AttestationFlowIntegrated reads configured CA type

With this CL, the CA type can be configures as the way we do in
AttestationCAClient.

BUG=b:158955123

Change-Id: I78c4c23c334bec456e86f9591fb6363e99a50d68
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2297060
Commit-Queue: Leo Lai <cylai@google.com>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789824}

chromeos/attestation/BUILD.gn

@@ -10,6 +10,7 @@ component("attestation") {
   defines = [ "IS_CHROMEOS_ATTESTATION_IMPL" ]
   deps = [
     "//base",
+    "//chromeos/constants:constants",
     "//chromeos/cryptohome",
     "//chromeos/dbus:common",
     "//chromeos/dbus/attestation",
@@ -52,6 +53,7 @@ source_set("unit_tests") {
   deps = [
     ":test_support",
     "//base/test:test_support",
+    "//chromeos/constants:constants",
     "//chromeos/cryptohome:test_support",
     "//chromeos/dbus:test_support",
     "//chromeos/dbus/attestation",

chromeos/attestation/DEPS

@@ -3,6 +3,7 @@ noparent = True
 include_rules = [
   "+base",
   "+chromeos/chromeos_constants",
+  "+chromeos/constants",
   "+chromeos/cryptohome",
   "+chromeos/dbus",
   "+components/account_id",

chromeos/attestation/attestation_flow_integrated.cc

@@ -8,12 +8,14 @@
 #include <utility>
 
 #include "base/bind.h"
+#include "base/command_line.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/optional.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/timer/timer.h"
 #include "chromeos/attestation/attestation_flow_utils.h"
+#include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/attestation/attestation_client.h"
@@ -33,9 +35,24 @@ constexpr base::TimeDelta kReadyTimeout = base::TimeDelta::FromSeconds(60);
 // attestation.
 constexpr base::TimeDelta kRetryDelay = base::TimeDelta::FromMilliseconds(300);
 
-// Default ACA type when not specified during construction.
-constexpr ::attestation::ACAType kDefaultAcaType =
-    ::attestation::ACAType::DEFAULT_ACA;
+// Values for the attestation server switch.
+constexpr char kAttestationServerDefault[] = "default";
+constexpr char kAttestationServerTest[] = "test";
+
+::attestation::ACAType GetConfiguredACAType() {
+  std::string value =
+      base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+          chromeos::switches::kAttestationServer);
+  if (value.empty() || value == kAttestationServerDefault) {
+    return ::attestation::ACAType::DEFAULT_ACA;
+  }
+  if (value == kAttestationServerTest) {
+    return ::attestation::ACAType::TEST_ACA;
+  }
+  LOG(WARNING) << "Invalid attestation server value: " << value
+               << "; using default.";
+  return ::attestation::ACAType::DEFAULT_ACA;
+}
 
 bool IsPreparedWith(const ::attestation::GetEnrollmentPreparationsReply& reply,
                     ::attestation::ACAType aca_type) {
@@ -67,7 +84,7 @@ base::Optional<::attestation::CertificateProfile> ProfileToAttestationProtoEnum(
 }  // namespace
 
 AttestationFlowIntegrated::AttestationFlowIntegrated()
-    : AttestationFlowIntegrated(kDefaultAcaType) {}
+    : AttestationFlowIntegrated(GetConfiguredACAType()) {}
 
 // This constructor passes |nullptr|s to the base class
 // |AttestationFlow| because we don't use cryptohome client and server

chromeos/attestation/attestation_flow_integrated_unittest.cc

@@ -9,6 +9,7 @@
 #include <utility>
 
 #include "base/bind.h"
+#include "base/command_line.h"
 #include "base/logging.h"
 #include "base/optional.h"
 #include "base/run_loop.h"
@@ -16,6 +17,7 @@
 #include "base/test/task_environment.h"
 #include "base/timer/timer.h"
 #include "chromeos/attestation/attestation_flow_utils.h"
+#include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/attestation/attestation_client.h"
 #include "chromeos/dbus/attestation/interface.pb.h"
@@ -276,6 +278,40 @@ TEST_F(AttestationFlowIntegratedTest, GetCertificateAttestationTestAca) {
   EXPECT_FALSE(certificate.empty());
 }
 
+TEST_F(AttestationFlowIntegratedTest, GetCertificateAcaTypeFromCommandline) {
+  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->AppendSwitchASCII(chromeos::switches::kAttestationServer,
+                                  "test");
+  chromeos::AttestationClient::Get()
+      ->GetTestInterface()
+      ->ConfigureEnrollmentPreparations(true);
+
+  ::attestation::GetCertificateRequest request;
+  request.set_certificate_profile(
+      ::attestation::CertificateProfile::ENTERPRISE_USER_CERTIFICATE);
+  request.set_username("username@email.com");
+  request.set_key_label("label");
+  request.set_request_origin("origin");
+
+  AllowlistCertificateRequest(::attestation::ACAType::TEST_ACA, request);
+
+  base::MockCallback<AttestationFlowIntegrated::CertificateCallback> callback;
+  std::string certificate;
+  EXPECT_CALL(callback, Run(AttestationStatus::ATTESTATION_SUCCESS, _))
+      .WillOnce(SaveArg<1>(&certificate));
+
+  AttestationFlowIntegrated flow;
+  flow.GetCertificate(
+      static_cast<AttestationCertificateProfile>(request.certificate_profile()),
+      AccountId::FromUserEmail(request.username()), request.request_origin(),
+      /*generate_new_key=*/true, request.key_label(),
+      base::BindOnce(
+          &AttestationFlowIntegratedTest::QuitRunLoopCertificateCallback,
+          base::Unretained(this), callback.Get()));
+  Run();
+  EXPECT_FALSE(certificate.empty());
+}
+
 TEST_F(AttestationFlowIntegratedTest, GetCertificateAttestationEmptyAccountId) {
   chromeos::AttestationClient::Get()
       ->GetTestInterface()