Do not include 'domain' for EMK challenge

Since CL:2193900, attestation service ignores the 'domain' in EMK
challenge signing requests.
Instead, attestation relies on 'customer id' which is extracted from
device policy by the daemon.
Consequently, stop sending 'domain' in EMK.

Bug: 1073974
Change-Id: I08592ea2674071e68400761d911f0b6358a1b917
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2543393Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org>
Reviewed-by: Michael Ershov <miersh@google.com>
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#830185}

chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.cc

@@ -279,7 +279,7 @@ std::string TpmChallengeKeySubtleImpl::GetEmail() const {
 
   switch (key_type_) {
     case KEY_DEVICE:
-      return InstallAttributes::Get()->GetDomain();
+      return std::string();
     case KEY_USER:
       return GetAccountId().GetUserEmail();
   }

chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.h

@@ -167,7 +167,7 @@ class TpmChallengeKeySubtleImpl final : public TpmChallengeKeySubtle {
   // Returns true if remote attestation is allowed and the setting is managed.
   bool IsRemoteAttestationEnabledForUser() const;
 
-  // Returns the enterprise domain the device is enrolled to or user email.
+  // Returns the user email (for user key) or an empty string (for machine key).
   std::string GetEmail() const;
   AttestationCertificateProfile GetCertificateProfile() const;
   // Returns the User* associated with |profile_|. May return nullptr (if there

chrome/browser/chromeos/attestation/tpm_challenge_key_subtle_unittest.cc

@@ -44,7 +44,6 @@ namespace attestation {
 namespace {
 
 constexpr char kTestUserEmail[] = "test@google.com";
-constexpr char kTestUserDomain[] = "google.com";
 constexpr char kTestUserGaiaId[] = "test_gaia_id";
 constexpr char kEmptyKeyName[] = "";
 constexpr char kNonDefaultKeyName[] = "key_name_123";
@@ -516,7 +515,7 @@ TEST_F(TpmChallengeKeySubtleTest, DeviceKeyNotRegisteredSuccess) {
 
   ::attestation::SignEnterpriseChallengeRequest expected_request;
   expected_request.set_key_label(key_name);
-  expected_request.set_domain(kTestUserDomain);
+  expected_request.set_domain(std::string());
   expected_request.set_device_id(GetInstallAttributes()->GetDeviceId());
   AttestationClient::Get()
       ->GetTestInterface()
@@ -537,7 +536,7 @@ TEST_F(TpmChallengeKeySubtleTest, DeviceKeyRegisteredSuccess) {
   ::attestation::SignEnterpriseChallengeRequest expected_request;
   expected_request.set_key_label(GetDefaultKeyName(key_type));
   expected_request.set_key_name_for_spkac(key_name);
-  expected_request.set_domain(kTestUserDomain);
+  expected_request.set_domain(std::string());
   expected_request.set_device_id(GetInstallAttributes()->GetDeviceId());
   AttestationClient::Get()
       ->GetTestInterface()

chrome/browser/chromeos/login/saml/saml_browsertest.cc

@@ -645,7 +645,6 @@ class SamlTest : public OobeBaseTest {
     sign_enterprise_challenge_request.set_username("");
     sign_enterprise_challenge_request.set_key_label(
         attestation::kEnterpriseMachineKey);
-    sign_enterprise_challenge_request.set_domain("google.com");
     sign_enterprise_challenge_request.set_device_id("device_id");
     AttestationClient::Get()
         ->GetTestInterface()