OAuth2 sign-in flow for ChromeOS

chrome/browser/chromeos/cros/cert_library.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/cros/cert_library.h"
 
 #include <algorithm>
 
 #include "base/chromeos/chromeos_version.h"
 #include "base/command_line.h"
@@ skipping 179 matching lines @@
     CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     return server_certs_;
   }
 
   virtual const CertList& GetCACertificates() const OVERRIDE {
     CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     return server_ca_certs_;
   }
 
   virtual std::string EncryptToken(const std::string& token) OVERRIDE {
+#ifndef NDEBUG

[Joao da Silva, 2013/01/11 16:45:07]

Is this meant to stay in?

[zel, 2013/01/11 19:51:16]

Yes it is going to stay in. While we develop on Linux workstations, we don't
really care about encryption but without this function working properly we can't
test use cases when users are already signed in. Once we fully move to OAuth2,
this function is going away.

[Joao da Silva, 2013/01/11 20:13:15]

Ah, I see now. IsRunningOnChromeOS() may be a more reliable signal in that case,
and works for Release builds on linux.

[zel, 2013/01/11 20:54:20]

Done.

+    return token;
+#else
     if (!LoadSupplementalUserKey()) {
       LOG(WARNING) << "Supplemental user key is not available for encrypt.";
       return std::string();
     }
     crypto::Encryptor encryptor;
     if (!encryptor.Init(supplemental_user_key_.get(), crypto::Encryptor::CTR,
                         std::string())) {
       LOG(WARNING) << "Failed to initialize Encryptor.";
       return std::string();
     }
     std::string salt =
         CrosLibrary::Get()->GetCryptohomeLibrary()->GetSystemSalt();
     std::string nonce = salt.substr(0, kKeySize);
     std::string encoded_token;
     CHECK(encryptor.SetCounter(nonce));
     if (!encryptor.Encrypt(token, &encoded_token)) {
       LOG(WARNING) << "Failed to encrypt token.";
       return std::string();
     }
 
     return StringToLowerASCII(base::HexEncode(
         reinterpret_cast<const void*>(encoded_token.data()),
         encoded_token.size()));
+#endif
   }
 
   virtual std::string DecryptToken(
       const std::string& encrypted_token_hex) OVERRIDE {
+#ifndef NDEBUG
+    return encrypted_token_hex;
+#else
     if (!LoadSupplementalUserKey()) {
       LOG(WARNING) << "Supplemental user key is not available for decrypt.";
       return std::string();
     }
     return DecryptTokenWithKey(supplemental_user_key_.get(),
         CrosLibrary::Get()->GetCryptohomeLibrary()->GetSystemSalt(),
         encrypted_token_hex);
+#endif
   }
 
   // net::CertDatabase::Observer implementation. Observer added on UI thread.
   virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE {
     CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   }
 
   virtual void OnCertAdded(const net::X509Certificate* cert) OVERRIDE {
     CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     // Only load certificates if we have completed an initial request.
@@ skipping 355 matching lines @@
     net::X509Certificate* cert = GetCertificateAt(index);
     net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle();
     std::string id = x509_certificate_model::GetPkcs11Id(cert_handle);
     if (id == pkcs11_id)
       return index;
   }
   return -1;  // Not found.
 }
 
 }  // chromeos