Support service accounts in the chromoting host.

remoting/host/remoting_me2me_host.cc

Index: remoting/host/remoting_me2me_host.cc
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 52b0fd37da086858cae5e748e58f0893591749ec..e4feca4b139adc66ce84903c2f0c4c3b47210931 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -266,7 +266,9 @@ class HostProcess
   scoped_refptr<RsaKeyPair> key_pair_;
   std::string oauth_refresh_token_;
   std::string serialized_config_;
+  std::string host_owner_;
   std::string xmpp_login_;
+  bool use_service_account_;
   std::string xmpp_auth_token_;
   std::string xmpp_auth_service_;
   scoped_ptr<policy_hack::PolicyWatcher> policy_watcher_;
@@ -303,6 +305,7 @@ HostProcess::HostProcess(scoped_ptr<ChromotingHostContext> context,
                          int* exit_code_out)
     : context_(context.Pass()),
       state_(HOST_INITIALIZING),
+      use_service_account_(false),
       allow_nat_traversal_(true),
       allow_pairing_(true),
       curtain_required_(false),
@@ -520,7 +523,8 @@ void HostProcess::CreateAuthenticatorFactory() {
 
   if (token_url_.is_empty() && token_validation_url_.is_empty()) {
     factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithSharedSecret(
-        local_certificate, key_pair_, host_secret_hash_, pairing_registry);
+        host_owner_, local_certificate, key_pair_, host_secret_hash_,
+        pairing_registry);
 
   } else if (token_url_.is_valid() && token_validation_url_.is_valid()) {
     scoped_ptr<protocol::ThirdPartyHostAuthenticator::TokenValidatorFactory>
@@ -528,7 +532,8 @@ void HostProcess::CreateAuthenticatorFactory() {
             token_url_, token_validation_url_, key_pair_,
             context_->url_request_context_getter()));
     factory = protocol::Me2MeHostAuthenticatorFactory::CreateWithThirdPartyAuth(
-        local_certificate, key_pair_, token_validator_factory.Pass());
+        host_owner_, local_certificate, key_pair_,
+        token_validator_factory.Pass());
 
   } else {
     // TODO(rmsousa): If the policy is bad the host should not go online. It
@@ -727,6 +732,15 @@ bool HostProcess::ApplyConfig(scoped_ptr<JsonHostConfig> config) {
     // request an OAuth2 access token.
     xmpp_auth_service_ = kChromotingTokenDefaultServiceName;
   }
+
+  if (config->GetString(kHostOwnerConfigPath, &host_owner_)) {
+    // Service account configs have a host_owner, different from the xmpp_login.
+    use_service_account_ = true;
+  } else {
+    // User credential configs only have an xmpp_login, which is also the owner.
+    host_owner_ = xmpp_login_;
+    use_service_account_ = false;
+  }
   return true;
 }
 
@@ -799,7 +813,7 @@ bool HostProcess::OnHostDomainPolicyUpdate(const std::string& host_domain) {
   LOG(INFO) << "Policy sets host domain: " << host_domain;
 
   if (!host_domain.empty() &&
-      !EndsWith(xmpp_login_, std::string("@") + host_domain, false)) {
+      !EndsWith(host_owner_, std::string("@") + host_domain, false)) {
     ShutdownHost(kInvalidHostDomainExitCode);
   }
   return false;
@@ -814,7 +828,7 @@ bool HostProcess::OnUsernamePolicyUpdate(bool curtain_required,
     LOG(INFO) << "Policy requires host username match.";
     std::string username = GetUsername();
     bool shutdown = username.empty() ||
-        !StartsWithASCII(xmpp_login_, username + std::string("@"),
+        !StartsWithASCII(host_owner_, username + std::string("@"),
                          false);
 
 #if defined(OS_MACOSX)
@@ -972,7 +986,7 @@ void HostProcess::StartHost() {
   if (!oauth_refresh_token_.empty()) {
     scoped_ptr<SignalingConnector::OAuthCredentials> oauth_credentials(
         new SignalingConnector::OAuthCredentials(
-            xmpp_login_, oauth_refresh_token_));
+            xmpp_login_, oauth_refresh_token_, use_service_account_));
     signaling_connector_->EnableOAuth(oauth_credentials.Pass());
   }
 
@@ -1026,7 +1040,7 @@ void HostProcess::StartHost() {
 #endif  // !defined(REMOTING_MULTI_PROCESS)
 
   host_->SetEnableCurtaining(curtain_required_);
-  host_->Start(xmpp_login_);
+  host_->Start(host_owner_);
 
   CreateAuthenticatorFactory();
 }