diff options
Diffstat (limited to 'chromium/chrome/browser/extensions/api/enterprise_platform_keys_private')
3 files changed, 108 insertions, 66 deletions
diff --git a/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc index 92e1bc05574..c68aaa5367b 100644 --- a/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc +++ b/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc @@ -43,6 +43,12 @@ #include "google_apis/gaia/gaia_auth_util.h" #include "third_party/cros_system_api/dbus/service_constants.h" +namespace { +// Prefix for naming machine keys used for SignedPublicKeyAndChallenge when +// challenging the EMK with register=true. +const char kEnterpriseMachineKeyForSpkacPrefix[] = "attest-ent-machine-"; +} // namespace + namespace extensions { namespace api_epkp = api::enterprise_platform_keys_private; @@ -68,12 +74,14 @@ EPKPChallengeKeyBase::PrepareKeyContext::PrepareKeyContext( const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, + const std::string& key_name_for_spkac, const base::Callback<void(PrepareKeyResult)>& callback) : key_type(key_type), account_id(account_id), key_name(key_name), certificate_profile(certificate_profile), require_user_consent(require_user_consent), + key_name_for_spkac(key_name_for_spkac), callback(callback) {} EPKPChallengeKeyBase::PrepareKeyContext::PrepareKeyContext( @@ -199,13 +207,11 @@ void EPKPChallengeKeyBase::PrepareKey( const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, + const std::string& key_name_for_spkac, const base::Callback<void(PrepareKeyResult)>& callback) { - const PrepareKeyContext context = PrepareKeyContext(key_type, - account_id, - key_name, - certificate_profile, - require_user_consent, - callback); + const PrepareKeyContext context = + PrepareKeyContext(key_type, account_id, key_name, certificate_profile, + require_user_consent, key_name_for_spkac, callback); cryptohome_client_->TpmAttestationIsPrepared( base::BindOnce(&EPKPChallengeKeyBase::IsAttestationPreparedCallback, base::Unretained(this), context)); @@ -224,6 +230,18 @@ void EPKPChallengeKeyBase::IsAttestationPreparedCallback( base::Unretained(this), context)); return; } + + if (!context.key_name_for_spkac.empty()) { + // Generate a new key and have it signed by PCA. + attestation_flow_->GetCertificate( + context.certificate_profile, context.account_id, + std::string(), // Not used. + true, // Force a new key to be generated. + context.key_name_for_spkac, + base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, + base::Unretained(this), context.callback)); + return; + } // Attestation is available, see if the key we need already exists. cryptohome_client_->TpmAttestationDoesKeyExist( context.key_type, @@ -295,6 +313,7 @@ void EPKPChallengeKeyBase::AskForUserConsentCallback( context.certificate_profile, context.account_id, std::string(), // Not used. true, // Force a new key to be generated. + std::string(), // Leave key name empty to generate a default name. base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, base::Unretained(this), context.callback)); } @@ -337,11 +356,10 @@ EPKPChallengeMachineKey::EPKPChallengeMachineKey( EPKPChallengeMachineKey::~EPKPChallengeMachineKey() { } -void EPKPChallengeMachineKey::Run( - scoped_refptr<UIThreadExtensionFunction> caller, - const ChallengeKeyCallback& callback, - const std::string& challenge, - bool register_key) { +void EPKPChallengeMachineKey::Run(scoped_refptr<ExtensionFunction> caller, + const ChallengeKeyCallback& callback, + const std::string& challenge, + bool register_key) { callback_ = callback; profile_ = ChromeExtensionFunctionDetails(caller.get()).GetProfile(); extension_ = scoped_refptr<const Extension>(caller->extension()); @@ -372,7 +390,7 @@ void EPKPChallengeMachineKey::Run( } void EPKPChallengeMachineKey::DecodeAndRun( - scoped_refptr<UIThreadExtensionFunction> caller, + scoped_refptr<ExtensionFunction> caller, const ChallengeKeyCallback& callback, const std::string& encoded_challenge, bool register_key) { @@ -393,18 +411,31 @@ void EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback( return; } + // The EMK cannot be registered as that would relinquish it and the DMServer + // relies