[Sync] Add keystore encryption info to about:sync

sync/internal_api/sync_encryption_handler_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sync/internal_api/sync_encryption_handler_impl.h"
 
 #include <queue>
 #include <string>
 
 #include "base/bind.h"
 #include "base/message_loop.h"
 #include "base/time.h"
 #include "base/tracked_objects.h"
 #include "base/metrics/histogram.h"
 #include "sync/internal_api/public/read_node.h"
 #include "sync/internal_api/public/read_transaction.h"
 #include "sync/internal_api/public/user_share.h"
 #include "sync/internal_api/public/util/experiments.h"
 #include "sync/internal_api/public/write_node.h"
 #include "sync/internal_api/public/write_transaction.h"
 #include "sync/internal_api/public/util/sync_string_conversions.h"
+#include "sync/internal_api/public/util/time.h"
 #include "sync/protocol/encryption.pb.h"
 #include "sync/protocol/nigori_specifics.pb.h"
 #include "sync/protocol/sync.pb.h"
 #include "sync/syncable/base_transaction.h"
 #include "sync/syncable/directory.h"
 #include "sync/syncable/entry.h"
 #include "sync/syncable/nigori_util.h"
 #include "sync/util/cryptographer.h"
-#include "sync/util/time.h"
 
 namespace syncer {
 
 namespace {
 
 // The maximum number of times we will automatically overwrite the nigori node
 // because the encryption keys don't match (per chrome instantiation).
 // We protect ourselves against nigori rollbacks, but it's possible two
 // different clients might have contrasting view of what the nigori node state
 // should be, in which case they might ping pong (see crbug.com/119207).
@@ skipping 79 matching lines @@
     UserShare* user_share,
     Encryptor* encryptor,
     const std::string& restored_key_for_bootstrapping,
     const std::string& restored_keystore_key_for_bootstrapping)
     : weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
       user_share_(user_share),
       vault_unsafe_(encryptor, SensitiveTypes()),
       encrypt_everything_(false),
       passphrase_type_(IMPLICIT_PASSPHRASE),
       keystore_key_(restored_keystore_key_for_bootstrapping),
-      nigori_overwrite_count_(0),
-      migration_time_ms_(0) {
+      nigori_overwrite_count_(0) {
   // We only bootstrap the user provided passphrase. The keystore key is handled
   // at Init time once we're sure the nigori is downloaded.
   vault_unsafe_.cryptographer.Bootstrap(restored_key_for_bootstrapping);
 }
 
 SyncEncryptionHandlerImpl::~SyncEncryptionHandlerImpl() {}
 
 void SyncEncryptionHandlerImpl::AddObserver(Observer* observer) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(!observers_.HasObserver(observer));
@@ skipping 439 matching lines @@
 
 bool SyncEncryptionHandlerImpl::MigratedToKeystore() {
   DCHECK(thread_checker_.CalledOnValidThread());
   ReadTransaction trans(FROM_HERE, user_share_);
   ReadNode nigori_node(&trans);
   if (nigori_node.InitByTagLookup(kNigoriTag) != BaseNode::INIT_OK)
     return false;
   return IsNigoriMigratedToKeystore(nigori_node.GetNigoriSpecifics());
 }
 
+base::Time SyncEncryptionHandlerImpl::migration_time() const {
+  return migration_time_;
+}
+
 // This function iterates over all encrypted types.  There are many scenarios in
 // which data for some or all types is not currently available.  In that case,
 // the lookup of the root node will fail and we will skip encryption for that
 // type.
 void SyncEncryptionHandlerImpl::ReEncryptEverything(
     WriteTransaction* trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(UnlockVault(trans->GetWrappedTrans()).cryptographer.is_ready());
   for (ModelTypeSet::Iterator iter =
            UnlockVault(trans->GetWrappedTrans()).encrypted_types.First();
@@ skipping 60 matching lines @@
 
