ChromeOS cryptohome should be able to use gaia id as user identifier.

chromeos/dbus/cryptohome_client.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
 
 #include <stdint.h>
 
 #include <string>
@@ skipping 11 matching lines @@
 class AccountIdentifier;
 class AddKeyRequest;
 class AuthorizationRequest;
 class BaseReply;
 class CheckKeyRequest;
 class FlushAndSignBootAttributesRequest;
 class GetBootAttributeRequest;
 class GetKeyDataRequest;
 class MountRequest;
 class RemoveKeyRequest;
+class RenameRequest;
 class SetBootAttributeRequest;
 class UpdateKeyRequest;
 
 } // namespace cryptohome
 
 namespace chromeos {
 
 // CryptohomeClient is used to communicate with the Cryptohome service.
 // All method should be called from the origin thread (UI thread) which
 // initializes the DBusThreadManager instance.
@@ skipping 88 matching lines @@
   virtual void AsyncMigrateKey(const std::string& username,
                                const std::string& from_key,
                                const std::string& to_key,
                                const AsyncMethodCallback& callback) = 0;
 
   // Calls AsyncRemove method.  |callback| is called after the method call
   // succeeds.
   virtual void AsyncRemove(const std::string& username,
                            const AsyncMethodCallback& callback) = 0;
 
+  // Calls RenameCryptohome method. |callback| is called after the method
+  // call succeeds.
+  virtual void RenameCryptohome(const cryptohome::AccountIdentifier& id_from,
+                                const cryptohome::AccountIdentifier& id_to,
+                                const ProtobufMethodCallback& callback) = 0;
+
   // Calls GetSystemSalt method.  |callback| is called after the method call
   // succeeds.
   virtual void GetSystemSalt(const GetSystemSaltCallback& callback) = 0;
 
   // Calls GetSanitizedUsername method.  |callback| is called after the method
   // call succeeds.
   virtual void GetSanitizedUsername(
       const std::string& username,
       const StringDBusMethodCallback& callback) = 0;
 
@@ skipping 84 matching lines @@
       const BoolDBusMethodCallback& callback) = 0;
 
   // Calls Pkcs11GetTpmTokenInfo method.  This method is deprecated, you should
   // use Pkcs11GetTpmTokenInfoForUser instead.  On success |callback| will
   // receive PKCS #11 token information for the token associated with the user
   // who originally signed in (i.e. PKCS #11 slot 0).
   virtual void Pkcs11GetTpmTokenInfo(
       const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
 
   // Calls Pkcs11GetTpmTokenInfoForUser method.  On success |callback| will
-  // receive PKCS #11 token information for the user identified by |user_email|.
-  // The |user_email| must be a canonical email address as returned by
-  // user_manager::User::email().
+  // receive PKCS #11 token information for the user identified by |user_id|.
+  // The |user_id| must be a valid cryptohome user id.

[Darren Krahn, 2016/02/17 20:48:05]

Please clarify what is a 'valid cryptohome user id'. Maybe add 'as created by
cryptohome::Identification'? (more below)

[Alexander Alekseev, 2016/02/18 13:45:15]

This is now replaced with cryptohome::Identification itself.

   virtual void Pkcs11GetTpmTokenInfoForUser(
-      const std::string& user_email,
+      const std::string& user_id,
       const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
 
   // Calls InstallAttributesGet method and returns true when the call succeeds.
   // This method blocks until the call returns.
   // The original content of |value| is lost.
   virtual bool InstallAttributesGet(const std::string& name,
                                     std::vector<uint8_t>* value,
                                     bool* successful) = 0;
 
   // Calls InstallAttributesSet method and returns true when the call succeeds.
@@ skipping 66 matching lines @@
       const AsyncMethodCallback& callback) = 0;
 
   // Asynchronously finishes a certificate request operation.  The callback will
   // be called when the dbus call completes.  When the operation completes, the
   // AsyncCallStatusWithDataHandler signal handler is called.  The data that is
   // sent with the signal is a certificate chain in PEM format.  |pca_response|
   // is the response to the certificate request emitted by the Privacy CA.
   // |key_type| determines whether the certified key is to be associated with
   // the current user.  |key_name| is a name for the key.  If |key_type| is
   // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
-  // For normal GAIA users the |user_id| is a canonical email address.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void AsyncTpmAttestationFinishCertRequest(
       const std::string& pca_response,
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const AsyncMethodCallback& callback) = 0;
 
   // Checks if an attestation key already exists.  If the key specified by
   // |key_type| and |key_name| exists, then the result sent to the callback will
   // be true.  If |key_type| is KEY_USER, a |user_id| must be provided.
-  // Otherwise |user_id| is ignored.  For normal GAIA users the |user_id| is a
-  // canonical email address.
+  // Otherwise |user_id| is ignored.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationDoesKeyExist(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const BoolDBusMethodCallback& callback) = 0;
 
