPtr<KioskAppData>, Status status_; std::string app_id_; - std::string user_id_; + AccountId account_id_; std::string name_; GURL update_url_; gfx::ImageSkia icon_; diff --git a/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc b/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc index b48cb02..4a39547 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc +++ b/chrome/browser/chromeos/app_mode/kiosk_app_manager.cc @@ -35,13 +35,16 @@ #include "chrome/common/extensions/extension_constants.h" #include "chromeos/chromeos_paths.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" +#include "chromeos/login/user_names.h" #include "chromeos/settings/cros_settings_names.h" #include "components/ownership/owner_key_util.h" #include "components/prefs/pref_registry_simple.h" #include "components/prefs/pref_service.h" #include "components/prefs/scoped_user_pref_update.h" #include "components/signin/core/account_id/account_id.h" +#include "components/user_manager/known_user.h" #include "components/user_manager/user_manager.h" #include "content/public/browser/browser_thread.h" #include "extensions/common/extension_urls.h" @@ -61,30 +64,34 @@ std::string GenerateKioskAppAccountId(const std::string& app_id) { return app_id + '@' + kKioskAppAccountDomain; } -void ScheduleDelayedCryptohomeRemoval(const std::string& user_id, +void ScheduleDelayedCryptohomeRemoval(const cryptohome::Identification& id, const std::string& app_id) { PrefService* local_state = g_browser_process->local_state(); DictionaryPrefUpdate dict_update(local_state, kKioskUsersToRemove); - dict_update->SetStringWithoutPathExpansion(user_id, app_id); + + // We are using cryptohome::Identification here because it cannot change + // before actual removal will take place. (Possible cryptohome migration + // happens only on session start, but deletion should happen before it.) + dict_update->SetStringWithoutPathExpansion(id.id(), app_id); local_state->CommitPendingWrite(); } -void CancelDelayedCryptohomeRemoval(const std::string& user_id) { +void CancelDelayedCryptohomeRemoval(const cryptohome::Identification& id) { PrefService* local_state = g_browser_process->local_state(); DictionaryPrefUpdate dict_update(local_state, kKioskUsersToRemove); - dict_update->RemoveWithoutPathExpansion(user_id, nullptr); + dict_update->RemoveWithoutPathExpansion(id.id(), nullptr); local_state->CommitPendingWrite(); } -void OnRemoveAppCryptohomeComplete(const std::string& user_id, +void OnRemoveAppCryptohomeComplete(const cryptohome::Identification& id, const std::string& app, const base::Closure& callback, bool success, cryptohome::MountError return_code) { if (success) { - CancelDelayedCryptohomeRemoval(user_id); + CancelDelayedCryptohomeRemoval(id); } else { - ScheduleDelayedCryptohomeRemoval(user_id, app); + ScheduleDelayedCryptohomeRemoval(id, app); LOG(ERROR) << "Remove cryptohome for " << app << " failed, return code: " << return_code; } @@ -102,16 +109,14 @@ void PerformDelayedCryptohomeRemovals(bool service_is_available) { const base::DictionaryValue* dict = local_state->GetDictionary(kKioskUsersToRemove); for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { - std::string user_id = it.key(); + const cryptohome::Identification cryptohome_id( + cryptohome::Identification::FromString(it.key())); std::string app_id; it.value().GetAsString(&app_id); VLOG(1) << "Removing obsolete crypthome for " << app_id; cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( - user_id, - base::Bind(&OnRemoveAppCryptohomeComplete, - user_id, - app_id, - base::Closure())); + cryptohome_id, base::Bind(&OnRemoveAppCryptohomeComplete, cryptohome_id, + app_id, base::Closure())); } } @@ -171,15 +176,17 @@ KioskAppManager::App::App(const KioskAppData& data, bool is_extension_pending, bool auto_launched_with_zero_delay) : app_id(data.app_id()), - user_id(data.user_id()), + account_id(data.account_id()), name(data.name()), icon(data.icon()), required_platform_version(data.required_platform_version()), is_loading(data.IsLoading() || is_extension_pending), was_auto_launched_with_zero_delay(auto_launched_with_zero_delay) {} -KioskAppManager::App::App() : is_loading(false), - was_auto_launched_with_zero_delay(false) {} +KioskAppManager::App::App() + : account_id(EmptyAccountId()), + is_loading(false), + was_auto_launched_with_zero_delay(false) {} KioskAppManager::App::~App() {} @@ -642,6 +649,9 @@ void KioskAppManager::UpdateAppData() { if (it->account_id == auto_login_account_id) auto_launch_app_id_ = it->kiosk_app_id; + // Note that app ids are not canonical, i.e. they can contain upper + // case letters. + const AccountId account_id(AccountId::FromUserEmail(it->user_id)); std::map<std::string, KioskAppData*>::iterator old_it = old_apps.find(it->kiosk_app_id); if (old_it != old_apps.end()) { @@ -649,11 +659,11 @@ void KioskAppManager::UpdateAppData() { old_apps.erase(old_it); } else { KioskAppData* new_app = new KioskAppData( - this, it->kiosk_app_id, it->user_id, GURL(it->kiosk_app_update_url)); + this, it->kiosk_app_id, account_id, GURL(it->kiosk_app_update_url)); apps_.push_back(new_app); // Takes ownership of |new_app|. new_app->Load(); } - CancelDelayedCryptohomeRemoval(it->user_id); + CancelDelayedCryptohomeRemoval(cryptohome::Identification(account_id)); } base::Closure cryptohomes_barrier_closure; @@ -663,7 +673,7 @@ void KioskAppManager::UpdateAppData() { if (active_user) { const AccountId active_account_id = active_user->GetAccountId(); for (const auto& it : old_apps) { - if (it.second->user_id() == active_account_id.GetUserEmail()) { + if (it.second->account_id() == active_account_id) { VLOG(1) << "Currently running kiosk app removed from policy, exiting"; cryptohomes_barrier_closure = BarrierClosure( old_apps.size(), base::Bind(&chrome::AttemptUserExit)); @@ -677,12 +687,10 @@ void KioskAppManager::UpdateAppData() { for (std::map<std::string, KioskAppData*>::iterator it = old_apps.begin(); it != old_apps.end(); ++it) { it->second->ClearCache(); + const cryptohome::Identification cryptohome_id(it->second->account_id()); cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( - it->second->user_id(), - base::Bind(&OnRemoveAppCryptohomeComplete, - it->second->user_id(), - it->first, - cryptohomes_barrier_closure)); + cryptohome_id, base::Bind(&OnRemoveAppCryptohomeComplete, cryptohome_id, + it->first, cryptohomes_barrier_closure)); apps_to_remove.push_back(it->second->app_id()); } STLDeleteValues(&old_apps); diff --git a/chrome/browser/chromeos/app_mode/kiosk_app_manager.h b/chrome/browser/chromeos/app_mode/kiosk_app_manager.h index c3877b6..1bc27f1 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_app_manager.h +++ b/chrome/browser/chromeos/app_mode/kiosk_app_manager.h @@ -20,6 +20,7 @@ #include "chrome/browser/chromeos/extensions/external_cache.h" #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" #include "chrome/browser/chromeos/settings/cros_settings.h" +#include "components/signin/core/account_id/account_id.h" #include "ui/gfx/image/image_skia.h" class PrefRegistrySimple; @@ -70,7 +71,7 @@ class KioskAppManager : public KioskAppDataDelegate, ~App(); std::string app_id; - std::string user_id; + AccountId account_id; std::string name; gfx::ImageSkia icon; std::string required_platform_version; diff --git a/chrome/browser/chromeos/app_mode/kiosk_profile_loader.cc b/chrome/browser/chromeos/app_mode/kiosk_profile_loader.cc index d856520..4c2fe61 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_profile_loader.cc +++ b/chrome/browser/chromeos/app_mode/kiosk_profile_loader.cc @@ -119,10 +119,10 @@ class KioskProfileLoader::CryptohomedChecker //////////////////////////////////////////////////////////////////////////////// // KioskProfileLoader -KioskProfileLoader::KioskProfileLoader(const std::string& app_user_id, +KioskProfileLoader::KioskProfileLoader(const AccountId& app_account_id, bool use_guest_mount, Delegate* delegate) - : user_id_(app_user_id), + : account_id_(app_account_id), use_guest_mount_(use_guest_mount), delegate_(delegate) {} @@ -137,7 +137,7 @@ void KioskProfileLoader::Start() { void KioskProfileLoader::LoginAsKioskAccount() { login_performer_.reset(new ChromeLoginPerformer(this)); - login_performer_->LoginAsKioskAccount(user_id_, use_guest_mount_); + login_performer_->LoginAsKioskAccount(account_id_, use_guest_mount_); } void KioskProfileLoader::ReportLaunchResult(KioskAppLaunchError::Error error) { @@ -160,7 +160,7 @@ void KioskProfileLoader::OnAuthSuccess(const UserContext& user_context) { // user as a demo user. UserContext context = user_context; if (context.GetAccountId() == login::GuestAccountId()) - context.SetUserID(login::DemoAccountId().GetUserEmail()); + context.SetAccountId(login::DemoAccountId()); UserSessionManager::GetInstance()->StartSession( context, UserSessionManager::PRIMARY_USER_SESSION, false, // has_auth_cookies diff --git a/chrome/browser/chromeos/app_mode/kiosk_profile_loader.h b/chrome/browser/chromeos/app_mode/kiosk_profile_loader.h index 01d9407..0b15265 100644 --- a/chrome/browser/chromeos/app_mode/kiosk_profile_loader.h +++ b/chrome/browser/chromeos/app_mode/kiosk_profile_loader.h @@ -13,6 +13,7 @@ #include "chrome/browser/chromeos/app_mode/kiosk_app_launch_error.h" #include "chrome/browser/chromeos/login/session/user_session_manager.h" #include "chromeos/login/auth/login_performer.h" +#include "components/signin/core/account_id/account_id.h" class Profile; @@ -33,7 +34,7 @@ class KioskProfileLoader : public LoginPerformer::Delegate, virtual ~Delegate() {} }; - KioskProfileLoader(const std::string& app_user_id, + KioskProfileLoader(const AccountId& app_account_id, bool use_guest_mount, Delegate* delegate); @@ -58,7 +59,7 @@ class KioskProfileLoader : public LoginPerformer::Delegate, // UserSessionManagerDelegate implementation: void OnProfilePrepared(Profile* profile, bool browser_launched) override; - std::string user_id_; + const AccountId account_id_; bool use_guest_mount_; Delegate* delegate_; scoped_ptr<CryptohomedChecker> cryptohomed_checker_; diff --git a/chrome/browser/chromeos/attestation/attestation_policy_observer.cc b/chrome/browser/chromeos/attestation/attestation_policy_observer.cc index e400fa8..71930dd 100644 --- a/chrome/browser/chromeos/attestation/attestation_policy_observer.cc +++ b/chrome/browser/chromeos/attestation/attestation_policy_observer.cc @@ -17,11 +17,14 @@ #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chromeos/attestation/attestation_flow.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "components/policy/core/common/cloud/cloud_policy_client.h" #include "components/policy/core/common/cloud/cloud_policy_manager.h" +#include "components/signin/core/account_id/account_id.h" +#include "components/user_manager/known_user.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/notification_details.h" #include "net/cert/pem_tokenizer.h" @@ -171,11 +174,9 @@ void AttestationPolicyObserver::Start() { weak_factory_.GetWeakPtr()); cryptohome_client_->TpmAttestationDoesKeyExist( KEY_DEVICE, - std::string(), // Not used. + cryptohome::Identification(), // Not used. kEnterpriseMachineKey, - base::Bind(DBusBoolRedirectCallback, - on_does_exist, - on_does_not_exist, + base::Bind(DBusBoolRedirectCallback, on_does_exist, on_does_not_exist, base::Bind(&AttestationPolicyObserver::Reschedule, weak_factory_.GetWeakPtr()), FROM_HERE)); @@ -185,22 +186,21 @@ void AttestationPolicyObserver::GetNewCertificate() { // We can reuse the dbus callback handler logic. attestation_flow_->GetCertificate( PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, - std::string(), // Not used. - std::string(), // Not used. - true, // Force a new key to be generated. + EmptyAccountId(), // Not used. + std::string(), // Not used. + true, // Force a new key to be generated. base::Bind(DBusStringCallback, base::Bind(&AttestationPolicyObserver::UploadCertificate, weak_factory_.GetWeakPtr()), base::Bind(&AttestationPolicyObserver::Reschedule, weak_factory_.GetWeakPtr()), - FROM_HERE, - DBUS_METHOD_CALL_SUCCESS)); + FROM_HERE, DBUS_METHOD_CALL_SUCCESS)); } void AttestationPolicyObserver::GetExistingCertificate() { cryptohome_client_->TpmAttestationGetCertificate( KEY_DEVICE, - std::string(), // Not used. + cryptohome::Identification(), // Not used. kEnterpriseMachineKey, base::Bind(DBusStringCallback, base::Bind(&AttestationPolicyObserver::CheckCertificateExpiry, @@ -272,10 +272,9 @@ void AttestationPolicyObserver::GetKeyPayload( base::Callback<void(const std::string&)> callback) { cryptohome_client_->TpmAttestationGetKeyPayload( KEY_DEVICE, - std::string(), // Not used. + cryptohome::Identification(), // Not used. kEnterpriseMachineKey, - base::Bind(DBusStringCallback, - callback, + base::Bind(DBusStringCallback, callback, base::Bind(&AttestationPolicyObserver::Reschedule, weak_factory_.GetWeakPtr()), FROM_HERE)); @@ -301,14 +300,10 @@ void AttestationPolicyObserver::MarkAsUploaded(const std::string& key_payload) { } cryptohome_client_->TpmAttestationSetKeyPayload( KEY_DEVICE, - std::string(), // Not used. - kEnterpriseMachineKey, - new_payload, - base::Bind(DBusBoolRedirectCallback, - base::Closure(), - base::Closure(), - base::Closure(), - FROM_HERE)); + cryptohome::Identification(), // Not used. + kEnterpriseMachineKey, new_payload, + base::Bind(DBusBoolRedirectCallback, base::Closure(), base::Closure(), + base::Closure(), FROM_HERE)); } void AttestationPolicyObserver::Reschedule() { diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.cc b/chrome/browser/chromeos/attestation/platform_verification_flow.cc index a756de0..794ed3a 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow.cc +++ b/chrome/browser/chromeos/attestation/platform_verification_flow.cc @@ -23,6 +23,7 @@ #include "chromeos/attestation/attestation_flow.h" #include "chromeos/chromeos_switches.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "components/content_settings/core/browser/host_content_settings_map.h" @@ -249,11 +250,12 @@ void PlatformVerificationFlow::OnAttestationPrepared( return; } - GetCertificate(context, user->email(), false /* Don't force a new key */); + GetCertificate(context, user->GetAccountId(), + false /* Don't force a new key */); } void PlatformVerificationFlow::GetCertificate(const ChallengeContext& context, - const std::string& user_id, + const AccountId& account_id, bool force_new_key) { scoped_ptr<base::Timer> timer(new base::Timer(false, // Don't retain. false)); // Don't repeat. @@ -263,23 +265,17 @@ void PlatformVerificationFlow::GetCertificate(const ChallengeContext& context, context); timer->Start(FROM_HERE, timeout_delay_, timeout_callback); - AttestationFlow::CertificateCallback certificate_callback = base::Bind( - &PlatformVerificationFlow::OnCertificateReady, - this, - context, - user_id, - base::Passed(&timer)); - attestation_flow_->GetCertificate( - PROFILE_CONTENT_PROTECTION_CERTIFICATE, - user_id, - context.service_id, - force_new_key, - certificate_callback); + AttestationFlow::CertificateCallback certificate_callback = + base::Bind(&PlatformVerificationFlow::OnCertificateReady, this, context, + account_id, base::Passed(&timer)); + attestation_flow_->GetCertificate(PROFILE_CONTENT_PROTECTION_CERTIFICATE, + account_id, context.service_id, + force_new_key, certificate_callback); } void PlatformVerificationFlow::OnCertificateReady( const ChallengeContext& context, - const std::string& user_id, + const AccountId& account_id, scoped_ptr<base::Timer> timer, bool operation_success, const std::string& certificate_chain) { @@ -301,20 +297,18 @@ void PlatformVerificationFlow::OnCertificateReady( ExpiryStatus expiry_status = CheckExpiry(certificate_chain); ReportExpiryStatus(expiry_status); if (expiry_status == EXPIRY_STATUS_EXPIRED) { - GetCertificate(context, user_id, true /* Force a new key */); + GetCertificate(context, account_id, true /* Force a new key */); return; } bool is_expiring_soon = (expiry_status == EXPIRY_STATUS_EXPIRING_SOON); cryptohome::AsyncMethodCaller::DataCallback cryptohome_callback = base::Bind(&PlatformVerificationFlow::OnChallengeReady, this, context, - user_id, certificate_chain, is_expiring_soon); + account_id, certificate_chain, is_expiring_soon); std::string key_name = kContentProtectionKeyPrefix; key_name += context.service_id; - async_caller_->TpmAttestationSignSimpleChallenge(KEY_USER, - user_id, - key_name, - context.challenge, - cryptohome_callback); + async_caller_->TpmAttestationSignSimpleChallenge( + KEY_USER, cryptohome::Identification(account_id), key_name, + context.challenge, cryptohome_callback); } void PlatformVerificationFlow::OnCertificateTimeout( @@ -325,7 +319,7 @@ void PlatformVerificationFlow::OnCertificateTimeout( void PlatformVerificationFlow::OnChallengeReady( const ChallengeContext& context, - const std::string& user_id, + const AccountId& account_id, const std::string& certificate_chain, bool is_expiring_soon, bool operation_success, @@ -352,7 +346,7 @@ void PlatformVerificationFlow::OnChallengeReady( base::Bind(&PlatformVerificationFlow::RenewCertificateCallback, this, certificate_chain); attestation_flow_->GetCertificate(PROFILE_CONTENT_PROTECTION_CERTIFICATE, - user_id, context.service_id, + account_id, context.service_id, true, // force_new_key renew_callback); } diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.h b/chrome/browser/chromeos/attestation/platform_verification_flow.h index 55f6d13..fd7576b 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow.h +++ b/chrome/browser/chromeos/attestation/platform_verification_flow.h @@ -16,6 +16,8 @@ #include "base/timer/timer.h" #include "url/gurl.h" +class AccountId; + namespace content { class WebContents; } @@ -176,17 +178,17 @@ class PlatformVerificationFlow bool attestation_prepared); // Initiates the flow to get a platform key certificate. The arguments to - // ChallengePlatformKey are in |context|. |user_id| identifies the user for - // which to get a certificate. If |force_new_key| is true then any existing - // key for the same user and service will be ignored and a new key will be - // generated and certified. + // ChallengePlatformKey are in |context|. |account_id| identifies the user + // for which to get a certificate. If |force_new_key| is true then any + // existing key for the same user and service will be ignored and a new key + // will be generated and certified. void GetCertificate(const ChallengeContext& context, - const std::string& user_id, + const AccountId& account_id, bool force_new_key); // A callback called when an attestation certificate request operation // completes. The arguments to ChallengePlatformKey are in |context|. - // |user_id| identifies the user for which the certificate was requested. + // |account_id| identifies the user for which the certificate was requested. // |operation_success| is true iff the certificate request operation // succeeded. |certificate_chain| holds the certificate for the platform key // on success. If the certificate request was successful, this method invokes @@ -194,7 +196,7 @@ class PlatformVerificationFlow // method being called, this method does nothing - notably, the callback is // not invoked. void OnCertificateReady(const ChallengeContext& context, - const std::string& user_id, + const AccountId& account_id, scoped_ptr<base::Timer> timer, bool operation_success, const std::string& certificate_chain); @@ -207,14 +209,14 @@ class PlatformVerificationFlow // A callback called when a challenge signing request has completed. The // |certificate_chain| is the platform certificate chain for the key which // signed the |challenge|. The arguments to ChallengePlatformKey are in - // |context|. |user_id| identifies the user for which the certificate was + // |context|. |account_id| identifies the user for which the certificate was // requested. |is_expiring_soon| will be set iff a certificate in the // |certificate_chain| is expiring soon. |operation_success| is true iff the // challenge signing operation was successful. If it was successful, // |response_data| holds the challenge response and the method will invoke // |context.callback|. void OnChallengeReady(const ChallengeContext& context, - const std::string& user_id, + const AccountId& account_id, const std::string& certificate_chain, bool is_expiring_soon, bool operation_success, diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc index 14dbb66..58897b3 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc +++ b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc @@ -164,22 +164,23 @@ class PlatformVerificationFlowTest : public ::testing::Test { // that there are no calls to the attestation service. Thus, a test must // explicitly expect these calls or the mocks will fail the test. + const AccountId account_id = AccountId::FromUserEmail(kTestEmail); // Configure the mock AttestationFlow to call FakeGetCertificate. EXPECT_CALL(mock_attestation_flow_, GetCertificate(PROFILE_CONTENT_PROTECTION_CERTIFICATE, - kTestEmail, kTestID, _, _)) - .WillRepeatedly(WithArgs<4>(Invoke( - this, &PlatformVerificationFlowTest::FakeGetCertificate))); + account_id, kTestID, _, _)) + .WillRepeatedly(WithArgs<4>( + Invoke(this, &PlatformVerificationFlowTest::FakeGetCertificate))); // Configure the mock AsyncMethodCaller to call FakeSignChallenge. std::string expected_key_name = std::string(kContentProtectionKeyPrefix) + std::string(kTestID); EXPECT_CALL(mock_async_caller_, - TpmAttestationSignSimpleChallenge(KEY_USER, kTestEmail, - expected_key_name, - kTestChallenge, _)) - .WillRepeatedly(WithArgs<4>(Invoke( - this, &PlatformVerificationFlowTest::FakeSignChallenge))); + TpmAttestationSignSimpleChallenge( + KEY_USER, cryptohome::Identification(account_id), + expected_key_name, kTestChallenge, _)) + .WillRepeatedly(WithArgs<4>( + Invoke(this, &PlatformVerificationFlowTest::FakeSignChallenge))); } void FakeGetCertificate( diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc index 7ec7f7c..cd13f69 100644 --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc @@ -93,6 +93,7 @@ #include "chromeos/chromeos_paths.h" #include "chromeos/chromeos_switches.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/cryptohome/homedir_methods.h" #include "chromeos/cryptohome/system_salt_getter.h" #include "chromeos/dbus/dbus_thread_manager.h" @@ -328,7 +329,8 @@ void ChromeBrowserMainPartsChromeos::PreEarlyInitialization() { !parsed_command_line().HasSwitch(switches::kLoginUser) && !parsed_command_line().HasSwitch(switches::kGuestSession)) { singleton_command_line->AppendSwitchASCII( - switches::kLoginUser, login::StubAccountId().GetUserEmail()); + switches::kLoginUser, + cryptohome::Identification(login::StubAccountId()).id()); if (!parsed_command_line().HasSwitch(switches::kLoginProfile)) { singleton_command_line->AppendSwitchASCII(switches::kLoginProfile, chrome::kTestUserProfileDir); @@ -515,11 +517,13 @@ void ChromeBrowserMainPartsChromeos::PreProfileInit() { ChromeBrowserMainPartsLinux::PreProfileInit(); if (immediate_login) { - const std::string user_email = login::CanonicalizeUserID( - parsed_command_line().GetSwitchValueASCII(switches::kLoginUser)); + const std::string cryptohome_id = + parsed_command_line().GetSwitchValueASCII(switches::kLoginUser); + const AccountId account_id( + cryptohome::Identification::FromString(cryptohome_id).GetAccountId()); + user_manager::UserManager* user_manager = user_manager::UserManager::Get(); - const AccountId account_id(AccountId::FromUserEmail(user_email)); if (policy::IsDeviceLocalAccountUser(account_id.GetUserEmail(), NULL) && !user_manager->IsKnownUser(account_id)) { // When a device-local account is removed, its policy is deleted from disk @@ -536,7 +540,7 @@ void ChromeBrowserMainPartsChromeos::PreProfileInit() { std::string user_id_hash = parsed_command_line().GetSwitchValueASCII(switches::kLoginProfile); user_manager->UserLoggedIn(account_id, user_id_hash, true); - VLOG(1) << "Relaunching browser for user: " << user_email + VLOG(1) << "Relaunching browser for user: " << account_id.Serialize() << " with hash: " << user_id_hash; } } diff --git a/chrome/browser/chromeos/login/app_launch_controller.cc b/chrome/browser/chromeos/login/app_launch_controller.cc index 057671f..c8c6579 100644 --- a/chrome/browser/chromeos/login/app_launch_controller.cc +++ b/chrome/browser/chromeos/login/app_launch_controller.cc @@ -29,6 +29,7 @@ #include "chrome/browser/ui/webui/chromeos/login/app_launch_splash_screen_handler.h" #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h" #include "chromeos/settings/cros_settings_names.h" +#include "components/user_manager/known_user.h" #include "components/user_manager/user_manager.h" #include "content/public/browser/notification_service.h" #include "extensions/browser/app_window/app_window.h" @@ -159,9 +160,8 @@ void AppLaunchController::StartAppLaunch(bool is_auto_launch) { if (delay == 0) KioskAppManager::Get()->SetAppWasAutoLaunchedWithZeroDelay(app_id_); } - kiosk_profile_loader_.reset( - new KioskProfileLoader(app.user_id, false, this)); + new KioskProfileLoader(app.account_id, false, this)); kiosk_profile_loader_->Start(); } diff --git a/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc b/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc index 606ca65..de73217 100644 --- a/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc +++ b/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc @@ -266,10 +266,10 @@ class CryptohomeAuthenticatorTest : public testing::Test { cryptohome::KeyDefinition::ProviderData("salt")); key_definition.provider_data.back().bytes = std::move(salt); } - EXPECT_CALL(*mock_homedir_methods_, - GetKeyDataEx(cryptohome::Identification( - user_context_.GetAccountId().GetUserEmail()), - kCryptohomeGAIAKeyLabel, _)) + EXPECT_CALL( + *mock_homedir_methods_, + GetKeyDataEx(cryptohome::Identification(user_context_.GetAccountId()), + kCryptohomeGAIAKeyLabel, _)) .WillOnce(WithArg<2>(Invoke( this, &CryptohomeAuthenticatorTest::InvokeGetDataExCallback))); } @@ -285,10 +285,10 @@ class CryptohomeAuthenticatorTest : public testing::Test { kCryptohomeGAIAKeyLabel, cryptohome::PRIV_DEFAULT)); } - EXPECT_CALL(*mock_homedir_methods_, - MountEx(cryptohome::Identification( - user_context_.GetAccountId().GetUserEmail()), - cryptohome::Authorization(auth_key), mount, _)) + EXPECT_CALL( + *mock_homedir_methods_, + MountEx(cryptohome::Identification(user_context_.GetAccountId()), + cryptohome::Authorization(auth_key), mount, _)) .Times(1) .RetiresOnSaturation(); } @@ -562,8 +562,9 @@ TEST_F(CryptohomeAuthenticatorTest, DriveDataResync) { // Set up mock async method caller to respond successfully to a cryptohome // remove attempt. mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(*mock_caller_, - AsyncRemove(user_context_.GetAccountId().GetUserEmail(), _)) + EXPECT_CALL( + *mock_caller_, + AsyncRemove(cryptohome::Identification(user_context_.GetAccountId()), _)) .Times(1) .RetiresOnSaturation(); @@ -585,8 +586,9 @@ TEST_F(CryptohomeAuthenticatorTest, DriveResyncFail) { // Set up mock async method caller to fail a cryptohome remove attempt. mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(*mock_caller_, - AsyncRemove(user_context_.GetAccountId().GetUserEmail(), _)) + EXPECT_CALL( + *mock_caller_, + AsyncRemove(cryptohome::Identification(user_context_.GetAccountId()), _)) .Times(1) .RetiresOnSaturation(); @@ -616,9 +618,10 @@ TEST_F(CryptohomeAuthenticatorTest, DriveDataRecover) { // Set up mock async method caller to respond successfully to a key migration. mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(*mock_caller_, - AsyncMigrateKey(user_context_.GetAccountId().GetUserEmail(), _, - transformed_key_.GetSecret(), _)) + EXPECT_CALL( + *mock_caller_, + AsyncMigrateKey(cryptohome::Identification(user_context_.GetAccountId()), + _, transformed_key_.GetSecret(), _)) .Times(1) .RetiresOnSaturation(); @@ -641,9 +644,10 @@ TEST_F(CryptohomeAuthenticatorTest, DriveDataRecoverButFail) { // Set up mock async method caller to fail a key migration attempt, // asserting that the wrong password was used. mock_caller_->SetUp(false, cryptohome::MOUNT_ERROR_KEY_FAILURE); - EXPECT_CALL(*mock_caller_, - AsyncMigrateKey(user_context_.GetAccountId().GetUserEmail(), _, - transformed_key_.GetSecret(), _)) + EXPECT_CALL( + *mock_caller_, + AsyncMigrateKey(cryptohome::Identification(user_context_.GetAccountId()), + _, transformed_key_.GetSecret(), _)) .Times(1) .RetiresOnSaturation(); @@ -732,8 +736,10 @@ TEST_F(CryptohomeAuthenticatorTest, DriveUnlock) { // Set up mock async method caller to respond successfully to a cryptohome // key-check attempt. mock_caller_->SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(*mock_caller_, - AsyncCheckKey(user_context_.GetAccountId().GetUserEmail(), _, _)) + EXPECT_CALL( + *mock_caller_, + AsyncCheckKey(cryptohome::Identification(user_context_.GetAccountId()), _, + _)) .Times(1) .RetiresOnSaturation(); diff --git a/chrome/browser/chromeos/login/chrome_restart_request.cc b/chrome/browser/chromeos/login/chrome_restart_request.cc index 037af8c..cdd081b 100644 --- a/chrome/browser/chromeos/login/chrome_restart_request.cc +++ b/chrome/browser/chromeos/login/chrome_restart_request.cc @@ -28,6 +28,7 @@ #include "chrome/common/chrome_switches.h" #include "chrome/common/url_constants.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/session_manager_client.h" #include "chromeos/login/user_names.h" @@ -322,8 +323,9 @@ void GetOffTheRecordCommandLine(const GURL& start_url, otr_switches.SetString(switches::kGuestSession, std::string()); otr_switches.SetString(::switches::kIncognito, std::string()); otr_switches.SetString(::switches::kLoggingLevel, kGuestModeLoggingLevel); - otr_switches.SetString(switches::kLoginUser, - login::GuestAccountId().GetUserEmail()); + otr_switches.SetString( + switches::kLoginUser, + cryptohome::Identification(login::GuestAccountId()).id()); // Override the home page. otr_switches.SetString(::switches::kHomePage, diff --git a/chrome/browser/chromeos/login/crash_restore_browsertest.cc b/chrome/browser/chromeos/login/crash_restore_browsertest.cc index 4d27624..41ded0b6 100644 --- a/chrome/browser/chromeos/login/crash_restore_browsertest.cc +++ b/chrome/browser/chromeos/login/crash_restore_browsertest.cc @@ -13,6 +13,7 @@ #include "chrome/browser/chromeos/login/session/user_session_manager_test_api.h" #include "chrome/test/base/in_process_browser_test.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/fake_session_manager_client.h" @@ -40,10 +41,10 @@ class CrashRestoreSimpleTest : public InProcessBrowserTest { ~CrashRestoreSimpleTest() override {} void SetUpCommandLine(base::CommandLine* command_line) override { - command_line->AppendSwitchASCII(switches::kLoginUser, kUserId1); + command_line->AppendSwitchASCII(switches::kLoginUser, cryptohome_id1_.id()); command_line->AppendSwitchASCII( switches::kLoginProfile, - CryptohomeClient::GetStubSanitizedUsername(kUserId1)); + CryptohomeClient::GetStubSanitizedUsername(cryptohome_id1_)); } void SetUpInProcessBrowserTestFixture() override { @@ -51,18 +52,27 @@ class CrashRestoreSimpleTest : public InProcessBrowserTest { session_manager_client_ = new FakeSessionManagerClient; chromeos::DBusThreadManager::GetSetterForTesting()->SetSessionManagerClient( scoped_ptr<SessionManagerClient>(session_manager_client_)); - session_manager_client_->StartSession(kUserId1); + session_manager_client_->StartSession(cryptohome_id1_); } FakeSessionManagerClient* session_manager_client_; + const AccountId account_id1_ = AccountId::FromUserEmail(kUserId1); + const AccountId account_id2_ = AccountId::FromUserEmail(kUserId2); + const AccountId account_id3_ = AccountId::FromUserEmail(kUserId3); + const cryptohome::Identification cryptohome_id1_ = + cryptohome::Identification(account_id1_); + const cryptohome::Identification cryptohome_id2_ = + cryptohome::Identification(account_id2_); + const cryptohome::Identification cryptohome_id3_ = + cryptohome::Identification(account_id3_); }; IN_PROC_BROWSER_TEST_F(CrashRestoreSimpleTest, RestoreSessionForOneUser) { user_manager::UserManager* user_manager = user_manager::UserManager::Get(); user_manager::User* user = user_manager->GetActiveUser(); ASSERT_TRUE(user); - EXPECT_EQ(kUserId1, user->email()); - EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(kUserId1), + EXPECT_EQ(account_id1_, user->GetAccountId()); + EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(cryptohome_id1_), user->username_hash()); EXPECT_EQ(1UL, user_manager->GetLoggedInUsers().size()); } @@ -116,8 +126,8 @@ class CrashRestoreComplexTest : public CrashRestoreSimpleTest { void SetUpInProcessBrowserTestFixture() override { CrashRestoreSimpleTest::SetUpInProcessBrowserTestFixture(); - session_manager_client_->StartSession(kUserId2); - session_manager_client_->StartSession(kUserId3); + session_manager_client_->StartSession(cryptohome_id2_); + session_manager_client_->StartSession(cryptohome_id3_); } }; @@ -138,21 +148,21 @@ IN_PROC_BROWSER_TEST_F(CrashRestoreComplexTest, RestoreSessionForThreeUsers) { user_manager::UserManager* user_manager = user_manager::UserManager::Get(); user_manager::User* user = user_manager->GetActiveUser(); ASSERT_TRUE(user); - EXPECT_EQ(kUserId3, user->email()); - EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(kUserId3), + EXPECT_EQ(account_id3_, user->GetAccountId()); + EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(cryptohome_id3_), user->username_hash()); const user_manager::UserList& users = user_manager->GetLoggedInUsers(); ASSERT_EQ(3UL, users.size()); // User that becomes active moves to the beginning of the list. - EXPECT_EQ(kUserId3, users[0]->email()); - EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(kUserId3), + EXPECT_EQ(account_id3_, users[0]->GetAccountId()); + EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(cryptohome_id3_), users[0]->username_hash()); - EXPECT_EQ(kUserId2, users[1]->email()); - EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(kUserId2), + EXPECT_EQ(account_id2_, users[1]->GetAccountId()); + EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(cryptohome_id2_), users[1]->username_hash()); - EXPECT_EQ(kUserId1, users[2]->email()); - EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(kUserId1), + EXPECT_EQ(account_id1_, users[2]->GetAccountId()); + EXPECT_EQ(CryptohomeClient::GetStubSanitizedUsername(cryptohome_id1_), users[2]->username_hash()); } diff --git a/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.cc b/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.cc index e5f452c..5c9c45d 100644 --- a/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.cc +++ b/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.cc @@ -49,14 +49,14 @@ DemoAppLauncher::~DemoAppLauncher() { void DemoAppLauncher::StartDemoAppLaunch() { DVLOG(1) << "Launching demo app..."; // user_id = DemoAppUserId, force_emphemeral = true, delegate = this. - kiosk_profile_loader_.reset(new KioskProfileLoader( - login::DemoAccountId().GetUserEmail(), true, this)); + kiosk_profile_loader_.reset( + new KioskProfileLoader(login::DemoAccountId(), true, this)); kiosk_profile_loader_->Start(); } // static -bool DemoAppLauncher::IsDemoAppSession(const std::string& user_id) { - return user_id == login::DemoAccountId().GetUserEmail(); +bool DemoAppLauncher::IsDemoAppSession(const AccountId& account_id) { + return account_id == login::DemoAccountId(); } // static diff --git a/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.h b/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.h index dfc3a8f..74322bd 100644 --- a/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.h +++ b/chrome/browser/chromeos/login/demo_mode/demo_app_launcher.h @@ -12,6 +12,8 @@ #include "base/memory/scoped_ptr.h" #include "chrome/browser/chromeos/app_mode/kiosk_profile_loader.h" +class AccountId; + namespace base { class FilePath; } @@ -26,7 +28,7 @@ class DemoAppLauncher : public KioskProfileLoader::Delegate { void StartDemoAppLaunch(); - static bool IsDemoAppSession(const std::string& user_id); + static bool IsDemoAppSession(const AccountId& account_id); static void SetDemoAppPathForTesting(const base::FilePath& path); static const char kDemoAppId[]; diff --git a/chrome/browser/chromeos/login/easy_unlock/bootstrap_user_context_initializer.cc b/chrome/browser/chromeos/login/easy_unlock/bootstrap_user_context_initializer.cc index 6b3a82b..536e7c2 100644 --- a/chrome/browser/chromeos/login/easy_unlock/bootstrap_user_context_initializer.cc +++ b/chrome/browser/chromeos/login/easy_unlock/bootstrap_user_context_initializer.cc @@ -12,6 +12,8 @@ #include "chrome/browser/chromeos/login/session/user_session_manager.