diff options
author | alemate <alemate@chromium.org> | 2016-03-04 02:39:54 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-04 10:41:09 +0000 |
commit | 627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7 (patch) | |
tree | 5b57e0a8999752be8165706373ba5abfe5851729 /chromeos/cryptohome | |
parent | 0cdae918ae7ffe4d4046027182807b9d99b6b719 (diff) | |
download | chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.zip chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.tar.gz chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.tar.bz2 |
ChromeOS cryptohome should be able to use gaia id as user identifier.
This CL adds support for using Gaia ID as cryptohome identifier.
BUG=462823
TEST=unit tests
Review URL: https://codereview.chromium.org/1693383003
Cr-Commit-Position: refs/heads/master@{#379262}
Diffstat (limited to 'chromeos/cryptohome')
-rw-r--r-- | chromeos/cryptohome/async_method_caller.cc | 171 | ||||
-rw-r--r-- | chromeos/cryptohome/async_method_caller.h | 55 | ||||
-rw-r--r-- | chromeos/cryptohome/cryptohome_parameters.cc | 76 | ||||
-rw-r--r-- | chromeos/cryptohome/cryptohome_parameters.h | 44 | ||||
-rw-r--r-- | chromeos/cryptohome/homedir_methods.cc | 60 | ||||
-rw-r--r-- | chromeos/cryptohome/homedir_methods_unittest.cc | 37 | ||||
-rw-r--r-- | chromeos/cryptohome/mock_async_method_caller.h | 75 |
7 files changed, 287 insertions, 231 deletions
diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc index b95966f..0e033f8 100644 --- a/chromeos/cryptohome/async_method_caller.cc +++ b/chromeos/cryptohome/async_method_caller.cc @@ -10,6 +10,7 @@ #include "base/macros.h" #include "base/single_thread_task_runner.h" #include "base/thread_task_runner_handle.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" using chromeos::DBusThreadManager; @@ -36,51 +37,47 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { ResetAsyncCallStatusHandlers(); } - void AsyncCheckKey(const std::string& user_email, + void AsyncCheckKey(const Identification& cryptohome_id, const std::string& passhash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncCheckKey(user_email, passhash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async check of user's key.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncCheckKey( + cryptohome_id, passhash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async check of user's key.")); } - void AsyncMigrateKey(const std::string& user_email, + void AsyncMigrateKey(const Identification& cryptohome_id, const std::string& old_hash, const std::string& new_hash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMigrateKey(user_email, old_hash, new_hash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate aync migration of user's key")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMigrateKey( + cryptohome_id, old_hash, new_hash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate aync migration of user's key")); } - void AsyncMount(const std::string& user_email, + void AsyncMount(const Identification& cryptohome_id, const std::string& passhash, int flags, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMount(user_email, passhash, flags, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async mount of cryptohome.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMount( + cryptohome_id, passhash, flags, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async mount of cryptohome.")); } - void AsyncAddKey(const std::string& user_email, + void AsyncAddKey(const Identification& cryptohome_id, const std::string& passhash, const std::string& new_passhash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncAddKey(user_email, passhash, new_passhash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async key addition.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncAddKey( + cryptohome_id, passhash, new_passhash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async key addition.")); } void AsyncMountGuest(Callback callback) override { @@ -92,24 +89,23 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { "Couldn't initiate async mount of cryptohome.")); } - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const Identification& public_mount_id, int flags, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMountPublic(public_mount_id, flags, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async mount public of cryptohome.