[Auth] Add linux secure internal impl

+ Add linux implementation
+ Add kokoro support for libsecret
+ Add secure integration test
+ Modify the key_namespace to pass in empty if neither package name nor project id.
+ early out linux impl if empty key_namespace (that means from auth integration test, which we don't want to trigger auth persistence)

PiperOrigin-RevId: 246212139

Author: cynthiajiang

auth/src/desktop/auth_desktop.cc

@@ -422,11 +422,22 @@ void ResetTokenRefreshCounter(AuthData* auth_data) {
 void InitializeUserDataPersist(AuthData* auth_data) {
   auto auth_impl = static_cast<AuthImpl*>(auth_data->auth_impl);
   // Combine bundle ID with project ID to create an app identifier.
-  std::string app_identifier = auth_data->app->options().package_name();
-  app_identifier += ".";
-  app_identifier += auth_data->app->options().project_id();
+  std::string package_name = auth_data->app->options().package_name();
+  std::string project_id = auth_data->app->options().project_id();
+  std::string app_identifier;
+
+  if (package_name.length() > 0) {
+    app_identifier += package_name;
+    if (project_id.length() > 0) {
+      app_identifier += ".";
+      app_identifier += project_id;
+    }
+  } else if (project_id.length() > 0) {
+    app_identifier += project_id;
+  }
   auth_impl->user_data_persist =
       MakeUnique<UserDataPersist>(app_identifier.c_str());
+
   auth_data->auth->AddAuthStateListener(auth_impl->user_data_persist.get());
   auth_impl->user_data_persist->LoadUserData(auth_data);
 }

auth/src/desktop/secure/user_secure_linux_internal.cc

@@ -0,0 +1,115 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "auth/src/desktop/secure/user_secure_linux_internal.h"
+
+#include <dlfcn.h>
+
+#include <iostream>
+
+#include "auth/src/desktop/secure/user_secure_data_handle.h"
+
+namespace firebase {
+namespace auth {
+namespace secure {
+
+namespace {
+// key entry for the app name in the schema. When save the user data with a
+// given app name, the app name is the attribute of this key inside schema.
+const char kAppNameKey[] = "auth_app_name";
+// A common attribute-value pair is added to all the device keys. This makes it
+// possible to match all the keys easily (and remove them all at once).
+const char kCommonKeyId[] = "common_key_id";
+const char kCommonKeyValue[] = "common_key_value";
+
+SecretSchema BuildSchema(const char key_namespace[]) {
+  SecretSchema schema = {key_namespace,
+                         SECRET_SCHEMA_NONE,
+                         {
+                             {kAppNameKey, SECRET_SCHEMA_ATTRIBUTE_STRING},
+                             {kCommonKeyId, SECRET_SCHEMA_ATTRIBUTE_STRING},
+                         }};
+  return schema;
+}
+}  // namespace
+
+UserSecureLinuxInternal::UserSecureLinuxInternal(const char* key_namespace)
+    : key_namespace_(key_namespace),
+      storage_schema_(BuildSchema(key_namespace)) {}
+
+UserSecureLinuxInternal::~UserSecureLinuxInternal() {}
+
+std::string UserSecureLinuxInternal::LoadUserData(const std::string& app_name) {
+  std::string empty_str("");
+
+  if (key_namespace_.length() <= 0) {
+    return empty_str;
+  }
+
+  GError* error = nullptr;
+  char* result =
+      secret_password_lookup_sync(&storage_schema_,
+                                  /* cancellable= */ nullptr,
+                                  /* error= */ &error,
+                                  /* key1= */ kAppNameKey,
+                                  /* value1= */ app_name.c_str(), nullptr);
+  if (error) {
+    g_error_free(error);
+    return empty_str;
+  }
+
+  if (result == nullptr) {
+    return empty_str;
+  }
+  std::string str_result(result);
+  secret_password_free(result);
+
+  return str_result;
+}
+
+void UserSecureLinuxInternal::SaveUserData(const std::string& app_name,
+                                           const std::string& user_data) {
+  if (key_namespace_.length() <= 0) {
+    return;
+  }
+  secret_password_store_sync(
+      &storage_schema_, SECRET_COLLECTION_DEFAULT, /* label= */ "UserSecure",
+      /* password= */ user_data.c_str(), /* cancellable= */ nullptr,
+      /* error= */ nullptr, /* key1= */ kAppNameKey,
+      /* value1= */ app_name.c_str(),
+      /* key2= */ kCommonKeyId, /* value2= */ kCommonKeyValue, nullptr);
+}
+
+void UserSecureLinuxInternal::DeleteUserData(const std::string& app_name) {
+  if (key_namespace_.length() <= 0) {
+    return;
+  }
+  secret_password_clear_sync(&storage_schema_,
+                             /* cancellable= */ nullptr, /* error= */ nullptr,
+                             /* key1= */ kAppNameKey,
+                             /* value1= */ app_name.c_str(), nullptr);
+}
+
+void UserSecureLinuxInternal::DeleteAllData() {
+  if (key_namespace_.length() <= 0) {
+    return;
+  }
+  secret_password_clear_sync(&storage_schema_, /* cancellable= */ nullptr,
+                             /* error= */ nullptr, /* key2= */ kCommonKeyId,
+                             /* value2= */ kCommonKeyValue, nullptr);
+}
+
+}  // namespace secure
+}  // namespace auth
+}  // namespace firebase

