Added multi-profile support for attestation on chromeos.

chrome/browser/chromeos/attestation/platform_verification_flow.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "platform_verification_flow.h"
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/prefs/pref_service.h"
 #include "chrome/browser/chromeos/attestation/attestation_ca_client.h"
 #include "chrome/browser/chromeos/attestation/attestation_signed_data.pb.h"
 #include "chrome/browser/chromeos/attestation/platform_verification_dialog.h"
+#include "chrome/browser/chromeos/login/user.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/attestation/attestation_flow.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/system/statistics_provider.h"
 #include "components/user_prefs/pref_registry_syncable.h"
 #include "components/user_prefs/user_prefs.h"
+#include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/browser/web_contents.h"
 
 namespace {
 // A switch which allows consent to be given on the command line.
 // TODO(dkrahn): Remove this when UI has been implemented (crbug.com/270908).
 const char kAutoApproveSwitch[] =
     "auto-approve-platform-verification-consent-prompts";
 
@@ skipping 197 matching lines @@
       ReportError(callback, USER_REJECTED);
       return;
     } else if (consent_response == CONSENT_RESPONSE_ALLOW) {
       content::RecordAction(
           content::UserMetricsAction("PlatformVerificationAccepted"));
     }
   }
 
   // At this point all user interaction is complete and we can proceed with the
   // certificate request.
+  chromeos::User* user = GetUser(web_contents);
+  if (!user) {
+    ReportError(callback, INTERNAL_ERROR);
+    LOG(ERROR) << "Profile does not map to a valid user.";
+    return;
+  }
   AttestationFlow::CertificateCallback certificate_callback = base::Bind(
       &PlatformVerificationFlow::OnCertificateReady,
       weak_factory_.GetWeakPtr(),
+      user->email(),
       service_id,
       challenge,
       callback);
   attestation_flow_->GetCertificate(
       PROFILE_CONTENT_PROTECTION_CERTIFICATE,
-      user_manager_->GetActiveUser()->email(),
+      user->email(),
       service_id,
       false,  // Don't force a new key.
       certificate_callback);
 }
 
 void PlatformVerificationFlow::OnCertificateReady(
+    const std::string& user_id,
     const std::string& service_id,
     const std::string& challenge,
     const ChallengeCallback& callback,
     bool operation_success,
     const std::string& certificate) {
   if (!operation_success) {
     LOG(WARNING) << "PlatformVerificationFlow: Failed to certify platform.";
     ReportError(callback, PLATFORM_NOT_VERIFIED);
     return;
   }
   cryptohome::AsyncMethodCaller::DataCallback cryptohome_callback = base::Bind(
       &PlatformVerificationFlow::OnChallengeReady,
       weak_factory_.GetWeakPtr(),
       certificate,
       challenge,
       callback);
   std::string key_name = kContentProtectionKeyPrefix;
   key_name += service_id;
   async_caller_->TpmAttestationSignSimpleChallenge(KEY_USER,
+                                                   user_id,
                                                    key_name,
                                                    challenge,
                                                    cryptohome_callback);
 }
 
 void PlatformVerificationFlow::OnChallengeReady(
     const std::string& certificate,
     const std::string& challenge,
     const ChallengeCallback& callback,
     bool operation_success,
@@ skipping 23 matching lines @@
   return user_prefs::UserPrefs::Get(web_contents->GetBrowserContext());
 }
 
 const GURL& PlatformVerificationFlow::GetURL(
     content::WebContents* web_contents) {
   if (!testing_url_.is_empty())
     return testing_url_;
   return web_contents->GetLastCommittedURL();
 }
 
+User* PlatformVerificationFlow::GetUser(content::WebContents* web_contents) {
+  if (!web_contents)
+    return user_manager_->GetActiveUser();
+  return user_manager_->GetUserByProfile(
+      Profile::FromBrowserContext(web_contents->GetBrowserContext()));
+}
+
 bool PlatformVerificationFlow::IsAttestationEnabled(
     content::WebContents* web_contents) {
   // Check the device policy for the feature.
   bool enabled_for_device = false;
   if (!CrosSettings::Get()->GetBoolean(kAttestationForContentProtectionEnabled,
                                        &enabled_for_device)) {
     LOG(ERROR) << "Failed to get device setting.";
     return false;
   }
   if (!enabled_for_device)
@@ skipping 93 matching lines @@
     bool allow_domain) {
   PrefService* pref_service = GetPrefs(web_contents);
   CHECK(pref_service);
   DictionaryPrefUpdate updater(pref_service, prefs::kRAConsentDomains);
   const GURL& url = GetURL(web_contents);
   updater->SetBoolean(url.host(), allow_domain);
 }
 
 }  // namespace attestation
 }  // namespace chromeos