Take 2: sync changes to support encryption

chrome/browser/sync/engine/syncer_util.cc

Index: chrome/browser/sync/engine/syncer_util.cc
diff --git a/chrome/browser/sync/engine/syncer_util.cc b/chrome/browser/sync/engine/syncer_util.cc
index 66fc52f3a4f6021695cf04dd503121af66fbd0c9..41181d6d7413472f52e51a66eba61429394ca840 100644
--- a/chrome/browser/sync/engine/syncer_util.cc
+++ b/chrome/browser/sync/engine/syncer_util.cc
@@ -13,6 +13,8 @@
 #include "chrome/browser/sync/engine/syncer_types.h"
 #include "chrome/browser/sync/engine/syncproto.h"
 #include "chrome/browser/sync/protocol/bookmark_specifics.pb.h"
+#include "chrome/browser/sync/protocol/nigori_specifics.pb.h"
+#include "chrome/browser/sync/protocol/sync.pb.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/model_type.h"
 #include "chrome/browser/sync/syncable/syncable.h"
@@ -247,7 +249,8 @@ void SyncerUtil::AttemptReuniteLostCommitResponses(
 UpdateAttemptResponse SyncerUtil::AttemptToUpdateEntry(
     syncable::WriteTransaction* const trans,
     syncable::MutableEntry* const entry,
-    ConflictResolver* resolver) {
+    ConflictResolver* resolver,
+    Cryptographer* cryptographer) {
 
   CHECK(entry->good());
   if (!entry->Get(IS_UNAPPLIED_UPDATE))
@@ -289,6 +292,33 @@ UpdateAttemptResponse SyncerUtil::AttemptToUpdateEntry(
     }
   }
 
+  // We intercept updates to the Nigori node and update the Cryptographer here
+  // because there is no Nigori ChangeProcessor.
+  const sync_pb::EntitySpecifics& specifics = entry->Get(SERVER_SPECIFICS);
+  if (specifics.HasExtension(sync_pb::nigori)) {
+    const sync_pb::NigoriSpecifics& nigori =
+        specifics.GetExtension(sync_pb::nigori);
+    if (!nigori.encrypted().blob().empty()) {
+      if (cryptographer->CanDecrypt(nigori.encrypted())) {
+        cryptographer->SetKeys(nigori.encrypted());
+      } else {
+        cryptographer->SetPendingKeys(nigori.encrypted());
+      }
+    }
+  }
+
+  // Only apply updates that we can decrypt. Updates that can't be decrypted yet
+  // will stay in conflict until the user provides a passphrase that lets the
+  // Cryptographer decrypt them.
+  if (!entry->Get(SERVER_IS_DIR) && specifics.HasExtension(sync_pb::password)) {
+    const sync_pb::PasswordSpecifics& password =
+        specifics.GetExtension(sync_pb::password);
+    if (!cryptographer->CanDecrypt(password.encrypted())) {
+      // We can't decrypt this node yet.
+      return CONFLICT;
+    }
+  }
+
   SyncerUtil::UpdateLocalDataFromServerData(trans, entry);
 
   return SUCCESS;
@@ -705,7 +735,8 @@ VerifyResult SyncerUtil::VerifyUpdateConsistency(
       } else {
         LOG(ERROR) << "Server update doesn't agree with previous updates. ";
         LOG(ERROR) << " Entry: " << *same_id;
-        LOG(ERROR) << " Update: " << SyncerProtoUtil::SyncEntityDebugString(entry);
+        LOG(ERROR) << " Update: "
+                   << SyncerProtoUtil::SyncEntityDebugString(entry);
         return VERIFY_FAIL;
       }
     }
@@ -731,7 +762,8 @@ VerifyResult SyncerUtil::VerifyUpdateConsistency(
         model_type != same_id->GetModelType()) {
       LOG(ERROR) << "Server update doesn't agree with committed item. ";
       LOG(ERROR) << " Entry: " << *same_id;
-      LOG(ERROR) << " Update: " << SyncerProtoUtil::SyncEntityDebugString(entry);
+      LOG(ERROR) << " Update: "
+                 << SyncerProtoUtil::SyncEntityDebugString(entry);
       return VERIFY_FAIL;
     }
     if (same_id->Get(BASE_VERSION) == entry.version() &&
@@ -747,7 +779,8 @@ VerifyResult SyncerUtil::VerifyUpdateConsistency(
     if (same_id->Get(SERVER_VERSION) > entry.version()) {
       LOG(WARNING) << "We've already seen a more recent update from the server";
       LOG(WARNING) << " Entry: " << *same_id;
-      LOG(WARNING) << " Update: " << SyncerProtoUtil::SyncEntityDebugString(entry);
+      LOG(WARNING) << " Update: "
+                   << SyncerProtoUtil::SyncEntityDebugString(entry);
       return VERIFY_SKIP;
     }
   }