Delay creating easy signin TPM keys until TPM is initialized

chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc

Index: chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
index 3321ed9a336e55cc9240c61ff3b2ba9d7e67ee62..c59b4f923ddc5239758c957160537bb8f72aeba8 100644
--- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
+++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
@@ -54,6 +54,29 @@ void GetSystemSlotOnIOThread(
     callback_on_origin_thread.Run(system_slot.Pass());
 }
 
+// Relays |EnsureUserTpmInitializedOnIOThread| callback to
+// |response_task_runner|, ignoring |slot|.
+void RunCallbackWithoutSlotOnThreadRunner(

[pneubeck (no reviews), 2015/05/12 12:21:43]

s/ThreadRunner/TaskRunner/

[tbarzic, 2015/05/12 17:10:46]

Done.

+    const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
+    const base::Closure& callback,
+    crypto::ScopedPK11Slot slot) {
+  response_task_runner->PostTask(FROM_HERE, callback);
+}
+
+void EnsureUserTPMInitializedOnIOThread(
+    const std::string& username_hash,
+    const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
+    const base::Closure& callback) {
+  base::Callback<void(crypto::ScopedPK11Slot)> callback_on_origin_thread =
+      base::Bind(&RunCallbackWithoutSlotOnThreadRunner, response_task_runner,
+                 callback);
+
+  crypto::ScopedPK11Slot private_slot = crypto::GetPrivateSlotForChromeOSUser(
+      username_hash, callback_on_origin_thread);
+  if (private_slot)
+    callback_on_origin_thread.Run(private_slot.Pass());
+}
+
 // Checks if a private RSA key associated with |public_key| can be found in
 // |slot|.
 // Must be called on a worker thread.
@@ -168,9 +191,12 @@ void EasyUnlockTpmKeyManager::ResetLocalStateForUser(
   update->RemoveWithoutPathExpansion(user_id, NULL);
 }
 
-EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager(const std::string& user_id,
-                                                 PrefService* local_state)
+EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager(
+    const std::string& user_id,
+    const std::string& username_hash,
+    PrefService* local_state)
     : user_id_(user_id),
+      username_hash_(username_hash),
       local_state_(local_state),
       create_tpm_key_state_(CREATE_TPM_KEY_NOT_STARTED),
       get_tpm_slot_weak_ptr_factory_(this),
@@ -184,6 +210,7 @@ bool EasyUnlockTpmKeyManager::PrepareTpmKey(
     bool check_private_key,
     const base::Closure& callback) {
   CHECK(!user_id_.empty());
+  CHECK(!username_hash_.empty());
 
   if (create_tpm_key_state_ == CREATE_TPM_KEY_DONE)
     return true;
@@ -197,29 +224,24 @@ bool EasyUnlockTpmKeyManager::PrepareTpmKey(
   prepare_tpm_key_callbacks_.push_back(callback);
 
   if (create_tpm_key_state_ == CREATE_TPM_KEY_NOT_STARTED) {
-    create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT;
+    create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_USER_SLOT;
 
-    base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot =
-        base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot,
-                   get_tpm_slot_weak_ptr_factory_.GetWeakPtr(),
-                   key);
+    base::Closure on_user_tpm_ready =
+        base::Bind(&EasyUnlockTpmKeyManager::OnUserTPMInitialized,
+                   get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), key);
 
     content::BrowserThread::PostTask(
-        content::BrowserThread::IO,
-        FROM_HERE,
-        base::Bind(&GetSystemSlotOnIOThread,
-                   base::ThreadTaskRunnerHandle::Get(),
-                   create_key_with_system_slot));
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&EnsureUserTPMInitializedOnIOThread, username_hash_,
+                   base::ThreadTaskRunnerHandle::Get(), on_user_tpm_ready));
   }
 
   return false;
 }
 
 bool EasyUnlockTpmKeyManager::StartGetSystemSlotTimeoutMs(size_t timeout_ms) {
-  if (create_tpm_key_state_ == CREATE_TPM_KEY_DONE ||
-      create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT) {
+  if (StartedCreatingTpmKeys())
     return false;
-  }
 
   base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
       FROM_HERE,
@@ -267,6 +289,11 @@ void EasyUnlockTpmKeyManager::SignUsingTpmKey(
                  sign_with_system_slot));
 }
 
+bool EasyUnlockTpmKeyManager::StartedCreatingTpmKeys() const {
+  return create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT ||
+         create_tpm_key_state_ == CREATE_TPM_KEY_DONE;
+}
+
 void EasyUnlockTpmKeyManager::SetKeyInLocalState(const std::string& user_id,
                                                  const std::string& value) {
   if (!local_state_)
@@ -279,11 +306,24 @@ void EasyUnlockTpmKeyManager::SetKeyInLocalState(const std::string& user_id,
   update->SetStringWithoutPathExpansion(user_id, encoded);
 }
 
+void EasyUnlockTpmKeyManager::OnUserTPMInitialized(
+    const std::string& public_key) {
+  create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT;
+
+  base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot =
+      base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot,
+                 get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), public_key);
+
+  content::BrowserThread::PostTask(
+      content::BrowserThread::IO, FROM_HERE,
+      base::Bind(&GetSystemSlotOnIOThread, base::ThreadTaskRunnerHandle::Get(),
+                 create_key_with_system_slot));
+}
+
 void EasyUnlockTpmKeyManager::CreateKeyInSystemSlot(
     const std::string& public_key,
     crypto::ScopedPK11Slot system_slot) {
   CHECK(system_slot);
-
   create_tpm_key_state_ = CREATE_TPM_KEY_GOT_SYSTEM_SLOT;
 
   // If there are any delayed tasks posted using |StartGetSystemSlotTimeoutMs|,