Add support for the Pkcs11GetTpmTokenInfoForUser cryptohome call.

chromeos/dbus/cryptohome_client.h

Index: chromeos/dbus/cryptohome_client.h
diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h
index b1019c5b7b1f6cdd02c88f04cdd25bdfb6684a19..b181f64ec235ef34609a70a63f4866979de6d847 100644
--- a/chromeos/dbus/cryptohome_client.h
+++ b/chromeos/dbus/cryptohome_client.h
@@ -35,11 +35,19 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient {
       AsyncCallStatusWithDataHandler;
   // A callback to handle responses of AsyncXXX methods.
   typedef base::Callback<void(int async_id)> AsyncMethodCallback;
-  // A callback to handle responses of Pkcs11GetTpmTokenInfo method.
+  // A callback to handle responses of Pkcs11GetTpmTokenInfo method.  The result
+  // of the D-Bus call is in |call_status|.  On success, |label| holds the
+  // PKCS #11 token label.  This is not useful in practice to identify a token
+  // but may be meaningful to a user.  The |user_pin| can be used with the
+  // C_Login PKCS #11 function but is not necessary because tokens are logged in
+  // for the duration of a signed-in session.  The |slot| corresponds to a
+  // CK_SLOT_ID for the PKCS #11 API and reliably identifies the token for the
+  // duration of the signed-in session.

[satorux1, 2013/10/08 23:46:31]

thank you for adding this! we need more of these comments!

   typedef base::Callback<void(
       DBusMethodCallStatus call_status,
       const std::string& label,
-      const std::string& user_pin)> Pkcs11GetTpmTokenInfoCallback;
+      const std::string& user_pin,
+      int slot)> Pkcs11GetTpmTokenInfoCallback;
   // A callback for methods which return both a bool result and data.
   typedef base::Callback<void(DBusMethodCallStatus call_status,
                               bool result,
@@ -186,10 +194,20 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient {
   virtual void Pkcs11IsTpmTokenReady(
       const BoolDBusMethodCallback& callback) = 0;
 
-  // Calls Pkcs11GetTpmTokenInfo method.
+  // Calls Pkcs11GetTpmTokenInfo method.  This method is deprecated, you should
+  // use Pkcs11GetTpmTokenInfoForUser instead.  On success |callback| will
+  // receive PKCS #11 token information for the token associated with the user
+  // who originally signed in (i.e. PKCS #11 slot 0).
   virtual void Pkcs11GetTpmTokenInfo(
       const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
 
+  // Calls Pkcs11GetTpmTokenInfoForUser method.  On success |callback| will
+  // receive PKCS #11 token information for the user identified by the canonical
+  // |username|.
+  virtual void Pkcs11GetTpmTokenInfoForUser(
+      const std::string& username,

[mattm, 2013/10/08 23:10:25]

Is username the "u-<long hex string>" value like in the home dir path?

[Darren Krahn, 2013/10/08 23:29:38]

No, it's a canonical email address as returned by chromeos::User::email().  At
least, that is my intention.  Let me know if this is inconvenient for any
reason.

[satorux1, 2013/10/08 23:46:31]

I think it's a good explanation about |username| parameter. Please add it as a
comment.

+      const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
+
   // Calls InstallAttributesGet method and returns true when the call succeeds.
   // This method blocks until the call returns.
   // The original content of |value| is lost.