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/signin/easy_unlock_service_signin_chromeos.h" +#include "chromeos/login/user_names.h" +#include "components/user_manager/known_user.h" #include "components/user_manager/user_manager.h" #include "crypto/random.h" #include "google_apis/gaia/gaia_constants.h" @@ -175,8 +177,8 @@ void BootstrapUserContextInitializer::OnGetUserInfoResponse( return; } - user_context_.SetUserID(email); - user_context_.SetGaiaID(gaia_id); + user_context_.SetAccountId(user_manager::known_user::GetAccountId( + login::CanonicalizeUserID(email), gaia_id)); StartCheckExistingKeys(); } diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_create_keys_operation.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_create_keys_operation.cc index ea8a122..360e825 100644 --- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_create_keys_operation.cc +++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_create_keys_operation.cc @@ -355,9 +355,7 @@ void EasyUnlockCreateKeysOperation::OnGetSystemSalt( kEasyUnlockKeyMetaNameWrappedSecret, device->wrapped_secret)); // Add cryptohome key. - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context_.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + const cryptohome::Identification id(user_context_.GetAccountId()); scoped_ptr<Key> auth_key(new Key(*user_context_.GetKey())); if (auth_key->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN) diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_get_keys_operation.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_get_keys_operation.cc index fdfe3bf..46e75eb 100644 --- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_get_keys_operation.cc +++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_get_keys_operation.cc @@ -36,9 +36,7 @@ void EasyUnlockGetKeysOperation::Start() { } void EasyUnlockGetKeysOperation::GetKeyData() { - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context_.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + const cryptohome::Identification id(user_context_.GetAccountId()); cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( id, EasyUnlockKeyManager::GetKeyLabel(key_index_), diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_remove_keys_operation.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_remove_keys_operation.cc index 9ead3ef..2a61962 100644 --- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_remove_keys_operation.cc +++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_remove_keys_operation.cc @@ -47,9 +47,7 @@ void EasyUnlockRemoveKeysOperation::OnGetSystemSalt( } void EasyUnlockRemoveKeysOperation::RemoveKey() { - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context_.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context_.GetAccountId()); const Key* const auth_key = user_context_.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); diff --git a/chrome/browser/chromeos/login/existing_user_controller.cc b/chrome/browser/chromeos/login/existing_user_controller.cc index d265d84..6903f74 100644 --- a/chrome/browser/chromeos/login/existing_user_controller.cc +++ b/chrome/browser/chromeos/login/existing_user_controller.cc @@ -762,8 +762,8 @@ bool ExistingUserController::password_changed() const { } void ExistingUserController::LoginAsGuest() { - PerformPreLoginActions(UserContext(user_manager::USER_TYPE_GUEST, - login::GuestAccountId().GetUserEmail())); + PerformPreLoginActions( + UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId())); bool allow_guest; cros_settings_->GetBoolean(kAccountsPrefAllowGuest, &allow_guest); @@ -866,20 +866,21 @@ void ExistingUserController::ConfigurePublicSessionAutoLogin() { const std::vector<policy::DeviceLocalAccount> device_local_accounts = policy::GetDeviceLocalAccounts(cros_settings_); - public_session_auto_login_username_.clear(); + public_session_auto_login_account_id_ = EmptyAccountId(); for (std::vector<policy::DeviceLocalAccount>::const_iterator it = device_local_accounts.begin(); it != device_local_accounts.end(); ++it) { if (it->account_id == auto_login_account_id) { - public_session_auto_login_username_ = it->user_id; + public_session_auto_login_account_id_ = + AccountId::FromUserEmail(it->user_id); break; } } const user_manager::User* user = user_manager::UserManager::Get()->FindUser( - AccountId::FromUserEmail(public_session_auto_login_username_)); + public_session_auto_login_account_id_); if (!user || user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT) - public_session_auto_login_username_.clear(); + public_session_auto_login_account_id_ = EmptyAccountId(); if (!cros_settings_->GetInteger( kAccountsPrefDeviceLocalAccountAutoLoginDelay, @@ -887,7 +888,7 @@ void ExistingUserController::ConfigurePublicSessionAutoLogin() { public_session_auto_login_delay_ = 0; } - if (!public_session_auto_login_username_.empty()) + if (public_session_auto_login_account_id_.is_valid()) StartPublicSessionAutoLoginTimer(); else StopPublicSessionAutoLoginTimer(); @@ -902,9 +903,10 @@ void ExistingUserController::ResetPublicSessionAutoLoginTimer() { } void ExistingUserController::OnPublicSessionAutoLoginTimerFire() { - CHECK(signin_screen_ready_ && !public_session_auto_login_username_.empty()); + CHECK(signin_screen_ready_ && + public_session_auto_login_account_id_.is_valid()); Login(UserContext(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - public_session_auto_login_username_), + public_session_auto_login_account_id_), SigninSpecifics()); } @@ -914,9 +916,8 @@ void ExistingUserController::StopPublicSessionAutoLoginTimer() { } void ExistingUserController::StartPublicSessionAutoLoginTimer() { - if (!signin_screen_ready_ || - is_login_in_progress_ || - public_session_auto_login_username_.empty()) { + if (!signin_screen_ready_ || is_login_in_progress_ || + !public_session_auto_login_account_id_.is_valid()) { return; } diff --git a/chrome/browser/chromeos/login/existing_user_controller.h b/chrome/browser/chromeos/login/existing_user_controller.h index 2d18cfe..c9dd991 100644 --- a/chrome/browser/chromeos/login/existing_user_controller.h +++ b/chrome/browser/chromeos/login/existing_user_controller.h @@ -26,6 +26,7 @@ #include "chrome/browser/chromeos/settings/device_settings_service.h" #include "chromeos/login/auth/login_performer.h" #include "chromeos/login/auth/user_context.h" +#include "components/signin/core/account_id/account_id.h" #include "components/user_manager/user.h" #include "content/public/browser/notification_observer.h" #include "content/public/browser/notification_registrar.h" @@ -256,8 +257,8 @@ class ExistingUserController : public LoginDisplay::Delegate, // Public session auto-login timeout, in milliseconds. int public_session_auto_login_delay_; - // Username for public session auto-login. - std::string public_session_auto_login_username_; + // AccountId for public session auto-login. + AccountId public_session_auto_login_account_id_ = EmptyAccountId(); // Used to execute login operations. scoped_ptr<LoginPerformer> login_performer_; diff --git a/chrome/browser/chromeos/login/existing_user_controller_auto_login_unittest.cc b/chrome/browser/chromeos/login/existing_user_controller_auto_login_unittest.cc index 3d6ff7f..ce4be33 100644 --- a/chrome/browser/chromeos/login/existing_user_controller_auto_login_unittest.cc +++ b/chrome/browser/chromeos/login/existing_user_controller_auto_login_unittest.cc @@ -101,11 +101,12 @@ class ExistingUserControllerAutoLoginTest : public ::testing::Test { return existing_user_controller()->auto_login_timer_.get(); } - const std::string& auto_login_username() const { - return existing_user_controller()->public_session_auto_login_username_; + const AccountId& auto_login_account_id() const { + return existing_user_controller()->public_session_auto_login_account_id_; } - void set_auto_login_username(const std::string& username) { - existing_user_controller()->public_session_auto_login_username_ = username; + void set_auto_login_account_id(const AccountId& account_id) { + existing_user_controller()->public_session_auto_login_account_id_ = + account_id; } int auto_login_delay() const { @@ -157,19 +158,19 @@ class ExistingUserControllerAutoLoginTest : public ::testing::Test { TEST_F(ExistingUserControllerAutoLoginTest, StartAutoLoginTimer) { // Timer shouldn't start until signin screen is ready. - set_auto_login_username(auto_login_account_id_.GetUserEmail()); + set_auto_login_account_id(auto_login_account_id_); set_auto_login_delay(kAutoLoginDelay2); existing_user_controller()->StartPublicSessionAutoLoginTimer(); EXPECT_FALSE(auto_login_timer()); // Timer shouldn't start if the policy isn't set. - set_auto_login_username(""); + set_auto_login_account_id(EmptyAccountId()); existing_user_controller()->OnSigninScreenReady(); existing_user_controller()->StartPublicSessionAutoLoginTimer(); EXPECT_FALSE(auto_login_timer()); // Timer shouldn't fire in the middle of a login attempt. - set_auto_login_username(auto_login_account_id_.GetUserEmail()); + set_auto_login_account_id(auto_login_account_id_); set_is_login_in_progress(true); existing_user_controller()->StartPublicSessionAutoLoginTimer(); EXPECT_FALSE(auto_login_timer()); @@ -185,7 +186,7 @@ TEST_F(ExistingUserControllerAutoLoginTest, StartAutoLoginTimer) { TEST_F(ExistingUserControllerAutoLoginTest, StopAutoLoginTimer) { existing_user_controller()->OnSigninScreenReady(); - set_auto_login_username(auto_login_account_id_.GetUserEmail()); + set_auto_login_account_id(auto_login_account_id_); set_auto_login_delay(kAutoLoginDelay2); existing_user_controller()->StartPublicSessionAutoLoginTimer(); @@ -199,7 +200,7 @@ TEST_F(ExistingUserControllerAutoLoginTest, StopAutoLoginTimer) { TEST_F(ExistingUserControllerAutoLoginTest, ResetAutoLoginTimer) { existing_user_controller()->OnSigninScreenReady(); - set_auto_login_username(auto_login_account_id_.GetUserEmail()); + set_auto_login_account_id(auto_login_account_id_); // Timer starts off not running. EXPECT_FALSE(auto_login_timer()); @@ -233,14 +234,14 @@ TEST_F(ExistingUserControllerAutoLoginTest, ConfigureAutoLogin) { ConfigureAutoLogin(); EXPECT_FALSE(auto_login_timer()); EXPECT_EQ(auto_login_delay(), 0); - EXPECT_EQ(auto_login_username(), ""); + EXPECT_EQ(auto_login_account_id(), EmptyAccountId()); // Timer shouldn't start when the delay alone is set. SetAutoLoginSettings("", kAutoLoginDelay1); ConfigureAutoLogin(); EXPECT_FALSE(auto_login_timer()); EXPECT_EQ(auto_login_delay(), kAutoLoginDelay1); - EXPECT_EQ(auto_login_username(), ""); + EXPECT_EQ(auto_login_account_id(), EmptyAccountId()); // Timer should start when the account ID is set. SetAutoLoginSettings(auto_login_user_id_, kAutoLoginDelay1); @@ -250,7 +251,7 @@ TEST_F(ExistingUserControllerAutoLoginTest, ConfigureAutoLogin) { EXPECT_EQ(auto_login_timer()->GetCurrentDelay().InMilliseconds(), kAutoLoginDelay1); EXPECT_EQ(auto_login_delay(), kAutoLoginDelay1); - EXPECT_EQ(auto_login_username(), auto_login_account_id_.GetUserEmail()); + EXPECT_EQ(auto_login_account_id(), auto_login_account_id_); // Timer should restart when the delay is changed. SetAutoLoginSettings(auto_login_user_id_, kAutoLoginDelay2); @@ -260,7 +261,7 @@ TEST_F(ExistingUserControllerAutoLoginTest, ConfigureAutoLogin) { EXPECT_EQ(auto_login_timer()->GetCurrentDelay().InMilliseconds(), kAutoLoginDelay2); EXPECT_EQ(auto_login_delay(), kAutoLoginDelay2); - EXPECT_EQ(auto_login_username(), auto_login_account_id_.GetUserEmail()); + EXPECT_EQ(auto_login_account_id(), auto_login_account_id_); // Timer should stop when the account ID is unset. SetAutoLoginSettings("", kAutoLoginDelay2); @@ -269,7 +270,7 @@ TEST_F(ExistingUserControllerAutoLoginTest, ConfigureAutoLogin) { EXPECT_FALSE(auto_login_timer()->IsRunning()); EXPECT_EQ(auto_login_timer()->GetCurrentDelay().InMilliseconds(), kAutoLoginDelay2); - EXPECT_EQ(auto_login_username(), ""); + EXPECT_EQ(auto_login_account_id(), EmptyAccountId()); EXPECT_EQ(auto_login_delay(), kAutoLoginDelay2); } diff --git a/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc b/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc index fd45ed8..1fb92a8 100644 --- a/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc +++ b/chrome/browser/chromeos/login/existing_user_controller_browsertest.cc @@ -198,8 +198,7 @@ class ExistingUserControllerTest : public policy::DevicePolicyCrosBrowserTest { } AccountId auto_login_account_id() const { - return AccountId::FromUserEmail( - existing_user_controller()->public_session_auto_login_username_); + return existing_user_controller()->public_session_auto_login_account_id_; } int auto_login_delay() const { @@ -220,7 +219,8 @@ class ExistingUserControllerTest : public policy::DevicePolicyCrosBrowserTest { // Mock URLFetcher. MockURLFetcherFactory<SuccessFetcher> factory_; - const AccountId account_id_ = AccountId::FromUserEmail(kUsername); + const AccountId account_id_ = + AccountId::FromUserEmailGaiaId(kUsername, kGaiaID); private: DISALLOW_COPY_AND_ASSIGN(ExistingUserControllerTest); @@ -234,7 +234,6 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, ExistingUserLogin) { EXPECT_CALL(*mock_login_display_, SetUIEnabled(false)) .Times(2); UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); user_context.SetUserIDHash(account_id_.GetUserEmail()); test::UserSessionManagerTestApi session_manager_test_api( @@ -285,7 +284,6 @@ void ExistingUserControllerUntrustedTest::SetUpSessionManager() { IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest, ExistingUserLoginForbidden) { UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); user_context.SetUserIDHash(account_id_.GetUserEmail()); existing_user_controller()->Login(user_context, SigninSpecifics()); @@ -294,7 +292,6 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest, IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest, NewUserLoginForbidden) { UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); user_context.SetUserIDHash(account_id_.GetUserEmail()); existing_user_controller()->CompleteLogin(user_context); @@ -303,7 +300,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest, IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest, GuestLoginForbidden) { existing_user_controller()->Login( - UserContext(user_manager::USER_TYPE_GUEST, std::string()), + UserContext(user_manager::USER_TYPE_GUEST, EmptyAccountId()), SigninSpecifics()); } @@ -526,7 +523,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, AutoLoginNoDelay) { // Set up mocks to check login success. UserContext user_context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - public_session_account_id_.GetUserEmail()); + public_session_account_id_); user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail()); ExpectSuccessfulLogin(user_context); existing_user_controller()->OnSigninScreenReady(); @@ -540,7 +537,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, AutoLoginShortDelay) { // Set up mocks to check login success. UserContext user_context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - public_session_account_id_.GetUserEmail()); + public_session_account_id_); user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail()); ExpectSuccessfulLogin(user_context); existing_user_controller()->OnSigninScreenReady(); @@ -573,7 +570,6 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, LoginStopsAutoLogin) { // Set up mocks to check login success. UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail()); ExpectSuccessfulLogin(user_context); @@ -607,7 +603,6 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, EXPECT_CALL(*mock_login_display_, SetUIEnabled(false)) .Times(2); UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); test::UserSessionManagerTestApi session_manager_test_api( UserSessionManager::GetInstance()); @@ -618,9 +613,9 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, EXPECT_TRUE(auto_login_timer()); // Login and check that it stopped the timer. - existing_user_controller()->Login(UserContext(user_manager::USER_TYPE_GUEST, - std::string()), - SigninSpecifics()); + existing_user_controller()->Login( + UserContext(user_manager::USER_TYPE_GUEST, EmptyAccountId()), + SigninSpecifics()); EXPECT_TRUE(is_login_in_progress()); ASSERT_TRUE(auto_login_timer()); EXPECT_FALSE(auto_login_timer()->IsRunning()); @@ -637,7 +632,6 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, CompleteLoginStopsAutoLogin) { // Set up mocks to check login success. UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail()); ExpectSuccessfulLogin(user_context); @@ -671,7 +665,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, PublicSessionLoginStopsAutoLogin) { // Set up mocks to check login success. UserContext user_context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - public_session_account_id_.GetUserEmail()); + public_session_account_id_); user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail()); ExpectSuccessfulLogin(user_context); existing_user_controller()->OnSigninScreenReady(); @@ -685,7 +679,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, // Login and check that it stopped the timer. existing_user_controller()->Login( UserContext(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - public_session_account_id_.GetUserEmail()), + public_session_account_id_), SigninSpecifics()); EXPECT_TRUE(is_login_in_progress()); @@ -710,7 +704,6 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest, // Check that the attempt to start a public session fails with an error. ExpectLoginFailure(); UserContext user_context(account_id_); - user_context.SetGaiaID(kGaiaID); user_context.SetKey(Key(kPassword)); user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail()); existing_user_controller()->Login(user_context, SigninSpecifics()); diff --git a/chrome/browser/chromeos/login/login_browsertest.cc b/chrome/browser/chromeos/login/login_browsertest.cc index d1d248e..bd7b287 100644 --- a/chrome/browser/chromeos/login/login_browsertest.cc +++ b/chrome/browser/chromeos/login/login_browsertest.cc @@ -161,8 +161,8 @@ class LoginTest : public LoginManagerTest { StartGaiaAuthOffline(); - UserContext user_context(AccountId::FromUserEmail(kTestUser)); - user_context.SetGaiaID(kGaiaId); + UserContext user_context( + AccountId::FromUserEmailGaiaId(kTestUser, kGaiaId)); user_context.SetKey(Key(kPassword)); SetExpectedCredentials(user_context); } diff --git a/chrome/browser/chromeos/login/login_manager_test.cc b/chrome/browser/chromeos/login/login_manager_test.cc index 7e1a945..c7d15b8 100644 --- a/chrome/browser/chromeos/login/login_manager_test.cc +++ b/chrome/browser/chromeos/login/login_manager_test.cc @@ -50,7 +50,6 @@ const char kTestRefreshToken2[] = "fake-refresh-token-2"; UserContext CreateUserContext(const std::string& user_id) { UserContext user_context(AccountId::FromUserEmailGaiaId( user_id, LoginManagerTest::GetGaiaIDForUserID(user_id))); - user_context.SetGaiaID(LoginManagerTest::GetGaiaIDForUserID(user_id)); user_context.SetKey(Key("password")); if (user_id == LoginManagerTest::kEnterpriseUser1) { user_context.SetRefreshToken(kTestRefreshToken1); diff --git a/chrome/browser/chromeos/login/saml/saml_browsertest.cc b/chrome/browser/chromeos/login/saml/saml_browsertest.cc index c98c806..9e8b69a 100644 --- a/chrome/browser/chromeos/login/saml/saml_browsertest.cc +++ b/chrome/browser/chromeos/login/saml/saml_browsertest.cc @@ -280,7 +280,7 @@ class SecretInterceptingFakeCryptohomeClient : public FakeCryptohomeClient { public: SecretInterceptingFakeCryptohomeClient(); - void MountEx(const cryptohome::AccountIdentifier& id, + void MountEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) override; @@ -298,7 +298,7 @@ SecretInterceptingFakeCryptohomeClient:: } void SecretInterceptingFakeCryptohomeClient::MountEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) { diff --git a/chrome/browser/chromeos/login/session/chrome_session_manager.cc b/chrome/browser/chromeos/login/session/chrome_session_manager.cc index 1802d82..1039a40 100644 --- a/chrome/browser/chromeos/login/session/chrome_session_manager.cc +++ b/chrome/browser/chromeos/login/session/chrome_session_manager.cc @@ -16,6 +16,7 @@ #include "chrome/browser/chromeos/login/session/stub_login_session_manager_delegate.h" #include "chrome/browser/profiles/profile.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/login/user_names.h" #include "components/signin/core/account_id/account_id.h" @@ -45,8 +46,10 @@ ChromeSessionManager::CreateSessionManager( bool force_login_screen_in_test = parsed_command_line.HasSwitch(switches::kForceLoginManagerInTests); - const AccountId login_account_id(AccountId::FromUserEmail( - parsed_command_line.GetSwitchValueASCII(switches::kLoginUser))); + const std::string cryptohome_id = + parsed_command_line.GetSwitchValueASCII(switches::kLoginUser); + const AccountId login_account_id( + cryptohome::Identification::FromString(cryptohome_id).GetAccountId()); KioskAppManager::RemoveObsoleteCryptohomes(); diff --git a/chrome/browser/chromeos/login/session/user_session_manager.cc b/chrome/browser/chromeos/login/session/user_session_manager.cc index 572d0a5..75857a2 100644 --- a/chrome/browser/chromeos/login/session/user_session_manager.cc +++ b/chrome/browser/chromeos/login/session/user_session_manager.cc @@ -81,6 +81,7 @@ #include "chrome/common/pref_names.h" #include "chromeos/cert_loader.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/cryptohome/cryptohome_util.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" @@ -434,7 +435,7 @@ void UserSessionManager::CompleteGuestSessionLogin(const GURL& start_url) { if (!about_flags::AreSwitchesIdenticalToCurrentCommandLine( user_flags, *base::CommandLine::ForCurrentProcess(), NULL)) { DBusThreadManager::Get()->GetSessionManagerClient()->SetFlagsForUser( - login::GuestAccountId().GetUserEmail(), + cryptohome::Identification(login::GuestAccountId()), base::CommandLine::StringVector()); } @@ -718,7 +719,9 @@ bool UserSessionManager::RestartToApplyPerSessionFlagsIfNeed( flags.assign(user_flags.argv().begin() + 1, user_flags.argv().end()); LOG(WARNING) << "Restarting to apply per-session flags..."; DBusThreadManager::Get()->GetSessionManagerClient()->SetFlagsForUser( - user_manager::UserManager::Get()->GetActiveUser()->email(), flags); + cryptohome::Identification( + user_manager::UserManager::Get()->GetActiveUser()->GetAccountId()), + flags); AttemptRestart(profile); return true; } @@ -894,7 +897,7 @@ void UserSessionManager::StartCrosSession() { BootTimesRecorder* btl = BootTimesRecorder::Get(); btl->AddLoginTimeMarker("StartSession-Start", false); DBusThreadManager::Get()->GetSessionManagerClient()->StartSession( - user_context_.GetAccountId().GetUserEmail()); + cryptohome::Identification(user_context_.GetAccountId())); btl->AddLoginTimeMarker("StartSession-End", false); } @@ -908,8 +911,8 @@ void UserSessionManager::NotifyUserLoggedIn() { } void UserSessionManager::PrepareProfile() { - const bool is_demo_session = DemoAppLauncher::IsDemoAppSession( - user_context_.GetAccountId().GetUserEmail()); + const bool is_demo_session = + DemoAppLauncher::IsDemoAppSession(user_context_.GetAccountId()); // TODO(nkostylev): Figure out whether demo session is using the right profile // path or not. See https://codereview.chromium.org/171423009 @@ -1426,13 +1429,14 @@ void UserSessionManager::OnRestoreActiveSessions( user_manager::UserManager* user_manager = user_manager::UserManager::Get(); DCHECK_EQ(1u, user_manager->GetLoggedInUsers().size()); DCHECK(user_manager->GetActiveUser()); - std::string active_user_id = user_manager->GetActiveUser()->email(); + const cryptohome::Identification active_cryptohome_id = + cryptohome::Identification(user_manager->GetActiveUser()->GetAccountId()); SessionManagerClient::ActiveSessionsMap::const_iterator it; for (it = sessions.begin(); it != sessions.end(); ++it) { - if (active_user_id == it->first) + if (active_cryptohome_id == it->first) continue; - pending_user_sessions_[it->first] = it->second; + pending_user_sessions_[(it->first).GetAccountId()] = it->second; } RestorePendingUserSessions(); } @@ -1445,13 +1449,12 @@ void UserSessionManager::RestorePendingUserSessions() { } // Get next user to restore sessions and delete it from list. - SessionManagerClient::ActiveSessionsMap::const_iterator it = - pending_user_sessions_.begin(); - std::string user_id = it->first; + PendingUserSessions::const_iterator it = pending_user_sessions_.begin(); + const AccountId account_id = it->first; std::string user_id_hash = it->second; - DCHECK(!user_id.empty()); + DCHECK(account_id.is_valid()); DCHECK(!user_id_hash.empty()); - pending_user_sessions_.erase(user_id); + pending_user_sessions_.erase(account_id); // Check that this user is not logged in yet. user_manager::UserList logged_in_users = @@ -1461,7 +1464,7 @@ void UserSessionManager::RestorePendingUserSessions() { it != logged_in_users.end(); ++it) { const user_manager::User* user = (*it); - if (user->email() == user_id) { + if (user->GetAccountId() == account_id) { user_already_logged_in = true; break; } @@ -1469,7 +1472,7 @@ void UserSessionManager::RestorePendingUserSessions() { DCHECK(!user_already_logged_in); if (!user_already_logged_in) { - UserContext user_context(AccountId::FromUserEmail(user_id)); + UserContext user_context(account_id); user_context.SetUserIDHash(user_id_hash); user_context.SetIsUsingOAuth(false); diff --git a/chrome/browser/chromeos/login/session/user_session_manager.h b/chrome/browser/chromeos/login/session/user_session_manager.h index e875f2c..31b7367 100644 --- a/chrome/browser/chromeos/login/session/user_session_manager.h +++ b/chrome/browser/chromeos/login/session/user_session_manager.h @@ -433,7 +433,9 @@ class UserSessionManager // User sessions that have to be restored after browser crash. // [user_id] > [user_id_hash] - SessionManagerClient::ActiveSessionsMap pending_user_sessions_; + using PendingUserSessions = std::map<AccountId, std::string>; + + PendingUserSessions pending_user_sessions_; base::ObserverList<chromeos::UserSessionStateObserver> session_state_observer_list_; diff --git a/chrome/browser/chromeos/login/signin/oauth2_browsertest.cc b/chrome/browser/chromeos/login/signin/oauth2_browsertest.cc index f816a7b..e4071ef 100644 --- a/chrome/browser/chromeos/login/signin/oauth2_browsertest.cc +++ b/chrome/browser/chromeos/login/signin/oauth2_browsertest.cc @@ -264,7 +264,6 @@ class OAuth2Test : public OobeBaseTest { } UserContext user_context(account_id); - user_context.SetGaiaID(account_id.GetGaiaId()); user_context.SetKey(Key(password)); controller->Login(user_context, SigninSpecifics()); content::WindowedNotificationObserver( diff --git a/chrome/browser/chromeos/login/supervised/supervised_user_authenticator.cc b/chrome/browser/chromeos/login/supervised/supervised_user_authenticator.cc index a0f9eab..7cbad7c 100644 --- a/chrome/browser/chromeos/login/supervised/supervised_user_authenticator.cc +++ b/chrome/browser/chromeos/login/supervised/supervised_user_authenticator.cc @@ -14,6 +14,8 @@ #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/login/auth/key.h" +#include "components/signin/core/account_id/account_id.h" +#include "components/user_manager/known_user.h" #include "content/public/browser/browser_thread.h" #include "crypto/sha2.h" #include "google_apis/gaia/gaia_auth_util.h" @@ -67,18 +69,16 @@ void Mount(SupervisedUserAuthenticator::AuthAttempt* attempt, Key key(attempt->password); key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); + const AccountId account_id = user_manager::known_user::GetAccountId( + attempt->username, std::string() /* gaia_id */); + const cryptohome::Identification cryptohome_id(account_id); cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( - attempt->username, - key.GetSecret(), - flags, - base::Bind(&TriggerResolveWithLoginTimeMarker, - "CryptohomeMount-LMU-End", - attempt, - resolver)); + cryptohome_id, key.GetSecret(), flags, + base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-LMU-End", + attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->username, - base::Bind(&TriggerResolveResult, attempt, resolver)); + cryptohome_id, base::Bind(&TriggerResolveResult, attempt, resolver)); } // Calls cryptohome's addKey method. @@ -94,14 +94,13 @@ void AddKey(SupervisedUserAuthenticator::AuthAttempt* attempt, user_key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); Key master_key(plain_text_master_key); master_key.Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt); + const AccountId account_id = user_manager::known_user::GetAccountId( + attempt->username, std::string() /* gaia_id */); cryptohome::AsyncMethodCaller::GetInstance()->AsyncAddKey( - attempt->username, - user_key.GetSecret(), + cryptohome::Identification(account_id), user_key.GetSecret(), master_key.GetSecret(), - base::Bind(&TriggerResolveWithLoginTimeMarker, - "CryptohomeAddKey-LMU-End", - attempt, - resolver)); + base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeAddKey-LMU-End", + attempt, resolver)); } } // namespace diff --git a/chrome/browser/chromeos/login/supervised/supervised_user_creation_controller_new.cc b/chrome/browser/chromeos/login/supervised/supervised_user_creation_controller_new.cc index 8699e30..19a1548 100644 --- a/chrome/browser/chromeos/login/supervised/supervised_user_creation_controller_new.cc +++ b/chrome/browser/chromeos/login/supervised/supervised_user_creation_controller_new.cc @@ -229,8 +229,7 @@ void SupervisedUserCreationControllerNew::OnKeyTransformedIfNeeded( keys.push_back(master_key); authenticator_->CreateMount( - creation_context_->local_user_id, - keys, + AccountId::FromUserEmail(creation_context_->local_user_id), keys, base::Bind(&SupervisedUserCreationControllerNew::OnMountSuccess, weak_factory_.GetWeakPtr())); } diff --git a/chrome/browser/chromeos/login/supervised/supervised_user_test_base.cc b/chrome/browser/chromeos/login/supervised/supervised_user_test_base.cc index e329a96..be5e27c 100644 --- a/chrome/browser/chromeos/login/supervised/supervised_user_test_base.cc +++ b/chrome/browser/chromeos/login/supervised/supervised_user_test_base.cc @@ -296,7 +296,6 @@ void SupervisedUserTestBase::StartFlowLoginAsManager() { JSExpect("!