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMountPublic( + public_mount_id, flags, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async mount public of cryptohome.")); } - void AsyncRemove(const std::string& user_email, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncRemove(user_email, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async removal of cryptohome.")); + void AsyncRemove(const Identification& cryptohome_id, + Callback callback) override { + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncRemove( + cryptohome_id, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async removal of cryptohome.")); } void AsyncTpmAttestationCreateEnrollRequest( @@ -137,109 +133,88 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& request_origin, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncTpmAttestationCreateCertRequest( - pca_type, - certificate_profile, - user_id, - request_origin, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->AsyncTpmAttestationCreateCertRequest( + pca_type, certificate_profile, cryptohome_id, request_origin, base::Bind(&AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation cert request.")); } void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncTpmAttestationFinishCertRequest( - pca_response, - key_type, - user_id, - key_name, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->AsyncTpmAttestationFinishCertRequest( + pca_response, key_type, cryptohome_id, key_name, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation finish cert request.")); } void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const Callback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationRegisterKey( - key_type, - user_id, - key_name, - base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async attestation register key.")); + DBusThreadManager::Get()->GetCryptohomeClient()->TpmAttestationRegisterKey( + key_type, cryptohome_id, key_name, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async attestation register key.")); } void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationSignEnterpriseChallenge( - key_type, - user_id, - key_name, - domain, - device_id, - options, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->TpmAttestationSignEnterpriseChallenge( + key_type, cryptohome_id, key_name, domain, device_id, options, challenge, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation enterprise challenge.")); } void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationSignSimpleChallenge( - key_type, - user_id, - key_name, - challenge, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->TpmAttestationSignSimpleChallenge( + key_type, cryptohome_id, key_name, challenge, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation simple challenge.")); } - void AsyncGetSanitizedUsername(const std::string& user, + void AsyncGetSanitizedUsername(const Identification& cryptohome_id, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - GetSanitizedUsername(user, - base::Bind( - &AsyncMethodCallerImpl::GetSanitizedUsernameCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + DBusThreadManager::Get()->GetCryptohomeClient()->GetSanitizedUsername( + cryptohome_id, + base::Bind(&AsyncMethodCallerImpl::GetSanitizedUsernameCallback, + weak_ptr_factory_.GetWeakPtr(), callback)); } virtual void GetSanitizedUsernameCallback( diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h index 374da45..098c687 100644 --- a/chromeos/cryptohome/async_method_caller.h +++ b/chromeos/cryptohome/async_method_caller.h @@ -15,6 +15,8 @@ namespace cryptohome { +class Identification; + // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome // since there is already a namespace ::cryptohome which holds the error code // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome @@ -40,45 +42,45 @@ class CHROMEOS_EXPORT AsyncMethodCaller { virtual ~AsyncMethodCaller() {} // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then use |passhash| to unlock the key. + // |user_id| and then use |passhash| to unlock the key. // |callback| will be called with status info on completion. - virtual void AsyncCheckKey(const std::string& user_email, + virtual void AsyncCheckKey(const Identification& user_id, const std::string& passhash, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then change from using |old_hash| to lock the + // |user_id| and then change from using |old_hash| to lock the // key to using |new_hash|. // |callback| will be called with status info on completion. - virtual void AsyncMigrateKey(const std::string& user_email, + virtual void AsyncMigrateKey(const Identification& user_id, const std::string& old_hash, const std::string& new_hash, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then mount it using |passhash| to unlock the key. + // |user_id| and then mount it using |passhash| to unlock the key. // The |flags| are a combination of |MountFlags|: // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create // a new cryptohome if one does not exist yet for - // |user_email|. + // |user_id|. // * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by // tmpfs. If |false|, the ephemeral users policy decides // whether tmpfs or an encrypted directory is used as the // backend. // |callback| will be called with status info on completion. // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists - // for |user_email|, the expected result is + // for |user_id|, the expected result is // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise, // the normal range of return codes is expected. - virtual void AsyncMount(const std::string& user_email, + virtual void AsyncMount(const Identification& user_id, const std::string& passhash, int flags, Callback callback) = 0; // Asks cryptohomed to asynchronously try to add another |new_passhash| for - // |user_email| using |passhash| to unlock the key. + // |user_id| using |passhash| to unlock the key. // |callback| will be called with status info on completion. - virtual void AsyncAddKey(const std::string& user_email, + virtual void AsyncAddKey(const Identification& user_id, const std::string& passhash, const std::string& new_passhash, Callback callback) = 0; @@ -91,13 +93,13 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // |public_mount_id| and then mount it using a passhash derived from // |public_mount_id| and a secret. See AsyncMount for possible values for // |flags|. - virtual void AsyncMountPublic(const std::string& public_mount_id, + virtual void AsyncMountPublic(const Identification& public_mount_id, int flags, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then nuke it. - virtual void AsyncRemove(const std::string& user_email, + // |user_id| and then nuke it. + virtual void AsyncRemove(const Identification& user_id, Callback callback) = 0; // Asks cryptohomed to asynchronously create an attestation enrollment @@ -125,7 +127,7 @@ class CHROMEOS_EXPORT AsyncMethodCaller { virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const Identification& user_id, const std::string& request_origin, const DataCallback& callback) = 0; @@ -135,22 +137,22 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // emitted by the Privacy CA. |key_type| determines whether the certified key // is to be associated with the current user. |key_name| is a name for the // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // |user_id| is ignored. For normal GAIA users the |user_id| is + // a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const DataCallback& callback) = 0; // Asks cryptohomed to asynchronously register the attestation key specified // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must // be provided. Otherwise |user_id| is ignored. For normal GAIA users the - // |user_id| is a canonical email address. + // |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const Callback& callback) = 0; @@ -160,10 +162,10 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // a valid enterprise challenge. On success, the data sent to |callback| is // the challenge response. If |key_type| is KEY_USER, a |user_id| must be // provided. Otherwise |user_id| is ignored. For normal GAIA users the - // |user_id| is a canonical email address. + // |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -176,20 +178,19 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // set of bytes. On success, the data sent to |callback| is the challenge // response. If |key_type| is KEY_USER, a |user_id| must be provided. // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) = 0; // Asks cryptohome to asynchronously retrieve a string associated with given - // |user| that would be used in mount path instead of |user|. + // |user_id| that would be used in mount path instead of |user_id|. // On success the data is sent to |callback|. - virtual void AsyncGetSanitizedUsername( - const std::string& user, - const DataCallback& callback) = 0; + virtual void AsyncGetSanitizedUsername(const Identification& user_id, + const DataCallback& callback) = 0; // Creates the global AsyncMethodCaller instance. static void Initialize(); diff --git a/chromeos/cryptohome/cryptohome_parameters.cc b/chromeos/cryptohome/cryptohome_parameters.cc index c484947..5aa8857 100644 --- a/chromeos/cryptohome/cryptohome_parameters.cc +++ b/chromeos/cryptohome/cryptohome_parameters.cc @@ -8,14 +8,67 @@ #include <stdint.h> #include "chromeos/dbus/cryptohome/key.pb.h" +#include "components/signin/core/account_id/account_id.h" +#include "components/user_manager/known_user.h" namespace cryptohome { +namespace { -Identification::Identification(const std::string& user_id) : user_id(user_id) { +// Subsystem name for GaiaId migration status. +const char kCryptohome[] = "cryptohome"; + +const std::string GetCryptohomeId(const AccountId& account_id) { + // Guest/kiosk/managed/public accounts have empty GaiaId. Default to email. + if (account_id.GetGaiaId().empty()) + return account_id.GetUserEmail(); // Migrated + + if (GetGaiaIdMigrationStatus(account_id)) + return account_id.GetGaiaIdKey(); + + return