| Index: chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
|
| diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
|
| index 04e1f324cbbd4c9b2e664bfcb36adca2f1a58fc3..9f8b2fd0b2d6e3a68298c4206c592f09a9c9567f 100644
|
| --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
|
| +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
|
| @@ -16,6 +16,7 @@
|
| #include "chrome/browser/chromeos/attestation/attestation_ca_client.h"
|
| #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
|
| #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
|
| +#include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| #include "chrome/browser/chromeos/settings/cros_settings.h"
|
| #include "chrome/browser/profiles/profile.h"
|
| #include "chrome/browser/signin/signin_manager_factory.h"
|
| @@ -24,6 +25,7 @@
|
| #include "chromeos/attestation/attestation_constants.h"
|
| #include "chromeos/attestation/attestation_flow.h"
|
| #include "chromeos/cryptohome/async_method_caller.h"
|
| +#include "chromeos/cryptohome/cryptohome_parameters.h"
|
| #include "chromeos/dbus/cryptohome_client.h"
|
| #include "chromeos/dbus/dbus_method_call_status.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| @@ -32,6 +34,7 @@
|
| #include "components/prefs/pref_service.h"
|
| #include "components/signin/core/account_id/account_id.h"
|
| #include "components/signin/core/browser/signin_manager.h"
|
| +#include "components/user_manager/known_user.h"
|
| #include "components/user_manager/user.h"
|
| #include "components/user_manager/user_manager.h"
|
| #include "google_apis/gaia/gaia_auth_util.h"
|
| @@ -58,18 +61,17 @@ const char EPKPChallengeKeyBase::kUserNotManaged[] =
|
|
|
| EPKPChallengeKeyBase::PrepareKeyContext::PrepareKeyContext(
|
| chromeos::attestation::AttestationKeyType key_type,
|
| - const std::string& user_id,
|
| + const AccountId& account_id,
|
| const std::string& key_name,
|
| chromeos::attestation::AttestationCertificateProfile certificate_profile,
|
| bool require_user_consent,
|
| const base::Callback<void(PrepareKeyResult)>& callback)
|
| : key_type(key_type),
|
| - user_id(user_id),
|
| + account_id(account_id),
|
| key_name(key_name),
|
| certificate_profile(certificate_profile),
|
| require_user_consent(require_user_consent),
|
| - callback(callback) {
|
| -}
|
| + callback(callback) {}
|
|
|
| EPKPChallengeKeyBase::PrepareKeyContext::~PrepareKeyContext() {
|
| }
|
| @@ -140,16 +142,15 @@ bool EPKPChallengeKeyBase::IsExtensionWhitelisted() const {
|
| return list->Find(value) != list->end();
|
| }
|
|
|
| -bool EPKPChallengeKeyBase::IsUserManaged() const {
|
| - std::string email = GetUserEmail();
|
| -
|
| - if (email.empty()) {
|
| - return false;
|
| - }
|
| +AccountId EPKPChallengeKeyBase::GetAccountId() const {
|
| + return chromeos::ProfileHelper::Get()
|
| + ->GetUserByProfile(GetProfile())
|
| + ->GetAccountId();
|
| +}
|
|
|
| +bool EPKPChallengeKeyBase::IsUserManaged() const {
|
| const user_manager::User* const user =
|
| - user_manager::UserManager::Get()->FindUser(
|
| - AccountId::FromUserEmail(email));
|
| + user_manager::UserManager::Get()->FindUser(GetAccountId());
|
|
|
| if (user) {
|
| return user->is_affiliated();
|
| @@ -163,13 +164,7 @@ std::string EPKPChallengeKeyBase::GetEnterpriseDomain() const {
|
| }
|
|
|
| std::string EPKPChallengeKeyBase::GetUserEmail() const {
|
| - SigninManagerBase* signin_manager =
|
| - SigninManagerFactory::GetForProfile(GetProfile());
|
| - if (!signin_manager)
|
| - return std::string();
|
| -
|
| - return gaia::CanonicalizeEmail(
|
| - signin_manager->GetAuthenticatedAccountInfo().email);
|
| + return GetAccountId().GetUserEmail();
|
| }
|
|
|
| std::string EPKPChallengeKeyBase::GetDeviceId() const {
|
| @@ -178,17 +173,14 @@ std::string EPKPChallengeKeyBase::GetDeviceId() const {
|
|
|
| void EPKPChallengeKeyBase::PrepareKey(
|
| chromeos::attestation::AttestationKeyType key_type,
|
| - const std::string& user_id,
|
| + const AccountId& account_id,
|
| const std::string& key_name,
|
| chromeos::attestation::AttestationCertificateProfile certificate_profile,
|
| bool require_user_consent,
|
| const base::Callback<void(PrepareKeyResult)>& callback) {
|
| - const PrepareKeyContext context = PrepareKeyContext(key_type,
|
| - user_id,
|
| - key_name,
|
| - certificate_profile,
|
| - require_user_consent,
|
| - callback);
|
| + const PrepareKeyContext context =
|
| + PrepareKeyContext(key_type, account_id, key_name, certificate_profile,
|
| + require_user_consent, callback);
|
| cryptohome_client_->TpmAttestationIsPrepared(base::Bind(
|
| &EPKPChallengeKeyBase::IsAttestationPreparedCallback, this, context));
|
| }
|
| @@ -207,8 +199,9 @@ void EPKPChallengeKeyBase::IsAttestationPreparedCallback(
|
| }
|
| // Attestation is available, see if the key we need already exists.
