Add support to GCMKeyStore for multiple keys per app_id

components/gcm_driver/crypto/gcm_encryption_provider.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_
 #define COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_
 
 #include <stdint.h>
 
 #include <memory>
@@ skipping 64 matching lines @@
   ~GCMEncryptionProvider();
 
   // Initializes the encryption provider with the |store_path| and the
   // |blocking_task_runner|. Done separately from the constructor in order to
   // avoid needing a blocking task runner for anything using GCMDriver.
   void Init(
       const base::FilePath& store_path,
       const scoped_refptr<base::SequencedTaskRunner>& blocking_task_runner);
 
   // Retrieves the public key and authentication secret associated with the
-  // |app_id|. If none have been associated yet, they will be created.
+  // |app_id| + authorized entity pair. Will create this info if necessary.
+  // |instance_id_authorized_entity|: pass InstanceID token's authorized_entity
+  //                                  or "" for legacy GCM registrations.

[Peter Beverloo, 2016/05/09 14:10:09]

nit: I would like to find a better way of phrasing for "legacy GCM
registrations" throughout this CL, because it is a concept that will continue to
be supported and we have no concrete plans to deprecate.

Sprinkling the term "legacy" over the code-base makes it feel dated,
unmaintained, for no good reason. We can do better :-).

A few ideas:
- "non-InstanceID registrations"
- "v3 registrations" (without acknowledging the server-side Web Push exceptions)

[Peter Beverloo, 2016/05/09 14:10:09]

nit: Here and elsewhere, please be consistent with the existing code in how you
document the new parameter— convention in the component is to describe them
using a brief sentence.

[johnme, 2016/05/09 18:15:54]

Done ("non-InstanceID", since the v3/v4 split requires historical context that's
not documented in the code).

[johnme, 2016/05/09 18:15:54]

Done.

   void GetEncryptionInfo(const std::string& app_id,
+                         const std::string& instance_id_authorized_entity,

[Peter Beverloo, 2016/05/09 14:10:09]

nit: s/instance_id_authorized_entity/authorized_entity/g

The latter is an established concept that is understood in scope of this
component. There's no need for the additional verbosity, and this would reduce
wrapping in a number of places.

[johnme, 2016/05/09 18:15:54]

Done (thank goodness for git cl format!).

                          const EncryptionInfoCallback& callback);
 
-  // Removes all encryption information associated with the |app_id|. Will
-  // invoke the |callback| when this has finished.
+  // Removes all encryption information associated with the |app_id| +
+  // authorized entity pair, then invokes |callback|.
+  // |instance_id_authorized_entity|: pass InstanceID token's authorized_entity
+  //                                  or "*" to remove for all InstanceID tokens
+  //                                  or "" for legacy GCM registrations.
   void RemoveEncryptionInfo(const std::string& app_id,
+                            const std::string& instance_id_authorized_entity,
                             const base::Closure& callback);
 
   // Determines whether |message| contains encrypted content.
   bool IsEncryptedMessage(const IncomingMessage& message) const;
 
   // Attempts to decrypt the |message|. If the |message| is not encrypted, the
   // |callback| will be invoked immediately. Otherwise |callback| will be called
   // asynchronously when |message| has been decrypted. A dispatchable message
   // will be used in case of success, an empty message in case of failure.
   void DecryptMessage(const std::string& app_id,
                       const IncomingMessage& message,
                       const MessageCallback& callback);
 
  private:
-  FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest, EncryptionRoundTrip);
+  friend class GCMEncryptionProviderTest;
+  FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
+                           EncryptionRoundTripGCMRegistration);
+  FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
+                           EncryptionRoundTripInstanceIDToken);
 
   void DidGetEncryptionInfo(const std::string& app_id,
+                            const std::string& instance_id_authorized_entity,
                             const EncryptionInfoCallback& callback,
                             const KeyPair& pair,
                             const std::string& auth_secret);
 
   void DidCreateEncryptionInfo(const EncryptionInfoCallback& callback,
                                const KeyPair& pair,
                                const std::string& auth_secret);
 
   void DecryptMessageWithKey(const IncomingMessage& message,
                              const MessageCallback& callback,
                              const std::string& salt,
                              const std::string& dh,
                              uint64_t rs,
                              const KeyPair& pair,
                              const std::string& auth_secret);
 
   std::unique_ptr<GCMKeyStore> key_store_;
 
   base::WeakPtrFactory<GCMEncryptionProvider> weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(GCMEncryptionProvider);
 };
 
 }  // namespace gcm
 
 #endif  // COMPONENTS_GCM_DRIVER_CRYPTO_GCM_ENCRYPTION_PROVIDER_H_