diff options
| author | alemate <alemate@chromium.org> | 2016-03-04 02:39:54 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-04 10:41:09 +0000 |
| commit | 627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7 (patch) | |
| tree | 5b57e0a8999752be8165706373ba5abfe5851729 /chromeos | |
| parent | 0cdae918ae7ffe4d4046027182807b9d99b6b719 (diff) | |
| download | chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.zip chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.tar.gz chromium_src-627f65303a4a1a6b4d1beb62c9ea5b6ed5affda7.tar.bz2 | |
ChromeOS cryptohome should be able to use gaia id as user identifier.
This CL adds support for using Gaia ID as cryptohome identifier.
BUG=462823
TEST=unit tests
Review URL: https://codereview.chromium.org/1693383003
Cr-Commit-Position: refs/heads/master@{#379262}
Diffstat (limited to 'chromeos')
42 files changed, 903 insertions, 835 deletions
diff --git a/chromeos/BUILD.gn b/chromeos/BUILD.gn index 8ab2c15..b7203f0 100644 --- a/chromeos/BUILD.gn +++ b/chromeos/BUILD.gn @@ -35,6 +35,7 @@ component("chromeos") { "//components/prefs", "//components/proxy_config", "//components/signin/core/account_id", + "//components/user_manager", "//crypto", "//crypto:platform", "//google_apis", @@ -149,6 +150,7 @@ test("chromeos_unittests") { "//components/onc", "//components/prefs:test_support", "//components/proxy_config", + "//components/signin/core/account_id", "//crypto", "//crypto:test_support", "//dbus:test_support", diff --git a/chromeos/DEPS b/chromeos/DEPS index f55569a..26aba31 100644 --- a/chromeos/DEPS +++ b/chromeos/DEPS @@ -4,6 +4,8 @@ include_rules = [ "+components/device_event_log", "+components/prefs", + "+components/signin/core/account_id/account_id.h", + "+components/user_manager/known_user.h", "+crypto", "+net", "+policy/proto", diff --git a/chromeos/attestation/attestation_flow.cc b/chromeos/attestation/attestation_flow.cc index ec2b12e..ea4c771 100644 --- a/chromeos/attestation/attestation_flow.cc +++ b/chromeos/attestation/attestation_flow.cc @@ -8,7 +8,9 @@ #include "base/bind.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" namespace chromeos { namespace attestation { @@ -97,20 +99,15 @@ AttestationFlow::~AttestationFlow() { void AttestationFlow::GetCertificate( AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const CertificateCallback& callback) { // If this device has not enrolled with the Privacy CA, we need to do that // first. Once enrolled we can proceed with the certificate request. base::Closure do_cert_request = base::Bind( - &AttestationFlow::StartCertificateRequest, - weak_factory_.GetWeakPtr(), - certificate_profile, - user_id, - request_origin, - force_new_key, - callback); + &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), + certificate_profile, account_id, request_origin, force_new_key, callback); base::Closure on_enroll_failure = base::Bind(callback, false, ""); base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, weak_factory_.GetWeakPtr(), @@ -194,7 +191,7 @@ void AttestationFlow::OnEnrollComplete(const base::Closure& on_failure, void AttestationFlow::StartCertificateRequest( AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool generate_new_key, const CertificateCallback& callback) { @@ -204,49 +201,31 @@ void AttestationFlow::StartCertificateRequest( if (generate_new_key) { // Get the attestation service to create a Privacy CA certificate request. async_caller_->AsyncTpmAttestationCreateCertRequest( - server_proxy_->GetType(), - certificate_profile, - user_id, - request_origin, + server_proxy_->GetType(), certificate_profile, + cryptohome::Identification(account_id), request_origin, base::Bind(&AttestationFlow::SendCertificateRequestToPCA, - weak_factory_.GetWeakPtr(), - key_type, - user_id, - key_name, + weak_factory_.GetWeakPtr(), key_type, account_id, key_name, callback)); } else { // If the key already exists, query the existing certificate. base::Closure on_key_exists = base::Bind( - &AttestationFlow::GetExistingCertificate, - weak_factory_.GetWeakPtr(), - key_type, - user_id, - key_name, - callback); + &AttestationFlow::GetExistingCertificate, weak_factory_.GetWeakPtr(), + key_type, account_id, key_name, callback); // If the key does not exist, call this method back with |generate_new_key| // set to true. base::Closure on_key_not_exists = base::Bind( - &AttestationFlow::StartCertificateRequest, - weak_factory_.GetWeakPtr(), - certificate_profile, - user_id, - request_origin, - true, - callback); + &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), + certificate_profile, account_id, request_origin, true, callback); cryptohome_client_->TpmAttestationDoesKeyExist( - key_type, - user_id, - key_name, - base::Bind(&DBusBoolRedirectCallback, - on_key_exists, - on_key_not_exists, - base::Bind(callback, false, ""))); + key_type, cryptohome::Identification(account_id), key_name, + base::Bind(&DBusBoolRedirectCallback, on_key_exists, on_key_not_exists, + base::Bind(callback, false, ""))); } } void AttestationFlow::SendCertificateRequestToPCA( AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -260,18 +239,14 @@ void AttestationFlow::SendCertificateRequestToPCA( // Send the request to the Privacy CA. server_proxy_->SendCertificateRequest( - data, - base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, - weak_factory_.GetWeakPtr(), - key_type, - user_id, - key_name, - callback)); + data, base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, + weak_factory_.GetWeakPtr(), key_type, account_id, + key_name, callback)); } void AttestationFlow::SendCertificateResponseToDaemon( AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -284,22 +259,18 @@ void AttestationFlow::SendCertificateResponseToDaemon( } // Forward the response to the attestation service to complete the operation. - async_caller_->AsyncTpmAttestationFinishCertRequest(data, - key_type, - user_id, - key_name, - base::Bind(callback)); + async_caller_->AsyncTpmAttestationFinishCertRequest( + data, key_type, cryptohome::Identification(account_id), key_name, + base::Bind(callback)); } void AttestationFlow::GetExistingCertificate( AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback) { cryptohome_client_->TpmAttestationGetCertificate( - key_type, - user_id, - key_name, + key_type, cryptohome::Identification(account_id), key_name, base::Bind(&DBusDataMethodCallback, callback)); } diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h index 7dd575b..373f6dd 100644 --- a/chromeos/attestation/attestation_flow.h +++ b/chromeos/attestation/attestation_flow.h @@ -16,6 +16,8 @@ #include "chromeos/dbus/dbus_method_call_status.h" #include "third_party/cros_system_api/dbus/service_constants.h" +class AccountId; + namespace cryptohome { class AsyncMethodCaller; @@ -69,9 +71,8 @@ class CHROMEOS_EXPORT AttestationFlow { // Parameters // certificate_profile - Specifies what kind of certificate should be // requested from the CA. - // user_id - Identifies the currently active user. For normal GAIA users - // this is a canonical email address. This is ignored when using - // the enterprise machine cert profile. + // account_id - Identifies the currently active user. This is ignored when + // using the enterprise machine cert profile. // request_origin - For content protection profiles, certificate requests // are origin-specific. This string must uniquely identify // the origin of the request. @@ -82,7 +83,7 @@ class CHROMEOS_EXPORT AttestationFlow { // On success |result| will be true and |data| will contain the // PCA-issued certificate chain in PEM format. virtual void GetCertificate(AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool force_new_key, const CertificateCallback& callback); @@ -143,13 +144,13 @@ class CHROMEOS_EXPORT AttestationFlow { // Parameters // certificate_profile - Specifies what kind of certificate should be // requested from the CA. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // request_origin - An identifier for the origin of this request. // generate_new_key - If set to true a new key is generated. // callback - Called when the operation completes. void StartCertificateRequest( const AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const AccountId& account_id, const std::string& request_origin, bool generate_new_key, const CertificateCallback& callback); @@ -160,13 +161,13 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of request creation. // data - The request data for the Privacy CA. void SendCertificateRequestToPCA(AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -178,13 +179,13 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of the Privacy CA operation. // data - The response data from the Privacy CA. void SendCertificateResponseToDaemon(AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -194,11 +195,11 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. - // user_id - Identifies the active user. + // account_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. void GetExistingCertificate(AttestationKeyType key_type, - const std::string& user_id, + const AccountId& account_id, const std::string& key_name, const CertificateCallback& callback); diff --git a/chromeos/attestation/attestation_flow_unittest.cc b/chromeos/attestation/attestation_flow_unittest.cc index 99b98bd..2e12184 100644 --- a/chromeos/attestation/attestation_flow_unittest.cc +++ b/chromeos/attestation/attestation_flow_unittest.cc @@ -8,8 +8,10 @@ #include "base/memory/scoped_ptr.h" #include "base/run_loop.h" #include "chromeos/attestation/mock_attestation_flow.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/cryptohome/mock_async_method_caller.h" #include "chromeos/dbus/mock_cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -105,13 +107,13 @@ TEST_F(AttestationFlowTest, GetCertificate) { .Times(1) .InSequence(flow_order); - EXPECT_CALL( - async_caller, - AsyncTpmAttestationCreateCertRequest(_, - PROFILE_ENTERPRISE_USER_CERTIFICATE, - "fake@test.com", "fake_origin", _)) - .Times(1) - .InSequence(flow_order); + const AccountId account_id = AccountId::FromUserEmail("fake@test.com"); + EXPECT_CALL(async_caller, + AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(account_id), "fake_origin", _)) + .Times(1) + .InSequence(flow_order); EXPECT_CALL(*proxy, SendCertificateRequest( cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest, @@ -121,12 +123,10 @@ TEST_F(AttestationFlowTest, GetCertificate) { std::string fake_cert_response = cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; fake_cert_response += "_response"; - EXPECT_CALL(async_caller, - AsyncTpmAttestationFinishCertRequest(fake_cert_response, - KEY_USER, - "fake@test.com", - kEnterpriseUserKey, - _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest( + fake_cert_response, KEY_USER, + cryptohome::Identification(account_id), + kEnterpriseUserKey, _)) .Times(1) .InSequence(flow_order); @@ -142,7 +142,7 @@ TEST_F(AttestationFlowTest, GetCertificate) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "fake@test.com", + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, account_id, "fake_origin", true, mock_callback); Run(); } @@ -170,8 +170,8 @@ TEST_F(AttestationFlowTest, GetCertificate_NoEK) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } @@ -201,8 +201,8 @@ TEST_F(AttestationFlowTest, GetCertificate_EKRejected) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } @@ -237,27 +237,25 @@ TEST_F(AttestationFlowTest, GetCertificate_FailEnroll) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); std::string fake_cert_response = cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; fake_cert_response += "_response"; EXPECT_CALL(async_caller, - AsyncTpmAttestationFinishCertRequest(fake_cert_response, - KEY_DEVICE, - "", - kEnterpriseMachineKey, - _)) + AsyncTpmAttestationFinishCertRequest( + fake_cert_response, KEY_DEVICE, cryptohome::Identification(), + kEnterpriseMachineKey, _)) .Times(1); chromeos::MockCryptohomeClient client; @@ -281,17 +279,17 @@ TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, EmptyAccountId(), + "", true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(false, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); chromeos::MockCryptohomeClient client; @@ -310,17 +308,17 @@ TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); chromeos::MockCryptohomeClient client; @@ -342,8 +340,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } @@ -367,34 +365,33 @@ TEST_F(AttestationFlowTest, GetCertificate_FailIsEnrolled) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest( - _, PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", _)) + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest( + _, PROFILE_ENTERPRISE_USER_CERTIFICATE, + cryptohome::Identification(), "", _)) .Times(1); std::string fake_cert_response = cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; fake_cert_response += "_response"; EXPECT_CALL(async_caller, - AsyncTpmAttestationFinishCertRequest(fake_cert_response, - KEY_USER, - "", - kEnterpriseUserKey, - _)) + AsyncTpmAttestationFinishCertRequest(fake_cert_response, KEY_USER, + cryptohome::Identification(), + kEnterpriseUserKey, _)) .Times(1); chromeos::MockCryptohomeClient client; EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) .WillRepeatedly(Invoke(DBusCallbackTrue)); EXPECT_CALL(client, - TpmAttestationDoesKeyExist(KEY_USER, "", kEnterpriseUserKey, _)) + TpmAttestationDoesKeyExist(KEY_USER, cryptohome::Identification(), + kEnterpriseUserKey, _)) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); scoped_ptr<MockServerProxy> proxy(new StrictMock<MockServerProxy>()); @@ -414,8 +411,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", false, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + false, mock_callback); Run(); } @@ -427,10 +424,12 @@ TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) { EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) .WillRepeatedly(Invoke(DBusCallbackTrue)); EXPECT_CALL(client, - TpmAttestationDoesKeyExist(KEY_USER, "", kEnterpriseUserKey, _)) + TpmAttestationDoesKeyExist(KEY_USER, cryptohome::Identification(), + kEnterpriseUserKey, _)) .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackTrue))); - EXPECT_CALL(client, - TpmAttestationGetCertificate(KEY_USER, "", kEnterpriseUserKey, _)) + EXPECT_CALL(client, TpmAttestationGetCertificate(KEY_USER, + cryptohome::Identification(), + kEnterpriseUserKey, _)) .WillRepeatedly(WithArgs<3>(Invoke(FakeDBusData("fake_cert")))); // We're not expecting any server calls in this case; StrictMock will verify. @@ -445,8 +444,8 @@ TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", false, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + false, mock_callback); Run(); } @@ -480,8 +479,8 @@ TEST_F(AttestationFlowTest, AlternatePCA) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, std::move(proxy_interface)); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "", "", true, - mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, EmptyAccountId(), "", + true, mock_callback); Run(); } diff --git a/chromeos/attestation/mock_attestation_flow.cc b/chromeos/attestation/mock_attestation_flow.cc index 4b10975..72be828 100644 --- a/chromeos/attestation/mock_attestation_flow.cc +++ b/chromeos/attestation/mock_attestation_flow.cc @@ -5,6 +5,7 @@ #include "chromeos/attestation/mock_attestation_flow.h" #include "base/memory/scoped_ptr.h" +#include "components/signin/core/account_id/account_id.h" using testing::_; using testing::DefaultValue; diff --git a/chromeos/attestation/mock_attestation_flow.h b/chromeos/attestation/mock_attestation_flow.h index fad04f0..d64548e 100644 --- a/chromeos/attestation/mock_attestation_flow.h +++ b/chromeos/attestation/mock_attestation_flow.h @@ -11,6 +11,8 @@ #include "base/macros.h" #include "testing/gmock/include/gmock/gmock.h" +class AccountId; + namespace chromeos { namespace attestation { @@ -66,11 +68,12 @@ class MockAttestationFlow : public AttestationFlow { MockAttestationFlow(); virtual ~MockAttestationFlow(); - MOCK_METHOD5(GetCertificate, void(AttestationCertificateProfile, - const std::string&, - const std::string&, - bool, - const CertificateCallback&)); + MOCK_METHOD5(GetCertificate, + void(AttestationCertificateProfile, + const AccountId& account_id, + const std::string&, + bool, + const CertificateCallback&)); }; } // namespace attestation diff --git a/chromeos/chromeos.gyp b/chromeos/chromeos.gyp index c0f9ab5..9b76232 100644 --- a/chromeos/chromeos.gyp +++ b/chromeos/chromeos.gyp @@ -518,6 +518,7 @@ '../components/components.gyp:device_event_log_component', '../components/components.gyp:onc_component', '../components/components.gyp:proxy_config', + '../components/components.gyp:user_manager', '../components/components.gyp:signin_core_account_id', '../components/prefs/prefs.gyp:prefs', '../crypto/crypto.gyp:crypto', @@ -650,6 +651,7 @@ '../build/linux/system.gyp:ssl', '../components/components.gyp:onc_component', '../components/components.gyp:proxy_config', + '../components/components.gyp:signin_core_account_id', '../components/prefs/prefs.gyp:prefs_test_support', '../crypto/crypto.gyp:crypto', '../crypto/crypto.gyp:crypto_test_support', diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc index b95966f..0e033f8 100644 --- a/chromeos/cryptohome/async_method_caller.cc +++ b/chromeos/cryptohome/async_method_caller.cc @@ -10,6 +10,7 @@ #include "base/macros.h" #include "base/single_thread_task_runner.h" #include "base/thread_task_runner_handle.