   // Gets the attestation certificate for the key specified by |key_type| and
   // |key_name|.  |callback| will be called when the operation completes.  If
   // the key does not exist the callback |result| parameter will be false.  If
   // |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise |user_id|
-  // is ignored.  For normal GAIA users the |user_id| is a canonical email
-  // address.
+  // is ignored.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationGetCertificate(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const DataMethodCallback& callback) = 0;
 
   // Gets the public key for the key specified by |key_type| and |key_name|.
   // |callback| will be called when the operation completes.  If the key does
   // not exist the callback |result| parameter will be false.  If |key_type| is
   // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
-  // For normal GAIA users the |user_id| is a canonical email address.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationGetPublicKey(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const DataMethodCallback& callback) = 0;
 
   // Asynchronously registers an attestation key with the current user's
   // PKCS #11 token.  The |callback| will be called when the dbus call
   // completes.  When the operation completes, the AsyncCallStatusHandler signal
   // handler is called.  |key_type| and |key_name| specify the key to register.
   // If |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise
-  // |user_id| is ignored.  For normal GAIA users the |user_id| is a canonical
-  // email address.
+  // |user_id| is ignored.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationRegisterKey(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const AsyncMethodCallback& callback) = 0;
 
   // Asynchronously signs an enterprise challenge with the key specified by
   // |key_type| and |key_name|.  |domain| and |device_id| will be included in
   // the challenge response.  |options| control how the challenge response is
   // generated.  |challenge| must be a valid enterprise attestation challenge.
   // The |callback| will be called when the dbus call completes.  When the
   // operation completes, the AsyncCallStatusWithDataHandler signal handler is
   // called.  If |key_type| is KEY_USER, a |user_id| must be provided.
-  // Otherwise |user_id| is ignored.  For normal GAIA users the |user_id| is a
-  // canonical email address.
+  // Otherwise |user_id| is ignored.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationSignEnterpriseChallenge(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const std::string& domain,
       const std::string& device_id,
       attestation::AttestationChallengeOptions options,
       const std::string& challenge,
       const AsyncMethodCallback& callback) = 0;
 
   // Asynchronously signs a simple challenge with the key specified by
   // |key_type| and |key_name|.  |challenge| can be any set of arbitrary bytes.
   // A nonce will be appended to the challenge before signing; this method
   // cannot be used to sign arbitrary data.  The |callback| will be called when
   // the dbus call completes.  When the operation completes, the
   // AsyncCallStatusWithDataHandler signal handler is called.  If |key_type| is
   // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
-  // For normal GAIA users the |user_id| is a canonical email address.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationSignSimpleChallenge(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const std::string& challenge,
       const AsyncMethodCallback& callback) = 0;
 
   // Gets the payload associated with the key specified by |key_type| and
   // |key_name|.  The |callback| will be called when the operation completes.
   // If the key does not exist the callback |result| parameter will be false.
   // If no payload has been set for the key the callback |result| parameter will
   // be true and the |data| parameter will be empty.  If |key_type| is
   // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
-  // For normal GAIA users the |user_id| is a canonical email address.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationGetKeyPayload(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const DataMethodCallback& callback) = 0;
 
   // Sets the |payload| associated with the key specified by |key_type| and
   // |key_name|.  The |callback| will be called when the operation completes.
   // If the operation succeeds, the callback |result| parameter will be true.
   // If |key_type| is KEY_USER, a |user_id| must be provided.  Otherwise
-  // |user_id| is ignored.  For normal GAIA users the |user_id| is a canonical
-  // email address.
+  // |user_id| is ignored.
+  // The |user_id| must be a valid cryptohome user id.
   virtual void TpmAttestationSetKeyPayload(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_name,
       const std::string& payload,
       const BoolDBusMethodCallback& callback) = 0;
 
   // Deletes certified keys as specified by |key_type| and |key_prefix|.  The
   // |callback| will be called when the operation completes.  If the operation
   // succeeds, the callback |result| parameter will be true.  If |key_type| is
   // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
-  // For normal GAIA users the |user_id| is a canonical email address.  All keys
+  // The |user_id| must be a valid cryptohome user id.  All keys
   // where the key name has a prefix matching |key_prefix| will be deleted.  All
   // meta-data associated with the key, including certificates, will also be
   // deleted.
   virtual void TpmAttestationDeleteKeys(
       attestation::AttestationKeyType key_type,
       const std::string& user_id,
       const std::string& key_prefix,
       const BoolDBusMethodCallback& callback) = 0;
 
   // Asynchronously calls the GetKeyDataEx method. |callback| will be invoked
@@ skipping 83 matching lines @@
   // Create() should be used instead.
   CryptohomeClient();
 
  private:
   DISALLOW_COPY_AND_ASSIGN(CryptohomeClient);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_