[Sync] Add SyncEncryptionHandler

sync/util/cryptographer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sync/util/cryptographer.h"
 
 #include <algorithm>
 
 #include "base/base64.h"
 #include "base/logging.h"
+#include "sync/protocol/nigori_specifics.pb.h"
+#include "sync/syncable/nigori_handler.h"
 #include "sync/util/encryptor.h"
 
 namespace syncer {
 
 const char kNigoriTag[] = "google_chrome_nigori";
 
 // We name a particular Nigori instance (ie. a triplet consisting of a hostname,
 // a username, and a password) by calling Permute on this string. Since the
 // output of Permute is always the same for a given triplet, clients will always
 // assign the same name to a particular triplet.
 const char kNigoriKeyName[] = "nigori-key";
 
-Cryptographer::Observer::~Observer() {}
-
 Cryptographer::Cryptographer(Encryptor* encryptor)
     : encryptor_(encryptor),
       default_nigori_(NULL),
       keystore_nigori_(NULL),
-      encrypted_types_(SensitiveTypes()),
-      encrypt_everything_(false) {
+      nigori_node_handler_(NULL) {
   DCHECK(encryptor);
 }
 
 Cryptographer::~Cryptographer() {}
 
-void Cryptographer::AddObserver(Observer* observer) {
-  observers_.AddObserver(observer);
+void Cryptographer::SetNigoriHandler(syncable::NigoriHandler* delegate) {
+  nigori_node_handler_ = delegate;
 }
 
-void Cryptographer::RemoveObserver(Observer* observer) {
-  observers_.RemoveObserver(observer);
+void Cryptographer::ApplyNigoriUpdate(
+    const sync_pb::NigoriSpecifics& nigori,
+    syncable::BaseTransaction* const trans) {
+  nigori_node_handler_->ApplyNigoriUpdate(nigori, trans);
 }
 
+ModelTypeSet Cryptographer::GetEncryptedTypes() const {
+  return nigori_node_handler_->GetEncryptedTypes();
+}
+
+void Cryptographer::UpdateNigoriFromEncryptedTypes(
+    sync_pb::NigoriSpecifics* nigori,
+    syncable::BaseTransaction* const trans) const {
+  nigori_node_handler_->UpdateNigoriFromEncryptedTypes(nigori, trans);
+}
+
+
 void Cryptographer::Bootstrap(const std::string& restored_bootstrap_token) {
   if (is_initialized()) {
     NOTREACHED();
     return;
   }
 
   scoped_ptr<Nigori> nigori(UnpackBootstrapToken(restored_bootstrap_token));
   if (nigori.get())
     AddKeyImpl(nigori.release(), false);
 }
@@ skipping 133 matching lines @@
 
 void Cryptographer::InstallKeys(const sync_pb::EncryptedData& encrypted) {
   DCHECK(CanDecrypt(encrypted));
 
   sync_pb::NigoriKeyBag bag;
   if (!Decrypt(encrypted, &bag))
     return;
   InstallKeyBag(bag);
 }
 
+void Cryptographer::SetDefaultKey(const std::string& key_name) {
+  DCHECK(nigoris_.end() != nigoris_.find(key_name));
+  default_nigori_ = &*nigoris_.find(key_name);
+}
+
 void Cryptographer::SetPendingKeys(const sync_pb::EncryptedData& encrypted) {
   DCHECK(!CanDecrypt(encrypted));
   pending_keys_.reset(new sync_pb::EncryptedData(encrypted));
 }
 
 const sync_pb::EncryptedData& Cryptographer::GetPendingKeys() const {
   DCHECK(has_pending_keys());
   return *(pending_keys_.get());
 }
 
