Added multi-profile support for attestation on chromeos.

All certified keys and certificates will be associated with the correct
profile when multiple profiles are used.

BUG=chromium:205206
TEST=unit, manual

Review URL: https://codereview.chromium.org/27044004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229891 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 44 insertions, 20 deletions

diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc
index c9af98a..8e89309 100644
--- a/chromeos/cryptohome/async_method_caller.cc
+++ b/chromeos/cryptohome/async_method_caller.cc
@@ -134,13 +134,13 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
 
   virtual void AsyncTpmAttestationCreateCertRequest(
       chromeos::attestation::AttestationCertificateProfile certificate_profile,
-      const std::string& username,
+      const std::string& user_id,
       const std::string& request_origin,
       const DataCallback& callback) OVERRIDE {
     DBusThreadManager::Get()->GetCryptohomeClient()->
         AsyncTpmAttestationCreateCertRequest(
             certificate_profile,
-            username,
+            user_id,
             request_origin,
             base::Bind(&AsyncMethodCallerImpl::RegisterAsyncDataCallback,
                        weak_ptr_factory_.GetWeakPtr(),
@@ -151,12 +151,14 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
   virtual void AsyncTpmAttestationFinishCertRequest(
       const std::string& pca_response,
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const DataCallback& callback) OVERRIDE {
     DBusThreadManager::Get()->GetCryptohomeClient()->
         AsyncTpmAttestationFinishCertRequest(
             pca_response,
             key_type,
+            user_id,
             key_name,
             base::Bind(
                 &AsyncMethodCallerImpl::RegisterAsyncDataCallback,
@@ -167,11 +169,13 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
 
   virtual void TpmAttestationRegisterKey(
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const Callback& callback) OVERRIDE {
     DBusThreadManager::Get()->GetCryptohomeClient()->
         TpmAttestationRegisterKey(
             key_type,
+            user_id,
             key_name,
             base::Bind(
                 &AsyncMethodCallerImpl::RegisterAsyncCallback,
@@ -182,6 +186,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
 
   virtual void TpmAttestationSignEnterpriseChallenge(
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const std::string& domain,
       const std::string& device_id,
@@ -191,6 +196,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
     DBusThreadManager::Get()->GetCryptohomeClient()->
         TpmAttestationSignEnterpriseChallenge(
             key_type,
+            user_id,
             key_name,
             domain,
             device_id,
@@ -205,12 +211,14 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller {
 
   virtual void TpmAttestationSignSimpleChallenge(
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const std::string& challenge,
       const DataCallback& callback) OVERRIDE {
     DBusThreadManager::Get()->GetCryptohomeClient()->
         TpmAttestationSignSimpleChallenge(
             key_type,
+            user_id,
             key_name,
             challenge,
             base::Bind(
diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h
index e5ca604..be1b0a8 100644
--- a/chromeos/cryptohome/async_method_caller.h
+++ b/chromeos/cryptohome/async_method_caller.h
@@ -115,13 +115,13 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
 
   // Asks cryptohomed to asynchronously create an attestation certificate
   // request according to |certificate_profile|.  Some profiles require that the
-  // |user_email| of the currently active user and an identifier of the
+  // |user_id| of the currently active user and an identifier of the
   // |request_origin| be provided.  On success the data sent to |callback| is a
   // request to be sent to the Privacy CA.  The |request_origin| may be sent to
-  // the Privacy CA but the |user_email| will never be sent.
+  // the Privacy CA but the |user_id| will never be sent.
   virtual void AsyncTpmAttestationCreateCertRequest(
       chromeos::attestation::AttestationCertificateProfile certificate_profile,
-      const std::string& user_email,
+      const std::string& user_id,
       const std::string& request_origin,
       const DataCallback& callback) = 0;
 
@@ -130,17 +130,23 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
   // in PEM format.  |pca_response| is the response to the certificate request
   // emitted by the Privacy CA.  |key_type| determines whether the certified key
   // is to be associated with the current user.  |key_name| is a name for the
-  // key.
+  // key.  If |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise
+  // |user_id| is ignored.  For normal GAIA users the |user_id| is a canonical
+  // email address.
   virtual void AsyncTpmAttestationFinishCertRequest(
       const std::string& pca_response,
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const DataCallback& callback) = 0;
 
   // Asks cryptohomed to asynchronously register the attestation key specified
-  // by |key_type| and |key_name|.
+  // by |key_type| and |key_name|.  If |key_type| is KEY_USER, a |user_id| must
+  // be provided.  Otherwise |user_id| is ignored.  For normal GAIA users the
+  // |user_id| is a canonical email address.
   virtual void TpmAttestationRegisterKey(
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const Callback& callback) = 0;
 
