8 files changed, 148 insertions, 1 deletions
diff --git a/chrome/browser/browsing_data/browsing_data_remover.cc b/chrome/browser/browsing_data/browsing_data_remover.cc
index 60ba4bb..4824b4a 100644
--- a/chrome/browser/browsing_data/browsing_data_remover.cc
+++ b/chrome/browser/browsing_data/browsing_data_remover.cc
@@ -17,6 +17,10 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browsing_data/browsing_data_helper.h"
 #include "chrome/browser/chrome_notification_types.h"
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/user.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
+#endif
 #include "chrome/browser/download/download_prefs.h"
 #include "chrome/browser/download/download_service_factory.h"
 #include "chrome/browser/extensions/activity_log/activity_log.h"
@@ -46,6 +50,11 @@
 #include "chrome/browser/sessions/tab_restore_service_factory.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
+#if defined(OS_CHROMEOS)
+#include "chromeos/attestation/attestation_constants.h"
+#include "chromeos/dbus/cryptohome_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
+#endif
 #include "components/autofill/core/browser/personal_data_manager.h"
 #include "components/autofill/core/browser/webdata/autofill_webdata_service.h"
 #include "components/nacl/browser/nacl_browser.h"
@@ -178,6 +187,7 @@ BrowsingDataRemover::BrowsingDataRemover(Profile* profile,
       waiting_for_clear_shader_cache_(false),
       waiting_for_clear_webrtc_identity_store_(false),
       waiting_for_clear_keyword_data_(false),
+      waiting_for_clear_platform_keys_(false),
       remove_mask_(0),
       remove_origin_(GURL()),
       origin_set_mask_(0) {
@@ -588,6 +598,23 @@ void BrowsingDataRemover::RemoveImpl(int remove_mask,
     }
     deauthorize_content_licenses_request_id_ =
         pepper_flash_settings_manager_->DeauthorizeContentLicenses(prefs);
+#if defined(OS_CHROMEOS)
+    // On Chrome OS, also delete any content protection platform keys.
+    chromeos::User* user = chromeos::UserManager::Get()->
+        GetUserByProfile(profile_);
+    if (!user) {
+      LOG(WARNING) << "Failed to find user for current profile.";
+    } else {
+      chromeos::DBusThreadManager::Get()->GetCryptohomeClient()->
+          TpmAttestationDeleteKeys(
+              chromeos::attestation::KEY_USER,
+              user->email(),
+              chromeos::attestation::kContentProtectionKeyPrefix,
+              base::Bind(&BrowsingDataRemover::OnClearPlatformKeys,
+                         base::Unretained(this)));
+      waiting_for_clear_platform_keys_ = true;
+    }
+#endif
   }
 #endif
 
@@ -662,7 +689,8 @@ bool BrowsingDataRemover::AllDone() {
          !waiting_for_clear_hostname_resolution_cache_ &&
          !waiting_for_clear_network_predictor_ &&
          !waiting_for_clear_shader_cache_ &&
-         !waiting_for_clear_webrtc_identity_store_;
+         !waiting_for_clear_webrtc_identity_store_ &&
+         !waiting_for_clear_platform_keys_;
 }
 
 void BrowsingDataRemover::OnKeywordsLoaded() {
@@ -1114,6 +1142,19 @@ void BrowsingDataRemover::OnDeauthorizeContentLicensesCompleted(
 }
 #endif
 
+#if defined(OS_CHROMEOS)
+void BrowsingDataRemover::OnClearPlatformKeys(
+    chromeos::DBusMethodCallStatus call_status,
+    bool result) {
+  DCHECK(waiting_for_clear_platform_keys_);
+  if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS || !result) {
+    LOG(ERROR) << "Failed to clear platform keys.";
+  }
+  waiting_for_clear_platform_keys_ = false;
+  NotifyAndDeleteIfDone();
+}
+#endif
+
 void BrowsingDataRemover::OnClearedCookies(int num_deleted) {
   if (!BrowserThread::CurrentlyOn(BrowserThread::UI)) {
     BrowserThread::PostTask(
diff --git a/chrome/browser/browsing_data/browsing_data_remover.h b/chrome/browser/browsing_data/browsing_data_remover.h
index ff31f09..083781e 100644
--- a/chrome/browser/browsing_data/browsing_data_remover.h
+++ b/chrome/browser/browsing_data/browsing_data_remover.h
@@ -17,6 +17,9 @@
 #include "chrome/browser/pepper_flash_settings_manager.h"
 #include "chrome/browser/search_engines/template_url_service.h"
 #include "chrome/common/cancelable_task_tracker.h"
+#if defined(OS_CHROMEOS)
+#include "chromeos/dbus/dbus_method_call_status.h"
+#endif
 #include "url/gurl.h"
 #include "webkit/common/quota/quota_types.h"
 