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/dbus_thread_manager.h" using chromeos::DBusThreadManager; @@ -36,51 +37,47 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { ResetAsyncCallStatusHandlers(); } - void AsyncCheckKey(const std::string& user_email, + void AsyncCheckKey(const Identification& cryptohome_id, const std::string& passhash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncCheckKey(user_email, passhash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async check of user's key.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncCheckKey( + cryptohome_id, passhash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async check of user's key.")); } - void AsyncMigrateKey(const std::string& user_email, + void AsyncMigrateKey(const Identification& cryptohome_id, const std::string& old_hash, const std::string& new_hash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMigrateKey(user_email, old_hash, new_hash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate aync migration of user's key")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMigrateKey( + cryptohome_id, old_hash, new_hash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate aync migration of user's key")); } - void AsyncMount(const std::string& user_email, + void AsyncMount(const Identification& cryptohome_id, const std::string& passhash, int flags, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMount(user_email, passhash, flags, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async mount of cryptohome.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMount( + cryptohome_id, passhash, flags, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async mount of cryptohome.")); } - void AsyncAddKey(const std::string& user_email, + void AsyncAddKey(const Identification& cryptohome_id, const std::string& passhash, const std::string& new_passhash, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncAddKey(user_email, passhash, new_passhash, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async key addition.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncAddKey( + cryptohome_id, passhash, new_passhash, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async key addition.")); } void AsyncMountGuest(Callback callback) override { @@ -92,24 +89,23 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { "Couldn't initiate async mount of cryptohome.")); } - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const Identification& public_mount_id, int flags, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncMountPublic(public_mount_id, flags, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async mount public of cryptohome.")); + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncMountPublic( + public_mount_id, flags, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async mount public of cryptohome.")); } - void AsyncRemove(const std::string& user_email, Callback callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncRemove(user_email, base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async removal of cryptohome.")); + void AsyncRemove(const Identification& cryptohome_id, + Callback callback) override { + DBusThreadManager::Get()->GetCryptohomeClient()->AsyncRemove( + cryptohome_id, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async removal of cryptohome.")); } void AsyncTpmAttestationCreateEnrollRequest( @@ -137,109 +133,88 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& request_origin, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncTpmAttestationCreateCertRequest( - pca_type, - certificate_profile, - user_id, - request_origin, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->AsyncTpmAttestationCreateCertRequest( + pca_type, certificate_profile, cryptohome_id, request_origin, base::Bind(&AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation cert request.")); } void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - AsyncTpmAttestationFinishCertRequest( - pca_response, - key_type, - user_id, - key_name, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->AsyncTpmAttestationFinishCertRequest( + pca_response, key_type, cryptohome_id, key_name, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation finish cert request.")); } void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const Callback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationRegisterKey( - key_type, - user_id, - key_name, - base::Bind( - &AsyncMethodCallerImpl::RegisterAsyncCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, - "Couldn't initiate async attestation register key.")); + DBusThreadManager::Get()->GetCryptohomeClient()->TpmAttestationRegisterKey( + key_type, cryptohome_id, key_name, + base::Bind(&AsyncMethodCallerImpl::RegisterAsyncCallback, + weak_ptr_factory_.GetWeakPtr(), callback, + "Couldn't initiate async attestation register key.")); } void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationSignEnterpriseChallenge( - key_type, - user_id, - key_name, - domain, - device_id, - options, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->TpmAttestationSignEnterpriseChallenge( + key_type, cryptohome_id, key_name, domain, device_id, options, challenge, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation enterprise challenge.")); } void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - TpmAttestationSignSimpleChallenge( - key_type, - user_id, - key_name, - challenge, + DBusThreadManager::Get() + ->GetCryptohomeClient() + ->TpmAttestationSignSimpleChallenge( + key_type, cryptohome_id, key_name, challenge, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, - weak_ptr_factory_.GetWeakPtr(), - callback, + weak_ptr_factory_.GetWeakPtr(), callback, "Couldn't initiate async attestation simple challenge.")); } - void AsyncGetSanitizedUsername(const std::string& user, + void AsyncGetSanitizedUsername(const Identification& cryptohome_id, const DataCallback& callback) override { - DBusThreadManager::Get()->GetCryptohomeClient()-> - GetSanitizedUsername(user, - base::Bind( - &AsyncMethodCallerImpl::GetSanitizedUsernameCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + DBusThreadManager::Get()->GetCryptohomeClient()->GetSanitizedUsername( + cryptohome_id, + base::Bind(&AsyncMethodCallerImpl::GetSanitizedUsernameCallback, + weak_ptr_factory_.GetWeakPtr(), callback)); } virtual void GetSanitizedUsernameCallback( diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h index 374da45..098c687 100644 --- a/chromeos/cryptohome/async_method_caller.h +++ b/chromeos/cryptohome/async_method_caller.h @@ -15,6 +15,8 @@ namespace cryptohome { +class Identification; + // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome // since there is already a namespace ::cryptohome which holds the error code // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome @@ -40,45 +42,45 @@ class CHROMEOS_EXPORT AsyncMethodCaller { virtual ~AsyncMethodCaller() {} // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then use |passhash| to unlock the key. + // |user_id| and then use |passhash| to unlock the key. // |callback| will be called with status info on completion. - virtual void AsyncCheckKey(const std::string& user_email, + virtual void AsyncCheckKey(const Identification& user_id, const std::string& passhash, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then change from using |old_hash| to lock the + // |user_id| and then change from using |old_hash| to lock the // key to using |new_hash|. // |callback| will be called with status info on completion. - virtual void AsyncMigrateKey(const std::string& user_email, + virtual void AsyncMigrateKey(const Identification& user_id, const std::string& old_hash, const std::string& new_hash, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then mount it using |passhash| to unlock the key. + // |user_id| and then mount it using |passhash| to unlock the key. // The |flags| are a combination of |MountFlags|: // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create // a new cryptohome if one does not exist yet for - // |user_email|. + // |user_id|. // * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by // tmpfs. If |false|, the ephemeral users policy decides // whether tmpfs or an encrypted directory is used as the // backend. // |callback| will be called with status info on completion. // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists - // for |user_email|, the expected result is + // for |user_id|, the expected result is // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise, // the normal range of return codes is expected. - virtual void AsyncMount(const std::string& user_email, + virtual void AsyncMount(const Identification& user_id, const std::string& passhash, int flags, Callback callback) = 0; // Asks cryptohomed to asynchronously try to add another |new_passhash| for - // |user_email| using |passhash| to unlock the key. + // |user_id| using |passhash| to unlock the key. // |callback| will be called with status info on completion. - virtual void AsyncAddKey(const std::string& user_email, + virtual void AsyncAddKey(const Identification& user_id, const std::string& passhash, const std::string& new_passhash, Callback callback) = 0; @@ -91,13 +93,13 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // |public_mount_id| and then mount it using a passhash derived from // |public_mount_id| and a secret. See AsyncMount for possible values for // |flags|. - virtual void AsyncMountPublic(const std::string& public_mount_id, + virtual void AsyncMountPublic(const Identification& public_mount_id, int flags, Callback callback) = 0; // Asks cryptohomed to asynchronously try to find the cryptohome for - // |user_email| and then nuke it. - virtual void AsyncRemove(const std::string& user_email, + // |user_id| and then nuke it. + virtual void AsyncRemove(const Identification& user_id, Callback callback) = 0; // Asks cryptohomed to asynchronously create an attestation enrollment @@ -125,7 +127,7 @@ class CHROMEOS_EXPORT AsyncMethodCaller { virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const Identification& user_id, const std::string& request_origin, const DataCallback& callback) = 0; @@ -135,22 +137,22 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // emitted by the Privacy CA. |key_type| determines whether the certified key // is to be associated with the current user. |key_name| is a name for the // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // |user_id| is ignored. For normal GAIA users the |user_id| is + // a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const DataCallback& callback) = 0; // Asks cryptohomed to asynchronously register the attestation key specified // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must // be provided. Otherwise |user_id| is ignored. For normal GAIA users the - // |user_id| is a canonical email address. + // |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const Callback& callback) = 0; @@ -160,10 +162,10 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // a valid enterprise challenge. On success, the data sent to |callback| is // the challenge response. If |key_type| is KEY_USER, a |user_id| must be // provided. Otherwise |user_id| is ignored. For normal GAIA users the - // |user_id| is a canonical email address. + // |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -176,20 +178,19 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // set of bytes. On success, the data sent to |callback| is the challenge // response. If |key_type| is KEY_USER, a |user_id| must be provided. // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // GaiaId-derived string (see AccountId::GetGaiaIdKey). virtual void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) = 0; // Asks cryptohome to asynchronously retrieve a string associated with given - // |user| that would be used in mount path instead of |user|. + // |user_id| that would be used in mount path instead of |user_id|. // On success the data is sent to |callback|. - virtual void AsyncGetSanitizedUsername( - const std::string& user, - const DataCallback& callback) = 0; + virtual void AsyncGetSanitizedUsername(const Identification& user_id, + const DataCallback& callback) = 0; // Creates the global AsyncMethodCaller instance. static void Initialize(); diff --git a/chromeos/cryptohome/cryptohome_parameters.cc b/chromeos/cryptohome/cryptohome_parameters.cc index c484947..5aa8857 100644 --- a/chromeos/cryptohome/cryptohome_parameters.cc +++ b/chromeos/cryptohome/cryptohome_parameters.cc @@ -8,14 +8,67 @@ #include <stdint.h> #include "chromeos/dbus/cryptohome/key.pb.h" +#include "components/signin/core/account_id/account_id.h" +#include "components/user_manager/known_user.h" namespace cryptohome { +namespace { -Identification::Identification(const std::string& user_id) : user_id(user_id) { +// Subsystem name for GaiaId migration status. +const char kCryptohome[] = "cryptohome"; + +const std::string GetCryptohomeId(const AccountId& account_id) { + // Guest/kiosk/managed/public accounts have empty GaiaId. Default to email. + if (account_id.GetGaiaId().empty()) + return account_id.GetUserEmail(); // Migrated + + if (GetGaiaIdMigrationStatus(account_id)) + return account_id.GetGaiaIdKey(); + + return account_id.GetUserEmail(); // Migrated +} + +} // anonymous namespace + +Identification::Identification() {} + +Identification::Identification(const AccountId& account_id) + : id_(GetCryptohomeId(account_id)) {} + +Identification::Identification(const std::string& id) : id_(id) {} + +Identification Identification::FromString(const std::string& id) { + return Identification(id); } bool Identification::operator==(const Identification& other) const { - return user_id == other.user_id; + return id_ == other.id_; +} + +bool Identification::operator<(const Identification& right) const { + return id_ < right.id_; +} + +AccountId Identification::GetAccountId() const { + const std::vector<AccountId> known_account_ids = + user_manager::known_user::GetKnownAccountIds(); + + // A LOT of tests start with --login_user <user>, and not registing this user + // before. So we might have "known_user" entry without gaia_id. + for (const AccountId& known_id : known_account_ids) { + if (!known_id.GetGaiaId().empty() && known_id.GetGaiaIdKey() == id_) { + return known_id; + } + } + + for (const AccountId& known_id : known_account_ids) { + if (known_id.GetUserEmail() == id_) { + return known_id; + } + } + + return user_manager::known_user::GetAccountId(id_, + std::string() /* gaia_id */); } KeyDefinition::AuthorizationData::Secret::Secret() : encrypt(false), @@ -183,4 +236,23 @@ bool MountParameters::operator==(const MountParameters& other) const { MountParameters::~MountParameters() { } +bool GetGaiaIdMigrationStatus(const AccountId& account_id) { + return user_manager::known_user::GetGaiaIdMigrationStatus(account_id, + kCryptohome); +} + +void SetGaiaIdMigrationStatusDone(const AccountId& account_id) { + user_manager::known_user::SetGaiaIdMigrationStatusDone(account_id, + kCryptohome); +} + } // namespace cryptohome + +namespace BASE_HASH_NAMESPACE { + +std::size_t hash<cryptohome::Identification>::operator()( + const cryptohome::Identification& cryptohome_id) const { + return hash<std::string>()(cryptohome_id.id()); +} + +} // namespace BASE_HASH_NAMESPACE diff --git a/chromeos/cryptohome/cryptohome_parameters.h b/chromeos/cryptohome/cryptohome_parameters.h index 3738b56..2037b21 100644 --- a/chromeos/cryptohome/cryptohome_parameters.h +++ b/chromeos/cryptohome/cryptohome_parameters.h @@ -10,9 +10,12 @@ #include <string> #include <vector> +#include "base/containers/hash_tables.h" #include "base/memory/scoped_ptr.h" #include "chromeos/chromeos_export.h" +class AccountId; + namespace cryptohome { enum AuthKeyPrivileges { @@ -25,12 +28,28 @@ enum AuthKeyPrivileges { }; // Identification of the user calling cryptohome method. -struct CHROMEOS_EXPORT Identification { - explicit Identification(const std::string& user_id); +class CHROMEOS_EXPORT Identification { + public: + Identification(); + + explicit Identification(const AccountId& account_id); bool operator==(const Identification& other) const; - std::string user_id; + // This method should be used for migration purpose only. + static