[Sync] Fix encryption/passphrase handling.

chrome/browser/sync/profile_sync_service.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/profile_sync_service.h"
 
 #include <stddef.h>
 #include <map>
 #include <ostream>
 #include <set>
@@ skipping 350 matching lines @@
                        types,
                        credentials,
                        delete_sync_data_folder);
 }
 
 void ProfileSyncService::CreateBackend() {
   backend_.reset(new SyncBackendHost(profile_));
 }
 
 bool ProfileSyncService::IsEncryptedDatatypeEnabled() const {
+  if (!pending_types_for_encryption_.empty())
+    return true;
   syncable::ModelTypeSet preferred_types;
   GetPreferredDataTypes(&preferred_types);
   syncable::ModelTypeSet encrypted_types;
   GetEncryptedDataTypes(&encrypted_types);
   syncable::ModelTypeBitSet preferred_types_bitset =
       syncable::ModelTypeBitSetFromSet(preferred_types);
   syncable::ModelTypeBitSet encrypted_types_bitset =
       syncable::ModelTypeBitSetFromSet(encrypted_types);
   DCHECK(encrypted_types.count(syncable::PASSWORDS));
   return (preferred_types_bitset & encrypted_types_bitset).any();
@@ skipping 298 matching lines @@
   }
 
   VLOG(1) << "Passphrase required with reason: "
           << sync_api::PassphraseRequiredReasonToString(reason);
   passphrase_required_reason_ = reason;
 
   // We will skip the passphrase prompt and suppress the warning if the
   // passphrase is needed for decryption but the user is not syncing an
   // encrypted data type on this machine. Otherwise we look for one.
   if (!IsEncryptedDatatypeEnabled() && IsPassphraseRequiredForDecryption()) {
-    VLOG(1) << "Not decrypting and no encrypted datatypes enabled"
+    VLOG(1) << "Decrypting and no encrypted datatypes enabled"
             << ", accepted passphrase.";
     OnPassphraseAccepted();
   }
 
   // First try supplying gaia password as the passphrase.
   if (!gaia_password_.empty()) {
     VLOG(1) << "Attempting gaia passphrase.";
-    SetPassphrase(gaia_password_, false, true);
+    std::string pass = gaia_password_;
     gaia_password_ = std::string();
+    // May set gaia_password_ if the syncer isn't ready.
+    SetPassphrase(pass, false, true);
     return;
   }
 
   // If the above failed then try the custom passphrase the user might have
   // entered in setup.
   if (!cached_passphrase_.value.empty()) {
     VLOG(1) << "Attempting cached passphrase.";
-    SetPassphrase(cached_passphrase_.value,
-                  cached_passphrase_.is_explicit,
-                  cached_passphrase_.is_creation);
+    std::string pass = cached_passphrase_.value;
+    bool is_explicit = cached_passphrase_.is_explicit;
+    bool is_creation = cached_passphrase_.is_creation;
     cached_passphrase_ = CachedPassphrase();
+    // May set cached_passphrase_ is the syncer isn't ready.
+    SetPassphrase(pass, is_explicit, is_creation);
     return;
   }
 
   // Prompt the user for a password.
   if (WizardIsVisible() && IsEncryptedDatatypeEnabled() &&
       IsPassphraseRequiredForDecryption()) {
     VLOG(1) << "Prompting user for passphrase.";
     wizard_.Step(SyncSetupWizard::ENTER_PASSPHRASE);
   }
 
   NotifyObservers();
 }
 
 void ProfileSyncService::OnPassphraseAccepted() {
   VLOG(1) << "Received OnPassphraseAccepted.";
+  // Don't hold on to a passphrase in raw form longer than needed.
+  gaia_password_ = std::string();
+  cached_passphrase_ = CachedPassphrase();
+
   // Make sure the data types that depend on the passphrase are started at
   // this time.
   syncable::ModelTypeSet types;
   GetPreferredDataTypes(&types);
 
