| Index: chrome/browser/signin/easy_unlock_service.cc
|
| diff --git a/chrome/browser/signin/easy_unlock_service.cc b/chrome/browser/signin/easy_unlock_service.cc
|
| index 2c90f81781a0094b4290c4402223538d4f5fdd1a..a0a22768e836478bd959c6f2240cac6a849c4790 100644
|
| --- a/chrome/browser/signin/easy_unlock_service.cc
|
| +++ b/chrome/browser/signin/easy_unlock_service.cc
|
| @@ -39,10 +39,13 @@
|
|
|
| #if defined(OS_CHROMEOS)
|
| #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
|
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
|
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h"
|
| #include "chrome/browser/chromeos/login/session/user_session_manager.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/dbus/power_manager_client.h"
|
| +#include "components/user_manager/user_manager.h"
|
| #endif
|
|
|
| namespace {
|
| @@ -196,6 +199,7 @@ EasyUnlockService::EasyUnlockService(Profile* profile)
|
| : profile_(profile),
|
| bluetooth_detector_(new BluetoothDetector(this)),
|
| shut_down_(false),
|
| + tpm_key_checked_(false),
|
| weak_ptr_factory_(this) {
|
| extensions::ExtensionSystem::Get(profile_)->ready().Post(
|
| FROM_HERE,
|
| @@ -230,6 +234,9 @@ void EasyUnlockService::RegisterProfilePrefs(
|
| // static
|
| void EasyUnlockService::RegisterPrefs(PrefRegistrySimple* registry) {
|
| registry->RegisterDictionaryPref(prefs::kEasyUnlockHardlockState);
|
| +#if defined(OS_CHROMEOS)
|
| + EasyUnlockTpmKeyManager::RegisterLocalStatePrefs(registry);
|
| +#endif
|
| }
|
|
|
| // static
|
| @@ -242,6 +249,10 @@ void EasyUnlockService::ResetLocalStateForUser(const std::string& user_id) {
|
|
|
| DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockHardlockState);
|
| update->RemoveWithoutPathExpansion(user_id, NULL);
|
| +
|
| +#if defined(OS_CHROMEOS)
|
| + EasyUnlockTpmKeyManager::ResetLocalStateForUser(user_id);
|
| +#endif
|
| }
|
|
|
| bool EasyUnlockService::IsAllowed() {
|
| @@ -532,6 +543,7 @@ void EasyUnlockService::ReloadApp() {
|
|
|
| void EasyUnlockService::UpdateAppState() {
|
| if (IsAllowed()) {
|
| + EnsureTpmKeyPresentIfNeeded();
|
| LoadApp();
|
|
|
| #if defined(OS_CHROMEOS)
|
| @@ -669,3 +681,26 @@ void EasyUnlockService::PrepareForSuspend() {
|
| EasyUnlockScreenlockStateHandler::STATE_BLUETOOTH_CONNECTING);
|
| }
|
| }
|
| +
|
| +void EasyUnlockService::EnsureTpmKeyPresentIfNeeded() {
|
| + if (tpm_key_checked_ || GetType() != TYPE_REGULAR || GetUserEmail().empty())
|
| + return;
|
| +
|
| +#if defined(OS_CHROMEOS)
|
| + // If this is called before the session is started, the chances are Chrome
|
| + // is restarting in order to apply user flags. Don't check TPM keys in this
|
| + // case.
|
| + if (!user_manager::UserManager::Get() ||
|
| + !user_manager::UserManager::Get()->IsSessionStarted())
|
| + return;
|
| +
|
| + // TODO(tbarzic): Set check_private_key only if previous sign-in attempt
|
| + // failed.
|
| + EasyUnlockTpmKeyManagerFactory::GetInstance()->Get(profile_)
|
| + ->PrepareTpmKey(GetUserEmail(),
|
| + true /* check_private_key */,
|
| + base::Closure());
|
| +#endif // defined(OS_CHROMEOS)
|
| +
|
| + tpm_key_checked_ = true;
|
| +}
|
|
|
Chromium Code Reviews
Issue 729803002:
Easy Sign-in: Use TPM RSA key to sign nonce in sign-in protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master