$('supervised-user-creation-next-button').disabled"); UserContext user_context(AccountId::FromUserEmailGaiaId( kTestManager, GetGaiaIDForUserID(kTestManager))); - user_context.SetGaiaID(GetGaiaIDForUserID(kTestManager)); user_context.SetKey(Key(kTestManagerPassword)); SetExpectedCredentials(user_context); content::WindowedNotificationObserver login_observer( diff --git a/chrome/browser/chromeos/login/users/avatar/user_image_manager_browsertest.cc b/chrome/browser/chromeos/login/users/avatar/user_image_manager_browsertest.cc index 44a3bd79..c1991c6 100644 --- a/chrome/browser/chromeos/login/users/avatar/user_image_manager_browsertest.cc +++ b/chrome/browser/chromeos/login/users/avatar/user_image_manager_browsertest.cc @@ -107,9 +107,7 @@ policy::CloudPolicyStore* GetStoreForUser(const user_manager::User* user) { class UserImageManagerTest : public LoginManagerTest, public user_manager::UserManager::Observer { protected: - UserImageManagerTest() - : LoginManagerTest(true), - enterprise_account_id_(AccountId::FromUserEmail(kEnterpriseUser1)) {} + UserImageManagerTest() : LoginManagerTest(true) {} // LoginManagerTest overrides: void SetUpInProcessBrowserTestFixture() override { @@ -327,7 +325,10 @@ class UserImageManagerTest : public LoginManagerTest, const AccountId test_account_id1_ = AccountId::FromUserEmail(kTestUser1); const AccountId test_account_id2_ = AccountId::FromUserEmail(kTestUser2); - const AccountId enterprise_account_id_; + const AccountId enterprise_account_id_ = + AccountId::FromUserEmail(kEnterpriseUser1); + const cryptohome::Identification cryptohome_id_ = + cryptohome::Identification(enterprise_account_id_); private: DISALLOW_COPY_AND_ASSIGN(UserImageManagerTest); @@ -666,8 +667,7 @@ class UserImageManagerPolicyTest : public UserImageManagerTest, ASSERT_TRUE(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &user_keys_dir)); const std::string sanitized_username = - chromeos::CryptohomeClient::GetStubSanitizedUsername( - enterprise_account_id_.GetUserEmail()); + chromeos::CryptohomeClient::GetStubSanitizedUsername(cryptohome_id_); const base::FilePath user_key_file = user_keys_dir.AppendASCII(sanitized_username) .AppendASCII("policy.pub"); @@ -748,8 +748,8 @@ IN_PROC_BROWSER_TEST_F(UserImageManagerPolicyTest, DISABLED_SetAndClear) { user_policy_.payload().mutable_useravatarimage()->set_value( ConstructPolicy(test::kUserAvatarImage2RelativePath)); user_policy_.Build(); - fake_session_manager_client_->set_user_policy( - enterprise_account_id_.GetUserEmail(), user_policy_.GetBlob()); + fake_session_manager_client_->set_user_policy(cryptohome_id_, + user_policy_.GetBlob()); run_loop_.reset(new base::RunLoop); store->Load(); run_loop_->Run(); @@ -773,8 +773,8 @@ IN_PROC_BROWSER_TEST_F(UserImageManagerPolicyTest, DISABLED_SetAndClear) { // image. user_policy_.payload().Clear(); user_policy_.Build(); - fake_session_manager_client_->set_user_policy( - enterprise_account_id_.GetUserEmail(), user_policy_.GetBlob()); + fake_session_manager_client_->set_user_policy(cryptohome_id_, + user_policy_.GetBlob()); run_loop_.reset(new base::RunLoop); store->AddObserver(this); store->Load(); @@ -855,8 +855,8 @@ IN_PROC_BROWSER_TEST_F(UserImageManagerPolicyTest, PolicyOverridesUser) { user_policy_.payload().mutable_useravatarimage()->set_value( ConstructPolicy(test::kUserAvatarImage2RelativePath)); user_policy_.Build(); - fake_session_manager_client_->set_user_policy( - enterprise_account_id_.GetUserEmail(), user_policy_.GetBlob()); + fake_session_manager_client_->set_user_policy(cryptohome_id_, + user_policy_.GetBlob()); run_loop_.reset(new base::RunLoop); store->Load(); run_loop_->Run(); @@ -902,8 +902,8 @@ IN_PROC_BROWSER_TEST_F(UserImageManagerPolicyTest, UserDoesNotOverridePolicy) { user_policy_.payload().mutable_useravatarimage()->set_value( ConstructPolicy(test::kUserAvatarImage2RelativePath)); user_policy_.Build(); - fake_session_manager_client_->set_user_policy( - enterprise_account_id_.GetUserEmail(), user_policy_.GetBlob()); + fake_session_manager_client_->set_user_policy(cryptohome_id_, + user_policy_.GetBlob()); run_loop_.reset(new base::RunLoop); store->Load(); run_loop_->Run(); diff --git a/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc b/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc index 4bac334..0ca91fd 100644 --- a/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc +++ b/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc @@ -606,7 +606,7 @@ void ChromeUserManagerImpl::PerformPostUserLoggedInActions( } bool ChromeUserManagerImpl::IsDemoApp(const AccountId& account_id) const { - return DemoAppLauncher::IsDemoAppSession(account_id.GetUserEmail()); + return DemoAppLauncher::IsDemoAppSession(account_id); } bool ChromeUserManagerImpl::IsKioskApp(const AccountId& account_id) const { @@ -1251,7 +1251,8 @@ bool ChromeUserManagerImpl::IsFirstExecAfterBoot() const { void ChromeUserManagerImpl::AsyncRemoveCryptohome( const AccountId& account_id) const { cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( - account_id.GetUserEmail(), base::Bind(&OnRemoveUserComplete, account_id)); + cryptohome::Identification(account_id), + base::Bind(&OnRemoveUserComplete, account_id)); } bool ChromeUserManagerImpl::IsGuestAccountId( diff --git a/chrome/browser/chromeos/login/users/fake_chrome_user_manager.cc b/chrome/browser/chromeos/login/users/fake_chrome_user_manager.cc index 8d4f8d7..7e79232 100644 --- a/chrome/browser/chromeos/login/users/fake_chrome_user_manager.cc +++ b/chrome/browser/chromeos/login/users/fake_chrome_user_manager.cc @@ -28,9 +28,12 @@ class FakeSupervisedUserManager; FakeChromeUserManager::FakeChromeUserManager() : supervised_user_manager_(new FakeSupervisedUserManager), bootstrap_manager_(NULL), - multi_profile_user_controller_(NULL) {} + multi_profile_user_controller_(NULL) { + ProfileHelper::SetProfileToUserForTestingEnabled(true); +} FakeChromeUserManager::~FakeChromeUserManager() { + ProfileHelper::SetProfileToUserForTestingEnabled(false); } const user_manager::User* FakeChromeUserManager::AddUser( @@ -50,6 +53,7 @@ const user_manager::User* FakeChromeUserManager::AddUserWithAffiliation( IDR_PROFILE_PICTURE_LOADING)), user_manager::User::USER_IMAGE_PROFILE, false); users_.push_back(user); + chromeos::ProfileHelper::Get()->SetProfileToUserMappingForTesting(user); return user; } diff --git a/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.cc b/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.cc index 15f321d..edfcc68 100644 --- a/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.cc +++ b/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.cc @@ -40,6 +40,7 @@ #include "chrome/common/pref_names.h" #include "chromeos/chromeos_switches.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/login/user_names.h" #include "components/prefs/pref_registry_simple.h" @@ -805,7 +806,7 @@ void WallpaperManager::SetPolicyControlledWallpaper( if (user->username_hash().empty()) { cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - account_id.GetUserEmail(), + cryptohome::Identification(account_id), base::Bind(&WallpaperManager::SetCustomWallpaperOnSanitizedUsername, weak_factory_.GetWeakPtr(), account_id, user_image.image(), true /* update wallpaper */)); diff --git a/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager_policy_browsertest.cc b/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager_policy_browsertest.cc index 9e6c82e..16ec162 100644 --- a/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager_policy_browsertest.cc +++ b/chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager_policy_browsertest.cc @@ -150,7 +150,8 @@ class WallpaperManagerPolicyTest base::FilePath user_keys_dir; EXPECT_TRUE(PathService::Get(DIR_USER_POLICY_KEYS, &user_keys_dir)); const std::string sanitized_user_id = - CryptohomeClient::GetStubSanitizedUsername(account_id.GetUserEmail()); + CryptohomeClient::GetStubSanitizedUsername( + cryptohome::Identification(account_id)); const base::FilePath user_key_file = user_keys_dir.AppendASCII(sanitized_user_id) .AppendASCII("policy.pub"); @@ -252,8 +253,8 @@ class WallpaperManagerPolicyTest builder->payload().Clear(); } builder->Build(); - fake_session_manager_client_->set_user_policy(account_id.GetUserEmail(), - builder->GetBlob()); + fake_session_manager_client_->set_user_policy( + cryptohome::Identification(account_id), builder->GetBlob()); const user_manager::User* user = user_manager::UserManager::Get()->FindUser(account_id); ASSERT_TRUE(user); diff --git a/chrome/browser/chromeos/policy/affiliation_test_helper.cc b/chrome/browser/chromeos/policy/affiliation_test_helper.cc index acdba14..8cdfc1f 100644 --- a/chrome/browser/chromeos/policy/affiliation_test_helper.cc +++ b/chrome/browser/chromeos/policy/affiliation_test_helper.cc @@ -44,11 +44,13 @@ const char kFakeRefreshToken[] = "fake-refresh-token"; const char kEnterpriseUser[] = "testuser@example.com"; void SetUserKeys(policy::UserPolicyBuilder* user_policy) { - std::string username = user_policy->policy_data().username(); + const AccountId account_id = + AccountId::FromUserEmail(user_policy->policy_data().username()); base::FilePath user_keys_dir; ASSERT_TRUE(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &user_keys_dir)); const std::string sanitized_username = - chromeos::CryptohomeClient::GetStubSanitizedUsername(username); + chromeos::CryptohomeClient::GetStubSanitizedUsername( + cryptohome::Identification(account_id)); const base::FilePath user_key_file = user_keys_dir.AppendASCII(sanitized_username).AppendASCII("policy.pub"); std::vector<uint8_t> user_key_bits; @@ -84,14 +86,15 @@ void SetUserAffiliationIDs( chromeos::FakeSessionManagerClient* fake_session_manager_client, const std::string& user_email, const std::set<std::string>& user_affiliation_ids) { + const AccountId account_id = AccountId::FromUserEmail(user_email); user_policy->policy_data().set_username(user_email); SetUserKeys(user_policy); for (const auto& user_affiliation_id : user_affiliation_ids) { user_policy->policy_data().add_user_affiliation_ids(user_affiliation_id); } user_policy->Build(); - fake_session_manager_client->set_user_policy(user_email, - user_policy->GetBlob()); + fake_session_manager_client->set_user_policy( + cryptohome::Identification(account_id), user_policy->GetBlob()); } void PreLoginUser(const std::string& user_id) { @@ -105,8 +108,8 @@ void LoginUser(const std::string& user_id) { chromeos::UserSessionManager::GetInstance()); session_manager_test_api.SetShouldObtainTokenHandleInTests(false); - chromeos::UserContext user_context(AccountId::FromUserEmail(user_id)); - user_context.SetGaiaID("gaia-id-" + user_id); + chromeos::UserContext user_context( + AccountId::FromUserEmailGaiaId(user_id, "gaia-id-" + user_id)); user_context.SetKey(chromeos::Key("password")); if (user_id == kEnterpriseUser) { user_context.SetRefreshToken(kFakeRefreshToken); diff --git a/chrome/browser/chromeos/policy/consumer_enrollment_handler_factory_unittest.cc b/chrome/browser/chromeos/policy/consumer_enrollment_handler_factory_unittest.cc index c0f2c93..5532529 100644 --- a/chrome/browser/chromeos/policy/consumer_enrollment_handler_factory_unittest.cc +++ b/chrome/browser/chromeos/policy/consumer_enrollment_handler_factory_unittest.cc @@ -44,15 +44,20 @@ class ConsumerEnrollmentHandlerFactoryTest : public testing::Test { make_scoped_ptr(fake_service_)); // Set up FakeChromeUserManager. - fake_user_manager_->AddUser(AccountId::FromUserEmail(kTestOwner)); - fake_user_manager_->AddUser(AccountId::FromUserEmail(kTestUser)); - fake_user_manager_->set_owner_id(AccountId::FromUserEmail(kTestOwner)); + fake_user_manager_->AddUser(owner_account_id); + fake_user_manager_->AddUser(test_account_id); + fake_user_manager_->set_owner_id(owner_account_id); } void SetUp() override { + testing::Test::SetUp(); + ASSERT_TRUE(testing_profile_manager_->SetUp()); } + const AccountId owner_account_id = AccountId::FromUserEmail(kTestOwner); + const AccountId test_account_id = AccountId::FromUserEmail(kTestUser); + content::TestBrowserThreadBundle thread_bundle_; FakeConsumerManagementService* fake_service_; chromeos::FakeChromeUserManager* fake_user_manager_; @@ -61,7 +66,8 @@ class ConsumerEnrollmentHandlerFactoryTest : public testing::Test { }; TEST_F(ConsumerEnrollmentHandlerFactoryTest, ServiceIsCreated) { - Profile* profile = testing_profile_manager_->CreateTestingProfile(kTestOwner); + Profile* profile = testing_profile_manager_->CreateTestingProfile( + owner_account_id.GetUserEmail()); EXPECT_TRUE(ConsumerEnrollmentHandlerFactory::GetForBrowserContext(profile)); } diff --git a/chrome/browser/chromeos/policy/device_local_account_browsertest.cc b/chrome/browser/chromeos/policy/device_local_account_browsertest.cc index fd7dcbe..1f54448 100644 --- a/chrome/browser/chromeos/policy/device_local_account_browsertest.cc +++ b/chrome/browser/chromeos/policy/device_local_account_browsertest.cc @@ -731,7 +731,7 @@ class DeviceLocalAccountTest : public DevicePolicyCrosBrowserTest, ASSERT_TRUE(controller); chromeos::UserContext user_context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - account_id_1_.GetUserEmail()); + account_id_1_); user_context.SetPublicSessionLocale(locale); user_context.SetPublicSessionInputMethod(input_method); controller->Login(user_context, chromeos::SigninSpecifics()); diff --git a/chrome/browser/chromeos/policy/power_policy_browsertest.cc b/chrome/browser/chromeos/policy/power_policy_browsertest.cc index 4f95ae9..6d09024 100644 --- a/chrome/browser/chromeos/policy/power_policy_browsertest.cc +++ b/chrome/browser/chromeos/policy/power_policy_browsertest.cc @@ -206,7 +206,7 @@ void PowerPolicyBrowserTestBase::InstallUserKey() { ASSERT_TRUE(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &user_keys_dir)); std::string sanitized_username = chromeos::CryptohomeClient::GetStubSanitizedUsername( - chromeos::login::StubAccountId().GetUserEmail()); + cryptohome::Identification(chromeos::login::StubAccountId())); base::FilePath user_key_file = user_keys_dir.AppendASCII(sanitized_username) .AppendASCII("policy.pub"); @@ -224,7 +224,8 @@ void PowerPolicyBrowserTestBase::StoreAndReloadUserPolicy() { // Install the new user policy blob in session manager client. user_policy_.Build(); session_manager_client()->set_user_policy( - user_policy_.policy_data().username(), + cryptohome::Identification( + AccountId::FromUserEmail(user_policy_.policy_data().username())), user_policy_.GetBlob()); // Reload user policy from session manager client and wait for the update to diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc index 7695acf..a9c8546 100644 --- a/chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc +++ b/chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc @@ -138,10 +138,9 @@ scoped_ptr<UserCloudPolicyManagerChromeOS> // - For device-local accounts, policy is provided by // |DeviceLocalAccountPolicyService|. // All other user types do not have user policy. - const std::string& username = user->email(); - if (!user->HasGaiaAccount() || - user->IsSupervised() || - BrowserPolicyConnector::IsNonEnterpriseUser(username)) { + const AccountId account_id = user->GetAccountId(); + if (!user->HasGaiaAccount() || user->IsSupervised() || + BrowserPolicyConnector::IsNonEnterpriseUser(account_id.GetUserEmail())) { return scoped_ptr<UserCloudPolicyManagerChromeOS>(); } @@ -195,8 +194,8 @@ scoped_ptr<UserCloudPolicyManagerChromeOS> new UserCloudPolicyStoreChromeOS( chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), - background_task_runner, - username, policy_key_dir, token_cache_file, policy_cache_file)); + background_task_runner, account_id, policy_key_dir, token_cache_file, + policy_cache_file)); scoped_refptr<base::SequencedTaskRunner> backend_task_runner = content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner( @@ -226,9 +225,11 @@ scoped_ptr<UserCloudPolicyManagerChromeOS> bool wildcard_match = false; if (connector->IsEnterpriseManaged() && - chromeos::CrosSettings::IsWhitelisted(username, &wildcard_match) && - wildcard_match && !connector->IsNonEnterpriseUser(username)) { - manager->EnableWildcardLoginCheck(username); + chromeos::CrosSettings::IsWhitelisted(account_id.GetUserEmail(), + &wildcard_match) && + wildcard_match && + !connector->IsNonEnterpriseUser(account_id.GetUserEmail())) { + manager->EnableWildcardLoginCheck(account_id.GetUserEmail()); } manager->Init( diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc index 369a494..4e47014 100644 --- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc +++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc @@ -20,6 +20,7 @@ #include "base/strings/stringprintf.h" #include "chrome/browser/chromeos/policy/user_policy_disk_cache.h" #include "chrome/browser/chromeos/policy/user_policy_token_loader.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/session_manager_client.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" @@ -178,14 +179,14 @@ UserCloudPolicyStoreChromeOS::UserCloudPolicyStoreChromeOS( chromeos::CryptohomeClient* cryptohome_client, chromeos::SessionManagerClient* session_manager_client, scoped_refptr<base::SequencedTaskRunner> background_task_runner, - const std::string& username, + const AccountId& account_id, const base::FilePath& user_policy_key_dir, const base::FilePath& legacy_token_cache_file, const base::FilePath& legacy_policy_cache_file) : UserCloudPolicyStoreBase(background_task_runner), cryptohome_client_(cryptohome_client), session_manager_client_(session_manager_client), - username_(username), + account_id_(account_id), user_policy_key_dir_(user_policy_key_dir), legacy_cache_dir_(legacy_token_cache_file.DirName()), legacy_loader_(new LegacyPolicyCacheLoader(legacy_token_cache_file, @@ -213,7 +214,7 @@ void UserCloudPolicyStoreChromeOS::Load() { // Cancel all pending requests. weak_factory_.InvalidateWeakPtrs(); session_manager_client_->RetrievePolicyForUser( - username_, + cryptohome::Identification(account_id_), base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyRetrieved, weak_factory_.GetWeakPtr())); } @@ -228,7 +229,8 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() { // Profile initialization never sees unmanaged prefs, which would lead to // data loss. http://crbug.com/263061 std::string policy_blob = - session_manager_client_->BlockingRetrievePolicyForUser(username_); + session_manager_client_->BlockingRetrievePolicyForUser( + cryptohome::Identification(account_id_)); if (policy_blob.empty()) { // The session manager doesn't have policy, or the call failed. // Just notify that the load is done, and don't bother with the legacy @@ -245,7 +247,8 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() { } std::string sanitized_username = - cryptohome_client_->BlockingGetSanitizedUsername(username_); + cryptohome_client_->BlockingGetSanitizedUsername( + cryptohome::Identification(account_id_)); if (sanitized_username.empty()) { status_ = STATUS_LOAD_ERROR; NotifyStoreError(); @@ -268,15 +271,14 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore( // Create and configure a validator. scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); - validator->ValidateUsername(username_, true); + validator->ValidateUsername(account_id_.GetUserEmail(), true); if (policy_key_.empty()) { validator->ValidateInitialKey(GetPolicyVerificationKey(), - ExtractDomain(username_)); + ExtractDomain(account_id_.GetUserEmail())); } else { const bool allow_rotation = true; - validator->ValidateSignature(policy_key_, - GetPolicyVerificationKey(), - ExtractDomain(username_), + validator->ValidateSignature(policy_key_, GetPolicyVerificationKey(), + ExtractDomain(account_id_.GetUserEmail()), allow_rotation); } @@ -310,8 +312,7 @@ void UserCloudPolicyStoreChromeOS::OnPolicyToStoreValidated( } session_manager_client_->StorePolicyForUser( - username_, - policy_blob, + cryptohome::Identification(account_id_), policy_blob, base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyStored, weak_factory_.GetWeakPtr())); } @@ -418,7 +419,7 @@ void UserCloudPolicyStoreChromeOS::OnLegacyLoadFinished( // the signature on this policy is not verified. scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_REQUIRED); - validator->ValidateUsername(username_, true); + validator->ValidateUsername(account_id_.GetUserEmail(), true); validator.release()->StartValidation( base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated, weak_factory_.GetWeakPtr(), @@ -532,10 +533,10 @@ void UserCloudPolicyStoreChromeOS::EnsurePolicyKeyLoaded( } else { // Get the hashed username that's part of the key's path, to determine // |policy_key_path_|. - cryptohome_client_->GetSanitizedUsername(username_, + cryptohome_client_->GetSanitizedUsername( + cryptohome::Identification(account_id_), base::Bind(&UserCloudPolicyStoreChromeOS::OnGetSanitizedUsername, - weak_factory_.GetWeakPtr(), - callback)); + weak_factory_.GetWeakPtr(), callback)); } } @@ -559,15 +560,16 @@ UserCloudPolicyStoreChromeOS::CreateValidatorForLoad( scoped_ptr<em::PolicyFetchResponse> policy) { scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator( std::move(policy), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE); - validator->ValidateUsername(username_, true); + validator->ValidateUsername(account_id_.GetUserEmail(), true); const bool allow_rotation = false; const std::string empty_key = std::string(); // The policy loaded from session manager need not be validated using the // verification key since it is secure, and since there may be legacy policy // data that was stored without a verification key. Hence passing an empty // value for the verification key. - validator->ValidateSignature( - policy_key_, empty_key, ExtractDomain(username_), allow_rotation); + validator->ValidateSignature(policy_key_, empty_key, + ExtractDomain(account_id_.GetUserEmail()), + allow_rotation); return validator; } } // namespace policy diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h index edf34d8..3f5fef7 100644 --- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h +++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h @@ -17,6 +17,7 @@ #include "chromeos/dbus/dbus_method_call_status.h" #include "components/policy/core/common/cloud/cloud_policy_validator.h" #include "components/policy/core/common/cloud/user_cloud_policy_store_base.h" +#include "components/signin/core/account_id/account_id.h" namespace base { class SequencedTaskRunner; @@ -44,7 +45,7 @@ class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase { chromeos::CryptohomeClient* cryptohome_client, chromeos::SessionManagerClient* session_manager_client, scoped_refptr<base::SequencedTaskRunner> background_task_runner, - const std::string& username, + const AccountId& account_id, const base::FilePath& user_policy_key_dir, const base::FilePath& legacy_token_cache_file, const base::FilePath& legacy_policy_cache_file); @@ -124,7 +125,7 @@ class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase { chromeos::CryptohomeClient* cryptohome_client_; chromeos::SessionManagerClient* session_manager_client_; - const std::string username_; + const AccountId account_id_; base::FilePath user_policy_key_dir_; // TODO(mnissler): Remove all the legacy policy support members below after diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc index 0d32195..482ca60 100644 --- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc +++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc @@ -58,18 +58,15 @@ class UserCloudPolicyStoreChromeOSTest : public testing::Test { UserCloudPolicyStoreChromeOSTest() {} void SetUp() override { - EXPECT_CALL(cryptohome_client_, - GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) + EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) .Times(AnyNumber()) - .WillRepeatedly( - SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS, - kSanitizedUsername)); + .WillRepeatedly(SendSanitizedUsername( + chromeos::DBUS_METHOD_CALL_SUCCESS, kSanitizedUsername)); ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); store_.reset(new UserCloudPolicyStoreChromeOS( &cryptohome_client_, &session_manager_client_, loop_.task_runner(), - PolicyBuilder::kFakeUsername, user_policy_dir(), token_file(), - policy_file())); + account_id_, user_policy_dir(), token_file(), policy_file())); store_->AddObserver(&observer_); // Install the initial public key, so that by default the validation of @@ -102,7 +99,7 @@ class UserCloudPolicyStoreChromeOSTest : public testing::Test { // Issue a load command. chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; EXPECT_CALL(session_manager_client_, - RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _)) + RetrievePolicyForUser(cryptohome_id_, _)) .WillOnce(SaveArg<1>(&retrieve_callback)); store_->Load(); RunUntilIdle(); @@ -144,8 +141,7 @@ class UserCloudPolicyStoreChromeOSTest : public testing::Test { const char* new_value) { chromeos::SessionManagerClient::StorePolicyCallback store_callback; EXPECT_CALL(session_manager_client_, - StorePolicyForUser(PolicyBuilder::kFakeUsername, - policy_.GetBlob(), _)) + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) .WillOnce(SaveArg<2>(&store_callback)); store_->Store(policy_.policy()); RunUntilIdle(); @@ -173,7 +169,7 @@ class UserCloudPolicyStoreChromeOSTest : public testing::Test { // Let the store operation complete. chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; EXPECT_CALL(session_manager_client_, - RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _)) + RetrievePolicyForUser(cryptohome_id_, _)) .WillOnce(SaveArg<1>(&retrieve_callback)); store_callback.Run(true); RunUntilIdle(); @@ -227,6 +223,10 @@ class UserCloudPolicyStoreChromeOSTest : public testing::Test { UserPolicyBuilder policy_; MockCloudPolicyStoreObserver observer_; scoped_ptr<UserCloudPolicyStoreChromeOS> store_; + const AccountId account_id_ = + AccountId::FromUserEmail(PolicyBuilder::kFakeUsername); + const cryptohome::Identification cryptohome_id_ = + cryptohome::Identification(account_id_); private: base::ScopedTempDir tmp_dir_; @@ -255,8 +255,8 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreValidationFail) { *policy_.policy().mutable_new_public_key_verification_signature() = "garbage"; EXPECT_CALL(session_manager_client_, - StorePolicyForUser( - PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) + .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); Mock::VerifyAndClearExpectations(&session_manager_client_); @@ -271,8 +271,8 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStoreMissingSignatureFailure) { policy_.policy().clear_new_public_key_verification_signature(); EXPECT_CALL(session_manager_client_, - StorePolicyForUser( - PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) + .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); Mock::VerifyAndClearExpectations(&session_manager_client_); @@ -301,8 +301,8 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, policy_.policy().clear_new_public_key_verification_signature(); EXPECT_CALL(session_manager_client_, - StorePolicyForUser( - PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) + .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); Mock::VerifyAndClearExpectations(&session_manager_client_); @@ -315,8 +315,8 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotationValidationError) { *policy_.policy().mutable_new_public_key_verification_signature() = "garbage"; EXPECT_CALL(session_manager_client_, - StorePolicyForUser( - PolicyBuilder::kFakeUsername, policy_.GetBlob(), _)).Times(0); + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) + .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); Mock::VerifyAndClearExpectations(&session_manager_client_); @@ -326,8 +326,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { // Store policy. chromeos::SessionManagerClient::StorePolicyCallback store_callback; EXPECT_CALL(session_manager_client_, - StorePolicyForUser(PolicyBuilder::kFakeUsername, - policy_.GetBlob(), _)) + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) .WillOnce(SaveArg<2>(&store_callback)); store_->Store(policy_.policy()); RunUntilIdle(); @@ -351,8 +350,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { chromeos::SessionManagerClient::StorePolicyCallback store_callback; ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); EXPECT_CALL(session_manager_client_, - StorePolicyForUser(PolicyBuilder::kFakeUsername, - policy_.GetBlob(), _)) + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); @@ -362,8 +360,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { // Make the dbus call to cryptohome fail. Mock::VerifyAndClearExpectations(&cryptohome_client_); - EXPECT_CALL(cryptohome_client_, - GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) + EXPECT_CALL(cryptohome_client_, GetSanitizedUsername(cryptohome_id_, _)) .Times(AnyNumber()) .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, std::string())); @@ -372,8 +369,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { chromeos::SessionManagerClient::StorePolicyCallback store_callback; ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); EXPECT_CALL(session_manager_client_, - StorePolicyForUser(PolicyBuilder::kFakeUsername, - policy_.GetBlob(), _)) + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); @@ -388,8 +384,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { chromeos::SessionManagerClient::StorePolicyCallback store_callback; ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); EXPECT_CALL(session_manager_client_, - StorePolicyForUser(PolicyBuilder::kFakeUsername, - policy_.GetBlob(), _)) + StorePolicyForUser(cryptohome_id_, policy_.GetBlob(), _)) .Times(0); store_->Store(policy_.policy()); RunUntilIdle(); @@ -580,10 +575,9 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); EXPECT_CALL(session_manager_client_, - BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) + BlockingRetrievePolicyForUser(cryptohome_id_)) .WillOnce(Return(policy_.GetBlob())); - EXPECT_CALL(cryptohome_client_, - BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername)) + EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) .WillOnce(Return(kSanitizedUsername)); EXPECT_FALSE(store_->policy()); @@ -606,7 +600,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediately) { TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); EXPECT_CALL(session_manager_client_, - BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) + BlockingRetrievePolicyForUser(cryptohome_id_)) .WillOnce(Return("")); EXPECT_FALSE(store_->policy()); @@ -622,7 +616,7 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoPolicy) { TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { EXPECT_CALL(observer_, OnStoreError(store_.get())); EXPECT_CALL(session_manager_client_, - BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) + BlockingRetrievePolicyForUser(cryptohome_id_)) .WillOnce(Return("le blob")); EXPECT_FALSE(store_->policy()); @@ -638,10 +632,9 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyInvalidBlob) { TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { EXPECT_CALL(observer_, OnStoreError(store_.get())); EXPECT_CALL(session_manager_client_, - BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) + BlockingRetrievePolicyForUser(cryptohome_id_)) .WillOnce(Return(policy_.GetBlob())); - EXPECT_CALL(cryptohome_client_, - BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername)) + EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) .WillOnce(Return("")); EXPECT_FALSE(store_->policy()); @@ -658,10 +651,9 @@ TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyDBusFailure) { TEST_F(UserCloudPolicyStoreChromeOSTest, LoadImmediatelyNoUserPolicyKey) { EXPECT_CALL(observer_, OnStoreError(store_.get())); EXPECT_CALL(session_manager_client_, - BlockingRetrievePolicyForUser(PolicyBuilder::kFakeUsername)) + BlockingRetrievePolicyForUser(cryptohome_id_)) .WillOnce(Return(policy_.GetBlob())); - EXPECT_CALL(cryptohome_client_, - BlockingGetSanitizedUsername(PolicyBuilder::kFakeUsername)) + EXPECT_CALL(cryptohome_client_, BlockingGetSanitizedUsername(cryptohome_id_)) .WillOnce(Return("wrong@example.com")); EXPECT_FALSE(store_->policy()); diff --git a/chrome/browser/chromeos/settings/device_settings_test_helper.cc b/chrome/browser/chromeos/settings/device_settings_test_helper.cc index 48b6aee..63701db 100644 --- a/chrome/browser/chromeos/settings/device_settings_test_helper.cc +++ b/chrome/browser/chromeos/settings/device_settings_test_helper.cc @@ -14,6 +14,7 @@ #include "chrome/browser/chromeos/settings/device_settings_service.h" #include "chrome/test/base/testing_browser_process.h" #include "chrome/test/base/testing_profile.