@@ -226,6 +229,11 @@ class BrowsingDataRemover
                                                      bool success) OVERRIDE;
 #endif
 
+#if defined (OS_CHROMEOS)
+  void OnClearPlatformKeys(chromeos::DBusMethodCallStatus call_status,
+                           bool result);
+#endif
+
   // Removes the specified items related to browsing for a specific host. If the
   // provided |origin| is empty, data is removed for all origins. The
   // |origin_set_mask| parameter defines the set of origins from which data
@@ -436,6 +444,7 @@ class BrowsingDataRemover
   bool waiting_for_clear_shader_cache_;
   bool waiting_for_clear_webrtc_identity_store_;
   bool waiting_for_clear_keyword_data_;
+  bool waiting_for_clear_platform_keys_;
 
   // Tracking how many origins need to be deleted, and whether we're finished
   // gathering origins.
diff --git a/chrome/browser/browsing_data/browsing_data_remover_unittest.cc b/chrome/browser/browsing_data/browsing_data_remover_unittest.cc
index 559a199..228392c 100644
--- a/chrome/browser/browsing_data/browsing_data_remover_unittest.cc
+++ b/chrome/browser/browsing_data/browsing_data_remover_unittest.cc
@@ -19,6 +19,12 @@
 #include "chrome/browser/autofill/personal_data_manager_factory.h"
 #include "chrome/browser/browsing_data/browsing_data_helper.h"
 #include "chrome/browser/chrome_notification_types.h"
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/mock_user_manager.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/settings/cros_settings.h"
+#include "chrome/browser/chromeos/settings/device_settings_service.h"
+#endif
 #include "chrome/browser/extensions/mock_extension_special_storage_policy.h"
 #include "chrome/browser/history/history_service.h"
 #include "chrome/browser/history/history_service_factory.h"
@@ -26,6 +32,11 @@
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/testing_browser_process.h"
 #include "chrome/test/base/testing_profile.h"
+#if defined(OS_CHROMEOS)
+#include "chromeos/dbus/dbus_thread_manager.h"
+#include "chromeos/dbus/mock_cryptohome_client.h"
+#include "chromeos/dbus/mock_dbus_thread_manager.h"
+#endif
 #include "components/autofill/core/browser/autofill_common_test.h"
 #include "components/autofill/core/browser/autofill_profile.h"
 #include "components/autofill/core/browser/credit_card.h"
@@ -43,12 +54,16 @@
 #include "net/ssl/ssl_client_cert_type.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
+#include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "webkit/browser/quota/mock_quota_manager.h"
 #include "webkit/browser/quota/quota_manager.h"
 #include "webkit/common/quota/quota_types.h"
 
 using content::BrowserThread;
+using testing::_;
+using testing::Invoke;
+using testing::WithArgs;
 
 namespace {
 
@@ -163,6 +178,14 @@ class AwaitCompletionHelper : public BrowsingDataRemover::Observer {
   DISALLOW_COPY_AND_ASSIGN(AwaitCompletionHelper);
 };
 
+#if defined(OS_CHROMEOS)
+void FakeDBusCall(const chromeos::BoolDBusMethodCallback& callback) {
+  base::MessageLoop::current()->PostTask(
+      FROM_HERE,
+      base::Bind(callback, chromeos::DBUS_METHOD_CALL_SUCCESS, true));
+}
+#endif
+
 }  // namespace
 
 // Testers -------------------------------------------------------------------
@@ -1391,3 +1414,27 @@ TEST_F(BrowsingDataRemoverTest, AutofillOriginsRemovedWithHistory) {
   EXPECT_FALSE(tester.HasOrigin(kWebOrigin));
   EXPECT_TRUE(tester.HasOrigin(kChromeOrigin));
 }
+
+#if defined(OS_CHROMEOS)
+TEST_F(BrowsingDataRemoverTest, ContentProtectionPlatformKeysRemoval) {
+  chromeos::ScopedTestDeviceSettingsService test_device_settings_service;
+  chromeos::ScopedTestCrosSettings test_cros_settings;
+  chromeos::MockUserManager* mock_user_manager =
+      new testing::NiceMock<chromeos::MockUserManager>();
+  mock_user_manager->SetActiveUser("test@example.com");
+  chromeos::ScopedUserManagerEnabler user_manager_enabler(mock_user_manager);
+  chromeos::MockDBusThreadManager mock_dbus_manager;
+  chromeos::DBusThreadManager::InitializeForTesting(&mock_dbus_manager);
+  chromeos::MockCryptohomeClient* cryptohome_client =
+      mock_dbus_manager.mock_cryptohome_client();
+
+  // Expect exactly one call.  No calls means no attempt to delete keys and more
+  // than one call means a significant performance problem.
+  EXPECT_CALL(*cryptohome_client, TpmAttestationDeleteKeys(_, _, _, _))
+      .WillOnce(WithArgs<3>(Invoke(FakeDBusCall)));
+
+  BlockUntilBrowsingDataRemoved(
+      BrowsingDataRemover::EVERYTHING,
+      BrowsingDataRemover::REMOVE_CONTENT_LICENSES, false);
+}
+#endif
diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc
index 77848d3..7165aa7 100644
--- a/chromeos/dbus/cryptohome_client.cc
+++ b/chromeos/dbus/cryptohome_client.cc
@@ -675,6 +675,23 @@ class CryptohomeClientImpl : public CryptohomeClient {
     CallBoolMethod(&method_call, callback);
   }
 