Identification FromString(const std::string& id); + + // Look up known user and return its AccountId. + AccountId GetAccountId() const; + + const std::string& id() const { return id_; } + + bool operator<(const Identification& right) const; + + private: + explicit Identification(const std::string&); + + std::string id_; }; // Definition of the key (e.g. password) for the cryptohome. @@ -145,6 +164,25 @@ class CHROMEOS_EXPORT MountParameters { std::vector<KeyDefinition> create_keys; }; +// This function returns true if cryptohome of |account_id| is migrated to +// gaiaId-based identifier (AccountId::GetGaiaIdKey()). +bool GetGaiaIdMigrationStatus(const AccountId& account_id); + +// This function marks |account_id| cryptohome migrated to gaiaId-based +// identifier (AccountId::GetGaiaIdKey()). +void SetGaiaIdMigrationStatusDone(const AccountId& account_id); + } // namespace cryptohome +namespace BASE_HASH_NAMESPACE { + +// Implement hashing of cryptohome::Identification, so it can be used as a key +// in STL containers. +template <> +struct hash<cryptohome::Identification> { + std::size_t operator()(const cryptohome::Identification& cryptohome_id) const; +}; + +} // namespace BASE_HASH_NAMESPACE + #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ diff --git a/chromeos/cryptohome/homedir_methods.cc b/chromeos/cryptohome/homedir_methods.cc index 8413c72..81bf153 100644 --- a/chromeos/cryptohome/homedir_methods.cc +++ b/chromeos/cryptohome/homedir_methods.cc @@ -95,12 +95,6 @@ void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) { } } -// Fill identification protobuffer. -void FillIdentificationProtobuf(const Identification& id, - cryptohome::AccountIdentifier* id_proto) { - id_proto->set_email(id.user_id); -} - // Fill authorization protobuffer. void FillAuthorizationProtobuf(const Authorization& auth, cryptohome::AuthorizationRequest* auth_proto) { @@ -183,50 +177,38 @@ class HomedirMethodsImpl : public HomedirMethods { void GetKeyDataEx(const Identification& id, const std::string& label, const GetKeyDataCallback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest kEmptyAuthProto; cryptohome::GetKeyDataRequest request; - FillIdentificationProtobuf(id, &id_proto); request.mutable_key()->mutable_data()->set_label(label); DBusThreadManager::Get()->GetCryptohomeClient()->GetKeyDataEx( - id_proto, - kEmptyAuthProto, - request, + id, kEmptyAuthProto, request, base::Bind(&HomedirMethodsImpl::OnGetKeyDataExCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void CheckKeyEx(const Identification& id, const Authorization& auth, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::CheckKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); DBusThreadManager::Get()->GetCryptohomeClient()->CheckKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void MountEx(const Identification& id, const Authorization& auth, const MountParameters& request, const MountCallback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::MountRequest request_proto; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); if (request.ephemeral) @@ -239,12 +221,9 @@ class HomedirMethodsImpl : public HomedirMethods { } DBusThreadManager::Get()->GetCryptohomeClient()->MountEx( - id_proto, - auth_proto, - request_proto, + id, auth_proto, request_proto, base::Bind(&HomedirMethodsImpl::OnMountExCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void AddKeyEx(const Identification& id, @@ -252,43 +231,33 @@ class HomedirMethodsImpl : public HomedirMethods { const KeyDefinition& new_key, bool clobber_if_exists, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::AddKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); FillKeyProtobuf(new_key, request.mutable_key()); request.set_clobber_if_exists(clobber_if_exists); DBusThreadManager::Get()->GetCryptohomeClient()->AddKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void RemoveKeyEx(const Identification& id, const Authorization& auth, const std::string& label, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::RemoveKeyRequest request; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); request.mutable_key()->mutable_data()->set_label(label); DBusThreadManager::Get()->GetCryptohomeClient()->RemoveKeyEx( - id_proto, - auth_proto, - request, + id, auth_proto, request, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } void UpdateKeyEx(const Identification& id, @@ -296,22 +265,17 @@ class HomedirMethodsImpl : public HomedirMethods { const KeyDefinition& new_key, const std::string& signature, const Callback& callback) override { - cryptohome::AccountIdentifier id_proto; cryptohome::AuthorizationRequest auth_proto; cryptohome::UpdateKeyRequest pb_update_key; - FillIdentificationProtobuf(id, &id_proto); FillAuthorizationProtobuf(auth, &auth_proto); FillKeyProtobuf(new_key, pb_update_key.mutable_changes()); pb_update_key.set_authorization_signature(signature); DBusThreadManager::Get()->GetCryptohomeClient()->UpdateKeyEx( - id_proto, - auth_proto, - pb_update_key, + id, auth_proto, pb_update_key, base::Bind(&HomedirMethodsImpl::OnBaseReplyCallback, - weak_ptr_factory_.GetWeakPtr(), - callback)); + weak_ptr_factory_.GetWeakPtr(), callback)); } private: diff --git a/chromeos/cryptohome/homedir_methods_unittest.cc b/chromeos/cryptohome/homedir_methods_unittest.cc index 19b039d..8343fa1 100644 --- a/chromeos/cryptohome/homedir_methods_unittest.cc +++ b/chromeos/cryptohome/homedir_methods_unittest.cc @@ -17,6 +17,7 @@ #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/dbus_thread_manager.h" #include "chromeos/dbus/mock_cryptohome_client.h" +#include "components/signin/core/account_id/account_id.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -36,6 +37,10 @@ MATCHER_P(EqualsProto, expected_proto, "") { return actual_value == expected_value; } +MATCHER_P(EqualsIdentification, expected_identification, "") { + return arg == expected_identification; +} + } // namespace const char kUserID[] = "user@example.com"; @@ -68,7 +73,7 @@ class HomedirMethodsTest : public testing::Test { chromeos::MockCryptohomeClient* cryptohome_client_; // The reply that |cryptohome_client_| will make. - cryptohome::BaseReply cryptohome_reply_; + BaseReply cryptohome_reply_; // The results of the most recent |HomedirMethods| method call. bool success_; @@ -119,25 +124,22 @@ void HomedirMethodsTest::StoreGetKeyDataExResult( // Verifies that the result of a GetKeyDataEx() call is correctly parsed. TEST_F(HomedirMethodsTest, GetKeyDataEx) { - AccountIdentifier expected_id; - expected_id.set_email(kUserID); - const cryptohome::AuthorizationRequest expected_auth; - cryptohome::GetKeyDataRequest expected_request; - expected_request.mutable_key()->mutable_data()->set_label(kKeyLabel); + const Identification expected_id(AccountId::FromUserEmail(kUserID)); + const AuthorizationRequest expected_auth; + GetKeyDataRequest expected_request; + expected_request.mutable_key()->mutable_data()->set_label(kKeyLabel); EXPECT_CALL(*cryptohome_client_, - GetKeyDataEx(EqualsProto(expected_id), + GetKeyDataEx(EqualsIdentification(expected_id), EqualsProto(expected_auth), - EqualsProto(expected_request), - _)) + EqualsProto(expected_request), _)) .Times(1) - .WillOnce(WithArg<3>(Invoke( - this, - &HomedirMethodsTest::RunProtobufMethodCallback))); + .WillOnce(WithArg<3>( + Invoke(this, &HomedirMethodsTest::RunProtobufMethodCallback))); // Set up the reply that |cryptohome_client_| will make. - cryptohome::GetKeyDataReply* reply = - cryptohome_reply_.MutableExtension(cryptohome::GetKeyDataReply::reply); + GetKeyDataReply* reply = + cryptohome_reply_.MutableExtension(GetKeyDataReply::reply); KeyData* key_data = reply->add_key_data(); key_data->set_type(KeyData::KEY_TYPE_PASSWORD); key_data->set_label(kKeyLabel); @@ -155,10 +157,9 @@ TEST_F(HomedirMethodsTest, GetKeyDataEx) { // Call GetKeyDataEx(). HomedirMethods::GetInstance()->GetKeyDataEx( - Identification(kUserID), - kKeyLabel, - base::Bind(&HomedirMethodsTest::StoreGetKeyDataExResult, - base::Unretained(this))); + Identification(AccountId::FromUserEmail(kUserID)), kKeyLabel, + base::Bind(&HomedirMethodsTest::StoreGetKeyDataExResult, + base::Unretained(this))); // Verify that the call was successful and the result was correctly parsed. EXPECT_TRUE(success_); diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h index 97ead2f..2a3c3b0 100644 --- a/chromeos/cryptohome/mock_async_method_caller.h +++ b/chromeos/cryptohome/mock_async_method_caller.h @@ -10,6 +10,7 @@ #include "base/callback.h" #include "base/macros.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "testing/gmock/include/gmock/gmock.h" namespace cryptohome { @@ -27,27 +28,32 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { void SetUp(bool success, MountError return_code); - MOCK_METHOD3(AsyncCheckKey, void(const std::string& user_email, - const std::string& passhash, - Callback callback)); - MOCK_METHOD4(AsyncMigrateKey, void(const std::string& user_email, - const std::string& old_hash, - const std::string& new_hash, - Callback callback)); - MOCK_METHOD4(AsyncMount, void(const std::string& user_email, - const std::string& passhash, - int flags, - Callback callback)); - MOCK_METHOD4(AsyncAddKey, void(const std::string& user_email, - const std::string& passhash, - const std::string& new_key, - Callback callback)); + MOCK_METHOD3(AsyncCheckKey, + void(const Identification& user_id, + const std::string& passhash, + Callback callback)); + MOCK_METHOD4(AsyncMigrateKey, + void(const Identification& user_id, + const std::string& old_hash, + const std::string& new_hash, + Callback callback)); + MOCK_METHOD4(AsyncMount, + void(const Identification& user_id, + const std::string& passhash, + int flags, + Callback callback)); + MOCK_METHOD4(AsyncAddKey, + void(const Identification& user_id, + const std::string& passhash, + const std::string& new_key, + Callback callback)); MOCK_METHOD1(AsyncMountGuest, void(Callback callback)); - MOCK_METHOD3(AsyncMountPublic, void(const std::string& public_mount_id, - int flags, - Callback callback)); - MOCK_METHOD2(AsyncRemove, void(const std::string& user_email, - Callback callback)); + MOCK_METHOD3(AsyncMountPublic, + void(const Identification& public_mount_id, + int flags, + Callback callback)); + MOCK_METHOD2(AsyncRemove, + void(const Identification& user_id, Callback callback)); MOCK_METHOD2(AsyncTpmAttestationCreateEnrollRequest, void(chromeos::attestation::PrivacyCAType pca_type, const DataCallback& callback)); @@ -59,38 +65,37 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { AsyncTpmAttestationCreateCertRequest, void(chromeos::attestation::PrivacyCAType pca_type, chromeos::attestation::AttestationCertificateProfile profile, - const std::string& user_id, + const Identification& user_id, const std::string& request_origin, const DataCallback& callback)); MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const DataCallback& callback)); MOCK_METHOD4(TpmAttestationRegisterKey, void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const Callback& callback)); - MOCK_METHOD8( - TpmAttestationSignEnterpriseChallenge, - void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const std::string& domain, - const std::string& device_id, - chromeos::attestation::AttestationChallengeOptions options, - const std::string& challenge, - const DataCallback& callback)); + MOCK_METHOD8(TpmAttestationSignEnterpriseChallenge, + void(chromeos::attestation::AttestationKeyType key_type, + const Identification& user_id, + const std::string& key_name, + const std::string& domain, + const std::string& device_id, + chromeos::attestation::AttestationChallengeOptions options, + const std::string& challenge, + const DataCallback& callback)); MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(chromeos::attestation::AttestationKeyType key_type, - const std::string& user_id, + const Identification& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback)); MOCK_METHOD2(AsyncGetSanitizedUsername, - void(const std::string& user, + void(const Identification& user_id, const DataCallback& callback)); private: diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc index c2b3e82..0df97a3 100644 --- a/chromeos/dbus/cryptohome_client.cc +++ b/chromeos/dbus/cryptohome_client.cc @@ -13,6 +13,7 @@ #include "base/memory/weak_ptr.h" #include "base/message_loop/message_loop.h" #include "chromeos/cryptohome/async_method_caller.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/blocking_method_caller.h" #include "chromeos/dbus/cryptohome/key.pb.h" #include "chromeos/dbus/cryptohome/rpc.pb.h" @@ -28,8 +29,8 @@ const int CryptohomeClient::kNotReadyAsyncId = -1; namespace { -// This suffix is appended to user_id to get hash in stub implementation: -// stub_hash = "[user_id]-hash"; +// This suffix is appended to cryptohome_id to get hash in stub implementation: +// stub_hash = "[cryptohome_id]-hash"; static const char kUserIdStubHashSuffix[] = "-hash"; // Timeout for TPM operations. On slow machines it should be larger, than @@ -37,6 +38,11 @@ static const char kUserIdStubHashSuffix[] = "-hash"; // is 2 minutes. const int kTpmDBusTimeoutMs = 2 * 60 * 1000; +void FillIdentificationProtobuf(const cryptohome::Identification& id, + cryptohome::AccountIdentifier* id_proto) { + id_proto->set_account_id(id.id()); +} + // The CryptohomeClient implementation. class CryptohomeClientImpl : public CryptohomeClient { public: @@ -77,13 +83,13 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncCheckKey(const std::string& username, + void AsyncCheckKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncCheckKey); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -92,14 +98,14 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncMigrateKey(const std::string& username, + void AsyncMigrateKey(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncMigrateKey); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(from_key); writer.AppendString(to_key); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , @@ -109,12 +115,12 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncRemove(const std::string& username, + void AsyncRemove(const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncRemove); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, weak_ptr_factory_.GetWeakPtr(), @@ -132,12 +138,12 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override, - void GetSanitizedUsername(const std::string& username, + void GetSanitizedUsername(const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeGetSanitizedUsername); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnStringMethod, weak_ptr_factory_.GetWeakPtr(), @@ -146,11 +152,11 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. std::string BlockingGetSanitizedUsername( - const std::string& username) override { + const cryptohome::Identification& cryptohome_id) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeGetSanitizedUsername); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); scoped_ptr<dbus::Response> response = blocking_method_caller_->CallMethodAndBlock(&method_call); @@ -165,14 +171,14 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncMount(const std::string& username, + void AsyncMount(const cryptohome::Identification& cryptohome_id, const std::string& key, int flags, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncMount); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key); writer.AppendBool(flags & cryptohome::CREATE_IF_MISSING); writer.AppendBool(flags & cryptohome::ENSURE_EPHEMERAL); @@ -185,14 +191,14 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncAddKey(const std::string& username, + void AsyncAddKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncAddKey); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key); writer.AppendString(new_key); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , @@ -212,13 +218,13 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const cryptohome::Identification& public_mount_id, int flags, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncMountPublic); dbus::MessageWriter writer(&method_call); - writer.AppendString(public_mount_id); + writer.AppendString(public_mount_id.id()); writer.AppendBool(flags & cryptohome::CREATE_IF_MISSING); writer.AppendBool(flags & cryptohome::ENSURE_EPHEMERAL); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , @@ -336,13 +342,13 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void Pkcs11GetTpmTokenInfoForUser( - const std::string& user_email, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) override { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomePkcs11GetTpmTokenInfoForUser); dbus::MessageWriter writer(&method_call); - writer.AppendString(user_email); + writer.AppendString(cryptohome_id.id()); proxy_->CallMethod( &method_call, kTpmDBusTimeoutMs , base::Bind( @@ -473,7 +479,7 @@ class CryptohomeClientImpl : public CryptohomeClient { void