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "components/ownership/mock_owner_key_util.h" #include "content/public/browser/browser_thread.h" @@ -111,7 +112,8 @@ void DeviceSettingsTestHelper::EmitLoginPromptVisible() {} void DeviceSettingsTestHelper::RestartJob( const std::vector<std::string>& argv) {} -void DeviceSettingsTestHelper::StartSession(const std::string& user_email) {} +void DeviceSettingsTestHelper::StartSession( + const cryptohome::Identification& cryptohome_id) {} void DeviceSettingsTestHelper::StopSession() {} @@ -136,12 +138,11 @@ void DeviceSettingsTestHelper::RetrieveDevicePolicy( } void DeviceSettingsTestHelper::RetrievePolicyForUser( - const std::string& username, - const RetrievePolicyCallback& callback) { -} + const cryptohome::Identification& cryptohome_id, + const RetrievePolicyCallback& callback) {} std::string DeviceSettingsTestHelper::BlockingRetrievePolicyForUser( - const std::string& username) { + const cryptohome::Identification& cryptohome_id) { return ""; } @@ -160,10 +161,9 @@ void DeviceSettingsTestHelper::StoreDevicePolicy( } void DeviceSettingsTestHelper::StorePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, - const StorePolicyCallback& callback) { -} + const StorePolicyCallback& callback) {} void DeviceSettingsTestHelper::StoreDeviceLocalAccountPolicy( const std::string& account_id, @@ -174,7 +174,7 @@ void DeviceSettingsTestHelper::StoreDeviceLocalAccountPolicy( } void DeviceSettingsTestHelper::SetFlagsForUser( - const std::string& account_id, + const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) {} void DeviceSettingsTestHelper::GetServerBackedStateKeys( diff --git a/chrome/browser/chromeos/settings/device_settings_test_helper.h b/chrome/browser/chromeos/settings/device_settings_test_helper.h index cb36b6a..5bf73f3 100644 --- a/chrome/browser/chromeos/settings/device_settings_test_helper.h +++ b/chrome/browser/chromeos/settings/device_settings_test_helper.h @@ -89,7 +89,7 @@ class DeviceSettingsTestHelper : public SessionManagerClient { bool IsScreenLocked() const override; void EmitLoginPromptVisible() override; void RestartJob(const std::vector<std::string>& argv) override; - void StartSession(const std::string& user_email) override; + void StartSession(const cryptohome::Identification& cryptohome_id) override; void StopSession() override; void NotifySupervisedUserCreationStarted() override; void NotifySupervisedUserCreationFinished() override; @@ -99,23 +99,23 @@ class DeviceSettingsTestHelper : public SessionManagerClient { void NotifyLockScreenDismissed() override; void RetrieveActiveSessions(const ActiveSessionsCallback& callback) override; void RetrieveDevicePolicy(const RetrievePolicyCallback& callback) override; - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override; std::string BlockingRetrievePolicyForUser( - const std::string& username) override; + const cryptohome::Identification& cryptohome_id) override; void RetrieveDeviceLocalAccountPolicy( const std::string& account_id, const RetrievePolicyCallback& callback) override; void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) override; - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override; void StoreDeviceLocalAccountPolicy( const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) override; - void SetFlagsForUser(const std::string& account_id, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override; void GetServerBackedStateKeys(const StateKeysCallback& callback) override; diff --git a/chrome/browser/download/notification/download_notification_browsertest.cc b/chrome/browser/download/notification/download_notification_browsertest.cc index 98f81ea..fe7205c 100644 --- a/chrome/browser/download/notification/download_notification_browsertest.cc +++ b/chrome/browser/download/notification/download_notification_browsertest.cc @@ -1194,10 +1194,12 @@ class MultiProfileDownloadNotificationTest user_manager::UserManager* const user_manager = user_manager::UserManager::Get(); if (log_in) - user_manager->UserLoggedIn(AccountId::FromUserEmail(info.email), - info.hash, false); - user_manager->SaveUserDisplayName(AccountId::FromUserEmail(info.email), - base::UTF8ToUTF16(info.display_name)); + user_manager->UserLoggedIn( + AccountId::FromUserEmailGaiaId(info.email, info.gaia_id), info.hash, + false); + user_manager->SaveUserDisplayName( + AccountId::FromUserEmailGaiaId(info.email, info.gaia_id), + base::UTF8ToUTF16(info.display_name)); SigninManagerFactory::GetForProfile( chromeos::ProfileHelper::GetProfileByUserIdHash(info.hash)) ->SetAuthenticatedAccountInfo(info.gaia_id, info.email); diff --git a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api_unittest.cc b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api_unittest.cc index f0694a0..97a58a1 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api_unittest.cc +++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_api_unittest.cc @@ -20,6 +20,8 @@ #include "chrome/browser/ui/browser.h" #include "chrome/common/pref_names.h" #include "chrome/test/base/browser_with_test_window_test.h" +#include "chrome/test/base/testing_browser_process.h" +#include "chrome/test/base/testing_profile_manager.h" #include "chromeos/attestation/attestation_constants.h" #include "chromeos/attestation/mock_attestation_flow.h" #include "chromeos/cryptohome/async_method_caller.h" @@ -72,7 +74,7 @@ class FakeBoolDBusMethod { void RegisterKeyCallbackTrue( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const cryptohome::AsyncMethodCaller::Callback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -81,7 +83,7 @@ void RegisterKeyCallbackTrue( void RegisterKeyCallbackFalse( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const cryptohome::AsyncMethodCaller::Callback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -90,7 +92,7 @@ void RegisterKeyCallbackFalse( void SignChallengeCallbackTrue( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -103,7 +105,7 @@ void SignChallengeCallbackTrue( void SignChallengeCallbackFalse( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -116,7 +118,7 @@ void SignChallengeCallbackFalse( void GetCertificateCallbackTrue( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const chromeos::attestation::AttestationFlow::CertificateCallback& @@ -127,7 +129,7 @@ void GetCertificateCallbackTrue( void GetCertificateCallbackFalse( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const chromeos::attestation::AttestationFlow::CertificateCallback& @@ -141,6 +143,7 @@ class EPKChallengeKeyTestBase : public BrowserWithTestWindowTest { EPKChallengeKeyTestBase() : settings_helper_(false), extension_(test_util::CreateEmptyExtension()), + profile_manager_(TestingBrowserProcess::GetGlobal()), fake_user_manager_(new chromeos::FakeChromeUserManager), user_manager_enabler_(fake_user_manager_) { // Set up the default behavior of mocks. @@ -169,6 +172,8 @@ class EPKChallengeKeyTestBase : public BrowserWithTestWindowTest { } void SetUp() override { + ASSERT_TRUE(profile_manager_.SetUp()); + BrowserWithTestWindowTest::SetUp(); // Set the user preferences. @@ -178,8 +183,19 @@ class EPKChallengeKeyTestBase : public BrowserWithTestWindowTest { prefs_->Set(prefs::kAttestationExtensionWhitelist, whitelist); SetAuthenticatedUser(); + } + + // This will be called by BrowserWithTestWindowTest::SetUp(); + TestingProfile* CreateProfile() override { fake_user_manager_->AddUserWithAffiliation( AccountId::FromUserEmail(kUserEmail), true); + return profile_manager_.CreateTestingProfile(kUserEmail); + } + + void DestroyProfile(TestingProfile* profile) override { + profile_manager_.DeleteTestingProfile(profile->GetProfileUserName()); + // Profile itself will be destroyed later in + // ProfileManager::ProfileInfo::~ProfileInfo() . } // Derived classes can override this method to set the required authenticated @@ -228,9 +244,11 @@ class EPKChallengeKeyTestBase : public BrowserWithTestWindowTest { chromeos::ScopedCrosSettingsTestHelper settings_helper_; scoped_refptr<extensions::Extension> extension_; policy::StubEnterpriseInstallAttributes stub_install_attributes_; - PrefService* prefs_; + TestingProfileManager profile_manager_; + // fake_user_manager_ is owned by user_manager_enabler_. chromeos::FakeChromeUserManager* fake_user_manager_; chromeos::ScopedUserManagerEnabler user_manager_enabler_; + PrefService* prefs_ = nullptr; }; class EPKChallengeMachineKeyTest : public EPKChallengeKeyTestBase { @@ -328,10 +346,11 @@ TEST_F(EPKChallengeMachineKeyTest, Success) { _, _, _, _)) .Times(1); // SignEnterpriseChallenge must be called exactly once. - EXPECT_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_DEVICE, "", "attest-ent-machine", - "google.com", "device_id", _, "challenge", _)) + EXPECT_CALL( + mock_async_method_caller_, + TpmAttestationSignEnterpriseChallenge( + chromeos::attestation::KEY_DEVICE, cryptohome::Identification(), + "attest-ent-machine", "google.com", "device_id", _, "challenge", _)) .Times(1); scoped_ptr<base::Value> value( @@ -492,17 +511,19 @@ TEST_F(EPKChallengeUserKeyTest, Success) { GetCertificate(chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, _, _, _, _)) .Times(1); + const cryptohome::Identification cryptohome_id( + AccountId::FromUserEmail(kUserEmail)); // SignEnterpriseChallenge must be called exactly once. EXPECT_CALL( mock_async_method_caller_, TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_USER, kUserEmail, "attest-ent-user", + chromeos::attestation::KEY_USER, cryptohome_id, "attest-ent-user", kUserEmail, "device_id", _, "challenge", _)) .Times(1); // RegisterKey must be called exactly once. EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(chromeos::attestation::KEY_USER, - kUserEmail, "attest-ent-user", _)) + cryptohome_id, "attest-ent-user", _)) .Times(1); scoped_ptr<base::Value> value( @@ -537,8 +558,19 @@ class EPKChallengeMachineKeyUnmanagedUserTest protected: void SetAuthenticatedUser() override { SigninManagerFactory::GetForProfile(browser()->profile()) - ->SetAuthenticatedAccountInfo("12345", "test@chromium.com"); + ->SetAuthenticatedAccountInfo(account_id_.GetGaiaId(), + account_id_.GetUserEmail()); + } + + TestingProfile* CreateProfile() override { + fake_user_manager_->AddUser(account_id_); + TestingProfile* profile = + profile_manager_.CreateTestingProfile(account_id_.GetUserEmail()); + return profile; } + + const AccountId account_id_ = + AccountId::FromUserEmailGaiaId("test@chromium.com", "12345"); }; TEST_F(EPKChallengeMachineKeyUnmanagedUserTest, UserNotManaged) { @@ -550,8 +582,19 @@ class EPKChallengeUserKeyUnmanagedUserTest : public EPKChallengeUserKeyTest { protected: void SetAuthenticatedUser() override { SigninManagerFactory::GetForProfile(browser()->profile()) - ->SetAuthenticatedAccountInfo("12345", "test@chromium.com"); + ->SetAuthenticatedAccountInfo(account_id_.GetGaiaId(), + account_id_.GetUserEmail()); } + + TestingProfile* CreateProfile() override { + fake_user_manager_->AddUser(account_id_); + TestingProfile* profile = + profile_manager_.CreateTestingProfile(account_id_.GetUserEmail()); + return profile; + } + + const AccountId account_id_ = + AccountId::FromUserEmailGaiaId("test@chromium.com", "12345"); }; TEST_F(EPKChallengeUserKeyUnmanagedUserTest, UserNotManaged) { diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc index 2d95cd0a..b394488 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc @@ -16,6 +16,7 @@ #include "chrome/browser/chromeos/attestation/attestation_ca_client.h" #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" +#include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chrome/browser/extensions/chrome_extension_function_details.h" #include "chrome/browser/profiles/profile.h" @@ -25,6 +26,7 @@ #include "chromeos/attestation/attestation_constants.h" #include "chromeos/attestation/attestation_flow.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/dbus_thread_manager.h" @@ -33,6 +35,7 @@ #include "components/prefs/pref_service.h" #include "components/signin/core/account_id/account_id.h" #include "components/signin/core/browser/signin_manager.h" +#include "components/user_manager/known_user.h" #include "components/user_manager/user.h" #include "components/user_manager/user_manager.h" #include "google_apis/gaia/gaia_auth_util.h" @@ -59,18 +62,17 @@ const char EPKPChallengeKeyBase::kUserNotManaged[] = EPKPChallengeKeyBase::PrepareKeyContext::PrepareKeyContext( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, const base::Callback<void(PrepareKeyResult)>& callback) : key_type(key_type), - user_id(user_id), + account_id(account_id), key_name(key_name), certificate_profile(certificate_profile), require_user_consent(require_user_consent), - callback(callback) { -} + callback(callback) {} EPKPChallengeKeyBase::PrepareKeyContext::~PrepareKeyContext() { } @@ -141,16 +143,21 @@ bool EPKPChallengeKeyBase::IsExtensionWhitelisted() const { return list->Find(value) != list->end(); } -bool EPKPChallengeKeyBase::IsUserManaged() const { - std::string email = GetUserEmail(); +AccountId EPKPChallengeKeyBase::GetAccountId() const { + const user_manager::User* user = + chromeos::ProfileHelper::Get()->GetUserByProfile(profile_); - if (email.empty()) { - return false; + // Signin profile doesn't have associated user. + if (!user) { + return EmptyAccountId(); } + return user->GetAccountId(); +} + +bool EPKPChallengeKeyBase::IsUserManaged() const { const user_manager::User* const user = - user_manager::UserManager::Get()->FindUser( - AccountId::FromUserEmail(email)); + user_manager::UserManager::Get()->FindUser(GetAccountId()); if (user) { return user->IsAffiliated(); @@ -164,13 +171,7 @@ std::string EPKPChallengeKeyBase::GetEnterpriseDomain() const { } std::string EPKPChallengeKeyBase::GetUserEmail() const { - SigninManagerBase* signin_manager = - SigninManagerFactory::GetForProfile(profile_); - if (!signin_manager) - return std::string(); - - return gaia::CanonicalizeEmail( - signin_manager->GetAuthenticatedAccountInfo().email); + return GetAccountId().GetUserEmail(); } std::string EPKPChallengeKeyBase::GetDeviceId() const { @@ -179,13 +180,13 @@ std::string EPKPChallengeKeyBase::GetDeviceId() const { void EPKPChallengeKeyBase::PrepareKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, const base::Callback<void(PrepareKeyResult)>& callback) { const PrepareKeyContext context = PrepareKeyContext(key_type, - user_id, + account_id, key_name, certificate_profile, require_user_consent, @@ -209,7 +210,8 @@ void EPKPChallengeKeyBase::IsAttestationPreparedCallback( } // Attestation is available, see if the key we need already exists. cryptohome_client_->TpmAttestationDoesKeyExist( - context.key_type, context.user_id, context.key_name, + context.key_type, cryptohome::Identification(context.account_id), + context.key_name, base::Bind(&EPKPChallengeKeyBase::DoesKeyExistCallback, base::Unretained(this), context)); } @@ -259,7 +261,7 @@ void EPKPChallengeKeyBase::AskForUserConsentCallback( // Generate a new key and have it signed by PCA. attestation_flow_->GetCertificate( - context.certificate_profile, context.user_id, + context.certificate_profile, context.account_id, std::string(), // Not used. true, // Force a new key to be generated. base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, @@ -356,7 +358,7 @@ void EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback( } PrepareKey(chromeos::attestation::KEY_DEVICE, - std::string(), // Not used. + EmptyAccountId(), // Not used. kKeyName, chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, false, // user consent is not required. @@ -375,7 +377,7 @@ void EPKPChallengeMachineKey::PrepareKeyCallback( // Everything is checked. Sign the challenge. async_caller_->TpmAttestationSignEnterpriseChallenge( chromeos::attestation::KEY_DEVICE, - std::string(), // Not used. + cryptohome::Identification(), // Not used. kKeyName, GetEnterpriseDomain(), GetDeviceId(), chromeos::attestation::CHALLENGE_OPTION_NONE, challenge, base::Bind(&EPKPChallengeMachineKey::SignChallengeCallback, @@ -489,7 +491,7 @@ void EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback( return; } - PrepareKey(chromeos::attestation::KEY_USER, GetUserEmail(), kKeyName, + PrepareKey(chromeos::attestation::KEY_USER, GetAccountId(), kKeyName, chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, require_user_consent, base::Bind(&EPKPChallengeUserKey::PrepareKeyCallback, @@ -507,7 +509,8 @@ void EPKPChallengeUserKey::PrepareKeyCallback(const std::string& challenge, // Everything is checked. Sign the challenge. async_caller_->TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_USER, GetUserEmail(), kKeyName, GetUserEmail(), + chromeos::attestation::KEY_USER, + cryptohome::Identification(GetAccountId()), kKeyName, GetUserEmail(), GetDeviceId(), register_key ? chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY : chromeos::attestation::CHALLENGE_OPTION_NONE, @@ -525,7 +528,8 @@ void EPKPChallengeUserKey::SignChallengeCallback(bool register_key, if (register_key) { async_caller_->TpmAttestationRegisterKey( - chromeos::attestation::KEY_USER, GetUserEmail(), kKeyName, + chromeos::attestation::KEY_USER, + cryptohome::Identification(GetAccountId()), kKeyName, base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, base::Unretained(this), response)); } else { diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h index 19f201b..98bb8d2 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h @@ -18,6 +18,7 @@ #include "chromeos/attestation/attestation_flow.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_method_call_status.h" +#include "components/signin/core/account_id/account_id.h" #include "extensions/browser/extension_function.h" #include "third_party/cros_system_api/dbus/service_constants.h" @@ -94,6 +95,9 @@ class EPKPChallengeKeyBase { // Returns the user email. std::string GetUserEmail() const; + // Returns account id. + AccountId GetAccountId() const; + // Returns the enterprise virtual device ID. std::string GetDeviceId() const; @@ -103,7 +107,7 @@ class EPKPChallengeKeyBase { // user consent before calling GetCertificate(). void PrepareKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, @@ -120,18 +124,17 @@ class EPKPChallengeKeyBase { private: // Holds the context of a PrepareKey() operation. struct PrepareKeyContext { - PrepareKeyContext( - chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - chromeos::attestation::AttestationCertificateProfile - certificate_profile, - bool require_user_consent, - const base::Callback<void(PrepareKeyResult)>& callback); + PrepareKeyContext(chromeos::attestation::AttestationKeyType key_type, + const AccountId& account_id, + const std::string& key_name, + chromeos::attestation::AttestationCertificateProfile + certificate_profile, + bool require_user_consent, + const base::Callback<void(PrepareKeyResult)>& callback); ~PrepareKeyContext(); chromeos::attestation::AttestationKeyType key_type; - const std::string user_id; + const AccountId account_id; const std::string key_name; chromeos::attestation::AttestationCertificateProfile certificate_profile; bool require_user_consent; diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc index 4867a5e..e52f893 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc @@ -20,9 +20,12 @@ #include "chrome/browser/ui/browser.h" #include "chrome/common/pref_names.h" #include "chrome/test/base/browser_with_test_window_test.h" +#include "chrome/test/base/testing_browser_process.h" +#include "chrome/test/base/testing_profile_manager.h" #include "chromeos/attestation/attestation_constants.h" #include "chromeos/attestation/mock_attestation_flow.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/cryptohome/mock_async_method_caller.h" #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/mock_cryptohome_client.h" @@ -74,7 +77,7 @@ class FakeBoolDBusMethod { void RegisterKeyCallbackTrue( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const cryptohome::AsyncMethodCaller::Callback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -84,7 +87,7 @@ void RegisterKeyCallbackTrue( void RegisterKeyCallbackFalse( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const cryptohome::AsyncMethodCaller::Callback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -94,7 +97,7 @@ void RegisterKeyCallbackFalse( void SignChallengeCallbackTrue( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -108,7 +111,7 @@ void SignChallengeCallbackTrue( void SignChallengeCallbackFalse( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -122,7 +125,7 @@ void SignChallengeCallbackFalse( void GetCertificateCallbackTrue( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const chromeos::attestation::AttestationFlow::CertificateCallback& @@ -134,7 +137,7 @@ void GetCertificateCallbackTrue( void GetCertificateCallbackFalse( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const chromeos::attestation::AttestationFlow::CertificateCallback& @@ -147,9 +150,11 @@ void GetCertificateCallbackFalse( class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { protected: EPKPChallengeKeyTestBase() - : settings_helper_(false), extension_(test_util::CreateEmptyExtension()), + : settings_helper_(false), + extension_(test_util::CreateEmptyExtension()), + profile_manager_(TestingBrowserProcess::GetGlobal()), fake_user_manager_(new chromeos::FakeChromeUserManager), - user_manager_enabler_(fake_user_manager_){ + user_manager_enabler_(fake_user_manager_) { // Set up the default behavior of mocks. ON_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) .WillByDefault(WithArgs<3>(Invoke(FakeBoolDBusMethod( @@ -176,6 +181,8 @@ class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { } void SetUp() override { + ASSERT_TRUE(profile_manager_.SetUp()); + BrowserWithTestWindowTest::SetUp(); // Set the user preferences. @@ -185,8 +192,19 @@ class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { prefs_->Set(prefs::kAttestationExtensionWhitelist, whitelist); SetAuthenticatedUser(); + } + + // This will be called by BrowserWithTestWindowTest::SetUp(); + TestingProfile* CreateProfile() override { fake_user_manager_->AddUserWithAffiliation( AccountId::FromUserEmail(kUserEmail), true); + return profile_manager_.CreateTestingProfile(kUserEmail); + } + + void DestroyProfile(TestingProfile* profile) override { + profile_manager_.DeleteTestingProfile(profile->GetProfileUserName()); + // Profile itself will be destroyed later in + // ProfileManager::ProfileInfo::~ProfileInfo() . } // Derived classes can override this method to set the required authenticated @@ -202,9 +220,11 @@ class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { chromeos::ScopedCrosSettingsTestHelper settings_helper_; scoped_refptr<extensions::Extension> extension_; policy::StubEnterpriseInstallAttributes stub_install_attributes_; - PrefService* prefs_; + TestingProfileManager profile_manager_; + // fake_user_manager_ is owned by user_manager_enabler_. chromeos::FakeChromeUserManager* fake_user_manager_; chromeos::ScopedUserManagerEnabler user_manager_enabler_; + PrefService* prefs_ = nullptr; }; class EPKPChallengeMachineKeyTest : public EPKPChallengeKeyTestBase { @@ -308,10 +328,11 @@ TEST_F(EPKPChallengeMachineKeyTest, Success) { _, _, _, _)) .Times(1); // SignEnterpriseChallenge must be called exactly once. - EXPECT_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_DEVICE, "", "attest-ent-machine", - "google.com", "device_id", _, "challenge", _)) + EXPECT_CALL( + mock_async_method_caller_, + TpmAttestationSignEnterpriseChallenge( + chromeos::attestation::KEY_DEVICE, cryptohome::Identification(), + "attest-ent-machine", "google.com", "device_id", _, "challenge", _)) .Times(1); scoped_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult( @@ -470,17 +491,19 @@ TEST_F(EPKPChallengeUserKeyTest, Success) { chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, _, _, _, _)) .Times(1); + const AccountId account_id = AccountId::FromUserEmail(kUserEmail); // SignEnterpriseChallenge must be called exactly once. EXPECT_CALL(mock_async_method_caller_, TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_USER, kUserEmail, - "attest-ent-user", kUserEmail, "device_id", _, + chromeos::attestation::KEY_USER, + cryptohome::Identification(account_id), "attest-ent-user", + cryptohome::Identification(account_id).id(), "device_id", _, "challenge", _)) .Times(1); // RegisterKey must be called exactly once. EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(chromeos::attestation::KEY_USER, - kUserEmail, + cryptohome::Identification(account_id), "attest-ent-user", _)) .Times(1); @@ -514,9 +537,20 @@ class EPKPChallengeMachineKeyUnmanagedUserTest : public EPKPChallengeMachineKeyTest { protected: void SetAuthenticatedUser() override { - SigninManagerFactory::GetForProfile(browser()->profile())-> - SetAuthenticatedAccountInfo("12345", "test@chromium.com"); + SigninManagerFactory::GetForProfile(browser()->profile()) + ->SetAuthenticatedAccountInfo(account_id_.GetGaiaId(), + account_id_.GetUserEmail()); } + + TestingProfile* CreateProfile() override { + fake_user_manager_->AddUser(account_id_); + TestingProfile* profile = + profile_manager_.CreateTestingProfile(account_id_.GetUserEmail()); + return profile; + } + + const AccountId account_id_ = + AccountId::FromUserEmailGaiaId("test@chromium.com", "12345"); }; TEST_F(EPKPChallengeMachineKeyUnmanagedUserTest, UserNotManaged) { @@ -527,9 +561,20 @@ TEST_F(EPKPChallengeMachineKeyUnmanagedUserTest, UserNotManaged) { class EPKPChallengeUserKeyUnmanagedUserTest : public EPKPChallengeUserKeyTest { protected: void SetAuthenticatedUser() override { - SigninManagerFactory::GetForProfile(browser()->profile())-> - SetAuthenticatedAccountInfo("12345", "test@chromium.com"); + SigninManagerFactory::GetForProfile(browser()->profile()) + ->SetAuthenticatedAccountInfo(account_id_.GetGaiaId(), + account_id_.GetUserEmail()); } + + TestingProfile* CreateProfile() override { + fake_user_manager_->AddUser(account_id_); + TestingProfile* profile = + profile_manager_.CreateTestingProfile(account_id_.GetUserEmail()); + return profile; + } + + const AccountId account_id_ = + AccountId::FromUserEmailGaiaId("test@chromium.com", "12345"); }; TEST_F(EPKPChallengeUserKeyUnmanagedUserTest, UserNotManaged) { diff --git a/chrome/browser/extensions/api/networking_private/networking_private_chromeos_apitest.cc b/chrome/browser/extensions/api/networking_private/networking_private_chromeos_apitest.cc index f11313f..32709b6 100644 --- a/chrome/browser/extensions/api/networking_private/networking_private_chromeos_apitest.cc +++ b/chrome/browser/extensions/api/networking_private/networking_private_chromeos_apitest.cc @@ -16,6 +16,7 @@ #include "chrome/browser/extensions/api/networking_private/networking_private_ui_delegate_chromeos.h" #include "chrome/browser/extensions/extension_apitest.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/shill_device_client.h" @@ -195,8 +196,11 @@ class NetworkingPrivateChromeOSApiTest : public ExtensionApiTest { // TODO(pneubeck): Remove the following hack, once the NetworkingPrivateAPI // uses the ProfileHelper to obtain the userhash crbug/238623. - const std::string login_user = chromeos::login::CanonicalizeUserID( - command_line->GetSwitchValueNative(chromeos::switches::kLoginUser)); + const cryptohome::Identification login_user = + cryptohome::Identification::FromString( + chromeos::login::CanonicalizeUserID( + command_line->GetSwitchValueNative( + chromeos::switches::kLoginUser))); const std::string sanitized_user = CryptohomeClient::GetStubSanitizedUsername(login_user); command_line->AppendSwitchASCII(chromeos::switches::kLoginProfile, @@ -209,7 +213,8 @@ class NetworkingPrivateChromeOSApiTest : public ExtensionApiTest { CHECK(user); std::string userhash; DBusThreadManager::Get()->GetCryptohomeClient()->GetSanitizedUsername( - user->email(), base::Bind(&AssignString, &userhash_)); + cryptohome::Identification(user->GetAccountId()), + base::Bind(&AssignString, &userhash_)); content::RunAllPendingInMessageLoop(); CHECK(!userhash_.empty()); } diff --git a/chrome/browser/extensions/extension_browsertest.cc b/chrome/browser/extensions/extension_browsertest.cc index ace18cd..3476574 100644 --- a/chrome/browser/extensions/extension_browsertest.cc +++ b/chrome/browser/extensions/extension_browsertest.cc @@ -138,7 +138,7 @@ void ExtensionBrowserTest::SetUpCommandLine(base::CommandLine* command_line) { // ExtensionService and then the real profile with one, as we do when // running on chromeos. command_line->AppendSwitchASCII(chromeos::switches::kLoginUser, - "TestUser@gmail.com"); + "testuser@gmail.com"); command_line->AppendSwitchASCII(chromeos::switches::kLoginProfile, "user"); } #endif diff --git a/chrome/browser/policy/cloud/cloud_policy_browsertest.cc b/chrome/browser/policy/cloud/cloud_policy_browsertest.cc index 360fc36..b660aa0 100644 --- a/chrome/browser/policy/cloud/cloud_policy_browsertest.cc +++ b/chrome/browser/policy/cloud/cloud_policy_browsertest.cc @@ -54,8 +54,10 @@ #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h" #include "chromeos/chromeos_paths.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/login/user_names.h" +#include "components/signin/core/account_id/account_id.h" #else #include "chrome/browser/policy/cloud/user_cloud_policy_manager_factory.h" #include "chrome/browser/signin/signin_manager_factory.h" @@ -334,7 +336,9 @@ class CloudPolicyTest : public InProcessBrowserTest, ASSERT_TRUE( PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &user_policy_key_dir)); std::string sanitized_username = - chromeos::CryptohomeClient::GetStubSanitizedUsername(GetTestUser()); + chromeos::CryptohomeClient::GetStubSanitizedUsername( + cryptohome::Identification( + AccountId::FromUserEmail(GetTestUser()))); user_policy_key_file_ = user_policy_key_dir.AppendASCII(sanitized_username) .AppendASCII("policy.pub"); #endif diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc index 9e86ca9..f34a67b 100644 --- a/chrome/browser/profiles/profile_io_data.cc +++ b/chrome/browser/profiles/profile_io_data.cc @@ -295,15 +295,14 @@ void DidGetTPMInfoForUserOnUIThread( } } -void GetTPMInfoForUserOnUIThread(const std::string& username, +void GetTPMInfoForUserOnUIThread(const AccountId& account_id, const std::string& username_hash) { DCHECK_CURRENTLY_ON(BrowserThread::UI); DVLOG(1) << "Getting TPM info from cryptohome for " - << " " << username << " " << username_hash; + << " " << account_id.Serialize() << " " << username_hash; scoped_ptr<chromeos::TPMTokenInfoGetter> scoped_token_info_getter = chromeos::TPMTokenInfoGetter::CreateForUserToken( - username, - chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), + account_id, chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), base::ThreadTaskRunnerHandle::Get()); chromeos::TPMTokenInfoGetter* token_info_getter = scoped_token_info_getter.get(); @@ -318,21 +317,20 @@ void GetTPMInfoForUserOnUIThread(const std::string& username, username_hash)); } -void StartTPMSlotInitializationOnIOThread(const std::string& username, +void StartTPMSlotInitializationOnIOThread(const AccountId& account_id, const std::string& username_hash) { DCHECK_CURRENTLY_ON(BrowserThread::IO); BrowserThread::PostTask( - BrowserThread::UI, - FROM_HERE, - base::Bind(&GetTPMInfoForUserOnUIThread, username, username_hash)); + BrowserThread::UI, FROM_HERE, + base::Bind(&GetTPMInfoForUserOnUIThread, account_id, username_hash)); } -void StartNSSInitOnIOThread(const std::string& username, +void StartNSSInitOnIOThread(const AccountId& account_id, const std::string& username_hash, const base::FilePath& path) { DCHECK_CURRENTLY_ON(BrowserThread::IO); - DVLOG(1) << "Starting NSS init for " << username + DVLOG(1) << "Starting NSS init for " << account_id.Serialize() << " hash:" << username_hash; // Make sure NSS is initialized for the user. @@ -347,9 +345,10 @@ void StartNSSInitOnIOThread(const std::string& username, crypto::WillInitializeTPMForChromeOSUser(username_hash); if (crypto::IsTPMTokenEnabledForNSS()) { - if (crypto::IsTPMTokenReady(base::Bind( - &StartTPMSlotInitializationOnIOThread, username, username_hash))) { - StartTPMSlotInitializationOnIOThread(username, username_hash); + if (crypto::IsTPMTokenReady( + base::Bind(&StartTPMSlotInitializationOnIOThread, account_id, + username_hash))) { + StartTPMSlotInitializationOnIOThread(account_id, username_hash); } else { DVLOG(1) << "Waiting for tpm ready ..."; } @@ -446,12 +445,10 @@ void ProfileIOData::InitializeOnUIThread(Profile* profile) { if (user && !user->username_hash().empty()) { params->username_hash = user->username_hash(); DCHECK(!params->username_hash.empty()); - BrowserThread::PostTask(BrowserThread::IO, - FROM_HERE, - base::Bind(&StartNSSInitOnIOThread, - user->email(), - user->username_hash(), - profile->GetPath())); + BrowserThread::PostTask( + BrowserThread::IO, FROM_HERE, + base::Bind(&StartNSSInitOnIOThread, user->GetAccountId(), + user->username_hash(), profile->GetPath())); // Use the device-wide system key slot only if the user is affiliated on // the device. diff --git a/chrome/browser/ui/startup/startup_browser_creator.cc b/chrome/browser/ui/startup/startup_browser_creator.cc index a03c8e0..3eb74b0 100644 --- a/chrome/browser/ui/startup/startup_browser_creator.cc +++ b/chrome/browser/ui/startup/startup_browser_creator.cc @@ -87,6 +87,7 @@ #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/lifetime/application_lifetime.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "components/user_manager/user_manager.h" #endif @@ -662,7 +663,9 @@ bool StartupBrowserCreator::ProcessCmdLineImpl( // possible. We should instead cleanly exit and go back to the OOBE screen, // where we will launch again after the timeout has expired. if (chromeos::DemoAppLauncher::IsDemoAppSession( - command_line.GetSwitchValueASCII(chromeos::switches::kLoginUser))) { + cryptohome::Identification::FromString( + command_line.GetSwitchValueASCII(chromeos::switches::kLoginUser)) + .GetAccountId())) { chrome::AttemptUserExit(); return false; } diff --git a/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc index c25df97..57fdb11 100644 --- a/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc +++ b/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc @@ -441,7 +441,6 @@ void GaiaScreenHandler::HandleCompleteAuthentication( Delegate()->SetDisplayEmail(sanitized_email); UserContext user_context(GetAccountId(email, gaia_id)); - user_context.SetGaiaID(gaia_id); user_context.SetKey(Key(password)); user_context.SetAuthCode(auth_code); user_context.SetAuthFlow(using_saml @@ -525,7 +524,6 @@ void GaiaScreenHandler::DoCompleteLogin(const std::string& gaia_id, const std::string sanitized_email = gaia::SanitizeEmail(typed_email); Delegate()->SetDisplayEmail(sanitized_email); UserContext user_context(GetAccountId(typed_email, gaia_id)); - user_context.SetGaiaID(gaia_id); user_context.SetKey(Key(password)); user_context.SetAuthFlow(using_saml ? UserContext::AUTH_FLOW_GAIA_WITH_SAML diff --git a/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc index fcd55d9..14b1834 100644 --- a/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc +++ b/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc @@ -1003,7 +1003,7 @@ void SigninScreenHandler::HandleAuthenticateUser(const AccountId& account_id, } void SigninScreenHandler::HandleLaunchIncognito() { - UserContext context(user_manager::USER_TYPE_GUEST, std::string()); + UserContext context(user_manager::USER_TYPE_GUEST, EmptyAccountId()); if (delegate_) delegate_->Login(context, SigninSpecifics()); } @@ -1024,8 +1024,7 @@ void SigninScreenHandler::HandleLaunchPublicSession( if (!delegate_) return; - UserContext context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, - account_id.GetUserEmail()); + UserContext context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, account_id); context.SetPublicSessionLocale(locale), context.SetPublicSessionInputMethod(input_method); delegate_->Login(context, SigninSpecifics()); @@ -1278,8 +1277,7 @@ void SigninScreenHandler::SendPublicSessionKeyboardLayouts( void SigninScreenHandler::HandleLaunchKioskApp(const AccountId& app_account_id, bool diagnostic_mode) { - UserContext context(user_manager::USER_TYPE_KIOSK_APP, - app_account_id.GetUserEmail()); + UserContext context(user_manager::USER_TYPE_KIOSK_APP, app_account_id); SigninSpecifics specifics; specifics.kiosk_diagnostic_mode = diagnostic_mode; if (delegate_) diff --git a/chrome/browser/ui/webui/flags_ui.cc b/chrome/browser/ui/webui/flags_ui.cc index 943a77f..4827404 100644 --- a/chrome/browser/ui/webui/flags_ui.cc +++ b/chrome/browser/ui/webui/flags_ui.cc @@ -44,6 +44,7 @@ #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h" #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chrome/browser/chromeos/settings/owner_flags_storage.