   // Reset passphrase_required_reason_ before configuring the DataTypeManager
   // since we know we no longer require the passphrase.
   passphrase_required_reason_ = sync_api::REASON_PASSPHRASE_NOT_REQUIRED;
 
   if (data_type_manager_.get()) {
     // Unblock the data type manager if necessary.
     // This will always trigger a SYNC_CONFIGURE_DONE on completion, which will
     // step the UI wizard into DONE state (even if no datatypes have changed).
     data_type_manager_->Configure(types,
                                   sync_api::CONFIGURE_REASON_RECONFIGURATION);
   }
 
   NotifyObservers();
 }
 
 void ProfileSyncService::OnEncryptionComplete(
     const syncable::ModelTypeSet& encrypted_types) {
+  if (!pending_types_for_encryption_.empty()) {
+    // The user had chosen to encrypt datatypes. This is the last thing to
+    // complete, so now that we're done notify the UI.
+    wizard_.Step(SyncSetupWizard::DONE);

[Nicolas Zea, 2011/08/02 21:18:26]

This works because encryption only occurs in the SYNC_CONFIGURE_DONE handling
now.

+  }
+  pending_types_for_encryption_.clear();
   NotifyObservers();
 }
 
 void ProfileSyncService::OnMigrationNeededForTypes(
     const syncable::ModelTypeSet& types) {
   DCHECK(backend_initialized_);
   DCHECK(data_type_manager_.get());
 
   // Migrator must be valid, because we don't sync until it is created and this
   // callback originates from a sync cycle.
@@ skipping 403 matching lines @@
   if (!backend_.get())
     return;
   backend_->DeactivateDataType(data_type_controller, change_processor);
 }
 
 void ProfileSyncService::SetPassphrase(const std::string& passphrase,
                                        bool is_explicit,
                                        bool is_creation) {
   if (ShouldPushChanges() || IsPassphraseRequired()) {
     VLOG(1) << "Setting " << (is_explicit ? "explicit" : "implicit")
-            << " passphrase " << (is_creation ? " for creation" : "");
+            << " passphrase" << (is_creation ? " for creation" : "");
     backend_->SetPassphrase(passphrase, is_explicit);
   } else {
     if (is_explicit) {
       cached_passphrase_.value = passphrase;
       cached_passphrase_.is_explicit = is_explicit;
       cached_passphrase_.is_creation = is_creation;
     } else {
       gaia_password_ = passphrase;
     }
   }
 }
 
 void ProfileSyncService::EncryptDataTypes(
     const syncable::ModelTypeSet& encrypted_types) {
-  if (HasSyncSetupCompleted()) {
-    backend_->EncryptDataTypes(encrypted_types);
+  if (encrypted_types.empty()) {
+    // We can't unencrypt types.
+    VLOG(1) << "No datatypes set for encryption, dropping encryption request.";
     pending_types_for_encryption_.clear();

[Nicolas Zea, 2011/08/02 21:18:26]

This call will be combined with a configuredatatypes, which will trigger the UI
done.

-  } else {
-    pending_types_for_encryption_ = encrypted_types;
+    return;
   }
+  // We require that every call to EncryptDatatypes be coupled with a
+  // ConfigureDataTypeManager. The actual call to encrypt the datatypes happens
+  // after SYNC_CONFIGURE_DONE, to ensure we've downloaded any new datatypes
+  // before beginning encryption.
+  // TODO(zea): This is very brittle and relies on ConfigureDataTypes being
+  // called after the encryptdatatypes in sync_setup_flow.cc. Fix this.
+  pending_types_for_encryption_ = encrypted_types;
 }
 
-// This would open a transaction to get the encrypted types. Do not call this
+// This will open a transaction to get the encrypted types. Do not call this
 // if you already have a transaction open.
 void ProfileSyncService::GetEncryptedDataTypes(
     syncable::ModelTypeSet* encrypted_types) const {
   CHECK(encrypted_types);
   if (backend_.get()) {
     *encrypted_types = backend_->GetEncryptedDataTypes();
     DCHECK(encrypted_types->count(syncable::PASSWORDS));
   } else {
     // Either we are in an unrecoverable error or the sync is not yet done
     // initializing. In either case just return the password type. During
@@ skipping 17 matching lines @@
           Details<DataTypeManager::ConfigureResult>(details).ptr();
 