AsyncTpmAttestationCreateCertRequest( attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call( @@ -482,7 +488,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); writer.AppendInt32(pca_type); writer.AppendInt32(certificate_profile); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(request_origin); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -494,7 +500,7 @@ class CryptohomeClientImpl : public CryptohomeClient { void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) override { dbus::MethodCall method_call( @@ -506,7 +512,7 @@ class CryptohomeClientImpl : public CryptohomeClient { pca_response.size()); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -517,7 +523,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) override { dbus::MethodCall method_call( @@ -526,7 +532,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); CallBoolMethod(&method_call, callback); } @@ -534,7 +540,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) override { dbus::MethodCall method_call( @@ -543,7 +549,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -552,17 +558,18 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void TpmAttestationGetPublicKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const DataMethodCallback& callback) override { + void TpmAttestationGetPublicKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const DataMethodCallback& callback) override { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationGetPublicKey); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -571,17 +578,18 @@ class CryptohomeClientImpl : public CryptohomeClient { } // CryptohomeClient override. - void TpmAttestationRegisterKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const AsyncMethodCallback& callback) override { + void TpmAttestationRegisterKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const AsyncMethodCallback& callback) override { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationRegisterKey); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -592,7 +600,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -605,7 +613,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); writer.AppendString(domain); writer.AppendArrayOfBytes( @@ -624,7 +632,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) override { @@ -634,7 +642,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); writer.AppendArrayOfBytes( reinterpret_cast<const uint8_t*>(challenge.data()), challenge.size()); @@ -647,7 +655,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) override { dbus::MethodCall method_call( @@ -656,7 +664,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); proxy_->CallMethod(&method_call, kTpmDBusTimeoutMs , base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -667,7 +675,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) override { @@ -677,7 +685,7 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_name); writer.AppendArrayOfBytes(reinterpret_cast<const uint8_t*>(payload.data()), payload.size()); @@ -687,7 +695,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. void TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) override { dbus::MethodCall method_call( @@ -696,19 +704,22 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); - writer.AppendString(user_id); + writer.AppendString(cryptohome_id.id()); writer.AppendString(key_prefix); CallBoolMethod(&method_call, callback); } - void GetKeyDataEx(const cryptohome::AccountIdentifier& id, + void GetKeyDataEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::GetKeyDataRequest& request, const ProtobufMethodCallback& callback) override { + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeGetKeyDataEx); dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -719,7 +730,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void CheckKeyEx(const cryptohome::AccountIdentifier& id, + void CheckKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::CheckKeyRequest& request, const ProtobufMethodCallback& callback) override { @@ -727,8 +738,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -738,7 +752,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void MountEx(const cryptohome::AccountIdentifier& id, + void MountEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) override { @@ -746,8 +760,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -757,7 +774,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void AddKeyEx(const cryptohome::AccountIdentifier& id, + void AddKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::AddKeyRequest& request, const ProtobufMethodCallback& callback) override { @@ -765,8 +782,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -776,7 +796,7 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void UpdateKeyEx(const cryptohome::AccountIdentifier& id, + void UpdateKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::UpdateKeyRequest& request, const ProtobufMethodCallback& callback) override { @@ -784,8 +804,11 @@ class CryptohomeClientImpl : public CryptohomeClient { dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -796,15 +819,18 @@ class CryptohomeClientImpl : public CryptohomeClient { callback)); } - void RemoveKeyEx(const cryptohome::AccountIdentifier& id, + void RemoveKeyEx(const cryptohome::Identification& id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) override { const char* method_name = cryptohome::kCryptohomeRemoveKeyEx; dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name); + cryptohome::AccountIdentifier id_proto; + FillIdentificationProtobuf(id, &id_proto); + dbus::MessageWriter writer(&method_call); - writer.AppendProtoAsArrayOfBytes(id); + writer.AppendProtoAsArrayOfBytes(id_proto); writer.AppendProtoAsArrayOfBytes(auth); writer.AppendProtoAsArrayOfBytes(request); @@ -1139,8 +1165,8 @@ CryptohomeClient* CryptohomeClient::Create() { // static std::string CryptohomeClient::GetStubSanitizedUsername( - const std::string& username) { - return username + kUserIdStubHashSuffix; + const cryptohome::Identification& cryptohome_id) { + return cryptohome_id.id() + kUserIdStubHashSuffix; } } // namespace chromeos diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h index 09116e3..233ff93 100644 --- a/chromeos/dbus/cryptohome_client.h +++ b/chromeos/dbus/cryptohome_client.h @@ -19,7 +19,6 @@ namespace cryptohome { -class AccountIdentifier; class AddKeyRequest; class AuthorizationRequest; class BaseReply; @@ -32,6 +31,8 @@ class RemoveKeyRequest; class SetBootAttributeRequest; class UpdateKeyRequest; +class Identification; + } // namespace cryptohome namespace chromeos { @@ -95,7 +96,8 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { static CryptohomeClient* Create(); // Returns the sanitized |username| that the stub implementation would return. - static std::string GetStubSanitizedUsername(const std::string& username); + static std::string GetStubSanitizedUsername( + const cryptohome::Identification& cryptohome_id); // Sets AsyncCallStatus signal handlers. // |handler| is called when results for AsyncXXX methods are returned. @@ -121,20 +123,20 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Calls AsyncCheckKey method. |callback| is called after the method call // succeeds. - virtual void AsyncCheckKey(const std::string& username, + virtual void AsyncCheckKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) = 0; // Calls AsyncMigrateKey method. |callback| is called after the method call // succeeds. - virtual void AsyncMigrateKey(const std::string& username, + virtual void AsyncMigrateKey(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) = 0; // Calls AsyncRemove method. |callback| is called after the method call // succeeds. - virtual void AsyncRemove(const std::string& username, + virtual void AsyncRemove(const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) = 0; // Calls GetSystemSalt method. |callback| is called after the method call @@ -144,7 +146,7 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Calls GetSanitizedUsername method. |callback| is called after the method // call succeeds. virtual void GetSanitizedUsername( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) = 0; // Same as GetSanitizedUsername() but blocks until a reply is received, and @@ -154,13 +156,13 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // considered acceptable (e.g. restarting the browser after a crash or after // a flag change). virtual std::string BlockingGetSanitizedUsername( - const std::string& username) = 0; + const cryptohome::Identification& cryptohome_id) = 0; // Calls the AsyncMount method to asynchronously mount the cryptohome for // |username|, using |key| to unlock it. For supported |flags|, see the // documentation of AsyncMethodCaller::AsyncMount(). // |callback| is called after the method call succeeds. - virtual void AsyncMount(const std::string& username, + virtual void AsyncMount(const cryptohome::Identification& cryptohome_id, const std::string& key, int flags, const AsyncMethodCallback& callback) = 0; @@ -168,7 +170,7 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Calls the AsyncAddKey method to asynchronously add another |new_key| for // |username|, using |key| to unlock it first. // |callback| is called after the method call succeeds. - virtual void AsyncAddKey(const std::string& username, + virtual void AsyncAddKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) = 0; @@ -181,9 +183,10 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // |public_mount_id|. For supported |flags|, see the documentation of // AsyncMethodCaller::AsyncMount(). |callback| is called after the method // call succeeds. - virtual void AsyncMountPublic(const std::string& public_mount_id, - int flags, - const AsyncMethodCallback& callback) = 0; + virtual void AsyncMountPublic( + const cryptohome::Identification& public_mount_id, + int flags, + const AsyncMethodCallback& callback) = 0; // Calls TpmIsReady method. virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0; @@ -241,11 +244,10 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { const Pkcs11GetTpmTokenInfoCallback& callback) = 0; // Calls Pkcs11GetTpmTokenInfoForUser method. On success |callback| will - // receive PKCS #11 token information for the user identified by |user_email|. - // The |user_email| must be a canonical email address as returned by - // user_manager::User::email(). + // receive PKCS #11 token information for the user identified by + // |cryptohome_id|. virtual void Pkcs11GetTpmTokenInfoForUser( - const std::string& user_email, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) = 0; // Calls InstallAttributesGet method and returns true when the call succeeds. @@ -308,19 +310,19 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { const AsyncMethodCallback& callback) = 0; // Asynchronously creates an attestation certificate request according to - // |certificate_profile|. Some profiles require that the |user_id| of the - // currently active user and an identifier of the |request_origin| be + // |certificate_profile|. Some profiles require that the |cryptohome_id| of + // the currently active user and an identifier of the |request_origin| be // provided. |callback| will be called when the dbus call completes. When // the operation completes, the AsyncCallStatusWithDataHandler signal handler // is called. The data that is sent with the signal is a certificate request // to be sent to the Privacy CA of type |pca_type|. The certificate request // is completed by calling AsyncTpmAttestationFinishCertRequest. The - // |user_id| will not be included in the certificate request for the Privacy - // CA. + // |cryptohome_id| will not be included in the certificate request for the + // Privacy CA. virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) = 0; @@ -331,46 +333,45 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // is the response to the certificate request emitted by the Privacy CA. // |key_type| determines whether the certified key is to be associated with // the current user. |key_name| is a name for the key. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) = 0; // Checks if an attestation key already exists. If the key specified by // |key_type| and |key_name| exists, then the result sent to the callback will - // be true. If |key_type| is KEY_USER, a |user_id| must be provided. - // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // be true. If |key_type| is KEY_USER, a |cryptohome_id| must be provided. + // Otherwise |cryptohome_id| is ignored. virtual void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) = 0; // Gets the attestation certificate for the key specified by |key_type| and // |key_name|. |callback| will be called when the operation completes. If // the key does not exist the callback |result| parameter will be false. If - // |key_type| is KEY_USER, a |user_id| must be provided. Otherwise |user_id| - // is ignored. For normal GAIA users the |user_id| is a canonical email - // address. + // |key_type| is KEY_USER, a |cryptohome_id| must be provided. Otherwise + // |cryptohome_id| + // is ignored. virtual void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) = 0; // Gets the public key for the key specified by |key_type| and |key_name|. // |callback| will be called when the operation completes. If the key does // not exist the callback |result| parameter will be false. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) = 0; @@ -378,12 +379,11 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // PKCS #11 token. The |callback| will be called when the dbus call // completes. When the operation completes, the AsyncCallStatusHandler signal // handler is called. |key_type| and |key_name| specify the key to register. - // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // If |key_type| is KEY_USER, a |cryptohome_id| must be provided. Otherwise + // |cryptohome_id| is ignored. virtual void TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) = 0; @@ -393,12 +393,11 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // generated. |challenge| must be a valid enterprise attestation challenge. // The |callback| will be called when the dbus call completes. When the // operation completes, the AsyncCallStatusWithDataHandler signal handler is - // called. If |key_type| is KEY_USER, a |user_id| must be provided. - // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a - // canonical email address. + // called. If |key_type| is KEY_USER, a |cryptohome_id| must be provided. + // Otherwise |cryptohome_id| is ignored. virtual void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -412,11 +411,11 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // cannot be used to sign arbitrary data. The |callback| will be called when // the dbus call completes. When the operation completes, the // AsyncCallStatusWithDataHandler signal handler is called. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) = 0; @@ -426,23 +425,22 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // If the key does not exist the callback |result| parameter will be false. // If no payload has been set for the key the callback |result| parameter will // be true and the |data| parameter will be empty. