Index: chrome/browser/chromeos/login/auth/extended_authenticator.cc |
diff --git a/chrome/browser/chromeos/login/auth/extended_authenticator.cc b/chrome/browser/chromeos/login/auth/extended_authenticator.cc |
index 45b5f506f25610982085224d4e62f1f013edb351..5b14d3507ed08e520009f17accf4a295e807b153 100644 |
--- a/chrome/browser/chromeos/login/auth/extended_authenticator.cc |
+++ b/chrome/browser/chromeos/login/auth/extended_authenticator.cc |
@@ -8,8 +8,8 @@ |
#include "base/strings/string_number_conversions.h" |
#include "base/strings/string_util.h" |
#include "chrome/browser/chromeos/boot_times_loader.h" |
+#include "chrome/browser/chromeos/login/auth/key.h" |
#include "chrome/browser/chromeos/login/auth/login_status_consumer.h" |
-#include "chrome/browser/chromeos/login/auth/parallel_authenticator.h" |
#include "chrome/browser/chromeos/login/auth/user_context.h" |
#include "chromeos/cryptohome/async_method_caller.h" |
#include "chromeos/cryptohome/cryptohome_parameters.h" |
@@ -56,48 +56,34 @@ ExtendedAuthenticator::ExtendedAuthenticator(LoginStatusConsumer* consumer) |
base::Bind(&ExtendedAuthenticator::OnSaltObtained, this)); |
} |
-ExtendedAuthenticator::~ExtendedAuthenticator() {} |
- |
void ExtendedAuthenticator::SetConsumer(LoginStatusConsumer* consumer) { |
old_consumer_ = consumer; |
} |
-void ExtendedAuthenticator::OnSaltObtained(const std::string& system_salt) { |
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- |
- salt_obtained_ = true; |
- system_salt_ = system_salt; |
- for (size_t i = 0; i < hashing_queue_.size(); i++) { |
- hashing_queue_[i].Run(system_salt); |
- } |
- hashing_queue_.clear(); |
-} |
- |
void ExtendedAuthenticator::AuthenticateToMount( |
const UserContext& context, |
- const HashSuccessCallback& success_callback) { |
+ const ResultCallback& success_callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- TransformContext(context, |
- base::Bind(&ExtendedAuthenticator::DoAuthenticateToMount, |
- this, |
- success_callback)); |
+ TransformKeyIfNeeded(context, |
+ base::Bind(&ExtendedAuthenticator::DoAuthenticateToMount, |
+ this, |
+ success_callback)); |
} |
void ExtendedAuthenticator::AuthenticateToCheck( |
const UserContext& context, |
const base::Closure& success_callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- |
- TransformContext(context, |
- base::Bind(&ExtendedAuthenticator::DoAuthenticateToCheck, |
- this, |
- success_callback)); |
+ TransformKeyIfNeeded(context, |
+ base::Bind(&ExtendedAuthenticator::DoAuthenticateToCheck, |
+ this, |
+ success_callback)); |
} |
void ExtendedAuthenticator::CreateMount( |
const std::string& user_id, |
const std::vector<cryptohome::KeyDefinition>& keys, |
- const HashSuccessCallback& success_callback) { |
+ const ResultCallback& success_callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
RecordStartMarker("MountEx"); |
@@ -110,8 +96,9 @@ void ExtendedAuthenticator::CreateMount( |
mount.create_keys.push_back(keys[i]); |
} |
UserContext context(user_id); |
- context.SetPassword(keys.front().key); |
- context.SetKeyLabel(keys.front().label); |
+ Key key(keys.front().key); |
+ key.SetLabel(keys.front().label); |
+ context.SetKey(key); |
cryptohome::HomedirMethods::GetInstance()->MountEx( |
id, |
@@ -129,12 +116,12 @@ void ExtendedAuthenticator::AddKey(const UserContext& context, |
bool replace_existing, |
const base::Closure& success_callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- TransformContext(context, |
- base::Bind(&ExtendedAuthenticator::DoAddKey, |
- this, |
- key, |