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/session_manager_client.h" #include "components/pref_registry/pref_registry_syncable.h" @@ -246,7 +247,10 @@ void FlagsDOMHandler::HandleRestartBrowser(const base::ListValue* args) { chromeos::DBusThreadManager::Get() ->GetSessionManagerClient() ->SetFlagsForUser( - user_manager::UserManager::Get()->GetActiveUser()->email(), flags); + cryptohome::Identification(user_manager::UserManager::Get() + ->GetActiveUser() + ->GetAccountId()), + flags); #endif chrome::AttemptRestart(); } diff --git a/chrome/test/base/testing_profile.cc b/chrome/test/base/testing_profile.cc index 8897002..74c7d01 100644 --- a/chrome/test/base/testing_profile.cc +++ b/chrome/test/base/testing_profile.cc @@ -132,6 +132,9 @@ using testing::Return; namespace { +// Default profile name +const char kTestingProfile[] = "testing_profile"; + // Task used to make sure history has finished processing a request. Intended // for use with BlockUntilHistoryProcessesPendingRequests. @@ -258,7 +261,8 @@ TestingProfile::TestingProfile() browser_context_dependency_manager_( BrowserContextDependencyManager::GetInstance()), resource_context_(NULL), - delegate_(NULL) { + delegate_(NULL), + profile_name_(kTestingProfile) { CreateTempProfileDir(); profile_path_ = temp_dir_.path(); @@ -277,13 +281,13 @@ TestingProfile::TestingProfile(const base::FilePath& path) browser_context_dependency_manager_( BrowserContextDependencyManager::GetInstance()), resource_context_(NULL), - delegate_(NULL) { + delegate_(NULL), + profile_name_(kTestingProfile) { Init(); FinishInit(); } -TestingProfile::TestingProfile(const base::FilePath& path, - Delegate* delegate) +TestingProfile::TestingProfile(const base::FilePath& path, Delegate* delegate) : start_time_(Time::Now()), testing_prefs_(NULL), force_incognito_(false), @@ -294,7 +298,8 @@ TestingProfile::TestingProfile(const base::FilePath& path, browser_context_dependency_manager_( BrowserContextDependencyManager::GetInstance()), resource_context_(NULL), - delegate_(delegate) { + delegate_(delegate), + profile_name_(kTestingProfile) { Init(); if (delegate_) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -316,7 +321,8 @@ TestingProfile::TestingProfile( bool guest_session, const std::string& supervised_user_id, scoped_ptr<policy::PolicyService> policy_service, - const TestingFactories& factories) + const TestingFactories& factories, + const std::string& profile_name) : start_time_(Time::Now()), prefs_(prefs.release()), testing_prefs_(NULL), @@ -332,6 +338,7 @@ TestingProfile::TestingProfile( BrowserContextDependencyManager::GetInstance()), resource_context_(NULL), delegate_(delegate), + profile_name_(profile_name), policy_service_(policy_service.release()) { if (parent) parent->SetOffTheRecordProfile(scoped_ptr<Profile>(this)); @@ -475,8 +482,6 @@ void TestingProfile::Init() { store->SetInitializationCompleted(); } #endif - - profile_name_ = "testing_profile"; } void TestingProfile::FinishInit() { @@ -975,8 +980,8 @@ Profile::ExitType TestingProfile::GetLastSessionExitType() { TestingProfile::Builder::Builder() : build_called_(false), delegate_(NULL), - guest_session_(false) { -} + guest_session_(false), + profile_name_(kTestingProfile) {} TestingProfile::Builder::~Builder() { } @@ -1015,6 +1020,10 @@ void TestingProfile::Builder::SetPolicyService( policy_service_ = std::move(policy_service); } +void TestingProfile::Builder::SetProfileName(const std::string& profile_name) { + profile_name_ = profile_name; +} + void TestingProfile::Builder::AddTestingFactory( BrowserContextKeyedServiceFactory* service_factory, BrowserContextKeyedServiceFactory::TestingFactoryFunction callback) { @@ -1031,7 +1040,7 @@ scoped_ptr<TestingProfile> TestingProfile::Builder::Build() { extension_policy_, #endif std::move(pref_service_), NULL, guest_session_, supervised_user_id_, - std::move(policy_service_), testing_factories_)); + std::move(policy_service_), testing_factories_, profile_name_)); } TestingProfile* TestingProfile::Builder::BuildIncognito( @@ -1047,5 +1056,6 @@ TestingProfile* TestingProfile::Builder::BuildIncognito( #endif std::move(pref_service_), original_profile, guest_session_, supervised_user_id_, - std::move(policy_service_), testing_factories_); + std::move(policy_service_), testing_factories_, + profile_name_); } diff --git a/chrome/test/base/testing_profile.h b/chrome/test/base/testing_profile.h index c177c72..7004078 100644 --- a/chrome/test/base/testing_profile.h +++ b/chrome/test/base/testing_profile.h @@ -111,6 +111,9 @@ class TestingProfile : public Profile { // Sets the PolicyService to be used by this profile. void SetPolicyService(scoped_ptr<policy::PolicyService> policy_service); + // Sets the UserProfileName to be used by this profile. + void SetProfileName(const std::string& profile_name); + // Creates the TestingProfile using previously-set settings. scoped_ptr<TestingProfile> Build(); @@ -134,6 +137,7 @@ class TestingProfile : public Profile { std::string supervised_user_id_; scoped_ptr<policy::PolicyService> policy_service_; TestingFactories testing_factories_; + std::string profile_name_; DISALLOW_COPY_AND_ASSIGN(Builder); }; @@ -163,7 +167,8 @@ class TestingProfile : public Profile { bool guest_session, const std::string& supervised_user_id, scoped_ptr<policy::PolicyService> policy_service, - const TestingFactories& factories); + const TestingFactories& factories, + const std::string& profile_name); ~TestingProfile() override; diff --git a/chrome/test/base/testing_profile_manager.cc b/chrome/test/base/testing_profile_manager.cc index 1f36331..0271c18 100644 --- a/chrome/test/base/testing_profile_manager.cc +++ b/chrome/test/base/testing_profile_manager.cc @@ -87,6 +87,7 @@ TestingProfile* TestingProfileManager::CreateTestingProfile( builder.SetPath(profile_path); builder.SetPrefService(std::move(prefs)); builder.SetSupervisedUserId(supervised_user_id); + builder.SetProfileName(profile_name); for (TestingProfile::TestingFactories::const_iterator it = factories.begin(); it != factories.end(); ++it) { @@ -94,7 +95,6 @@ TestingProfile* TestingProfileManager::CreateTestingProfile( } TestingProfile* profile = builder.Build().release(); - profile->set_profile_name(profile_name); profile_manager_->AddProfile(profile); // Takes ownership. // Update the user metadata. diff --git a/chromeos/BUILD.gn b/chromeos/BUILD.gn index 8ab2c15..b7203f0 100644 --- a/chromeos/BUILD.gn +++ b/chromeos/BUILD.gn @@ -35,6 +35,7 @@ component("chromeos") { "//components/prefs", "//components/proxy_config", "//components/signin/core/account_id", + "//components/user_manager", "//crypto", "//crypto:platform", "//google_apis", @@ -149,6 +150,7 @@ test("chromeos_unittests") { "//components/onc", "//components/prefs:test_support", "//components/proxy_config", + "//components/signin/core/account_id", "//crypto", "//crypto:test_support", "//dbus:test_support", diff --git a/chromeos/DEPS b/chromeos/DEPS index f55569a..26aba31 100644 --- a/chromeos/DEPS +++ b/chromeos/DEPS @@ -4,6 +4,8 @@ include_rules = [ "+components/device_event_log", "+components/prefs", + "+components/signin/core/account_id/account_id.h", + "+components/user_manager/known_user.h", "+crypto", "+net", "+policy/proto", diff --git a/chromeos/attestation/attestation_flow.cc b/chromeos/attestation/attestation_flow.cc index ec2b12e..ea4c771 100644 --- a/chromeos/attestation/attestation_flow.cc +++ b/chromeos/attestation/attestation_flow.cc @@ -8,7 +8,9 @@ #include "base/bind.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" namespace chromeos { namespace attestation { @@ -97,20 +99,15 @@ AttestationFlow::~AttestationFlow() { void AttestationFlow::GetCertificate( AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const CertificateCallback& callback) { // If this device has not enrolled with the Privacy CA, we need to do that // first. Once enrolled we can proceed with the certificate request. base::Closure do_cert_request = base::Bind( - &AttestationFlow::StartCertificateRequest, - weak_factory_.GetWeakPtr(), - certificate_profile, - user_id, - request_origin, - force_new_key, - callback); + &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), + certificate_profile, account_id, request_origin, force_new_key, callback); base::Closure on_enroll_failure = base::Bind(callback, false, ""); base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, weak_factory_.GetWeakPtr(), @@ -194,7 +191,7 @@ void AttestationFlow::OnEnrollComplete(const base::Closure& on_failure, void AttestationFlow::StartCertificateRequest( AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool generate_new_key, const CertificateCallback& callback) { @@ -204,49 +201,31 @@ void AttestationFlow::StartCertificateRequest( if (generate_new_key) { // Get the attestation service to create a Privacy CA certificate request. async_caller_->AsyncTpmAttestationCreateCertRequest( - server_proxy_->GetType(), - certificate_profile, - user_id, - request_origin, + server_proxy_->GetType(), certificate_profile, + cryptohome::Identification(account_id), request_origin, base::Bind(&AttestationFlow::SendCertificateRequestToPCA, - weak_factory_.GetWeakPtr(), - key_type, - user_id, - key_name, + weak_factory_.GetWeakPtr(), key_type, account_id, key_name, callback)); } else { // If the key already exists, query the existing certificate. base::Closure on_key_exists = base::Bind( - &AttestationFlow::GetExistingCertificate, - weak_factory_.GetWeakPtr(), - key_type, - user_id, - key_name, - callback); + &AttestationFlow::GetExistingCertificate, weak_factory_.GetWeakPtr(), + key_type, account_id, key_name, callback); // If the key does not exist, call this method back with |generate_new_key| // set to true. base::Closure on_key_not_exists = base::Bind( - &AttestationFlow::StartCertificateRequest, - weak_factory_.GetWeakPtr(), - certificate_profile, - user_id, - request_origin, - true, - callback); + &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), + certificate_profile, account_id, request_origin, true, callback); cryptohome_client_->TpmAttestationDoesKeyExist( - key_type, - user_id, - key_name, - base::Bind(&DBusBoolRedirectCallback, - on_key_exists, - on_key_not_exists, - base::Bind(callback, false, ""))); + key_type, cryptohome::Identification(account_id), key_name, + base::Bind(&DBusBoolRedirectCallback, on_key_exists, on_key_not_exists, + base::Bind(callback, false, ""))); } } void AttestationFlow::SendCertificateRequestToPCA( AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -260,18 +239,14 @@ void AttestationFlow::SendCertificateRequestToPCA( // Send the request to the Privacy CA. server_proxy_->SendCertificateRequest( - data, - base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, - weak_factory_.GetWeakPtr(), - key_type, - user_id, - key_name, - callback)); + data, base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, + weak_factory_.GetWeakPtr(), key_type, account_id, + key_name, callback)); } void AttestationFlow::SendCertificateResponseToDaemon( AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -284,22 +259,18 @@ void AttestationFlow::SendCertificateResponseToDaemon( } // Forward the response to the attestation service to complete the operation. - async_caller_->AsyncTpmAttestationFinishCertRequest(data, - key_type, - user_id, - key_name, - base::Bind(callback)); + async_caller_->AsyncTpmAttestationFinishCertRequest( + data, key_type, cryptohome::Identification(account_id), key_name, + base::Bind(callback)); } void AttestationFlow::GetExistingCertificate( AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback) { cryptohome_client_->TpmAttestationGetCertificate( - key_type, - user_id, - key_name, + key_type, cryptohome::Identification(account_id), key_name, base::Bind(&DBusDataMethodCallback, callback)); } diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h index 7dd575b..373f6dd 100644 --- a/chromeos/attestation/attestation_flow.h +++ b/chromeos/attestation/attestation_flow.h @@ -16,6 +16,8 @@ #include "chromeos/dbus/dbus_method_call_status.h" #include "third_party/cros_system_api/dbus/service_constants.h" +class AccountId; + namespace cryptohome { class AsyncMethodCaller; @@ -69,9 +71,8 @@ class CHROMEOS_EXPORT AttestationFlow { // Parameters // certificate_profile - Specifies what kind of certificate should be // requested from the CA. - // user_id - Identifies the currently active user. For normal GAIA users - // this is a canonical email address. This is ignored when using - // the enterprise machine cert profile. + // account_id - Identifies the currently active user. This is ignored when + // using the enterprise machine cert profile. // request_origin - For content protection profiles, certificate requests // are origin-specific. This string must uniquely identify // the origin of the request. @@ -82,7 +83,7 @@ class CHROMEOS_EXPORT AttestationFlow { // On success |result| will be true and |data| will contain the // PCA-issued certificate chain in PEM format. virtual void GetCertificate(AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const CertificateCallback& callback); @@ -143,13 +144,13 @@ class CHROMEOS_EXPORT AttestationFlow { // Parameters // certificate_profile - Specifies what kind of certificate should be // requested from the CA. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // request_origin - An identifier for the origin of this request. // generate_new_key - If set to true a new key is generated. // callback - Called when the operation completes. void StartCertificateRequest( const AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool generate_new_key, const CertificateCallback& callback); @@ -160,13 +161,13 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of request creation. // data - The request data for the Privacy CA. void SendCertificateRequestToPCA(AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -178,13 +179,13 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of the Privacy CA operation. // data - The response data from the Privacy CA. void SendCertificateResponseToDaemon(AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -194,11 +195,11 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. void GetExistingCertificate(AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback); diff --git a/chromeos/attestation/attestation_flow_unittest.cc b/chromeos/attestation/attestation_flow_unittest.cc index 99b98bd..2e12184 100644 --- a/chromeos/attestation/attestation_flow_unittest.cc +++ b/chromeos/attestation/attestation_flow_unittest.cc @@ -8,8 +8,10 @@ #include "base/memory/scoped_ptr.h" #include "base/run_loop.h" #include "chromeos/attestation/mock_attestation_flow.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/cryptohome/mock_async_method_caller.h" #include "chromeos/dbus/mock_cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -105,13 +107,13 @@ TEST_F(AttestationFlowTest, GetCertificate) { .Times(1) .InSequence(flow_order); - EXPECT_CALL( - async_caller, - AsyncTpmAttestationCreateCertRequest(_, - PROFILE_ENTERPRISE_USER_CERTIFICATE, - "fake@test.com", "fake_origin", _)) - .Times(1) - .InSequence(flow_order); + const AccountId account_id = AccountId::FromUserEmail("fake@test.com"); + EXPECT_CALL(async_caller, + AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(account_id), "fake_origin", _)) + .Times(1) + .InSequence(flow_order); EXPECT_CALL(*proxy, SendCertificateRequest( cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest, @@ -121,12 +123,10 @@ TEST_F(AttestationFlowTest, GetCertificate) { std::string fake_cert_response = cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; fake_cert_response += "_response"; - EXPECT_CALL(async_caller, - AsyncTpmAttestationFinishCertRequest(fake_cert_response, - KEY_USER, - "fake@test.com", - kEnterpriseUserKey, - _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest( + fake_cert_response, KEY_USER, + cryptohome::Identification(account_id), + kEnterpriseUserKey, _)) .Times(1) .InSequence(flow_order); @@ -142,7 +142,7 @@ TEST_F(AttestationFlowTest, GetCertificate) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "fake@test.com", + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, account_id, "fake_origin", true, mock_callback); Run(); } @@ -170,8 +170,8 @@ TEST_F(AttestationFlowTest, GetCertificate_NoEK) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } @@ -201,8 +201,8 @@ TEST_F(AttestationFlowTest, GetCertificate_EKRejected) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } @@ -237,27 +237,25 @@ TEST_F(AttestationFlowTest, GetCertificate_FailEnroll) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); std::string fake_cert_response = cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; fake_cert_response += "_response"; EXPECT_CALL(async_caller, - AsyncTpmAttestationFinishCertRequest(fake_cert_response, - KEY_DEVICE, - "", - kEnterpriseMachineKey, - _)) + AsyncTpmAttestationFinishCertRequest( + fake_cert_response, KEY_DEVICE, cryptohome::Identification(), + kEnterpriseMachineKey, _)) .Times(1); chromeos::MockCryptohomeClient client; @@ -281,17 +279,17 @@ TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, EmptyAccountId(), + "", true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(false, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); chromeos::MockCryptohomeClient client; @@ -310,17 +308,17 @@ TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); chromeos::MockCryptohomeClient client; @@ -342,8 +340,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } @@ -367,34 +365,33 @@ TEST_F(AttestationFlowTest, GetCertificate_FailIsEnrolled) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); std::string fake_cert_response = cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; fake_cert_response += "_response"; EXPECT_CALL(async_caller, - AsyncTpmAttestationFinishCertRequest(fake_cert_response, - KEY_USER, - "", - kEnterpriseUserKey, - _)) + AsyncTpmAttestationFinishCertRequest(fake_cert_response, KEY_USER, + cryptohome::Identification(), + kEnterpriseUserKey, _)) .Times(1); chromeos::MockCryptohomeClient client; EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) .WillRepeatedly(Invoke(DBusCallbackTrue)); EXPECT_CALL(client, - TpmAttestationDoesKeyExist(KEY_USER, "", kEnterpriseUserKey, _)) + TpmAttestationDoesKeyExist(KEY_USER, cryptohome::Identification(), + kEnterpriseUserKey, _)) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); scoped_ptr<MockServerProxy> proxy(new StrictMock<MockServerProxy>()); @@ -414,8 +411,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", false, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + false, mock_callback); Run(); } @@ -427,10 +424,12 @@ TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) { EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) .WillRepeatedly(Invoke(DBusCallbackTrue)); EXPECT_CALL(client, - TpmAttestationDoesKeyExist(KEY_USER, "", kEnterpriseUserKey, _)) + TpmAttestationDoesKeyExist(KEY_USER, cryptohome::Identification(), + kEnterpriseUserKey, _)) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackTrue))); - EXPECT_CALL(client, - TpmAttestationGetCertificate(KEY_USER, "", kEnterpriseUserKey, _)) + EXPECT_CALL(client, TpmAttestationGetCertificate(KEY_USER, + cryptohome::Identification(), + kEnterpriseUserKey, _)) .WillRepeatedly(WithArgs<3>(Invoke(FakeDBusData("fake_cert")))); // We're not expecting any server calls in this case; StrictMock will verify. @@ -445,8 +444,8 @@ TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", false, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + false, mock_callback); Run(); } @@ -480,8 +479,8 @@ TEST_F(AttestationFlowTest, AlternatePCA) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } diff --git a/chromeos/attestation/mock_attestation_flow.cc b/chromeos/attestation/mock_attestation_flow.cc index 4b10975..72be828 100644 --- a/chromeos/attestation/mock_attestation_flow.cc +++ b/chromeos/attestation/mock_attestation_flow.cc @@ -5,6 +5,7 @@ #include "chromeos/attestation/mock_attestation_flow.h" #include "base/memory/scoped_ptr.h" +#include "components/signin/core/account_id/account_id.h" using testing::_; using testing::DefaultValue; diff --git a/chromeos/attestation/mock_attestation_flow.h b/chromeos/attestation/mock_attestation_flow.h index fad04f0..d64548e 100644 --- a/chromeos/attestation/mock_attestation_flow.h +++ b/chromeos/attestation/mock_attestation_flow.h @@ -11,6 +11,8 @@ #include "base/macros.h" #include "testing/gmock/include/gmock/gmock.h" +class AccountId; + namespace chromeos { namespace attestation { @@ -66,11 +68,12 @@ class MockAttestationFlow : public AttestationFlow { MockAttestationFlow(); virtual ~MockAttestationFlow(); - MOCK_METHOD5(GetCertificate, void(AttestationCertificateProfile, - const std::string&, - const std::string&, - bool, - const CertificateCallback&)); + MOCK_METHOD5(GetCertificate, + void(AttestationCertificateProfile, + const AccountId& account_id, + const std::string&, + bool, + const CertificateCallback&)); }; } // namespace attestation diff --git a/chromeos/chromeos.gyp b/chromeos/chromeos.gyp index c0f9ab5..9b76232 100644 --- a/chromeos/chromeos.gyp +++ b/chromeos/chromeos.gyp @@ -518,6 +518,7 @@ '../components/components.gyp:device_event_log_component', '../components/components.gyp:onc_component', '../components/components.gyp:proxy_config', + '../components/components.gyp:user_manager', '../components/components.gyp:signin_core_account_id', '../components/prefs/prefs.gyp:prefs', '../crypto/crypto.gyp:crypto', @@ -650,6 +651,7 @@ '../build/linux/system.gyp:ssl', '../components/components.gyp:onc_component', '../components/components.gyp:proxy_config', + '../components/components.gyp:signin_core_account_id', '../components/prefs/prefs.gyp:prefs_test_support', '../crypto/crypto.gyp:crypto', '../crypto/crypto.gyp:crypto_test_support', diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc index b95966f..0e033f8 100644 --- a/chromeos/cryptohome/async_method_caller.cc +++ b/chromeos/cryptohome/async_method_caller.cc @@ -10,6 +10,7 @@ #include "base/macros.h" #include "base/single_thread_task_runner.h" #include "base/thread_task_runner_handle.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" using chromeos::DBusThreadManager; @@ -36,51 +37,47 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { ResetAsyncCallStatusHandlers(); } - void AsyncCheckKey(const std::string& user_email, + void AsyncCheckKey(const Identification& cryptohome_id, const std::string& passhash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncCheckKey(user_email, passhash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async check of user's key.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncCheckKey( + cryptohome_id, passhash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async check of user's key.")); } - void AsyncMigrateKey(const std::string& user_email, + void AsyncMigrateKey(const Identification& cryptohome_id, const std::string& old_hash, const std::string& new_hash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMigrateKey(user_email, old_hash, new_hash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate aync migration of user's key")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMigrateKey( + cryptohome_id, old_hash, new_hash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate aync migration of user's key")); } - void AsyncMount(const std::string& user_email, + void AsyncMount(const Identification& cryptohome_id, const std::string& passhash, int flags, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMount(user_email, passhash, flags, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async mount of cryptohome.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMount( + cryptohome_id, passhash, flags, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async mount of cryptohome.")); } - void AsyncAddKey(const std::string& user_email, + void AsyncAddKey(const Identification& cryptohome_id, const std::string& passhash, const std::string& new_passhash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncAddKey(user_email, passhash, new_passhash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async key addition.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncAddKey( + cryptohome_id, passhash, new_passhash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async key addition.")); } void AsyncMountGuest(Callback callback) override { @@ -92,24 +89,23 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { "Couldn't initiate async mount of cryptohome.")); } - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const Identification& public_mount_id, int flags, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMountPublic(public_mount_id, flags, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async mount public of cryptohome.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMountPublic( + public_mount_id, flags, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async mount public of cryptohome.")); } - void AsyncRemove(const std::string& user_email, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncRemove(user_email, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async removal of cryptohome.")); + void AsyncRemove(const Identification& cryptohome_id, + Callback callback) override { + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncRemove( + cryptohome_id, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async removal of cryptohome.")); } void AsyncTpmAttestationCreateEnrollRequest( @@ -137,109 +133,88 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& request_origin, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncTpmAttestationCreateCertRequest( - pca_type, - certificate_profile, - user_id, - request_origin, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->AsyncTpmAttestationCreateCertRequest( + pca_type, certificate_profile, cryptohome_id, request_origin, base::Bind(&AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation cert request.")); } void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncTpmAttestationFinishCertRequest( - pca_response, - key_type, - user_id, - key_name, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->AsyncTpmAttestationFinishCertRequest( + pca_response, key_type, cryptohome_id, key_name, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation finish cert request.")); } void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const Callback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationRegisterKey( - key_type, - user_id, - key_name, - base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async attestation register key.")); + DBusThreadManager::Get()->GetCryptohomeClient()->TpmAttestationRegisterKey( + key_type, cryptohome_id, key_name, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async attestation register key.")); } void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationSignEnterpriseChallenge( - key_type, - user_id, - key_name, - domain, - device_id, - options, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->TpmAttestationSignEnterpriseChallenge( + key_type, cryptohome_id, key_name, domain, device_id, options, challenge, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation enterprise challenge.")); } void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationSignSimpleChallenge( - key_type, - user_id, - key_name, - challenge, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->TpmAttestationSignSimpleChallenge( + key_type, cryptohome_id, key_name, challenge, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation simple challenge.")); } - void AsyncGetSanitizedUsername(const std::string& user, + void AsyncGetSanitizedUsername(const Identification& cryptohome_id, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - GetSanitizedUsername(user, - base::Bind( - &AsyncMethodCallerImpl::GetSanitizedUsernameCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + DBusThreadManager::Get()->GetCryptohomeClient()->GetSanitizedUsername( + cryptohome_id, + base::Bind(&AsyncMethodCallerImpl::GetSanitizedUsernameCallback, + weak_ptr_factory_.GetWeakPtr(), callback)); } virtual void GetSanitizedUsernameCallback( diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h index 374da45..098c687 100644 --- a/chromeos/cryptohome/async_method_caller.h +++ b/chromeos/cryptohome/async_method_caller.h @@ -15,6 +15,8 @@ namespace cryptohome { +class Identification; + // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome // since there is already a namespace ::cryptohome which holds the error code // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome @@ -40,45 +42,45 @@ class CHROMEOS_EXPORT AsyncMethodCaller { virtual ~AsyncMethodCaller() {} // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then use |passhash| to unlock the key. + // |user_id| and then use |passhash| to unlock the key. // |callback| will be called with status info on completion. - virtual void AsyncCheckKey(const std::string& user_email, + virtual void AsyncCheckKey(const Identification& user_id, const std::string& passhash, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then change from using |old_hash| to lock the + // |user_id| and then change from using |old_hash| to lock the // key to using |new_hash|. // |callback| will be called with status info on completion. - virtual void AsyncMigrateKey(const std::string& user_email, + virtual void AsyncMigrateKey(const Identification& user_id, const std::string& old_hash, const std::string& new_hash, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then mount it using |passhash| to unlock the key. + // |user_id| and then mount it using |passhash| to unlock the key. // The |flags| are a combination of |MountFlags|: // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create // a new cryptohome if one does not exist yet for - // |user_email|. + // |user_id|. // * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by // tmpfs. If |false|, the ephemeral users policy decides // whether tmpfs or an encrypted directory is used as the // backend. // |callback| will be called with status info on completion. // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists - // for |user_email|, the expected result is + // for |user_id|, the expected result is // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise, // the normal range of return codes is expected. - virtual void AsyncMount(const std::string& user_email, + virtual void AsyncMount(const Identification& user_id, const std::string& passhash, int flags, Callback callback) = 0; // Asks cryptohomed to asynchronously try to add another |new_passhash| for - // |user_email| using |passhash| to unlock the key. + // |user_id| using |passhash| to unlock the key. // |callback| will be called with status info on completion. - virtual void AsyncAddKey(const std::string& user_email, + virtual void AsyncAddKey(const Identification& user_id, const std::string& passhash, const std::string& new_passhash, Callback callback) = 0; @@ -91,13 +93,13 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // |public_mount_id| and then mount it using a passhash derived from // |public_mount_id| and a secret. See AsyncMount for possible values for // |flags|. - virtual void AsyncMountPublic(const std::string& public_mount_id, + virtual void AsyncMountPublic(const Identification& public_mount_id, int flags, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then nuke it. - virtual void AsyncRemove(const std::string& user_email, + // |user_id| and then nuke it. + virtual void AsyncRemove(const Identification& user_id, Callback callback) = 0; // Asks cryptohomed to asynchronously create an attestation enrollment @@ -125,7 +127,7 @@ class CHROMEOS_EXPORT AsyncMethodCaller { virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const Identification& user_id, const std::string& request_origin, const DataCallback& callback) = 0; @@ -135,22 +137,22 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // emitted by the Privacy CA. |key_type| determines whether the certified key // is to be associated with the current user. |key_name| is a name for the // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // |user_id| is ignored. For normal GAIA users the |user_id| is + // a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const DataCallback& callback) = 0; // Asks cryptohomed to asynchronously register the attestation key specified // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must // be provided. Otherwise |user_id| is ignored. For normal GAIA users the - // |user_id| is a canonical email address. + // |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const Callback& callback) = 0; @@ -160,10 +162,10 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // a valid enterprise challenge. On success, the data sent to |callback| is // the challenge response. If |key_type| is KEY_USER, a |user_id| must be // provided. Otherwise |user_id| is ignored. For normal GAIA users the - // |user_id| is a canonical email address. + // |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -176,20 +178,19 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // set of bytes. On success, the data sent to |callback| is the challenge // response. If |key_type| is KEY_USER, a |user_id| must be provided. // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) = 0; // Asks cryptohome to asynchronously retrieve a string associated with given - // |user| that would be used in mount path instead of |user|. + // |user_id| that would be used in mount path instead of |user_id|. // On success the data is sent to |callback|. - virtual void AsyncGetSanitizedUsername( - const std::string& user, - const DataCallback& callback) = 0; + virtual void AsyncGetSanitizedUsername(const Identification& user_id, + const DataCallback& callback) = 0; // Creates the global AsyncMethodCaller instance. static void Initialize(); diff --git a/chromeos/cryptohome/cryptohome_parameters.cc b/chromeos/cryptohome/cryptohome_parameters.cc index c484947..5aa8857 100644 --- a/chromeos/cryptohome/cryptohome_parameters.cc +++ b/chromeos/cryptohome/cryptohome_parameters.cc @@ -8,14 +8,67 @@ #include <stdint.h> #include "chromeos/dbus/cryptohome/key.pb.h" +#include "components/signin/core/account_id/account_id.h" +#include "components/user_manager/known_user.h" namespace cryptohome { +namespace { -Identification::Identification(const std::string& user_id) : user_id(user_id) { +// Subsystem name for GaiaId migration status. +const char kCryptohome[] = "cryptohome"; + +const std::string GetCryptohomeId(const AccountId& account_id) { + // Guest/kiosk/managed/public accounts have empty GaiaId. Default to email. + if (account_id.GetGaiaId().empty()) + return account_id.GetUserEmail(); // Migrated + + if (GetGaiaIdMigrationStatus(account_id)) + return account_id.GetGaiaIdKey(); + + return account_id.GetUserEmail(); // Migrated +} + +} // anonymous namespace + +Identification::Identification() {} + +Identification::Identification(const AccountId& account_id) + : id_(GetCryptohomeId(account_id)) {} + +Identification::Identification(const std::string& id) : id_(id) {} + +Identification Identification::FromString(const std::string& id) { + return Identification(id); } bool Identification::operator==(const Identification& other) const { - return user_id == other.user_id; + return id_ == other.id_; +} + +bool Identification::operator<(const Identification& right) const { + return id_ < right.id_; +} + +AccountId Identification::GetAccountId() const { + const std::vector<AccountId> known_account_ids = + user_manager::known_user::GetKnownAccountIds(); + + // A LOT of tests start with --login_user <user>, and not registing this user + // before. So we might have "known_user" entry without gaia_id. + for (const AccountId& known_id : known_account_ids) { + if (!known_id.GetGaiaId().empty() && known_id.GetGaiaIdKey() == id_) { + return known_id; + } + } + + for (const AccountId& known_id : known_account_ids) { + if (known_id.GetUserEmail() == id_) { + return known_id; + } + } + + return user_manager::known_user::GetAccountId(id_, + std::string() /* gaia_id */); } KeyDefinition::AuthorizationData::Secret::Secret() : encrypt(false), @@ -183,4 +236,23 @@ bool MountParameters::operator==(const MountParameters& other) const { MountParameters::~MountParameters() { } +bool GetGaiaIdMigrationStatus(const AccountId& account_id) { + return user_manager::known_user::GetGaiaIdMigrationStatus(account_id, + kCryptohome); +} + +void SetGaiaIdMigrationStatusDone(const AccountId& account_id) { + user_manager::known_user::SetGaiaIdMigrationStatusDone(account_id, + kCryptohome); +} + } // namespace cryptohome + +namespace BASE_HASH_NAMESPACE { + +std::size_t hash<cryptohome::Identification>::operator()( + const cryptohome::Identification& cryptohome_id) const { + return hash<std::string>()(cryptohome_id.id()); +} + +} // namespace