| Index: chrome/browser/signin/easy_unlock_service.cc
|
| diff --git a/chrome/browser/signin/easy_unlock_service.cc b/chrome/browser/signin/easy_unlock_service.cc
|
| index aaec456c9870ecd99c557ffee46e94dfe28af352..d81c82ff43d3399c821dd45e87892a3e918d437b 100644
|
| --- a/chrome/browser/signin/easy_unlock_service.cc
|
| +++ b/chrome/browser/signin/easy_unlock_service.cc
|
| @@ -40,10 +40,13 @@
|
| #if defined(OS_CHROMEOS)
|
| #include "base/sys_info.h"
|
| #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
|
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
|
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h"
|
| #include "chrome/browser/chromeos/login/session/user_session_manager.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/dbus/power_manager_client.h"
|
| +#include "components/user_manager/user_manager.h"
|
| #endif
|
|
|
| namespace {
|
| @@ -198,6 +201,7 @@ EasyUnlockService::EasyUnlockService(Profile* profile)
|
| : profile_(profile),
|
| bluetooth_detector_(new BluetoothDetector(this)),
|
| shut_down_(false),
|
| + tpm_key_checked_(false),
|
| weak_ptr_factory_(this) {
|
| extensions::ExtensionSystem::Get(profile_)->ready().Post(
|
| FROM_HERE,
|
| @@ -232,6 +236,9 @@ void EasyUnlockService::RegisterProfilePrefs(
|
| // static
|
| void EasyUnlockService::RegisterPrefs(PrefRegistrySimple* registry) {
|
| registry->RegisterDictionaryPref(prefs::kEasyUnlockHardlockState);
|
| +#if defined(OS_CHROMEOS)
|
| + EasyUnlockTpmKeyManager::RegisterLocalStatePrefs(registry);
|
| +#endif
|
| }
|
|
|
| // static
|
| @@ -244,6 +251,10 @@ void EasyUnlockService::ResetLocalStateForUser(const std::string& user_id) {
|
|
|
| DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockHardlockState);
|
| update->RemoveWithoutPathExpansion(user_id, NULL);
|
| +
|
| +#if defined(OS_CHROMEOS)
|
| + EasyUnlockTpmKeyManager::ResetLocalStateForUser(user_id);
|
| +#endif
|
| }
|
|
|
| bool EasyUnlockService::IsAllowed() {
|
| @@ -554,6 +565,7 @@ void EasyUnlockService::ReloadApp() {
|
|
|
| void EasyUnlockService::UpdateAppState() {
|
| if (IsAllowed()) {
|
| + EnsureTpmKeyPresentIfNeeded();
|
| LoadApp();
|
|
|
| #if defined(OS_CHROMEOS)
|
| @@ -691,3 +703,25 @@ void EasyUnlockService::PrepareForSuspend() {
|
| EasyUnlockScreenlockStateHandler::STATE_BLUETOOTH_CONNECTING);
|
| }
|
| }
|
| +
|
| +void EasyUnlockService::EnsureTpmKeyPresentIfNeeded() {
|
| + if (tpm_key_checked_ || GetType() != TYPE_REGULAR || GetUserEmail().empty())
|
| + return;
|
| +
|
| +#if defined(OS_CHROMEOS)
|
| + // If this is called before the session is started, the chances are Chrome
|
| + // is restarting in order to apply user flags. Don't check TPM keys in this
|
| + // case.
|
| + if (!user_manager::UserManager::Get() ||
|
| + !user_manager::UserManager::Get()->IsSessionStarted())
|
| + return;
|
| +
|
| + // TODO(tbarzic): Set check_private_key only if previous sign-in attempt
|
| + // failed.
|
| + EasyUnlockTpmKeyManagerFactory::GetInstance()->Get(profile_)
|
| + ->PrepareTpmKey(true /* check_private_key */,
|
| + base::Closure());
|
| +#endif // defined(OS_CHROMEOS)
|
| +
|
| + tpm_key_checked_ = true;
|
| +}
|
|
|
Chromium Code Reviews
Issue 729803002:
Easy Sign-in: Use TPM RSA key to sign nonce in sign-in protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master