+  // CryptohomeClient override.
+  virtual void TpmAttestationDeleteKeys(
+      attestation::AttestationKeyType key_type,
+      const std::string& user_id,
+      const std::string& key_prefix,
+      const BoolDBusMethodCallback& callback) OVERRIDE {
+    dbus::MethodCall method_call(
+        cryptohome::kCryptohomeInterface,
+        cryptohome::kCryptohomeTpmAttestationDeleteKeys);
+    dbus::MessageWriter writer(&method_call);
+    bool is_user_specific = (key_type == attestation::KEY_USER);
+    writer.AppendBool(is_user_specific);
+    writer.AppendString(user_id);
+    writer.AppendString(key_prefix);
+    CallBoolMethod(&method_call, callback);
+  }
+
  protected:
   virtual void Init(dbus::Bus* bus) OVERRIDE {
     proxy_ = bus->GetObjectProxy(
diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h
index 87457a7..2fcb975 100644
--- a/chromeos/dbus/cryptohome_client.h
+++ b/chromeos/dbus/cryptohome_client.h
@@ -413,6 +413,20 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient {
       const std::string& payload,
       const BoolDBusMethodCallback& callback) = 0;
 
+  // Deletes certified keys as specified by |key_type| and |key_prefix|.  The
+  // |callback| will be called when the operation completes.  If the operation
+  // succeeds, the callback |result| parameter will be true.  If |key_type| is
+  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
+  // For normal GAIA users the |user_id| is a canonical email address.  All keys
+  // where the key name has a prefix matching |key_prefix| will be deleted.  All
+  // meta-data associated with the key, including certificates, will also be
+  // deleted.
+  virtual void TpmAttestationDeleteKeys(
+      attestation::AttestationKeyType key_type,
+      const std::string& user_id,
+      const std::string& key_prefix,
+      const BoolDBusMethodCallback& callback) = 0;
+
  protected:
   // Create() should be used instead.
   CryptohomeClient();
diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc
index 50ae793..c1baba0 100644
--- a/chromeos/dbus/fake_cryptohome_client.cc
+++ b/chromeos/dbus/fake_cryptohome_client.cc
@@ -382,6 +382,15 @@ void FakeCryptohomeClient::TpmAttestationSetKeyPayload(
       FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, false));
 }
 
+void FakeCryptohomeClient::TpmAttestationDeleteKeys(
+    attestation::AttestationKeyType key_type,
+    const std::string& user_id,
+    const std::string& key_prefix,
+    const BoolDBusMethodCallback& callback) {
+  base::MessageLoop::current()->PostTask(
+      FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, false));
+}
+
 void FakeCryptohomeClient::SetServiceIsAvailable(bool is_available) {
   service_is_available_ = is_available;
   if (is_available) {
diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h
index fd482b9..41b129d 100644
--- a/chromeos/dbus/fake_cryptohome_client.h
+++ b/chromeos/dbus/fake_cryptohome_client.h
@@ -152,6 +152,11 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient {
       const std::string& key_name,
       const std::string& payload,
       const BoolDBusMethodCallback& callback) OVERRIDE;
+  virtual void TpmAttestationDeleteKeys(
+      attestation::AttestationKeyType key_type,
+      const std::string& user_id,
+      const std::string& key_prefix,
+      const BoolDBusMethodCallback& callback) OVERRIDE;
 
   // Changes the behavior of WaitForServiceToBeAvailable(). This method runs
   // pending callbacks if is_available is true.
diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h
index c8232da..6767923 100644
--- a/chromeos/dbus/mock_cryptohome_client.h
+++ b/chromeos/dbus/mock_cryptohome_client.h
@@ -156,6 +156,11 @@ class MockCryptohomeClient : public CryptohomeClient {
                     const std::string& key_name,
                     const std::string& payload,
                     const BoolDBusMethodCallback& callback));
+  MOCK_METHOD4(TpmAttestationDeleteKeys,
+               void(attestation::AttestationKeyType key_type,
+                    const std::string& user_id,
+                    const std::string& key_prefix,
+                    const BoolDBusMethodCallback& callback));
 };
 
 }  // namespace chromeos