ChromeOS cryptohome should be able to use gaia id as user identifier.

chromeos/attestation/attestation_flow.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
 #define CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_
 
 #include <string>
 
 #include "base/callback_forward.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "chromeos/attestation/attestation_constants.h"
 #include "chromeos/chromeos_export.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
+class AccountId;
+
 namespace cryptohome {
 
 class AsyncMethodCaller;
 
 }  // namespace cryptohome
 
 namespace chromeos {
 
 class CryptohomeClient;
 
@@ skipping 33 matching lines @@
 
   // Gets an attestation certificate for a hardware-protected key.  If a key for
   // the given profile does not exist, it will be generated and a certificate
   // request will be made to the Chrome OS Privacy CA to issue a certificate for
   // the key.  If the key already exists and |force_new_key| is false, the
   // existing certificate is returned.
   //
   // Parameters
   //   certificate_profile - Specifies what kind of certificate should be
   //                         requested from the CA.
-  //   user_id - Identifies the currently active user.  For normal GAIA users
-  //             this is a canonical email address.  This is ignored when using
-  //             the enterprise machine cert profile.
+  //   account_id - Identifies the currently active user. This is ignored when
+  //                using the enterprise machine cert profile.
   //   request_origin - For content protection profiles, certificate requests
   //                    are origin-specific.  This string must uniquely identify
   //                    the origin of the request.
   //   force_new_key - If set to true, a new key will be generated even if a key
   //                   already exists for the profile.  The new key will replace
   //                   the existing key on success.
   //   callback - A callback which will be called when the operation completes.
   //              On success |result| will be true and |data| will contain the
   //              PCA-issued certificate chain in PEM format.
   virtual void GetCertificate(AttestationCertificateProfile certificate_profile,
-                              const std::string& user_id,
+                              const AccountId& account_id,
                               const std::string& request_origin,
                               bool force_new_key,
                               const CertificateCallback& callback);
 
  private:
   // Asynchronously initiates the attestation enrollment flow.
   //
   // Parameters
   //   on_failure - Called if any failure occurs.
   //   next_task - Called on successful enrollment.
@@ skipping 40 matching lines @@
                         const base::Closure& next_task,
                         bool success,
                         cryptohome::MountError not_used);
 
   // Asynchronously initiates the certificate request flow.  Attestation
   // enrollment must complete successfully before this operation can succeed.
   //
   // Parameters
   //   certificate_profile - Specifies what kind of certificate should be
   //                         requested from the CA.
-  //   user_id - Identifies the active user.
+  //   account_id - Identifies the active user.
   //   request_origin - An identifier for the origin of this request.
   //   generate_new_key - If set to true a new key is generated.
   //   callback - Called when the operation completes.
   void StartCertificateRequest(
       const AttestationCertificateProfile certificate_profile,
-      const std::string& user_id,
+      const AccountId& account_id,
       const std::string& request_origin,
       bool generate_new_key,
       const CertificateCallback& callback);
 
   // Called when the attestation daemon has finished creating a certificate
   // request for the Privacy CA.  The request is asynchronously forwarded as-is
   // to the PCA.
   //
   // Parameters
   //   key_type - The type of the key for which a certificate is requested.
-  //   user_id - Identifies the active user.
+  //   account_id - Identifies the active user.
   //   key_name - The name of the key for which a certificate is requested.
   //   callback - Called when the operation completes.
   //   success - The status of request creation.
   //   data - The request data for the Privacy CA.
   void SendCertificateRequestToPCA(AttestationKeyType key_type,
-                                   const std::string& user_id,
+                                   const AccountId& account_id,
                                    const std::string& key_name,
                                    const CertificateCallback& callback,
                                    bool success,
                                    const std::string& data);
 
   // Called when the Privacy CA responds to a certificate request.  The response
   // is asynchronously forwarded as-is to the attestation daemon in order to
   // complete the operation.
   //
   // Parameters
   //   key_type - The type of the key for which a certificate is requested.
-  //   user_id - Identifies the active user.
+  //   account_id - Identifies the active user.
   //   key_name - The name of the key for which a certificate is requested.
   //   callback - Called when the operation completes.
   //   success - The status of the Privacy CA operation.
   //   data - The response data from the Privacy CA.
   void SendCertificateResponseToDaemon(AttestationKeyType key_type,
-                                       const std::string& user_id,
+                                       const AccountId& account_id,
                                        const std::string& key_name,
                                        const CertificateCallback& callback,
                                        bool success,
                                        const std::string& data);
 
   // Gets an existing certificate from the attestation daemon.
   //
   // Parameters
   //   key_type - The type of the key for which a certificate is requested.
-  //   user_id - Identifies the active user.
+  //   account_id - Identifies the active user.
   //   key_name - The name of the key for which a certificate is requested.
   //   callback - Called when the operation completes.
   void GetExistingCertificate(AttestationKeyType key_type,
-                              const std::string& user_id,
+                              const AccountId& account_id,
                               const std::string& key_name,
                               const CertificateCallback& callback);
 
   cryptohome::AsyncMethodCaller* async_caller_;
   CryptohomeClient* cryptohome_client_;
   scoped_ptr<ServerProxy> server_proxy_;
 
   base::WeakPtrFactory<AttestationFlow> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(AttestationFlow);
 };
 
 }  // namespace attestation
 }  // namespace chromeos
 
 #endif  // CHROMEOS_ATTESTATION_ATTESTATION_FLOW_H_