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. virtual void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) = 0; // Sets the |payload| associated with the key specified by |key_type| and // |key_name|. The |callback| will be called when the operation completes. // If the operation succeeds, the callback |result| parameter will be true. - // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise - // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical - // email address. + // If |key_type| is KEY_USER, a |cryptohome_id| must be provided. Otherwise + // |cryptohome_id| is ignored. virtual void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) = 0; @@ -450,14 +448,14 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // Deletes certified keys as specified by |key_type| and |key_prefix|. The // |callback| will be called when the operation completes. If the operation // succeeds, the callback |result| parameter will be true. If |key_type| is - // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. - // For normal GAIA users the |user_id| is a canonical email address. All keys - // where the key name has a prefix matching |key_prefix| will be deleted. All - // meta-data associated with the key, including certificates, will also be - // deleted. + // KEY_USER, a |cryptohome_id| must be provided. Otherwise |cryptohome_id| + // is ignored. + // All keys where the key name has a prefix matching |key_prefix| will be + // deleted. All meta-data associated with the key, including certificates, + // will also be deleted. virtual void TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) = 0; @@ -466,56 +464,51 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // GetKeyDataEx returns information about the key specified in |request|. At // present, this does not include any secret information and the call should // not be authenticated (|auth| should be empty). - virtual void GetKeyDataEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::GetKeyDataRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void GetKeyDataEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::GetKeyDataRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls CheckKeyEx method. |callback| is called after method // call, and with reply protobuf. // CheckKeyEx just checks if authorization information is valid. - virtual void CheckKeyEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::CheckKeyRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void CheckKeyEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::CheckKeyRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls MountEx method. |callback| is called after method // call, and with reply protobuf. // MountEx attempts to mount home dir using given authorization, and can // create new home dir if necessary values are specified in |request|. - virtual void MountEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::MountRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void MountEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::MountRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls AddKeyEx method. |callback| is called after method // call, and with reply protobuf. // AddKeyEx adds another key to the given key set. |request| also defines // behavior in case when key with specified label already exist. - virtual void AddKeyEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::AddKeyRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void AddKeyEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::AddKeyRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls UpdateKeyEx method. |callback| is called after method // call, and with reply protobuf. Reply will contain MountReply extension. // UpdateKeyEx replaces key used for authorization, without affecting any // other keys. If specified at home dir creation time, new key may have // to be signed and/or encrypted. - virtual void UpdateKeyEx( - const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::UpdateKeyRequest& request, - const ProtobufMethodCallback& callback) = 0; + virtual void UpdateKeyEx(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::UpdateKeyRequest& request, + const ProtobufMethodCallback& callback) = 0; // Asynchronously calls RemoveKeyEx method. |callback| is called after method // call, and with reply protobuf. // RemoveKeyEx removes key from the given key set. - virtual void RemoveKeyEx(const cryptohome::AccountIdentifier& id, + virtual void RemoveKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) = 0; diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc index 236b1f9..2ae9197 100644 --- a/chromeos/dbus/fake_cryptohome_client.cc +++ b/chromeos/dbus/fake_cryptohome_client.cc @@ -73,14 +73,14 @@ bool FakeCryptohomeClient::Unmount(bool* success) { } void FakeCryptohomeClient::AsyncCheckKey( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); } void FakeCryptohomeClient::AsyncMigrateKey( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) { @@ -88,7 +88,7 @@ void FakeCryptohomeClient::AsyncMigrateKey( } void FakeCryptohomeClient::AsyncRemove( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); } @@ -101,30 +101,31 @@ void FakeCryptohomeClient::GetSystemSalt( } void FakeCryptohomeClient::GetSanitizedUsername( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) { // Even for stub implementation we have to return different values so that // multi-profiles would work. - std::string sanitized_username = GetStubSanitizedUsername(username); + std::string sanitized_username = GetStubSanitizedUsername(cryptohome_id); base::MessageLoop::current()->PostTask( FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, sanitized_username)); } std::string FakeCryptohomeClient::BlockingGetSanitizedUsername( - const std::string& username) { - return GetStubSanitizedUsername(username); + const cryptohome::Identification& cryptohome_id) { + return GetStubSanitizedUsername(cryptohome_id); } -void FakeCryptohomeClient::AsyncMount(const std::string& username, - const std::string& key, - int flags, - const AsyncMethodCallback& callback) { +void FakeCryptohomeClient::AsyncMount( + const cryptohome::Identification& cryptohome_id, + const std::string& key, + int flags, + const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); } void FakeCryptohomeClient::AsyncAddKey( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) { @@ -137,7 +138,7 @@ void FakeCryptohomeClient::AsyncMountGuest( } void FakeCryptohomeClient::AsyncMountPublic( - const std::string& public_mount_id, + const cryptohome::Identification& public_mount_id, int flags, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, false); @@ -228,7 +229,7 @@ void FakeCryptohomeClient::Pkcs11GetTpmTokenInfo( } void FakeCryptohomeClient::Pkcs11GetTpmTokenInfoForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) { Pkcs11GetTpmTokenInfo(callback); } @@ -360,7 +361,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationEnroll( void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -369,7 +370,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest( void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -377,7 +378,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( void FakeCryptohomeClient::TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -386,7 +387,7 @@ void FakeCryptohomeClient::TpmAttestationDoesKeyExist( void FakeCryptohomeClient::TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -396,7 +397,7 @@ void FakeCryptohomeClient::TpmAttestationGetCertificate( void FakeCryptohomeClient::TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -406,7 +407,7 @@ void FakeCryptohomeClient::TpmAttestationGetPublicKey( void FakeCryptohomeClient::TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -414,7 +415,7 @@ void FakeCryptohomeClient::TpmAttestationRegisterKey( void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -426,7 +427,7 @@ void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) { @@ -435,7 +436,7 @@ void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( void FakeCryptohomeClient::TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -445,7 +446,7 @@ void FakeCryptohomeClient::TpmAttestationGetKeyPayload( void FakeCryptohomeClient::TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) { @@ -455,7 +456,7 @@ void FakeCryptohomeClient::TpmAttestationSetKeyPayload( void FakeCryptohomeClient::TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -463,7 +464,7 @@ void FakeCryptohomeClient::TpmAttestationDeleteKeys( } void FakeCryptohomeClient::GetKeyDataEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::GetKeyDataRequest& request, const ProtobufMethodCallback& callback) { @@ -473,7 +474,7 @@ void FakeCryptohomeClient::GetKeyDataEx( } void FakeCryptohomeClient::CheckKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::CheckKeyRequest& request, const ProtobufMethodCallback& callback) { @@ -482,19 +483,19 @@ void FakeCryptohomeClient::CheckKeyEx( } void FakeCryptohomeClient::MountEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) { cryptohome::BaseReply reply; cryptohome::MountReply* mount = reply.MutableExtension(cryptohome::MountReply::reply); - mount->set_sanitized_username(GetStubSanitizedUsername(id.email())); + mount->set_sanitized_username(GetStubSanitizedUsername(cryptohome_id)); ReturnProtobufMethodCallback(reply, callback); } void FakeCryptohomeClient::AddKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::AddKeyRequest& request, const ProtobufMethodCallback& callback) { @@ -503,7 +504,7 @@ void FakeCryptohomeClient::AddKeyEx( } void FakeCryptohomeClient::RemoveKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) { @@ -512,7 +513,7 @@ void FakeCryptohomeClient::RemoveKeyEx( } void FakeCryptohomeClient::UpdateKeyEx( - const cryptohome::AccountIdentifier& id, + const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::UpdateKeyRequest& request, const ProtobufMethodCallback& callback) { diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h index 801faaf..20402dc 100644 --- a/chromeos/dbus/fake_cryptohome_client.h +++ b/chromeos/dbus/fake_cryptohome_client.h @@ -29,30 +29,30 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { const WaitForServiceToBeAvailableCallback& callback) override; void IsMounted(const BoolDBusMethodCallback& callback) override; bool Unmount(bool* success) override; - void AsyncCheckKey(const std::string& username, + void AsyncCheckKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback) override; - void AsyncMigrateKey(const std::string& username, + void AsyncMigrateKey(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback) override; - void AsyncRemove(const std::string& username, + void AsyncRemove(const cryptohome::Identification& cryptohome_id, const AsyncMethodCallback& callback) override; void GetSystemSalt(const GetSystemSaltCallback& callback) override; - void GetSanitizedUsername(const std::string& username, + void GetSanitizedUsername(const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback) override; std::string BlockingGetSanitizedUsername( - const std::string& username) override; - void AsyncMount(const std::string& username, + const cryptohome::Identification& cryptohome_id) override; + void AsyncMount(const cryptohome::Identification& cryptohome_id, const std::string& key, int flags, const AsyncMethodCallback& callback) override; - void AsyncAddKey(const std::string& username, + void AsyncAddKey(const cryptohome::Identification& cryptohome_id, const std::string& key, const std::string& new_key, const AsyncMethodCallback& callback) override; void AsyncMountGuest(const AsyncMethodCallback& callback) override; - void AsyncMountPublic(const std::string& public_mount_id, + void AsyncMountPublic(const cryptohome::Identification& public_mount_id, int flags, const AsyncMethodCallback& callback) override; void TpmIsReady(const BoolDBusMethodCallback& callback) override; @@ -70,7 +70,7 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { void Pkcs11GetTpmTokenInfo( const Pkcs11GetTpmTokenInfoCallback& callback) override; void Pkcs11GetTpmTokenInfoForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) override; bool InstallAttributesGet(const std::string& name, std::vector<uint8_t>* value, @@ -96,36 +96,38 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback) override; void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback) override; void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback) override; void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback) override; - void TpmAttestationGetPublicKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const DataMethodCallback& callback) override; - void TpmAttestationRegisterKey(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const AsyncMethodCallback& callback) override; + void TpmAttestationGetPublicKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const DataMethodCallback& callback) override; + void TpmAttestationRegisterKey( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const AsyncMethodCallback& callback) override; void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -134,46 +136,47 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback) override; void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) override; - void TpmAttestationGetKeyPayload(attestation::AttestationKeyType key_type, - const std::string& user_id, - const std::string& key_name, - const DataMethodCallback& callback) override; + void TpmAttestationGetKeyPayload( + attestation::AttestationKeyType key_type, + const cryptohome::Identification& cryptohome_id, + const std::string& key_name, + const DataMethodCallback& callback) override; void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) override; void TpmAttestationDeleteKeys( attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback) override; - void GetKeyDataEx(const cryptohome::AccountIdentifier& id, + void GetKeyDataEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::GetKeyDataRequest& request, const ProtobufMethodCallback& callback) override; - void CheckKeyEx(const cryptohome::AccountIdentifier& id, + void CheckKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::CheckKeyRequest& request, const ProtobufMethodCallback& callback) override; - void MountEx(const cryptohome::AccountIdentifier& id, + void MountEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::MountRequest& request, const ProtobufMethodCallback& callback) override; - void AddKeyEx(const cryptohome::AccountIdentifier& id, + void AddKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::AddKeyRequest& request, const ProtobufMethodCallback& callback) override; - void UpdateKeyEx(const cryptohome::AccountIdentifier& id, + void UpdateKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::UpdateKeyRequest& request, const ProtobufMethodCallback& callback) override; - void RemoveKeyEx(const cryptohome::AccountIdentifier& id, + void RemoveKeyEx(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback) override; diff --git a/chromeos/dbus/fake_session_manager_client.cc b/chromeos/dbus/fake_session_manager_client.cc index 77e8b37..e66b15b 100644 --- a/chromeos/dbus/fake_session_manager_client.cc +++ b/chromeos/dbus/fake_session_manager_client.cc @@ -50,11 +50,12 @@ void FakeSessionManagerClient::EmitLoginPromptVisible() { void FakeSessionManagerClient::RestartJob( const std::vector<std::string>& argv) {} -void FakeSessionManagerClient::StartSession(const std::string& user_email) { - DCHECK_EQ(0UL, user_sessions_.count(user_email)); +void FakeSessionManagerClient::StartSession( + const cryptohome::Identification& cryptohome_id) { + DCHECK_EQ(0UL, user_sessions_.count(cryptohome_id)); std::string user_id_hash = - CryptohomeClient::GetStubSanitizedUsername(user_email); - user_sessions_[user_email] = user_id_hash; + CryptohomeClient::GetStubSanitizedUsername(cryptohome_id); + user_sessions_[cryptohome_id] = user_id_hash; } void FakeSessionManagerClient::StopSession() { @@ -94,15 +95,15 @@ void FakeSessionManagerClient::RetrieveDevicePolicy( } void FakeSessionManagerClient::RetrievePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( - FROM_HERE, base::Bind(callback, user_policies_[username])); + FROM_HERE, base::Bind(callback, user_policies_[cryptohome_id])); } std::string FakeSessionManagerClient::BlockingRetrievePolicyForUser( - const std::string& username) { - return user_policies_[username]; + const cryptohome::Identification& cryptohome_id) { + return user_policies_[cryptohome_id]; } void FakeSessionManagerClient::RetrieveDeviceLocalAccountPolicy( @@ -123,10 +124,10 @@ void FakeSessionManagerClient::StoreDevicePolicy( } void FakeSessionManagerClient::StorePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) { - user_policies_[username] = policy_blob; + user_policies_[cryptohome_id] = policy_blob; base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, base::Bind(callback, true)); } @@ -141,9 +142,8 @@ void FakeSessionManagerClient::StoreDeviceLocalAccountPolicy( } void FakeSessionManagerClient::SetFlagsForUser( - const std::string& username, - const std::vector<std::string>& flags) { -} + const cryptohome::Identification& cryptohome_id, + const std::vector<std::string>& flags) {} void FakeSessionManagerClient::GetServerBackedStateKeys( const StateKeysCallback& callback) { @@ -178,15 +178,16 @@ void FakeSessionManagerClient::set_device_policy( } const std::string& FakeSessionManagerClient::user_policy( - const std::string& username) const { - std::map<std::string, std::string>::const_iterator it = - user_policies_.find(username); + const cryptohome::Identification& cryptohome_id) const { + std::map<cryptohome::Identification, std::string>::const_iterator it = + user_policies_.find(cryptohome_id); return it == user_policies_.end() ? base::EmptyString() : it->second; } -void FakeSessionManagerClient::set_user_policy(const std::string& username, - const std::string& policy_blob) { - user_policies_[username] = policy_blob; +void FakeSessionManagerClient::set_user_policy( + const cryptohome::Identification& cryptohome_id, + const std::string& policy_blob) { + user_policies_[cryptohome_id] = policy_blob; } const std::string& FakeSessionManagerClient::device_local_account_policy( diff --git a/chromeos/dbus/fake_session_manager_client.h b/chromeos/dbus/fake_session_manager_client.h index b281847..4150091 100644 --- a/chromeos/dbus/fake_session_manager_client.h +++ b/chromeos/dbus/fake_session_manager_client.h @@ -12,6 +12,7 @@ #include "base/compiler_specific.h" #include "base/macros.h" #include "base/observer_list.