Add tests for new Gaia user's cryptohome label

Extend the OobeTest.NewUser test to verify the parameters passed
to the MountEx call to cryptohomed, including the verification
that the key label is "gaia".

To simulate the flow that is close to the real flow, the
FakeCryptohomeClient class is slightly enhanced to support
replying to MountEx with CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND when
no "create" proto field is provided. This allows to achieve the
simulation of the following flow:
(1) Chrome calls MountEx for the new user without specifying
    |create|;
(2) cryptohomed checks that this user doesn't exist, and replies
    with the CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND error;
(3) Chrome sees this errors and repeats the MountEx request with
    specifying |create|;
(4) cryptohomed creates the new mount and succeeds.

Bug: 983103
Test: browser_tests --gtest_filter=OobeTest.NewUser
Change-Id: If27bcb05187219e046025f469ffe8bfe5c214562
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1690880
Commit-Queue: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org>
Reviewed-by: Denis Kuznetsov <antrim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#678276}

chrome/browser/chromeos/login/oobe_browsertest.cc

@@ -20,6 +20,10 @@
 #include "chrome/common/chrome_switches.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chromeos/constants/chromeos_switches.h"
+#include "chromeos/dbus/cryptohome/fake_cryptohome_client.h"
+#include "chromeos/dbus/cryptohome/key.pb.h"
+#include "chromeos/dbus/cryptohome/rpc.pb.h"
+#include "chromeos/login/auth/cryptohome_key_constants.h"
 #include "components/account_id/account_id.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user.h"
@@ -81,6 +85,9 @@ IN_PROC_BROWSER_TEST_F(OobeTest, NewUser) {
       chrome::NOTIFICATION_SESSION_STARTED,
       content::NotificationService::AllSources());
 
+  // Make the MountEx cryptohome call fail iff the |create| field is missing,
+  // which simulates the real cryptohomed's behavior for the new user mount.
+  FakeCryptohomeClient::Get()->set_mount_create_required(true);
   LoginDisplayHost::default_host()
       ->GetOobeUI()
       ->GetView<GaiaScreenHandler>()
@@ -95,6 +102,23 @@ IN_PROC_BROWSER_TEST_F(OobeTest, NewUser) {
           ->GetAccountId();
   EXPECT_FALSE(
       user_manager::known_user::GetIsUsingSAMLPrincipalsAPI(account_id));
+
+  // Verify the parameters that were passed to the latest MountEx call.
+  const cryptohome::AuthorizationRequest& cryptohome_auth =
+      FakeCryptohomeClient::Get()->get_last_mount_authentication();
+  EXPECT_EQ(cryptohome::KeyData::KEY_TYPE_PASSWORD,
+            cryptohome_auth.key().data().type());
+  EXPECT_TRUE(cryptohome_auth.key().data().label().empty());
+  EXPECT_FALSE(cryptohome_auth.key().secret().empty());
+  const cryptohome::MountRequest& last_mount_request =
+      FakeCryptohomeClient::Get()->get_last_mount_request();
+  ASSERT_TRUE(last_mount_request.has_create());
+  ASSERT_EQ(1, last_mount_request.create().keys_size());
+  EXPECT_EQ(cryptohome::KeyData::KEY_TYPE_PASSWORD,
+            last_mount_request.create().keys(0).data().type());
+  EXPECT_EQ(kCryptohomeGaiaKeyLabel,
+            last_mount_request.create().keys(0).data().label());
+  EXPECT_FALSE(last_mount_request.create().keys(0).secret().empty());
 }
 
 IN_PROC_BROWSER_TEST_F(OobeTest, Accelerator) {

chromeos/dbus/cryptohome/fake_cryptohome_client.cc

@@ -611,6 +611,8 @@ void FakeCryptohomeClient::MountEx(
       request.force_dircrypto_if_available()) {
     error = cryptohome::CRYPTOHOME_ERROR_MOUNT_OLD_ENCRYPTION;
   }
+  if (mount_create_required_ && !request.has_create())
+    error = cryptohome::CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND;
   reply.set_error(error);
   ReturnProtobufMethodCallback(reply, std::move(callback));
 }

chromeos/dbus/cryptohome/fake_cryptohome_client.h

@@ -248,6 +248,13 @@ class COMPONENT_EXPORT(CRYPTOHOME_CLIENT) FakeCryptohomeClient
   // Changes the behavior of TpmIsEnabled().
   void set_tpm_is_enabled(bool value) { tpm_is_enabled_ = value; }
 
+  // Sets whether the MountEx() call should fail when the |create| field is not
+  // provided (the error code will be CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND).
+  // This allows to simulate the behavior during the new user profile creation.
+  void set_mount_create_required(bool mount_create_required) {
+    mount_create_required_ = mount_create_required;
+  }
+
   // Sets the unmount result of Unmount() call.
   void set_unmount_result(bool result) { unmount_result_ = result; }
 
@@ -337,11 +344,18 @@ class COMPONENT_EXPORT(CRYPTOHOME_CLIENT) FakeCryptohomeClient
   void NotifyLowDiskSpace(uint64_t disk_free_bytes);
 
   // MountEx getters.
+  const cryptohome::MountRequest& get_last_mount_request() const {
+    return last_mount_request_;
+  }
   bool to_migrate_from_ecryptfs() const {
     return last_mount_request_.to_migrate_from_ecryptfs();
   }
   bool hidden_mount() const { return last_mount_request_.hidden_mount(); }
   bool public_mount() const { return last_mount_request_.public_mount(); }
+  const cryptohome::AuthorizationRequest& get_last_mount_authentication()
+      const {
+    return last_mount_auth_request_;
+  }
   const std::string& get_secret_for_last_mount_authentication() const {
     return last_mount_auth_request_.key().secret();
   }
@@ -411,6 +425,7 @@ class COMPONENT_EXPORT(CRYPTOHOME_CLIENT) FakeCryptohomeClient
   int remove_firmware_management_parameters_from_tpm_call_count_;
 
   int async_call_id_;
+  bool mount_create_required_ = false;
   bool unmount_result_;
   std::vector<uint8_t> system_salt_;