BASE_HASH_NAMESPACE diff --git a/chromeos/cryptohome/cryptohome_parameters.h b/chromeos/cryptohome/cryptohome_parameters.h index 3738b56..2037b21 100644 --- a/chromeos/cryptohome/cryptohome_parameters.h +++ b/chromeos/cryptohome/cryptohome_parameters.h @@ -10,9 +10,12 @@ #include <string> #include <vector> +#include "base/containers/hash_tables.h" #include "base/memory/scoped_ptr.h" #include "chromeos/chromeos_export.h" +class AccountId; + namespace cryptohome { enum AuthKeyPrivileges { @@ -25,12 +28,28 @@ enum AuthKeyPrivileges { }; // Identification of the user calling cryptohome method. -struct CHROMEOS_EXPORT Identification { - explicit Identification(const std::string& user_id); +class CHROMEOS_EXPORT Identification { + public: + Identification(); + + explicit Identification(const AccountId& account_id); bool operator==(const Identification& other) const; - std::string user_id; + // This method should be used for migration purpose only. + static Identification FromString(const std::string& id); + + // Look up known user and return its AccountId. + AccountId GetAccountId() const; + + const std::string& id() const { return id_; } + + bool operator<(const Identification& right) const; + + private: + explicit Identification(const std::string&); + + std::string id_; }; // Definition of the key (e.g. password) for the cryptohome. @@ -145,6 +164,25 @@ class CHROMEOS_EXPORT MountParameters { std::vector<KeyDefinition> create_keys; }; +// This function returns true if cryptohome of |account_id| is migrated to +// gaiaId-based identifier (AccountId::GetGaiaIdKey()). +bool GetGaiaIdMigrationStatus(const AccountId& account_id); + +// This function marks |account_id| cryptohome migrated to gaiaId-based +// identifier (AccountId::GetGaiaIdKey()). +void SetGaiaIdMigrationStatusDone(const AccountId& account_id); + } // namespace cryptohome +namespace BASE_HASH_NAMESPACE { + +// Implement hashing of cryptohome::Identification, so it can be used as a key +// in STL containers. +template <> +struct hash<cryptohome::Identification> { + std::size_t operator()(const cryptohome::Identification& cryptohome_id) const; +}; + +} // namespace BASE_HASH_NAMESPACE + #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ diff --git a/chromeos/cryptohome/homedir_methods.cc b/chromeos/cryptohome/homedir_methods.cc index 8413c72..81bf153 100644 --- a/chromeos/cryptohome/homedir_methods.cc +++ b/chromeos/cryptohome/homedir_methods.cc @@ -95,12 +95,6 @@ void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) { } } -// Fill identification protobuffer. -void FillIdentificationProtobuf(const Identification& id, - cryptohome::AccountIdentifier* id_proto) { - id_proto->set_email(id.user_id); -} - // Fill authorization protobuffer. void FillAuthorizationProtobuf(const Authorization& auth, cryptohome::AuthorizationRequest* auth_proto) { @@ -183,50 +177,38 @@ class HomedirMethodsImpl : public HomedirMethods { void GetKeyDataEx(const Identification& id, const std::string& label, const GetKeyDataCallback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest kEmptyAuthProto; cryptohome::GetKeyDataRequest request; - FillIdentificationProtobuf(id, &id_proto); request.mutable_key()->mutable_data()->set_label(label); DBusThreadManager::Get()->GetCryptohomeClient()->GetKeyDataEx( - id_proto, - kEmptyAuthProto, - request, + id, kEmptyAuthProto, request, base::Bind(&HomedirMethodsImpl::OnGetKeyDataExCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void CheckKeyEx(const Identification& id, const Authorization& auth, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::CheckKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); DBusThreadManager::Get()->GetCryptohomeClient()->CheckKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void MountEx(const Identification& id, const Authorization& auth, const MountParameters& request, const MountCallback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::MountRequest request_proto; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); if (request.ephemeral) @@ -239,12 +221,9 @@ class HomedirMethodsImpl : public HomedirMethods { } DBusThreadManager::Get()->GetCryptohomeClient()->MountEx( - id_proto, - auth_proto, - request_proto, + id, auth_proto, request_proto, base::Bind(&HomedirMethodsImpl::OnMountExCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void AddKeyEx(const Identification& id, @@ -252,43 +231,33 @@ class HomedirMethodsImpl : public HomedirMethods { const KeyDefinition& new_key, bool clobber_if_exists, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::AddKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); FillKeyProtobuf(new_key, request.mutable_key()); request.set_clobber_if_exists(clobber_if_exists); DBusThreadManager::Get()->GetCryptohomeClient()->AddKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void RemoveKeyEx(const Identification& id, const Authorization& auth, const std::string& label, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::RemoveKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); request.mutable_key()->mutable_data()->set_label(label); DBusThreadManager::Get()->GetCryptohomeClient()->RemoveKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void UpdateKeyEx(const Identification& id, @@ -296,22 +265,17 @@ class HomedirMethodsImpl : public HomedirMethods { const KeyDefinition& new_key, const std::string& signature, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::UpdateKeyRequest pb_update_key; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); FillKeyProtobuf(new_key, pb_update_key.mutable_changes()); pb_update_key.set_authorization_signature(signature); DBusThreadManager::Get()->GetCryptohomeClient()->UpdateKeyEx( - id_proto, - auth_proto, - pb_update_key, + id, auth_proto, pb_update_key, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } private: diff --git a/chromeos/cryptohome/homedir_methods_unittest.cc b/chromeos/cryptohome/homedir_methods_unittest.cc index 19b039d..8343fa1 100644 --- a/chromeos/cryptohome/homedir_methods_unittest.cc +++ b/chromeos/cryptohome/homedir_methods_unittest.cc @@ -17,6 +17,7 @@ #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/mock_cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -36,6 +37,10 @@ MATCHER_P(EqualsProto, expected_proto, "") { return actual_value == expected_value; } +MATCHER_P(EqualsIdentification, expected_identification, "") { + return arg == expected_identification; +} + } // namespace const char kUserID[] = "user@example.com"; @@ -68,7 +73,7 @@ class HomedirMethodsTest : public testing::Test { chromeos::MockCryptohomeClient* cryptohome_client_; // The reply that |cryptohome_client_| will make. - cryptohome::BaseReply cryptohome_reply_; + BaseReply cryptohome_reply_; // The results of the most recent |HomedirMethods| method call. bool success_; @@ -119,25 +124,22 @@ void HomedirMethodsTest::StoreGetKeyDataExResult( // Verifies that the result of a GetKeyDataEx() call is correctly parsed. TEST_F(HomedirMethodsTest, GetKeyDataEx) { - AccountIdentifier expected_id; - expected_id.set_email(kUserID); - const cryptohome::AuthorizationRequest expected_auth; - cryptohome::GetKeyDataRequest expected_request; - expected_request.mutable_key()->mutable_data()->set_label(kKeyLabel); + const Identification expected_id(AccountId::FromUserEmail(kUserID)); + const AuthorizationRequest expected_auth; + GetKeyDataRequest expected_request; + expected_request.mutable_key()->mutable_data()->set_label(kKeyLabel); EXPECT_CALL(*cryptohome_client_, - GetKeyDataEx(EqualsProto(expected_id), + GetKeyDataEx(EqualsIdentification(expected_id), EqualsProto(expected_auth), - EqualsProto(expected_request), - _)) + EqualsProto(expected_request), _)) .Times(1) - .WillOnce(WithArg<3>(Invoke( - this, - &HomedirMethodsTest::RunProtobufMethodCallback))); + .WillOnce(WithArg<3>( + Invoke(this, &HomedirMethodsTest::RunProtobufMethodCallback))); // Set up the reply that |cryptohome_client_| will make. - cryptohome::GetKeyDataReply* reply = - cryptohome_reply_.MutableExtension(cryptohome::GetKeyDataReply::reply); + GetKeyDataReply* reply = + cryptohome_reply_.MutableExtension(GetKeyDataReply::reply); KeyData* key_data = reply->add_key_data(); key_data->set_type(KeyData::KEY_TYPE_PASSWORD); key_data->set_label(kKeyLabel); @@ -155,10 +157,9 @@ TEST_F(HomedirMethodsTest, GetKeyDataEx) { // Call GetKeyDataEx(). HomedirMethods::GetInstance()->GetKeyDataEx( - Identification(kUserID), - kKeyLabel, - base::Bind(&HomedirMethodsTest::StoreGetKeyDataExResult, - base::Unretained(this))); + Identification(AccountId::FromUserEmail(kUserID)), kKeyLabel, + base::Bind(&HomedirMethodsTest::StoreGetKeyDataExResult, + base::Unretained(this))); // Verify that the call was successful and the result was correctly parsed. EXPECT_TRUE(success_); diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h index 97ead2f..2a3c3b0 100644 --- a/chromeos/cryptohome/mock_async_method_caller.h +++ b/chromeos/cryptohome/mock_async_method_caller.h @@ -10,6 +10,7 @@ #include "base/callback.h" #include "base/macros.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "testing/gmock/include/gmock/gmock.h" namespace cryptohome { @@ -27,27 +28,32 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { void SetUp(bool success, MountError return_code); - MOCK_METHOD3(AsyncCheckKey, void(const std::string& user_email, - const std::string& passhash, - Callback callback)); - MOCK_METHOD4(AsyncMigrateKey, void(const std::string& user_email, - const std::string& old_hash, - const std::string& new_hash, - Callback callback)); - MOCK_METHOD4(AsyncMount, void(const std::string& user_email, - const std::string& passhash, - int flags, - Callback callback)); - MOCK_METHOD4(AsyncAddKey, void(const std::string& user_email, - const std::string& passhash, - const std::string& new_key, - Callback callback)); + MOCK_METHOD3(AsyncCheckKey, + void(const Identification& user_id, + const std::string& passhash, + Callback callback)); + MOCK_METHOD4(AsyncMigrateKey, + void(const Identification& user_id, + const std::string& old_hash, + const std::string& new_hash, + Callback callback)); + MOCK_METHOD4(AsyncMount, + void(const Identification& user_id, + const std::string& passhash, + int flags, + Callback callback)); + MOCK_METHOD4(AsyncAddKey, + void(const Identification& user_id, + const std::string& passhash, + const std::string& new_key, + Callback callback)); MOCK_METHOD1(AsyncMountGuest, void(Callback callback)); - MOCK_METHOD3(AsyncMountPublic, void(const std::string& public_mount_id, - int flags, - Callback callback)); - MOCK_METHOD2(AsyncRemove, void(const std::string& user_email, - Callback callback)); + MOCK_METHOD3(AsyncMountPublic, + void(const Identification& public_mount_id, + int flags, + Callback callback)); + MOCK_METHOD2(AsyncRemove, + void(const Identification& user_id, Callback callback)); MOCK_METHOD2(AsyncTpmAttestationCreateEnrollRequest, void(chromeos::attestation::PrivacyCAType pca_type, const DataCallback& callback)); @@ -59,38 +65,37 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { AsyncTpmAttestationCreateCertRequest, void(chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile profile, - const std::string& user_id, + const Identification& user_id, const std::string& request_origin, const DataCallback& callback)); MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const DataCallback& callback)); MOCK_METHOD4(TpmAttestationRegisterKey, void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const Callback& callback)); - MOCK_METHOD8( - TpmAttestationSignEnterpriseChallenge, - void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const std::string& domain, - const std::string& device_id, - chromeos::attestation::AttestationChallengeOptions options, - const std::string& challenge, - const DataCallback& callback)); + MOCK_METHOD8(TpmAttestationSignEnterpriseChallenge, + void(chromeos::attestation::AttestationKeyType key_type, + const Identification& user_id, + const std::string& key_name, + const std::string& domain, + const std::string& device_id, + chromeos::attestation::AttestationChallengeOptions options, + const std::string& challenge, + const DataCallback& callback)); MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback)); MOCK_METHOD2(AsyncGetSanitizedUsername, - void(const std::string& user, + void(const Identification& user_id, const DataCallback& callback)); private: diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc index c2b3e82..0df97a3 100644 --- a/chromeos/dbus/cryptohome_client.cc +++ b/chromeos/dbus/cryptohome_client.cc @@ -13,6 +13,7 @@ #include "base/memory/weak_ptr.h" #include "base/message_loop/message_loop.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/blocking_method_caller.h" #include "chromeos/dbus/cryptohome/key.pb.h" #include "chromeos/dbus/cryptohome/rpc.pb.h" @@ -28,8 +29,8 @@ const int CryptohomeClient::kNotReadyAsyncId = -1; namespace { -// This suffix is appended to user_id to get hash in stub implementation: -// stub_hash = "[user_id]-hash"; +// This suffix is appended to cryptohome_id to get hash in stub implementation: +// stub_hash = "[cryptohome_id]-hash"; static const char kUserIdStubHashSuffix[] = "-hash"; // Timeout for TPM operations. On slow machines it should be larger, than @@ -37,6 +38,11 @@ static const char kUserIdStubHashSuffix[] = "-hash"; // is 2 minutes. const int kTpmDBusTimeoutMs = 2 * 60 * 1000; +void FillIdentificationProtobuf(const cryptohome::Identification& id, + cryptohome::AccountIdentifier* id_proto) { + id_proto->set_account_id(id.id()); +} + // The CryptohomeClient implementation. class CryptohomeClientImpl : public CryptohomeClient { public: @@ -77,13 +83,13 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncCheckKey(const std::string& username, + void AsyncCheckKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncCheckKey); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -92,14 +98,14 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncMigrateKey(const std::string& username, + void AsyncMigrateKey(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncMigrateKey); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(from_key); writer.AppendString(to_key); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , @@ -109,12 +115,12 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncRemove(const std::string& username, + void AsyncRemove(const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncRemove); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, weak_ptr_factory_.GetWeakPtr(), @@ -132,12 +138,12 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override, - void GetSanitizedUsername(const std::string& username, + void GetSanitizedUsername(const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeGetSanitizedUsername); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnStringMethod, weak_ptr_factory_.GetWeakPtr(), @@ -146,11 +152,11 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. std::string BlockingGetSanitizedUsername( - const std::string& username) override { + const cryptohome::Identification& cryptohome_id) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeGetSanitizedUsername); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); scoped_ptr<dbus::Response> response = blocking_method_caller_->CallMethodAndBlock(&method_call); @@ -165,14 +171,14 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncMount(const std::string& username, + void AsyncMount(const cryptohome::Identification& cryptohome_id, const std::string& key, int flags, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncMount); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key); writer.AppendBool(flags & cryptohome::CREATE_IF_MISSING); writer.AppendBool(flags & cryptohome::ENSURE_EPHEMERAL); @@ -185,14 +191,14 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncAddKey(const std::string& username, + void AsyncAddKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncAddKey); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key); writer.AppendString(new_key); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , @@ -212,13 +218,13 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const cryptohome::Identification& public_mount_id, int flags, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncMountPublic); dbus::MessageWriter writer(&method_call); - writer.AppendString(public_mount_id); + writer.AppendString(public_mount_id.id()); writer.AppendBool(flags & cryptohome::CREATE_IF_MISSING); writer.AppendBool(flags & cryptohome::ENSURE_EPHEMERAL); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , @@ -336,13 +342,13 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void Pkcs11GetTpmTokenInfoForUser( - const std::string& user_email, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) override { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomePkcs11GetTpmTokenInfoForUser); dbus::MessageWriter writer(&method_call); - writer.AppendString(user_email); + writer.AppendString(cryptohome_id.id()); proxy_->CallMethod( &method_call, kTpmDBusTimeoutMs , base::Bind( @@ -473,7 +479,7 @@ class CryptohomeClientImpl : public CryptohomeClient { void AsyncTpmAttestationCreateCertRequest( attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call( @@ -482,7 +488,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); writer.AppendInt32(pca_type); writer.AppendInt32(certificate_profile); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(request_origin); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -494,7 +500,7 @@ class CryptohomeClientImpl : public CryptohomeClient { void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call( @@ -506,7 +512,7 @@ class CryptohomeClientImpl : public CryptohomeClient { pca_response.size()); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -517,7 +523,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) override { dbus::MethodCall method_call( @@ -526,7 +532,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); CallBoolMethod(&method_call, callback); } @@ -534,7 +540,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) override { dbus::MethodCall method_call( @@ -543,7 +549,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -552,17 +558,18 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void TpmAttestationGetPublicKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const DataMethodCallback& callback) override { + void TpmAttestationGetPublicKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const DataMethodCallback& callback) override { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationGetPublicKey); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -571,17 +578,18 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void TpmAttestationRegisterKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const AsyncMethodCallback& callback) override { + void TpmAttestationRegisterKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const AsyncMethodCallback& callback) override { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationRegisterKey); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -592,7 +600,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -605,7 +613,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); writer.AppendString(domain); writer.AppendArrayOfBytes( @@ -624,7 +632,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) override { @@ -634,7 +642,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); writer.AppendArrayOfBytes( reinterpret_cast<const uint8_t*>(challenge.data()), challenge.size()); @@ -647,7 +655,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) override { dbus::MethodCall method_call( @@ -656,7 +664,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -667,7 +675,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) override { @@ -677,7 +685,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); writer.AppendArrayOfBytes(reinterpret_cast<const uint8_t*>(payload.data()), payload.size()); @@ -687,7 +695,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) override { dbus::MethodCall method_call( @@ -696,19 +704,22 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_prefix); CallBoolMethod(&method_call, callback); } - void GetKeyDataEx(const cryptohome::AccountIdentifier& id, + void GetKeyDataEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::GetKeyDataRequest& request, const ProtobufMethodCallback& callback) override { + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeGetKeyDataEx); dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -719,7 +730,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void CheckKeyEx(const cryptohome::AccountIdentifier& id, + void CheckKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::CheckKeyRequest& request, const ProtobufMethodCallback& callback) override { @@ -727,8 +738,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -738,7 +752,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void MountEx(const cryptohome::AccountIdentifier& id, + void MountEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) override { @@ -746,8 +760,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -757,7 +774,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void AddKeyEx(const cryptohome::AccountIdentifier& id, + void AddKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::AddKeyRequest& request, const ProtobufMethodCallback& callback) override { @@ -765,8 +782,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -776,7 +796,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void UpdateKeyEx(const cryptohome::AccountIdentifier& id, + void UpdateKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::UpdateKeyRequest& request, const ProtobufMethodCallback& callback) override { @@ -784,8 +804,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -796,15 +819,18 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void RemoveKeyEx(const cryptohome::AccountIdentifier& id, + void RemoveKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) override { const char* method_name = cryptohome::kCryptohomeRemoveKeyEx; dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -1139,8 +1165,8 @@ CryptohomeClient* CryptohomeClient::Create() { // static std::string CryptohomeClient::GetStubSanitizedUsername( - const std::string& username) { - return username + kUserIdStubHashSuffix; + const cryptohome::Identification& cryptohome_id) { + return cryptohome_id.id() + kUserIdStubHashSuffix; } } // namespace chromeos diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h index 09116e3..233ff93 100644 --- a/chromeos/dbus/cryptohome_client.h +++ b/chromeos/dbus/cryptohome_client.h @@ -19,7 +19,6 @@ namespace cryptohome { -class AccountIdentifier; class AddKeyRequest; class AuthorizationRequest; class BaseReply; @@ -32,6 +31,8 @@ class RemoveKeyRequest; class SetBootAttributeRequest; class UpdateKeyRequest; +class Identification; + } // namespace cryptohome namespace chromeos { @@ -95,7 +96,8 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { static CryptohomeClient* Create(); // Returns the sanitized |username| that the stub implementation would return. - static std::string GetStubSanitizedUsername(const std::string& username); + static std::string GetStubSanitizedUsername( + const cryptohome::Identification& cryptohome_id); // Sets AsyncCallStatus signal handlers. // |handler| is called when results for AsyncXXX methods are returned. @@ -121,20 +123,20 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Calls AsyncCheckKey method. |callback| is called after the method call // succeeds. - virtual void AsyncCheckKey(const std::string& username, + virtual void AsyncCheckKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) = 0; // Calls AsyncMigrateKey method. |callback| is called after the method call // succeeds. - virtual void AsyncMigrateKey(const std::string& username, + virtual void AsyncMigrateKey(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) = 0; // Calls AsyncRemove method. |callback| is called after the method call // succeeds. - virtual void AsyncRemove(const std::string& username, + virtual void AsyncRemove(const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) = 0; // Calls GetSystemSalt method. |callback| is called after the method call @@ -144,7 +146,7 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Calls GetSanitizedUsername method. |callback| is called after the method // call succeeds. virtual void GetSanitizedUsername( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) = 0; // Same as GetSanitizedUsername() but blocks until a reply is received, and @@ -154,13 +156,13 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // considered acceptable (e.g. restarting the browser after a crash or after // a flag change). virtual std::string BlockingGetSanitizedUsername( - const std::string& username) = 0; + const cryptohome::Identification& cryptohome_id) = 0; // Calls the AsyncMount method to asynchronously mount the cryptohome for // |username|, using |key| to unlock it. For supported |flags|, see the // documentation of AsyncMethodCaller::AsyncMount(). // |callback| is called after the method call succeeds. - virtual void AsyncMount(const std::string& username, + virtual void AsyncMount(const cryptohome::Identification& cryptohome_id, const std::string& key, int flags, const AsyncMethodCallback& callback) = 0; @@ -168,7 +170,7 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Calls the AsyncAddKey method to asynchronously add another |new_key| for // |username|, using |key| to unlock it first. // |callback| is called after the method call succeeds. - virtual void AsyncAddKey(const std::string& username, + virtual void AsyncAddKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) = 0; @@ -181,9 +183,10 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // |public_mount_id|. For supported |flags|, see the documentation of // AsyncMethodCaller::AsyncMount(). |callback| is called after the method // call succeeds. - virtual void AsyncMountPublic(const std::string& public_mount_id, - int flags, - const AsyncMethodCallback& callback) = 0; + virtual void AsyncMountPublic( + const cryptohome::Identification& public_mount_id, + int flags, + const AsyncMethodCallback& callback) = 0; // Calls TpmIsReady method. virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0; @@ -241,11 +244,10 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { const Pkcs11GetTpmTokenInfoCallback& callback) = 0; // Calls Pkcs11GetTpmTokenInfoForUser method. On success |callback| will - // receive PKCS #11 token information for the user identified by |user_email|. - // The |user_email| must be a canonical email address as returned by - // user_manager::User::email(). + // receive PKCS #11 token information for the user identified by + // |cryptohome_id|. virtual void Pkcs11GetTpmTokenInfoForUser( - const std::string& user_email, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) = 0; // Calls InstallAttributesGet method and returns true when the call succeeds. @@ -308,19 +310,19 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { const AsyncMethodCallback& callback) = 0; // Asynchronously creates an attestation certificate request according to - // |certificate_profile|. Some profiles require that the |user_id| of the - // currently active user and an identifier of the |request_origin| be + // |certificate_profile|. Some profiles require that the |cryptohome_id| of + // the currently active user and an identifier of the |request_origin| be // provided. |callback| will be called when the dbus call completes. When // the operation completes, the AsyncCallStatusWithDataHandler signal handler // is called. The data that is sent with the signal is a certificate request // to be sent to the Privacy CA of type |pca_type|. The certificate request // is completed by calling AsyncTpmAttestationFinishCertRequest. The - // |user_id| will not be included in the certificate request for the Privacy - // CA. + // |cryptohome_id| will not be included in the certificate request for the + // Privacy CA. virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) = 0; @@ -331,46 +333,45 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // is the response to the certificate request emitted by the Privacy CA. // |key_type| determines whether the certified key is to be associated with // the current user. |key_name| is a name for the key. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) = 0; // Checks if an attestation key already exists. If the key specified by // |key_type| and |key_name| exists, then the result sent to the callback will - // be true. If |key_type| is KEY_USER, a |user_id| must be provided. - // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // be true. If |key_type| is KEY_USER, a |cryptohome_id| must be provided. + // Otherwise |cryptohome_id| is ignored. virtual void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) = 0; // Gets the attestation certificate for the key specified by |key_type| and // |key_name|. |callback| will be called when the operation completes. If // the key does not exist the callback |result| parameter will be false. If - // |key_type| is KEY_USER, a |user_id| must be provided. Otherwise |user_id| - // is ignored. For normal GAIA users the |user_id| is a canonical email - // address. + // |key_type| is KEY_USER, a |cryptohome_id| must be provided. Otherwise + // |cryptohome_id| + // is ignored. virtual void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) = 0; // Gets the public key for the key specified by |key_type| and |key_name|. // |callback| will be called when the operation completes. If the key does // not exist the callback |result| parameter will be false. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) = 0; @@ -378,12 +379,11 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // PKCS #11 token. The |callback| will be called when the dbus call // completes. When the operation completes, the AsyncCallStatusHandler signal // handler is called. |key_type| and |key_name| specify the key to register. - // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // If |key_type| is KEY_USER, a |cryptohome_id| must be provided. Otherwise + // |cryptohome_id| is ignored. virtual void TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) = 0; @@ -393,12 +393,11 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // generated. |challenge| must be a valid enterprise attestation challenge. // The |callback| will be called when the dbus call completes. When the // operation completes, the AsyncCallStatusWithDataHandler signal handler is - // called. If |key_type| is KEY_USER, a |user_id| must be provided. - // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // called. If |key_type| is KEY_USER, a |cryptohome_id| must be provided. + // Otherwise |cryptohome_id| is ignored. virtual void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -412,11 +411,11 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // cannot be used to sign arbitrary data. The |callback| will be called when // the dbus call completes. When the operation completes, the // AsyncCallStatusWithDataHandler signal handler is called. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) = 0; @@ -426,23 +425,22 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // If the key does not exist the callback |result| parameter will be false. // If no payload has been set for the key the callback |result| parameter will // be true and the |data| parameter will be empty. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) = 0; // Sets the |payload| associated with the key specified by |key_type| and // |key_name|. The |callback| will be called when the operation completes. // If the operation succeeds, the callback |result| parameter will be true. - // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // If |key_type| is KEY_USER, a |cryptohome_id| must be provided. Otherwise + // |cryptohome_id| is ignored. virtual void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) = 0; @@ -450,14 +448,14 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Deletes certified keys as specified by |key_type| and |key_prefix|. The // |callback| will be called when the operation completes. If the operation // succeeds, the callback |result| parameter will be true. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. All keys - // where the key name has a prefix matching |key_prefix| will be deleted. All - // meta-data associated with the key, including certificates, will also be - // deleted. