Implement pin storage backend.

chrome/browser/chromeos/login/quick_unlock/pin_storage.h

Index: chrome/browser/chromeos/login/quick_unlock/pin_storage.h
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage.h b/chrome/browser/chromeos/login/quick_unlock/pin_storage.h
new file mode 100644
index 0000000000000000000000000000000000000000..12376526a4c1280811bca954119a9a79ffd1d433
--- /dev/null
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage.h
@@ -0,0 +1,87 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_
+
+#include <string>
+
+#include "base/gtest_prod_util.h"
+#include "base/time/time.h"
+#include "components/keyed_service/core/keyed_service.h"
+
+class PrefService;
+
+namespace user_prefs {
+class PrefRegistrySyncable;
+}  // namespace user_prefs
+
+FORWARD_DECLARE_TEST(PinStorageUnitTest, AuthenticationFailsFromTimeout);
+FORWARD_DECLARE_TEST(PinStorageUnitTest,
+                     TimeSinceLastStrongAuthReturnsPositiveValue);
+
+namespace chromeos {
+
+// TODO(jdufault): Figure out the UX we want on the lock screen when there are
+// multiple users. We will be storing either global or per-user unlock state. If
+// we end up storing global unlock state, we can pull the unlock attempt and
+// strong-auth code out of this class.
+
+class PinStorage : public KeyedService {
+ public:
+  // TODO(jdufault): Pull these values in from policy. See crbug.com/612271.
+  static const int kMaximumUnlockAttempts = 3;
+  static const base::TimeDelta kStrongAuthTimeout;
+
+  // Registers profile prefs.
+  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
+
+  explicit PinStorage(PrefService* pref_service);
+  ~PinStorage() override;
+
+  // Mark in storage that the user has had a strong authentication. This means
+  // that they authenticated with their password, for example. PIN unlock will
+  // timeout after a delay.
+  void MarkStrongAuth();
+  bool HasStrongAuth() const;

[stevenjb, 2016/05/16 22:19:08]

Each public method should have its own comment, describing any args or return
value. Exceptions are trivial getters/setters, e.g. foo() or set_foo(). (The
member should be sufficiently commented instead).

[jdufault, 2016/05/17 19:58:26]

Done.

+  base::TimeDelta TimeSinceLastStrongAuth() const;
+
+  // Add a PIN unlock attempt count.
+  void AddUnlockAttempt();
+  void ResetUnlockAttemptCount();
+  int UnlockAttemptCount() const;
+
+  // PIN storage management.
+  bool IsPinSet() const;
+  void SetPin(const std::string& pin);
+  void RemovePin();
+
+  // The salt and hash for the stored pin. These methods return empty values if
+  // IsPinSet returns false.
+  std::string PinSalt() const;
+  std::string PinSecret() const;
+
+  // Is PIN entry currently available?
+  bool IsPinAuthenticationAvailable() const;
+
+  // Tries to authenticate the given pin. This will consume an unlock attempt.
+  // This always returns false if IsPinAuthenticationAvailable returns false.
+  bool TryAuthenticatePin(const std::string& pin);
+
+ private:
+  FRIEND_TEST_ALL_PREFIXES(::PinStorageUnitTest,
+                           AuthenticationFailsFromTimeout);
+  FRIEND_TEST_ALL_PREFIXES(::PinStorageUnitTest,
+                           TimeSinceLastStrongAuthReturnsPositiveValue);
+
+  PrefService* pref_service_;
+  int attempt_count_ = 0;
+  base::Time last_strong_auth_;
+
+  DISALLOW_COPY_AND_ASSIGN(PinStorage);
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_