on it to remain stable. If register_key = true, generate a new + // machine key to side-load into the system-wide token. This key will be + // used for SignedPublicKeyAndChallenge but the challenge response will still + // be singed using the stable EMK. + std::string key_name_for_spkac; + if (register_key) { + key_name_for_spkac = kEnterpriseMachineKeyForSpkacPrefix + extension_->id(); + } PrepareKey(chromeos::attestation::KEY_DEVICE, EmptyAccountId(), // Not used. chromeos::attestation::kEnterpriseMachineKey, chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, false, // user consent is not required. + key_name_for_spkac, base::Bind(&EPKPChallengeMachineKey::PrepareKeyCallback, - base::Unretained(this), challenge, register_key)); + base::Unretained(this), challenge, register_key, + key_name_for_spkac)); } -void EPKPChallengeMachineKey::PrepareKeyCallback(const std::string& challenge, - bool register_key, - PrepareKeyResult result) { +void EPKPChallengeMachineKey::PrepareKeyCallback( + const std::string& challenge, + bool register_key, + const std::string& key_name_for_spkac, + PrepareKeyResult result) { if (result != PREPARE_KEY_OK) { callback_.Run(false, base::StringPrintf(kGetCertificateFailedError, result)); @@ -419,7 +450,7 @@ void EPKPChallengeMachineKey::PrepareKeyCallback(const std::string& challenge, GetDeviceId(), register_key ? chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY : chromeos::attestation::CHALLENGE_OPTION_NONE, - challenge, + challenge, key_name_for_spkac, base::Bind(&EPKPChallengeMachineKey::SignChallengeCallback, base::Unretained(this), register_key)); } @@ -433,10 +464,12 @@ void EPKPChallengeMachineKey::SignChallengeCallback( return; } if (register_key) { + std::string key_name_for_spkac = + kEnterpriseMachineKeyForSpkacPrefix + extension_->id(); async_caller_->TpmAttestationRegisterKey( chromeos::attestation::KEY_DEVICE, cryptohome::Identification(), // Not used. - chromeos::attestation::kEnterpriseMachineKey, + key_name_for_spkac, base::Bind(&EPKPChallengeMachineKey::RegisterKeyCallback, base::Unretained(this), response)); } else { @@ -489,7 +522,7 @@ void EPKPChallengeUserKey::RegisterProfilePrefs( registry->RegisterListPref(prefs::kAttestationExtensionWhitelist); } -void EPKPChallengeUserKey::Run(scoped_refptr<UIThreadExtensionFunction> caller, +void EPKPChallengeUserKey::Run(scoped_refptr<ExtensionFunction> caller, const ChallengeKeyCallback& callback, const std::string& challenge, bool register_key) { @@ -535,11 +568,10 @@ void EPKPChallengeUserKey::Run(scoped_refptr<UIThreadExtensionFunction> caller, } } -void EPKPChallengeUserKey::DecodeAndRun( - scoped_refptr<UIThreadExtensionFunction> caller, - const ChallengeKeyCallback& callback, - const std::string& encoded_challenge, - bool register_key) { +void EPKPChallengeUserKey::DecodeAndRun(scoped_refptr<ExtensionFunction> caller, + const ChallengeKeyCallback& callback, + const std::string& encoded_challenge, + bool register_key) { std::string challenge; if (!base::Base64Decode(encoded_challenge, &challenge)) { callback.Run(false, kChallengeBadBase64Error); @@ -561,7 +593,7 @@ void EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback( PrepareKey(chromeos::attestation::KEY_USER, GetAccountId(), chromeos::attestation::kEnterpriseUserKey, chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, - require_user_consent, + require_user_consent, std::string() /* key_name_for_spkac */, base::Bind(&EPKPChallengeUserKey::PrepareKeyCallback, base::Unretained(this), challenge, register_key)); } @@ -582,7 +614,7 @@ void EPKPChallengeUserKey::PrepareKeyCallback(const std::string& challenge, chromeos::attestation::kEnterpriseUserKey, GetUserEmail(), GetDeviceId(), register_key ? chromeos::attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY : chromeos::attestation::CHALLENGE_OPTION_NONE, - challenge, + challenge, std::string() /* key_name_for_spkac */, base::Bind(&EPKPChallengeUserKey::SignChallengeCallback, base::Unretained(this), register_key)); } @@ -645,11 +677,11 @@ EnterprisePlatformKeysPrivateChallengeMachineKeyFunction::Run() { this); // base::Unretained is safe on impl_ since its life-cycle