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/session_manager_client.h" namespace chromeos { @@ -32,7 +33,7 @@ class FakeSessionManagerClient : public SessionManagerClient { bool IsScreenLocked() const override; void EmitLoginPromptVisible() override; void RestartJob(const std::vector<std::string>& argv) override; - void StartSession(const std::string& user_email) override; + void StartSession(const cryptohome::Identification& cryptohome_id) override; void StopSession() override; void NotifySupervisedUserCreationStarted() override; void NotifySupervisedUserCreationFinished() override; @@ -42,23 +43,23 @@ class FakeSessionManagerClient : public SessionManagerClient { void NotifyLockScreenDismissed() override; void RetrieveActiveSessions(const ActiveSessionsCallback& callback) override; void RetrieveDevicePolicy(const RetrievePolicyCallback& callback) override; - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override; std::string BlockingRetrievePolicyForUser( - const std::string& username) override; + const cryptohome::Identification& cryptohome_id) override; void RetrieveDeviceLocalAccountPolicy( const std::string& account_id, const RetrievePolicyCallback& callback) override; void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) override; - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override; void StoreDeviceLocalAccountPolicy( const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) override; - void SetFlagsForUser(const std::string& username, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override; void GetServerBackedStateKeys(const StateKeysCallback& callback) override; @@ -70,8 +71,9 @@ class FakeSessionManagerClient : public SessionManagerClient { const std::string& device_policy() const; void set_device_policy(const std::string& policy_blob); - const std::string& user_policy(const std::string& username) const; - void set_user_policy(const std::string& username, + const std::string& user_policy( + const cryptohome::Identification& cryptohome_id) const; + void set_user_policy(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob); const std::string& device_local_account_policy( @@ -105,7 +107,7 @@ class FakeSessionManagerClient : public SessionManagerClient { private: std::string device_policy_; - std::map<std::string, std::string> user_policies_; + std::map<cryptohome::Identification, std::string> user_policies_; std::map<std::string, std::string> device_local_account_policy_; base::ObserverList<Observer> observers_; SessionManagerClient::ActiveSessionsMap user_sessions_; diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h index 4382d35..c4e166b 100644 --- a/chromeos/dbus/mock_cryptohome_client.h +++ b/chromeos/dbus/mock_cryptohome_client.h @@ -9,6 +9,7 @@ #include <string> +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome/rpc.pb.h" #include "chromeos/dbus/cryptohome_client.h" #include "testing/gmock/include/gmock/gmock.h" @@ -30,35 +31,40 @@ class MockCryptohomeClient : public CryptohomeClient { MOCK_METHOD1(IsMounted, void(const BoolDBusMethodCallback& callback)); MOCK_METHOD1(Unmount, bool(bool* success)); MOCK_METHOD3(AsyncCheckKey, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const std::string& key, const AsyncMethodCallback& callback)); MOCK_METHOD4(AsyncMigrateKey, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const std::string& from_key, const std::string& to_key, const AsyncMethodCallback& callback)); - MOCK_METHOD2(AsyncRemove, void(const std::string& username, - const AsyncMethodCallback& callback)); + MOCK_METHOD2(AsyncRemove, + void(const cryptohome::Identification& cryptohome_id, + const AsyncMethodCallback& callback)); + MOCK_METHOD1(GetSystemSalt, void(const GetSystemSaltCallback& callback)); MOCK_METHOD2(GetSanitizedUsername, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const StringDBusMethodCallback& callback)); MOCK_METHOD1(BlockingGetSanitizedUsername, - std::string(const std::string& username)); - MOCK_METHOD4(AsyncMount, void(const std::string& username, - const std::string& key, - int flags, - const AsyncMethodCallback& callback)); - MOCK_METHOD4(AsyncAddKey, void(const std::string& username, - const std::string& key, - const std::string& new_key, - const AsyncMethodCallback& callback)); + std::string(const cryptohome::Identification& cryptohome_id)); + MOCK_METHOD4(AsyncMount, + void(const cryptohome::Identification& cryptohome_id, + const std::string& key, + int flags, + const AsyncMethodCallback& callback)); + MOCK_METHOD4(AsyncAddKey, + void(const cryptohome::Identification& cryptohome_id, + const std::string& key, + const std::string& new_key, + const AsyncMethodCallback& callback)); MOCK_METHOD1(AsyncMountGuest, void(const AsyncMethodCallback& callback)); - MOCK_METHOD3(AsyncMountPublic, void(const std::string& public_mount_id, - int flags, - const AsyncMethodCallback& callback)); + MOCK_METHOD3(AsyncMountPublic, + void(const cryptohome::Identification& public_mount_id, + int flags, + const AsyncMethodCallback& callback)); MOCK_METHOD1(TpmIsReady, void(const BoolDBusMethodCallback& callback)); MOCK_METHOD1(TpmIsEnabled, void(const BoolDBusMethodCallback& callback)); MOCK_METHOD1(CallTpmIsEnabledAndBlock, bool(bool* enabled)); @@ -77,7 +83,7 @@ class MockCryptohomeClient : public CryptohomeClient { MOCK_METHOD1(Pkcs11GetTpmTokenInfo, void(const Pkcs11GetTpmTokenInfoCallback& callback)); MOCK_METHOD2(Pkcs11GetTpmTokenInfoForUser, - void(const std::string& username, + void(const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback)); MOCK_METHOD3(InstallAttributesGet, bool(const std::string& name, @@ -107,38 +113,38 @@ class MockCryptohomeClient : public CryptohomeClient { AsyncTpmAttestationCreateCertRequest, void(attestation::PrivacyCAType pca_type, attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& request_origin, const AsyncMethodCallback& callback)); MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback)); MOCK_METHOD4(TpmAttestationDoesKeyExist, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const BoolDBusMethodCallback& callback)); MOCK_METHOD4(TpmAttestationGetCertificate, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD4(TpmAttestationGetPublicKey, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD4(TpmAttestationRegisterKey, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const AsyncMethodCallback& callback)); MOCK_METHOD8(TpmAttestationSignEnterpriseChallenge, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -147,53 +153,53 @@ class MockCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback)); MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback)); MOCK_METHOD4(TpmAttestationGetKeyPayload, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD5(TpmAttestationSetKeyPayload, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback)); MOCK_METHOD4(TpmAttestationDeleteKeys, void(attestation::AttestationKeyType key_type, - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const std::string& key_prefix, const BoolDBusMethodCallback& callback)); MOCK_METHOD4(GetKeyDataEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::GetKeyDataRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::GetKeyDataRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(CheckKeyEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::CheckKeyRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::CheckKeyRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(MountEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::MountRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::MountRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(AddKeyEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::AddKeyRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::AddKeyRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(UpdateKeyEx, - void(const cryptohome::AccountIdentifier& id, - const cryptohome::AuthorizationRequest& auth, - const cryptohome::UpdateKeyRequest& request, - const ProtobufMethodCallback& callback)); + void(const cryptohome::Identification& cryptohome_id, + const cryptohome::AuthorizationRequest& auth, + const cryptohome::UpdateKeyRequest& request, + const ProtobufMethodCallback& callback)); MOCK_METHOD4(RemoveKeyEx, - void(const cryptohome::AccountIdentifier& id, + void(const cryptohome::Identification& cryptohome_id, const cryptohome::AuthorizationRequest& auth, const cryptohome::RemoveKeyRequest& request, const ProtobufMethodCallback& callback)); diff --git a/chromeos/dbus/mock_session_manager_client.h b/chromeos/dbus/mock_session_manager_client.h index aec901a..dc7d095 100644 --- a/chromeos/dbus/mock_session_manager_client.h +++ b/chromeos/dbus/mock_session_manager_client.h @@ -7,6 +7,7 @@ #include <string> +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/session_manager_client.h" #include "testing/gmock/include/gmock/gmock.h" @@ -25,7 +26,7 @@ class MockSessionManagerClient : public SessionManagerClient { MOCK_CONST_METHOD0(IsScreenLocked, bool(void)); MOCK_METHOD0(EmitLoginPromptVisible, void(void)); MOCK_METHOD1(RestartJob, void(const std::vector<std::string>&)); - MOCK_METHOD1(StartSession, void(const std::string&)); + MOCK_METHOD1(StartSession, void(const cryptohome::Identification&)); MOCK_METHOD0(StopSession, void(void)); MOCK_METHOD0(NotifySupervisedUserCreationStarted, void(void)); MOCK_METHOD0(NotifySupervisedUserCreationFinished, void(void)); @@ -36,9 +37,10 @@ class MockSessionManagerClient : public SessionManagerClient { MOCK_METHOD1(RetrieveActiveSessions, void(const ActiveSessionsCallback&)); MOCK_METHOD1(RetrieveDevicePolicy, void(const RetrievePolicyCallback&)); MOCK_METHOD2(RetrievePolicyForUser, - void(const std::string&, + void(const cryptohome::Identification&, const RetrievePolicyCallback&)); - MOCK_METHOD1(BlockingRetrievePolicyForUser, std::string(const std::string&)); + MOCK_METHOD1(BlockingRetrievePolicyForUser, + std::string(const cryptohome::Identification&)); MOCK_METHOD2(RetrieveDeviceLocalAccountPolicy, void(const std::string&, const RetrievePolicyCallback&)); @@ -46,7 +48,7 @@ class MockSessionManagerClient : public SessionManagerClient { void(const std::string&, const StorePolicyCallback&)); MOCK_METHOD3(StorePolicyForUser, - void(const std::string&, + void(const cryptohome::Identification&, const std::string&, const StorePolicyCallback&)); MOCK_METHOD3(StoreDeviceLocalAccountPolicy, @@ -54,7 +56,7 @@ class MockSessionManagerClient : public SessionManagerClient { const std::string&, const StorePolicyCallback&)); MOCK_METHOD2(SetFlagsForUser, - void(const std::string&, + void(const cryptohome::Identification&, const std::vector<std::string>&)); MOCK_METHOD1(GetServerBackedStateKeys, void(const StateKeysCallback&)); MOCK_METHOD1(CheckArcAvailability, void(const ArcCallback&)); diff --git a/chromeos/dbus/session_manager_client.cc b/chromeos/dbus/session_manager_client.cc index dd9c13a..95559ea 100644 --- a/chromeos/dbus/session_manager_client.cc +++ b/chromeos/dbus/session_manager_client.cc @@ -20,6 +20,7 @@ #include "base/task_runner_util.h" #include "base/threading/worker_pool.h" #include "chromeos/chromeos_paths.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/blocking_method_caller.h" #include "chromeos/dbus/cryptohome_client.h" #include "crypto/sha2.h" @@ -34,15 +35,16 @@ namespace chromeos { namespace { -// Returns a location for |file| that is specific to the given |username|. +// Returns a location for |file| that is specific to the given |cryptohome_id|. // These paths will be relative to DIR_USER_POLICY_KEYS, and can be used only // to store stub files. -base::FilePath GetUserFilePath(const std::string& username, const char* file) { +base::FilePath GetUserFilePath(const cryptohome::Identification& cryptohome_id, + const char* file) { base::FilePath keys_path; if (!PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &keys_path)) return base::FilePath(); const std::string sanitized = - CryptohomeClient::GetStubSanitizedUsername(username); + CryptohomeClient::GetStubSanitizedUsername(cryptohome_id); return keys_path.AppendASCII(sanitized).AppendASCII(file); } @@ -153,11 +155,11 @@ class SessionManagerClientImpl : public SessionManagerClient { false); } - void StartSession(const std::string& user_email) override { + void StartSession(const cryptohome::Identification& cryptohome_id) override { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, login_manager::kSessionManagerStartSession); dbus::MessageWriter writer(&method_call); - writer.AppendString(user_email); + writer.AppendString(cryptohome_id.id()); writer.AppendString(""); // Unique ID is deprecated session_manager_proxy_->CallMethod( &method_call, @@ -238,21 +240,20 @@ class SessionManagerClientImpl : public SessionManagerClient { callback)); } - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override { CallRetrievePolicyByUsername( - login_manager::kSessionManagerRetrievePolicyForUser, - username, + login_manager::kSessionManagerRetrievePolicyForUser, cryptohome_id.id(), callback); } std::string BlockingRetrievePolicyForUser( - const std::string& username) override { + const cryptohome::Identification& cryptohome_id) override { dbus::MethodCall method_call( login_manager::kSessionManagerInterface, login_manager::kSessionManagerRetrievePolicyForUser); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); scoped_ptr<dbus::Response> response = blocking_method_caller_->CallMethodAndBlock(&method_call); std::string policy; @@ -289,13 +290,11 @@ class SessionManagerClientImpl : public SessionManagerClient { callback)); } - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override { CallStorePolicyByUsername(login_manager::kSessionManagerStorePolicyForUser, - username, - policy_blob, - callback); + cryptohome_id.id(), policy_blob, callback); } void StoreDeviceLocalAccountPolicy( @@ -309,12 +308,12 @@ class SessionManagerClientImpl : public SessionManagerClient { callback); } - void SetFlagsForUser(const std::string& username, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, login_manager::kSessionManagerSetFlagsForUser); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(cryptohome_id.id()); writer.AppendArrayOfStrings(flags); session_manager_proxy_->CallMethod( &method_call, @@ -423,12 +422,12 @@ class SessionManagerClientImpl : public SessionManagerClient { // Helper for RetrieveDeviceLocalAccountPolicy and RetrievePolicyForUser. void CallRetrievePolicyByUsername(const std::string& method_name, - const std::string& username, + const std::string& account_id, const RetrievePolicyCallback& callback) { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, method_name); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(account_id); session_manager_proxy_->CallMethod( &method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -440,13 +439,13 @@ class SessionManagerClientImpl : public SessionManagerClient { } void CallStorePolicyByUsername(const std::string& method_name, - const std::string& username, + const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) { dbus::MethodCall method_call(login_manager::kSessionManagerInterface, method_name); dbus::MessageWriter writer(&method_call); - writer.AppendString(username); + writer.AppendString(account_id); // static_cast does not work due to signedness. writer.AppendArrayOfBytes( reinterpret_cast<const uint8_t*>(policy_blob.data()), @@ -544,7 +543,7 @@ class SessionManagerClientImpl : public SessionManagerClient { LOG(ERROR) << method_name << " response is incorrect: " << response->ToString(); } else { - sessions[key] = value; + sessions[cryptohome::Identification::FromString(key)] = value; } } success = true; @@ -741,7 +740,7 @@ class SessionManagerClientStubImpl : public SessionManagerClient { bool IsScreenLocked() const override { return screen_is_locked_; } void EmitLoginPromptVisible() override {} void RestartJob(const std::vector<std::string>& argv) override {} - void StartSession(const std::string& user_email) override {} + void StartSession(const cryptohome::Identification& cryptohome_id) override {} void StopSession() override {} void NotifySupervisedUserCreationStarted() override {} void NotifySupervisedUserCreationFinished() override {} @@ -774,22 +773,23 @@ class SessionManagerClientStubImpl : public SessionManagerClient { base::Bind(&GetFileContent, device_policy_path), callback); } - void RetrievePolicyForUser(const std::string& username, + void RetrievePolicyForUser(const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) override { base::PostTaskAndReplyWithResult( - base::WorkerPool::GetTaskRunner(false).get(), - FROM_HERE, - base::Bind(&GetFileContent, GetUserFilePath(username, "stub_policy")), + base::WorkerPool::GetTaskRunner(false).get(), FROM_HERE, + base::Bind(&GetFileContent, + GetUserFilePath(cryptohome_id, "stub_policy")), callback); } std::string BlockingRetrievePolicyForUser( - const std::string& username) override { - return GetFileContent(GetUserFilePath(username, "stub_policy")); + const