account_id.GetUserEmail(); // Migrated +} + +} // anonymous namespace + +Identification::Identification() {} + +Identification::Identification(const AccountId& account_id) + : id_(GetCryptohomeId(account_id)) {} + +Identification::Identification(const std::string& id) : id_(id) {} + +Identification Identification::FromString(const std::string& id) { + return Identification(id); } bool Identification::operator==(const Identification& other) const { - return user_id == other.user_id; + return id_ == other.id_; +} + +bool Identification::operator<(const Identification& right) const { + return id_ < right.id_; +} + +AccountId Identification::GetAccountId() const { + const std::vector<AccountId> known_account_ids = + user_manager::known_user::GetKnownAccountIds(); + + // A LOT of tests start with --login_user <user>, and not registing this user + // before. So we might have "known_user" entry without gaia_id. + for (const AccountId& known_id : known_account_ids) { + if (!known_id.GetGaiaId().empty() && known_id.GetGaiaIdKey() == id_) { + return known_id; + } + } + + for (const AccountId& known_id : known_account_ids) { + if (known_id.GetUserEmail() == id_) { + return known_id; + } + } + + return user_manager::known_user::GetAccountId(id_, + std::string() /* gaia_id */); } KeyDefinition::AuthorizationData::Secret::Secret() : encrypt(false), @@ -183,4 +236,23 @@ bool MountParameters::operator==(const MountParameters& other) const { MountParameters::~MountParameters() { } +bool GetGaiaIdMigrationStatus(const AccountId& account_id) { + return user_manager::known_user::GetGaiaIdMigrationStatus(account_id, + kCryptohome); +} + +void SetGaiaIdMigrationStatusDone(const AccountId& account_id) { + user_manager::known_user::SetGaiaIdMigrationStatusDone(account_id, + kCryptohome); +} + } // namespace cryptohome + +namespace BASE_HASH_NAMESPACE { + +std::size_t hash<cryptohome::Identification>::operator()( + const cryptohome::Identification& cryptohome_id) const { + return hash<std::string>()(cryptohome_id.id()); +} + +} // namespace BASE_HASH_NAMESPACE diff --git a/chromeos/cryptohome/cryptohome_parameters.h b/chromeos/cryptohome/cryptohome_parameters.h index 3738b56..2037b21 100644 --- a/chromeos/cryptohome/cryptohome_parameters.h +++ b/chromeos/cryptohome/cryptohome_parameters.h @@ -10,9 +10,12 @@ #include <string> #include <vector> +#include "base/containers/hash_tables.h" #include "base/memory/scoped_ptr.h" #include "chromeos/chromeos_export.h" +class AccountId; + namespace cryptohome { enum AuthKeyPrivileges { @@ -25,12 +28,28 @@ enum AuthKeyPrivileges { }; // Identification of the user calling cryptohome method. -struct CHROMEOS_EXPORT Identification { - explicit Identification(const std::string& user_id); +class CHROMEOS_EXPORT Identification { + public: + Identification(); + + explicit Identification(const AccountId& account_id); bool operator==(const Identification& other) const; - std::string user_id; + // This method should be used for migration purpose only. + static Identification FromString(const std::string& id); + + // Look up known user and return its AccountId. + AccountId GetAccountId() const; + + const std::string& id() const { return id_; } + + bool operator<(const Identification& right) const; + + private: + explicit Identification(const std::string&); + + std::string id_; }; // Definition of the key (e.g. password) for the cryptohome. @@ -145,6 +164,25 @@ class CHROMEOS_EXPORT MountParameters { std::vector<KeyDefinition> create_keys; }; +// This function returns true if cryptohome of |account_id| is migrated to +// gaiaId-based identifier (AccountId::GetGaiaIdKey()). +bool GetGaiaIdMigrationStatus(const AccountId& account_id); + +// This function marks |account_id| cryptohome migrated to gaiaId-based +// identifier (AccountId::GetGaiaIdKey()). +void SetGaiaIdMigrationStatusDone(const AccountId& account_id); + } // namespace cryptohome +namespace BASE_HASH_NAMESPACE { + +// Implement hashing of cryptohome::Identification, so it can be used as a key +// in STL containers. +template <> +struct hash<cryptohome::Identification> { + std::size_t operator()(const cryptohome::Identification& cryptohome_id) const; +}; + +} // namespace BASE_HASH_NAMESPACE + #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ diff --git a/chromeos/cryptohome/homedir_methods.cc b/chromeos/cryptohome/homedir_methods.cc index 8413c72..81bf153 100644 --- a/chromeos/cryptohome/homedir_methods.cc +++ b/chromeos/cryptohome/homedir_methods.cc @@ -95,12 +95,6 @@ void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) { } } -// Fill identification protobuffer. -void FillIdentificationProtobuf(const Identification& id, - cryptohome::AccountIdentifier* id_proto) { - id_proto->set_email(id.user_id); -} - // Fill authorization protobuffer. void