auth/src/desktop/secure/user_secure_linux_internal.h

@@ -0,0 +1,54 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_SECURE_USER_SECURE_LINUX_INTERNAL_H_
+#define FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_SECURE_USER_SECURE_LINUX_INTERNAL_H_
+
+#include <string>
+
+#include "auth/src/desktop/secure/user_secure_data_handle.h"
+#include "auth/src/desktop/secure/user_secure_internal.h"
+#include "libsecret/secret.h"
+
+namespace firebase {
+namespace auth {
+namespace secure {
+
+// Linux specific implementation for the secure manager of user data.
+class UserSecureLinuxInternal : public UserSecureInternal {
+ public:
+  ~UserSecureLinuxInternal() override;
+
+  // Overloaded constructor to set the storage schema for keys.
+  explicit UserSecureLinuxInternal(const char* key_namespace);
+
+  std::string LoadUserData(const std::string& app_name) override;
+
+  void SaveUserData(const std::string& app_name,
+                    const std::string& user_data) override;
+
+  void DeleteUserData(const std::string& app_name) override;
+
+  void DeleteAllData() override;
+
+ private:
+  const std::string key_namespace_;
+  const SecretSchema storage_schema_;
+};
+
+}  // namespace secure
+}  // namespace auth
+}  // namespace firebase
+
+#endif  // FIREBASE_AUTH_CLIENT_CPP_SRC_DESKTOP_SECURE_USER_SECURE_LINUX_INTERNAL_H_

auth/src/desktop/secure/user_secure_manager.cc

@@ -30,8 +30,8 @@
 #define USER_SECURE_TYPE UserSecureDarwinInternal
 
 #elif defined(__linux__)
-#include "auth/src/desktop/secure/user_secure_fake_internal.h"
-#define USER_SECURE_TYPE UserSecureFakeInternal
+#include "auth/src/desktop/secure/user_secure_linux_internal.h"
+#define USER_SECURE_TYPE UserSecureLinuxInternal
 
 #else  // Unknown platform, use fake version.
 #warning "No secure storage for Auth persistence is available on this platform."

auth/src/desktop/user_desktop.cc

@@ -405,7 +405,11 @@ UserDataPersist::UserDataPersist(
     : user_secure_manager_(std::move(user_secure_manager)) {}
 
 void UserDataPersist::OnAuthStateChanged(Auth* auth) {  // NOLINT
-  SaveUserData(auth->auth_data_);
+  if (auth->current_user() != nullptr) {
+    SaveUserData(auth->auth_data_);
+  } else {
+    DeleteUserData(auth->auth_data_);
+  }
 }
 
 void AssignLoadedData(const Future<std::string>& future, void* auth_data) {