       DataTypeManager::ConfigureStatus status = result->status;
       VLOG(1) << "PSS SYNC_CONFIGURE_DONE called with status: " << status;
       if (status == DataTypeManager::ABORTED &&
           expect_sync_configuration_aborted_) {
         VLOG(0) << "ProfileSyncService::Observe Sync Configure aborted";
         expect_sync_configuration_aborted_ = false;
         return;
       }
-      // Clear out the gaia password if it is already there.
-      gaia_password_ = std::string();
       if (status != DataTypeManager::OK) {
         VLOG(0) << "ProfileSyncService::Observe: Unrecoverable error detected";
         std::string message =
           "Sync Configuration failed while configuring " +
           syncable::ModelTypeSetToString(result->failed_types) +
           ": " + DataTypeManager::ConfigureStatusToString(status);
         OnUnrecoverableError(result->location, message);
         cached_passphrase_ = CachedPassphrase();
         return;
       }
 
-      // If the user had entered a custom passphrase use it now.

[Nicolas Zea, 2011/08/02 21:18:26]

This all now happens in OnPassphraseRequired and OnPassphraseAccepted.

-      if (!cached_passphrase_.value.empty()) {
-        // Don't hold on to the passphrase in raw form longer than needed.
-        SetPassphrase(cached_passphrase_.value,
-                      cached_passphrase_.is_explicit,
-                      cached_passphrase_.is_creation);
-        cached_passphrase_ = CachedPassphrase();
-      }
-
       // We should never get in a state where we have no encrypted datatypes
       // enabled, and yet we still think we require a passphrase for decryption.
       DCHECK(!(IsPassphraseRequiredForDecryption() &&
                !IsEncryptedDatatypeEnabled()));
 
-      // TODO(sync): Less wizard, more toast.
-      wizard_.Step(SyncSetupWizard::DONE);
-      NotifyObservers();
+      if (!gaia_password_.empty()) {
+        // If we haven't yet attempted to set the gaia passphrase use it now.
+        SetPassphrase(gaia_password_, false, true);
+        gaia_password_ = std::string();
+      } else if (!cached_passphrase_.value.empty()) {
+        // If the user had entered a custom passphrase use it now.
+        SetPassphrase(cached_passphrase_.value,
+                      cached_passphrase_.is_explicit,
+                      cached_passphrase_.is_creation);
+        cached_passphrase_ = CachedPassphrase();
+      }
+
 
       // In the old world, this would be a no-op.  With new syncer thread,
       // this is the point where it is safe to switch from config-mode to
       // normal operation.
       backend_->StartSyncingWithServer();
 
-      if (!pending_types_for_encryption_.empty()) {
-        EncryptDataTypes(pending_types_for_encryption_);
-        pending_types_for_encryption_.clear();
+      if (pending_types_for_encryption_.empty()) {
+        // TODO(sync): Less wizard, more toast.
+        wizard_.Step(SyncSetupWizard::DONE);
+        NotifyObservers();
+      } else {
+        // Will clear pending_types_for_encryption_ on success. Has no effect
+        // if pending_types_for_encryption_ matches the encrypted types.
+        backend_->EncryptDataTypes(pending_types_for_encryption_);
       }
       break;
     }
     case chrome::NOTIFICATION_PREF_CHANGED: {
       std::string* pref_name = Details<std::string>(details).ptr();
       if (*pref_name == prefs::kSyncManaged) {
         NotifyObservers();
         if (*pref_sync_managed_) {
           DisableForUser();
         } else if (HasSyncSetupCompleted() && AreCredentialsAvailable()) {
@@ skipping 89 matching lines @@
   // is initialized, all enabled data types are consistent with one
   // another, and no unrecoverable error has transpired.
   if (unrecoverable_error_detected_)
     return false;
 
   if (!data_type_manager_.get())
     return false;
 
   return data_type_manager_->state() == DataTypeManager::CONFIGURED;
 }