FillAuthorizationProtobuf(const Authorization& auth, cryptohome::AuthorizationRequest* auth_proto) { @@ -183,50 +177,38 @@ class HomedirMethodsImpl : public HomedirMethods { void GetKeyDataEx(const Identification& id, const std::string& label, const GetKeyDataCallback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest kEmptyAuthProto; cryptohome::GetKeyDataRequest request; - FillIdentificationProtobuf(id, &id_proto); request.mutable_key()->mutable_data()->set_label(label); DBusThreadManager::Get()->GetCryptohomeClient()->GetKeyDataEx( - id_proto, - kEmptyAuthProto, - request, + id, kEmptyAuthProto, request, base::Bind(&HomedirMethodsImpl::OnGetKeyDataExCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void CheckKeyEx(const Identification& id, const Authorization& auth, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::CheckKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); DBusThreadManager::Get()->GetCryptohomeClient()->CheckKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void MountEx(const Identification& id, const Authorization& auth, const MountParameters& request, const MountCallback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::MountRequest request_proto; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); if (request.ephemeral) @@ -239,12 +221,9 @@ class HomedirMethodsImpl : public HomedirMethods { } DBusThreadManager::Get()->GetCryptohomeClient()->MountEx( - id_proto, - auth_proto, - request_proto, + id, auth_proto, request_proto, base::Bind(&HomedirMethodsImpl::OnMountExCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void AddKeyEx(const Identification& id, @@ -252,43 +231,33 @@ class HomedirMethodsImpl : public HomedirMethods { const KeyDefinition& new_key, bool clobber_if_exists, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::AddKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); FillKeyProtobuf(new_key, request.mutable_key()); request.set_clobber_if_exists(clobber_if_exists); DBusThreadManager::Get()->GetCryptohomeClient()->AddKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void RemoveKeyEx(const Identification& id, const Authorization& auth, const std::string& label, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::RemoveKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); request.mutable_key()->mutable_data()->set_label(label); DBusThreadManager::Get()->GetCryptohomeClient()->RemoveKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void UpdateKeyEx(const Identification& id, @@ -296,22 +265,17 @@ class HomedirMethodsImpl : public HomedirMethods { const KeyDefinition& new_key, const std::string& signature, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::UpdateKeyRequest pb_update_key; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); FillKeyProtobuf(new_key, pb_update_key.mutable_changes()); pb_update_key.set_authorization_signature(signature); DBusThreadManager::Get()->GetCryptohomeClient()->UpdateKeyEx( - id_proto, - auth_proto, - pb_update_key, + id, auth_proto, pb_update_key, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } private: diff --git a/chromeos/cryptohome/homedir_methods_unittest.cc b/chromeos/cryptohome/homedir_methods_unittest.cc index 19b039d..8343fa1 100644 --- a/chromeos/cryptohome/homedir_methods_unittest.cc +++ b/chromeos/cryptohome/homedir_methods_unittest.cc @@ -17,6 +17,7 @@ #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/mock_cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -36,6 +37,10 @@ MATCHER_P(EqualsProto, expected_proto, "") { return actual_value == expected_value; } +MATCHER_P(EqualsIdentification, expected_identification, "") { + return arg == expected_identification; +} + } // namespace const char kUserID[] = "user@example.com"; @@ -68,7 +73,7 @@ class HomedirMethodsTest : public testing::Test { chromeos::MockCryptohomeClient* cryptohome_client_; // The reply that |cryptohome_client_| will make. - cryptohome::BaseReply cryptohome_reply_; + BaseReply cryptohome_reply_; // The results of the most recent |HomedirMethods| method call. bool success_; @@ -119,25 +124,22 @@ void HomedirMethodsTest::StoreGetKeyDataExResult( // Verifies that the result of a GetKeyDataEx() call is correctly parsed. TEST_F(HomedirMethodsTest, GetKeyDataEx) { - AccountIdentifier expected_id; - expected_id.set_email(kUserID); - const cryptohome::AuthorizationRequest expected_auth; - cryptohome::GetKeyDataRequest expected_request; - expected_request.mutable_key()->mutable_data()->set_label(kKeyLabel); + const Identification expected_id(AccountId::FromUserEmail(kUserID)); + const AuthorizationRequest expected_auth; + GetKeyDataRequest