Use GetSystemSalt from the cryptohome lib instead of reading salt off disk.

chrome/browser/chromeos/login/google_authenticator.h

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_GOOGLE_AUTHENTICATOR_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_GOOGLE_AUTHENTICATOR_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 52 matching lines @@
   virtual void OnURLFetchComplete(const URLFetcher* source,
                                   const GURL& url,
                                   const URLRequestStatus& status,
                                   int response_code,
                                   const ResponseCookies& cookies,
                                   const std::string& data);
 
 
 
   // Public for testing.
-  void set_system_salt(const std::vector<unsigned char>& new_salt) {
+  void set_system_salt(const chromeos::CryptohomeBlob& new_salt) {
     system_salt_ = new_salt;
   }
   void set_localaccount(const std::string& new_name) {
     localaccount_ = new_name;
     checked_for_localaccount_ = true;
   }
   void set_username(const std::string& fake_user) { username_ = fake_user; }
   void set_password_hash(const std::string& fake_hash) {
     ascii_hash_ = fake_hash;
   }
 
   // These methods must be called on the UI thread, as they make DBus calls
   // and also call back to the login UI.
   void OnLoginSuccess(const std::string& credentials);
   void CheckOffline(const std::string& error);
   void CheckLocalaccount(const std::string& error);
   void OnLoginFailure(const std::string& data);
 
   // Perform basic canonicalization of |email_address|, taking into account
   // that gmail does not consider '.' or caps inside a username to matter.
   // For example, c.masone@gmail.com == cMaSone@gmail.com, per
   // http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=10313#
   static std::string Canonicalize(const std::string& email_address);
 
   // The signal to cryptohomed that we want a tmpfs.
   // TODO(cmasone): revisit this after cryptohome re-impl
   static const char kTmpfsTrigger[];
 
  private:
-  // If we don't have the system salt yet, loads it from |path|.
-  // Should only be called on the FILE thread.
-  void LoadSystemSalt(const FilePath& path);
+  // If we don't have the system salt yet, loads it from the CryptohomeLibrary.
+  void LoadSystemSalt();
 
   // If we haven't already, looks in a file called |filename| next to
   // the browser executable for a "localaccount" name, and retrieves it
   // if one is present.  If someone attempts to authenticate with this
   // username, we will mount a tmpfs for them and let them use the
   // browser.
   // Should only be called on the FILE thread.
   void LoadLocalaccount(const std::string& filename);
 
   // Stores a hash of |password|, salted with the ascii of |system_salt_|.
@@ skipping 44 matching lines @@
   static const char kOpenSSLMagic[];
 
   // Name of a file, next to chrome, that contains a local account username.
   static const char kLocalaccountFile[];
 
   URLFetcher* fetcher_;
   URLRequestContextGetter* getter_;
   std::string username_;
   std::string ascii_hash_;
   std::string request_body_;
-  std::vector<unsigned char> system_salt_;
+  chromeos::CryptohomeBlob system_salt_;
   std::string localaccount_;
   bool checked_for_localaccount_;  // needed becasuse empty localaccount_ is ok.
   bool unlock_;  // True if authenticating to unlock the computer.
   bool try_again_;  // True if we're willing to retry the login attempt.
 
   friend class GoogleAuthenticatorTest;
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, SaltToAsciiTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, CheckTwoFactorResponse);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, CheckNormalErrorCode);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, EmailAddressNoOp);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, EmailAddressIgnoreCaps);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressIgnoreDomainCaps);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressIgnoreOneUsernameDot);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressIgnoreManyUsernameDots);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressIgnoreConsecutiveUsernameDots);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressDifferentOnesRejected);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressIgnorePlusSuffix);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            EmailAddressIgnoreMultiPlusSuffix);
-  FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, ReadSaltTest);
+  FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, ReadSaltOnlyOnceTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, ReadLocalaccountTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest,
                            ReadLocalaccountTrailingWSTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, ReadNoLocalaccountTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, LoginNetFailureTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, LoginDeniedTest);
   FRIEND_TEST_ALL_PREFIXES(GoogleAuthenticatorTest, TwoFactorLoginTest);
 
   DISALLOW_COPY_AND_ASSIGN(GoogleAuthenticator);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_GOOGLE_AUTHENTICATOR_H_