@@ skipping 97 matching lines @@
   scoped_ptr<Nigori> nigori(new Nigori);
   if (!nigori->InitByImport(key.user_key(), key.encryption_key(),
                             key.mac_key())) {
     NOTREACHED();
     return NULL;
   }
 
   return nigori.release();
 }
 
-Cryptographer::UpdateResult Cryptographer::Update(
-    const sync_pb::NigoriSpecifics& nigori) {
-  UpdateEncryptedTypesFromNigori(nigori);
-  if (!nigori.encrypted().blob().empty()) {
-    if (CanDecrypt(nigori.encrypted())) {
-      InstallKeys(nigori.encrypted());
-      // We only update the default passphrase if this was a new explicit
-      // passphrase. Else, since it was decryptable, it must not have been a new
-      // key.
-      if (nigori.using_explicit_passphrase()) {
-        std::string new_default_key_name = nigori.encrypted().key_name();
-        DCHECK(nigoris_.end() != nigoris_.find(new_default_key_name));
-        default_nigori_ = &*nigoris_.find(new_default_key_name);
-      }
-      return Cryptographer::SUCCESS;
-    } else {
-      SetPendingKeys(nigori.encrypted());
-      return Cryptographer::NEEDS_PASSPHRASE;
-    }
-  }
-  return Cryptographer::SUCCESS;
-}
-
 bool Cryptographer::SetKeystoreKey(const std::string& keystore_key) {
   if (keystore_key.empty())
     return false;
   KeyParams params = {"localhost", "dummy", keystore_key};
 
   // Create the new Nigori and make it the default keystore encryptor.
   scoped_ptr<Nigori> nigori(new Nigori);
   if (!nigori->InitByDerivation(params.hostname,
                                 params.username,
                                 params.password)) {
     NOTREACHED();  // Invalid username or password.
     return false;
   }
 
   return AddKeyImpl(nigori.release(), true);
 }
 
 bool Cryptographer::HasKeystoreKey() const {
   return keystore_nigori_ != NULL;
 }
 