- replace_existing, |
- success_callback)); |
+ TransformKeyIfNeeded(context, |
+ base::Bind(&ExtendedAuthenticator::DoAddKey, |
+ this, |
+ key, |
+ replace_existing, |
+ success_callback)); |
} |
void ExtendedAuthenticator::UpdateKeyAuthorized( |
@@ -143,27 +130,66 @@ void ExtendedAuthenticator::UpdateKeyAuthorized( |
const std::string& signature, |
const base::Closure& success_callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- TransformContext(context, |
- base::Bind(&ExtendedAuthenticator::DoUpdateKeyAuthorized, |
- this, |
- key, |
- signature, |
- success_callback)); |
+ TransformKeyIfNeeded(context, |
+ base::Bind(&ExtendedAuthenticator::DoUpdateKeyAuthorized, |
+ this, |
+ key, |
+ signature, |
+ success_callback)); |
} |
void ExtendedAuthenticator::RemoveKey(const UserContext& context, |
const std::string& key_to_remove, |
const base::Closure& success_callback) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- TransformContext(context, |
- base::Bind(&ExtendedAuthenticator::DoRemoveKey, |
- this, |
- key_to_remove, |
- success_callback)); |
+ TransformKeyIfNeeded(context, |
+ base::Bind(&ExtendedAuthenticator::DoRemoveKey, |
+ this, |
+ key_to_remove, |
+ success_callback)); |
+} |
+ |
+void ExtendedAuthenticator::TransformKeyIfNeeded( |
+ const UserContext& user_context, |
+ const ContextCallback& callback) { |
+ if (user_context.GetKey()->GetKeyType() != Key::KEY_TYPE_PASSWORD_PLAIN) { |
+ callback.Run(user_context); |
+ return; |
+ } |
+ |
+ if (!salt_obtained_) { |
+ system_salt_callbacks_.push_back(base::Bind( |
+ &ExtendedAuthenticator::TransformKeyIfNeeded, |
+ this, |
+ user_context, |
+ callback)); |
+ return; |
+ } |
+ |
+ UserContext transformed_context = user_context; |
+ transformed_context.GetKey()->Transform(Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, |
+ system_salt_); |
+ callback.Run(transformed_context); |
+} |
+ |
+ExtendedAuthenticator::~ExtendedAuthenticator() { |
+} |
+ |
+void ExtendedAuthenticator::OnSaltObtained(const std::string& system_salt) { |
+ DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
+ |
+ salt_obtained_ = true; |
+ system_salt_ = system_salt; |
+ for (std::vector<base::Closure>::const_iterator it = |
+ system_salt_callbacks_.begin(); |
+ it != system_salt_callbacks_.end(); ++it) { |
+ it->Run(); |
+ } |
+ system_salt_callbacks_.clear(); |
} |
void ExtendedAuthenticator::DoAuthenticateToMount( |
- const HashSuccessCallback& success_callback, |
+ const ResultCallback& success_callback, |
const UserContext& user_context) { |
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
@@ -171,8 +197,8 @@ void ExtendedAuthenticator::DoAuthenticateToMount( |
std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); |
cryptohome::Identification id(canonicalized); |
- cryptohome::Authorization auth(user_context.GetPassword(), |
- user_context.GetKeyLabel()); |
+ const Key* const key = user_context.GetKey(); |
+ cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); |
cryptohome::MountParameters mount(false); |
cryptohome::HomedirMethods::GetInstance()->MountEx( |
@@ -195,8 +221,8 @@ void ExtendedAuthenticator::DoAuthenticateToCheck( |
std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); |
cryptohome::Identification id(canonicalized); |
- cryptohome::Authorization auth(user_context.GetPassword(), |
- user_context.GetKeyLabel()); |
+ const Key* const key = user_context.GetKey(); |
+ cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); |
cryptohome::HomedirMethods::GetInstance()->CheckKeyEx( |