matches |this| and // |callback| holds a reference to |this|. - base::Closure task = base::Bind( - &EPKPChallengeMachineKey::DecodeAndRun, base::Unretained(impl_), - scoped_refptr<UIThreadExtensionFunction>(AsUIThreadExtensionFunction()), - callback, params->challenge, false); - base::PostTaskWithTraits(FROM_HERE, {content::BrowserThread::UI}, task); + base::Closure task = base::Bind(&EPKPChallengeMachineKey::DecodeAndRun, + base::Unretained(impl_), + scoped_refptr<ExtensionFunction>(this), + callback, params->challenge, false); + base::PostTask(FROM_HERE, {content::BrowserThread::UI}, task); return RespondLater(); } @@ -688,11 +720,11 @@ EnterprisePlatformKeysPrivateChallengeUserKeyFunction::Run() { this); // base::Unretained is safe on impl_ since its life-cycle matches |this| and // |callback| holds a reference to |this|. - base::Closure task = base::Bind( - &EPKPChallengeUserKey::DecodeAndRun, base::Unretained(impl_), - scoped_refptr<UIThreadExtensionFunction>(AsUIThreadExtensionFunction()), - callback, params->challenge, params->register_key); - base::PostTaskWithTraits(FROM_HERE, {content::BrowserThread::UI}, task); + base::Closure task = + base::Bind(&EPKPChallengeUserKey::DecodeAndRun, base::Unretained(impl_), + scoped_refptr<ExtensionFunction>(this), callback, + params->challenge, params->register_key); + base::PostTask(FROM_HERE, {content::BrowserThread::UI}, task); return RespondLater(); } diff --git a/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h b/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h index 66cb475b59f..e8e9fa09d43 100644 --- a/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h +++ b/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h @@ -100,16 +100,18 @@ class EPKPChallengeKeyBase { // Returns the enterprise virtual device ID. std::string GetDeviceId() const; - // Prepares the key for signing. It will first check if the key exists. If - // the key does not exist, it will call AttestationFlow::GetCertificate() to - // get a new one. If require_user_consent is true, it will explicitly ask for - // user consent before calling GetCertificate(). + // Prepares the key for signing. It will first check if a new key should be + // generated, i.e. |key_name_for_spkac| is not empty or the key doesn't + // exist and, if necessary, call AttestationFlow::GetCertificate() to get a + // new one. If require_user_consent is true, it will explicitly ask for user + // consent before calling GetCertificate(). void PrepareKey( chromeos::attestation::AttestationKeyType key_type, const AccountId& account_id, const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, + const std::string& key_name_for_spkac, const base::Callback<void(PrepareKeyResult)>& callback); chromeos::CryptohomeClient* cryptohome_client_; @@ -130,6 +132,7 @@ class EPKPChallengeKeyBase { chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, + const std::string& key_name_for_spkac, const base::Callback<void(PrepareKeyResult)>& callback); PrepareKeyContext(const PrepareKeyContext& other); ~PrepareKeyContext(); @@ -139,6 +142,7 @@ class EPKPChallengeKeyBase { const std::string key_name; chromeos::attestation::AttestationCertificateProfile certificate_profile; bool require_user_consent; + std::string key_name_for_spkac; const base::Callback<void(PrepareKeyResult)> callback; }; @@ -176,13 +180,13 @@ class EPKPChallengeMachineKey : public EPKPChallengeKeyBase { // Asynchronously run the flow to challenge a machine key in the |caller| // context. - void Run(scoped_refptr<UIThreadExtensionFunction> caller, + void Run(scoped_refptr<ExtensionFunction> caller, const ChallengeKeyCallback& callback, const std::string& encoded_challenge, bool register_key); // Like |Run| but expects a Base64 |encoded_challenge|. - void DecodeAndRun(scoped_refptr<UIThreadExtensionFunction> caller, + void DecodeAndRun(scoped_refptr<ExtensionFunction> caller, const ChallengeKeyCallback& callback, const std::string& encoded_challenge, bool register_key); @@ -195,6 +199,7 @@ class EPKPChallengeMachineKey : public EPKPChallengeKeyBase { bool enabled); void PrepareKeyCallback(const std::string& challenge, bool register_key, + const