expected_request; + expected_request.mutable_key()->mutable_data()->set_label(kKeyLabel); EXPECT_CALL(*cryptohome_client_, - GetKeyDataEx(EqualsProto(expected_id), + GetKeyDataEx(EqualsIdentification(expected_id), EqualsProto(expected_auth), - EqualsProto(expected_request), - _)) + EqualsProto(expected_request), _)) .Times(1) - .WillOnce(WithArg<3>(Invoke( - this, - &HomedirMethodsTest::RunProtobufMethodCallback))); + .WillOnce(WithArg<3>( + Invoke(this, &HomedirMethodsTest::RunProtobufMethodCallback))); // Set up the reply that |cryptohome_client_| will make. - cryptohome::GetKeyDataReply* reply = - cryptohome_reply_.MutableExtension(cryptohome::GetKeyDataReply::reply); + GetKeyDataReply* reply = + cryptohome_reply_.MutableExtension(GetKeyDataReply::reply); KeyData* key_data = reply->add_key_data(); key_data->set_type(KeyData::KEY_TYPE_PASSWORD); key_data->set_label(kKeyLabel); @@ -155,10 +157,9 @@ TEST_F(HomedirMethodsTest, GetKeyDataEx) { // Call GetKeyDataEx(). HomedirMethods::GetInstance()->GetKeyDataEx( - Identification(kUserID), - kKeyLabel, - base::Bind(&HomedirMethodsTest::StoreGetKeyDataExResult, - base::Unretained(this))); + Identification(AccountId::FromUserEmail(kUserID)), kKeyLabel, + base::Bind(&HomedirMethodsTest::StoreGetKeyDataExResult, + base::Unretained(this))); // Verify that the call was successful and the result was correctly parsed. EXPECT_TRUE(success_); diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h index 97ead2f..2a3c3b0 100644 --- a/chromeos/cryptohome/mock_async_method_caller.h +++ b/chromeos/cryptohome/mock_async_method_caller.h @@ -10,6 +10,7 @@ #include "base/callback.h" #include "base/macros.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "testing/gmock/include/gmock/gmock.h" namespace cryptohome { @@ -27,27 +28,32 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { void SetUp(bool success, MountError return_code); - MOCK_METHOD3(AsyncCheckKey, void(const std::string& user_email, - const std::string& passhash, - Callback callback)); - MOCK_METHOD4(AsyncMigrateKey, void(const std::string& user_email, - const std::string& old_hash, - const std::string& new_hash, - Callback callback)); - MOCK_METHOD4(AsyncMount, void(const std::string& user_email, - const std::string& passhash, - int flags, - Callback callback)); - MOCK_METHOD4(AsyncAddKey, void(const std::string& user_email, - const std::string& passhash, - const std::string& new_key, - Callback callback)); + MOCK_METHOD3(AsyncCheckKey, + void(const Identification& user_id, + const std::string& passhash, + Callback callback)); + MOCK_METHOD4(AsyncMigrateKey, + void(const Identification& user_id, + const std::string& old_hash, + const std::string& new_hash, + Callback callback)); + MOCK_METHOD4(AsyncMount, + void(const Identification& user_id, + const std::string& passhash, + int flags, + Callback callback)); + MOCK_METHOD4(AsyncAddKey, + void(const Identification& user_id, + const std::string& passhash, + const std::string& new_key, + Callback callback)); MOCK_METHOD1(AsyncMountGuest, void(Callback callback)); - MOCK_METHOD3(AsyncMountPublic, void(const std::string& public_mount_id, - int flags, - Callback callback)); - MOCK_METHOD2(AsyncRemove, void(const std::string& user_email, - Callback callback)); + MOCK_METHOD3(AsyncMountPublic, + void(const Identification& public_mount_id, + int flags, + Callback callback)); + MOCK_METHOD2(AsyncRemove, + void(const Identification& user_id, Callback callback)); MOCK_METHOD2(AsyncTpmAttestationCreateEnrollRequest, void(chromeos::attestation::PrivacyCAType pca_type, const DataCallback& callback)); @@ -59,38 +65,37 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { AsyncTpmAttestationCreateCertRequest, void(chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile profile, - const std::string& user_id, + const Identification& user_id, const std::string& request_origin, const DataCallback& callback)); MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const DataCallback& callback)); MOCK_METHOD4(TpmAttestationRegisterKey, void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const Callback& callback)); - MOCK_METHOD8( - TpmAttestationSignEnterpriseChallenge, - void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const std::string& domain, - const std::string& device_id, - chromeos::attestation::AttestationChallengeOptions options, - const std::string& challenge, - const DataCallback& callback)); + MOCK_METHOD8(TpmAttestationSignEnterpriseChallenge, + void(chromeos::attestation::AttestationKeyType key_type, + const Identification& user_id, + const std::string& key_name, + const std::string& domain, + const std::string& device_id, + chromeos::attestation::AttestationChallengeOptions options, + const std::string& challenge, + const DataCallback& callback)); MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback)); MOCK_METHOD2(AsyncGetSanitizedUsername, - void(const std::string& user, + void(const Identification& user_id, const DataCallback& callback)); private: |