cryptohome::Identification& cryptohome_id) override { + return GetFileContent(GetUserFilePath(cryptohome_id, "stub_policy")); } void RetrieveDeviceLocalAccountPolicy( - const std::string& account_name, + const std::string& account_id, const RetrievePolicyCallback& callback) override { - RetrievePolicyForUser(account_name, callback); + RetrievePolicyForUser(cryptohome::Identification::FromString(account_id), + callback); } void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) override { @@ -821,7 +821,7 @@ class SessionManagerClientStubImpl : public SessionManagerClient { base::Bind(callback, true), false); } - void StorePolicyForUser(const std::string& username, + void StorePolicyForUser(const cryptohome::Identification& cryptohome_id, const std::string& policy_blob, const StorePolicyCallback& callback) override { // The session manager writes the user policy key to a well-known @@ -834,7 +834,7 @@ class SessionManagerClientStubImpl : public SessionManagerClient { } if (response.has_new_public_key()) { - base::FilePath key_path = GetUserFilePath(username, "policy.pub"); + base::FilePath key_path = GetUserFilePath(cryptohome_id, "policy.pub"); base::WorkerPool::PostTask( FROM_HERE, base::Bind(&StoreFile, key_path, response.new_public_key()), @@ -843,7 +843,8 @@ class SessionManagerClientStubImpl : public SessionManagerClient { // This file isn't read directly by Chrome, but is used by this class to // reload the user policy across restarts. - base::FilePath stub_policy_path = GetUserFilePath(username, "stub_policy"); + base::FilePath stub_policy_path = + GetUserFilePath(cryptohome_id, "stub_policy"); base::WorkerPool::PostTaskAndReply( FROM_HERE, base::Bind(&StoreFile, stub_policy_path, policy_blob), @@ -851,12 +852,13 @@ class SessionManagerClientStubImpl : public SessionManagerClient { false); } void StoreDeviceLocalAccountPolicy( - const std::string& account_name, + const std::string& account_id, const std::string& policy_blob, const StorePolicyCallback& callback) override { - StorePolicyForUser(account_name, policy_blob, callback); + StorePolicyForUser(cryptohome::Identification::FromString(account_id), + policy_blob, callback); } - void SetFlagsForUser(const std::string& username, + void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) override {} void GetServerBackedStateKeys(const StateKeysCallback& callback) override { diff --git a/chromeos/dbus/session_manager_client.h b/chromeos/dbus/session_manager_client.h index 4fd4c09..d0e3566 100644 --- a/chromeos/dbus/session_manager_client.h +++ b/chromeos/dbus/session_manager_client.h @@ -16,6 +16,10 @@ #include "chromeos/dbus/dbus_client.h" #include "chromeos/dbus/dbus_client_implementation_type.h" +namespace cryptohome { +class Identification; +} + namespace chromeos { // SessionManagerClient is used to communicate with the session manager. @@ -78,7 +82,8 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void RestartJob(const std::vector<std::string>& argv) = 0; // Starts the session for the user. - virtual void StartSession(const std::string& user_email) = 0; + virtual void StartSession( + const cryptohome::Identification& cryptohome_id) = 0; // Stops the current session. virtual void StopSession() = 0; @@ -102,19 +107,19 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void NotifySupervisedUserCreationFinished() = 0; // Map that is used to describe the set of active user sessions where |key| - // is user_id and |value| is user_id_hash. - typedef std::map<std::string, std::string> ActiveSessionsMap; + // is cryptohome id and |value| is user_id_hash. + using ActiveSessionsMap = std::map<cryptohome::Identification, std::string>; // The ActiveSessionsCallback is used for the RetrieveActiveSessions() - // method. It receives |sessions| argument where the keys are user_ids for - // all users that are currently active and |success| argument which indicates - // whether or not the request succeded. + // method. It receives |sessions| argument where the keys are cryptohome_ids + // for all users that are currently active and |success| argument which + // indicates whether or not the request succeded. typedef base::Callback<void(const ActiveSessionsMap& sessions, bool success)> ActiveSessionsCallback; // Enumerates active user sessions. Usually Chrome naturally keeps track of // active users when they are added into current session. When Chrome is - // restarted after crash by session_manager it only receives user_id and + // restarted after crash by session_manager it only receives cryptohome id and // user_id_hash for one user. This method is used to retrieve list of all // active users. virtual void RetrieveActiveSessions( @@ -131,10 +136,10 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void RetrieveDevicePolicy(const RetrievePolicyCallback& callback) = 0; // Fetches the user policy blob stored by the session manager for the given - // |username|. Upon completion of the retrieve attempt, we will call the + // |cryptohome_id|. Upon completion of the retrieve attempt, we will call the // provided callback. virtual void RetrievePolicyForUser( - const std::string& username, + const cryptohome::Identification& cryptohome_id, const RetrievePolicyCallback& callback) = 0; // Same as RetrievePolicyForUser() but blocks until a reply is received, and @@ -144,7 +149,7 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { // considered acceptable (e.g. restarting the browser after a crash or after // a flag change). virtual std::string BlockingRetrievePolicyForUser( - const std::string& username) = 0; + const cryptohome::Identification& cryptohome_id) = 0; // Fetches the policy blob associated with the specified device-local account // from session manager. |callback| is invoked up on completion. @@ -162,11 +167,13 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { virtual void StoreDevicePolicy(const std::string& policy_blob, const StorePolicyCallback& callback) = 0; - // Attempts to asynchronously store |policy_blob| as user policy for the given - // |username|. Upon completion of the store attempt, we will call callback. - virtual void StorePolicyForUser(const std::string& username, - const std::string& policy_blob, - const StorePolicyCallback& callback) = 0; + // Attempts to asynchronously store |policy_blob| as user policy for the + // given |cryptohome_id|. Upon completion of the store attempt, we will call + // callback. + virtual void StorePolicyForUser( + const cryptohome::Identification& cryptohome_id, + const std::string& policy_blob, + const StorePolicyCallback& callback) = 0; // Sends a request to store a policy blob for the specified device-local // account. The result of the operation is reported through |callback|. @@ -177,7 +184,7 @@ class CHROMEOS_EXPORT SessionManagerClient : public DBusClient { // Sets the flags to be applied next time by the session manager when Chrome // is restarted inside an already started session for a particular user. - virtual void SetFlagsForUser(const std::string& username, + virtual void SetFlagsForUser(const cryptohome::Identification& cryptohome_id, const std::vector<std::string>& flags) = 0; typedef base::Callback<void(const std::vector<std::string>& state_keys)> diff --git a/chromeos/login/auth/authenticator.h b/chromeos/login/auth/authenticator.h index 1f05bce..422cccd 100644 --- a/chromeos/login/auth/authenticator.h +++ b/chromeos/login/auth/authenticator.h @@ -13,6 +13,8 @@ #include "chromeos/login/auth/auth_status_consumer.h" #include "google_apis/gaia/gaia_auth_consumer.h" +class AccountId; + namespace content { class BrowserContext; } @@ -56,11 +58,11 @@ class CHROMEOS_EXPORT Authenticator // Initiates login into the public account identified by |user_context|. virtual void LoginAsPublicSession(const UserContext& user_context) = 0; - // Initiates login into kiosk mode account identified by |app_user_id|. - // The |app_user_id| is a generated username for the account. + // Initiates login into kiosk mode account identified by |app_account_id|. + // The |app_account_id| is a generated account id for the account. // |use_guest_mount| specifies whether to force the session to use a // guest mount. If this is false, we use mount a public cryptohome. - virtual void LoginAsKioskAccount(const std::string& app_user_id, + virtual void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) = 0; // Notifies caller that login was successful. Must be called on the UI thread. diff --git a/chromeos/login/auth/cryptohome_authenticator.cc b/chromeos/login/auth/cryptohome_authenticator.cc index df430d0..913af5d 100644 --- a/chromeos/login/auth/cryptohome_authenticator.cc +++ b/chromeos/login/auth/cryptohome_authenticator.cc @@ -149,8 +149,7 @@ void DoMount(const base::WeakPtr<AuthAttemptState>& attempt, } cryptohome::HomedirMethods::GetInstance()->MountEx( - cryptohome::Identification( - attempt->user_context.GetAccountId().GetUserEmail()), + cryptohome::Identification(attempt->user_context.GetAccountId()), cryptohome::Authorization(auth_key), mount, base::Bind(&OnMount, attempt, resolver)); } @@ -267,8 +266,7 @@ void StartMount(const base::WeakPtr<AuthAttemptState>& attempt, } cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( - cryptohome::Identification( - attempt->user_context.GetAccountId().GetUserEmail()), + cryptohome::Identification(attempt->user_context.GetAccountId()), kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, ephemeral, create_if_nonexistent)); } @@ -284,7 +282,7 @@ void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveHash, attempt, resolver)); } @@ -293,11 +291,11 @@ void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, scoped_refptr<CryptohomeAuthenticator> resolver, int flags) { cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( - attempt->user_context.GetAccountId().GetUserEmail(), flags, + cryptohome::Identification(attempt->user_context.GetAccountId()), flags, base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMountPublic-End", attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveHash, attempt, resolver)); } @@ -320,13 +318,13 @@ void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); if (passing_old_hash) { caller->AsyncMigrateKey( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), old_key->GetSecret(), new_key->GetSecret(), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", attempt, resolver)); } else { caller->AsyncMigrateKey( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), new_key->GetSecret(), old_key->GetSecret(), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", attempt, resolver)); @@ -339,7 +337,7 @@ void Remove(const base::WeakPtr<AuthAttemptState>& attempt, chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( "CryptohomeRemove-Start", false); cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", attempt, resolver)); } @@ -351,8 +349,8 @@ void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, scoped_ptr<Key> key = TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( - attempt->user_context.GetAccountId().GetUserEmail(), key->GetSecret(), - base::Bind(&TriggerResolve, attempt, resolver)); + cryptohome::Identification(attempt->user_context.GetAccountId()), + key->GetSecret(), base::Bind(&TriggerResolve, attempt, resolver)); } } // namespace @@ -447,12 +445,11 @@ void CryptohomeAuthenticator::LoginAsSupervisedUser( void CryptohomeAuthenticator::LoginOffTheRecord() { DCHECK(task_runner_->RunsTasksOnCurrentThread()); - current_state_.reset( - new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST, - login::GuestAccountId().GetUserEmail()), - false, // unlock - false, // online_complete - false)); // user_is_new + current_state_.reset(new AuthAttemptState( + UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId()), + false, // unlock + false, // online_complete + false)); // user_is_new remove_user_data_on_failure_ = false; ephemeral_mount_attempted_ = true; MountGuestAndGetHash(current_state_->AsWeakPtr(), @@ -477,14 +474,14 @@ void CryptohomeAuthenticator::LoginAsPublicSession( } void CryptohomeAuthenticator::LoginAsKioskAccount( - const std::string& app_user_id, + const AccountId& app_account_id, bool use_guest_mount) { DCHECK(task_runner_->RunsTasksOnCurrentThread()); - const std::string user_id = - use_guest_mount ? login::GuestAccountId().GetUserEmail() : app_user_id; + const AccountId& account_id = + use_guest_mount ? login::GuestAccountId() : app_account_id; current_state_.reset(new AuthAttemptState( - UserContext(user_manager::USER_TYPE_KIOSK_APP, user_id), + UserContext(user_manager::USER_TYPE_KIOSK_APP, account_id), false, // unlock false, // online_complete false)); // user_is_new diff --git a/chromeos/login/auth/cryptohome_authenticator.h b/chromeos/login/auth/cryptohome_authenticator.h index d767bd9..cfac3d3 100644 --- a/chromeos/login/auth/cryptohome_authenticator.h +++ b/chromeos/login/auth/cryptohome_authenticator.h @@ -129,12 +129,12 @@ class CHROMEOS_EXPORT CryptohomeAuthenticator // success/failure. void LoginAsPublicSession(const UserContext& user_context) override; - // Initiates login into the kiosk mode account identified by |app_user_id|. + // Initiates login into the kiosk mode account identified by |app_account_id|. // Mounts an ephemeral guest cryptohome if |use_guest_mount| is |true|. // Otherwise, mounts a public cryptohome, which will be ephemeral if the // |DeviceEphemeralUsersEnabled| policy is enabled and non-ephemeral // otherwise. - void LoginAsKioskAccount(const std::string& app_user_id, + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) override; // These methods must be called on the UI thread, as they make DBus calls diff --git a/chromeos/login/auth/extended_authenticator.h b/chromeos/login/auth/extended_authenticator.h index deaa6c4..0a0a877 100644 --- a/chromeos/login/auth/extended_authenticator.h +++ b/chromeos/login/auth/extended_authenticator.h @@ -15,6 +15,8 @@ #include "chromeos/chromeos_export.h" #include "chromeos/cryptohome/cryptohome_parameters.h" +class AccountId; + namespace chromeos { class AuthStatusConsumer; @@ -68,12 +70,13 @@ class CHROMEOS_EXPORT ExtendedAuthenticator virtual void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) = 0; - // This call will create and mount the home dir for |user_id| with the given - // |keys| if the home dir is missing. If the home dir exists already, a mount - // attempt will be performed using the first key in |keys| for authentication. - // Note that all |keys| should have been transformed from plain text already. + // This call will create and mount the home dir for |account_id| with the + // given |keys| if the home dir is missing. If the home dir exists already, a + // mount attempt will be performed using the first key in |keys| for + // authentication. Note that all |keys| should have been transformed from + // plain text already. // This method does not alter them. - virtual void CreateMount(const std::string& user_id, + virtual void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) = 0; diff --git a/chromeos/login/auth/extended_authenticator_impl.cc b/chromeos/login/auth/extended_authenticator_impl.cc index 25d9520..98ec0b9 100644 --- a/chromeos/login/auth/extended_authenticator_impl.cc +++ b/chromeos/login/auth/extended_authenticator_impl.cc @@ -82,19 +82,18 @@ void ExtendedAuthenticatorImpl::AuthenticateToCheck( } void ExtendedAuthenticatorImpl::CreateMount( - const std::string& user_id, + const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) { RecordStartMarker("MountEx"); - std::string canonicalized = gaia::CanonicalizeEmail(user_id); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(account_id); cryptohome::Authorization auth(keys.front()); cryptohome::MountParameters mount(false); for (size_t i = 0; i < keys.size(); i++) { mount.create_keys.push_back(keys[i]); } - UserContext context(AccountId::FromUserEmail(user_id)); + UserContext context(account_id); Key key(keys.front().secret); key.SetLabel(keys.front().label); context.SetKey(key); @@ -189,9 +188,7 @@ void ExtendedAuthenticatorImpl::DoAuthenticateToMount( const UserContext& user_context) { RecordStartMarker("MountEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const key = user_context.GetKey(); cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); cryptohome::MountParameters mount(false); @@ -212,9 +209,7 @@ void ExtendedAuthenticatorImpl::DoAuthenticateToCheck( const UserContext& user_context) { RecordStartMarker("CheckKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const key = user_context.GetKey(); cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); @@ -234,9 +229,7 @@ void ExtendedAuthenticatorImpl::DoAddKey(const cryptohome::KeyDefinition& key, const UserContext& user_context) { RecordStartMarker("AddKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); @@ -259,9 +252,7 @@ void ExtendedAuthenticatorImpl::DoUpdateKeyAuthorized( const