| Index: chrome/browser/signin/easy_unlock_service.cc
|
| diff --git a/chrome/browser/signin/easy_unlock_service.cc b/chrome/browser/signin/easy_unlock_service.cc
|
| index ffa2341aef02497adbe667017b62bd991f9e3fa9..d8580f808f720ec6d03536a61fd6772101b55362 100644
|
| --- a/chrome/browser/signin/easy_unlock_service.cc
|
| +++ b/chrome/browser/signin/easy_unlock_service.cc
|
| @@ -39,10 +39,13 @@
|
| #if defined(OS_CHROMEOS)
|
| #include "base/sys_info.h"
|
| #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
|
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
|
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h"
|
| #include "chrome/browser/chromeos/login/session/user_session_manager.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/dbus/power_manager_client.h"
|
| +#include "components/user_manager/user_manager.h"
|
| #endif
|
|
|
| namespace {
|
| @@ -183,6 +186,7 @@ EasyUnlockService::EasyUnlockService(Profile* profile)
|
| : profile_(profile),
|
| bluetooth_detector_(new BluetoothDetector(this)),
|
| shut_down_(false),
|
| + tpm_key_checked_(false),
|
| weak_ptr_factory_(this) {
|
| extensions::ExtensionSystem::Get(profile_)->ready().Post(
|
| FROM_HERE,
|
| @@ -217,6 +221,9 @@ void EasyUnlockService::RegisterProfilePrefs(
|
| // static
|
| void EasyUnlockService::RegisterPrefs(PrefRegistrySimple* registry) {
|
| registry->RegisterDictionaryPref(prefs::kEasyUnlockHardlockState);
|
| +#if defined(OS_CHROMEOS)
|
| + EasyUnlockTpmKeyManager::RegisterLocalStatePrefs(registry);
|
| +#endif
|
| }
|
|
|
| // static
|
| @@ -229,6 +236,10 @@ void EasyUnlockService::ResetLocalStateForUser(const std::string& user_id) {
|
|
|
| DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockHardlockState);
|
| update->RemoveWithoutPathExpansion(user_id, NULL);
|
| +
|
| +#if defined(OS_CHROMEOS)
|
| + EasyUnlockTpmKeyManager::ResetLocalStateForUser(user_id);
|
| +#endif
|
| }
|
|
|
| bool EasyUnlockService::IsAllowed() {
|
| @@ -533,6 +544,7 @@ void EasyUnlockService::ReloadApp() {
|
|
|
| void EasyUnlockService::UpdateAppState() {
|
| if (IsAllowed()) {
|
| + EnsureTpmKeyPresentIfNeeded();
|
| LoadApp();
|
|
|
| #if defined(OS_CHROMEOS)
|
| @@ -670,3 +682,26 @@ void EasyUnlockService::PrepareForSuspend() {
|
| EasyUnlockScreenlockStateHandler::STATE_BLUETOOTH_CONNECTING);
|
| }
|
| }
|
| +
|
| +void EasyUnlockService::EnsureTpmKeyPresentIfNeeded() {
|
| + if (tpm_key_checked_ || GetType() != TYPE_REGULAR || GetUserEmail().empty())
|
| + return;
|
| +
|
| +#if defined(OS_CHROMEOS)
|
| + // If this is called before the session is started, the chances are Chrome
|
| + // is restarting in order to apply user flags. Don't check TPM keys in this
|
| + // case.
|
| + if (!user_manager::UserManager::Get() ||
|
| + !user_manager::UserManager::Get()->IsSessionStarted())
|
| + return;
|
| +
|
| + // TODO(tbarzic): Set check_private_key only if previous sign-in attempt
|
| + // failed.
|
| + EasyUnlockTpmKeyManagerFactory::GetInstance()->Get(profile_)
|
| + ->PrepareTpmKey(GetUserEmail(),
|
| + true /* check_private_key */,
|
| + base::Closure());
|
| +#endif // defined(OS_CHROMEOS)
|
| +
|
| + tpm_key_checked_ = true;
|
| +}
|
|
|
Chromium Code Reviews
Issue 729803002:
Easy Sign-in: Use TPM RSA key to sign nonce in sign-in protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master