@@ -148,9 +154,12 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
   // key specified by |key_type| and |key_name|.  The |domain| and |device_id|
   // parameters will be included in the challenge response.  |challenge| must be
   // a valid enterprise challenge.  On success, the data sent to |callback| is
-  // the challenge response.
+  // the challenge response.  If |key_type| is KEY_USER, a |user_id| must be
+  // provided.  Otherwise |user_id| is ignored.  For normal GAIA users the
+  // |user_id| is a canonical email address.
   virtual void TpmAttestationSignEnterpriseChallenge(
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const std::string& domain,
       const std::string& device_id,
@@ -161,9 +170,12 @@ class CHROMEOS_EXPORT AsyncMethodCaller {
   // Asks cryptohomed to asynchronously sign a simple challenge with the key
   // specified by |key_type| and |key_name|.  |challenge| can be any arbitrary
   // set of bytes.  On success, the data sent to |callback| is the challenge
-  // response.
+  // response.  If |key_type| is KEY_USER, a |user_id| must be provided.
+  // Otherwise |user_id| is ignored.  For normal GAIA users the |user_id| is a
+  // canonical email address.
   virtual void TpmAttestationSignSimpleChallenge(
       chromeos::attestation::AttestationKeyType key_type,
+      const std::string& user_id,
       const std::string& key_name,
       const std::string& challenge,
       const DataCallback& callback) = 0;
diff --git a/chromeos/cryptohome/mock_async_method_caller.cc b/chromeos/cryptohome/mock_async_method_caller.cc
index dcd59a0..7f54164 100644
--- a/chromeos/cryptohome/mock_async_method_caller.cc
+++ b/chromeos/cryptohome/mock_async_method_caller.cc
@@ -55,22 +55,22 @@ void MockAsyncMethodCaller::SetUp(bool success, MountError return_code) {
       .WillByDefault(
           WithArgs<3>(Invoke(this,
                              &MockAsyncMethodCaller::FakeCreateCertRequest)));
-  ON_CALL(*this, AsyncTpmAttestationFinishCertRequest(_, _, _, _))
+  ON_CALL(*this, AsyncTpmAttestationFinishCertRequest(_, _, _, _, _))
       .WillByDefault(
-          WithArgs<3>(Invoke(this,
+          WithArgs<4>(Invoke(this,
                              &MockAsyncMethodCaller::FakeFinishCertRequest)));
   ON_CALL(*this, AsyncGetSanitizedUsername(_, _))
       .WillByDefault(
           WithArgs<1>(Invoke(this,
                              &MockAsyncMethodCaller::
                                  FakeGetSanitizedUsername)));
-  ON_CALL(*this, TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _))
+  ON_CALL(*this, TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _))
       .WillByDefault(
-          WithArgs<6>(Invoke(this,
+          WithArgs<7>(Invoke(this,
                              &MockAsyncMethodCaller::FakeEnterpriseChallenge)));
-  ON_CALL(*this, TpmAttestationRegisterKey(_, _, _))
+  ON_CALL(*this, TpmAttestationRegisterKey(_, _, _, _))
       .WillByDefault(
-          WithArgs<2>(Invoke(this, &MockAsyncMethodCaller::DoCallback)));
+          WithArgs<3>(Invoke(this, &MockAsyncMethodCaller::DoCallback)));
 }
 
 void MockAsyncMethodCaller::DoCallback(Callback callback) {
diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h
index 8f3796b..e41457a 100644
--- a/chromeos/cryptohome/mock_async_method_caller.h
+++ b/chromeos/cryptohome/mock_async_method_caller.h
@@ -55,29 +55,33 @@ class MockAsyncMethodCaller : public AsyncMethodCaller {
   MOCK_METHOD4(
       AsyncTpmAttestationCreateCertRequest,
       void(chromeos::attestation::AttestationCertificateProfile profile,
-           const std::string& user_email,
+           const std::string& user_id,
            const std::string& request_origin,
            const DataCallback& callback));
-  MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest,
+  MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest,
                void(const std::string& pca_response,
                     chromeos::attestation::AttestationKeyType key_type,
+                    const std::string& user_id,
                     const std::string& key_name,
                     const DataCallback& callback));
-  MOCK_METHOD3(TpmAttestationRegisterKey,
+  MOCK_METHOD4(TpmAttestationRegisterKey,
                void(chromeos::attestation::AttestationKeyType key_type,
+                    const std::string& user_id,
                     const std::string& key_name,
                     const Callback& callback));
-  MOCK_METHOD7(
+  MOCK_METHOD8(
       TpmAttestationSignEnterpriseChallenge,
       void(chromeos::attestation::AttestationKeyType key_type,
+           const std::string& user_id,
            const std::string& key_name,
            const std::string& domain,
            const std::string& device_id,
            chromeos::attestation::AttestationChallengeOptions options,
            const std::string& challenge,
            const DataCallback& callback));
-  MOCK_METHOD4(TpmAttestationSignSimpleChallenge,
+  MOCK_METHOD5(TpmAttestationSignSimpleChallenge,
                void(chromeos::attestation::AttestationKeyType key_type,
+                    const std::string& user_id,
                     const std::string& key_name,
                     const std::string& challenge,
                     const DataCallback& callback));