-// Static
-ModelTypeSet Cryptographer::SensitiveTypes() {
-  // Both of these have their own encryption schemes, but we include them
-  // anyways.
-  ModelTypeSet types;
-  types.Put(PASSWORDS);
-  types.Put(NIGORI);
-  return types;
-}
-
-void Cryptographer::UpdateEncryptedTypesFromNigori(
-    const sync_pb::NigoriSpecifics& nigori) {
-  if (nigori.encrypt_everything()) {
-    set_encrypt_everything();
-    return;
-  }
-
-  ModelTypeSet encrypted_types(SensitiveTypes());
-  if (nigori.encrypt_bookmarks())
-    encrypted_types.Put(BOOKMARKS);
-  if (nigori.encrypt_preferences())
-    encrypted_types.Put(PREFERENCES);
-  if (nigori.encrypt_autofill_profile())
-    encrypted_types.Put(AUTOFILL_PROFILE);
-  if (nigori.encrypt_autofill())
-    encrypted_types.Put(AUTOFILL);
-  if (nigori.encrypt_themes())
-    encrypted_types.Put(THEMES);
-  if (nigori.encrypt_typed_urls())
-    encrypted_types.Put(TYPED_URLS);
-  if (nigori.encrypt_extension_settings())
-    encrypted_types.Put(EXTENSION_SETTINGS);
-  if (nigori.encrypt_extensions())
-    encrypted_types.Put(EXTENSIONS);
-  if (nigori.encrypt_search_engines())
-    encrypted_types.Put(SEARCH_ENGINES);
-  if (nigori.encrypt_sessions())
-    encrypted_types.Put(SESSIONS);
-  if (nigori.encrypt_app_settings())
-    encrypted_types.Put(APP_SETTINGS);
-  if (nigori.encrypt_apps())
-    encrypted_types.Put(APPS);
-  if (nigori.encrypt_app_notifications())
-    encrypted_types.Put(APP_NOTIFICATIONS);
-
-  // Note: the initial version with encryption did not support the
-  // encrypt_everything field. If anything more than the sensitive types were
-  // encrypted, it meant we were encrypting everything.
-  if (!nigori.has_encrypt_everything() &&
-      !Difference(encrypted_types, SensitiveTypes()).Empty()) {
-    set_encrypt_everything();
-    return;
-  }
-
-  MergeEncryptedTypes(encrypted_types);
-}
-
-void Cryptographer::UpdateNigoriFromEncryptedTypes(
-    sync_pb::NigoriSpecifics* nigori) const {
-  nigori->set_encrypt_everything(encrypt_everything_);
-  nigori->set_encrypt_bookmarks(
-      encrypted_types_.Has(BOOKMARKS));
-  nigori->set_encrypt_preferences(
-      encrypted_types_.Has(PREFERENCES));
-  nigori->set_encrypt_autofill_profile(
-      encrypted_types_.Has(AUTOFILL_PROFILE));
-  nigori->set_encrypt_autofill(encrypted_types_.Has(AUTOFILL));
-  nigori->set_encrypt_themes(encrypted_types_.Has(THEMES));
-  nigori->set_encrypt_typed_urls(
-      encrypted_types_.Has(TYPED_URLS));
-  nigori->set_encrypt_extension_settings(
-      encrypted_types_.Has(EXTENSION_SETTINGS));
-  nigori->set_encrypt_extensions(
-      encrypted_types_.Has(EXTENSIONS));
-  nigori->set_encrypt_search_engines(
-      encrypted_types_.Has(SEARCH_ENGINES));
-  nigori->set_encrypt_sessions(encrypted_types_.Has(SESSIONS));
-  nigori->set_encrypt_app_settings(
-      encrypted_types_.Has(APP_SETTINGS));
-  nigori->set_encrypt_apps(encrypted_types_.Has(APPS));
-  nigori->set_encrypt_app_notifications(
-      encrypted_types_.Has(APP_NOTIFICATIONS));
-}
-
-void Cryptographer::set_encrypt_everything() {
-  if (encrypt_everything_) {
-    DCHECK(encrypted_types_.Equals(ModelTypeSet::All()));
-    return;
-  }
-  encrypt_everything_ = true;
-  // Change |encrypted_types_| directly to avoid sending more than one
-  // notification.
-  encrypted_types_ = ModelTypeSet::All();
-  EmitEncryptedTypesChangedNotification();
-}
-
-bool Cryptographer::encrypt_everything() const {
-  return encrypt_everything_;
-}
-
-ModelTypeSet Cryptographer::GetEncryptedTypes() const {
-  return encrypted_types_;
-}
-
-void Cryptographer::MergeEncryptedTypesForTest(ModelTypeSet encrypted_types) {
-  MergeEncryptedTypes(encrypted_types);
-}
-
-void Cryptographer::MergeEncryptedTypes(ModelTypeSet encrypted_types) {
-  if (encrypted_types_.HasAll(encrypted_types)) {
-    return;
-  }
-  encrypted_types_ = encrypted_types;
-  EmitEncryptedTypesChangedNotification();
-}
-
-void Cryptographer::EmitEncryptedTypesChangedNotification() {
-  FOR_EACH_OBSERVER(
-      Observer, observers_,
-      OnEncryptedTypesChanged(encrypted_types_, encrypt_everything_));
-}
-
 void Cryptographer::InstallKeyBag(const sync_pb::NigoriKeyBag& bag) {
   int key_size = bag.key_size();
   for (int i = 0; i < key_size; ++i) {
     const sync_pb::NigoriKey key = bag.key(i);
     // Only use this key if we don't already know about it.
     if (nigoris_.end() == nigoris_.find(key.name())) {
       scoped_ptr<Nigori> new_nigori(new Nigori);
       if (!new_nigori->InitByImport(key.user_key(),
                                     key.encryption_key(),
                                     key.mac_key())) {
         NOTREACHED();
         continue;
       }
       nigoris_[key.name()] = make_linked_ptr(new_nigori.release());
     }
   }
 }
 
 }  // namespace syncer