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. + // All keys where the key name has a prefix matching |key_prefix| will be + // deleted. All meta-data associated with the key, including certificates, + // will also be deleted. virtual void TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) = 0; @@ -466,56 +464,51 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // GetKeyDataEx returns information about the key specified in |request|. At // present, this does not include any secret information and the call should // not be authenticated (|auth| should be empty). - virtual void GetKeyDataEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::GetKeyDataRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void GetKeyDataEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::GetKeyDataRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls CheckKeyEx method. |callback| is called after method // call, and with reply protobuf. // CheckKeyEx just checks if authorization information is valid. - virtual void CheckKeyEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::CheckKeyRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void CheckKeyEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::CheckKeyRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls MountEx method. |callback| is called after method // call, and with reply protobuf. // MountEx attempts to mount home dir using given authorization, and can // create new home dir if necessary values are specified in |request|. - virtual void MountEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::MountRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void MountEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::MountRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls AddKeyEx method. |callback| is called after method // call, and with reply protobuf. // AddKeyEx adds another key to the given key set. |request| also defines // behavior in case when key with specified label already exist. - virtual void AddKeyEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::AddKeyRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void AddKeyEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::AddKeyRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls UpdateKeyEx method. |callback| is called after method // call, and with reply protobuf. Reply will contain MountReply extension. // UpdateKeyEx replaces key used for authorization, without affecting any // other keys. If specified at home dir creation time, new key may have // to be signed and/or encrypted. - virtual void UpdateKeyEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::UpdateKeyRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void UpdateKeyEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::UpdateKeyRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls RemoveKeyEx method. |callback| is called after method // call, and with reply protobuf. // RemoveKeyEx removes key from the given key set. - virtual void RemoveKeyEx(const cryptohome::AccountIdentifier& id, + virtual void RemoveKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) = 0; diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc index 236b1f9..2ae9197 100644 --- a/chromeos/dbus/fake_cryptohome_client.cc +++ b/chromeos/dbus/fake_cryptohome_client.cc @@ -73,14 +73,14 @@ bool FakeCryptohomeClient::Unmount(bool* success) { } void FakeCryptohomeClient::AsyncCheckKey( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); } void FakeCryptohomeClient::AsyncMigrateKey( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) { @@ -88,7 +88,7 @@ void FakeCryptohomeClient::AsyncMigrateKey( } void FakeCryptohomeClient::AsyncRemove( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); } @@ -101,30 +101,31 @@ void FakeCryptohomeClient::GetSystemSalt( } void FakeCryptohomeClient::GetSanitizedUsername( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) { // Even for stub implementation we have to return different values so that // multi-profiles would work. - std::string sanitized_username = GetStubSanitizedUsername(username); + std::string sanitized_username = GetStubSanitizedUsername(cryptohome_id); base::MessageLoop::current()->PostTask( FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, sanitized_username)); } std::string FakeCryptohomeClient::BlockingGetSanitizedUsername( - const std::string& username) { - return GetStubSanitizedUsername(username); + const cryptohome::Identification& cryptohome_id) { + return GetStubSanitizedUsername(cryptohome_id); } -void FakeCryptohomeClient::AsyncMount(const std::string& username, - const std::string& key, - int flags, - const AsyncMethodCallback& callback) { +void FakeCryptohomeClient::AsyncMount( + const cryptohome::Identification& cryptohome_id, + const std::string& key, + int flags, + const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); } void FakeCryptohomeClient::AsyncAddKey( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) { @@ -137,7 +138,7 @@ void FakeCryptohomeClient::AsyncMountGuest( } void FakeCryptohomeClient::AsyncMountPublic( - const std::string& public_mount_id, + const cryptohome::Identification& public_mount_id, int flags, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); @@ -228,7 +229,7 @@ void FakeCryptohomeClient::Pkcs11GetTpmTokenInfo( } void FakeCryptohomeClient::Pkcs11GetTpmTokenInfoForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) { Pkcs11GetTpmTokenInfo(callback); } @@ -360,7 +361,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationEnroll( void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -369,7 +370,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest( void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -377,7 +378,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( void FakeCryptohomeClient::TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -386,7 +387,7 @@ void FakeCryptohomeClient::TpmAttestationDoesKeyExist( void FakeCryptohomeClient::TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -396,7 +397,7 @@ void FakeCryptohomeClient::TpmAttestationGetCertificate( void FakeCryptohomeClient::TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -406,7 +407,7 @@ void FakeCryptohomeClient::TpmAttestationGetPublicKey( void FakeCryptohomeClient::TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -414,7 +415,7 @@ void FakeCryptohomeClient::TpmAttestationRegisterKey( void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -426,7 +427,7 @@ void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) { @@ -435,7 +436,7 @@ void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( void FakeCryptohomeClient::TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -445,7 +446,7 @@ void FakeCryptohomeClient::TpmAttestationGetKeyPayload( void FakeCryptohomeClient::TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) { @@ -455,7 +456,7 @@ void FakeCryptohomeClient::TpmAttestationSetKeyPayload( void FakeCryptohomeClient::TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -463,7 +464,7 @@ void FakeCryptohomeClient::TpmAttestationDeleteKeys( } void FakeCryptohomeClient::GetKeyDataEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::GetKeyDataRequest& request, const ProtobufMethodCallback& callback) { @@ -473,7 +474,7 @@ void FakeCryptohomeClient::GetKeyDataEx( } void FakeCryptohomeClient::CheckKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::CheckKeyRequest& request, const ProtobufMethodCallback& callback) { @@ -482,19 +483,19 @@ void FakeCryptohomeClient::CheckKeyEx( } void FakeCryptohomeClient::MountEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) { cryptohome::BaseReply reply; cryptohome::MountReply* mount = reply.MutableExtension(cryptohome::MountReply::reply); - mount->set_sanitized_username(GetStubSanitizedUsername(id.email())); + mount->set_sanitized_username(GetStubSanitizedUsername(cryptohome_id)); ReturnProtobufMethodCallback(reply, callback); } void FakeCryptohomeClient::AddKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::AddKeyRequest& request, const ProtobufMethodCallback& callback) { @@ -503,7 +504,7 @@ void FakeCryptohomeClient::AddKeyEx( } void FakeCryptohomeClient::RemoveKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) { @@ -512,7 +513,7 @@ void FakeCryptohomeClient::RemoveKeyEx( } void FakeCryptohomeClient::UpdateKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::UpdateKeyRequest& request, const ProtobufMethodCallback& callback) { diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h index 801faaf..20402dc 100644 --- a/chromeos/dbus/fake_cryptohome_client.h +++ b/chromeos/dbus/fake_cryptohome_client.h @@ -29,30 +29,30 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { const WaitForServiceToBeAvailableCallback& callback) override; void IsMounted(const BoolDBusMethodCallback& callback) override; bool Unmount(bool* success) override; - void AsyncCheckKey(const std::string& username, + void AsyncCheckKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) override; - void AsyncMigrateKey(const std::string& username, + void AsyncMigrateKey(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) override; - void AsyncRemove(const std::string& username, + void AsyncRemove(const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) override; void GetSystemSalt(const GetSystemSaltCallback& callback) override; - void GetSanitizedUsername(const std::string& username, + void GetSanitizedUsername(const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) override; std::string BlockingGetSanitizedUsername( - const std::string& username) override; - void AsyncMount(const std::string& username, + const cryptohome::Identification& cryptohome_id) override; + void AsyncMount(const cryptohome::Identification& cryptohome_id, const std::string& key, int flags, const AsyncMethodCallback& callback) override; - void AsyncAddKey(const std::string& username, + void AsyncAddKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) override; void AsyncMountGuest(const AsyncMethodCallback& callback) override; - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const cryptohome::Identification& public_mount_id, int flags, const AsyncMethodCallback& callback) override; void TpmIsReady(const BoolDBusMethodCallback& callback) override; @@ -70,7 +70,7 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { void Pkcs11GetTpmTokenInfo( const Pkcs11GetTpmTokenInfoCallback& callback) override; void Pkcs11GetTpmTokenInfoForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) override; bool InstallAttributesGet(const std::string& name, std::vector<uint8_t>* value, @@ -96,36 +96,38 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) override; void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) override; void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) override; void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) override; - void TpmAttestationGetPublicKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const DataMethodCallback& callback) override; - void TpmAttestationRegisterKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const AsyncMethodCallback& callback) override; + void TpmAttestationGetPublicKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const DataMethodCallback& callback) override; + void TpmAttestationRegisterKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const AsyncMethodCallback& callback) override; void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -134,46 +136,47 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback) override; void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) override; - void TpmAttestationGetKeyPayload(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const DataMethodCallback& callback) override; + void TpmAttestationGetKeyPayload( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const DataMethodCallback& callback) override; void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) override; void TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) override; - void GetKeyDataEx(const cryptohome::AccountIdentifier& id, + void GetKeyDataEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::GetKeyDataRequest& request, const ProtobufMethodCallback& callback) override; - void CheckKeyEx(const cryptohome::AccountIdentifier& id, + void CheckKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::CheckKeyRequest& request, const ProtobufMethodCallback& callback) override; - void MountEx(const cryptohome::AccountIdentifier& id, + void MountEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) override; - void AddKeyEx(const cryptohome::AccountIdentifier& id, + void AddKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::AddKeyRequest& request, const ProtobufMethodCallback& callback) override; - void UpdateKeyEx(const cryptohome::AccountIdentifier& id, + void UpdateKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::UpdateKeyRequest& request, const ProtobufMethodCallback& callback) override; - void RemoveKeyEx(const cryptohome::AccountIdentifier& id, + void RemoveKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) override; diff --git a/chromeos/dbus/fake_session_manager_client.cc b/chromeos/dbus/fake_session_manager_client.cc index 77e8b37..e66b15b 100644 --- a/chromeos/dbus/fake_session_manager_client.cc +++ b/chromeos/dbus/fake_session_manager_client.cc @@ -50,11 +50,12 @@ void FakeSessionManagerClient::EmitLoginPromptVisible() { void FakeSessionManagerClient::RestartJob( const std::vector<std::string>& argv) {} -void FakeSessionManagerClient::StartSession(const std::string& user_email) { - DCHECK_EQ(0UL, user_sessions_.count(user_email)); +void FakeSessionManagerClient::StartSession( + const cryptohome::Identification& cryptohome_id) { + DCHECK_EQ(0UL, user_sessions_.count(cryptohome_id)); std::string user_id_hash = - CryptohomeClient::GetStubSanitizedUsername(user_email); - user_sessions_[user_email] = user_id_hash; + CryptohomeClient::GetStubSanitizedUsername(cryptohome_id); + user_sessions_[cryptohome_id] = user_id_hash; } void FakeSessionManagerClient::StopSession() { @@ -94,15 +95,15 @@ void FakeSessionManagerClient::RetrieveDevicePolicy( } void FakeSessionManagerClient::RetrievePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( - FROM_HERE, base::Bind(callback, user_policies_[username])); + FROM_HERE, base::Bind(callback, user_policies_[cryptohome_id])); } std::string FakeSessionManagerClient::BlockingRetrievePolicyForUser( - const std::string& username) { - return user_policies_[username]; + const cryptohome::Identification& cryptohome_id) { + return user_policies_[cryptohome_id]; } void FakeSessionManagerClient::RetrieveDeviceLocalAccountPolicy( @@ -123,10 +124,10 @@ void FakeSessionManagerClient::StoreDevicePolicy( } void FakeSessionManagerClient::StorePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) { - user_policies_[username] = policy_blob; + user_policies_[cryptohome_id] = policy_blob; base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, base::Bind(callback, true)); } @@ -141,9 +142,8 @@ void FakeSessionManagerClient::StoreDeviceLocalAccountPolicy( } void FakeSessionManagerClient::SetFlagsForUser( - const std::string& username, - const std::vector<std::string>& flags) { -} + const cryptohome::Identification& cryptohome_id, + const std::vector<std::string>& flags) {} void FakeSessionManagerClient::GetServerBackedStateKeys( const StateKeysCallback& callback) { @@ -178,15 +178,16 @@ void FakeSessionManagerClient::set_device_policy( } const std::string& FakeSessionManagerClient::user_policy( - const std::string& username) const { - std::map<std::string, std::string>::const_iterator it = - user_policies_.find(username); + const cryptohome::Identification& cryptohome_id) const { + std::map<cryptohome::Identification, std::string>::const_iterator it = + user_policies_.find(cryptohome_id); return it == user_policies_.end() ? base::EmptyString() : it->second; } -void FakeSessionManagerClient::set_user_policy(const std::string& username, - const std::string& policy_blob) { - user_policies_[username] = policy_blob; +void FakeSessionManagerClient::set_user_policy( + const cryptohome::Identification& cryptohome_id, + const std::string& policy_blob) { + user_policies_[cryptohome_id] = policy_blob; } const std::string& FakeSessionManagerClient::device_local_account_policy( diff --git a/chromeos/dbus/fake_session_manager_client.h b/chromeos/dbus/fake_session_manager_client.h index b281847..4150091 100644 --- a/chromeos/dbus/fake_session_manager_client.h +++ b/chromeos/dbus/fake_session_manager_client.h @@ -12,6 +12,7 @@ #include "base/compiler_specific.h" #include "base/macros.h" #include "base/observer_list.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/session_manager_client.h" namespace chromeos { @@ -32,7 +33,7 @@ class FakeSessionManagerClient : public SessionManagerClient { bool IsScreenLocked() const override; void EmitLoginPromptVisible() override; void RestartJob(const std::vector<std::string>& argv) override; - void StartSession(const std::string& user_email) override; + void StartSession(const cryptohome::Identification& cryptohome_id) override; void StopSession() override; void NotifySupervisedUserCreationStarted() override; void NotifySupervisedUserCreationFinished() override; @@ -42,23 +43,23 @@ class FakeSessionManagerClient : public SessionManagerClient { void NotifyLockScreenDismissed() override; void RetrieveActiveSessions(const ActiveSessionsCallback& callback) override; void RetrieveDevicePolicy(const RetrievePolicyCallback& callback) override; - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override; std::string BlockingRetrievePolicyForUser( - const std::string& username) override; + const cryptohome::Identification& cryptohome_id) override; void RetrieveDeviceLocalAccountPolicy( const std::string& account_id, const RetrievePolicyCallback& callback) override; void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) override; - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override; void StoreDeviceLocalAccountPolicy( const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) override; - void SetFlagsForUser(const std::string& username, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override; void GetServerBackedStateKeys(const StateKeysCallback& callback) override; @@ -70,8 +71,9 @@ class FakeSessionManagerClient : public SessionManagerClient { const std::string& device_policy() const; void set_device_policy(const std::string& policy_blob); - const std::string& user_policy(const std::string& username) const; - void set_user_policy(const std::string& username, + const std::string& user_policy( + const cryptohome::Identification& cryptohome_id) const; + void set_user_policy(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob); const std::string& device_local_account_policy( @@ -105,7 +107,7 @@ class FakeSessionManagerClient : public SessionManagerClient { private: std::string device_policy_; - std::map<std::string, std::string> user_policies_; + std::map<cryptohome::Identification, std::string> user_policies_; std::map<std::string, std::string> device_local_account_policy_; base::ObserverList<Observer> observers_; SessionManagerClient::ActiveSessionsMap user_sessions_; diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h index 4382d35..c4e166b 100644 --- a/chromeos/dbus/mock_cryptohome_client.h +++ b/chromeos/dbus/mock_cryptohome_client.h @@ -9,6 +9,7 @@ #include <string> +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome/rpc.pb.h" #include "chromeos/dbus/cryptohome_client.h" #include "testing/gmock/include/gmock/gmock.h" @@ -30,35 +31,40 @@ class MockCryptohomeClient : public CryptohomeClient { MOCK_METHOD1(IsMounted, void(const BoolDBusMethodCallback& callback)); MOCK_METHOD1(Unmount, bool(bool* success)); MOCK_METHOD3(AsyncCheckKey, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback)); MOCK_METHOD4(AsyncMigrateKey, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback)); - MOCK_METHOD2(AsyncRemove, void(const std::string& username, - const AsyncMethodCallback& callback)); + MOCK_METHOD2(AsyncRemove, + void(const cryptohome::Identification& cryptohome_id, + const AsyncMethodCallback& callback)); + MOCK_METHOD1(GetSystemSalt, void(const GetSystemSaltCallback& callback)); MOCK_METHOD2(GetSanitizedUsername, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback)); MOCK_METHOD1(BlockingGetSanitizedUsername, - std::string(const std::string& username)); - MOCK_METHOD4(AsyncMount, void(const std::string& username, - const std::string& key, - int flags, - const AsyncMethodCallback& callback)); - MOCK_METHOD4(AsyncAddKey, void(const std::string& username, - const std::string& key, - const std::string& new_key, - const AsyncMethodCallback& callback)); + std::string(const cryptohome::Identification& cryptohome_id)); + MOCK_METHOD4(AsyncMount, + void(const cryptohome::Identification& cryptohome_id, + const std::string& key, + int flags, + const AsyncMethodCallback& callback)); + MOCK_METHOD4(AsyncAddKey, + void(const cryptohome::Identification& cryptohome_id, + const std::string& key, + const std::string& new_key, + const AsyncMethodCallback& callback)); MOCK_METHOD1(AsyncMountGuest, void(const AsyncMethodCallback& callback)); - MOCK_METHOD3(AsyncMountPublic, void(const std::string& public_mount_id, - int flags, - const AsyncMethodCallback& callback)); + MOCK_METHOD3(AsyncMountPublic, + void(const cryptohome::Identification& public_mount_id, + int flags, + const AsyncMethodCallback& callback)); MOCK_METHOD1(TpmIsReady, void(const BoolDBusMethodCallback& callback)); MOCK_METHOD1(TpmIsEnabled, void(const BoolDBusMethodCallback& callback)); MOCK_METHOD1(CallTpmIsEnabledAndBlock, bool(bool* enabled)); @@ -77,7 +83,7 @@ class MockCryptohomeClient : public CryptohomeClient { MOCK_METHOD1(Pkcs11GetTpmTokenInfo, void(const Pkcs11GetTpmTokenInfoCallback& callback)); MOCK_METHOD2(Pkcs11GetTpmTokenInfoForUser, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback)); MOCK_METHOD3(InstallAttributesGet, bool(const std::string& name, @@ -107,38 +113,38 @@ class MockCryptohomeClient : public CryptohomeClient { AsyncTpmAttestationCreateCertRequest, void(attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback)); MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback)); MOCK_METHOD4(TpmAttestationDoesKeyExist, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback)); MOCK_METHOD4(TpmAttestationGetCertificate, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD4(TpmAttestationGetPublicKey, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD4(TpmAttestationRegisterKey, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback)); MOCK_METHOD8(TpmAttestationSignEnterpriseChallenge, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -147,53 +153,53 @@ class MockCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback)); MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback)); MOCK_METHOD4(TpmAttestationGetKeyPayload, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD5(TpmAttestationSetKeyPayload, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback)); MOCK_METHOD4(TpmAttestationDeleteKeys, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback)); MOCK_METHOD4(GetKeyDataEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::GetKeyDataRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::GetKeyDataRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(CheckKeyEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::CheckKeyRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::CheckKeyRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(MountEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::MountRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::MountRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(AddKeyEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::AddKeyRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::AddKeyRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(UpdateKeyEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::UpdateKeyRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::UpdateKeyRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(RemoveKeyEx, - void(const cryptohome::AccountIdentifier& id, + void(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback)); diff --git a/chromeos/dbus/mock_session_manager_client.h b/chromeos/dbus/mock_session_manager_client.h index aec901a..dc7d095 100644 --- a/chromeos/dbus/mock_session_manager_client.h +++ b/chromeos/dbus/mock_session_manager_client.h @@ -7,6 +7,7 @@ #include <string> +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/session_manager_client.h" #include "testing/gmock/include/gmock/gmock.h" @@ -25,7 +26,7 @@ class MockSessionManagerClient : public SessionManagerClient { MOCK_CONST_METHOD0(IsScreenLocked, bool(void)); MOCK_METHOD0(EmitLoginPromptVisible, void(void)); MOCK_METHOD1(RestartJob, void(const std::vector<std::string>&)); - MOCK_METHOD1(StartSession, void(const std::string&)); + MOCK_METHOD1(StartSession, void(const cryptohome::Identification&)); MOCK_METHOD0(StopSession, void(void)); MOCK_METHOD0(NotifySupervisedUserCreationStarted, void(void)); MOCK_METHOD0(NotifySupervisedUserCreationFinished, void(void)); @@ -36,9 +37,10 @@ class MockSessionManagerClient : public SessionManagerClient { MOCK_METHOD1(RetrieveActiveSessions, void(const ActiveSessionsCallback&)); MOCK_METHOD1(RetrieveDevicePolicy, void(const RetrievePolicyCallback&)); MOCK_METHOD2(RetrievePolicyForUser, - void(const std::string&, + void(const cryptohome::Identification&, const RetrievePolicyCallback&)); - MOCK_METHOD1(BlockingRetrievePolicyForUser, std::string(const std::string&)); + MOCK_METHOD1(BlockingRetrievePolicyForUser, + std::string(const cryptohome::Identification&)); MOCK_METHOD2(RetrieveDeviceLocalAccountPolicy, void(const std::string&, const RetrievePolicyCallback&)); @@ -46,7 +48,7 @@ class MockSessionManagerClient : public SessionManagerClient { void(const std::string&, const StorePolicyCallback&)); MOCK_METHOD3(StorePolicyForUser, - void(const std::string&, + void(const cryptohome::Identification&, const std::string&, const StorePolicyCallback&)); MOCK_METHOD3(StoreDeviceLocalAccountPolicy, @@ -54,7 +56,7 @@ class MockSessionManagerClient : public SessionManagerClient { const std::string&, const StorePolicyCallback&)); MOCK_METHOD2(SetFlagsForUser, - void(const std::string&, + void(const cryptohome::Identification&, const std::vector<std::string>&)); MOCK_METHOD1(GetServerBackedStateKeys, void(const StateKeysCallback&)); MOCK_METHOD1(CheckArcAvailability, void(const ArcCallback&)); diff --git a/chromeos/dbus/session_manager_client.cc b/chromeos/dbus/session_manager_client.cc index dd9c13a..95559ea 100644 --- a/chromeos/dbus/session_manager_client.cc +++ b/chromeos/dbus/session_manager_client.cc @@ -20,6 +20,7 @@ #include "base/task_runner_util.h" #include "base/threading/worker_pool.h" #include "chromeos/chromeos_paths.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/blocking_method_caller.h" #include "chromeos/dbus/cryptohome_client.h" #include "crypto/sha2.h" @@ -34,15 +35,16 @@ namespace chromeos { namespace { -// Returns a location for |file| that is specific to the given |username|. +// Returns a location for |file| that is specific to the given |cryptohome_id|. // These paths will be relative to DIR_USER_POLICY_KEYS, and can be used only // to store stub files. -base::FilePath GetUserFilePath(const std::string& username, const char* file) { +base::FilePath GetUserFilePath(const cryptohome::Identification& cryptohome_id, + const char* file) { base::FilePath keys_path; if (!PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &keys_path)) return base::FilePath(); const std::string sanitized = - CryptohomeClient::GetStubSanitizedUsername(username); + CryptohomeClient::GetStubSanitizedUsername(cryptohome_id); return keys_path.AppendASCII(sanitized).AppendASCII(file); } @@ -153,11 +155,11 @@ class SessionManagerClientImpl : public SessionManagerClient { false); } - void StartSession(const std::string& user_email) override { + void StartSession(const cryptohome::Identification& cryptohome_id) override { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, login_manager::kSessionManagerStartSession); dbus::MessageWriter writer(&method_call); - writer.AppendString(user_email); + writer.AppendString(cryptohome_id.id()); writer.AppendString(""); // Unique ID is deprecated session_manager_proxy_->CallMethod( &method_call, @@ -238,21 +240,20 @@ class SessionManagerClientImpl : public SessionManagerClient { callback)); } - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override { CallRetrievePolicyByUsername( - login_manager::kSessionManagerRetrievePolicyForUser, - username, + login_manager::kSessionManagerRetrievePolicyForUser, cryptohome_id.id(), callback); } std::string BlockingRetrievePolicyForUser( - const std::string& username) override { + const cryptohome::Identification& cryptohome_id) override { dbus::MethodCall method_call( login_manager::kSessionManagerInterface, login_manager::kSessionManagerRetrievePolicyForUser); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); scoped_ptr<dbus::Response> response = blocking_method_caller_->CallMethodAndBlock(&method_call); std::string policy; @@ -289,13 +290,11 @@ class SessionManagerClientImpl : public SessionManagerClient { callback)); } - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override { CallStorePolicyByUsername(login_manager::kSessionManagerStorePolicyForUser, - username, - policy_blob, - callback); + cryptohome_id.id(), policy_blob, callback); } void StoreDeviceLocalAccountPolicy( @@ -309,12 +308,12 @@ class SessionManagerClientImpl : public SessionManagerClient { callback); } - void SetFlagsForUser(const std::string& username, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, login_manager::kSessionManagerSetFlagsForUser); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendArrayOfStrings(flags); session_manager_proxy_->CallMethod( &method_call, @@ -423,12 +422,12 @@ class SessionManagerClientImpl : public SessionManagerClient { // Helper for RetrieveDeviceLocalAccountPolicy and RetrievePolicyForUser. void CallRetrievePolicyByUsername(const std::string& method_name, - const std::string& username, + const std::string& account_id, const RetrievePolicyCallback& callback) { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, method_name); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(account_id); session_manager_proxy_->CallMethod( &method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -440,13 +439,13 @@ class SessionManagerClientImpl : public SessionManagerClient { } void CallStorePolicyByUsername(const std::string& method_name, - const std::string& username, + const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, method_name); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(account_id); // static_cast does not work due to signedness. writer.AppendArrayOfBytes( reinterpret_cast<const uint8_t*>(policy_blob.data()), @@ -544,7 +543,7 @@ class SessionManagerClientImpl : public SessionManagerClient { LOG(ERROR) << method_name << " response is incorrect: " << response->ToString(); } else { - sessions[key] = value; + sessions[cryptohome::Identification::FromString(key)] = value; } } success = true; @@ -741,7 +740,7 @@ class SessionManagerClientStubImpl : public SessionManagerClient { bool IsScreenLocked() const override { return screen_is_locked_; } void EmitLoginPromptVisible() override {} void RestartJob(const std::vector<std::string>& argv) override {} - void StartSession(const std::string& user_email) override {} + void StartSession(const cryptohome::Identification& cryptohome_id) override {} void StopSession() override {} void NotifySupervisedUserCreationStarted() override {} void NotifySupervisedUserCreationFinished() override {} @@ -774,22 +773,23 @@ class SessionManagerClientStubImpl : public SessionManagerClient { base::Bind(&GetFileContent, device_policy_path), callback); } - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override { base::PostTaskAndReplyWithResult( - base::WorkerPool::GetTaskRunner(false).get(), - FROM_HERE, - base::Bind(&GetFileContent, GetUserFilePath(username, "stub_policy")), + base::WorkerPool::GetTaskRunner(false).get(), FROM_HERE, + base::Bind(&GetFileContent, + GetUserFilePath(cryptohome_id, "stub_policy")), callback); } std::string BlockingRetrievePolicyForUser( - const std::string& username) override { - return GetFileContent(GetUserFilePath(username, "stub_policy")); + const cryptohome::Identification& cryptohome_id) override { + return GetFileContent(GetUserFilePath(cryptohome_id, "stub_policy")); } void RetrieveDeviceLocalAccountPolicy( - const std::string& account_name, + const std::string& account_id, const RetrievePolicyCallback& callback) override { - RetrievePolicyForUser(account_name, callback); + RetrievePolicyForUser(cryptohome::Identification::FromString(account_id), + callback); } void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) override { @@ -821,7 +821,7 @@ class SessionManagerClientStubImpl : public SessionManagerClient { base::Bind(callback, true), false); } - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override { // The session manager writes the user policy key to a well-known @@ -834,7 +834,7 @@ class SessionManagerClientStubImpl : public SessionManagerClient { } if (response.has_new_public_key()) { - base::FilePath key_path = GetUserFilePath(username, "policy.pub"); + base::FilePath key_path = GetUserFilePath(cryptohome_id, "policy.pub"); base::WorkerPool::PostTask( FROM_HERE, base::Bind(&StoreFile, key_path, response.new_public_key()), @@ -843,7 +843,8 @@ class SessionManagerClientStubImpl : public SessionManagerClient { // This file isn't read directly by Chrome, but is used by this class to // reload the user policy across restarts. - base::FilePath stub_policy_path = GetUserFilePath(username, "stub_policy"); + base::FilePath stub_policy_path = + GetUserFilePath(cryptohome_id, "stub_policy"); base::WorkerPool::PostTaskAndReply( FROM_HERE, base::Bind(&StoreFile, stub_policy_path, policy_blob), @@ -851,12 +852,13 @@ class SessionManagerClientStubImpl : public SessionManagerClient { false); } void StoreDeviceLocalAccountPolicy( - const std::string& account_name, + const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) override { - StorePolicyForUser(account_name, policy_blob, callback); + StorePolicyForUser(cryptohome::Identification::FromString(account_id), + policy_blob, callback); } - void SetFlagsForUser(const std::string& username, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override {} void GetServerBackedStateKeys(const StateKeysCallback& callback) override { diff --git a/chromeos/dbus/session_manager_client.h b/chromeos/dbus/session_manager_client.h index 4fd4c09..d0e3566 100644 --- a/chromeos/dbus/session_manager_client.h +++ b/chromeos/dbus/session_manager_client.h @@ -16,6 +16,10 @@ #include "chromeos/dbus/dbus_client.h" #include "chromeos/dbus/dbus_client_implementation_type.h" +namespace cryptohome { +class Identification; +} + namespace chromeos { // SessionManagerClient is used to communicate with the session manager. @@ -78,7 +82,8 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void RestartJob(const std::vector<std::string>& argv) = 0; // Starts the session for the user. - virtual void StartSession(const std::string& user_email) = 0; + virtual void StartSession( + const cryptohome::Identification& cryptohome_id) = 0; // Stops the current session. virtual void StopSession() = 0; @@ -102,19 +107,19 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void NotifySupervisedUserCreationFinished() = 0; // Map that is used to describe the set of active user sessions where |key| - // is user_id and |value| is user_id_hash. - typedef std::map<std::string, std::string> ActiveSessionsMap; + // is cryptohome id and |value| is user_id_hash. + using ActiveSessionsMap = std::map<cryptohome::Identification, std::string>; // The ActiveSessionsCallback is used for the RetrieveActiveSessions() - // method. It receives |sessions| argument where the keys are user_ids for - // all users that are currently active and |success| argument which indicates - // whether or not the request succeded. + // method. It receives |sessions| argument where the keys are cryptohome_ids + // for all users that are currently active and |success| argument which + // indicates whether or not the request succeded. typedef base::Callback<void(const ActiveSessionsMap& sessions, bool success)> ActiveSessionsCallback; // Enumerates active user sessions. Usually