We should use UserID object to identify users instead of username.

chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_EASY_UNLOCK_EASY_UNLOCK_TPM_KEY_MANAGER_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_EASY_UNLOCK_EASY_UNLOCK_TPM_KEY_MANAGER_H_
 
 #include <string>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "components/keyed_service/core/keyed_service.h"
+#include "components/user_manager/user_id.h"
 #include "crypto/scoped_nss_types.h"
 
 class PrefRegistrySimple;
 class PrefService;
 
+namespace user_manager {
+class UserID;
+}
+
 // Manages per user RSA keys stored in system TPM slot used in easy signin
 // protocol. The keys are used to sign a nonce exchanged during signin.
 class EasyUnlockTpmKeyManager : public KeyedService {
  public:
   // Registers local state prefs used to store public RSA keys per user.
   static void RegisterLocalStatePrefs(PrefRegistrySimple* registry);
 
   // Clears local state for user. Should be called when a user is removed.
-  static void ResetLocalStateForUser(const std::string& user_id);
+  static void ResetLocalStateForUser(const user_manager::UserID& user_id);
 
   // |user_id|: Id for the user associated with the service. Empty for sign-in
   //     service.
   // |username_hash|: Username hash for the user associated with the service.
   //     Empty for sign-in service.
   // |local_state|: The local state prefs.
-  EasyUnlockTpmKeyManager(const std::string& user_id,
+  EasyUnlockTpmKeyManager(const user_manager::UserID& user_id,
                           const std::string& username_hash,
                           PrefService* local_state);
   ~EasyUnlockTpmKeyManager() override;
 
   // Checks if the RSA public key is set in the local state. If not, creates
   // one. If the key presence can be confirmed, immediately returns true and
   // |callback| never gets called, otherwise returns false (callback is called
   // when the key presence is confirmed).
   // Must not be called for signin profile.
   // |check_private_key|: If public RSA key is set in the local state, whether
@@ skipping 11 matching lines @@
                      const base::Closure& callback);
 
   // If called, posts a delayed task that cancels |PrepareTpmKey| and all other
   // started timeouts in case getting system slot takes more than |timeout_ms|.
   // In the case getting system slot times out, |PrepareTpmKey| callback will
   // be called with an empty public key.
   // Must be called after |PrepareTpmKey| to have the intended effect.
   bool StartGetSystemSlotTimeoutMs(size_t timeout_ms);
 
   // Gets the public RSA key for user. The key is retrieved from local state.
-  std::string GetPublicTpmKey(const std::string& user_id);
+  std::string GetPublicTpmKey(const user_manager::UserID& user_id);
 
   // Signs |data| using private RSA key associated with |user_id| stored in TPM
   // system slot.
   void SignUsingTpmKey(
-      const std::string& user_id,
+      const user_manager::UserID& user_id,
       const std::string& data,
       const base::Callback<void(const std::string& data)> callback);
 
   bool StartedCreatingTpmKeys() const;
 
  private:
   enum CreateTpmKeyState {
     CREATE_TPM_KEY_NOT_STARTED,
     CREATE_TPM_KEY_WAITING_FOR_USER_SLOT,
     CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT,
     CREATE_TPM_KEY_GOT_SYSTEM_SLOT,
     CREATE_TPM_KEY_DONE
   };
 
   // Utility method for setting public key values in local state.
   // Note that the keys are saved base64 encoded.
-  void SetKeyInLocalState(const std::string& user_id,
+  void SetKeyInLocalState(const user_manager::UserID& user_id,
                           const std::string& value);
 
   // Called when TPM system slot is initialized and ready to be used.
   // It creates RSA key pair for the user in the system slot.
   // When the key pair is created, |OnTpmKeyCreated| will be called with the
   // created public key.
   // The key will not be created if |public_key| is non-empty and the associated
   // private key can be found in the slot. Instead |OnTpmKeyCreated| will be
   // called with |public_key|.
   void CreateKeyInSystemSlot(const std::string& public_key,
@@ skipping 21 matching lines @@
   // |PrepareTpmKey| callbacks.
   void OnTpmKeyCreated(const std::string& public_key);
 
   // Called when data signing requested in |SignUsingTpmKey| is done.
   // It runs |callback| with the created |signature|. On error the callback will
   // be run with an empty string.
   void OnDataSigned(
       const base::Callback<void(const std::string&)>& callback,
       const std::string& signature);
 
-  std::string user_id_;
+  user_manager::UserID user_id_;
   std::string username_hash_;
 
   PrefService* local_state_;
 
   // The current TPM key creation state. If key creation is in progress,
   // callbacks for further |PrepareTpmKey| will be queued up and run when the
   // key is created. All queued callbacks will be run with the same key value.
   CreateTpmKeyState create_tpm_key_state_;
 
   // Queued up |PrepareTpmKey| callbacks.
   std::vector<base::Closure> prepare_tpm_key_callbacks_;
 
   base::WeakPtrFactory<EasyUnlockTpmKeyManager> get_tpm_slot_weak_ptr_factory_;
   base::WeakPtrFactory<EasyUnlockTpmKeyManager> weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(EasyUnlockTpmKeyManager);
 };
 
 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_EASY_UNLOCK_EASY_UNLOCK_TPM_KEY_MANAGER_H_