Add support to GCMKeyStore for multiple keys per app_id

components/gcm_driver/crypto/gcm_encryption_provider.h

Index: components/gcm_driver/crypto/gcm_encryption_provider.h
diff --git a/components/gcm_driver/crypto/gcm_encryption_provider.h b/components/gcm_driver/crypto/gcm_encryption_provider.h
index 1b90f87220b57d8592d0447a0831d847c0c95de6..8e997a5a4804d92b96030b9edb4d34bbf83acc88 100644
--- a/components/gcm_driver/crypto/gcm_encryption_provider.h
+++ b/components/gcm_driver/crypto/gcm_encryption_provider.h
@@ -82,13 +82,20 @@ class GCMEncryptionProvider {
       const scoped_refptr<base::SequencedTaskRunner>& blocking_task_runner);
 
   // Retrieves the public key and authentication secret associated with the
-  // |app_id|. If none have been associated yet, they will be created.
+  // |app_id| + authorized entity pair. Will create this info if necessary.
+  // |instance_id_authorized_entity|: pass InstanceID token's authorized_entity
+  //                                  or "" for legacy GCM registrations.

[Peter Beverloo, 2016/05/09 14:10:09]

nit: I would like to find a better way of phrasing for "legacy GCM
registrations" throughout this CL, because it is a concept that will continue to
be supported and we have no concrete plans to deprecate.

Sprinkling the term "legacy" over the code-base makes it feel dated,
unmaintained, for no good reason. We can do better :-).

A few ideas:
- "non-InstanceID registrations"
- "v3 registrations" (without acknowledging the server-side Web Push exceptions)

[Peter Beverloo, 2016/05/09 14:10:09]

nit: Here and elsewhere, please be consistent with the existing code in how you
document the new parameter— convention in the component is to describe them
using a brief sentence.

[johnme, 2016/05/09 18:15:54]

Done ("non-InstanceID", since the v3/v4 split requires historical context that's
not documented in the code).

[johnme, 2016/05/09 18:15:54]

Done.

   void GetEncryptionInfo(const std::string& app_id,
+                         const std::string& instance_id_authorized_entity,

[Peter Beverloo, 2016/05/09 14:10:09]

nit: s/instance_id_authorized_entity/authorized_entity/g

The latter is an established concept that is understood in scope of this
component. There's no need for the additional verbosity, and this would reduce
wrapping in a number of places.

[johnme, 2016/05/09 18:15:54]

Done (thank goodness for git cl format!).

                          const EncryptionInfoCallback& callback);
 
-  // Removes all encryption information associated with the |app_id|. Will
-  // invoke the |callback| when this has finished.
+  // Removes all encryption information associated with the |app_id| +
+  // authorized entity pair, then invokes |callback|.
+  // |instance_id_authorized_entity|: pass InstanceID token's authorized_entity
+  //                                  or "*" to remove for all InstanceID tokens
+  //                                  or "" for legacy GCM registrations.
   void RemoveEncryptionInfo(const std::string& app_id,
+                            const std::string& instance_id_authorized_entity,
                             const base::Closure& callback);
 
   // Determines whether |message| contains encrypted content.
@@ -103,9 +110,14 @@ class GCMEncryptionProvider {
                       const MessageCallback& callback);
 
  private:
-  FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest, EncryptionRoundTrip);
+  friend class GCMEncryptionProviderTest;
+  FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
+                           EncryptionRoundTripGCMRegistration);
+  FRIEND_TEST_ALL_PREFIXES(GCMEncryptionProviderTest,
+                           EncryptionRoundTripInstanceIDToken);
 
   void DidGetEncryptionInfo(const std::string& app_id,
+                            const std::string& instance_id_authorized_entity,
                             const EncryptionInfoCallback& callback,
                             const KeyPair& pair,
                             const std::string& auth_secret);