|
| cryptohome_client_->TpmAttestationDoesKeyExist(
|
| - context.key_type, context.user_id, context.key_name, base::Bind(
|
| - &EPKPChallengeKeyBase::DoesKeyExistCallback, this, context));
|
| + context.key_type, cryptohome::Identification(context.account_id),
|
| + context.key_name,
|
| + base::Bind(&EPKPChallengeKeyBase::DoesKeyExistCallback, this, context));
|
| }
|
|
|
| void EPKPChallengeKeyBase::DoesKeyExistCallback(
|
| @@ -256,10 +249,9 @@ void EPKPChallengeKeyBase::AskForUserConsentCallback(
|
|
|
| // Generate a new key and have it signed by PCA.
|
| attestation_flow_->GetCertificate(
|
| - context.certificate_profile,
|
| - context.user_id,
|
| + context.certificate_profile, context.account_id,
|
| std::string(), // Not used.
|
| - true, // Force a new key to be generated.
|
| + true, // Force a new key to be generated.
|
| base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, this,
|
| context.callback));
|
| }
|
| @@ -348,7 +340,7 @@ void EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback(
|
| }
|
|
|
| PrepareKey(chromeos::attestation::KEY_DEVICE,
|
| - std::string(), // Not used.
|
| + EmptyAccountId(), // Not used.
|
| kKeyName,
|
| chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE,
|
| false, // user consent is not required.
|
| @@ -367,12 +359,9 @@ void EPKPChallengeMachineKey::PrepareKeyCallback(
|
| // Everything is checked. Sign the challenge.
|
| async_caller_->TpmAttestationSignEnterpriseChallenge(
|
| chromeos::attestation::KEY_DEVICE,
|
| - std::string(), // Not used.
|
| - kKeyName,
|
| - GetEnterpriseDomain(),
|
| - GetDeviceId(),
|
| - chromeos::attestation::CHALLENGE_OPTION_NONE,
|
| - challenge,
|
| + cryptohome::Identification(), // Not used.
|
| + kKeyName, GetEnterpriseDomain(), GetDeviceId(),
|
| + chromeos::attestation::CHALLENGE_OPTION_NONE, challenge,
|
| base::Bind(&EPKPChallengeMachineKey::SignChallengeCallback, this));
|
| }
|
|
|
| @@ -486,9 +475,7 @@ void EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback(
|
| return;
|
| }
|
|
|
| - PrepareKey(chromeos::attestation::KEY_USER,
|
| - GetUserEmail(),
|
| - kKeyName,
|
| + PrepareKey(chromeos::attestation::KEY_USER, GetAccountId(), kKeyName,
|
| chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE,
|
| require_user_consent,
|
| base::Bind(&EPKPChallengeUserKey::PrepareKeyCallback, this,
|
| @@ -507,16 +494,12 @@ void EPKPChallengeUserKey::PrepareKeyCallback(const std::string& challenge,
|
| // Everything is checked. Sign the challenge.
|
| async_caller_->TpmAttestationSignEnterpriseChallenge(
|
| chromeos::attestation::KEY_USER,
|
| - GetUserEmail(),
|
| - kKeyName,
|
| - GetUserEmail(),
|
| + cryptohome::Identification(GetAccountId()), kKeyName, GetUserEmail(),
|
| GetDeviceId(),
|
| - register_key ?
|
| - chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY :
|
| - chromeos::attestation::CHALLENGE_OPTION_NONE,
|
| - challenge,
|
| - base::Bind(&EPKPChallengeUserKey::SignChallengeCallback, this,
|
| - register_key));
|
| + register_key ? chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY
|
| + : chromeos::attestation::CHALLENGE_OPTION_NONE,
|
| + challenge, base::Bind(&EPKPChallengeUserKey::SignChallengeCallback, this,
|
| + register_key));
|
| }
|
|
|
| void EPKPChallengeUserKey::SignChallengeCallback(bool register_key,
|
| @@ -531,8 +514,7 @@ void EPKPChallengeUserKey::SignChallengeCallback(bool register_key,
|
| if (register_key) {
|
| async_caller_->TpmAttestationRegisterKey(
|
| chromeos::attestation::KEY_USER,
|
| - GetUserEmail(),
|
| - kKeyName,
|
| + cryptohome::Identification(GetAccountId()), kKeyName,
|
| base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, this, response));
|
| } else {
|
| RegisterKeyCallback(response, true, cryptohome::MOUNT_ERROR_NONE);
|
|
|
Chromium Code Reviews
Issue 1693383003:
ChromeOS cryptohome should be able to use gaia id as user identifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master