Chrome naturally keeps track of // active users when they are added into current session. When Chrome is - // restarted after crash by session_manager it only receives user_id and + // restarted after crash by session_manager it only receives cryptohome id and // user_id_hash for one user. This method is used to retrieve list of all // active users. virtual void RetrieveActiveSessions( @@ -131,10 +136,10 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void RetrieveDevicePolicy(const RetrievePolicyCallback& callback) = 0; // Fetches the user policy blob stored by the session manager for the given - // |username|. Upon completion of the retrieve attempt, we will call the + // |cryptohome_id|. Upon completion of the retrieve attempt, we will call the // provided callback. virtual void RetrievePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) = 0; // Same as RetrievePolicyForUser() but blocks until a reply is received, and @@ -144,7 +149,7 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { // considered acceptable (e.g. restarting the browser after a crash or after // a flag change). virtual std::string BlockingRetrievePolicyForUser( - const std::string& username) = 0; + const cryptohome::Identification& cryptohome_id) = 0; // Fetches the policy blob associated with the specified device-local account // from session manager. |callback| is invoked up on completion. @@ -162,11 +167,13 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) = 0; - // Attempts to asynchronously store |policy_blob| as user policy for the given - // |username|. Upon completion of the store attempt, we will call callback. - virtual void StorePolicyForUser(const std::string& username, - const std::string& policy_blob, - const StorePolicyCallback& callback) = 0; + // Attempts to asynchronously store |policy_blob| as user policy for the + // given |cryptohome_id|. Upon completion of the store attempt, we will call + // callback. + virtual void StorePolicyForUser( + const cryptohome::Identification& cryptohome_id, + const std::string& policy_blob, + const StorePolicyCallback& callback) = 0; // Sends a request to store a policy blob for the specified device-local // account. The result of the operation is reported through |callback|. @@ -177,7 +184,7 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { // Sets the flags to be applied next time by the session manager when Chrome // is restarted inside an already started session for a particular user. - virtual void SetFlagsForUser(const std::string& username, + virtual void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) = 0; typedef base::Callback<void(const std::vector<std::string>& state_keys)> diff --git a/chromeos/login/auth/authenticator.h b/chromeos/login/auth/authenticator.h index 1f05bce..422cccd 100644 --- a/chromeos/login/auth/authenticator.h +++ b/chromeos/login/auth/authenticator.h @@ -13,6 +13,8 @@ #include "chromeos/login/auth/auth_status_consumer.h" #include "google_apis/gaia/gaia_auth_consumer.h" +class AccountId; + namespace content { class BrowserContext; } @@ -56,11 +58,11 @@ class CHROMEOS_EXPORT Authenticator // Initiates login into the public account identified by |user_context|. virtual void LoginAsPublicSession(const UserContext& user_context) = 0; - // Initiates login into kiosk mode account identified by |app_user_id|. - // The |app_user_id| is a generated username for the account. + // Initiates login into kiosk mode account identified by |app_account_id|. + // The |app_account_id| is a generated account id for the account. // |use_guest_mount| specifies whether to force the session to use a // guest mount. If this is false, we use mount a public cryptohome. - virtual void LoginAsKioskAccount(const std::string& app_user_id, + virtual void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) = 0; // Notifies caller that login was successful. Must be called on the UI thread. diff --git a/chromeos/login/auth/cryptohome_authenticator.cc b/chromeos/login/auth/cryptohome_authenticator.cc index df430d0..913af5d 100644 --- a/chromeos/login/auth/cryptohome_authenticator.cc +++ b/chromeos/login/auth/cryptohome_authenticator.cc @@ -149,8 +149,7 @@ void DoMount(const base::WeakPtr<AuthAttemptState>& attempt, } cryptohome::HomedirMethods::GetInstance()->MountEx( - cryptohome::Identification( - attempt->user_context.GetAccountId().GetUserEmail()), + cryptohome::Identification(attempt->user_context.GetAccountId()), cryptohome::Authorization(auth_key), mount, base::Bind(&OnMount, attempt, resolver)); } @@ -267,8 +266,7 @@ void StartMount(const base::WeakPtr<AuthAttemptState>& attempt, } cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( - cryptohome::Identification( - attempt->user_context.GetAccountId().GetUserEmail()), + cryptohome::Identification(attempt->user_context.GetAccountId()), kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, ephemeral, create_if_nonexistent)); } @@ -284,7 +282,7 @@ void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveHash, attempt, resolver)); } @@ -293,11 +291,11 @@ void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, scoped_refptr<CryptohomeAuthenticator> resolver, int flags) { cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( - attempt->user_context.GetAccountId().GetUserEmail(), flags, + cryptohome::Identification(attempt->user_context.GetAccountId()), flags, base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMountPublic-End", attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveHash, attempt, resolver)); } @@ -320,13 +318,13 @@ void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); if (passing_old_hash) { caller->AsyncMigrateKey( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), old_key->GetSecret(), new_key->GetSecret(), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", attempt, resolver)); } else { caller->AsyncMigrateKey( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), new_key->GetSecret(), old_key->GetSecret(), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", attempt, resolver)); @@ -339,7 +337,7 @@ void Remove(const base::WeakPtr<AuthAttemptState>& attempt, chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( "CryptohomeRemove-Start", false); cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", attempt, resolver)); } @@ -351,8 +349,8 @@ void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, scoped_ptr<Key> key = TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( - attempt->user_context.GetAccountId().GetUserEmail(), key->GetSecret(), - base::Bind(&TriggerResolve, attempt, resolver)); + cryptohome::Identification(attempt->user_context.GetAccountId()), + key->GetSecret(), base::Bind(&TriggerResolve, attempt, resolver)); } } // namespace @@ -447,12 +445,11 @@ void CryptohomeAuthenticator::LoginAsSupervisedUser( void CryptohomeAuthenticator::LoginOffTheRecord() { DCHECK(task_runner_->RunsTasksOnCurrentThread()); - current_state_.reset( - new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST, - login::GuestAccountId().GetUserEmail()), - false, // unlock - false, // online_complete - false)); // user_is_new + current_state_.reset(new AuthAttemptState( + UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId()), + false, // unlock + false, // online_complete + false)); // user_is_new remove_user_data_on_failure_ = false; ephemeral_mount_attempted_ = true; MountGuestAndGetHash(current_state_->AsWeakPtr(), @@ -477,14 +474,14 @@ void CryptohomeAuthenticator::LoginAsPublicSession( } void CryptohomeAuthenticator::LoginAsKioskAccount( - const std::string& app_user_id, + const AccountId& app_account_id, bool use_guest_mount) { DCHECK(task_runner_->RunsTasksOnCurrentThread()); - const std::string user_id = - use_guest_mount ? login::GuestAccountId().GetUserEmail() : app_user_id; + const AccountId& account_id = + use_guest_mount ? login::GuestAccountId() : app_account_id; current_state_.reset(new AuthAttemptState( - UserContext(user_manager::USER_TYPE_KIOSK_APP, user_id), + UserContext(user_manager::USER_TYPE_KIOSK_APP, account_id), false, // unlock false, // online_complete false)); // user_is_new diff --git a/chromeos/login/auth/cryptohome_authenticator.h b/chromeos/login/auth/cryptohome_authenticator.h index d767bd9..cfac3d3 100644 --- a/chromeos/login/auth/cryptohome_authenticator.h +++ b/chromeos/login/auth/cryptohome_authenticator.h @@ -129,12 +129,12 @@ class CHROMEOS_EXPORT CryptohomeAuthenticator // success/failure. void LoginAsPublicSession(const UserContext& user_context) override; - // Initiates login into the kiosk mode account identified by |app_user_id|. + // Initiates login into the kiosk mode account identified by |app_account_id|. // Mounts an ephemeral guest cryptohome if |use_guest_mount| is |true|. // Otherwise, mounts a public cryptohome, which will be ephemeral if the // |DeviceEphemeralUsersEnabled| policy is enabled and non-ephemeral // otherwise. - void LoginAsKioskAccount(const std::string& app_user_id, + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) override; // These methods must be called on the UI thread, as they make DBus calls diff --git a/chromeos/login/auth/extended_authenticator.h b/chromeos/login/auth/extended_authenticator.h index deaa6c4..0a0a877 100644 --- a/chromeos/login/auth/extended_authenticator.h +++ b/chromeos/login/auth/extended_authenticator.h @@ -15,6 +15,8 @@ #include "chromeos/chromeos_export.h" #include "chromeos/cryptohome/cryptohome_parameters.h" +class AccountId; + namespace chromeos { class AuthStatusConsumer; @@ -68,12 +70,13 @@ class CHROMEOS_EXPORT ExtendedAuthenticator virtual void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) = 0; - // This call will create and mount the home dir for |user_id| with the given - // |keys| if the home dir is missing. If the home dir exists already, a mount - // attempt will be performed using the first key in |keys| for authentication. - // Note that all |keys| should have been transformed from plain text already. + // This call will create and mount the home dir for |account_id| with the + // given |keys| if the home dir is missing. If the home dir exists already, a + // mount attempt will be performed using the first key in |keys| for + // authentication. Note that all |keys| should have been transformed from + // plain text already. // This method does not alter them. - virtual void CreateMount(const std::string& user_id, + virtual void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) = 0; diff --git a/chromeos/login/auth/extended_authenticator_impl.cc b/chromeos/login/auth/extended_authenticator_impl.cc index 25d9520..98ec0b9 100644 --- a/chromeos/login/auth/extended_authenticator_impl.cc +++ b/chromeos/login/auth/extended_authenticator_impl.cc @@ -82,19 +82,18 @@ void ExtendedAuthenticatorImpl::AuthenticateToCheck( } void ExtendedAuthenticatorImpl::CreateMount( - const std::string& user_id, + const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) { RecordStartMarker("MountEx"); - std::string canonicalized = gaia::CanonicalizeEmail(user_id); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(account_id); cryptohome::Authorization auth(keys.front()); cryptohome::MountParameters mount(false); for (size_t i = 0; i < keys.size(); i++) { mount.create_keys.push_back(keys[i]); } - UserContext context(AccountId::FromUserEmail(user_id)); + UserContext context(account_id); Key key(keys.front().secret); key.SetLabel(keys.front().label); context.SetKey(key); @@ -189,9 +188,7 @@ void ExtendedAuthenticatorImpl::DoAuthenticateToMount( const UserContext& user_context) { RecordStartMarker("MountEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const key = user_context.GetKey(); cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); cryptohome::MountParameters mount(false); @@ -212,9 +209,7 @@ void ExtendedAuthenticatorImpl::DoAuthenticateToCheck( const UserContext& user_context) { RecordStartMarker("CheckKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const key = user_context.GetKey(); cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); @@ -234,9 +229,7 @@ void ExtendedAuthenticatorImpl::DoAddKey(const cryptohome::KeyDefinition& key, const UserContext& user_context) { RecordStartMarker("AddKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); @@ -259,9 +252,7 @@ void ExtendedAuthenticatorImpl::DoUpdateKeyAuthorized( const UserContext& user_context) { RecordStartMarker("UpdateKeyAuthorized"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); @@ -282,9 +273,7 @@ void ExtendedAuthenticatorImpl::DoRemoveKey(const std::string& key_to_remove, const UserContext& user_context) { RecordStartMarker("RemoveKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); diff --git a/chromeos/login/auth/extended_authenticator_impl.h b/chromeos/login/auth/extended_authenticator_impl.h index a292e9e..550ba3f 100644 --- a/chromeos/login/auth/extended_authenticator_impl.h +++ b/chromeos/login/auth/extended_authenticator_impl.h @@ -15,6 +15,8 @@ #include "chromeos/login/auth/extended_authenticator.h" #include "third_party/cros_system_api/dbus/service_constants.h" +class AccountId; + namespace chromeos { class AuthStatusConsumer; @@ -32,7 +34,7 @@ class CHROMEOS_EXPORT ExtendedAuthenticatorImpl : public ExtendedAuthenticator { const ResultCallback& success_callback) override; void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) override; - void CreateMount(const std::string& user_id, + void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) override; void AddKey(const UserContext& context, diff --git a/chromeos/login/auth/fake_extended_authenticator.cc b/chromeos/login/auth/fake_extended_authenticator.cc index e57755b..b44255b 100644 --- a/chromeos/login/auth/fake_extended_authenticator.cc +++ b/chromeos/login/auth/fake_extended_authenticator.cc @@ -65,9 +65,10 @@ void FakeExtendedAuthenticator::AuthenticateToCheck( AuthFailure(AuthFailure::UNLOCK_FAILED)); } -void FakeExtendedAuthenticator::CreateMount(const std::string& user_id, - const std::vector<cryptohome::KeyDefinition>& keys, - const ResultCallback& success_callback) { +void FakeExtendedAuthenticator::CreateMount( + const AccountId& account_id, + const std::vector<cryptohome::KeyDefinition>& keys, + const ResultCallback& success_callback) { NOTREACHED(); } diff --git a/chromeos/login/auth/fake_extended_authenticator.h b/chromeos/login/auth/fake_extended_authenticator.h index 96dc4f4..ee48944 100644 --- a/chromeos/login/auth/fake_extended_authenticator.h +++ b/chromeos/login/auth/fake_extended_authenticator.h @@ -10,6 +10,8 @@ #include "chromeos/login/auth/extended_authenticator.h" #include "chromeos/login/auth/user_context.h" +class AccountId; + namespace chromeos { class AuthFailure; @@ -27,7 +29,7 @@ class CHROMEOS_EXPORT FakeExtendedAuthenticator : public ExtendedAuthenticator { const ResultCallback& success_callback) override; void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) override; - void CreateMount(const std::string& user_id, + void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) override; void AddKey(const UserContext& context, diff --git a/chromeos/login/auth/login_performer.cc b/chromeos/login/auth/login_performer.cc index b358105..6d949f4 100644 --- a/chromeos/login/auth/login_performer.cc +++ b/chromeos/login/auth/login_performer.cc @@ -228,14 +228,13 @@ void LoginPerformer::LoginOffTheRecord() { base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); } -void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id, +void LoginPerformer::LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) { EnsureAuthenticator(); - task_runner_->PostTask(FROM_HERE, - base::Bind(&Authenticator::LoginAsKioskAccount, - authenticator_.get(), - app_user_id, - use_guest_mount)); + task_runner_->PostTask( + FROM_HERE, + base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(), + app_account_id, use_guest_mount)); } void LoginPerformer::RecoverEncryptedData(const std::string& old_password) { diff --git a/chromeos/login/auth/login_performer.h b/chromeos/login/auth/login_performer.h index 915ee35..3eb2c4f6 100644 --- a/chromeos/login/auth/login_performer.h +++ b/chromeos/login/auth/login_performer.h @@ -79,8 +79,8 @@ class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer { // Performs public session login with a given |user_context|. void LoginAsPublicSession(const UserContext& user_context); - // Performs a login into the kiosk mode account with |app_user_id|. - void LoginAsKioskAccount(const std::string& app_user_id, + // Performs a login into the kiosk mode account with |app_account_id|. + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount); // AuthStatusConsumer implementation: diff --git a/chromeos/login/auth/stub_authenticator.cc b/chromeos/login/auth/stub_authenticator.cc index 371453d..d48d596 100644 --- a/chromeos/login/auth/stub_authenticator.cc +++ b/chromeos/login/auth/stub_authenticator.cc @@ -75,7 +75,7 @@ void StubAuthenticator::LoginAsPublicSession(const UserContext& user_context) { } void StubAuthenticator::LoginAsKioskAccount( - const std::string& /* app_user_id */, + const AccountId& /* app_account_id */, bool use_guest_mount) { UserContext user_context(expected_user_context_.GetAccountId()); user_context.SetIsUsingOAuth(false); diff --git a/chromeos/login/auth/stub_authenticator.h b/chromeos/login/auth/stub_authenticator.h index 8c67874..10f9775 100644 --- a/chromeos/login/auth/stub_authenticator.h +++ b/chromeos/login/auth/stub_authenticator.h @@ -13,6 +13,8 @@ #include "chromeos/login/auth/authenticator.h" #include "chromeos/login/auth/user_context.h" +class AccountId; + namespace content { class BrowserContext; } @@ -35,7 +37,7 @@ class CHROMEOS_EXPORT StubAuthenticator : public Authenticator { void LoginAsSupervisedUser(const UserContext& user_context) override; void LoginOffTheRecord() override; void LoginAsPublicSession(const UserContext& user_context) override; - void LoginAsKioskAccount(const std::string& app_user_id, + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) override; void OnAuthSuccess() override; void OnAuthFailure(const AuthFailure& failure) override; diff --git a/chromeos/login/auth/user_context.cc b/chromeos/login/auth/user_context.cc index 0060e3c..7eed5e0 100644 --- a/chromeos/login/auth/user_context.cc +++ b/chromeos/login/auth/user_context.cc @@ -11,7 +11,6 @@ UserContext::UserContext() : account_id_(EmptyAccountId()) {} UserContext::UserContext(const UserContext& other) : account_id_(other.account_id_), - gaia_id_(other.gaia_id_), key_(other.key_), auth_code_(other.auth_code_), refresh_token_(other.refresh_token_), @@ -32,20 +31,19 @@ UserContext::UserContext(const AccountId& account_id) } UserContext::UserContext(user_manager::UserType user_type, - const std::string& user_id) - : account_id_(EmptyAccountId()), user_type_(user_type) { + const AccountId& account_id) + : account_id_(account_id), user_type_(user_type) { if (user_type_ == user_manager::USER_TYPE_REGULAR) - account_id_ = AccountId::FromUserEmail(login::CanonicalizeUserID(user_id)); - else - account_id_ = AccountId::FromUserEmail(user_id); + account_id_.SetUserEmail( + login::CanonicalizeUserID(account_id_.GetUserEmail())); } UserContext::~UserContext() { } bool UserContext::operator==(const UserContext& context) const { - return context.account_id_ == account_id_ && context.gaia_id_ == gaia_id_ && - context.key_ == key_ && context.auth_code_ == auth_code_ && + return context.account_id_ == account_id_ && context.key_ == key_ && + context.auth_code_ == auth_code_ && context.refresh_token_ == refresh_token_ && context.access_token_ == access_token_ && context.user_id_hash_ == user_id_hash_ && @@ -64,7 +62,7 @@ const AccountId& UserContext::GetAccountId() const { } const std::string& UserContext::GetGaiaID() const { - return gaia_id_; + return account_id_.GetGaiaId(); } const Key* UserContext::GetKey() const { @@ -124,12 +122,8 @@ bool UserContext::HasCredentials() const { !auth_code_.empty(); } -void UserContext::SetUserID(const std::string& user_id) { - account_id_ = AccountId::FromUserEmail(login::CanonicalizeUserID(user_id)); -} - -void UserContext::SetGaiaID(const std::string& gaia_id) { - gaia_id_ = gaia_id; +void UserContext::SetAccountId(const AccountId& account_id) { + account_id_ = account_id; } void UserContext::SetKey(const Key& key) { diff --git a/chromeos/login/auth/user_context.h b/chromeos/login/auth/user_context.h index a4440cc..6f29645 100644 --- a/chromeos/login/auth/user_context.h +++ b/chromeos/login/auth/user_context.h @@ -40,7 +40,7 @@ class CHROMEOS_EXPORT UserContext { UserContext(); UserContext(const UserContext& other); explicit UserContext(const AccountId& account_id); - UserContext(user_manager::UserType user_type, const std::string& user_id); + UserContext(user_manager::UserType user_type, const AccountId& account_id); ~UserContext(); bool operator==(const UserContext& context) const; @@ -64,8 +64,7 @@ class CHROMEOS_EXPORT UserContext { bool HasCredentials() const; - void SetUserID(const std::string& user_id); - void SetGaiaID(const std::string& gaia_id); + void SetAccountId(const AccountId& account_id); void SetKey(const Key& key); void SetAuthCode(const std::string& auth_code); void SetRefreshToken(const std::string& refresh_token); @@ -83,7 +82,6 @@ class CHROMEOS_EXPORT UserContext { private: AccountId account_id_; - std::string gaia_id_; Key key_; std::string auth_code_; std::string refresh_token_; diff --git a/chromeos/tpm/tpm_token_info_getter.cc b/chromeos/tpm/tpm_token_info_getter.cc index e51392f..31a3089 100644 --- a/chromeos/tpm/tpm_token_info_getter.cc +++ b/chromeos/tpm/tpm_token_info_getter.cc @@ -8,6 +8,7 @@ #include "base/bind.h" #include "base/location.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" namespace { @@ -43,22 +44,20 @@ TPMTokenInfo::~TPMTokenInfo() {} // static scoped_ptr<TPMTokenInfoGetter> TPMTokenInfoGetter::CreateForUserToken( - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner) { - CHECK(!user_id.empty()); - return scoped_ptr<TPMTokenInfoGetter>( - new TPMTokenInfoGetter( - TYPE_USER, user_id, cryptohome_client, delayed_task_runner)); + CHECK(account_id.is_valid()); + return scoped_ptr<TPMTokenInfoGetter>(new TPMTokenInfoGetter( + TYPE_USER, account_id, cryptohome_client, delayed_task_runner)); } // static scoped_ptr<TPMTokenInfoGetter> TPMTokenInfoGetter::CreateForSystemToken( CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner) { - return scoped_ptr<TPMTokenInfoGetter>( - new TPMTokenInfoGetter( - TYPE_SYSTEM, std::string(), cryptohome_client, delayed_task_runner)); + return scoped_ptr<TPMTokenInfoGetter>(new TPMTokenInfoGetter( + TYPE_SYSTEM, EmptyAccountId(), cryptohome_client, delayed_task_runner)); } TPMTokenInfoGetter::~TPMTokenInfoGetter() {} @@ -75,18 +74,17 @@ void TPMTokenInfoGetter::Start(const TPMTokenInfoCallback& callback) { TPMTokenInfoGetter::TPMTokenInfoGetter( TPMTokenInfoGetter::Type type, - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner) : delayed_task_runner_(delayed_task_runner), type_(type), state_(TPMTokenInfoGetter::STATE_INITIAL), - user_id_(user_id), + account_id_(account_id), tpm_request_delay_( base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), cryptohome_client_(cryptohome_client), - weak_factory_(this) { -} + weak_factory_(this) {} void TPMTokenInfoGetter::Continue() { switch (state_) { @@ -105,9 +103,9 @@ void TPMTokenInfoGetter::Continue() { weak_factory_.GetWeakPtr())); } else { // if (type_ == TYPE_USER) cryptohome_client_->Pkcs11GetTpmTokenInfoForUser( - user_id_, - base::Bind(&TPMTokenInfoGetter::OnPkcs11GetTpmTokenInfo, - weak_factory_.GetWeakPtr())); + cryptohome::Identification(account_id_), + base::Bind(&TPMTokenInfoGetter::OnPkcs11GetTpmTokenInfo, + weak_factory_.GetWeakPtr())); } break; case STATE_DONE: diff --git a/chromeos/tpm/tpm_token_info_getter.h b/chromeos/tpm/tpm_token_info_getter.h index 1612dc5..964c831 100644 --- a/chromeos/tpm/tpm_token_info_getter.h +++ b/chromeos/tpm/tpm_token_info_getter.h @@ -14,6 +14,7 @@ #include "base/time/time.h" #include "chromeos/chromeos_export.h" #include "chromeos/dbus/dbus_method_call_status.h" +#include "components/signin/core/account_id/account_id.h" namespace base { class TaskRunner; @@ -47,7 +48,7 @@ class CHROMEOS_EXPORT TPMTokenInfoGetter { // Factory method for TPMTokenInfoGetter for a user token. static scoped_ptr<TPMTokenInfoGetter> CreateForUserToken( - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner); @@ -80,7 +81,7 @@ class CHROMEOS_EXPORT TPMTokenInfoGetter { TPMTokenInfoGetter( Type type, - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner); @@ -107,8 +108,9 @@ class CHROMEOS_EXPORT TPMTokenInfoGetter { Type type_; State state_; - // The user id associated with the TPMTokenInfoGetter. Empty for system token. - std::string user_id_; + // The account id associated with the TPMTokenInfoGetter. Empty for system + // token. + AccountId account_id_; TPMTokenInfoCallback callback_; diff --git a/chromeos/tpm/tpm_token_info_getter_unittest.cc b/chromeos/tpm/tpm_token_info_getter_unittest.cc index 013c22a..5bdfa6f 100644 --- a/chromeos/tpm/tpm_token_info_getter_unittest.cc +++ b/chromeos/tpm/tpm_token_info_getter_unittest.cc @@ -15,6 +15,7 @@ #include "base/single_thread_task_runner.h" #include "base/task_runner.h" #include "base/thread_task_runner_handle.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/fake_cryptohome_client.h" #include "chromeos/tpm/tpm_token_info_getter.h" #include "testing/gtest/include/gtest/gtest.h" @@ -84,17 +85,16 @@ class FakeTaskRunner : public base::TaskRunner { // TPMTokenInfoGetter tests. class TestCryptohomeClient : public chromeos::FakeCryptohomeClient { public: - // |user_id|: The user associated with the TPMTokenInfoGetter that will be + // |account_id|: The user associated with the TPMTokenInfoGetter that will be // using the TestCryptohomeClient. Should be empty for system token. - explicit TestCryptohomeClient(const std::string& user_id) - : user_id_(user_id), + explicit TestCryptohomeClient(const AccountId& account_id) + : account_id_(account_id), tpm_is_enabled_(true), tpm_is_enabled_failure_count_(0), tpm_is_enabled_succeeded_(false), get_tpm_token_info_failure_count_(0), get_tpm_token_info_not_set_count_(0), - get_tpm_token_info_succeeded_(false) { - } + get_tpm_token_info_succeeded_(false) {} ~TestCryptohomeClient() override {} @@ -152,22 +152,22 @@ class TestCryptohomeClient : public chromeos::FakeCryptohomeClient { void Pkcs11GetTpmTokenInfo( const Pkcs11GetTpmTokenInfoCallback& callback) override { - ASSERT_TRUE(user_id_.empty()); + ASSERT_TRUE(account_id_.empty()); HandleGetTpmTokenInfo(callback); } void Pkcs11GetTpmTokenInfoForUser( - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) override { - ASSERT_FALSE(user_id_.empty()); - ASSERT_EQ(user_id_, user_id); + ASSERT_FALSE(cryptohome_id.id().empty()); + ASSERT_EQ(account_id_, cryptohome_id.GetAccountId()); HandleGetTpmTokenInfo(callback); } // Handles Pkcs11GetTpmTokenInfo calls (both for system and user token). The - // CryptohomeClient method overrides should make sure that |user_id_| is + // CryptohomeClient method overrides should make sure that |account_id_| is // properly set before calling this. void HandleGetTpmTokenInfo(const Pkcs11GetTpmTokenInfoCallback& callback) { ASSERT_TRUE(tpm_is_enabled_succeeded_); @@ -218,7 +218,7 @@ class TestCryptohomeClient : public chromeos::FakeCryptohomeClient { tpm_token_info_.slot_id); } - std::string user_id_; + AccountId account_id_; bool tpm_is_enabled_; int tpm_is_enabled_failure_count_; bool tpm_is_enabled_succeeded_; @@ -237,7 +237,7 @@ class SystemTPMTokenInfoGetterTest : public testing::Test { ~SystemTPMTokenInfoGetterTest() override {} void SetUp() override { - cryptohome_client_.reset(new TestCryptohomeClient(std::string())); + cryptohome_client_.reset(new TestCryptohomeClient(EmptyAccountId())); tpm_token_info_getter_ = chromeos::TPMTokenInfoGetter::CreateForSystemToken( cryptohome_client_.get(), @@ -258,23 +258,22 @@ class SystemTPMTokenInfoGetterTest : public testing::Test { class UserTPMTokenInfoGetterTest : public testing::Test { public: - UserTPMTokenInfoGetterTest() : user_id_("user") {} + UserTPMTokenInfoGetterTest() + : account_id_(AccountId::FromUserEmail("user")) {} ~UserTPMTokenInfoGetterTest() override {} void SetUp() override { - cryptohome_client_.reset(new TestCryptohomeClient(user_id_)); - tpm_token_info_getter_ = - chromeos::TPMTokenInfoGetter::CreateForUserToken( - user_id_, - cryptohome_client_.get(), - scoped_refptr<base::TaskRunner>(new FakeTaskRunner(&delays_))); + cryptohome_client_.reset(new TestCryptohomeClient(account_id_)); + tpm_token_info_getter_ = chromeos::TPMTokenInfoGetter::CreateForUserToken( + account_id_, cryptohome_client_.get(), + scoped_refptr<base::TaskRunner>(new FakeTaskRunner(&delays_))); } protected: scoped_ptr<TestCryptohomeClient> cryptohome_client_; scoped_ptr<chromeos::TPMTokenInfoGetter> tpm_token_info_getter_; - std::string user_id_; + const AccountId account_id_; std::vector<int64_t> delays_; private: diff --git a/components/signin/core/account_id/account_id.cc b/components/signin/core/account_id/account_id.cc index 45dee4d..c2a8a39 100644 --- a/components/signin/core/account_id/account_id.cc +++ b/components/signin/core/account_id/account_id.cc @@ -9,6 +9,7 @@ #include "base/json/json_reader.h" #include "base/json/json_writer.h" #include "base/memory/singleton.h" +#include "base/strings/string_util.h" #include "base/values.h" #include "google_apis/gaia/gaia_auth_util.h" @@ -49,6 +50,12 @@ AccountId::AccountId() {} AccountId::AccountId(const std::string& gaia_id, const std::string& user_email) : gaia_id_(gaia_id), user_email_(user_email) { + // Fail if e-mail looks similar to GaiaIdKey. + LOG_ASSERT(!base::StartsWith(user_email, kKeyGaiaIdPrefix, + base::CompareCase::SENSITIVE) || + user_email.find('@') != std::string::npos) + << "Bad e-mail: '" << user_email << "' with gaia_id='" << gaia_id << "'"; + // TODO(alemate): DCHECK(!email.empty()); // TODO(alemate): check gaia_id is not empty once it is required. } @@ -98,7 +105,14 @@ const std::string& AccountId::GetUserEmail() const { } const std::string AccountId::GetGaiaIdKey() const { +#ifdef NDEBUG + if (gaia_id_.empty()) + LOG(FATAL) << "GetGaiaIdKey(): no gaia id for " << Serialize(); + +#else CHECK(!gaia_id_.empty()); +#endif + return std::string(kKeyGaiaIdPrefix) + gaia_id_; } diff --git a/components/user_manager/known_user.cc b/components/user_manager/known_user.cc index 973e12b..8be385c 100644 --- a/components/user_manager/known_user.cc +++ b/components/user_manager/known_user.cc @@ -46,11 +46,10 @@ const char kReauthReasonKey[] = "reauth_reason"; const char kGaiaIdMigration[] = "gaia_id_migration"; PrefService* GetLocalState() { - UserManager* user_manager = UserManager::Get(); - if (user_manager) - return user_manager->GetLocalState(); + if (!UserManager::IsInitialized()) + return nullptr; - return nullptr; + return UserManager::Get()->GetLocalState(); } // Checks if values in |dict| correspond with |account_id| identity. @@ -72,7 +71,11 @@ bool UserMatches(const AccountId& account_id, // Fills relevant |dict| values based on |account_id|. void UpdateIdentity(const AccountId& account_id, base::DictionaryValue& dict) { - dict.SetString(kCanonicalEmail, account_id.GetUserEmail()); + if (!account_id.GetUserEmail().empty()) + dict.SetString(kCanonicalEmail, account_id.GetUserEmail()); + + if (!account_id.GetGaiaId().empty()) + dict.SetString(kGAIAIdKey, account_id.GetGaiaId()); } } // namespace @@ -86,9 +89,8 @@ bool FindPrefs(const AccountId& account_id, return false; // UserManager is usually NULL in unit tests. - UserManager* user_manager = UserManager::Get(); - if (user_manager && - user_manager->IsUserNonCryptohomeDataEphemeral(account_id)) + if (UserManager::IsInitialized() && + UserManager::Get()->IsUserNonCryptohomeDataEphemeral(account_id)) return false; const base::ListValue* known_users = local_state->GetList(kKnownUsers); @@ -114,9 +116,8 @@ void UpdatePrefs(const AccountId& account_id, return; // UserManager is usually NULL in unit tests. - UserManager* user_manager = UserManager::Get(); - if (user_manager && - user_manager->IsUserNonCryptohomeDataEphemeral(account_id)) + if (UserManager::IsInitialized() && + UserManager::Get()->IsUserNonCryptohomeDataEphemeral(account_id)) return; ListPrefUpdate update(local_state, kKnownUsers); @@ -219,9 +220,10 @@ AccountId GetAccountId(const std::string& user_email, return EmptyAccountId(); AccountId result(EmptyAccountId()); - UserManager* user_manager = UserManager::Get(); - if (user_manager && - user_manager->GetPlatformKnownUserId(user_email, gaia_id, &result)) { + // UserManager is usually NULL in unit tests. + if (UserManager::IsInitialized() && + UserManager::Get()->GetPlatformKnownUserId(user_email, gaia_id, + &result)) { return result; } @@ -256,6 +258,29 @@ AccountId GetAccountId(const std::string& user_email, : AccountId::FromUserEmailGaiaId(user_email, gaia_id)); } +std::vector<AccountId> GetKnownAccountIds() { + std::vector<AccountId> result; + PrefService* local_state = GetLocalState(); + + // Local State may not be initialized in tests. + if (!local_state) + return result; + + const base::ListValue* known_users = local_state->GetList(kKnownUsers); + for (size_t i = 0; i < known_users->GetSize(); ++i) { + const base::DictionaryValue* element = nullptr; + if (known_users->GetDictionary(i, &element)) { + std::string email; + std::string gaia_id; + const bool has_email = element->GetString(kCanonicalEmail, &email); + const bool has_gaia_id = element->GetString(kGAIAIdKey, &gaia_id); + if (has_email || has_gaia_id) + result.push_back(AccountId::FromUserEmailGaiaId(email, gaia_id)); + } + } + return result; +} + bool GetGaiaIdMigrationStatus(const AccountId& account_id, const std::string& subsystem) { bool migrated = false; diff --git a/components/user_manager/known_user.h b/components/user_manager/known_user.h index aa02b2f..8a16cbe 100644 --- a/components/user_manager/known_user.h +++ b/components/user_manager/known_user.h @@ -6,6 +6,7 @@ #define COMPONENTS_USER_MANAGER_KNOWN_USER_H_ #include <string> +#include <vector> #include "components/user_manager/user_manager_export.h" @@ -68,6 +69,9 @@ void USER_MANAGER_EXPORT SetIntegerPref(const AccountId& account_id, const std::string& path, const int in_value); +// Returns the list of known AccountIds. +std::vector<AccountId> USER_MANAGER_EXPORT GetKnownAccountIds(); + // This call forms full account id of a known user by email and (optionally) // gaia_id. // This is a temporary call while migrating to AccountId. |