 bool SyncEncryptionHandlerImpl::ApplyNigoriUpdateImpl(
     const sync_pb::NigoriSpecifics& nigori,
     syncable::BaseTransaction* const trans) {
   DCHECK(thread_checker_.CalledOnValidThread());
   DVLOG(1) << "Applying nigori node update.";
   bool nigori_types_need_update = !UpdateEncryptedTypesFromNigori(nigori,
                                                                   trans);
   bool is_nigori_migrated = IsNigoriMigratedToKeystore(nigori);
   if (is_nigori_migrated) {
-    migration_time_ms_ = nigori.keystore_migration_time();
+    DCHECK(nigori.has_keystore_migration_time());
+    migration_time_ = ProtoTimeToTime(nigori.keystore_migration_time());
     PassphraseType nigori_passphrase_type =
         ProtoPassphraseTypeToEnum(nigori.passphrase_type());
 
     // Only update the local passphrase state if it's a valid transition:
     // - implicit -> keystore
     // - implicit -> frozen implicit
     // - implicit -> custom
     // - keystore -> custom
     // Note: frozen implicit -> custom is not technically a valid transition,
     // but we let it through here as well in case future versions do add support
@@ skipping 447 matching lines @@
   DCHECK(thread_checker_.CalledOnValidThread());
   const sync_pb::NigoriSpecifics& old_nigori =
       nigori_node->GetNigoriSpecifics();
   Cryptographer* cryptographer =
       &UnlockVaultMutable(trans->GetWrappedTrans())->cryptographer;
 
   if (!ShouldTriggerMigration(old_nigori, *cryptographer))
     return false;
 
   DVLOG(1) << "Starting nigori migration to keystore support.";
-  if (migration_time_ms_ == 0)
-    migration_time_ms_ = TimeToProtoTime(base::Time::Now());
   sync_pb::NigoriSpecifics migrated_nigori(old_nigori);
-  migrated_nigori.set_keystore_migration_time(migration_time_ms_);
 
   PassphraseType new_passphrase_type = passphrase_type_;
   bool new_encrypt_everything = encrypt_everything_;
   if (encrypt_everything_ && !IsExplicitPassphrase(passphrase_type_)) {
     DVLOG(1) << "Switching to frozen implicit passphrase due to already having "
              << "full encryption.";
     new_passphrase_type = FROZEN_IMPLICIT_PASSPHRASE;
     migrated_nigori.clear_keystore_decryptor_token();
   } else if (IsExplicitPassphrase(passphrase_type_)) {
     DVLOG_IF(1, !encrypt_everything_) << "Enabling encrypt everything due to "
@@ skipping 23 matching lines @@
           keystore_key_,
           migrated_nigori.mutable_keystore_decryptor_token())) {
     LOG(ERROR) << "Failed to extract keystore decryptor token.";
     return false;
   }
   if (!cryptographer->GetKeys(migrated_nigori.mutable_encryption_keybag())) {
     LOG(ERROR) << "Failed to extract encryption keybag.";
     return false;
   }
 
+  if (migration_time_.is_null())
+    migration_time_ = base::Time::Now();
+  migrated_nigori.set_keystore_migration_time(TimeToProtoTime(migration_time_));
+
   DVLOG(1) << "Completing nigori migration to keystore support.";
   nigori_node->SetNigoriSpecifics(migrated_nigori);
+
+  FOR_EACH_OBSERVER(
+      SyncEncryptionHandler::Observer,
+      observers_,
+      OnCryptographerStateChanged(cryptographer));
   if (passphrase_type_ != new_passphrase_type) {
     passphrase_type_ = new_passphrase_type;
     FOR_EACH_OBSERVER(SyncEncryptionHandler::Observer, observers_,
                       OnPassphraseTypeChanged(passphrase_type_));
   }
+
   if (new_encrypt_everything && !encrypt_everything_) {
     EnableEncryptEverythingImpl(trans->GetWrappedTrans());
     ReEncryptEverything(trans);
   }
   return true;
 }
 
 bool SyncEncryptionHandlerImpl::GetKeystoreDecryptor(
     const Cryptographer& cryptographer,
     const std::string& keystore_key,
@@ skipping 83 matching lines @@
           SyncEncryptionHandler::Observer,
           observers_,
           OnCryptographerStateChanged(cryptographer));
       return true;
     }
   }
   return false;
 }
 
 }  // namespace browser_sync