std::string& key_name_for_spkac, PrepareKeyResult result); void SignChallengeCallback(bool register_key, bool success, @@ -223,13 +228,13 @@ class EPKPChallengeUserKey : public EPKPChallengeKeyBase { // Asynchronously run the flow to challenge a user key in the |caller| // context. - void Run(scoped_refptr<UIThreadExtensionFunction> caller, + void Run(scoped_refptr<ExtensionFunction> caller, const ChallengeKeyCallback& callback, const std::string& challenge, bool register_key); // Like |Run| but expects a Base64 |encoded_challenge|. - void DecodeAndRun(scoped_refptr<UIThreadExtensionFunction> caller, + void DecodeAndRun(scoped_refptr<ExtensionFunction> caller, const ChallengeKeyCallback& callback, const std::string& encoded_challenge, bool register_key); @@ -255,7 +260,7 @@ class EPKPChallengeUserKey : public EPKPChallengeKeyBase { }; class EnterprisePlatformKeysPrivateChallengeMachineKeyFunction - : public UIThreadExtensionFunction { + : public ExtensionFunction { public: EnterprisePlatformKeysPrivateChallengeMachineKeyFunction(); explicit EnterprisePlatformKeysPrivateChallengeMachineKeyFunction( @@ -279,7 +284,7 @@ class EnterprisePlatformKeysPrivateChallengeMachineKeyFunction }; class EnterprisePlatformKeysPrivateChallengeUserKeyFunction - : public UIThreadExtensionFunction { + : public ExtensionFunction { public: EnterprisePlatformKeysPrivateChallengeUserKeyFunction(); explicit EnterprisePlatformKeysPrivateChallengeUserKeyFunction( diff --git a/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc b/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc index 3dc0c29bc66..6230610cb4a 100644 --- a/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc +++ b/chromium/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc @@ -88,6 +88,7 @@ void SignChallengeCallbackTrue( const std::string& device_id, chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, + const std::string& key_name_for_spkac, const cryptohome::AsyncMethodCaller::DataCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(callback, true, "response")); @@ -101,6 +102,7 @@ void SignChallengeCallbackFalse( const std::string& device_id, chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, + const std::string& key_name_for_spkac, const cryptohome::AsyncMethodCaller::DataCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(callback, false, "")); @@ -111,6 +113,7 @@ void GetCertificateCallbackTrue( const AccountId& account_id, const std::string& request_origin, bool force_new_key, + const std::string& key_name, const chromeos::attestation::AttestationFlow::CertificateCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -124,6 +127,7 @@ void GetCertificateCallbackUnspecifiedFailure( const AccountId& account_id, const std::string& request_origin, bool force_new_key, + const std::string& key_name, const chromeos::attestation::AttestationFlow::CertificateCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -138,6 +142,7 @@ void GetCertificateCallbackBadRequestFailure( const AccountId& account_id, const std::string& request_origin, bool force_new_key, + const std::string& key_name, const chromeos::attestation::AttestationFlow::CertificateCallback& callback) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -164,9 +169,9 @@ class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { ON_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) .WillByDefault(Invoke(RegisterKeyCallbackTrue)); ON_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) + TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _, _)) .WillByDefault(Invoke(SignChallengeCallbackTrue)); - ON_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) + ON_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _, _)) .WillByDefault(Invoke(GetCertificateCallbackTrue)); stub_install_attributes_.SetCloudManaged("google.com", "device_id"); @@ -301,7 +306,7 @@ TEST_F(EPKPChallengeMachineKeyTest, DoesKeyExistDbusFailed) { } TEST_F(EPKPChallengeMachineKeyTest, GetCertificateFailed) { - EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) + EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _, _)) .WillRepeatedly(Invoke(GetCertificateCallbackUnspecifiedFailure)); EXPECT_EQ(GetCertificateError(kGetCertificateFailed), @@ -310,7 +315,7 @@ TEST_F(EPKPChallengeMachineKeyTest, GetCertificateFailed) { TEST_F(EPKPChallengeMachineKeyTest, SignChallengeFailed) { EXPECT_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) + TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _, _)) .WillRepeatedly(Invoke(SignChallengeCallbackFalse)); EXPECT_EQ(EPKPChallengeKeyBase::kSignChallengeFailedError, @@ -321,7 +326,7 @@ TEST_F(EPKPChallengeMachineKeyTest, KeyExists) { cryptohome_client_.SetTpmAttestationDeviceCertificate("attest-ent-machine", std::string()); // GetCertificate must not be called if the key exists. - EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) + EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _, _)) .Times(0); EXPECT_TRUE(utils::RunFunction(func_.get(), kArgs, browser(), @@ -366,14 +371,14 @@ TEST_P(EPKPChallengeMachineKeyAllProfilesTest, Success) { EXPECT_CALL(mock_attestation_flow_, GetCertificate( chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, - _, _, _, _)) + _, _, _, _, _)) .Times(1); // SignEnterpriseChallenge must be called exactly once. - EXPECT_CALL( - mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_DEVICE, cryptohome::Identification(), - "attest-ent-machine", "google.com", "device_id", _, "challenge", _)) + EXPECT_CALL(mock_async_method_caller_, + TpmAttestationSignEnterpriseChallenge( + chromeos::attestation::KEY_DEVICE, + cryptohome::Identification(), "attest-ent-machine", + "google.com", "device_id", _, "challenge", _, _)) .Times(1); std::unique_ptr<base::Value> value(utils::RunFunctionAndReturnSingleResult( @@ -464,7 +469,7 @@ TEST_F(EPKPChallengeUserKeyTest, DoesKeyExistDbusFailed) { } TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailedWithUnspecifiedFailure) { - EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) + EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _, _)) .WillRepeatedly(Invoke(GetCertificateCallbackUnspecifiedFailure)); EXPECT_EQ(GetCertificateError(kGetCertificateFailed), @@ -472,7 +477,7 @@ TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailedWithUnspecifiedFailure) { } TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailedWithBadRequestFailure) { - EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) + EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _, _)) .WillRepeatedly(Invoke(GetCertificateCallbackBadRequestFailure)); EXPECT_EQ(GetCertificateError(kGetCertificateFailed), @@ -481,7 +486,7 @@ TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailedWithBadRequestFailure) { TEST_F(EPKPChallengeUserKeyTest, SignChallengeFailed) { EXPECT_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) + TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _, _)) .WillRepeatedly(Invoke(SignChallengeCallbackFalse)); EXPECT_EQ(EPKPChallengeKeyBase::kSignChallengeFailedError, @@ -502,7 +507,7 @@ TEST_F(EPKPChallengeUserKeyTest, KeyExists) { AccountId::FromUserEmail(kUserEmail)), "attest-ent-user", std::string()); // GetCertificate must not be called if the key exists. - EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) + EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _, _)) .Times(0); EXPECT_TRUE(utils::RunFunction(func_.get(), kArgs, browser(), @@ -527,10 +532,10 @@ TEST_F(EPKPChallengeUserKeyTest, PersonalDevice) { TEST_F(EPKPChallengeUserKeyTest, Success) { // GetCertificate must be called exactly once. - EXPECT_CALL(mock_attestation_flow_, - GetCertificate( - chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, - _, _, _, _)) + EXPECT_CALL( + mock_attestation_flow_, + GetCertificate(chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, + _, _, _, _, _)) .Times(1); const AccountId account_id = AccountId::FromUserEmail(kUserEmail); // SignEnterpriseChallenge must be called exactly once. @@ -539,7 +544,7 @@ TEST_F(EPKPChallengeUserKeyTest, Success) { chromeos::attestation::KEY_USER, cryptohome::Identification(account_id), "attest-ent-user", cryptohome::Identification(account_id).id(), "device_id", _, - "challenge", _)) + "challenge", _, _)) .Times(1); // RegisterKey must be called exactly once. EXPECT_CALL(mock_async_method_caller_, |