Change Mac OS token location and file name.

This CL has 2 changes:
- Change location to Google Policy/Enrollment
- Derive filename from client ID (in case the home directory is mounted remotely)

Change-Id: I5b3acafd20119f79deef24fb44e3e0514c693311
Reviewed-on: https://chromium-review.googlesource.com/1145627
Commit-Queue: Georges Khalil <georgesak@chromium.org>
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#577410}

chrome/browser/policy/browser_dm_token_storage.h

@@ -23,7 +23,8 @@ namespace policy {
 // registry once and cached values are returned in subsequent calls.
 //
 // All calls to member functions must be sequenced. It is an error to attempt
-// concurrent store operations.
+// concurrent store operations. RetrieveClientId must be the first method
+// called.
 class BrowserDMTokenStorage {
  public:
   using StoreCallback = base::OnceCallback<void(bool success)>;

chrome/browser/policy/browser_dm_token_storage_mac.mm

@@ -6,6 +6,7 @@
 
 #include <string>
 
+#include "base/base64url.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
@@ -18,6 +19,7 @@
 #import "base/mac/scoped_nsautorelease_pool.h"
 #include "base/no_destructor.h"
 #include "base/path_service.h"
+#include "base/sha1.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_util.h"
 #include "base/strings/sys_string_conversions.h"
@@ -33,12 +35,14 @@ namespace policy {
 
 namespace {
 
-const char kDmTokenBaseDir[] = FILE_PATH_LITERAL("Policy/Enrollment/");
+const char kDmTokenBaseDir[] =
+    FILE_PATH_LITERAL("Google/Chrome Cloud Enrollment/");
 NSString* const kEnrollmentTokenPolicyName =
     @"MachineLevelUserCloudPolicyEnrollmentToken";
-const char kDmTokenFilename[] = FILE_PATH_LITERAL("token");
 
-bool GetDmTokenFilePath(base::FilePath* token_file_path, bool create_dir) {
+bool GetDmTokenFilePath(base::FilePath* token_file_path,
+                        const std::string& client_id,
+                        bool create_dir) {
   if (!base::PathService::Get(base::DIR_APP_DATA, token_file_path))
     return false;
 
@@ -47,14 +51,18 @@ bool GetDmTokenFilePath(base::FilePath* token_file_path, bool create_dir) {
   if (create_dir && !base::CreateDirectory(*token_file_path))
     return false;
 
-  *token_file_path = token_file_path->Append(kDmTokenFilename);
+  std::string filename;
+  base::Base64UrlEncode(base::SHA1HashString(client_id),
+                        base::Base64UrlEncodePolicy::OMIT_PADDING, &filename);
+  *token_file_path = token_file_path->Append(filename.c_str());
 
   return true;
 }
 
-bool StoreDMTokenInDirAppDataDir(const std::string& token) {
+bool StoreDMTokenInDirAppDataDir(const std::string& token,
+                                 const std::string& client_id) {
   base::FilePath token_file_path;
-  if (!GetDmTokenFilePath(&token_file_path, true)) {
+  if (!GetDmTokenFilePath(&token_file_path, client_id, true)) {
     NOTREACHED();
     return false;
   }
@@ -117,7 +125,7 @@ std::string BrowserDMTokenStorageMac::InitEnrollmentToken() {
 
 std::string BrowserDMTokenStorageMac::InitDMToken() {
   base::FilePath token_file_path;
-  if (!GetDmTokenFilePath(&token_file_path, true))
+  if (!GetDmTokenFilePath(&token_file_path, RetrieveClientId(), true))
     return std::string();
 
   std::string token;
@@ -131,7 +139,7 @@ void BrowserDMTokenStorageMac::SaveDMToken(const std::string& token) {
   std::string client_id = RetrieveClientId();
   base::PostTaskWithTraitsAndReplyWithResult(
       FROM_HERE, {base::MayBlock()},
-      base::BindOnce(&StoreDMTokenInDirAppDataDir, token),
+      base::BindOnce(&StoreDMTokenInDirAppDataDir, token, client_id),
       base::BindOnce(&BrowserDMTokenStorage::OnDMTokenStored,
                      weak_factory_.GetWeakPtr()));
 }

chrome/browser/policy/browser_dm_token_storage_mac_unittest.cc

@@ -6,6 +6,7 @@
 
 #include <iostream>
 
+#include "base/base64url.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/files/file_util.h"
@@ -13,6 +14,7 @@
 #include "base/macros.h"
 #include "base/path_service.h"
 #include "base/run_loop.h"
+#include "base/sha1.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/scoped_path_override.h"
 #include "chrome/common/chrome_paths.h"
@@ -26,8 +28,8 @@ namespace policy {
 
 namespace {
 
-const char kDmTokenBaseDir[] = FILE_PATH_LITERAL("Policy/Enrollment/");
-const char kDmTokenFilename[] = FILE_PATH_LITERAL("token");
+const char kDmTokenBaseDir[] =
+    FILE_PATH_LITERAL("Google/Chrome Cloud Enrollment/");
 
 constexpr char kDMToken[] = "fake-dm-token";
 
@@ -92,8 +94,12 @@ TEST_F(BrowserDMTokenStorageMacTest, SaveDMToken) {
   base::FilePath app_data_dir_path;
   ASSERT_TRUE(base::PathService::Get(base::DIR_APP_DATA, &app_data_dir_path));
   base::FilePath dm_token_dir_path = app_data_dir_path.Append(kDmTokenBaseDir);
-  base::FilePath dm_token_file_path =
-      dm_token_dir_path.Append(kDmTokenFilename);
+
+  std::string filename;
+  base::Base64UrlEncode(base::SHA1HashString(storage.InitClientId()),
+                        base::Base64UrlEncodePolicy::OMIT_PADDING, &filename);
+
+  base::FilePath dm_token_file_path = dm_token_dir_path.Append(filename);
 
   std::string dm_token;
   ASSERT_TRUE(base::ReadFileToString(dm_token_file_path, &dm_token));