[Sync] Refactor passphrase state handling

sync/internal_api/sync_encryption_handler_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sync/internal_api/sync_encryption_handler_impl.h"
 
 #include <queue>
 #include <string>
 
 #include "base/bind.h"
@@ skipping 42 matching lines @@
 SyncEncryptionHandlerImpl::SyncEncryptionHandlerImpl(
     UserShare* user_share,
     Encryptor* encryptor)
     : weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
       user_share_(user_share),
       cryptographer_unsafe_(encryptor),
       encrypted_types_unsafe_(SensitiveTypes()),
       cryptographer_holder_(user_share_, &cryptographer_unsafe_),
       encrypted_types_holder_(user_share_, &encrypted_types_unsafe_),
       encrypt_everything_(false),
-      explicit_passphrase_(false),
+      passphrase_state_(IMPLICIT_PASSPHRASE),
       nigori_overwrite_count_(0) {
 }
 
 SyncEncryptionHandlerImpl::~SyncEncryptionHandlerImpl() {}
 
 void SyncEncryptionHandlerImpl::AddObserver(Observer* observer) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(!observers_.HasObserver(observer));
   observers_.AddObserver(observer);
 }
@@ skipping 308 matching lines @@
   WriteEncryptionStateToNigori(&trans);
   if (cryptographer_holder_.Get(trans.GetWrappedTrans()).is_ready())
     ReEncryptEverything(&trans);
 }
 
 bool SyncEncryptionHandlerImpl::EncryptEverythingEnabled() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   return encrypt_everything_;
 }
 
-bool SyncEncryptionHandlerImpl::IsUsingExplicitPassphrase() const {
-  // TODO(zea): this is called from the UI thread, so we have to have a
-  // transaction while accessing it. Add an OnPassphraseTypeChanged observer
-  // and have the SBH cache the value on the UI thread.
-  ReadTransaction trans(FROM_HERE, user_share_);
-  return explicit_passphrase_;
+PassphraseState SyncEncryptionHandlerImpl::GetPassphraseState() const {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  return passphrase_state_;
 }
 
 // Note: this is called from within a syncable transaction, so we need to post
 // tasks if we want to do any work that creates a new sync_api transaction.
 void SyncEncryptionHandlerImpl::ApplyNigoriUpdate(
     const sync_pb::NigoriSpecifics& nigori,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(trans);
   if (!ApplyNigoriUpdateImpl(nigori, trans)) {
@@ skipping 91 matching lines @@
 
   // NOTE: We notify from within a transaction.
   FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                     OnEncryptionComplete());
 }
 
 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl(
     const sync_pb::NigoriSpecifics& nigori,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
+  DVLOG(1) << "Applying nigori node update.";
   bool nigori_types_need_update = !UpdateEncryptedTypesFromNigori(nigori,
                                                                   trans);
-  if (nigori.using_explicit_passphrase())
-    explicit_passphrase_ = true;
+  if (nigori.using_explicit_passphrase() &&
+      passphrase_state_ != CUSTOM_PASSPHRASE) {
+    passphrase_state_ = CUSTOM_PASSPHRASE;
+    FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
+                      OnPassphraseStateChanged(passphrase_state_));
+  }
 
   Cryptographer* cryptographer = cryptographer_holder_.GetMutable(trans);
   bool nigori_needs_new_keys = false;
   if (!nigori.encrypted().blob().empty()) {
     if (cryptographer->CanDecrypt(nigori.encrypted())) {
       cryptographer->InstallKeys(nigori.encrypted());
       // We only update the default passphrase if this was a new explicit
       // passphrase. Else, since it was decryptable, it must not have been a new
       // key.
       if (nigori.using_explicit_passphrase())
@@ skipping 26 matching lines @@
     DVLOG(1) << "OnPassphraseRequired sent because cryptographer is not "
              << "ready";
     FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                       OnPassphraseRequired(REASON_ENCRYPTION,
                                            sync_pb::EncryptedData()));
   }
 
   // Check if the current local encryption state is stricter/newer than the
   // nigori state. If so, we need to overwrite the nigori node with the local
   // state.
-  if (nigori.using_explicit_passphrase() != explicit_passphrase_ ||
+  if (nigori.using_explicit_passphrase() !=
+          (passphrase_state_ == CUSTOM_PASSPHRASE) ||

[akalin, 2012/08/22 20:10:39]

might be clearer to have an intermediate variable 'explicit_passphrase =
passphrase_state_ == CUSTOM_PASSPHRASE'

[Nicolas Zea, 2012/08/22 20:18:33]

Done.

       nigori.encrypt_everything() != encrypt_everything_ ||
       nigori_types_need_update ||
       nigori_needs_new_keys) {
     return false;
   }
   return true;
 }
 
 void SyncEncryptionHandlerImpl::RewriteNigori() {
   DVLOG(1) << "Overwriting stale nigori node.";
@@ skipping 118 matching lines @@
                         OnPassphraseRequired(REASON_DECRYPTION,
                                              cryptographer.GetPendingKeys()));
     } else {
       FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                         OnPassphraseRequired(REASON_ENCRYPTION,
                                              sync_pb::EncryptedData()));
     }
     return;
   }
 
-  FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
-                    OnPassphraseAccepted());
   DCHECK(cryptographer.is_ready());
 
   sync_pb::NigoriSpecifics specifics(nigori_node->GetNigoriSpecifics());
   // Does not modify specifics.encrypted() if the original decrypted data was
   // the same.
   if (!cryptographer.GetKeys(specifics.mutable_encrypted()))
     NOTREACHED();
-  explicit_passphrase_ = is_explicit;
+  if (is_explicit && passphrase_state_ != CUSTOM_PASSPHRASE) {
+    passphrase_state_ = CUSTOM_PASSPHRASE;
+    FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
+                      OnPassphraseStateChanged(passphrase_state_));
+  }
   specifics.set_using_explicit_passphrase(is_explicit);
   nigori_node->SetNigoriSpecifics(specifics);
 
+  // Must do this after OnPassphraseStateChanged, in order to ensure the PSS
+  // checks the passphrase state after it has been set.
+  FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
+                    OnPassphraseAccepted());
+
   // Does nothing if everything is already encrypted.
   ReEncryptEverything(trans);
 }
 
 void SyncEncryptionHandlerImpl::MergeEncryptedTypes(
     ModelTypeSet new_encrypted_types,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
   ModelTypeSet* encrypted_types = encrypted_types_holder_.GetMutable(trans);
   if (!encrypted_types->HasAll(new_encrypted_types)) {
     *encrypted_types = new_encrypted_types;
     FOR_EACH_OBSERVER(
         Observer, observers_,
         OnEncryptedTypesChanged(*encrypted_types, encrypt_everything_));
   }
 }
 
 }  // namespace browser_sync