UserContext& user_context) { RecordStartMarker("UpdateKeyAuthorized"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); @@ -282,9 +273,7 @@ void ExtendedAuthenticatorImpl::DoRemoveKey(const std::string& key_to_remove, const UserContext& user_context) { RecordStartMarker("RemoveKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); diff --git a/chromeos/login/auth/extended_authenticator_impl.h b/chromeos/login/auth/extended_authenticator_impl.h index a292e9e..550ba3f 100644 --- a/chromeos/login/auth/extended_authenticator_impl.h +++ b/chromeos/login/auth/extended_authenticator_impl.h @@ -15,6 +15,8 @@ #include "chromeos/login/auth/extended_authenticator.h" #include "third_party/cros_system_api/dbus/service_constants.h" +class AccountId; + namespace chromeos { class AuthStatusConsumer; @@ -32,7 +34,7 @@ class CHROMEOS_EXPORT ExtendedAuthenticatorImpl : public ExtendedAuthenticator { const ResultCallback& success_callback) override; void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) override; - void CreateMount(const std::string& user_id, + void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) override; void AddKey(const UserContext& context, diff --git a/chromeos/login/auth/fake_extended_authenticator.cc b/chromeos/login/auth/fake_extended_authenticator.cc index e57755b..b44255b 100644 --- a/chromeos/login/auth/fake_extended_authenticator.cc +++ b/chromeos/login/auth/fake_extended_authenticator.cc @@ -65,9 +65,10 @@ void FakeExtendedAuthenticator::AuthenticateToCheck( AuthFailure(AuthFailure::UNLOCK_FAILED)); } -void FakeExtendedAuthenticator::CreateMount(const std::string& user_id, - const std::vector<cryptohome::KeyDefinition>& keys, - const ResultCallback& success_callback) { +void FakeExtendedAuthenticator::CreateMount( + const AccountId& account_id, + const std::vector<cryptohome::KeyDefinition>& keys, + const ResultCallback& success_callback) { NOTREACHED(); } diff --git a/chromeos/login/auth/fake_extended_authenticator.h b/chromeos/login/auth/fake_extended_authenticator.h index 96dc4f4..ee48944 100644 --- a/chromeos/login/auth/fake_extended_authenticator.h +++ b/chromeos/login/auth/fake_extended_authenticator.h @@ -10,6 +10,8 @@ #include "chromeos/login/auth/extended_authenticator.h" #include "chromeos/login/auth/user_context.h" +class AccountId; + namespace chromeos { class AuthFailure; @@ -27,7 +29,7 @@ class CHROMEOS_EXPORT FakeExtendedAuthenticator : public ExtendedAuthenticator { const ResultCallback& success_callback) override; void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) override; - void CreateMount(const std::string& user_id, + void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) override; void AddKey(const UserContext& context, diff --git a/chromeos/login/auth/login_performer.cc b/chromeos/login/auth/login_performer.cc index b358105..6d949f4 100644 --- a/chromeos/login/auth/login_performer.cc +++ b/chromeos/login/auth/login_performer.cc @@ -228,14 +228,13 @@ void LoginPerformer::LoginOffTheRecord() { base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); } -void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id, +void LoginPerformer::LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) { EnsureAuthenticator(); - task_runner_->PostTask(FROM_HERE, - base::Bind(&Authenticator::LoginAsKioskAccount, - authenticator_.get(), - app_user_id, - use_guest_mount)); + task_runner_->PostTask( + FROM_HERE, + base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(), + app_account_id, use_guest_mount)); } void LoginPerformer::RecoverEncryptedData(const std::string& old_password) { diff --git a/chromeos/login/auth/login_performer.h b/chromeos/login/auth/login_performer.h index 915ee35..3eb2c4f6 100644 --- a/chromeos/login/auth/login_performer.h +++ b/chromeos/login/auth/login_performer.h @@ -79,8 +79,8 @@ class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer { // Performs public session login with a given |user_context|. void LoginAsPublicSession(const UserContext& user_context); - // Performs a login into the kiosk mode account with |app_user_id|. - void LoginAsKioskAccount(const std::string& app_user_id, + // Performs a login into the kiosk mode account with |app_account_id|. + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount); // AuthStatusConsumer implementation: diff --git a/chromeos/login/auth/stub_authenticator.cc b/chromeos/login/auth/stub_authenticator.cc index 371453d..d48d596 100644 --- a/chromeos/login/auth/stub_authenticator.cc +++ b/chromeos/login/auth/stub_authenticator.cc @@ -75,7 +75,7 @@ void StubAuthenticator::LoginAsPublicSession(const UserContext& user_context) { } void StubAuthenticator::LoginAsKioskAccount( - const std::string& /* app_user_id */, + const AccountId& /* app_account_id */, bool use_guest_mount) { UserContext user_context(expected_user_context_.GetAccountId()); user_context.SetIsUsingOAuth(false); diff --git a/chromeos/login/auth/stub_authenticator.h b/chromeos/login/auth/stub_authenticator.h index 8c67874..10f9775 100644 --- a/chromeos/login/auth/stub_authenticator.h +++ b/chromeos/login/auth/stub_authenticator.h @@ -13,6 +13,8 @@ #include "chromeos/login/auth/authenticator.h" #include "chromeos/login/auth/user_context.h" +class AccountId; + namespace content { class BrowserContext; } @@ -35,7 +37,7 @@ class CHROMEOS_EXPORT StubAuthenticator : public Authenticator { void LoginAsSupervisedUser(const UserContext& user_context) override; void LoginOffTheRecord() override; void LoginAsPublicSession(const UserContext& user_context) override; - void LoginAsKioskAccount(const std::string& app_user_id, + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) override; void OnAuthSuccess() override; void OnAuthFailure(const AuthFailure& failure) override; diff --git a/chromeos/login/auth/user_context.cc b/chromeos/login/auth/user_context.cc index 0060e3c..7eed5e0 100644 --- a/chromeos/login/auth/user_context.cc +++ b/chromeos/login/auth/user_context.cc @@ -11,7 +11,6 @@ UserContext::UserContext() : account_id_(EmptyAccountId()) {} UserContext::UserContext(const UserContext& other) : account_id_(other.account_id_), - gaia_id_(other.gaia_id_), key_(other.key_), auth_code_(other.auth_code_), refresh_token_(other.refresh_token_), @@ -32,20 +31,19 @@ UserContext::UserContext(const AccountId& account_id) } UserContext::UserContext(user_manager::UserType user_type, - const std::string& user_id) - : account_id_(EmptyAccountId()), user_type_(user_type) { + const AccountId& account_id) + : account_id_(account_id), user_type_(user_type) { if (user_type_ == user_manager::USER_TYPE_REGULAR) - account_id_ = AccountId::FromUserEmail(login::CanonicalizeUserID(user_id)); - else - account_id_ = AccountId::FromUserEmail(user_id); + account_id_.SetUserEmail( + login::CanonicalizeUserID(account_id_.GetUserEmail())); } UserContext::~UserContext() { } bool UserContext::operator==(const UserContext& context) const { - return context.account_id_ == account_id_ && context.gaia_id_ == gaia_id_ && - context.key_ == key_ && context.auth_code_ == auth_code_ && + return context.account_id_ == account_id_ && context.key_ == key_ && + context.auth_code_ == auth_code_ && context.refresh_token_ == refresh_token_ && context.access_token_ == access_token_ && context.user_id_hash_ == user_id_hash_ && @@ -64,7 +62,7 @@ const AccountId& UserContext::GetAccountId() const { } const std::string& UserContext::GetGaiaID() const { - return gaia_id_; + return account_id_.GetGaiaId(); } const Key* UserContext::GetKey() const { @@ -124,12 +122,8 @@ bool UserContext::HasCredentials() const { !auth_code_.empty(); } -void UserContext::SetUserID(const std::string& user_id) { - account_id_ = AccountId::FromUserEmail(login::CanonicalizeUserID(user_id)); -} - -void UserContext::SetGaiaID(const std::string& gaia_id) { - gaia_id_ = gaia_id; +void UserContext::SetAccountId(const AccountId& account_id) { + account_id_ = account_id; } void UserContext::SetKey(const Key& key) { diff --git a/chromeos/login/auth/user_context.h b/chromeos/login/auth/user_context.h index a4440cc..6f29645 100644 --- a/chromeos/login/auth/user_context.h +++ b/chromeos/login/auth/user_context.h @@ -40,7 +40,7 @@ class CHROMEOS_EXPORT UserContext { UserContext(); UserContext(const UserContext& other); explicit UserContext(const AccountId& account_id); - UserContext(user_manager::UserType user_type, const std::string& user_id); + UserContext(user_manager::UserType user_type, const AccountId& account_id); ~UserContext(); bool operator==(const UserContext& context) const; @@ -64,8 +64,7 @@ class CHROMEOS_EXPORT UserContext { bool HasCredentials() const; - void SetUserID(const std::string& user_id); - void SetGaiaID(const std::string& gaia_id); + void SetAccountId(const AccountId& account_id); void SetKey(const Key& key); void SetAuthCode(const std::string& auth_code); void SetRefreshToken(const std::string& refresh_token); @@ -83,7 +82,6 @@ class CHROMEOS_EXPORT UserContext { private: AccountId account_id_; - std::string gaia_id_; Key key_; std::string auth_code_; std::string refresh_token_; diff --git a/chromeos/tpm/tpm_token_info_getter.cc b/chromeos/tpm/tpm_token_info_getter.cc index e51392f..31a3089 100644 --- a/chromeos/tpm/tpm_token_info_getter.cc +++ b/chromeos/tpm/tpm_token_info_getter.cc @@ -8,6 +8,7 @@ #include "base/bind.h" #include "base/location.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" namespace { @@ -43,22 +44,20 @@ TPMTokenInfo::~TPMTokenInfo() {} // static scoped_ptr<TPMTokenInfoGetter> TPMTokenInfoGetter::CreateForUserToken( - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner) { - CHECK(!user_id.empty()); - return scoped_ptr<TPMTokenInfoGetter>( - new TPMTokenInfoGetter( - TYPE_USER, user_id, cryptohome_client, delayed_task_runner)); + CHECK(account_id.is_valid()); + return scoped_ptr<TPMTokenInfoGetter>(new TPMTokenInfoGetter( + TYPE_USER, account_id, cryptohome_client, delayed_task_runner)); } // static scoped_ptr<TPMTokenInfoGetter> TPMTokenInfoGetter::CreateForSystemToken( CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner) { - return scoped_ptr<TPMTokenInfoGetter>( - new TPMTokenInfoGetter( - TYPE_SYSTEM, std::string(), cryptohome_client, delayed_task_runner)); + return scoped_ptr<TPMTokenInfoGetter>(new TPMTokenInfoGetter( + TYPE_SYSTEM, EmptyAccountId(), cryptohome_client, delayed_task_runner)); } TPMTokenInfoGetter::~TPMTokenInfoGetter() {} @@ -75,18 +74,17 @@ void TPMTokenInfoGetter::Start(const TPMTokenInfoCallback& callback) { TPMTokenInfoGetter::TPMTokenInfoGetter( TPMTokenInfoGetter::Type type, - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner) : delayed_task_runner_(delayed_task_runner), type_(type), state_(TPMTokenInfoGetter::STATE_INITIAL), - user_id_(user_id), + account_id_(account_id), tpm_request_delay_( base::TimeDelta::FromMilliseconds(kInitialRequestDelayMs)), cryptohome_client_(cryptohome_client), - weak_factory_(this) { -} + weak_factory_(this) {} void TPMTokenInfoGetter::Continue() { switch (state_) { @@ -105,9 +103,9 @@ void TPMTokenInfoGetter::Continue() { weak_factory_.GetWeakPtr())); } else { // if (type_ == TYPE_USER) cryptohome_client_->Pkcs11GetTpmTokenInfoForUser( - user_id_, - base::Bind(&TPMTokenInfoGetter::OnPkcs11GetTpmTokenInfo, - weak_factory_.GetWeakPtr())); + cryptohome::Identification(account_id_), + base::Bind(&TPMTokenInfoGetter::OnPkcs11GetTpmTokenInfo, + weak_factory_.GetWeakPtr())); } break; case STATE_DONE: diff --git a/chromeos/tpm/tpm_token_info_getter.h b/chromeos/tpm/tpm_token_info_getter.h index 1612dc5..964c831 100644 --- a/chromeos/tpm/tpm_token_info_getter.h +++ b/chromeos/tpm/tpm_token_info_getter.h @@ -14,6 +14,7 @@ #include "base/time/time.h" #include "chromeos/chromeos_export.h" #include "chromeos/dbus/dbus_method_call_status.h" +#include "components/signin/core/account_id/account_id.h" namespace base { class TaskRunner; @@ -47,7 +48,7 @@ class CHROMEOS_EXPORT TPMTokenInfoGetter { // Factory method for TPMTokenInfoGetter for a user token. static scoped_ptr<TPMTokenInfoGetter> CreateForUserToken( - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner); @@ -80,7 +81,7 @@ class CHROMEOS_EXPORT TPMTokenInfoGetter { TPMTokenInfoGetter( Type type, - const std::string& user_id, + const AccountId& account_id, CryptohomeClient* cryptohome_client, const scoped_refptr<base::TaskRunner>& delayed_task_runner); @@ -107,8 +108,9 @@ class CHROMEOS_EXPORT TPMTokenInfoGetter { Type type_; State state_; - // The user id associated with the TPMTokenInfoGetter. Empty for system token. - std::string user_id_; + // The account id associated with the TPMTokenInfoGetter. Empty for system + // token. + AccountId account_id_; TPMTokenInfoCallback callback_; diff --git a/chromeos/tpm/tpm_token_info_getter_unittest.cc b/chromeos/tpm/tpm_token_info_getter_unittest.cc index 013c22a..5bdfa6f 100644 --- a/chromeos/tpm/tpm_token_info_getter_unittest.cc +++ b/chromeos/tpm/tpm_token_info_getter_unittest.cc @@ -15,6 +15,7 @@ #include "base/single_thread_task_runner.h" #include "base/task_runner.h" #include "base/thread_task_runner_handle.h" +#include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/fake_cryptohome_client.h" #include "chromeos/tpm/tpm_token_info_getter.h" #include "testing/gtest/include/gtest/gtest.h" @@ -84,17 +85,16 @@ class FakeTaskRunner : public base::TaskRunner { // TPMTokenInfoGetter tests. class TestCryptohomeClient : public chromeos::FakeCryptohomeClient { public: - // |user_id|: The user associated with the TPMTokenInfoGetter that will be + // |account_id|: The user associated with the TPMTokenInfoGetter that will be // using the TestCryptohomeClient. Should be empty for system token. - explicit TestCryptohomeClient(const std::string& user_id) - : user_id_(user_id), + explicit TestCryptohomeClient(const AccountId& account_id) + : account_id_(account_id), tpm_is_enabled_(true), tpm_is_enabled_failure_count_(0), tpm_is_enabled_succeeded_(false), get_tpm_token_info_failure_count_(0), get_tpm_token_info_not_set_count_(0), - get_tpm_token_info_succeeded_(false) { - } + get_tpm_token_info_succeeded_(false) {} ~TestCryptohomeClient() override {} @@ -152,22 +152,22 @@ class TestCryptohomeClient : public chromeos::FakeCryptohomeClient { void Pkcs11GetTpmTokenInfo( const Pkcs11GetTpmTokenInfoCallback& callback) override { - ASSERT_TRUE(user_id_.empty()); + ASSERT_TRUE(account_id_.empty()); HandleGetTpmTokenInfo(callback); } void Pkcs11GetTpmTokenInfoForUser( - const std::string& user_id, + const cryptohome::Identification& cryptohome_id, const Pkcs11GetTpmTokenInfoCallback& callback) override { - ASSERT_FALSE(user_id_.empty()); - ASSERT_EQ(user_id_, user_id); + ASSERT_FALSE(cryptohome_id.id().empty()); + ASSERT_EQ(account_id_, cryptohome_id.GetAccountId()); HandleGetTpmTokenInfo(callback); } // Handles Pkcs11GetTpmTokenInfo calls (both for system and user token). The - // CryptohomeClient method overrides should make sure that |user_id_| is + // CryptohomeClient method overrides should make sure that |account_id_| is // properly set before calling this. void HandleGetTpmTokenInfo(const Pkcs11GetTpmTokenInfoCallback& callback) { ASSERT_TRUE(tpm_is_enabled_succeeded_); @@ -218,7 +218,7 @@ class TestCryptohomeClient : public chromeos::FakeCryptohomeClient { tpm_token_info_.slot_id); } - std::string user_id_; + AccountId account_id_; bool tpm_is_enabled_; int tpm_is_enabled_failure_count_; bool tpm_is_enabled_succeeded_; @@ -237,7 +237,7 @@ class SystemTPMTokenInfoGetterTest : public testing::Test { ~SystemTPMTokenInfoGetterTest() override {} void SetUp() override { - cryptohome_client_.reset(new TestCryptohomeClient(std::string())); + cryptohome_client_.reset(new TestCryptohomeClient(EmptyAccountId())); tpm_token_info_getter_ = chromeos::TPMTokenInfoGetter::CreateForSystemToken( cryptohome_client_.get(), @@ -258,23 +258,22 @@ class SystemTPMTokenInfoGetterTest : public testing::Test { class UserTPMTokenInfoGetterTest : public testing::Test { public: - UserTPMTokenInfoGetterTest() : user_id_("user") {} + UserTPMTokenInfoGetterTest() + : account_id_(AccountId::FromUserEmail("user")) {} ~UserTPMTokenInfoGetterTest() override {} void SetUp() override { - cryptohome_client_.reset(new TestCryptohomeClient(user_id_)); - tpm_token_info_getter_ = - chromeos::TPMTokenInfoGetter::CreateForUserToken( - user_id_, - cryptohome_client_.get(), - scoped_refptr<base::TaskRunner>(new FakeTaskRunner(&delays_))); + cryptohome_client_.reset(new TestCryptohomeClient(account_id_)); + tpm_token_info_getter_ = chromeos::TPMTokenInfoGetter::CreateForUserToken( + account_id_, cryptohome_client_.get(), + scoped_refptr<base::TaskRunner>(new FakeTaskRunner(&delays_))); } protected: scoped_ptr<TestCryptohomeClient> cryptohome_client_; scoped_ptr<chromeos::TPMTokenInfoGetter> tpm_token_info_getter_; - std::string user_id_; + const AccountId account_id_; std::vector<int64_t> delays_; private: |