id, |
@@ -218,8 +244,8 @@ void ExtendedAuthenticator::DoAddKey(const cryptohome::KeyDefinition& key, |
std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); |
cryptohome::Identification id(canonicalized); |
- cryptohome::Authorization auth(user_context.GetPassword(), |
- user_context.GetKeyLabel()); |
+ const Key* const auth_key = user_context.GetKey(); |
+ cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); |
cryptohome::HomedirMethods::GetInstance()->AddKeyEx( |
id, |
@@ -243,8 +269,8 @@ void ExtendedAuthenticator::DoUpdateKeyAuthorized( |
std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); |
cryptohome::Identification id(canonicalized); |
- cryptohome::Authorization auth(user_context.GetPassword(), |
- user_context.GetKeyLabel()); |
+ const Key* const auth_key = user_context.GetKey(); |
+ cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); |
cryptohome::HomedirMethods::GetInstance()->UpdateKeyEx( |
id, |
@@ -267,8 +293,8 @@ void ExtendedAuthenticator::DoRemoveKey(const std::string& key_to_remove, |
std::string canonicalized = gaia::CanonicalizeEmail(user_context.GetUserID()); |
cryptohome::Identification id(canonicalized); |
- cryptohome::Authorization auth(user_context.GetPassword(), |
- user_context.GetKeyLabel()); |
+ const Key* const auth_key = user_context.GetKey(); |
+ cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); |
cryptohome::HomedirMethods::GetInstance()->RemoveKeyEx( |
id, |
@@ -284,7 +310,7 @@ void ExtendedAuthenticator::DoRemoveKey(const std::string& key_to_remove, |
void ExtendedAuthenticator::OnMountComplete( |
const std::string& time_marker, |
const UserContext& user_context, |
- const HashSuccessCallback& success_callback, |
+ const ResultCallback& success_callback, |
bool success, |
cryptohome::MountError return_code, |
const std::string& mount_hash) { |
@@ -354,53 +380,4 @@ void ExtendedAuthenticator::OnOperationComplete( |
} |
} |
-void ExtendedAuthenticator::HashPasswordWithSalt( |
- const std::string& password, |
- const HashSuccessCallback& success_callback) { |
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- DCHECK(consumer_) << "This is a part of new API"; |
- |
- DoHashWithSalt(password, success_callback, system_salt_); |
-} |
- |
-void ExtendedAuthenticator::TransformContext(const UserContext& user_context, |
- const ContextCallback& callback) { |
- if (!user_context.DoesNeedPasswordHashing()) { |
- callback.Run(user_context); |
- } else { |
- DoHashWithSalt(user_context.GetPassword(), |
- base::Bind(&ExtendedAuthenticator::DidTransformContext, |
- this, |
- user_context, |
- callback), |
- system_salt_); |
- } |
-} |
- |
-void ExtendedAuthenticator::DidTransformContext( |
- const UserContext& user_context, |
- const ContextCallback& callback, |
- const std::string& hashed_password) { |
- DCHECK(user_context.DoesNeedPasswordHashing()); |
- UserContext context = user_context; |
- context.SetPassword(hashed_password); |
- context.SetDoesNeedPasswordHashing(false); |
- callback.Run(context); |
-} |
- |
-void ExtendedAuthenticator::DoHashWithSalt(const std::string& password, |
- const HashSuccessCallback& callback, |
- const std::string& system_salt) { |
- DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
- |
- if (salt_obtained_) { |
- std::string hash = |
- ParallelAuthenticator::HashPassword(password, system_salt); |
- callback.Run(hash); |
- return; |
- } |
- hashing_queue_.push_back(base::Bind( |
- &ExtendedAuthenticator::DoHashWithSalt, this, password, callback)); |
-} |
- |
} // namespace chromeos |